International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 13 - Apr 2014
Managing Privacy Retaining Entrust Admission in
Public Clouds
Sayara Khanum1, Prof.Prabhakar A2
1
PG Student & Computer science and engineering & VTU
CIT, Gubbi, Karnataka, India
2
Professor & Information Science and Engineering& VTU
CIT, Gubbi, Karnataka, India
Abstract— The data stored in the cloud is very confidential. So
before storing the data in cloud Platform high secured
encryption technologies are used. Present day’s Data owner plays
a major role in maintaining privacy of data. He Performs
encryption of data, Uploading of data and re-encrypting the data
if any change happens to the data. Data owner has all burdens.
To reduce Data owner Burden we are Proposing a Two cover
Scheme, Where we Share Burden of owner with Cloud. Burden
is reduced by dividing the ACP’s(Policy breakdown) among
owner and cloud. Encryption is performed twice, one at owner
side and other at cloud side. Our scheme Preserves
Confidentiality of data by Preserving Identity of user by
Providing Unique tokens.
Keywords— Confidential, Identity, Cloud Computing, Policy
Breakdown, Encryption, Tokens.
I. INTRODUCTION
Cloud storage is Network of storage system. In virtualized
pools data is stored. Cloud technology is a third party storage
system, so every User will be concerned about Security and
Privacy of his data. To Provide Security and Privacy to User
data Encryption is Used. To enforce the access control
policies (ACPs) just conventional encryption methods are not
sufficient. Many organizations today using ACPs to provide
data to users. It is done by using access control languages such
as XACML. This Technology named as to as attribute-based
access control (ABAC). It assures the data security and
privacy.
How data will get stored in cloud is depicted in the below
Figure 1.It is old technique. Encryption is used to protect
access Control of the Data [8],[9]. Users will Get Different
Symmetric Key for Group of data. This approach has its own
limitations.
o
User Revocation is Very Difficult since owner does
keep a copy of data.
ISSN: 2231-5381
o
o
Issuing new key is difficult since owner has to
communicate with user.
The privacy of the identity attributes is not protected.
Another Method Used to Store data in cloud is single cover
scheme, here also all encryption, user revocation is done by
owner itself. It causes Performance bottleneck.
In this paper we are using two cover Encryption scheme,
which overcome the demerits of above approach. This
approach going to perform encryption twice. One at the owner
side which we can call it as first cover encryption and other at
the cloud side is termed as second cover encryption. Other
most important part of this technology is Policy Breakdown.
Policies which are used to protect the user identification are
divided in to two half between cloud and owner. It is very
challenging task because we need to get back the policy while
decrypting the data.
User has to get registered with IDP, which provides identity
tokens to the user, then the user has to register with the owner
and cloud with that tokens. Users are uniquely identified with
that token.
In Two cover scheme updating is easier. Changes are
occurred to the data then we need to change the cloud part
encryption only,This reduces the burden on data owner.It is
possible because owner manages only limited attributes and
cloud is given more attributes while breakdown of
policies.Data owner need not create communication path with
user all time. It improves the performance while compared to
previous approach. This approach maintains the Privacy of
data and identity of user with highly securely manner.
In this approach actual keys of encryption are not given to
the user,Instead of that secret to that key is given. Now days
data hackers are more the keys of encryption can be easily got,
to provide the security to the keys secrets are provided. By
using that Secrets user can arrive at the key and can decrypt
the data from cloud. User will get two secrets in two cover
scheme, one from owner and other from cloud .User has to
decrypt the file twice two arrive at original data.
II. RELATED WORK
In this section of paper we introduce to Basic Encryption
Technique, encryption by broadcasting to show how
broadcasting the data to user is done. Attribute Based Group
http://www.ijettjournal.org
Page 601
International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 13 - Apr 2014
Key Management to preserve privacy to describe the how data
is distributed to group of users. Then the overview of Single
cover Encryption is given..
A.
Encryption
It is the method of translating the data into an undisclosed
code. Encryption is the more attractive technique to gain data
security. Normal data is called plain text; Coded data is
referred to as cipher text. It can be classifies into two types:
Encryption by asymmetric mode and Encryption by
symmetric mode [1] [2].
Encryption by Broadcasting
The efficient way of encrypting a message and
transmitting it to group of user is solved by encrypting by
broadcasting [3]. The user’s subset can change at run time.
The set of new users are called a revoked user(R). All revoked
users cannot get the access right. Only the Authorized users
will get the access right. If any user removed from the access
group then he should not get the accessibility. A subset-cover
algorithm that supports broadcast encryption. Binary tree is
built by this algorithm and users are attached to leaf nodes.
Grouping of users is defined. Each group is termed as subset.
A user can belong to many groups, here authority is
maintained in such a way that only authorised user can access
it. For each authorized users a cover is created. Each user is
belonged to only one subset.
Fig 2 : Single Cover Encryption
B.
III. OVERVIEW
In this section the solution to the problem more burden on
the Owner is presented. Here we are going to delegate the
some of the responsibility of owner to the cloud. The Two
Cover system also contain Four entities,Owner, user,IDP and
cloud. In Single Cover Encryption owner going to handle the
ACP’s.Where In TCE Both Owner and cloud manages the
ACP’s. By doing this obviously the burden on owner will get
reduced.Here the encryption of data is done twice,one at
owner side and other at cloud side.Dynamic changes are
handled by the cloud itself.
C.
Attribute Based Group Key Management to Preserve
Privacy
This method uses the scheme introduced in Section 2.2.It
uses the group key management technique [4], [5] and privacy
is preserved in broadcast Management (BGKM) [6], [7].
In this method the rekey operation is done by single
contacting with group of users. Here users are given secrets to
the private key.Secrets are combined with Public information
to get the private key.Only once communication channel is set
to get contact with users. All further operation is done by
broadcasting.
