CLOUD ACCESS USING KEY ALLOWANCE CRYPTOSYSTEM

(1)

29 | P a g e

CLOUD ACCESS USING KEY ALLOWANCE CRYPTOSYSTEM

Ms. G Divya

¹

, Ms. S Kousalya

²

, Ms. Monisha V P

³

1,2,3

Computer Science, Dhanalakshmi College of Engineeering, (India)

ABSTRACT

The main aim of our project is to sharing the data in cloud. In this paper, we show that how to securely, effectly and flexibly share data with others in cloud storage. For that we propose Key- Aggregate Cryptosystem which generates cipher text of stable size such that decryption rights can be assigned on them. By combining a set of secret key, we can make a single key. By using this key, we can send others or can be store in a very limited secure storage. First, owner of the data Setup the public system next KeyGen algorithm generates a public or master/secret key. By using this key, user can convert plain text to cipher text. Next user will give input as master secret key by Extract function; it will produce output as aggregate decryption key. This generated key is safely sent to the receiver. Then the user with aggregate key can decrypt the cipher text through the use of Decrypt function. We provide formal security analysis of our schemes in this model. Here we also describe other application of our schemes. In particular, our plan give the first public-key patient-controlled encryption for flexible hierarchy.

I. INTRODUCTION

IN a parallel file system, file data is distributed across multiple storage devices or nodes to allow access by multiple tasks of a parallel application. This is typically used in large-scale computing that focuses on speed and reliable access to large data. That is higher I/O bandwidth is achieved through convergent t access to multiple depository devices; while data loss is protected through data mirroring using fault-tolerant striping algorithm.

Examples of parallel file systems that are in production use are the IBM (GPFS)General Parallel File System ,(GoogleFS)Google File System, Lustre , (PVFS)Parallel Virtual File System , and Panasas File System .These are usually required for advanced scientific or data-intensive applications such as, data processing,digital animation studios, and semiconductor manufacturing. Independent of the development of cluster and computing, the need of clouds and the programming model has resulted in file system such as the Hadoop Distributed File System (HDFS) and Cloud Store . Some users of the HDFS are AOL,Apple, eBay, Facebook, Hewlett- Packard, IBM, LinkedIn, Twitter, and Yahoo .Here we investigate the problem of secure communications that support parallel access to multiple depository Devices. We consider a communication model where there are number of clients accessing multiple remote and distributed depository devices in parallel. We focus on how to Exchange key materials and provide parallel secure sessions between the clients and the depository devices in the PNFS (Parallel Network File System ) —the current Internet standard is a well planned and scalable manner. The primary goal is to design well planned and secure authenticated key exchange protocols that meet the following desirable properties, which have not been achievable by the current Kerberos-based solution :

(2)

30 | P a g e Scalability—the metadata server access requests from a client to multiple depository devices should not a performance bottleneck, but is capable of supporting a number of clients.

Forward secrecy—the protocol should assure the security of past session keys when the Secret key of a client is compromised.

Escrow-free—the metadata server should not know any information about any session key used by the client and the depository device, provided there is no conspiracy among them. The main results of this are three new secure authenticated key exchange protocols. These protocols are designed to achieve each of the properties, demonstrate the trade-offs between planned and security. The protocols can reduce the workload of the metadata server by the current Kerberos-based protocol, while achieving the security properties and keeping the computational alof at the clients . We define an appropriate security model and prove our protocols are secure in the model.

II. INTERNET STANDARD—NFS

Network File System is currently the sole file system standard supported by the IETF( Internet Engineering Task Force). The NFS protocol is a distributed file system protocol originally developed by Sun Microsystems that allows a user on a client computer, to access data over networks in a manner similar to how local storage is accessed . It is designed to be portable across different machines, operating systems, network architectures, and transport protocols. Such portability is achieved through the use of Remote Procedure Call (RPC) primitives built on top of an eXternal Data Representation (XDR) ; with the former providing a procedure-oriented interface to remote services, providing a common way of representing a set of data types over a network. The NFS protocol has since then evolved into an open standard defined by the IETF Network Working Group.

