Record No.

:
Revision:

Pimpri Chinchwad Education Trusts

Date:

Pimpri Chinchwad College of Engineering

Project Synopsis
Department: Computer
Year: B.E
Div: C

Academic Year: 2016 -2017

Semester: I
Date: /07/2016

Project Title: A secure data self-destructing scheme in cloud computing

Project Domain:

Cloud Computing

Team Members:
Sr.
No.

Name

Mail-id

Contact No.

1.

Navnath S. Bhosale

bhosalen4495@gmail.com 8177877802

2.

Sumeet S Karn

sumeetkarn.695@gmail.co 7709002708
m

3.

Sunil P Moosad

sunilpm88@gmail.com

8793850374

4.

Mayur D Pare

mpare00@gmail.com

8796270068

Signature

Sponsorship if
any:_____________________________________________________________
Name of External Guide(if any)
________________________________________________
Objective/Aim:
This paper aims to identify, taxonomically classify, and systematically compare existing
research on cloud migration.
Implement a novel solution called key -policy attribute based encryption with time-specified
attributes (KP-TSABE) scheme to address these problems.

KP-TSABE is able to implement fine-grained access control during the authorization period
and to make the sensitive data self-destruction after expiration without any human
intervention.
KP-TSABE is proven to be secure under the standard model by using the l-bilinear DiffieHellman inversion assumption.
Each data item is associated with a set of attributes and Every attribute is associated with a
specification of time interval
To support scalable and efficient privacy preserving public storage auditing in cloud.
Abstract:
The Cloud Computing is use for large amount of storage data, but the main drawback is
security and privacy of data in cloud computing. So this problem solve by using the Key
Policy-Time specified Attribute based encryption(KP- TSABE),secure data self-destructing
scheme in cloud computing. In the KP-TSABE scheme, Each of the ciphertext are labeled
with a time interval in that period of time private key is associated with a time instant. The
KP-TSABE is solve some of the important security problems by supporting user-defined
authorization period and by providing fine-grained access control during that period. The
private data will be securely self-destructed after a user-specified expiration time.

Related Work: <Specify papers and short description>

A multi-authority system is presented in which each user has an ID and they can interact with
each key generator (authority) using different pseudonyms. One users different pseudonyms
are tied to his private key, but key generators never know about the private keys, and thus
they are not able to link multiple pseudonyms belonging to the same user. Also, the whole
attributes set is divided into N disjoint sets and managed by N attributes authorities. In this
setting, each authority knows only a part of any users attributes, which are not enough to
figure out the users identity. However, the scheme proposed by Chase et al. [6] considered
the basic threshold-based KP-ABE, which lacks generality in the encryption policy
expression. Many attribute based encryption schemes having multiple authorities have been
proposed afterwards [7][10], but they either also employ a threshold-based ABE [7], or have
a semi-honest central authority [8][10], or cannot tolerate arbitrarily many users collusion
attack [7].
The work by Lewko et al. [11] and Muller et al. [12] are the most similar ones to ours in that
they also tried to decentralize the central authority in the CP-ABE into multiple ones. Lewko
et al. use a LSSS matrix as an access structure, but their scheme only converts the AND, OR
gates to the LSSS matrix, which limits their encryption policy to boolean formula, while we
inherit the flexibility of the access tree having threshold gates. Muller et al. also supports only
isjunctive Normal Form (DNF) in their encryption policy. Besides the fact that we can
express arbitrarily general encryption policy, our system also tolerates the compromise attack
towards attributes authorities, which is not covered in many existing works.

Recently, there also appeared traceable multi-authority ABE [13] and [14], which are on the
opposite direction of ours. Those schemes introduce accountability such that malicious users
keys can be traced. On the other hand, similar direction as ours can be found in [15][17],
who try to hide encryption policy in the ciphertexts, but their solutions do not prevent the
attribute disclosure in the key generation phase. To some extent, these three works and ours
complement each other in the sense that the combination of these two types protection will
lead to a completely anonymous ABE.

Innovative concept and relevance of the topic:

In this paper, we propose a KP-TSABE scheme, which is a novel secure selfdestructing scheme for data sharing in cloud computing. We first introduce the notion
of KP-TSABE, formalize the model of KP-TSABE and give the security model of it.
Then, we give a specific construction method about the scheme. Finally, prove that the
KP-TSABE scheme is secure.
Especially, KP-TSABE has the following advantages with regard to security and
fine-grained access control compared to other secure self-destructing schemes.
1) KP-TSABE supports the function of user-defined authorization period and ensures
that the sensitive data cannot be read both before its desired release time and after
its expiration.
2) KP-TSABE does not require the ideal assump-tion of No attacks on VDO before it
expires.
3) KP-TSABE is able to implement fine-grained access control during the
authorization period and to make the sensitive data self-destruction after expiration
without any human intervention.
4) KP-TSABE is proven to be secure under the standard model by using the l-bilinear
Diffie-Hellman inversion assumption.

