International Journal of Electrical, Electronics and Computer Systems (IJEECS)
1
2
1 PGScholar, JNTU, Pulivendula, 2 P.hd, Asso. Professor, JNTU , Pulivendula
Abstract- Cloud computing is the new computing paradigm that has influenced the way computing takes places in the recent past. This emerging technology allows users to outsource their business data and expensive operations as well without capital investment in pay per use fashion. However there are security concerns on outsourced data as the cloud servers are treated as untrusted. To overcome this problem many
Attribute Based Encryption (ABE) techniques came into existence for secure access control. These techniques suffer from problems in implementing flexible access control mechanisms. Wan et al. presented a hierarchical attribute based solution which provides fine grained access control besides making it scalable.
In this paper we implement this security scheme and build a prototype application that demonstrates the proof of concept. The empirical results revealed encouraging results. on cloud computing and related issues. Many service providers of cloud came into existence with applications at various levels. Sales force’s CRM [1], and Google’s Apps [2] come under SaaS. Yahoo Pig and Google App Engine [3] are examples for PaaS while IBM’s Blue Cloud [4], Amazon’s S3 [5] and
Amazon’s EC2 [6] are examples for IaaS. As these services are made available through cloud computing phenomenon, the cloud users need not to invest on such infrastructure again. They can simply utilize services in pay per use fashion. The services are also provided cheaper as observed by Zetta Inc.
Index Terms- Cloud computing, storage security, hierarchical attribute based encryption
Cloud computing is a new computing model which enables users to access huge amount of computing resources in play as you use fashon. Cloud provides services such as PaaS (Platform as a Service), IaaS
(Infrastructure as a Service) and SaaS (Software as a
Service). These services can be utilized by cloud users without need for capital investment. Thus the cloud can provide plethora of advantages. One such advantage is that users can access to cloud without geographical and time restrictions. Other advantages include immediate time to market, flexibility, scalability, operational efficiency, reduced costs and so on. The cloud is based on SOA (Service Oriented
Architecture) and utility computing. As water and electricity are commoditized, the computing resources also commoditied in pay per use fashion.
Extensive research has been around in the recent past
As there are plenty of benefits of cloud computing for IT sectors of all companies there are security concerns which are to be considered serious. Privacy and security to outsource to data is the major concern that has to be sorted out. Users have to believe in cloud storage providers for storage security. This is the main concern that needs to be addressed as the data is valuable asset to any organization. Not only confidentiality but fine grained access control to data is to be given paramount importance. For instance a health care related application that is outsourced to cloud needs to be protected. Fine grain access control is required in such system. Such requirements might be required by legislation. For achieving flexible access control many schemes came into existence
[8]-[11]. The problem with these schemes is that they work when service provider and service consumer are in the same domain. To overcome this problem in
[12] and [13] attribute based encryption schemes of different kinds are presented. However, they lack in scalability when attributes have multiple levels. In
[14] similar scheme is proposed which is better than the previous ones. Wan et al. [15] presented a more secure and scalable scheme known as hierarchical attribute set based encryption for access control. This scheme extends CA-ASBE proposed in [16]. In this paper we implemented the security scheme of [15]
____________________________________________________________________
ISSN (online) 2347-2812, Volume -1, Issue -3, 2013
44
International Journal of Electrical, Electronics and Computer Systems (IJEECS) with a prototype application to demonstrate the proof of concept. The rest of the paper is structured as follows. Section II reviews relevant literature.
Section III provides details about the scheme to be implemented. Section IV discusses about the prototype application. Section V provides experimental results while section VI concludes the paper. from enough to support access control in modern enterprise environments, which require considerable flexibility and efficiency in specifying policies and managing user attributes [16]. In a CP-ABE scheme, decryption keys only support user attributes that are organized logically as a single set, so users can only use all possible combinations of attributes in a single set issued in their keys to satisfy policies.
In this section, we review the notion of attributebased encryption (ABE), and provide a brief overview of the ASBE scheme by Bobba et al. After that, we examine existing access control schemes based on ABE.
Attribute-Based Encryption
The notion of ABE was first introduced by Sahai and
Waters [17] as a new method for fuzzy identity-based encryption. The primary drawback of the scheme in
[17] is that its threshold semantics lacks impressibility. Several efforts followed in the literature to try to solve the expressibility problem. In the ABE scheme, ciphertexts are not encrypted to one particular user as in traditional public key cryptography. Rather, both cipher texts and users’ decryption keys are associated with a set of attributes or a policy over attributes.
To solve this problem, Bobba et al. [16] introduced ciphertext-policy attribute-set-based encryption (CP-
ASBE or ASBE for short). ASBE is an extended form of CP-ABE which organizes user attributes into a recursive set structure.
