Upload
ramesh-cms
View
76
Download
1
Embed Size (px)
DESCRIPTION
eee
Citation preview
HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN
CLOUD COMPUTING
INTRODUCTION
Cloud computing is a new computing paradigm that is built on virtualization, parallel and
distributed computing, utility computing, and service-oriented architecture. We propose a
hierarchical attribute-set-based encryption (HASBE) scheme for access control in cloud
computing. HASBE extends the cipher text-policy attribute- set-based encryption (CP-ASBE, or
ASBE for short) scheme with a hierarchical structure of system users, so as to achieve scalable,
flexible and fine-grained access control.
SCOPE OF THE PROJECT
However, most of them suffer from hardness in implementing complex access control
policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data
in cloud computing. We propose hierarchical attribute-set-based encryption (HASBE) by
extending cipher-text-policy attribute-set-based encryption (ASBE) with a hierarchical structure
of users. The proposed scheme not only achieves scalability, flexibility and fine-grained access
control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value
assignments for access expiration time to deal with user revocation more efficiently than existing
schemes. The main operations of HASBE: System Setup, Top-Level Domain Authority Grant,
New Domain Authority/User Grant, New File Creation, User Revocation, File Access, and File
Deletion.
LITERATURE SURVEY
High-Performance Cloud Computing: A View of Scientific Applications
Author: Christian Vecchiola Suraj Pandey and Rajkumar Buyya
Year: 2009
Scientific computing often requires the availability of a massive number of computers for
performing large scale experiments. Traditionally, these needs have been addressed by using
high-performance computing solutions and installed facilities such as clusters and super
computers, which are difficult to setup, maintain, and operate. Cloud computing provides
scientists with a completely new model of utilizing the computing infrastructure. Compute
resources, storage resources, as well as applications, can be dynamically provisioned (and
integrated within the existing infrastructure) on a pay per use basis. These resources can be
released when they are no more needed. Such services are often offered within the context of a
Service Level Agreement (SLA), which ensure the desired Quality of Service (QoS). Aneka, an
enterprise Cloud computing solution, harnesses the power of compute resources by relying on
private and public Clouds and delivers to users the desired QoS. Its flexible and service based
infrastructure supports multiple programming paradigms that make Aneka address a variety of
different scenarios: from finance applications to computational science. As examples of scientific
computing in the Cloud, we present a preliminary case study on using Aneka for the
classification of gene expression data and the execution of fMRI brain imaging workflow.
Principles of Policy in Secure Groups
Author: H. Harney, A. Colgrove and P. D. McDaniel,
Year: 2001
Security policy is increasingly being used as a vehicle for specifying complex entity
relationships. When used to define group security, policy must be extended to state the entirety
of the security context. For this reason, the policy requirements of secure groups are more
complex than found in traditional peer communication; group policies convey information about
associations greater and more abstract than their pair-wise counterparts. This paper identifies
and illustrates universal requirements of secure group policy and reasons about the adherence of
the Group Security Association Key Management Protocol (GSAKMP) to these principles.
Methods and Limitations of Security Policy Reconciliation
Author: P. D. McDaniel and A. Prakash
Year: 2002
A security policy is a means by which participant session requirements are specified.
However, existing frameworks provide limited facilities for the automated reconciliation of
participant policies. This paper considers the limits and methods of reconciliation in a general-
purpose policy model. We identify an algorithm for efficient two-policy reconciliation, and show
that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest
efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the
policy model, we describe the design and implementation of the Ismene policy language. The
expressiveness of Ismene, and indirectly of our model, is demonstrated through the
representation and exposition of policies supported by existing policy languages. We conclude
with brief notes on the integration and enforcement of Ismene policy within the Antigone
communication system.
A Unified Scheme for Resource Protection in Automated Trust Negotiation
Author: T. Yu and M. Winslett
Year: 2003.
Automated trust negotiation is an approach to establishing trust between strangers
through iterative disclosure of digital credentials. In automated trust negotiation, access control
policies play a key role in protecting resources from unauthorized access. Unlike in traditional
trust management systems, the access control policy for a resource is usually unknown to the
party requesting access to the resource, when trust negotiation starts. The negotiating parties can
rely on policy disclosures to learn each other's access control requirements. However, a policy
itself may also contain sensitive information. Disclosing policies' contents unconditionally may
leak valuable business information or jeopardize individuals' privacy. In this paper, we propose
UniPro, a uni_ed scheme to model protection of resources, including policies, in trust
negotiation. UniPro improves on previous work by modeling policies as _rst-class resources,
protecting them in the same way as other resources, providing _ne-grained control over policy
disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which
gives users more _exibility in expressing their authorization requirements. We also show that
UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the
choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to
succeed in establishing trust.
Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud
Computing
Author: S. Yu, C. Wang, K. Ren, and W. Lou
Year: 2010
Cloud computing is an emerging computing paradigm in which resources of the
computing infrastructure are provided as services over the Internet. As promising as it is, this
paradigm also brings forth many new challenges for data security and access control when users
outsource sensitive data for sharing on cloud servers, which are not within the same trusted
domain as data owners. To keep sensitive user data confidential against untrusted servers,
existing solutions usually apply cryptographic methods by disclosing data decryption keys only
to authorized users. However, in doing so, these solutions inevitably introduce a heavy
computation overhead on the data owner for key distribution and data management when
finegrained data access control is desired, and thus do not scale well. The problem of
simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control
actually still remains unresolved. This paper addresses this challenging open issue by, on one
hand, defining and enforcing access policies based on data attributes, and, on the other hand,
allowing the data owner to delegate most of the computation tasks involved in finegrained data
access control to untrusted cloud servers without disclosing the underlying data contents. We
achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption
(ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient
properties of user access privilege confidentiality and user secret key accountability. Extensive
analysis shows that our proposed scheme is highly efficient and provably secure under existing
security models.
Ciphertext-Policy Attribute-Based Encryption
Author: John Bethencourt, Amit Sahai and Brent Waters
Year: 2007
In several distributed systems a user should only be able to access data if a user posses a
certain set of cre-dentials or attributes. Currently, the only method for enforcing such policies is
to employ a trusted server to store the data and mediate access control. However, if any server
storing the data is compromised, then the confidentiality of the data will be compromised. In this
paper we present a system for realizing complex access control on encrypted data that we call
Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be
kept confidential even if the storage server is untrusted; moreover, our methods are secure
against collusion attacks. Previous Attribute-Based Encryption systems used attributes to
describe the encrypted data and built policies into user’s keys; while in our system attributes are
used to describe a user’s credentials, and a party encrypting data determines a policy for who can
decrypt. Thus, our methods are conceptually closer to traditional access control methods such as
Role-Based Access Control (RBAC).In addition, we provide an implementation of our system
and give performance measurements.
Attribute-Based Encryption for Fine-Grained Access Control of Encrypted
Data
Author: Vipul Goyal, Omkant Pandey, Amit Sahaiz and Brent Waters
Year: 2006
As more sensitive data is shared and stored by third-party sites on the Internet, there will
be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be
selectively shared only at a coarse-grained level (i.e., giving another party your private key). We
develop a new cryptosystem for ¯ne-grained sharing of encrypted data that we call Key-Policy
Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of
attributes and private keys are associated with access structures that control which ciphertexts a
user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-
log information and broadcast encryption. Our construction supports delegation of private keys
which subsumes Hierarchical Identity-Based Encryption (HIBE).
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based
Encryption
Author: Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran
Year: 2009
In distributed systems users need to share sensitive objects with others based on the
recipients’ ability to satisfy a policy. Attribute-Based Encryption (ABE) is a new paradigm
where such policies are specified and cryptographically enforced in the encryption algorithm
itself. Cipher text-Policy ABE (CP-ABE) is a form of ABE where policies are associated with
encrypted data and attributes are associated with keys. In this work we focus on improving the
flexibility of representing user attributes in keys. Specifically, we propose Cipher text Policy
Attribute Set Based Encryption (CP-ASBE) - a new form of CP-ABE - which, unlike existing
CP-ABE schemes that represent user attributes as a monolithic set in keys, organizes user
attributes into a recursive set based structure and allows users to impose dynamic constraints on
how those attributes may be combined to satisfy a policy. We show that the proposed scheme is
more versatile and supports many practical scenarios more naturally and efficiently. We provide
a prototype implementation of our scheme and evaluate its performance overhead.
Fuzzy Identity-Based Encryption
Author: Amit Sahai and Brent Waters
Year: 2005
We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy
Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A
Fuzzy IBE scheme allows for a private key for an identity, !, to decrypt a ciphertext encrypted
with an identity, !0, if and only if the identities ! and !0 are close to each other as measured by
the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using
biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely
what allows for the use of biometric identities, which inherently will have some noise each time
they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application
that we term “attribute-based encryption”.
