Attribute based encryption

user authentication to adapt the unstable connectivity situation. However, to adopt Stand-Alone Authentication (SAA) the authentication information between users and designated Fog devices need to be protected. A common approach to share data securely with a designated party is encryption, but PKI-based authentication is not efficient in Fog Computing. Because in Fog Computing, which usually in- volves a large and dynamic information system for example the smart grid, there are a large number of Fog devices that provides different types of services in dif- ferent locations, while users’ access abilities to these Fog devices also vary due to different roles or how much money they paid. As an example, Alice can have SAA only with ‘Fog devices of Type A OR Type B in All Areas’, but another user Bob can have SAA with ‘Fog devices of all types but only in Area C’. To overcome this obstacle, a recently introduced cryptographic primitive Attribute-based Encryption is adopted[YLL + 15, YZL + 16], which allows flexible one-to-many encryption without prior knowledge of who will be receiving the data.

A first step in addressing this problem of trust is to only store information in encrypted form. However, data access is not static – as employees are hired, fired or promoted, it will be necessary to change who can access certain data. A natural solution to this problem is to have users authenticate their credentials before giving them access to data; but such an approach requires a great deal of trust in the server: a malicious party may be able to penetrate the server and bypass authentication by exploiting software vulnerabilities. A solution that avoids this problem is to use cryptographi- cally enforced access control such as attribute-based encryption (ABE) [23]. However, this fails to address the problem that the credentials of a user may change with time. This problem motivated the study of revocation [5] where a periodic (e.g., nightly) key update would only allow non-revoked users to update their keys to decrypt newly encrypted data. Dynamic credentials in the context of stored data, however, present novel challenges that have not been considered in previous studies on revocation. Take the following example.

The main goal of this framework is to that provide security for accessing the data and management of data same time. The idea is divided the system into two parts i.e. public domain and private domain. Public domain consists of doctors, nurses and insurance companies. In personal domain user can give the authority for accessing or updating of data to its friend or closed relative. In this both type we use ABE (attribute based encryption) for encrypting or decrypting the data. User in public domain access data with secret key indirectly by interact with system. The public domain consists no of user so it reduces the key management in both owner and user. Each data owner is trusted of its own personal domain, which manage secret key and access the data. In personal domain attribute refers to intrinsic property of data. The user in personal domain is less so it reduces the burden of the owner. When encrypting the data owner need intrinsic properties.

Numerous encryption procedures have been utilized to put away information on cloud to peruse the information while performing calculations on the information. By utilizing Attribute based encryption conspire, the cloud gets figure content of the information and performs calculations on the figure content and returns the encoded estimation of the outcome to client then the client can decipher the outcome, despite the fact that the cloud does not comprehend what information it has worked on. RELATED WORKS

The remainder of this paper is organized as follows. In Section II relevant mathematical concepts and definitions used throughout this paper are given. Sections III and IV present several implementation notes about the best methods for computing auxiliary building blocks for pairing-based protocols and the computation of bilinear pairings in different settings, respectively. Section V describes a Type 3 version of Water’s attribute-based encryption scheme [52]. The computational timings achieved by our software are reported in Section VI, and conclusions are drawn in Section VII.

Our Results. We present a new methodology for constructing Attribute-Based Encryption sys- tems for circuits of arbitrary fanout. Our method is described using multilinear maps. Cryp- tography with multilinear maps was first postulated by Boneh and Silverberg [BS02] where they discussed potential applications such as one round, n-way Diffie-Hellman key exchange. However, they also gave evidence that it might be difficult or not possible to find useful multilinear forms within the realm of algebraic geometry. For this reason there has existed a general reluctance among cryptographers to explore multilinear map constructions even though in some constructions such as the Boneh-Goh-Nissim [BGN05] slightly homomorphic encryption system, or the Boneh-Sahai- Waters [BSW06] Traitor Tracing scheme, there appears to exist direct generalizations of bilinear map solutions.

Abstract. In this work, we aim to make attribute-based encryption (ABE) more suitable for access control to data stored in the cloud. For this purpose, we concentrate on giving to the encryptor full control over the access rights, providing feasible key management even in case of multiple independent authorities, and enabling viable user revocation, which is essential in practice. Our main result is an extension of the decentralized CP-ABE scheme of Lewko and Waters [LW11] with identity-based user revocation. Our revocation system is made feasible by removing the computational burden of a revocation event from the cloud service provider, at the expense of some permanent, yet acceptable overhead of the encryption and decryption algorithms run by the users. Thus, the computation overhead is distributed over a potentially large number of users, instead of putting it on a single party (e.g., a proxy server), which would easily lead to a performance bottleneck. The formal security proof of our scheme is given in the generic bilinear group and random oracle models.

