DECENTRALIZED ATTRIBUTE-BASED ENCRYPTION AND DATA SHARING SCHEME IN CLOUD STORAGE

Transcription

1 DECENTRALIZED ATTRIBUTE-BASED ENCRYPTION AND DATA SHARING SCHEME IN CLOUD STORAGE ABSTRACT We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority. In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority tied together different components (representing different attributes) of a user s private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers. Cipher text-policy attribute-based encryption (CPABE) is a very promising encryption technique for secure data sharing in the context of cloud computing. Data owner is allowed to fully control the access policy associated with his data which to be shared. However, CP-ABE is limited to a potential security risk that is known as key escrow problem whereby the secret keys of users have to be issued by a trusted key authority. Besides, most of the existing CP-ABE schemes cannot support attribute with arbitrary state. The performance analysis and security proof show that the proposed scheme is able to achieve efficient and secure data sharing in cloud computing.

2 EXISTING SYSYTEM A new scheme based on multi- authority CPABE, this scheme uses CA only in the initialization phase. CA distributes the public parameters and verifies AAs according to the user s request. A DAC-MACS algorithm, CA is responsible for the generation of the global public key and private key and distribute a unique identity for the user and all the AAs. AAs issue attributes and generate attribute keys for each user. Multi-authority ABE access control scheme, CA is responsible for authenticating all the AAs and users. In addition, CA also assigns GID for users and AID to each AA. When an attribute revocation occurs, the corresponding authority only need to change its version key and generate an update key. The server re-encrypt the ciphertext using proxy encryption method. DISADVANTAGES OF EXISTING SYSTEM: Security and integrity is low. Maintenance cost is high.

3 PROPOSED SYSTEM: The performance analysis and security proof show that the proposed scheme is able to achieve efficient and secure data sharing in cloud computing. If our proposed scheme is deployed, the can be simplified as since the attribute denotes the minimum level in the access policy and includes by default. We further propose an extensive data access control scheme (EDAC-MACS), which is secure under weaker security assumptions. Therefore, the storage overhead of the corresponding cipher text and the computational cost used in encryption can be reduced. An anonymous private key generation protocol for IBE where a KA can issue private key to an authenticated user without knowing the list of the user s identities. Proposed an arbitrary-state ABE to solve the issue of the dynamic membership management. In this paper, a traditional attribute is divided to two parts: attribute and its value. ADVANTAGES OF PROPOSED SYSTEM: Security is high. Maintenance cost is low.

4 SYSTEM ARCHITECTURE

5 SYTEM REQUIREMENTS: HARDWARE REQUIREMENTS: System Speed - Pentium-IV - 2.4GHZ Hard disk - 40GB RAM - 512MB SOFTWARE REQUIREMENTS: Operating System - Windows XP Coding language - Java IDE - Netbeans DataBase - MYSQL

6 REFERENCE [1] J. Bethencourt, A. Sahai, B. Waters. Ciphertext- policy Attribute-based Encryption. Proceedings of IEEE Symposium Security and Privacy. Berkeley, CA, pp , [2] B. Waters. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. Proceedings of Public Key Cryptography (PKC 11), pp.53-70, [3] Shulan Wang, Junwei Zhou, Josph K. Liu, et al. An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing. IEEE Transactions on Information Forensics and Secu- rity, vol.11, no.6, pp , [4] A. Balu, K. Kuppusamy. An expressive and provably secure ciphertext-policy attribute-based encryption. Information Sciences, vol. 276, pp , Aug [5] H. Kwon, D. Kim, C. Hahn, et al. Security authentication using ciphertext policy attribute- based encryption in mobile multi-hopm networks. Multimedia Tools and Applications, vol.75, pp.1-15, [6] V. Goyal, A. Jain, O. Pandey, A. Sahai, Bounded ciphertext policy attribute based encryption. Proceedings of the 35th International Colloquium (ICALP 08). Lecture Notes in Computer Science, vol Springer, pp , [7] M. Chase. Multi-authority attribute based encryption. Proceedings of Cryptography Conference on Theory of Cryptography (TCC 07), Amsterdam, Springer Berlin Heidelberg, pp , [8] A Lewko and B. Waters. Decentralizing attribute- based encryption. Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, pp ,2011.

7