• No results found

An Efficient Study of Revocable Data Access Control For Secure Cloud Storage

N/A
N/A
Protected

Academic year: 2020

Share "An Efficient Study of Revocable Data Access Control For Secure Cloud Storage"

Copied!
5
0
0

Loading.... (view fulltext now)

Full text

(1)

An Efficient Study of Revocable Data Access Control For Secure

Cloud Storage

Devarakonda Sravan Kumar & Ch.Sandeep

1

M.Tech student,SE, S.R. ENGINEERING COLLEGE,India

2

Senior Associate professor,S.R. ENGINEERING COLLEGE , India

ABSTRACT: Distributed computing provides a fictile and cheap route for info sharing, that carriesseveralreimbursements for each the societyand individuals. In any case, there exists a characteristic resistance for purchasers to specifically source the mutual info to the cloud server since the dataoften contain vital info.However they're the foremost ratedtechnology faces the difficulties of protection and securityas it shares physical assets within the inside of multipleuntrusted occupants. thus to see the protection and privacyconcerns, intense specialists that distributedisparate ascribes are used to ensure safe repositing. every professional able to issue characteristics autonomously. Itsuits the data get to manage by having quality basedencryption. within the planned conspire to boot have revocableaccess management on premise of disavowed characteristics.

KEYWORDS-Access control, ABE, attribute revocation, cloud storage.

I. INTRODUCTION

Cloud calculation capability and massive memory vary at a coffee registering may be a worldview that gives massivevalue [1]. It empowers shoppers to urge inexplicit offerings irrespectiveof time and place during 2 or 3 frameworks (e.g., mobiledevices, non-public laptop frameworks), and as a result conveys impeccable accommodation to cloud shoppers. Among various offerings providedby utilizing distributed computing, cloud carport benefit, including Apple'siCloud [2], Microsoft's Azure [3] and Amazon's S3 [4], canoffer a more bendy and simple way to rate records over theInternet, which manages different advantages for our general public

[5],[6]. In any case, it additionally experiences a few security threats,which can be the essential issues of cloud clients [7].Firstly, outsourcing records to cloud server suggests that information is out oversee of clients. This may furthermore cause clients' dithering because of the reality thatthe outsourced records regularly join loved and touchy information. what is more, info sharing is as typically as potential implementedin associate open and unfavorable setting, associated cloud servercould rise as an objective of assaults. astonishingly additional terrible, cloud serveritself will likewise screen clients' knowledge for unlawful financial gain. Thirdly, factssharing isn't static. That is, whereas a client's authorizationgets nonchurchgoing, he/she ought to at no time within the future have the privilegeof reaching to the once within the past and within the long-standing time shared knowledge.Therefore, within the in the meantime as outsourcing info to cloud server, shoppers alsowant to regulate inspire section to those info with the top goal that exclusive thosepresently legitimate shoppers will rate the outsourced knowledge.Furthermore, to beat the higher than security dangers, such kind of character basedaccess management assail the common info ought to meet thefollowing security objectives:

• knowledge classification: Unauthorized shoppers got to beprevented from reaching to the plaintext of the shareddata place away within the cloud server. what is more, the cloudserver, that ought to be simple nonetheless curious,should likewise be deflected from knowing plaintext ofthe shared info. \

(2)

unbroken from reaching to the plaintext of the during this manner shared info that square measure still disorganised beneath his/heridentity.

• Forward mystery: Forward mystery implies that, whena client's power is terminated, or a client's mystery keyis listed off, he/she got to be counteracted fromaccessing the plaintext of the mutual info that may bepreviously ought to by him/her. As indicatedin Fig.1, a RIBE-based info sharing framework works asfollows:

Step 1: the data provider (e.g., David) initial chooses theusers (e.g., Alice and Bob) United Nations agency will share the information.Then, David encodes the data beneath the identitiesAlice and Bob, and transfers the ciphertext of theshared info to the cloud server.

Step 2: once either Alice or Bob must get the shareddata, she or he will transfer and decipher the scrutiny ciphertext. however, for associate unauthorizeduser and also the cloud server, the plaintext of the shareddata isn't accessible.

Step 3: from time to time, e.g., Alice's approval gets nonchurchgoing, David will transfer the ciphertext of theshared info, associated afterwards decipher then-re-scramble theshared info to such an extent that Alice is avoided fromaccessing the plaintext of the common info, and thenupload the re-encoded info to

the cloud

serveragain.

