ISSN (Online): 2348 – 3539
SECURED DATA SHARING WITH TRACEABILITY IN CLOUD ENVIRONMENT
Dharani.R
1, M.Narmatha
21PG schlor, Department of Computer Applications, Sri Jayendra saraswathy Maha Vidhyalaiya College of Arts
and Science, India
2Assistant professor, Department of Computer Applications, Sri Jayendra saraswathy Maha Vidhyalaiya
College of Arts and Science, India
Abstract: Cloud computing is an emerging computing paradigm, in which resources of the computing infrastructure are provided as services over the internet. It brings forth many challenges in data security. In case of the dynamic group key based data sharing in cloud, there are three features to be considered Key freshness, Key confidentiality and Key authentication. In order to achieve these three features the Dynamic Group key protocol relies on KGC (Key Generation Center) which delegates keys to the members and revocate unsubscribed members. . In this proposed work, a variant of the short group signature scheme will be used to achieve anonymous access control, as it supports efficient membership data access with revocation member list verification.
Keywords: KGC, Dynamic Key, Group key.
Reference to this paper should be made as follows: Dharani.R1, M.Narmatha2 (2014) „Secured Data Sharing With Traceability In Cloud Environment‟, International Journal of Inventions in Computer Science and Engineering , Volume 1 Issue 8 September 2014.
1 Introduction
Cloud computing, or something being in the cloud, is an expression used to describe a variety of different types of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. The phrase is also more commonly used to refer to network-based services which appear to be provided by real server hardware, which in fact is served up by virtual hardware, simulated by software running on one or more real machine. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user arguably, rather like a cloud.[1] As cloud computing is achieving increased popularity, concerns are being voiced about the security issues introduced through adoption of this new model. The relative security of cloud computing services is an issue that may be delaying its adoption. Security issues have been categorized into sensitive data access, data segregation, privacy, bug exploitation, recovery, accountability, malicious insiders, management console security, account control, and multi-tenancy issues. Solutions to various cloud security issues vary, from cryptography, particularly public key infrastructure (PKI), to use of multiple cloud providers, standardization of APIs, and improving virtual machine support and legal support.[2] With the character of low maintenance, cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Unfortunately, sharing data in a multi-owner manner while preserving data and identity privacy from an untrusted cloud is still a challenging issue, due to the frequent change of the membership. In this paper, we propose a secure multi-owner data sharing scheme, named MONA, for dynamic groups in
the cloud. By leveraging group signature and dynamic broadcast encryption techniques, any cloud user can anonymously share data with others. Meanwhile, the storage overhead and encryption computation cost of our scheme are independent with the number of revoked users. In addition, we analyze the security of our scheme with rigorous proofs, and demonstrate the efficiency of our scheme in experiments.
II. Related Works
the group fully rely on Key Generation Center (KGC). They proposed an authenticated key transfer protocol based on secret sharing scheme that KGC can broadcast group key information to all group members at once. Chin-Yin Lee et al. [9] addressed the security issues and drawback associated with existing group key establishment protocols. They have also used secret sharing scheme to propose a secure key transfer protocol to exclude impersonators from accessing the group communication. Their protocol can resist potential attack and also reduce the overhead of system implementation. Burmester et.al [10] has presented a practical conference key distribution systems based on public-keys and also authenticates the users. Rafael Martinez Pelaez et.al [11] proposed a new dynamic ID-based remote user authentication scheme ID-based on Hsian-Shih‟s scheme. In the proposed scheme users can create the login request message without known the identification of each server and also it is more efficient in computation cost.
III. System Model
A cloud computing architecture by combining with an example that a company uses a cloud to enable its staffs in the same group or department to share files.The system model consists of three different entities: the cloud, a group manager (i.e., the company manager), and a large number of group members (i.e., the staffs) as illustrated in Fig. 1.
Figure 1 : System model
Cloud is operated by CSPs and provides priced abundant storage services. However, the cloud is not fully trusted by users since the CSPs are very likely to be outside of the cloud users‟ trusted domain. We assume that the cloud server is honest but curious. That is, the cloud server will not maliciously delete or modify user data due to the protection of data auditing schemes but will try to learn the content of the stored data and the identities of cloud users.
