Volume-5, Issue-6, December-2015 International Journal of Engineering and Management Research Page Number: 210-214 Implementation of Decentralized Access Control with Anonymous Authentication in Cloud Dr. M. Sreenivasulu 1, K. Krishna Mohan 2 1 Professor & Head of Department (CSE), KSRMCE, KADAPA, INDIA 2 M.Tech (Student), KSRMCE, KADAPA, INDIA ABSTRACT Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing is a metaphor for the internet. It is a internet based computing. Heart of cloud computing is virtualization.the data stored in cloud is a very sensitive for example medical records, social records. In traditional days access control used in cloud are centralized in nature and it uses a single KDC. The project is based on decentralized access control scheme for secure data storage in clouds that maintain anonymous verification. In this project, the cloud verifies the authenticity of the series without knowing the user s identity before storing data. It provides decentralized authentication and registered users can access the data from cloud. It also has the added feature of access control in which only authorized users are able to decrypt the stored information. It supports creation, modification and reading the data stored in cloud. The communication, computation, and storage overheads are similar to centralized approaches. Keywords Cloud Computing, KDC (Key Distribution Centre), Access control, Cloud storage. I. INTRODUCTION In cloud computing, users can outsource their computation and storage to servers (also called clouds) using Internet. This frees users from the hassles of maintaining resources on-site. Clouds can provide several types of services like applications (e.g., Google Apps, Microsoft online), infrastructures (e.g., Amazon s EC2, Eucalyptus, Nimbus), and platforms to help developers write applications (e.g., Amazon ss3, Windows Azure). Much of the data stored in clouds is highly sensitive, for example, medical records and social networks. Security and privacy are thus very important issues in cloud computing. In one hand, the user should authenticate itself before initiating any transaction, and on the other hand, it must be ensured that the cloud does not tamper with the data that is outsourced. User privacy is also required so that the cloud or other users do not know the identity of the user. The cloud can hold the user accountable for the data it outsources, and likewise, the cloud is itself accountable for the services it provides. The validity of the user who stores the data is also verified. Apart from the technical solutions to ensure security and privacy, there is also a need for law enforcement. Clouds are being used to store sensitive information about patients to enable access to medical professionals, hospital staff, researchers, and policy makers. It is important to control the access of data so that only authorized users can access the data. Using ABE, the records are encrypted under some access policy and stored in the cloud. Users are given sets of attributes and corresponding keys. Only when the users have matching set of attributes, can they decrypt the information stored in the cloud. Access control in health care has been studied in [1]. Access control is also gaining importance in online social networking where users (members) store their personal information, pictures, videos and share them with selected groups of users or communities they belong to. Access control in online social networking has been studied in [2]. Such data are being stored in clouds. It is very important that only the authorized users are given access to those information. Existing work [4], [1], [3], on access control in cloud are centralized in nature. Except [4], all other schemes use attribute based encryption (ABE). The scheme uses a symmetric key approach and does not support authentication. The schemes [1], [3], do not support authentication as well. 210 Copyright 2011-15. Vandana Publications. All Rights Reserved.
Earlier work by Zhao et al. [5] provides privacy preserving authenticated access control in cloud. However, the authors take a centralized approach where a single key distribution center (KDC) distributes secret keys and attributes to all users. Unfortunately, a single KDC is not only a single point of failure but difficult to maintain because of the large number of users that are supported in a cloud environment. II. CLOUD COMPUTING Cloud Computing offers online data storage, infrastructure and application. Cloud computing is a computing paradigm, where a large pool of systems are connected in private or public networks, to provide dynamically scalable infrastructure for application, data and file storage. With the advent of this technology, the cost of computation, application hosting, content storage and delivery is reduced significantly. There isn t a single definition of cloud computing. Partly because cloud computing means different things to different people. For some, as Hakan Erdogmus [6] states in recent IEEE software magazine, cloud computing can mean everything new, cool, and trendy on the Web. Others think cloud computing as scalable Internet-based IT-services and resources. Examples of such resources are computing time and data storage. Whatever the exact definition, one feature is common to all such new technologies - a shift in the geography of computation. [6] application needs to be hosted & maintained. Today SaaS is offered by companies such as Google, Salesforce, Microsoft, Zoho, etc. 2. Platform as a Service (Paas): Here, a layer of software, or development environment is encapsulated & offered as a service, upon which other higher levels of service can be built. The customer has the freedom to build his own applications, which run on the provider s infrastructure. To meet manageability and scalability requirements of the applications, PaaS providers offer a predefined combination of OS and application servers, such as LAMP platform (Linux, Apache, MySql and PHP), restricted J2EE, Ruby etc. Google s App Engine, Force.com, etc are some of the popular PaaS examples. 3. Infrastructure as a Service (Iaas): IaaS provides basic storage and computing capabilities as standardized services over the network. Servers, storage systems, networking equipment, data centre space etc. are pooled and made available to handle workloads. The customer would typically deploy his own software on the infrastructure. Some common examples are Amazon, GoGrid, 3 Tera, etc. Fig.2.Cloud Models III. PROPOSED SYSTEM Fig.1. Structure of Cloud Computing Cloud Computing Models Cloud Providers offer services that can be grouped into three categories. 1. Software as a Service (SaaS): In this model, a complete application is offered to the customer, as a service on demand. A single instance of the service runs on the cloud & multiple end users are serviced. On the customers side, there is no need for upfront investment in servers or software licenses, while for the provider, the costs are lowered, since only a single All the approaches take a centralized approach and allow only one KDC, which is a single point of failure. Chase [8] proposed a multi-authority ABE, in which there are several KDC authorities (coordinated by a trusted authority) which distribute attributes and secret keys to users. Multi-authority ABE protocol which required no trusted authority which requires every user to have attributes from at all the KDCs. Recently, Lewko andwaters [7] proposed a fully decentralized ABE where users could have zero or more attributes from each authority and did not require a trusted server. In all these cases, decryption at user s end is computation intensive. So, this technique might be inefficient when users access using their mobile devices. To get over this problem, Green et al. proposed to outsource the decryption task to a proxy server, so that the user can compute with minimum resources (for example, hand held 211 Copyright 2011-15. Vandana Publications. All Rights Reserved.
