Decentralized Access Control with

Anonymous
Authentication of Data Stored in
Clouds
ABSTRACT
We propose a new decentralized access control scheme for secure data storage in clouds,
that supports anonymous authentication. In the proposed scheme, the cloud verifies the
authenticity of the ser without knowing the users identity before storing data. Our scheme also
has the added feature of access control in which only valid users are able to decrypt the stored
information. The scheme prevents replay attacks and supports creation, modification, and
reading data stored in the cloud. We also address user revocation. oreover, our authentication
and access control scheme is decentralized and robust, unlike other access control schemes
designed for clouds which are centralized. The communication, computation, and storage
overheads are comparable to centralized approaches.
GLOBALSOFT TECHNOLOGIES
IEEE PROJECTS & SOFTWARE DEVELOPMENTS
IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE
BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS
CELL: +91 9!9" #9$"% +91 99&&' #"(% +91 9!9" "(9$% +91 9($1! !$!$1
V)*)+: ,,,-.)/012304546738+*-649 M0)1 +6:)333.)/01*3:546738+*;9:0)1-86:
GLOBALSOFT TECHNOLOGIES
IEEE PROJECTS & SOFTWARE DEVELOPMENTS
IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE
BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS
CELL: +91 9!9" #9$"% +91 99&&' #"(% +91 9!9" "(9$% +91 9($1! !$!$1
V)*)+: ,,,-.)/012304546738+*-649 M0)1 +6:)333.)/01*3:546738+*;9:0)1-86:
Existing System
!"isting work on access control in cloud are centralized in nature. !"cept and , all other
schemes use attribute based encryption #$%!&. The scheme in uses a symmetric key approach
and does not support authentication. The schemes do not support authentication as well. !arlier
work by 'hao et al. provides privacy preserving authenticated access control in cloud. (owever,
the authors take a centralized approach where a single key distribution center #)*+& distributes
secret keys and attributes to all users. ,nfortunately, a single )*+ is not only a single point of
failure but difficult to maintain because of the large number of users that are supported in a cloud
environment. We, therefore, emphasize that clouds should take a decentralized approach while
distributing secret keys and attributes to users. It is also -uite natural for clouds to have many
)*+s in different locations in the world.
Disadvantage:
$ single )*+ is not only a single point of failure but difficult to maintain because of the
large number of users that are supported in a cloud environment
Proposed System:
proposed a decentralized approach, their techni-ue does not authenticate users, who want
to remain anonymous while accessing the cloud. In an earlier work, .u/ et al. proposed a
distributed access control mechanism in clouds. (owever, the scheme did not provide user
authentication. The other drawback was that a user can create and store a file and other users can
only read the file. Write access was not permitted to users other than the creator. In the
preliminary version of this paper, we e"tend our previous work with added features which
enables to authenticate the validity of the message without revealing the identity of the user who
has stored information in the cloud. In this version we also address user revocation. We use
attribute based signature scheme to achieve authenticity and privacy.
Advantages:
we e"tend our previous work with added features which enables to authenticate the
validity of the message without revealing the identity of the user who has stored information in
the cloud.
Architecture:
MOD!ES0
"# System Initialization.
$# ,ser .egistration#
%# KDC setup.
&# $ttribute generation.
'# 1ign.
(# 2erify.
Modules Description
"# System Initialization
1elect a prime -, and groups 34 and 35, which are of order -. We define the mapping 6e 7
34 834 9 35. :et g4, g5 be generators of 34 and h/ be generators of 35, for / ;tma"<, for
arbitrary tma". :et ( be a hash function. :et $= > ha= = , where a= ' - is chosen at random.
#T1ig,T2 er& mean T1ig is the private key with which a message is signed and T2 er is the
public key used for verification. The secret key for the trustee is T1) > #a=, T1ig& and public key
is T?) > #34,35,(, g4,$=, h=, h4, . . . , htma", g5, T2 er&.
$# ,ser .egistration
@or a user with identity ,u the )*+ draws at random )base 3. :et )= > )4Aa= base .
The following token B is output B > #u,)base,)=, C&, where C is signature on uDD)base using the
signing key T1ig.
%# KDC setup
We emphasize that clouds should take a decentralized approach while distributing secret
keys and attributes to users. It is also -uite natural for clouds to have many )*+s in different
locations in the world. The architecture is decentralized, meaning that there can be several )*+s
for key management.
&# $ttribute generation
The token verification algorithm verifies the signature contained in B using the signature
verification key T2 er in T?). This algorithm e"tracts )base from B using #a, b& from $1);i<
and computes )" > )4A#aEb"& base , " F;i, u<. The key )" can be checked for consistency
using algorithm $%1.)ey+heck#T?),$?);i<, B,)"&, which checks 6e#)",$i/%" i/& > 6e#)base,
h/&, for all " F;i, u< and / ;tma"<.
'# 1ign
The access policy decides who can access the data stored in the cloud. The creator
decides on a claim policy G, to prove her authenticity and signs the message under this claim.
The cipherte"t + with signature is c, and is sent to the cloud. The cloud verifies the signature and
stores the cipherte"t +. When a reader wants to read, the cloud sends +. If the user has attributes
matching with access policy, it can decrypt and get back original message.
(# 2erify
The verification process to the cloud, it relieves the individual users from time consuming
verifications. When a reader wants to read some data stored in the cloud, it tries to decrypt it
using the secret keys it receives from the )*+s.
System Configuration:-
H/W System Configuration:-
Processor - Pentium III
1peed H 4.4 3hz
.$ H 5IJ % #min&
(ard *isk H 5= 3%
@loppy *rive H 4.KK %
)ey %oard H 1tandard Windows )eyboard
ouse H Two or Three %utton ouse
onitor H 123$
S/W System Configuration:-
Operating 1ystem 7WindowsLIALMA5===AN?
$pplication 1erver 7 TomcatI.=AJ.N
@ront !nd 7 (T:, Fava, Fsp
1cripts 7 Fava1cript.
1erver side 1cript 7 Fava 1erver ?ages.
*atabase 7 ys-l
*atabase +onnectivity 7 F*%+.
CONCLUSION
We have presented a decentralized access control techni-ue with anonymous
authentication, which provides user revocation and prevents replay attacks. The cloud does not
know the identity of the user who stores information, but only verifies the users credentials. )ey
distribution is done in a decentralized way. One limitation is that the cloud knows the access
policy for each record stored in the cloud.