Group manager takes charge of system parameters generation, user registration, user revocation, and revealing the real identity of a dispute data owner. In the given example, the group manager is acted by the administrator of the company. Therefore, we assume that the group manager is fully trusted by the other parties. Group members are a set of registered users that will store their private data into the cloud server and share them with others in the group. In our example, the staffs play the role of group members. Note that, the group membership is dynamically changed, due to the staff resignation and new employee participation in the company.
IV. Authenticated Group Key Transfer Protocol
Based On Secret Sharing
Key transfer protocols rely on a mutually trusted key generation center (KGC) to select session keys and transport session keys to all communication entities secretly. Most often, KGC encrypts session keys under another secret key shared with each entity during registration. In this paper, we propose an authenticated key transfer protocol based on secret sharing scheme that KGC can broadcast group key information to all group members at once and only authorized group members can recover the group key; but unauthorized users cannot recover the group key. The confidentiality of this transformation is information theoretically secure. We also provide authentication for transporting this group key. Goals and security threats of our proposed group key transfer protocol will be analyzed in detail. We list following unique features of group key transfer protocol using secret sharing scheme. Each user needs to register at KGC to subscribe the group key transfer service and to establish a secret with KGC. Thus, a secure channel is needed initially to share this secret with each user. Later, KGC can transport the group key and interact with all group members in a broadcast channel. The confidentiality of group key distribution is information theoretically secure; that is, the security of this transfer of group key to each group member does not depend on any computational assumption. The authentication of the group key is achieved by broadcasting a single authentication message to all group members.
Figure 2: system framework
member for uploading and download the file. If the group member is in revoked list, then they cannot login and view or transact any files. Group member module also provides security like they can view only the files which are uploaded by them. The revocation is done in Group member module. Once the member is revoked, it will automatically update to group manager and he/she will be in the revoked listed. So that they cannot view any data of particular group. If the Revoked member attempts to view or any member attempts to view others file, it will be tracked by the group manager. There is an option that group manager will have the traceability of all files. Once the signature doesn‟t match it will be updated to the group manager.
V. Security Analysis
In the proposed system, the security is achieved in terms of access control, data confidentiality, anonymity and traceability. Based on the group signature technique, the proposed scheme can achieve efficient access control. To access the cloud, a user needs to compute a group signature for his/her authentication. The employed group signature scheme can be regarded as a variant of the short group signature, which inherits the inherent unforgeability property, anonymous authentication and tracking capability. This can be achieved by the following process.
1. Unrevoked users are able to access the cloud
2. Revoked users cannot utilize the cloud after their revocation
3. An attacker is unable to access the cloud server based on the assumption of the intractability.
The proposed scheme supports privacy preserving and traceability through two fold. On one hand, the group manager has the ability to identify the real signer. On the other hand, other entities cannot reveal the signer‟s identity from a group signature. Otherwise DL Assumption will be in Contradiction. It also protects data confidentiality under the hardness of the WBDHE problem and GDHE problem. This can be deduced when the cloud server is unable to learn the content of the stored file and even under the collusion with revoked users, the cloud server is also incapable of learning the content of the files stored after their revocation.
VI. Performance Analysis
Group Manager
Group manager takes charge of system parameters generation, user registration, user revocation, and revealing the real identity of a dispute data owner. In the given example, the group manager is acted by the administrator of the company. Therefore, we assume that the group manager is fully trusted by the other parties. Group members are registered under group manager for to create, delete or access data‟s in the cloud. Group manager distributes public key for every registered members which is used for connecting cloud. Member‟s details with specific signature
periodically revoke to the cloud system for request member authorization.
A. User Revocation
User revocation is performed by the group manager via a public available revocation list, based on which group members can encrypt their data files and ensure the confidentiality against the revoked users. The group manager compute the revocation parameters and make the result public available by migrating them into the cloud. Such a design can significantly reduce the computation overhead of users to encrypt files and the cipher text size.
User revocation will be performed in the group member module. Once when the Revocation is done, then the information will be automatically sent to Group manager and the Authorized Signature for that particular user will be blocked. If he tries to access the file after revocation it will be registered in the Trace view. So it provides the data security and Traceability.
Figure 3: user revocation
B. Traceability
Anonymity guarantees that group members can access the cloud without revealing the real identity. Although anonymity represents an effective protection for user identity, it also poses a potential inside attack risk to the system. The group manager should have the ability to reveal the real identities of data owners.
