Systematic and Secure
Traceable
Consent
Inspect
Model
in Cloud Storage
1
Thumu Subba Reddy,
2B.V Suresh Reddy
Assistant Professor, Department of CSE,
Tirumala Engineering College, JonnalagaddaVillage, Narasaraopet Mandal, Andhra Pradesh, India. [email protected], [email protected]
Abstract:In cloud service provider provides services to the cloud users from cloud server via internet. Many services of cloud security approaches and security requirements of cloud data is discussed. We used fuzzy keyword searching scheme to search and retrieve the security file by employing wildcard technique. The new secure service architectures are needed to address the security concerns of users for using cloud computing techniques. We present framework to secure cloud data storage in public clouds with the special focus on lightweight wireless devices store and retrieve data without exposing the data content to the cloud service providers. To provide secure data sharing in cloud storage by using Key aggregation order to protect the sensitive information in the cloud storage the key revocation is used. This methodology is better way to organize data in dynamic multi-user environment maintaining security and privacy of data as well users. Our performance demonstrates the security strength and efficiency of the presented solution in terms of computation, communication, and storage. We have, flexible multiple keywords subset search pattern, which will also not affect the order of search result.
Index Terms: Dynamic Group, Group Authorization, AES; fuzzy keyword search, Multiple Keywords Subset Search, privacy-preserving, access control, dynamic groups, network security, and key revocation.
1. INTRODUCTION
Cloud computing goal is to exploit large use of distributed resources by the customer to achieve high volume of throughput and to overcome large amount of computational problems. Cloud computing holds these entities: cloud server, cloud service provider, data owner, and data user[1]. It provides flexibility to work from anywhere at any time. It also provides low-budget services, updates software automatically, raises collaboration amongst users and service vendors and much more [2]. The multi-tenant data architecture directly results in the risk that a user’s data being exposed to business competitors or malicious attackers, who may compromise the data server shared among tenants [3]. As the search and decryption authority can be shared by a set of users who own the same set of attributes, it is hard to trace the original key owner. Providing traceability to a fine-grained search authorization system is critical and not considered in previous searchable encryption systems [4]. Cloud providers should be able to deliver scalable, on-demand infrastructures (including network, compute, and storage elements) that satisfy the requirements for different types of elastic services and workloads [5]. In particular, single infrastructure providers must support dynamic service provisioning; quality-of-service (QoS) and service-level agreement (SLA) negotiation; service scalability [6].
2. RELATED WORK
the session key agreed by the server and the user the proposed schemes are novel based schemes which do not have serious synchronization problem [11]. The security of individual members two different key distribution protocols complying with the framework are introduced [12].
3. SYSTEM ARCHITECTURE
Cloud System Model explains that Group People may be a document owner document viewer group people will register their user particulars with the system administrator and receive user name and password for authentication and get the services from the cloud [13]. The development of electronic individual information leads to a pattern that
[image:2.612.198.417.288.472.2]information proprietors want to remotely redistribute their information to mists for the satisfaction in the astounding recovery also, capacity benefit without stressing the weight of neighborhood information administration and upkeep [14]. We evaluate the computation and communication costs in our design and conclude our design is effective and efficient for the enterprise users to share. Cloud services are provided by different cloud providers like Google, Microsoft, IBM, Amazon etc. cloud storage is used as a core technology of many online services for personal application. Nowadays it is easy to apply for free account creation for photo album, file sharing, face book and remote access [15].
Fig. 1. Cloud System Architecture
4. PROPOSED WORK
Authorized users are added by the organization need to access to their data. The user enters the query of file retrieval by inserting the keyword. Compare the entered keyword with the stored keyword [16]. Frequent upload/download operations is tremendous overhead for resource constrained wireless devices it is desirable to design a secure and efficient cloud data management scheme to balance the communication and storage operational overhead incurred by managing the
Fig. 2. Our Proposed Framework..