Market potential and competitive advantage:

1) Encryption with time constraint.

2) Fine-grained access control during the authorization Period
3) Data self-destruction after expiration

Once the current time instant tx becomes after the threshold value of the valid
time interval tR,

The user cannot obtain the true private key SK.

Therefore, the cyphertext CT is not able to be decrypted in polynomial time.

This facilitates the self-destruction of the shared data after expiration.

Project Objective: Industry/ Product/ Research/Societal

we present a semi-anonymous privilege control scheme AnonyControl to address not only the
data privacy, but also the user identity privacy in existing access control schemes.
AnonyControl decentralizes the central authority to limit the identity leakage and thus
achieves semianonymity. Besides, it also generalizes the file access control to the privilege
control, by which privileges of all operations on the cloud data can be managed in a finegrained manner. Subsequently, we present the AnonyControl-F, which fully prevents the
identity leakage and achieve the full anonymity. Our security analysis shows that both
AnonyControl and AnonyControl-F are secure under the decisional bilinear DiffieHellman
assumption, and our performance evaluation exhibits the feasibility of our schemes.

Technical Details (Platform and languages):

Programming Language

JAVA

Java Platform

J2SE,J2EE

Client side Technology

HTMl, Bootstrap, Js

Server side Technology

JSP, Servlet

Technical Key Words (Ref ACM Keywords) :

Anonymity, multi-authority, attribute-based encryption
Relevant mathematical models associated with the Project
In this section, some preliminaries related to bilinear maps, complexity assumptions
and access structure are presented.
4.1 Bilinear Maps

Let G and G be two multiplicative cyclic groups with big prime order p. Let g be a
generator of G. Let e be a bilinear map e: G G G with the following properties:
1) Bilinearity: For

all u, v G

and

a,

Zp,

the

equation

holds.

2) Non-degeneracy: e (g, g)

1.

3) Computability: There exists an efficient algorithm to compute bilinear map

e : G G G.
4.2 Bilinear Diffie-Hellman Inversion (BDHI) Assumption
In order to prove the security of the KP-TSABE scheme, we introduce l-BDHI
assumption used. The l-BDHI problem in G is as follows: Given g, h and
= 1, 2, , l as input for some unknown random y
whether

in G for i

output W G to decide

. We say that

a polynomial-time adversary A has advantage in solving the decisional l-BDHI

problem (G, G) if:
|Pr[A(g, h,y, e(g, h)yl+1 ) = 0]Pr[A(g, h,y, e(g, h)z) = 0]|
where the probability is taken over random y, z and the random bits consumed by A.
Definition 1. Lets say the (t, )-l-BDHI assumption holds in (G, G) if no t-time
algorithm has the probability at least in solving the l-BDHI problem for nonnegligible .
Access structure and access tree
Access structure
Definition 2 (Access

structure). Let {P1, P2, ,Pn} be a set of parties. A

collection A 2{P1; ;Pn} is monotone if B, C: if B A and B C then C A.

An access structure (respectively, monotonic access structure) is a collection
(respectively, monotone collection) Aof non-empty subsets of {P1, P2 , Pn}, i.e.,

A 2{P1; ;Pn}\{}. The sets in A are called the authorized sets, and the sets not in
A are called the unauthorized sets.
4.3.2 Access tree with time-specific attributes
Let denote as an access tree. Each non-leaf node of the tree represents a
threshold gate, described by a threshold value and its children. If numx is the number of
children of a node x and kx is its threshold value, then 0 <kx<numx holds. The threshold
gate is an OR gate when threshold value kx = 1. If threshold value of node x satisfied
kx=numx, it is an AND gate. Each leaf node x of the tree is associated with a time
instanttx. Ifthe tx belongs to a time interval [tL;x, tR;x], which is associated with the
corresponding attribute x in the ciphertext, we let value kx = 1.

Some functions are defined in order to facilitate dealing with . In , the

function parent(x) is rep-resented as the parent of the node x. The component of
attributes is associated with the leaf node x in . also defines an ordering between the
children of a node which are numbered from 1 to num. The function index(x) returns
such a number associated with the node x, where the index values are uniquely
allocated to nodes in for a given key.

