Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
:
Revision:
Date:
Project Synopsis
Department: Computer
Year: B.E
Div: C
Semester: I
Date: /07/2016
Project Domain:
Cloud Computing
Team Members:
Sr.
No.
Name
Mail-id
Contact No.
1.
Navnath S. Bhosale
bhosalen4495@gmail.com 8177877802
2.
Sumeet S Karn
sumeetkarn.695@gmail.co 7709002708
m
3.
Sunil P Moosad
sunilpm88@gmail.com
8793850374
4.
Mayur D Pare
mpare00@gmail.com
8796270068
Signature
Sponsorship if
any:_____________________________________________________________
Name of External Guide(if any)
________________________________________________
Objective/Aim:
This paper aims to identify, taxonomically classify, and systematically compare existing
research on cloud migration.
Implement a novel solution called key -policy attribute based encryption with time-specified
attributes (KP-TSABE) scheme to address these problems.
KP-TSABE is able to implement fine-grained access control during the authorization period
and to make the sensitive data self-destruction after expiration without any human
intervention.
KP-TSABE is proven to be secure under the standard model by using the l-bilinear DiffieHellman inversion assumption.
Each data item is associated with a set of attributes and Every attribute is associated with a
specification of time interval
To support scalable and efficient privacy preserving public storage auditing in cloud.
Abstract:
The Cloud Computing is use for large amount of storage data, but the main drawback is
security and privacy of data in cloud computing. So this problem solve by using the Key
Policy-Time specified Attribute based encryption(KP- TSABE),secure data self-destructing
scheme in cloud computing. In the KP-TSABE scheme, Each of the ciphertext are labeled
with a time interval in that period of time private key is associated with a time instant. The
KP-TSABE is solve some of the important security problems by supporting user-defined
authorization period and by providing fine-grained access control during that period. The
private data will be securely self-destructed after a user-specified expiration time.
A multi-authority system is presented in which each user has an ID and they can interact with
each key generator (authority) using different pseudonyms. One users different pseudonyms
are tied to his private key, but key generators never know about the private keys, and thus
they are not able to link multiple pseudonyms belonging to the same user. Also, the whole
attributes set is divided into N disjoint sets and managed by N attributes authorities. In this
setting, each authority knows only a part of any users attributes, which are not enough to
figure out the users identity. However, the scheme proposed by Chase et al. [6] considered
the basic threshold-based KP-ABE, which lacks generality in the encryption policy
expression. Many attribute based encryption schemes having multiple authorities have been
proposed afterwards [7][10], but they either also employ a threshold-based ABE [7], or have
a semi-honest central authority [8][10], or cannot tolerate arbitrarily many users collusion
attack [7].
The work by Lewko et al. [11] and Muller et al. [12] are the most similar ones to ours in that
they also tried to decentralize the central authority in the CP-ABE into multiple ones. Lewko
et al. use a LSSS matrix as an access structure, but their scheme only converts the AND, OR
gates to the LSSS matrix, which limits their encryption policy to boolean formula, while we
inherit the flexibility of the access tree having threshold gates. Muller et al. also supports only
isjunctive Normal Form (DNF) in their encryption policy. Besides the fact that we can
express arbitrarily general encryption policy, our system also tolerates the compromise attack
towards attributes authorities, which is not covered in many existing works.
Recently, there also appeared traceable multi-authority ABE [13] and [14], which are on the
opposite direction of ours. Those schemes introduce accountability such that malicious users
keys can be traced. On the other hand, similar direction as ours can be found in [15][17],
who try to hide encryption policy in the ciphertexts, but their solutions do not prevent the
attribute disclosure in the key generation phase. To some extent, these three works and ours
complement each other in the sense that the combination of these two types protection will
lead to a completely anonymous ABE.
In this paper, we propose a KP-TSABE scheme, which is a novel secure selfdestructing scheme for data sharing in cloud computing. We first introduce the notion
of KP-TSABE, formalize the model of KP-TSABE and give the security model of it.
Then, we give a specific construction method about the scheme. Finally, prove that the
KP-TSABE scheme is secure.
Especially, KP-TSABE has the following advantages with regard to security and
fine-grained access control compared to other secure self-destructing schemes.
1) KP-TSABE supports the function of user-defined authorization period and ensures
that the sensitive data cannot be read both before its desired release time and after
its expiration.
2) KP-TSABE does not require the ideal assump-tion of No attacks on VDO before it
expires.
