Flexible and fine grained attribute-based data storage in cloud computing
0 likes290 views
The document discusses a Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme for cloud storage, focusing on efficient user revocation in response to the challenges posed by existing attribute-based encryption methods. Key features include outsourcing encryption and decryption tasks to cloud service providers to reduce computational burdens on users, and protecting against collusion attacks by ensuring unique private keys tied to user identities. The proposed solution aims to enhance system efficiency and security for resource-constrained devices, making it suitable for applications requiring fine-grained access control in cloud environments.
Flexible and fine grained attribute-based data storage in cloud computing
- 1. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com FLEXIBLE AND FINE-GRAINED ATTRIBUTE-BASED DATA STORAGE IN CLOUD COMPUTING ABSTRACT: With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions. To guarantee the security and achieve flexibly fine-grained file access control, attribute based encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation can be solved efficiently by introducing the concept of user group. When any user leaves, the group manager will update users’ private keys except for those who have been revoked. Additionally, CP-ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access structure. To reduce the computation cost, we outsource high computation load to cloud service providers without leaking file content and secret keys. Notbaly, our scheme can withstand collusion attack performed by revoked users cooperating with existing users. We prove the security of our scheme under the divisible computation Diffie-Hellman (DCDH) assumption. The result of our experiment shows computation cost for local devices is relatively low and can be constant. Our scheme is suitable for resource constrained devices. EXISTING SYSTEM: Boldyreva et al. presented an IBE scheme with efficient revocation, which is also suitable for KP-ABE. Nevertheless, it is not clear whether their scheme is suitable for CP-ABE. Yu et al. provided an attribute based data sharing scheme with attribute revocation ability. This scheme was proved to be secure against chosen plaintext attacks (CPA) based on DBDH assumption. However, the length of cipher text and user’s private key are proportional to the number of attributes in the attribute universe.
- 2. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com Yu et al. designed a KP-ABE scheme with fine-grained data access control. This scheme requires that the root node in the access tree is an AND gate and one child isa leaf node which is associated with the dummy attribute. In the existing scheme, when a user leaves from a user group, the group manager only revokes his group secret key which implies that the user’s private key associated with attributes is still valid. If someone in the group intentionally exposes the group secret key to the revoked user, he can perform decryption operations through his private key. To clarify this attack, a concrete instance is given. Assume that the data is encrypted under the policy “professor AND cryptography” and the group public key. Suppose that there are two users: user1and user2 whose private keys are associated with the attribute sets {male, professor, cryptography} and {male, student, cryptography} respectively. If both of them are in the group and hold the group secret key, then user1can decrypt the data but user2can’t. When user1is revoked from the group, he can’t decrypt alone because he does not have the updated group secret key. However, the attributes of user1are not revoked and user2 has the updated group secret key. So, user1can collude with user2 to perform the decryption operation. Furthermore, security model and proof were not provided in their scheme. DISADVANTAGES OF EXISTING SYSTEM: It is expensive in communication and computation cost for users. Unfortunately, ABE scheme requires high computation overhead during performing encryption and decryption operations. This defect becomes more severe for lightweight devices due to their constrained computing resources. There is a major limitation to single-authority ABE as in IBE. Namely, each user authenticates him to the authority, proves that he has a certain attribute set, and then receives secret key associated with each of those attributes. Thus, the authority must be trusted to monitor all the attributes. It is unreasonable in practice and cumbersome for authority. PROPOSED SYSTEM:
- 3. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com In this system, we focus on designing a CP-ABE scheme with efficient user revocation for cloud storage system. We aim to model collusion attack performed by revoked users cooperating with existing users. Furthermore, we construct an efficient user revocation CP-ABE scheme through improving the existing scheme and prove our scheme is CPA secure under the selective model. To solve existing security issue, we embed a certificate into each user’s private key. In this way, each user’s group secret key is different from others and bound together with his private key associated with attributes. To reduce users’ computation burdens, we introduce two cloud service providers named encryption-cloud service provider (E-CSP) and decryption-cloud service provider (D- CSP). The duty of E-CSP is to perform outsourced encryption operation and D-CSP is to perform outsourced decryption operation. In the encryption phase, the operation associated with the dummy attribute is performed locally while the operation associated with the sub-tree is outsourced to E-CSP. T ADVANTAGES OF PROPOSED SYSTEM: Reduce the heavy computation burden on users. We outsource most of computation load to E-CSP and D-CSP and leave very small computation cost to local devices. Our scheme is efficient for resource constrained devices such as mobile phones. Our scheme can be used in cloud storage system that requires the abilities of user revocation and fine-grained access control.
- 4. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com SYSTEM ARCHITECTURE:
- 5. #13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore – 6. Off: 0416-2247353 / 6066663 Mo: +91 9500218218 Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com SYSTEM REQUIREMENTS: HARDWARE REQUIREMENTS: System : Pentium Dual Core. Hard Disk : 120 GB. Monitor : 15’’ LED Input Devices : Keyboard, Mouse Ram : 1GB. SOFTWARE REQUIREMENTS: Operating system : Windows 7. Coding Language : JAVA/J2EE Tool : Netbeans 7.2.1 Database : MYSQL