Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing

Abstract:

              Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. This paper proposed some services for data security and access control when users outsource sensitive data for sharing on cloud servers. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine grained data access control to untrusted cloud servers without disclosing the underlying data contents. Our proposed scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability and achieves fine - graininess, scalability and data confidentiality for data access control in cloud computing. Extensive analysis shows that our proposed scheme is highly efficient and provably secures under existing security models.

Advantages

·        Low initial capital investment

·        Shorter start-up time for new services

·        Lower maintenance and operation costs

·        Higher utilization through virtualization

·        Easier disaster recovery

Existing System:

             Our existing solution applies cryptographic methods by disclosing data decryption keys only to authorized users. These solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine grained data access control is desired, and thus do not scale well.

Proposed System:

             In order to achieve secure, scalable and fine-grained access control on outsourced data in the cloud, we utilize and uniquely combine the following three advanced cryptographic techniques:

·        Key Policy Attribute-Based Encryption (KP-ABE).

·        Proxy Re-Encryption (PRE)

·        Lazy re-encryption

Module Description:

1) Key Policy Attribute-Based Encryption (KP-ABE):

                     KP-ABE is a public key cryptography primitive for one-to-many communications. In KP-ABE, data are associated with attributes for each of which a public key component is defined. User secret key is defined to reflect the access structure so that the user is able to decrypt a cipher text if and only if the data attributes satisfy his access structure. A KP-ABE scheme is composed of four algorithms which can be defined as follows:

·        Setup Attributes

·        Encryption

·        Secret key generation

·        Decryption

Setup Attributes:

                   This algorithm is used to set attributes for users. From these attributes public key and master key for each user can be determined. The attributes, public key and master key are denoted as

                Attributes- U = {1, 2. . . N}

                Public key- PK = (Y, T1, T2, . . . , TN)

                Master key- MK = (y, t1, t2, . . . , tN)

Encryption:

                  This algorithm takes a message M, the public key PK, and a set of attributes I as input. It outputs the cipher text E with the following format:

                                      E = (I, ˜ E, {Ei}i )

where ˜E = MY, Ei = Ti.

Secret key generation:

         This algorithm takes as input an access tree T, the master key MK, and the public key PK. It outputs a user secret key SK as follows.

                                   SK = {ski}

  

Decryption:

                 This algorithm takes as input the cipher text E encrypted under the attribute set U, the user’s secret key SK for access tree T, and the public key PK.

Finally it output the message M if and only if U satisfies T.

2) Proxy Re-Encryption (PRE):

              Proxy Re-Encryption (PRE) is a cryptographic primitive in which a semi-trusted proxy is able to convert a cipher text encrypted under Alice’s public key into another cipher text that can be opened by Bob’s private key without seeing the underlying plaintext. A PRE scheme allows the proxy, given the proxy re-encryption key

                                                    rka↔b,

to translate cipher texts under public key pk1 into cipher texts under public key pk2 and vise versa.

3) Lazy re-encryption:

               The lazy re-encryption technique and allow Cloud Servers to aggregate computation tasks of multiple operations. The operations such as

§  Update secret keys

§  Update user attributes.

System Requirements:

Hardware Requirements:

•         System                        : Pentium IV 2.4 GHz.

•         Hard Disk        : 40 GB.

•         Floppy Drive   : 1.44 Mb.

•         Monitor           : 15 VGA Colour.

•         Mouse             : Logitech.

•         Ram                 : 512 Mb.

Software Requirements:

•         Operating system        : - Windows XP.

•         Coding Language       : DOT NET

•         Data Base                    : SQL Server 2005