3) KP-TSABE is able to implement fine-grained access control during the
authorization period and to make the sensitive data self-destruction after expiration
without any human intervention.
4) KP-TSABE is proven to be secure under the standard model by using the l-bilinear
Diffie-Hellman inversion assumption.
Once the current time instant tx becomes after the threshold value of the valid
time interval tR,
JAVA
Java Platform
J2SE,J2EE
HTMl, Bootstrap, Js
JSP, Servlet
Let G and G be two multiplicative cyclic groups with big prime order p. Let g be a
generator of G. Let e be a bilinear map e: G G G with the following properties:
1) Bilinearity: For
all u, v G
and
a,
Zp,
the
equation
holds.
2) Non-degeneracy: e (g, g)
1.
in G for i
output W G to decide
. We say that
A 2{P1; ;Pn}\{}. The sets in A are called the authorized sets, and the sets not in
A are called the unauthorized sets.
4.3.2 Access tree with time-specific attributes
Let denote as an access tree. Each non-leaf node of the tree represents a
threshold gate, described by a threshold value and its children. If numx is the number of
children of a node x and kx is its threshold value, then 0 <kx<numx holds. The threshold
gate is an OR gate when threshold value kx = 1. If threshold value of node x satisfied
kx=numx, it is an AND gate. Each leaf node x of the tree is associated with a time
instanttx. Ifthe tx belongs to a time interval [tL;x, tR;x], which is associated with the
corresponding attribute x in the ciphertext, we let value kx = 1.
In the following we will describe how to satisfy an access tree with attributes
and time constraints.
Let be a Let be a with root r. x is represented as the subtree of with the root
node at x. For the root r of , we denote r. If a set of attributes S satises x, we denote
it as x(S) = 1. x(S) is calculated recursively as follows: If x is a non-leaf node,
evaluate x(S) for all children x of the node x. x(S) returns 1 if and only if at least kx
children return 1. If x is a node belongs to the last layer from bottom, then x(S) returns
1 if and only if the current time instant t x associated with leaf node (attribute) in the
access tree belongs to time interval [tL,x,tR,x] associatedwiththecorresponding attribute x
in the ciphertext, that is t x[tL,x,tR,x] with root r. x is represented as the subtree of
with the root node at x. For the root r of , we denote r. If a set of attributes S satises
x, we denote it as x(S) = 1. x(S) is calculated recursively as follows: If x is a nonleaf
node, evaluate x(S) for all children x of the node x.x(S) returns 1 if and only if at
least kx children return 1. If x is a node belongs to the last layer from bottom, then x(S)
returns 1 if and only if the current time instant t x associated with leaf node (attribute) in
the access tree belongs to time interval [tL,x,tR,x] associatedwiththecorresponding
attribute x in the ciphertext, that is tx[tL,x,tR,x].
Firstly, the current time instant tx is provided by the time server with tx T , which is
associated with each attribute x. If T TS and the attribute set of the user matches the
access tree . Then, the Authority runs the algorithm KeyGen (MSK, , T ) to generate
the private key SK and sends it to the user. Once the user received the SK, he will
getthe CT from the cloud servers and invokes the algorithm Decrypt (CT, SK) to
decrypt CT to obtain the shared data M.
Because each attribute x is associated with a current time instant t x, if and only if tx
TS and attribute set matches , the user can obtain the correct private key SK to decrypt
CT. Therefore, the KP-TSABE scheme allows for extremely flexible implementation of
fine-grained access control through combining different attributes with corresponding
time intervals.
Once the current time instant tx becomes after the threshold value (expiration
time) of the valid time interval t R,s,the user cannot obtain the true private key SK.
Therefore, the cyphertext CT is not able to be decrypted in polynomial time, facilitating
the self-destruction of the shared data after expiration.
Paper Referred:
[1] A. Shamir, Identity-based cryptosystems and signature schemes, in Advances in
Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 4753.
[2] A. Sahai and B. Waters, Fuzzy identity-based encryption, in Advances in Cryptology.
Berlin, Germany: Springer-Verlag, 2005, pp. 457473.
[3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for finegrained access control of encrypted data, in Proc. 13th CCS, 2006, pp. 8998.
[4] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attributebased encryption,
in Proc. IEEE SP, May 2007, pp. 321334.
2: Moderately Mapped
\
\
\
\
Map Program Outcomes for your project. Enter the relevant number against mapped
PEO.
1: Strongly Mapped
PEO
I
2: Moderately Mapped
PEO
II
PEO
III
PEO
IV