In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can
be viewed as an Identity-Based Encryption of a message under several attributes that compose a
(fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks.
Additionally, our basic construction does not use random oracles. We prove the security of our
schemes under the Selective-ID security model.
Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in
Cloud Storage Services
Author: G.Wang, Q. Liu, and J.Wu
Year: 2010
Cloud computing, as an emerging computing paradigm, enables users to remotely store
their data into a cloud so as to enjoy scalable services on-demand. Especially for small and
medium-sized enterprises with limited budgets, they can achieve cost savings and productivity
enhancements by using cloud-based services to manage projects, to make collaborations, and the
like. However, allowing cloud service providers (CSPs), which are not in the same trusted
domains as enterprise users, to take care of confidential data, may raise potential security and
privacy issues. To keep the sensitive user data confidential against untrusted CSPs, a natural way
is to apply cryptographic approaches, by disclosing decryption keys only to authorized users.
However, when enterprise users outsource confidential data for sharing on cloud servers, the
adopted encryption system should not only support fine-grained access control, but also provide
high performance, full delegation, and scalability, so as to best serve the needs of accessing data
anytime and anywhere, delegating within enterprises, and achieving a dynamic set of users. In
this paper, we propose a scheme to help enterprises to efficiently share confidential data on
cloud servers. We achieve this goal by first combining the hierarchical identity-based encryption
(HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system, and then
making a performance-expressivity tradeoff, finally applying proxy re-encryption and lazy re-
encryption to our scheme.
MODULES NAME
Authentication
Trusted Authority
Domain Authority
Data Owner
Data Consumer
Cloud Service Provider
Login
Next PageCheckStatus
Database
MODULE DIAGRAM & DESCRIPTION
Authentication:
If you are the new user going to access the make request or process request then
they have to register first by providing necessary details. After successful completion of sign up
process, the user has to login into the application by providing username and exact password.
The user has to provide exact username and password which was provided at the time of
registration, if login success means it will take up to main page else it will remain in the login
page itself.
No
Yes
Trusted Authority:
Trusted Authority is Main part of this project. It is create one decryption key for the
relevant encryption key. After the decryption key provided the domain authority. Domain
authority, Data owner, Data consumer and Cloud service provider are controlled in Trusted
Authority.
Trusted Authority
Data Owner
Domain Authority
Data Consumer
Cloud Storage
Domain Authority
Data Owner
Cloud Service Provider
Data Consumer
Domain Authority:
Domain Authority is sub head for the trusted authority. Domain authority performs the
administrator operation. Data owner will not store the data without domain authority permission
and Data consumer will not get the data without Domain authority permission. So the domain
authority provides the permission to the Data owner and Data consumer.
Domain Authority
Data Owner
Public Key
Encrypted Data
Cloud Storage
Data Owner:
Data Owner is store the data in cloud service provider for secure purpose. Before Data
owner get the permission from the domain authority for store the data. After get the permission
Data owner first encrypt the file or data and store the data in cloud storage or cloud service
provider.
Data Consumer:
First Data Consumer sends the request to the trusted authority through the domain
authority. This request contains the filename and data owner name. Then the trusted authority
sends the private key to the data consumer through the domain authority. Finally Data Consumer
retrieves the data from cloud service provider and decrypts the data using the decryption key.
Data Consumer
Get Private Key
Filename, Owner name
Cloud Storage
Get Encrypted file & Decrypted Data
Domain Authority
Cloud Service Provider:
Cloud Service Provider is another name for cloud storage. Cloud storage is providing the
security for data. Only authorized user (get permission from the domain authority) allows
encrypting and storing the data. Authorized user allows retrieving the data and decrypting the
data.
Data Owner
Data Consumer
Cloud Storage
Encrypt & Store Data
Retrieve &Decrypt Data
GIVEN INPUT EXPECTED OUTPUT
Authentication:
Input: Provide username and password to get permission for access
Output: Become Authenticated person to request and process the request.
Trusted Authority:
Input: Store the data to cloud storage
Output: Provide the public and private Key to the domain authority
Domain Authority:
Input: Ask the Permission for store data to cloud storage.
Output: Provide the public key to the data owner.
Data Owner:
Input: Encrypt the Data in data owner.
Output: Store the Data to the cloud storage.
Data Consumer:
Input: send filename and data owner name to the domain authority.
Output: Receive private key and encrypted file then Decrypt the Data.