In the following we will describe how to satisfy an access tree with attributes
and time constraints.
Let be a Let be a with root r. x is represented as the subtree of with the root
node at x. For the root r of , we denote r. If a set of attributes S satises x, we denote
it as x(S) = 1. x(S) is calculated recursively as follows: If x is a non-leaf node,
evaluate x(S) for all children x of the node x. x(S) returns 1 if and only if at least kx
children return 1. If x is a node belongs to the last layer from bottom, then x(S) returns
1 if and only if the current time instant t x associated with leaf node (attribute) in the
access tree belongs to time interval [tL,x,tR,x] associatedwiththecorresponding attribute x
in the ciphertext, that is t x[tL,x,tR,x] with root r. x is represented as the subtree of
with the root node at x. For the root r of , we denote r. If a set of attributes S satises
x, we denote it as x(S) = 1. x(S) is calculated recursively as follows: If x is a nonleaf
node, evaluate x(S) for all children x of the node x.x(S) returns 1 if and only if at
least kx children return 1. If x is a node belongs to the last layer from bottom, then x(S)

returns 1 if and only if the current time instant t x associated with leaf node (attribute) in
the access tree belongs to time interval [tL,x,tR,x] associatedwiththecorresponding
attribute x in the ciphertext, that is tx[tL,x,tR,x].

Names of the conference/journal where paper is submitted/published/accepted

List of Conference/Journal Papers supporting project idea:

(at least 10 papers + white papers or web references)

Plan of project execution

1) System setup
In the system initialization phase, a data owner chooses a large security
parameter and attribute universe U, and invokes the algorithm Setup(1 , U) belonging
to the algorithm level to generate system parameters params and master key MSK.

2) Encryption with time constraint

The data owner chooses an attribute set S for the shared message M and defines
a time interval set TS for S. Then, the data owner invokes the algorithm Encrypt(M,
params, S, TS ) to encrypt M to its ciphertext CT, which is associated with the set S and
TS . Finally, CT is sent to cloud servers.

3) Fine-grained access control during the authorization period

When a user wants to access the shared data M during its authorization period,
he must pass the identity authentication and should perform the following processes:

Firstly, the current time instant tx is provided by the time server with tx T , which is
associated with each attribute x. If T TS and the attribute set of the user matches the
access tree . Then, the Authority runs the algorithm KeyGen (MSK, , T ) to generate
the private key SK and sends it to the user. Once the user received the SK, he will
getthe CT from the cloud servers and invokes the algorithm Decrypt (CT, SK) to
decrypt CT to obtain the shared data M.

Because each attribute x is associated with a current time instant t x, if and only if tx
TS and attribute set matches , the user can obtain the correct private key SK to decrypt
CT. Therefore, the KP-TSABE scheme allows for extremely flexible implementation of
fine-grained access control through combining different attributes with corresponding
time intervals.

4) Data self-destruction after expiration

Once the current time instant tx becomes after the threshold value (expiration
time) of the valid time interval t R,s,the user cannot obtain the true private key SK.
Therefore, the cyphertext CT is not able to be decrypted in polynomial time, facilitating
the self-destruction of the shared data after expiration.

Paper Referred:
[1] A. Shamir, Identity-based cryptosystems and signature schemes, in Advances in
Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 4753.
[2] A. Sahai and B. Waters, Fuzzy identity-based encryption, in Advances in Cryptology.
Berlin, Germany: Springer-Verlag, 2005, pp. 457473.
[3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for finegrained access control of encrypted data, in Proc. 13th CCS, 2006, pp. 8998.
[4] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attributebased encryption,
in Proc. IEEE SP, May 2007, pp. 321334.

[5] M. Chase, Multi-authority attribute based encryption, in Theory of Cryptography.

Berlin, Germany: Springer-Verlag, 2007, pp. 515534.
[6] M. Chase and S. S. M. Chow, Improving privacy and security in multi-authority
attribute-based encryption, in Proc. 16th CCS, 2009, pp. 121130.
[7] H. Lin, Z. Cao, X. Liang, and J. Shao, Secure threshold multi authority attribute based
encryption without a central authority, Inf. Sci., vol. 180, no. 13, pp. 26182632, 2010.
[8] V. Boovic, D. Socek, R. Steinwandt, and V. I. Villnyi, Multi-authority attributebased encryption with honest-but-curious central authority, Int. J. Comput. Math., vol. 89,
no. 3, pp. 268283, 2012.
[9] F. Li, Y. Rahulamathavan, M. Rajarajan, and R. C.-W. Phan, Low complexity multiauthority attribute based encryption scheme for mobile cloud computing, in Proc. IEEE
7th SOSE, Mar. 2013, pp. 573577.
[10] K. Yang, X. Jia, K. Ren, and B. Zhang, DAC-MACS: Effective data access control
for multi-authority cloud storage systems, in Proc. IEEE INFOCOM, Apr. 2013, pp.
28952903.
For Project Guide:
Map Program Outcomes for your project. Enter the relevant number against mapped
PO.
1: Strongly Mapped
PO

2: Moderately Mapped

\
\
\
\

Map Program Outcomes for your project. Enter the relevant number against mapped
PEO.
1: Strongly Mapped
PEO
I

2: Moderately Mapped

PEO
II

PEO
III

PEO
IV

(Name and Sign of Student(s))

(Name and signature of Project Guide)