Available online: https://pen2print.org/index.php/ijr/ P a g e | 1402 against the aforementioned threats, we need an efficient security mechanism that can satisfy the primary security requirements. Attribute-Based Encryption (ABE) developed by it is a promising solution that can provide some of the security requirements. ABE is a public key based on one- to-many encryption that employs the user's identity as an attribute. In ABE, a set of attributes and a private key computed from the attributes are respectively used for encryption and decryption. There are two main types of ABE systems: Key-Policy ABE (KP-ABE) and Cipher text- Policy ABE (CP-ABE). In KP-ABE the roles of the attributes are used to describe the cipher text and anaccess policy is associated with the user's private key; while in CP-ABE the attributes are associated with the user's private key and the cipher text is associated with an access policy. In this paper, we develop an encrypted key exchange protocol based on Cipher text-Policy Attribute Based Encryption (CP-ABE) to enable authenticated and confidential communications between fog nodes and the cloud.

Attribute-based encryption (ABE) which allows users to encrypt and decrypt messages based on user attributes is a type of one-to-many encryption. Unlike the conventional one-to-one en- cryption which has no intention to exclude any partners of the intended receiver from obtaining the plaintext, an ABE system tries to exclude some unintended recipients from obtaining the plaintext whether they are partners of some intended recipients. We remark that this require- ment for ABE is very hard to meet. An ABE system cannot truly exclude some unintended recipients from decryption because some users can exchange their decryption keys in order to maximize their own interests. The flaw discounts the importance of the cryptographic primitive. Keywords. Attribute-based encryption; one-to-one encryption; one-to-many encryption;

[12] Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, pp. 321–334. IEEE Press, Los Alamitos(2007) [13] Boneh, D., Hamburg, M.: Generalized identity based and broadcast encryption scheme. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 455–470. Springer, Heidelberg(2008) [14] Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 535–554. Springer, Heidelberg (2007)

Attribute Based Encryption is one the cryptographic policy which is mainly suitable for access control in cloud storage system. In the existing ABE system, CP-ABE (Cipher text Policy Attribute Based Encryption) and KP-ABE (Key policy Attribute Based Encryption) are presented. Here the key-issuing policy and decryption are very high because of high expressiveness of the ABE (Attribute Based Encryption); also third party of the system is easily accepting the data and also modifies the data. There is a chance here that if the users are increases, then the AA (Attribute Authority) system will be overloaded some times for the key issuing and key modification for the user. So, the system is very slow due to these reasons. To reduce all these, we can propose the outsourced attribute based encryption here. The key issuing process and decryption are given to the KGSP (Key Generation Service Provider) and DSP (Decryption Service Provider) respectively to make the system secure and leaving only the simple operations to the AA (attribute authority). That means reduce the overloaded operation at the attribute authority side and also we can get the check ability results correct in this process.

The work focuses on improving the existing security solutions using some of the modified policies and generation methodologies. But for cloud computing, where the data and its total controls are distributed over some third party servers that reduce trust over the system. To increase these factors and reliability over the system, some modified and well-performed encryption standard is required in which security operations do not bother other services. Also, when a user places their data on a cloud after encrypting, and for retrieving it data decryption is required each time even for a small change. User needs to provide some functionality by which certain level of Security can be enhanced. This can be achieved by using. In homorphic encryption some mathematical operations are applied to encrypted cipher blocks and can be retrieved. But existing systems with this property is not practically developed till now. Some extents of this property are achieved. Thus this work focuses on achieving Attribute Based Encryption (ABE).

In ABE, an arrangement of qualities and a private key registered from the characteristics are individually utilized for encryption and decoding. There are two primary kinds of ABE frameworks: Key-Policy ABE (KP-ABE) and Cipher content Policy ABE (CP-ABE). In KP-ABE the parts of the credits are utilized to depict the figure content and an access arrangement is related with the client's private key; while in CP-ABE the properties are related with the client's private key and the figure content is related with an access strategy. In this paper, we build up an encoded key trade convention in light of Cipher Content Policy Attribute Based Encryption (CP-ABE) to empower validated and condential interchanges between fog nodes and the cloud. The major drawback of this existing system is the convention builds up secure correspondences to trade the mutual key that can be utilized to scramble and decode the traded data. Each fog node can get the common key just if the fog node fulfills the arrangement denned over a set of attributes which is attached to the cipher text.