Fig. 1. A natural RIBE-based data sharing system

II. RELATED WORKS

Jianghong Wei, Wenfen Liu, Xuexian Hu proposed in paper “Secure Data Sharing in Cloud Computing Using Revocable-StorageIdentity-Based Encryption” proves cloud computing brings great convenience for people. Particularly, it perfectly matches theincreased need of sharing data over the Internet. In this paper, to build a cost-effective and secure data sharing system in cloudcomputing, they proposed a notion called RS-IBE, which supports identity revocation and ciphertext update simultaneously suchthat a revoked user is prevented from accessing previously shared data, as well as subsequently shared data. Furthermore, a concreteconstruction of RS-IBE is presented. [8]

Pietro and Sorniotti proposed in paper “Boosting Efficiency and Security in Proof of Ownership for Deduplication” proves anotherproof of ownership scheme which improves the efficiency. Xu et al.[10] proposed a client-side deduplication scheme for encrypteddata, but the scheme employs a deterministic proof algorithm which indicates that every file has a deterministic short proof. Thus,anyone who obtains this proof can pass the verification without possessing the file locally. Other deduplication schemes forencrypted data were proposed for enhancing the security and efficiency. Note that, all existing techniques for cross-userdeduplication on the client-side were designed for static files. Once the files are updated, the cloud server must regenerate thecomplete authenticated structures for these files, which causes heavy computation cost on the server-side. [9]

(3)

data. Among them, the schemein is the most efficient solution in practice. However, the scheme is stateful, which requires users to maintain some state informationof their own files locally. Hence, it is not appropriate for a multiuser environment. Halevi et al. introduced the concept of proof ofownership which is a solution of cross-user deduplication on the client-side. It requires that the user can generate the Merkle treewithout the help from the cloud server, which is a big challenge in dynamic PoS. [11]

Zheng and Xu proposed in paper “Secure and efficient proof of storage with deduplication” proves a solution called proof of storagewith deduplication, which is the first attempt to design a PoS scheme with deduplication. Du et al. Introduced proofs of ownershipand retrievability, which are like but more efficient in terms of computation cost. Note that neither can support dynamic operations.Due to the problem of structure diversity and private tag generation, cannot be extended to dynamic PoS. Wang et al. and Yuan andYu considered proof of storage for multi-user updates, but those schemes focus on the problem of sharing files in a group.

Deduplication in these scenarios is to deduplicate files among different groups. Unfortunately, these schemes cannot supportdeduplication due to structure diversity and private tag generation. In this paper, they consider a more general situation that everyuser has its own files separately. [12]

Jingwei Li, Jin Li, DongqingXie, and Zhang Cai “Secure Auditing and Deduplicating Data in cloud” proves both data integrity anddeduplication in cloud, they propose SecCloud and SecCloud+. SecCloud introduces an auditing entity with maintenance of aMapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been storedin cloud. In addition, SecCloud enables secure deduplication through introducing a PoS protocol and preventing the leakage of sidechannel information in data deduplication. Compared with previous work, the computation by user in SecCloud is greatly reducedduring the file uploading and auditing phases.

III. PROPOSEDWORK

The proposed revokable combined authorityscheme is AN economical methodology to resolve the attributerevocation downside within the system. The user’s secretkey isn't associated with the owner’s key, so onlyuser must hold one secret key from every authority instead of multiple keys from multiple owners.

Fig. 2.revocable compounded authorityscheme Specifically the ciphertext related to revokedattribute alone got to be updated. and particularly the same key used for each secret key and ciphertextupdate. It greatly improve the quality of theaccess management theme conjointly resolves the

looks of

same attributes and provides the disparate attribute.

Backward Security: The revoked user cannot decodeany new ciphertext that needs the revoked attributeto decrypt.Forward Security: The freshly joined user will alsodecrypt the antecedently printed ciphertexts, if it hassufficient attributes.