devices). However, the presence of one proxy and one key distribution center makes it less robust than decentralized approaches. Both these approaches had no way to authenticate users, anonymously. Yang et al. presented a modification, authenticate users, who want to remain anonymous while accessing the cloud. To ensure anonymous user authentication Attribute Based Signatures were introduced by Maji et al.this was also a centralized approach. A recent scheme by the same authors [9] takes a decentralized approach and provides authentication without disclosing the identity of the users. However, as mentioned earlier in the previous section it is prone to replay attack. ARCHITECTURE 4.3 KDC setup: The proposed work based on decentralized approach. It uses several KDCs for keys management. The KDC can receive a token since the user and sees the user request (write/read). Based upon the users request the KDC provides a secret key for the purpose of encryption/decryption of information to be uploaded or retrieved. 4.4 Verify: In this phase, the user s polices are verified. It maintains user s policies and permits the user s request for performing operation on the cloud storage. 4.5. Read/Write: In this module read or write operation performed on cloud storage. When a reader wants to read some data stored in the cloud, it o decrypt it by means of the secret keys. If it has attributes matching with get back policy then decrypt the information stored in clouds. Similarly, when user sends data to the cloud, it encrypt the information using secret key and encrypted information will be saved in cloud. V. IMPLEMENTATION AND RESULTS The proposed system was implemented and provides the authentication users can access the files. It also has the added feature of access control in which only authorized users are able to decrypt the stored information. It supports creation, modification and reading the data stored in cloud. The result screens of the implemented system as shown in below figures. Fig 3. System Architecture IV. MODULES IN PROPOSED SYSTEM 1. User Registration 2. Trustee 3. KDC Setup 4. Verify 5. Read/Write MODULE DESCRIPTION 4.1 User Registration: In this module the user can register with the trustee by providing the details of user. And user saves his user name and passwords with the trustee. The trustee gives token(licence number) to the user. By using of this token, user can create and modify the data on the cloud storage. 4.2 Trustee: The trustee maintains the user details. The trustee can receives the user request since the user for generating the token. And trustee verifies the user s details like user name and password and then generates token(licence number) to the users. Fig.4. User Login Screen 212 Copyright 2011-15. Vandana Publications. All Rights Reserved.
Fig.5.Trustee generate the token Fig.8.File Upload Screen Fig.6. KDC s home page Fig.9.File details screen Fig.7.Report Showing User Keys with Response Fig.10. File download and Decryption Process Screen 213 Copyright 2011-15. Vandana Publications. All Rights Reserved.
Fig.11.Modify the Data [1] M. Li, S. Yu, K. Ren, and W. Lou, Securing personal health records in cloud computing: Patient-centric and finegrained data access control in multiowner settings, in SecureComm, pp. 89 106, 2010. [2] S. Jahid, P. Mittal, and N. Borisov, EASiER: Encryption-based access control in social networks with efficient revocation, in ACM ASIACCS, 2011. [3] S. Ruj, A. Nayak, and I. Stojmenovic, DACC: Distributed access control in clouds, in IEEE TrustCom, 2011. G. Wang, Q. Liu, and J. Wu, Hierarchical attributebased encryption for fine-grained access control in cloud storage services, in ACM CCS,, pp.735 737, 2010. [4]http://securesoftwaredev.com/2012/08/20/xacml-in-thecloud. [5] F. Zhao, T. Nishide, and K. Sakurai, Realizing finegrained and flexible access control to outsourced data with attribute-based cryptosystems, in ISPEC, ser. Lecture Notes in Computer Science, vol. 6672. Springer, pp.83 97, 2011. [6] H. Erdogmus. Cloud computing: Does Nirvana hide behind the Nebula? IEEE Software, 26(2):4 6, 2009. [7] A. B. Lewko and B. Waters, Decentralizing attributebased encryption, in EUROCRYPT, ser. Lecture Notes in Computer Science, vol. 6632. Springer, pp. 568 588, 2011. [8] M. Chase, Multi-authority attribute based encryption, in TCC, ser. Lecture Notes in Computer Science, vol. 4392. Springer, pp. 515 534, 2007. [9] Jin Li, Xiaofeng Chen, Maji et al. Attribute-based signatures, in CT-RSA, ser. Lecture Notes in Computer Science, vol. 6558. Springer, pp. 376 392, 2011. Fig.12.Reader reading the data VI. CONCLUSION In this paper, access to cloud storage have been implemented by using the decentralized approach. Instead of using single KDC (centralized approach) multiple KDCs have been used. This paper provides better security to cloud storage. The authorized users can access data stored in cloud. It also allows the users to create, modify and read the data available in cloud. It has drawback of maintaining multiple KDCs but it provides better authentication of users and security to cloud. REFERENCES 214 Copyright 2011-15. Vandana Publications. All Rights Reserved.