Among the current key features are file system migration and replication, file locking, data caching, delegation (from server to client), and crash recovery. The NFS version 4.1 (NFSv4.1) protocol, the most recent version, provides a feature called parallel NFS (pNFS) that allows direct, existing client access to multiple storage devices to improve performance and scalability. pNFS separates the file system protocol into two parts:

metadata processing and data processing. Metadata is information about a file system, such as name, location within the namespace, user, permissions and other attributes. The object that manages metadata is called a metadata server, whereas in regular files data is striped and stored across servers. Data striping occurs in two ways: on a file-by-file basis and, within sufficien large files, on a block-by-block basis. pNFS is a direct operation between a client node and the storage system . pNFS is a collection of three protocols:

The pNFS protocol that transfers file metadata known as a layout between the metadata server and a client node;

The storage access protocol that specifies how a client accesses data from the storage devices according to the corresponding metadata;

The metadata server and the storage devices is synchronized by control protocol.

(3)

31 | P a g e

III. METHODOLOGY

Existing System

The existing system of cloud storage bloggers can let their intimate view or access a subset of their private data whereas a organisation may grant their employees access to a fragile data. The exigent trouble is how to effectively share encrypted data without any leakage. Of course users can download the encrypted data from the storage, decrypt them, then send to others for sharing, but it loses the security of data in cloud storage. Users should be able to envoy the access rights of the sharing data to others so that they can access these data from the server directly. However, finding an effective and secure way to share partial data in cloud storage is not trivial.

The receiver decrypts the original message using symmetric key algorithm.

Proposed System

In this paper, we make a decryption key as more powerful in the sense that it allows decryption of several ciphertexts, without any change in its size. We are introducing a public-key encryption which is key-aggregate cryptosystem (KAC) using AES algorithm. In KAC, users encrypt a data under a public-key and identifier of ciphertext called a class. The ciphertexts are further categorized into different class. The owner holds a master key called secret key.This is used to extract secret keys for different classes. For each registration the data owner setup key in cloud storage.Here the master key is the public key which encrypts user data. This encrypted key is stored in the cloud.The extracted key will aggregate keys which is a compact secret key for a single class, but combines many such keys which is the decryption subset of ciphertext classes. The sizes of ciphertext, public key, master secret key and aggregate key in KAC are all of constant size . The public system parameter has size linear in many of the ciphertext classes and it is needed it can be fetched from large cloud storage. Previous it achieved a similar property with a constant size decryption key but the classes need to conform some pre-defined hierarchical relationship. Our work is malleable in the sense that this constraint is discarded that is no special relation is required between the classes.

ADVANTAGES

• The envoy of decryption can be effectively implemented with the aggregate key, which is only of fixed size.

• Number of ciphertext classes is large.

• It is easy to key management for encryption and decryption

(4)

32 | P a g e

IV. MODULES

1. User Registration :

The user enrolles and obtains with unique ID and the group manager randomly designates a number. Then the group manager append into the group user list which will be used in the traceability phase. After the registration, user obtains a public key which will be used for group signature generation and file decryption.

Registration

Key Distribution

2. User Revocation :

User revocation is performed by the group manager through public available. Revocation list, based on which bloc members can encrypt their data files and fortify the confidentiality against the revoked users. Group manger upgrade the repudiation list every day even no user has being revoked in the day. In other words, the others can verify the brace of the reputation list from the current date.

Revocation

3. File Generation and Deletions:

To store and share a data file in the cloud, a group member fetch the reduction list from the cloud. Here the member sends the group identity

ID as a

request to the cloud. Substantiate the validity of the received list. File stored in the cloud can be expunge by either the group manager or the data owner

.

4. File Access and Traceability :

To access the cloud user needs to compute a group signature for the authentication. The group signature of each member is regarded which inherits the inherent unforgeability property, incognito authentication, and tail capability. When a data dispute occurs, the unearth operation is performed by the group manager to find the real identity of the data owner

.

V. ALGORITHM

MD5 algorithm was proposed by Professor Ronald L. Rivest in 1991. According to RFC 1321, “MD5 message- digest algorithm captures as input a message of random length and generates as output a "message digest" of the input. The MD5 algorithm is deliberate for digital signature applications where a large file must be

"compressed" in a taut manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.”

MD5 Algorithm Structure

(5)

33 | P a g e

Implementation Steps

Step1: Append padding bits

The input message is "upholster” so that its length (in bits) equals to 448 mod 512. Padding is always executed even if the length of the message is already 448 mod 512. Padding is performed as follow, a single one bit is conjoin to the message and then zero bits are conjoin so that the length in bits of the upholster message becomes compatible to 448 mod 512. At least one bit and at most 512 bits are appended

.