(4)

update by Nonrevoked users and Ciphertext update by server.Though they need storage overhead over every user,each AD and also cloud service provider

Fig. 3. Proposed framework

The main entity is that the international trustworthy authority in thesystem. It accepts the registration of all users andAD’s within the system. It delivers the distinctive useridentity to any or all users and conjointly generates international publickey for this user. they're not in the least concerned in theattribute management and creation of secret keys.Every Attribute Distributor is associate independentauthority that is liable for entitling andrevoking users attributes. every AD will manage anarbitrary variety of attributes however each attribute isassociated with single AD. they need full controlover the linguistics of its attributes. every user has aglobal identity and registered with set of attributes.They conjointly receive secret key related to itsattributes entitled by the corresponding attributeauthorities. every information homeowners create information intofragments and code them consequently with contentkeys. They conjointly outline the access policies overattributes from multiple AD’s and code contentkeys underneath the policies. the sole issue that is theuser’s attributes should satisfy the access policydefined within the ciphertext.

IV. CONCLUSION

Thus the combined authority ABE supportsresourceful attribute revocation. The user United Nations agency gotresigned from surroundings get updated by newupdate key, and with new set of keys having attributematched with access policy they will over again decryptthe information from cloud. so they supply effectiveaccess management which might be applied in any remotestorage and on-line social networks.

REFERENCES

[1] L. M. Vaquero, L. Rodero-Merino, J. Caceres, and M. Lindner, “Abreak in the clouds: towards a cloud definition,” ACM SIGCOMMComputer Communication Review, vol. 39, no. 1, pp. 50–55, 2008.

[2] iCloud. (2014) Apple storage service.[Online]. Available:https://www.icloud.com/

[3] Azure. (2014) Azure storage service.[Online]. Available:http://www.windowsazure.com/

[4] Amazon. (2014) Amazon simple storage service (amazon s3).[Online]. Available:

http://aws.amazon.com/s3/

[5] K. Chard, K. Bubendorfer, S. Caton, and O. F. Rana, “Social cloudcomputing: A vision for socially motivated resource sharing,”Services Computing, IEEE Transactions on, vol. 5, no. 4, pp. 551– 563,2012.

[6] C. Wang, S. S. Chow, Q. Wang, K. Ren, and W. Lou, “Privacypreserving public auditing for secure cloud storage,” Computers,IEEE Transactions on, vol. 62, no. 2, pp. 362–375, 2013.

[7] G. Anthes, “Security in the cloud,” Communications of the ACM,vol. 53, no. 11, pp. 16– 18, 2010.

(5)

[9] R. Di Pietro and A. Sorniotti, “Boosting Efficiency and Security in Proof of Ownership for Deduplication,” in Proc. of ASIACCS, pp. 81–90, 2012.

[10] J. Xu, E.-C. Chang, and J. Zhou, “Weak leakage-resilient clientside deduplication of encrypted data in cloud storage,” in Proc. of ASIACCS, pp. 195–206,2013.

[11] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proc. of CCS, pp. 598–609, 2007.

[12] Q. Zheng and S. Xu, “Secure and efficient proof of storage with deduplication,” in Proc. of CODASPY, pp. 1–12, 2012.

[13] M. Chase, “Multi-/authority Attribute Based Encryption” inproc 4thTheory of Cryptography, 2007.

[14] A.B. Lewko and B. Waters, “Decentralizing Attribute BasedEncryption” in proc advances in cryptology 2011.

Figure

Fig. 1. A natural RIBE-based data sharing system
Fig. 2.revocable compounded authorityscheme  Specifically the ciphertext related to revokedattribute alone got to be updated
Fig. 3. Proposed framework

References

Related documents

TylerWeb pm Original Article The dynamic nature of mollusc egg surface architecture and its relation to the microtubule network SHEENA E B TYLER* and SUSAN J KIMBER Faculty of Life

PG Student, Department Of EEE , Sethu institute of technology, Madurai, India. Associate professor, Department Of EEE, Sethu institute of technology, Madurai, India.. component

The RC beams reinforced with C - bars tested for flexural strength and compared with conventional RC beam reinforced with Fe 500 grade steel.. Mild steel has higher

Not now but later ? a qualitative study of non exercising pregnant women?s views and experiences of exercise RESEARCH ARTICLE Open Access Not now but later ? a qualitative study of

Open building case studies were primarily used to compare and contrast various approaches and summarise the best design strategies for high rise living.. There

Today, the term ―fresh-pack‖ is used to refer to vegetables (most often pickles) which have been packed in jars, filled with vinegar and flavorings, then pasteurized to produce

Figure 6.13 - Fundamental Resonant Frequency of long 50 μ m wide aluminum coated silicon nitride bridges as a function of bridge length. Error bars represent one standard deviation

a) To develop profile of contractual claim in term of head of claim, causes of claim, type of project, parties involved, standard form of contract, time of