5. ENCRYPTION AND DECRYPTION
PROCESS
Encryption process is define by plain text message is converted into cipher text message and decryption process is define by cipher text message is converted into plain text message. New algorithms is used encryption and decryption process such as data encryption standard (DES) and advanced encryption standard (AES), RSA algorithm [19]. AES encryption and decryption process steps such as substitution bytes, shift rows, mix columns and add round key. Substitution byte, only one table is used for transformation o every byte, which means that if two bytes are the same and these transformation is also same [20]. We are using RSA encryption and decryption algorithm with exponentials. Plaintext is encrypted in blocks, with each block having a binary value less than some number. The blocks must be less than (or) equal to log2 (n), block size is i bits, where 2i <n.
1. Select p, q p!=q
2. Calculate n= p*q Φ(n)= (p-1) (q-1) 3. Select integer e, gcd(ϕ(n),e)≡1, 1<e 4. Calculate d, d≡e-1 (mod (ϕ(n))) 5. Public key PU = {e, n} e=encryption 6. Private key PR = {d, n} d=decryption.
The cryptographic tool facilitating search on encrypted data is referred to as searchable encryption. In this searchable encryption comes in two type’s symmetric and asymmetric encryption multiuser scenario, symmetric searchable encryption schemes can be used but they suffer from complicated secret key management.
A. Key Revocation Process
Fig. 3. A Sample Access Policy Tree.
6. EVALUATION RESULTS
The first present the security assessments of the presented solution we present the computation, communication, and storage performance evaluation. In the existing Systems, identity privacy is one of the most significant obstacles for the wide deployment of cloud computing. Without the guarantee of identity privacy, users may be unwilling to join in cloud computing systems because their real identities could be easily disclosed to cloud providers and attackers. Revocation mechanisms such as certificate revocation list, certificate revocation status, online certificate status protocol, certificate revocation tree,
security mediator. The Key revocation process is needed when sensitive data is placed on the cloud storage. Data retrieved process not only consist of retrieved of encrypted files from the cloud server and decrypted using respected private keys but the data are provided to the users upon the authentication of the hierarchical access control of cloud system. Cryptographic access control over untrusted storage is investigated in both cryptography community and networking community. In cryptography community, Broadcast Encryption (BE) was introduced compared with traditional one-to-one encryption schemes, BE is very efficient.
[image:4.612.194.419.476.649.2]7. CONCLUSION AND FUTURE WORK
Data owner who is existing in the group store their own data on the cloud server in the encrypted format. For encrypting the document Triple Data Encryption Standard algorithm is used. Revocation of the user will be achieved by system administrator will change the rights of the revoked user. To make the searching procedure user interactive, fuzzy keyword searching is introduced using the wildcard technique. Our performance assessments demonstrate the security strength and efficiency of our solution in terms of computation, communication, and storage. We defined a new paradigm of searchable encryption system, and proposed a concrete construction. It supports flexible multiple keywords subset search, and solves the key escrow problem during the key generation procedure. The systems try to provide rigorous security analysis, and perform extensive simulations to demonstrate the efficiency of our scheme in terms of storage and computation overhead. This algorithm is used for user friendly process and manner. Modification of blowfish algorithm is used to make secret key in that process, and it also allows only the authorized person to access the data at correct time. In future we can divide data into equal blocks and store into three different cloud using identity based of each user the cloud system becomes more resistant to different security attacks performed by unauthorized entities who try to disclose the sensitive user’s information for their benefits.
REFERENCES
[1] C. Wang, N. Cao, J. Li, K. Ren, W. Lou. “Secure ranked keyword search over encrypted cloud data”[C]//IEEE 30th Internationa lConference on Distributed Computing Systems (ICDCS), IEEE,2010: 253-262.
[2] R.Lu, X.Lin, X.Liang, and X.Shen, “Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing”, Proc. ACM Symp. Information, Computer and Comm. Security, pp. 282-292, 2010.