Cloud Service Provider:
Input: Data owner Store the Data in cloud storage
Output: Data consumer Receive the Data from the cloud storage.
TECHNIQUE USED
Hierarchical attribute-set-based encryption algorithm (HASBE):
First, we show how HASBE extends the ASBE algorithm with a hierarchical structure to
improve scalability and flexibility while at the same time inherits the feature of fine-grained
access control of ASBE. Second, we demonstrate how to implement a full-fledged access control
scheme for cloud computing based on HASBE. The scheme provides full support for hierarchical
user grant, file creation, file deletion, and user revocation in cloud computing. Our system model
consists of a trusted authority, multiple domain authorities, and numerous users corresponding to
data owners and data consumers. The trusted authority is responsible for generating and
distributing system parameters and root master keys as well as authorizing the top-level domain
authorities. A domain authority is responsible for delegating keys to subordinate domain
authorities at the next level or users in its domain. Each user in the system is assigned a key
structure which specifies the attributes associated with the user’s decryption key.
We are now ready to describe the main operations of HASBE: System Setup, Top-Level
Domain Authority Grant, New Domain Authority/User Grant, New File Creation, and File
Access.
System Setup:
The trusted authority calls the algorithm to create system public parameters PK and
master key MK0.PK will be made public to other parties and MK0 will be kept secret.
Top-Level Domain Authority Grant:
The trusted authority will first verify whether it is a valid domain authority. If so, the
trusted authority calls to Create DA (PK, MK0,A) generate the master key for DAi. After getting
the master key, DAi can authorize the next level domain authorities or users in its domain.
New Domain Authority/User Grant:
When a new user, denoted as u , or a new subordinate domain authority, denoted as
DAi+1 , wants to join the system, the administrating domain authority, denoted as DAi , will first
verify whether the new entity is valid. If true, DAi assigns the new entity a key structure A-
corresponding to its role and a unique ID. Note that A- is a subset of A, where A is the key
structure of DAi .
New File Creation:
To protect data stored on the cloud, a data owner first encrypts data files and then stores
the encrypted data files on the cloud. Each file is encrypted with a symmetric data encryption
key DEK, which is in turn encrypted with HASBE. Finally, the encrypted data file is stored on
the cloud.
File Access:
When a user sends request for data files stored on the cloud, the cloud sends the
corresponding cipher texts to the user. The user decrypts them by first calling Decrypt (CT,
SKu ) to obtain DEK and then decrypt data files using DEK.
HARDWARE & SOFTWARE REQUIREMENTS:
SOFTWARE REQUIREMENTS:
Operating system :- Windows7
IDE :- Microsoft Visual Studio .Net 2010
Front End :- WPF
Coding Language :- C#
Backend :- SQL Server 2005
HARDWARE REQUIREMENTS:
System : Pentium IV 2.4 GHZ
Hard disk : 40 GB
Mouse : Logitech.
RAM : 2GB(minimum)
Keyboard : 110 keys enhanced.
SYSTEM DESIGN
USE CASE DIAGRAM:
A use case diagram is a type of behavioral diagram created from a Use-case analysis. The
purpose of use case is to present overview of the functionality provided by the system in terms of
actors, their goals and any dependencies between those use cases.
Trusted Authority
Domain Authority
Data Owner
Data Consumer
Cloud Service Provider
Filename & Ownername
Get Permission
Encrypt & Store Data
Retrieve & Decrypt Data
Get Decryption KeyProvide Public & Private Key
In this use case diagram, trusted authority is the head for this project. It is generate the
public and private key. Domain authority is the subhead for this project. Data Owner first gets
the permission from the domain authority and encrypts the data using encryption key and store
the data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
CLASS DIAGRAM
A class diagram in the UML is a type of static structure diagram that describes the
structure of a system by showing the system’s classes, their attributes, and the relationships
between the classes.
Private visibility hides information from anything outside the class partition. Public
visibility allows all other classes to view the marked information.
Protected visibility allows child classes to access information they inherited from a parent
class.
Storage
Data
Store()Retrieve()
Trusted
Public KeyPrivate Key
Control()
Owner
DataPublic Key
Get Permission()Encrypt Data()Domain
Public KeyPrivate Key
Administrator() Consumer
FilenameOwnernamePrivate Key
Retrieve Data()Decrypt Data()
In this class diagram, trusted authority is the head for this project. It is generate the public
and private key. Domain authority is the subhead for this project. Data Owner first gets the
permission from the domain authority and encrypts the data using encryption key and store the
data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
OBJECT DIAGRAM:
An object diagram in the Unified Modeling Language (UML) is a diagram that shows a
complete or partial view of the structure of a modeled system at a specific time.