D.
Single Cover Encryption
In this scheme encryption is done only one time. So it is
named as single cover encryption.It has four entities. They are
User, IDP, Owner, and Cloud.
USER : He is going to get the encrypted data placed by
owner in the cloud. He can get the data only when identity
token matches.
Owner: He is going to perform encryption on the data and
upload the cipher text in cloud. If any credential changes, then
owner has to manage. In this scheme burden is more on
owner.
Cloud: It is the storage system where encrypted data is stored.
IDP: Identity Provider,Who Provide unique tokens to the
users based on attributes user provide during registration with
it.
ISSN: 2231-5381
Fig 3: Two Cover Encryption
Two cover Encryption is described in the fig 3,First the
owner has to breakdown the policies. Next the user has to
register with owner and cloud with the identity token issued
by the idp.In this scheme user won’t get the key of encryption,
Instead of that user get the secrets of to that Encrypted key. In
this scheme encryption is done twice. The owner perform
encryption of the data and then he upload the encrypted data
and the policies to the cloud. At the cloud side once again the
encryption is done by the cloud and data is stored in the cloud.
The user has to download the data from cloud and perform
decryption twice. First decryption is done by the secret given
by cloud and second decryption is done by the secret given by
http://www.ijettjournal.org
Page 602
International Journal of Engineering Trends and Technology (IJETT) – Volume 10 Number 13 - Apr 2014
the owner, after all this task user will get the original data
uploaded by the user.The two cover encryption can be divided
into six phases. Let see those phases now.
 Grant Identity Token:Identity Provider will Provide
the identity token based on the user attributes which
he provide while registering with it.
 Breakdown Policies: Owner will breakdown the
Access control Policies into two subset. He is going
to do that such a way that he has get less attributes to
handle and all remaining attributes are handled by the
cloud. The division should be consistent, while
decrypting the data the two subset has to get back the
original Access control policy.
 User registration with unique token:User will
register with owner and cloud by the unique tokens
provided by Identity provider. Then the user will get
secrets of Encryption by the owner and cloud.
 Data encryption and uploading : The owner will
encrypt the data first .He is going to consider the
subset of attribute provided to him. After encrypting
the data,it is uploaded to the cloud. At the cloud side
once again the encryption is done with reference to
the subset of attributes provided to it.By this method
even the cloud will not get the data so easily. To
protect the data in cloud environment data is
encrypted twice.
 Data downloading and decryption: User will
download the data from cloud and decrypt it by the
keys that are derived from the secrets provided to
him by owner and cloud. The first decryption is done
to remove encryption layer of cloud and the second
decryption is done to remove the encryption layer of
owner.
 Encryption
growth controlling : When any
credential changes. Not like in single cover
encryption where owner has to manage it.In this
scheme the cloud will manage the changes and
provide the new keys to users. It is possible because
owner has taken less Attributes while breakdown of
Access control policy. If new user gets added then he
became member of superset of old group. Then just
we need to forward the old data to him. If any
changes take place in Access control Policies then
the owner has to breakdown the policies once again.
the confidential data. Two times encryption give high
Protection to the data at cloud. Even Its very difficult to cloud
third party to get the data from their storage space. In future
work we can select other method even reduce the
computational cost.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
Smid, M.E. NBS, Gaithersburg, MD, USA Branstad, D.K.” Data
Encryption Standard: past and future” Proceedings of the
IEEE (Volume:76 , Issue: 5 ).
Mengmeng Wang North China Univ. of Water Resources & Electr.
Power,Zhengzhou,China Guiliang Zhu ; Xiaoqiang Zhang “General
survey on massive data encryption” Computing Technology and
Information Management (ICCM), 2012 8th International Conference
on (Volume:1 ).
A. Fiat and M. Naor“Broadcast encryption,”.In Proceedings of the 13th
Annual International
Cryptology Conference on Advances in
Cryptology, ser. CRYPTO ’93. London, UK: Springer- Verlag,1994,
pp. 480–491.
“Towards attribute based group key management,” in Proceedings of
the 18th ACM conference on Computer and communications security,
Chicago, Illinois, USA,2011by M. Nabeel and E. Bertino.
“Attribute based group key management,” IEEETransactions on
Dependable and Secure Computing,2012,by M. Nabeel and E.
Bertino,s.
“A
privacy-preserving
approach
to
policy-based
content
dissemination,” in ICDE ’10: Proceedings of the 2010 IEEE 26th
Internationa lConference on Data Engineering, 2010 by N. Shang, M.
Nabeel, F. Paci, and E. Bertino
.“Privacy preserving policy based content sharing in public clouds,”
IEEE Transactionson Knowledge and Data Engineering, 2012 , by .M.
Nabeel, N. Shang, and E. Bertino.
“Secure and selective dissemination of XML documents,” ACM Trans.
Inf. Syst. Secure., vol. 5, no. 3, pp. 290–331, 2002 by E. Bertino and E.
Ferrari.
“Controlling access to published data using cryptography,” in
VLDB ’2003: Proceedings of the29th international conference
on Very large data bases by G. Miklau and D. Suciu.
IV.CONCLUSION
Present Technologies for uploading Encrypted data and
dealing with all keys incur high cost .If any credential changes
the burden is on owner only to manage all that changes. In
this paper, we proposed a two cover encryption based
approach to solve the problem by taking the help of cloud
environment. In this work ,most of the activities of owner are
given to cloud such that burden on owner is reduced. Breaking
of ACP’s are down at owner side to provide less attribute
condition at owner. By doing this we can give high Privacy to
ISSN: 2231-5381
http://www.ijettjournal.org
Page 603