ATTRIBUTE-BASED DATA SHARING SCHEME

REVISITED IN CLOUD COMPUTING

Sai prateek reddy 4th Year
B.Tech, Computer Science and
Engineering,
SRM Institute of Science and
Technology, Chennai, India
Yalavarthi Sree Sai Ganesh 4th
year B.Tech, Computer and
Science and Engineering, SRM
Institute of Science and
Technology, Chennai, India
Dr.S.Selvakumar, Computer
Science and Engineering
Assistant Professor in SRM
Institute of Science and
Technology, Chennai, India

Abstract:

Cipher-text-policy attribute-based expression from binary to arbitrary state,

encryption (CP-ABE) is a very promising
encryption technique for secure data
sharing in the context of cloud
computing. Data owner is allowed to
fully control the access policy
associated with his data which to be
shared. However, CP-ABE is limited to a
potential security risk that is known as
key escrow problem, whereby the secret
keys of users have to be issued by a
trusted key authority. Besides, most of
the existing CP-ABE schemes cannot
support attribute with arbitrary state. In
this paper, we revisit attribute-based
data sharing scheme in order to solve
the key escrow issue but also improve
the expressiveness of attribute, so that
the resulting scheme is more friendly to
cloud computing applications. We
propose an improved two-party key
issuing protocol that can guarantee that
neither key authority nor cloud service
provider can compromise the whole
secret key of a user individually.
Moreover, we introduce the concept of
attribute with weight, being provided to
enhance the expression of attribute,
which can not only extend the
but also lighten the complexity of access
policy. Therefore, both storage cost and
encryption complexity for a cipher text
are relieved. The performance analysis
and the security proof show that the
proposed scheme is able to achieve
efficient and secure data sharing in
cloud computing.
I. Introduction
CLOUD computing is main purpose of data
storing and retrieving data in data owners or
users so data owners upload some sensitive
data’s in cloud so only valid user retrieve the
data so we design attribute based data
searching in cloud computing, become a
research hot-spot due to its distinguished
long-list advantages (e.g. convenience, high
scalability). One of the most promising cloud
computing applications is on-line data
sharing, such as photo sharing in On-line
Social Networks among more than one
billion users and on-line health record
system. A data owner (DO) is usually willing
to store large amounts of data in cloud for describe binary state over attribute, In this
saving the cost on local data management. paper, the weighted attribute is introduced to
Without any data protection mechanism, not only extend attribute expression from
cloud service provider (CSP), however, can binary to arbitrary state, but also to simplify
fully gain access to all data of the user. This access policy. Thus, the storage cost and
brings a potential security risk to the user, encryption cost for a ciphertext can be
since CSP may compromise the data for relieved.
commercial benefits. Accordingly, how to
II. Present System
securely and efficiently share user data is
one of the toughest challenges in the The existing pairing-based ABE schemes the
scenario of cloud computing. Ciphertext- number of pairing operations to decrypt a
policy attribute-based encryption (CP-ABE), ciphertext is linear to the complexity of the
has turned to be an important encryption access policy. It would be a significant
technology to tackle the challenge of secure challenge for users to complete the
data sharing. In a CP-ABE, user’s secret key decryption independently on resource-
is described by an attribute set, and constrained devices, e.g., mobile phones. In
ciphertext is associated with an access order to reduce the number of pairing
structure. DO is allowed to define access operations for users when executing the
structure over the universe of attributes. A decryption algorithm, considered
user can decrypt a given ciphertext only if outsourcing the heavy computation of
his/her attribute set matches the access decryption to a third-party service, which
structure over the ciphertext. Employing a helps to implement “thin clients”. Existing
CP-ABE system directly into a cloud pairing-based AB-KEMs (KP or CP) satisfy
application that may yield some open the property of multiplicative homomorphism.
problems. Firstly, all users’ secret keys need Thus, our technique can be applied to most
to be issued by a fully trusted key authority existing AB-KEMs in both KP and CP
(KA). This brings a security risk that is known settings.