Step2: Append length

A 64 bit interpretation of the length of the message is conjoin to the result of step 1. If the length of the message is impervious than 2⁶⁴only the low-order 64 bits will be used. The resulting message after upholsted has a length that is a multiple of 512 bits. The input message will have a length that is an exact multiple of 16 (32-bit) words

.

Step 3: Initialize Message Digest buffer

A four word buffer (A, B, C, D) is used to reckon the message digest. Each of A, B, C, D is a 32 bit register.

These registers boot up to the following values in hexadecimal, low-order bytes first are:

word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10

Step 4: Process message in 16-word blocks

Four functions will be interpret such that each function takes an input of three 32 bit words and produces a 32- bit word output.

F (X, Y, Z) = X Y or not (X) Z G (X, Y, Z) = X Z or Y not (Z) H (X, Y, Z) = X xor Y xor Z I (X, Y, Z) = Y xor (X or not (Z))

Algorithm Used :

The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but hazy material by U.S. Government bureau. In January 1997, a process was started by the National Institute of Standards and

(6)

34 | P a g e Technology (NIST), a section of the U.S. Commerce Department, to find a more robust successor for the Data Encryption Standard (DES) and to a reduce degree Triple DES. The specification called for a symmetric algorithm using block encryption of 128 bits in size, brace key sizes of 128, 192 and 256 bits. It will be easy to implement in hardware and software, as well as in cramped environments (for example, in a smart card) and offer weaponry against various attack techniques. In 1998, the NIST selected 15 applicants for the AES, including the National Security Agency. Based on this on August 1999, NIST selected five algorithms for more extensive analysis. These were:

•MARS, submitted by a team from IBM research.

•RC6, submitted by RSA Security

•Rijndael, submitted by two Belgian cryptographers, Joan Daemen and Vincent Rijmen.

•Two fish, submitted by a team of research including Counterpane's respected cryptographer Bruce.

Implementations of all of the above were tested thoroughly in ANSI C and Java languages for speed and accuracy is measured in encryption and decryption speeds, key and algorithm set-up both in hardware and software centric systems. Again detail analysis was provided by the cryptographic community. The end result was on October 2 2000 announced y NIST that Rijndael has been selected as the proposed standard. On December 6 2001 the secretary of commerce officially approved Federal Information Processing Standard which specifies that all sensitive unclassified documents will use Rijndael as the AES. The cryptography, data recovery agent (DRA) related glossary terms: RSA algorithm, data key, greynet , spam cocktail (or anti-spam cocktail), fingers (fingerprint scanning),munging,threat, authentication server, defense and nonrepudiation.

VI. CONCLUSION

The delegation of decryption can be efficiently implemented with the aggregated key, which is only of fixed size. It is easy to key management for encryption and decryption. Comparing to other digest algorithms, MD5 is simple to implement, and provides a message digest of a message of arbitrary length. It performs very fast on 32-bit machine.

(7)

35 | P a g e

REFERENCE

[1]. Privacy-Preserving Public Auditing for Secure Cloud Storage(Cong Wang, Student Member, IEEE, Sherman S.-M. Chow, Qian Wang, Student Member, IEEE, Kui Ren, Member, IEEE, and Wenjing Lou, Member, IEEE) Homomorphic linear signature technique.

[2]. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data (Vipul Goyal¤ Omkant Pandeyy Amit Sahaiz Brent Waters x) Fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption technique.

[3]. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps (Dan Boneh [email protected], Craig Gentry [email protected]) Co-Gap Diffie-Hellman, encrypted signature technique.

[4]. Dynamic and Efficient Key Management for Access Hierarchies (Mikhail J. Attalla, Keith B. Frikken, and Marina Blanton Department of Computer Science Purdue University) Role-Based Access Control (RBAC) models technique.

[5]. Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Patient Controlled Encryption, key generation algorithm technique.

[6]. Storing Shared Data on the Cloud via Security-Mediator (Boyang Wang†§, Sherman S. M. Chow‡, Ming Li§, and Hui Li† †State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an, China Department of Information Engineering, Chinese University of Hong Kong, Hong Kong §Department of Computer Science, Utah State University, Logan, Utah, USA) PDP (Provable Data Possession) and Signature technique.