The following is an example of a key structure of depth 2, which is the depth of the recursive set structure:
A user is able to decrypt a cipher text only if there is a match between his decryption key and the cipher text. ABE schemes are classified into key-policy attribute- based encryption (KP-ABE) and cipher text-policy attribute- based encryption (CP-ABE), depending how attributes and policy are associated with ciphertexts and users’ decryption keys.
In a KP-ABE scheme [12], a ciphertext is associated with a set of attributes and a user’s decryption key is associated with a monotonic tree access structure.
Only if the attributes associated with the ciphertext satisfy the tree access structure, can the user decrypt the ciphertext. In a CP-ABE scheme [14], the roles of ciphertexts and decryption keys are switched; the ciphertext is encrypted with a tree access policy chosen by an encryptor, while the corresponding decryption key is created with respect to a set of attributes.
Fig 1 Home Page
As shown above figure 1 it shows the home page here is the login of administration.
As long as the set of attributes associated with a decryption key satisfies the tree access policy associated with a given ciphertext, the key can be used to decrypt the ciphertext. Since users’ decryption keys are associated with a set of attributes, CP-ABE is conceptually closer to traditional access control models such as Role-Based
Access Control (RBAC) [14].
Fig 2 Data Owner Login
As shown above Figure 2 data owner login here login permission of the data owners means who is having permission to login those are only accessed with their authentications.
Thus, it is more natural to apply CP-ABE, instead of
KP-ABE, to enforce access control of encrypted data.
However, basic CP-ABE schemes (e.g., [14]) are far
____________________________________________________________________
ISSN (online) 2347-2812, Volume -1, Issue -3, 2013
45
International Journal of Electrical, Electronics and Computer Systems (IJEECS)
Fig 3 File Details
As shown above figure 3 here the details of the file.
It is the details of file like file ID, File name, file subject like all details of the file.
Fig 6. Experiments on system setup and top-level domain authority grant Setup operation
Fig 4 Data Consumer Login
Fig 7 Experiments on system setup and top-level domain authority grant top-level domain authority grant
Fig 5 Home Page of Data Consumer Fig 8 Experiments on system setup and top-level domain authority grant top-level domain authority grant
____________________________________________________________________
ISSN (online) 2347-2812, Volume -1, Issue -3, 2013
46
International Journal of Electrical, Electronics and Computer Systems (IJEECS)
Fig 9 Experiments on new user/domain authority grant and key update new user/domain authority grant Fig 11 Experiments on file creation and decryption decryption/file access
Fig 9 Experiments on new user/domain authority grant and key update new user/domain authority grant
Fig 12 Experiments on file creation and decryption decryption/file access
In this paper, we introduced the HASBE scheme for realizing scalable, flexible, and fine-grained access control in cloud computing. The HASBE scheme seamlessly incorporates a hierarchical Structure of system users by applying a delegation algorithm to
ASBE. HASBE not only supports compound attributes due to flexible attribute set combinations, but also achieves efficient user revocation because of multiple value assignments of attributes. We formally proved the security of HASBE based on the security of CP-ABE by Bethencourt et al.. Finally, we implemented the proposed scheme, and conducted comprehensive performance analysis and evaluation, which showed its efficiency and advantages over existing schemes.
Fig 10 Experiments on new user/domain authority grant and key update key update
____________________________________________________________________
ISSN (online) 2347-2812, Volume -1, Issue -3, 2013
47
International Journal of Electrical, Electronics and Computer Systems (IJEECS)
[1] B. Barbara, “Salesforce.com: Raising the level of networking,” Inf. Today, vol. 27, pp. 45–
45, 2010.
[6] Amazon Elastic Compute Cloud (Amazon
EC2) [Online]. Available: http://aws.amazon.com/ec2/
[2] K. Barlow and J. Lane, “Like technology from an advanced alien culture: Google apps for education at ASU,” in Proc. ACM
SIGUCCSUser Services Conf., Orlando, FL,
2007.
[7] J. Bell, Hosting Enterprise Data in the Cloud-
Part 9: Investment Value Zetta, Tech. Rep.,
2010.
[3] Google App Engine [Online]. Available: http://code.google.com/appengine/
[4] R. Martin, “IBM brings cloud computing to earth with massive new data centers,”
InformationWeek Aug. 2008 [Online].
Available: http:// www.informationweek.com/ news/hardware/data_centers/209901523
[5] Amazon Web Services (AWS) [Online].
Available: https://s3.amazonaws. Com/
[8] H. Harney, A. Colgrove, and P. D. McDaniel,
“Principles of policy in secure groups,” in
Proc. NDSS, San Diego, CA, 2001.
[9] P. D. McDaniel and A. Prakash, “Methods and limitations of security policy reconciliation,” in Proc. IEEE Symp. Security and Privacy,
Berkeley, CA, 2002.
[10] T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust negotiation,” in Proc. IEEE Symp Security and Privacy, Berkeley, CA, 2003.
____________________________________________________________________
ISSN (online) 2347-2812, Volume -1, Issue -3, 2013
48