Secure Access Control System in Cloud using Attribute based
encryption technique
ABSTRACT:
Attribute-based encryption (ABE) is a public-keybased one-to-many encryption that
allows users to encrypt and decrypt data based on user attributes. A promising
application of ABE is flexible access control of encrypted data stored in the cloud,
using access polices and ascribed attributes associated with private keys and
ciphertexts.One of themain efficiency drawbacks of the existing ABE schemes is that
decryption involves expensive pairing operations and the number of such operations
grows with the complexity of the access policy. Recently, Green et al. proposed an
ABE system with outsourced decryption that largely eliminates the decryption
overhead for users. In such a system, a user provides an untrusted server, say a cloud
service provider, with a transformation key that allows the cloud to translate any
ABE ciphertext satisfied by that user’s attributes or access policy into a simple
ciphertext, and it only incurs a small computational overhead for the user to recover
the plaintext from the transformed ciphertext. Security of an ABE system with
outsourced decryption ensures that an adversary (including a malicious cloud) will
not be able to learn anything about the encrypted message; however, it does not
guarantee the correctness of the transformation done by the cloud. In this paper, we
consider a new requirement of ABE with outsourced decryption: verifiability.
Informally, verifiability guarantees that a user can efficiently check if the
transformation is done correctly. We give the formal model of ABE with verifiable
outsourced decryption and propose a concrete scheme. We prove that our new
scheme is both secure and verifiable, without relying on random oracles. Finally, we
show an implementation of our scheme and result of performance measurements,
which indicates a significant reduction on computing resources imposed on users.
EXISTING SYSTEM:
Green et al. proposed an ABE system with outsourced decryption that largely
eliminates the decryption overhead for users. In such a system, a user provides an
untrusted server, say a cloud service provider, with a transformation key that allows
the cloud to translate any ABE ciphertext satisfied by that user’s attributes or access
policy into a simple ciphertext, and it only incurs a small computational overhead for
the user to recover the plaintext from the transformed ciphertext.
DISADVANTAGES OF EXISTING SYSTEM:
One of the main efficiency drawbacks of the most existing ABE schemes is that
decryption is expensive for resource-limited devices due to pairing operations, and
the number of pairing operations required to decrypt a ciphertext grows with the
complexity of the access policy. At the cost of security, only proven in a weak model
(i.e., selective security), there exist several expressive ABE schemes where the
decryption algorithm only requires a constant number of pairing computations.
PROPOSED SYSTEM:
In this paper, we first modify the original model of ABE with outsourced decryption
in existing system to allow for verifiability of the transformations. After describing
the formal definition of verifiability, we propose a new ABE model and based on this
new model construct a concrete ABE scheme with verifiable outsourced decryption.
Our scheme does not rely on random oracles.
ADVANTAGES OF PROPOSED SYSTEM:
 Proposed scheme does not rely on random oracles
 The scheme substantially reduced the computation time required for resourcelimited devices to recover plaintexts.
SYSTEM ARCHITECTURE:
BLOCK DIAGRAM:
MODULES:
 System Setup Module
 New User Grant Module
 File Upload Module
 File Access Module
 User Revocation Module
MODULES DESCRIPTION:
System Setup Module:
In this module, first we develop the system module, which consists of Data Owner,
which is controlled by domain authority, next data consumer and the Cloud Service
Provider.
New User Grant Module:
When a new user wants to join the system, with the aid issues an attribute private key
to him/her based on his/her attributes. Based on the system model provided we
attempt to define an underlying primitive namely OABE with outsourced key-issuing
and decryption for realizing our access control system.
File Upload Module
In this module, we develop the file upload module process, where, When a data
owner wants to outsource and share a file with some users, he/she encrypts the file to
be uploaded under a specified attribute set (resp. access policy). Whenever a data
owner wants to create and upload a file he/she firstly defines an attribute set (resp.
access structure)
File Access Module:
In this module, we create the file access module, When a user wants to access an
outsourced file, he/she downloads ciphertext from S-CSP and decrypts it with the
help of D-CSP.
User Revocation Module:
When there is a user to be revoked, updates \affected" users' private keys with the
help of CSP, while the \affected" ciphertexts having been stored on S-CSP will be
updated as well.
ATTRIBUTE BASED ENCRYPTION:
The concept of attribute based encryption is a type of public-key encryption in
which the secret key of a user and the ciphertext are dependent about attributes. In a
system, the decryption of a cipher text is possible only if the set of attributes of the
user key matches the attributes of the cipher text. A crucial security feature of
Attribute-Based Encryption is collusion-resistance: An adversary that holds multiple
keys should only be able to access data if at least one individual key grants access.
How Keygen Takes Place:
1) Select File attribute1 – say File name
2) Convert the file name to Binary Codes
3) Select File attribute 2 – say file size
3) Convert the file size to Binary Codes
4) Perform AND Operation of File Attribute 1 and 2
5) Perform OR Operation of File Attribute 1 and 2
6) Result of AND Operation Stored as Secret Key
7) Result of OR Operation Stored as Public Key
SYSTEM CONFIGURATION:HARDWARE CONFIGURATION: Processor
 Speed
-
Pentium –IV
1.1 Ghz
 RAM
-
256 MB(min)
 Hard Disk
-
20 GB
 Key Board
-
Standard Windows Keyboard
 Mouse
-
Two or Three Button Mouse
 Monitor
-
SVGA
SOFTWARE CONFIGURATION:-
 Operating System
: Windows XP
 Programming Language
: JAVA/J2EE.
 Java Version
: JDK 1.6 & above.
 Database
: MYSQL