[3] B.Wang, B.Li, and H.Li, “Knox: Privacy - Preserving Auditing for Shared Data with Large Groups in the Cloud”, Proc. 10th Int’l Conf. Applied Cryptography and Network Security, pp. 507-525, 2012.
[4] M.Lori, “Data Security in The World of Cloud Computing”, co-published by the IEEE computer and reliability societies, pp 61-64, 2009.
[5] Zhifeng Xiao & Yang Xaio, “Security and Privacy in Cloud Computing”, IEEE communications survey and tutorials, vol. 15, No. 2, second quarter, 2013.
[6] M.Armbrust, A.Fox, R.Griffith, A.D.Joseph, R.H.Katz, A.Konwinski, G.Lee, D.A.Patterson, A.Rabkin, I.Stoica, and M.Zaharia, “A View of Cloud Computing” , Comm. ACM, vol. 53, no. 4, pp. 50-58, 2010
[7] Kashyap S.; Madan N. : “A Review on: Network Security and Cryptographic Algorithm”, in International Journal of Advanced Research in Computer Science and Software Engineering, April 2015, Volume 5, Issue 4, pp. 1414- 1418.
[8] Khan N.; Krishna R. C.; Khurana A. : “Secure Fuzzy Multi- Keyword Search over Outsourced Encrypted Cloud Data” in the proceedings of IEEE International Conference on Computer and Communication Technology (ICCCT), 2014, pp. 241-249.
[9] Kokane M.;Jain P.; Sarandhar P. : “Data Storage Security in Cloud Computing”, in International Journal of Advanced Research in Computer and Communication Engineering, March 2013, Volume 2, Issue 3, pp. 1388-1393.
[10] Krithika P.; Dilipan G.; Shobana M. : “Enhancing Cloud Computing Security for Data Sharing Within Group Mmebers” in IOSR Journa [11] C. Delerablee, P. Paillier, and D. Pointcheval. Fully collusion secure dy- ´ namic broadcast encryption with constant-size ciphertexts or decryption keys. Pairing-Based Cryptography– Pairing 2007, pages 39–59.
[12] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Over-encryption: management of access control evolution on outsourced data. In VLDB ’07: Proceedings of the 33rd international conference on Very large data bases, pages 123–134. VLDB Endowment, 2007. [13] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia. Dynamic provable data possession. In Proceedings of the 16th ACM conference on Computer and communications security, pages 213– 222. ACM, 2009.
[14] A. Fiat and M. Naor. Broadcast Encryption, Advances in CryptologyCrypto93. Lecture Notes in Computer Science, 773:480–491, 1994.
[15] A. Fiat and M. Naor. Broadcast Encryption, Advances in CryptologyCrypto93. Lecture Notes in Computer Science, 773:480–491, 1994.
[17]. X. Wang, X. Huang, X. Yang, L. Liu, X. Wu, “Further observation on proxy re-encryption with keyword search,” Journal of Systems and Software, 2012.
[18]. L. Fang, W. Susilo, C. Ge, J. Wang, “Public key encryption with keyword search secure against keyword guessing attacks without random oracle,” Information Sciences, 2013.
[19]. A. Sahai, B.Waters, “Fuzzy identity-based encryption,” in: EUROCRYPT, Springer, 2005. [20]. J. Han, W. Susilo, Y. Mu. “Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption,” IEEE Transactions on Information Forensics and Security, 2015.
[21] E.J. McCluskey. Minimization of Boolean functions. Bell System Technical Journal, 35(5):1417–1444, 1956.
[22] D. Naor, M. Naor, and J. Lotspiech. Revocation and tracing schemes for stateless receivers. Lecture Notes in Computer Science, pages 41–62, 2001. [23] A. Sahai and B. Waters. Fuzzy Identity-Based Encryption. In Advances in Cryptology–Eurocrypt, volume 3494, pages 457–473. Springer.