as key escrow problem. By knowing the

secret key of a system user, the KA can
III. Proposed System
decrypt all the user’s ciphertexts, which
stands in total against to the will of the user. A more efficient and generic construction of
Secondly, the expressiveness of attribute set ABE with verifiable outsourced decryption
is another concern. As far as we know, most based on an attribute based key
of the existing CP-ABE schemes can only encapsulation mechanism, a symmetric-key
encryption scheme and a commitment transform for the actual secret key to achieve
scheme. Then, we prove the security and the outsourcing the decryption. In fact, the
verification soundness of our constructed transform we used here may be thought as a
ABE scheme in the standard model. subclass of all-or-nothing transforms
According to the cipher text associated with (AONTs).
an access policy or containing a set of
attributes, ABE schemes are divided into two
kinds: cipher text policy (CP) ABE and key-
policy(KP) ABE. We revisit ABE with
verifiable outsourced decryption (VO-ABE),
and try to solve these problems. We first
present a generic construction of VO-ABE,
based on an attribute-based key
Proposed framework of the Data Sharing Scheme .
encapsulation mechanism. An appropriate

IV. Literature Survey and how to process a huge amount of data

received from these devices. Cloud
In this section various methods of cloud
computing, a technology that provides
security and other schemes are surveyed.
computational resources on demands, is a
good candidate to address these challenges

