Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Fuzzy Authorization

advertisement 
Fuzzy Authorization for ClouStorage
Abstract:
By leveraging and modifying Cipher text-Policy Attribute
Based Encryption (CP-ABE) and OAuth, we proposea new authorization
scheme, called fuzzy authorization, to facilitate an application registered
with one cloud partyto access data residing in another cloud party. The
new proposed scheme enables the fuzziness of authorization toenhance
the scalability and flexibility of file sharing by taking advantage of the
one-to-one correspondence betweenLinear Secret-Sharing Scheme
(LSSS) and generalized Reed Solomon (GRS) code. Furthermore, by
conductingattribute
distance
checking
and
distance
adjustment,
operations like sending attribute sets and satisfying an accesstree are
eliminated. In addition, the automatic revocation is realized with update
of TimeSlot attribute whendata owner modifies the data. The security of
the fuzzy authorization is proved under the d-BDHE assumption.In order
to measure and estimate the performance of our scheme, we have
implemented the protocol flow offuzzy authorization with OMNET++
and
realized
the
cryptographic
part
with
Pairing-Based
Cryptography(PBC) library. Experimental results show that fuzzy
authorization
can
achieve
fuzziness
of
amongheterogeneous clouds with security and efficiency.
authorization
ALGORITHM
Main Procedures of Fuzzy Authorization
In lieu of using symmetric pairing which can only be
constructed by some suitable supersingular elliptic
curves, we adopt asymmetric pairing which allows a greater variety of
known curves to be used
bilinear pairing is adopted here. Recall that, G1, G2 and GT
are cyclic groups of prime order q.Assume that Diffie-Hellman problem
is hard in G1. Let φ : G2 → G1 be an efficient computable
groupisomorphism. Set g1 = φ(g2). A security parameter, k, determines
the size of those three groups
Delegate(SK, _ω): The algorithm takes in a secret key SK
with which an attribute set ω is embedded
and another attribute set _ω ⊂ ω. Normally, this algorithm is used by an
ASP.
SYSTEM ANALYSIS
EXISTING SYSTEM
The greedy strategy seems to providbetter welfare than the random
strategy and at the same time is computationally as efficient.While the runtime for
GATA per allocation is around 10seconds, both random and greedy run almost
instantlyWe get similar results for the number ofunstable pairs, which are most
often lower for the greedystrategy than the random strategy here not sharing the
user friend user their our wish of not count for the List of friends the system
enables resourcesharing using social networks without the exchange ofmoney and
relying on a notion of trust to avoid freeriding. Like our approach, they use a
virtual containerto provide virtualization within the existing virtualmachine
instance, however our approach using Seattle’sprogramming level virtualization
provides a muchmore lightweight model at the expense of flexibility
PROPOSED SYSTEM
we propose FA which carries out a flexible file-sharing
scheme between an owner whostores his/her data in one cloud party and
applications which are registered within another cloud party. The
simulation of FA protocol proves that our scheme can successfully
adjust the attribute distance, quicklycorrect the unmatched indirect secret
shares, resoundingly recover the top secret and then efficiently
perform the decryption for KE. FA’s self-distance-checking ability
eliminates sending file attributes toASP and distance-correcting ability
omits necessity of performing satisfying the access tree procedure.
Furthermore, the simulation indicates that with the update of TimeSlot
attribute, FA scheme automaticallyinvalidates the authorized reading
right from ASP. Comparing to Fuzzy IBE1 and FuzzyIBE2,experimental
results also demonstrates that FA reduces the storage consumption when
distance is one unitand graph structure. Like Friend List Count Increase
their List of view and number of authorization file is less than nine
which is the most often occurring situation. The average time
consumption of protocol collected in our simulation implies that FA is at
the same efficiency level as AAuth.While this work mainly addresses
the reading authorization issue on cloud storage, the future work will
aim to solve the security issue arising from writing right accreditation in
cloud computing. For the latter,a more rigorous authentication is needed
among data owner, ASP and AS, which makes the problem more
challenging.