popular for data owners to outsource their data to public cloud servers while allowing intended data users to retrieve these data stored in the cloud. This kind of computing model brings challenges to the security and privacy of data stored in the cloud. Attribute-based encryption (ABE) technology has been used to design a fine-grained access control system, which provides one good method to solve the security issues in the cloud setting. However, the computation cost and ciphertext size in most ABE schemes grow with the complexity of the access policy. Outsourced ABE (OABE) with fine-grained access control system can largely reduce the computation cost for users who want to access encrypted data stored in the cloud by outsourcing the heavy computation to cloud service provider (CSP). However, as the amount of encrypted files stored in the cloud is becoming very huge, which will hinder efficient query processing. To deal with the above problem, we present a new cryptographic primitive called attribute-based encryption scheme. The proposed ABE scheme is proved secure against chosen- plaintext attack (CPA). CSP performs partial decryption task delegated by data user without knowing anything about the plaintext. Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in the trapdoor.

Cloud computing is emerging paradigm provides various IT related services. The security and privacy are two major factors that inhibits the growth of cloud computing. Security factors are reasons behind lesser number real time and business relates cloud application compared to consumer related cloud application.Firstly,the pros and cons of different Attribute based encryption methods are analyzed.Secondly,a new encryption method based on Attribute Based Encryption (ABE) using hash function, digital signature and asymmetric encryption scheme has been proposed.Our proposed algorithm is simplified yet. efficient algorithm that can implemented for cloud critical application

We conclude by remarking that while this work focuses on Attribute-Based Encryption and One-sided Predicate Encryption, we believe our transformation could apply to other specialized forms of encryption. For example, we believe it should immediately translate to any secure broadcast encryption [FN94] system. As another example, we believe our technique should also apply to ABE systems that are IND-CPA secure under a bounded number of key generation queries. Our technique, however, does not appear to apply to standard predicate encryption as defined in [BW07, KSW08] (notions very similar to full blown functional encryption). The core issue is that to test the validity of a ciphertext our decryption algorithm needs to obtain the attribute string x to perform re-encryption. In one-sided predicate encryption, if a user has a secret key for C and C(x) = 1 we essentially give up on hiding x and allow this to be recovered; whereas for full hiding we might want to still hide information about x even if C(x) = 1.

Due to emerging technologies day today life has become faster. Now a day people want to store their data on cloud. Cloud is an Internet storage area where users can use storage efficiently and the services of cloud without having to worry about how they work. We can say that cloud is an abstraction for internet. Now a day attribute based encryption has paid a lot of attention. The main goal was to provide security and access control.In this scheme it allows encryption and decryption of data that depends on attributes of users. Policy has been defined here associated with access tree structure. The ciphertext produced will be accessible by user only if the policy is satisfied[12].

User who have attain to access the cloud storage have to register their details to the respective number of KDC. When user want to upload the file to the cloud database have to submit their identity to the trustee which responsible for issuing the token to the user. After user receiving the token from the trustee, then login into the KDC with their credentials for requesting it to give attributes and keys for file storage. User submits the token given by trustee to KDC. The token verification algorithm verifies the signature contained in token using the signature verification key. If the token is valid, then KDC will provide the two public and three secret key for encryption and decryption by executing paillier key generation algorithm and also signing key for signing the message using secure hash function algorithm. The keys size will be larger than the existing system, which enables the strong security. After users received the keys, the files are encrypted with the public keys and set their Access policies (privileges).The creator of the data then creates an access policy X which is in form of monotone Boolean function. The message is then encrypted under the access policy is called as Attribute based Encryption. Then signs the message and calculate the message signature by using secure hash function which is called as Attribute based Signature.

In [1], Kabilan N proposed the concept of using advanced encryption standard [AES] for sharing the personal health records securely in untrusted servers, like third party servers. In this paper Kabilan N is mainly focused on security for PHR information. Advanced encryption standard algorithm is useful for handling the multiple authorities to provide security to PHR information from untrusted users. But in this model key maintenance and distribution is very difficult task. Comparing between Advanced encryption and Attribute based encryption algorithms, Attribute based algorithm gives more performance and reliability.

The access formula of access structure in user’s private key can represent any type through attributes such as negative ones. It is different from the previous attribute- based encryption scheme. The previous schemes are like KP-ABE scheme, and the access structure in user’s private key has monotonic access formula. No negative at- tributes exist in it. Apart from this, the access structure of this scheme is the same as the access structure of KP- ABE scheme. There is a Boolean formula such as And, OR, and threshold gates in these access structures, but there is a boolean formula, NOT in access structure of this scheme. However, other schemes do not include it. There is an example for this scheme. If a teacher in department of information management wants to share the data with students, he will set a set of attributes in the encrypted data. And there is an access structure, {MISVStudent} in students’ private key. But the teacher doesn’t want graduates to access this data, he adds NOTgraduate to the access structure.