Group Member
Group members are a set of registered users that will store their private data into the cloud server and share them with others in the group. The group membership is dynamically changed, due to the staff resignation and new employee participation in the company. Data owners generate data and upload them to the cloud for sharing. Data users are able to access data uploaded by data owners. So after receiving public key from the manager it get data access in the cloud system then act as multi-owner. Then create private key to access their data in the cloud which is transferred to the authorized members in the group. Thus authorized members are capable to update or delete the data with that key under
multi-owner.
Figure 5: Group menber
File Access
Any group member can store and share data files with others in the group by the cloud. User revocation can be achieved without involving the remaining users. That is, the remaining users do not need to update their private keys or re encryption operations. New granted users can learn all the content data files stored before his participation without contacting with the data owner. This result shows that group member can join the group with proper authentication. Once he joins the group he is allowed to view and upload the files. Only the authorized group member can access the files. Otherwise they are not permitted inside the cloud to view the information.
Cloud Server Module
The cloud server provides data storage and sharing services to data owners and data users. After verify the member connection under signature, member can able to access the particular owner‟s data with respect to owner‟s private key and identity or blanked key which is reference of member identity (IDdata). So the cloud verifies whether the request member is in the revoke list which is send by group manager under signature if so, it provide permission to access the data else throw unauthorized member request. So
the revoke list is updated once member leave or join the group by the group manager.
Figure 6: Cloud server
File Generation Getting the revocation list from the cloud. In this step, the member sends the group identity IDgroup as a request to the cloud. Then, the cloud responds the revocation list RL to the member. Verifying the validity of the received revocation list.
First, checking whether the marked date is fresh. Second, verifying the contained signature If the revocation list is invalid, the data owner stops this scheme. Encrypting the data file M. This encryption process can be divided into two cases according to the revocation list.
File Deletion
File stored in the cloud can be deleted by either the group manager or the data owner (i.e., the member who uploaded the file into the server). Mona also allows data owners to delete their files stored in the cloud. Upon receiving the deletion request, the cloud to verify the group signature. After successful group signature verification, the cloud will delete the data file.
VII Conclusion
identity verification, data owner privacy must not be leaked to the other members
Reference
[1] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A View of Cloud Computing,” Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.
[2]S. Kamara and K. Lauter, “Cryptographic Cloud Storage,” Proc. Int‟l Conf. Financial Cryptography and Data Security (FC), pp. 136- 149, Jan. 2010.
[3]Bohli. A Framework for Robust Group Key Agreement. In Computational Science and Its applications - ICCSA 2006 (3), Lecture Notes in Computer Science; vol. 3982, Springer 2006, pp. 355-364.
[4] E. Bresson, O. Chevassut, D. Pointcheval, and J.-J. Quisquater. Provably Authenticated Group Diffie-Hellman Key Exchange. Proc. ACM Conf. Computer and Comm. Security (CCS ‟01), 2000, pp. 255-264.
[5] J. Katz and M. Yung. Scalable Protocols for Authenticated Group Key Exchange. J Cryptology; Vol. 20, 2007, pp. 85-113.
[6] Tzeng. A Secure Fault-Tolerant Conference-Key Agreement Protocol. IEEE Trans. Computers; 51(4), 2002, pp 373-379.
[7] Chia-Yin Lee, Zhi-Hui Wang, Lein Harn, Chin-Chen Chang. Secure Key Transfer Protocol Based on Secret Sharing for Group Communications. IEICE Transactions; 94-D(11), 2011,pp. 2069-2076.
[8] Lein Harn and Changlu Lin. Authenticated Group Key Transfer Protocol Based on Secret Sharing. IEEE Trans.Computers; Vol.59, no.6, 2010, pp.842-846.
[9] Chia-Yin Lee, Zhi-Hui Wang, Lein Harn, Chin-Chen Chang. Secure Key Transfer Protocol Based on Secret Sharing for Group Communications. IEICE Transactions; 94-D(11), 2011,pp. 2069-2076.
[10]M. Burmester and Y.G. Desmedt. A Secure and Efficient Conference Key Distribution System. Proc. Eurocrypt ‟94 Workshop Advances in Cryptology;1995, pp. 275-286.