Advantage
 The new scheme enables the fuzziness of authorization
toenhance the scalability and flexibility of file sharing
by taking advantage of the one-to-one correspondence
between
 Linear Secret-Sharing Scheme (LSSS) and generalized
Reed Solomon (GRS) code List can be
increase
andDecrease
 H could be used. For each new set of share
componentsobtained, (28) and (29) can be applied to
checkwhether they are the correct share components. If
satisfied for a certain set of potential
 a data owner stores several PDF files inside Justcloud,
which is the
top one cloudstorage service
providerLater on, data owner wants to merge some of
the
PDF files
System architecture:
MODULE DESCRIPTION
 Access control,
 attribute based encryption,
 ciphertext-policy,
 cloud storage,
 fuzzy authorization,
 privacy,
.
Access control
Register
In this module new user regiter the information in order to use
the
Fuzzy Authorization End users are the one who initiates the flow by giving
their registration details, set permissions etc.
Permission Guide
A Permission Guide that guides users through the requested permissions, and
shows them a set of recommendations on each of the requested permissions. It is
represented by a browser extension that integrates into the authorization process by
capturing the scope parameter value within the request URI generated by a thirdparty application. Once the scope is captured, the extension parses the requested
permissions and presents them in a user-friendly manner.
 attribute based encryption,
attribute
based
encryption,
Service
returns
a
set
of
recommendations for the permissions requested by the client.
 fuzzy authorization,
1) Overview of the Protocol: There are four main entities in
the system as shown in Fig. 1.
Data owner: an entity who stores his/her data inside cloud
storage and wishes to utilize cloudapplication services to process the
data. A data owner must register with cloud storage provider
and must be logged-in in order to upload, access data or authorize.
• Application service provider (ASP): an entity to be
authorized to access cloud storage data. It is an
application software resides in vendor’s system or cloud and can be
accessed by users through a webbrowser or a special purpose client
software. For example, PDFMerge is an online tool which can
be used to merge several pdf files into one pdf file. With proper
authorization, PDFMerge fetchesthe source pdf files from cloud storage.
As a result, uploading files from data owner’s local deviceis avoided.
Fuzzy authorization
OAuth uses a mechanism where the roles of third-party applications
and resource owners are separated. It does not require users to share their private
credentials with third-party applications, instead it issues a new set of credentials
for each application. These new set of credentials are per application, and reflect a
unique set of permissions to a user’s online resources. In OAuth, these new
credentials are represented via an Access Token. An Access Token is a string
which denotes a certain scope of permissions granted to an application, it also
denotes other attributes such as the duration the Access Token is considered valid.
We are mainly interested in the scope attribute within an Access Token. Access
Tokens are issued by an authorization server after the approval of the resource
owner.
Cloud storage
Cloud storage is simply a term that refers to online space that you can use
to store your data. As well as keeping a backup of your files on physical storage
devices such as: external hard drives, USB flash drives, etc., cloud storage
provides a secure way of remotely storing your important data. Online storage
solutions are usually provided using a large network of virtual servers that also
come with tools for managing files and organizing your virtual storage space.
.
SYSTEM SPECIFICATION
Hardware Requirements:
 System
: Pentium IV 2.4 GHz.
 Hard Disk
: 40 GB.
 Floppy Drive
: 1.44 Mb.
 Monitor
: 14’ Colour Monitor.
 Mouse
: Optical Mouse.
 Ram
: 512 Mb.
Software Requirements:
 Operating system
: Windows 7 Ultimate.
 Coding Language
: ASP.Net with C#
 Front-End
: Visual Studio 2010 Professional.
 Data Base
: SQL Server 2008.
Related documents
HEALTHCARE STATUS AUTHORIZATION
HEALTHCARE STATUS AUTHORIZATION
IB MYP Authorization Timeline
IB MYP Authorization Timeline
Authorization for Release/Exchange of Information
Authorization for Release/Exchange of Information
Authorization Request Medical/Surgical Services
Authorization Request Medical/Surgical Services
authorization for emergency medical treatment
authorization for emergency medical treatment
Records Release – Bay Area Gastroenterology to Other Party or
Records Release – Bay Area Gastroenterology to Other Party or
Request for Medical Records - Huntsville Pediatric Associates
Request for Medical Records - Huntsville Pediatric Associates
Slide - People
Slide - People
Release of medical records form to other practioner from VSSMDSC
Release of medical records form to other practioner from VSSMDSC
Download
advertisement