2.1 A secure cloud computing based since it has several good properties such as

framework for big data information energy saving, cost saving, agility,

management of smart grid scalability, and flexibility. In this paper, we

propose a secure cloud computing based
Smart grid is a technological innovation that
framework for big data information
improves efficiency, reliability, economics,
management in smart grids, which we call
and sustainability of electricity services. It
“Smart-Frame.” The main idea of our
plays a crucial role in modern energy
framework is to build a hierarchical structure
infrastructure. The main challenges of smart
of cloud computing centers to provide
grids, however, are how to manage different
different types of computing services for
types of front-end intelligent devices such as
information management and big data
power assets and smart meters efficiently;
analysis. In addition to this structural
framework, we present a security solution which semi-trustable on-line proxy servers
based on identity-based encryption, are available.
signature and proxy re-encryption to address
2.3 Randomizable proofs and delegatable
critical security issues of the proposed
anonymous credentials
framework.
Access control is one of the most
2.2 An expressive and provably secure
fundamental problems in security. We
cipher text-policy attribute-based
frequently need to answer the question: does
encryption
the person requesting access to a resource
Data access control is an effective way to possess the required credentials? A
ensure the data security in the cloud. credential typically consists of a certification
However, due to data outsourcing and chain rooted at some authority responsible
untrusted cloud servers, the data access for managing access to the resource and
control becomes a challenging issue in cloud ending at the public key of the user in
storage systems. In a multi-authority question. The user presents the credential
Attribute Based Encryption scheme, multiple and demonstrates that he knows the
attribute-authorities monitor different sets of corresponding secret key. Sometimes, the
attributes and issue corresponding trusted authority issues certificates directly to
decryption keys to users, and encryptors can each user (so the length of each certification
require that a user obtain keys for chain is More often, the authority delegates
appropriate attributes from each authority responsibility. A system administrator allows
before decrypting a message. Ciphertext- several webmasters to use his server. A
Policy Attribute Based Encryption (CP-ABE) webmaster can create several forums, with
is a promising cryptographic primitive for different moderators for each forum.
fine-grained access control of shared data. In Moderators approve some messages, reject
CP-ABE, each user is associated with a set others, and even give favored users
of attributes and data are encrypted with unlimited posting privileges. Imagine the
access structures on attributes. A user is burden on the system administrator if he had
able to decrypt a ciphertext if and only if his to approve every single moderator and user
attributes satisfy the ciphertext access for every single forum. We want
structure. An important issue of attribute cryptographic credentials to follow the same
revocation is cumbersome for CP-ABE delegation model as access control follows in
schemes. This challenging issue is the real world. The system administrator can
considering by more practical scenarios in use his public key to sign a webmaster’s
public key, creating a credential of length 1.
In general, a user with a level L credential
can sign another user’s public key and give
him his credential chain, to create a level L +
1 credential.
2.4 Ciphertext-policy attributebased
encryption
In several distributed systems a user should
only be able to access data if a user posses
a certain set of credentials or attributes.
Currently, the only method for enforcing such
policies is to employ a trusted server to store
the data and mediate access control.
However, if any server storing the data is
compromised, then the confidentiality of the
data will be compromised. In this paper we
present a system for realizing complex
access control on encrypted data that we call
ciphertext-policy attribute-based encryption.
By using our techniques encrypted data can
be kept confidential even if the storage
server is untrusted; moreover, our methods
are secure against collusion attacks.
Previous attribute-based encryption systems
used attributes to describe the encrypted
data and built policies into user's keys; while
in our system attributes are used to describe
a user's credentials, and a party encrypting
data determines a policy for who can decrypt.
Thus, our methods are conceptually closer to
traditional access control methods such as
role-based access control (RBAC). In
addition, we provide an implementation of
our system and give performance
measurements.
2.5 Provably secure ciphertext policy
ABE
In ciphertext policy attribute-based
encryption (CP-ABE), every secret key is
associated with a set of attributes, and every
ciphertext is associated with an access
structure on attributes. Decryption is enabled
if and only if the user’s attribute set satisfies
the ciphertext access structure. This
provides fine-grained access control on
shared data in many practical settings, e.g.,
secure database and IP multicast. In this
paper, we study CP-ABE schemes in which
access structures are AND gates on positive
and negative attributes. Our basic scheme is
proven to be chosen plaintext (CPA) secure
under the decisional bilinear Diffie-Hellman
(DBDH) assumption. We then apply the
Canetti-HaleviKatz technique to obtain a
chosen ciphertext (CCA) secure extension
using one-time signatures. The security
proof is a reduction to the DBDH assumption
and the strong existential unforgeability of
the signature primitive. In addition, we
introduce hierarchical attributes to optimize
our basic scheme—reducing both ciphertext
size and encryption/decryption time while
maintaining CPA security. We conclude with
a discussion of practical applications of CP-
ABE.
V. REFERENCES [7] M. Chase and S. S. Chow. Improving
privacy and security in multiauthority
[1] J. Baek, Q. H. Vu, J. K. Liu, X. Huang, and
attribute-based encryption. Proceedings of
Y. Xiang. A secure cloud computing based
the 16th ACM Conference on Computer and
framework for big data information
Communications Security, pages 121–130,
management of smart grid. IEEE
2009.
Transactions on Cloud Computing,
3(2):233–244, 2015. [8] L. Cheung and C. Newport. Provably
secure ciphertext policy ABE. Proceedings of
[2] A. Balu and K. Kuppusamy. An
the 14th ACM conference on Computer and
expressive and provably secure ciphertext-
communications security, pages 456–465,
policy attribute-based encryption.
2007.
Information Sciences, 276(4):354–362,
2014. [9] S. S. Chow. Removing escrow from
identity-based encryption. Proceedings of
[3] M. Belenkiy, J. Camenisch, M. Chase, M.
the 12th International Conference on
Kohlweiss, A. Lysyanskaya, and H.
Practice and Theory in Public Key
Shacham. Randomizable proofs and
Cryptography, pages 256–276, 2009.
delegatable anonymous credentials.
Proceedings of the 29th Annual International [10] C. K. Chu, W. T. Zhu, J. Han, J. K. Liu,
Cryptology Conference, pages 108–125, J. Xu, and J. Zhou. Security concerns in
2009. popular cloud storage services. IEEE
Pervasive Computing, 12(4):50–57, 2013.
[4] J. Bethencourt, A. Sahai, and B. Waters.
[11] A. De Caro and V. Iovino. JPBC: java
Ciphertext-policy attributebased encryption.
pairing based cryptography. IEEE
IEEE Symposium on Security and Privacy,
Symposium on Computers and
pages 321–334, 2007.
Communications, 22(3):850–855, 2011.
[5] D. Boneh, B. Lynn, and H. Shacham.
[12] H. Deng, Q. Wu, B. Qin, J. Domingo-
Short signatures from the weil pairing.
Ferrer, L. Zhang, J. Liu, and W. Shi.
Journal of Cryptology, 17(4):297–319, 2001.
Ciphertext-policy hierarchical attribute-
[6] M. Chase. Multi-authority attribute based based encryption with short ciphertexts.
encryption. Proceedings of the 4th Information Sciences, 275(11):370–384,
Conference on Theory of Cryptography, 2014.
pages 515–534, 2007.
[13] C. Fan, S. Huang, and H. Rung.
Arbitrary-state attribute-based encryption
with dynamic membership. IEEE [15] J. Hur. Improving security and efficiency
Transactions on Computers, 63(8):1951– in attribute-based data sharing. IEEE
1961, 2014. [14] V. Goyal, O. Pandey, A. Transactions on Knowledge and Data
Sahai, and B. Waters. Attribute-based Engineering, 25(10):2271– 2282, 2013.
encryption for fine-grained access control of
encrypted data. Proceedings of the 13th
ACM conference on Computer and
communications security, pages 89–98,
2006.