An Object diagram focuses on some particular set of object instances and attributes, and
the links between the instances. A correlated set of object diagrams provides insight into how an
arbitrary view of a system is expected to evolve over time.
Trusted AuthorityPublic Key=pub.pkPrivate Key=pri.pke
Domain AuthorityUsername=domainPassword=******Key name=abc.pk
Data Consumer Owner name= hari File name=abc.txt Retrieve pri.pke Decrypt abc.txt
Data Owner Encrypt abc.txt
Cloud Storage Store abc.txt
Object diagrams are more concrete than class diagrams, and are often used to provide
examples, or act as test cases for the class diagrams. Only those aspects of a model that are of
current interest need be shown on an object diagram.
In this object diagram, trusted authority is the head for this project. It is generate the
public and private key. Domain authority is the subhead for this project. Data Owner first gets
the permission from the domain authority and encrypts the data using encryption key and store
the data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
STATE DIAGRAM
A state diagram is a type of diagram used in computer science and related fields to
describe the behavior of systems. State diagrams require that the system described is composed
of a finite number of states; sometimes, this is indeed the case, while at other times this is a
reasonable abstraction. There are many forms of state diagrams, which differ slightly and have
different semantics.
Trusted Authority
Domain Authority
Data OwnerData Consumer
Cloud storage
In this state diagram, trusted authority is the head for this project. It is generate the public
and private key. Domain authority is the subhead for this project. Data Owner first gets the
permission from the domain authority and encrypts the data using encryption key and store the
data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
ACTIVITY DIAGRAM:
Activity diagram are a loosely defined diagram to show workflows of stepwise activities
and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be
used to describe the business and operational step-by-step workflows of components in a system.
UML activity diagrams could potentially model the internal logic of a complex operation. In
many ways UML activity diagrams are the object-oriented equivalent of flow charts and data
flow diagrams (DFDs) from structural development.
Trusted
Domain
Owner Consumer
Storage
Login
is valid user?
No
Key Generation
Get PermissionFile &
Ownername
In this activity diagram, trusted authority is the head for this project. It is generate the
public and private key. Domain authority is the subhead for this project. Data Owner first gets
the permission from the domain authority and encrypts the data using encryption key and store
the data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
SEQUENCE DIAGRAM:
A sequence diagram in UML is a kind of interaction diagram that shows how the
processes operate with one another and in what order.
It is a construct of a message sequence chart. Sequence diagrams are sometimes called
Event-trace diagrams, event scenarios, and timing diagrams.
The below diagram shows the sequence flow shows how the process occurs in this
project.
Trusted Authority Data Owner Data Consumer Cloud StorageDomain Authority
Get Permission
Encrypt and Store data
Provide PrivateKey
Filename & Owner name
Provide PrivateKey
Provide PublicKey
Provide PublicKey
Get Encryptedfile & Decrypt Data
In this sequence diagram, trusted authority is the head for this project. It is generate the
public and private key. Domain authority is the subhead for this project. Data Owner first gets
the permission from the domain authority and encrypts the data using encryption key and store
the data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
COLLABORATION DIAGRAM:
A collaboration diagram show the objects and relationships involved in an interaction,
and the sequence of messages exchanged among the objects during the interaction.
The collaboration diagram can be a decomposition of a class, class diagram, or part of a
class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case
diagram.
The collaboration diagram shows messages being sent between classes and object
(instances). A diagram is created for each system operation that relates to the current
development cycle (iteration).
Trusted Authority
Data Owner
Data Consumer
Cloud Storage
Domain Authority
6: Provide PrivateKey2: Provide PublicKey
1: Get Permission
3: Provide PublicKey
4: Encrypt and Store data
5: Filename & Owner name7: Provide PrivateKey
8: Get Encryptedfile & Decrypt Data
In this collaboration diagram, trusted authority is the head for this project. It is generate
the public and private key. Domain authority is the subhead for this project. Data Owner first
gets the permission from the domain authority and encrypts the data using encryption key and
store the data in cloud storage. Data Consumer send filename and owner name to the domain
authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud
storage and decrypts the data.
COMPONENT DIAGRAM:
The component diagram's main purpose is to show the structural relationships between the
components of a system. A component represented implementation items, such as files and
executables. Unfortunately, this conflicted with the more common use of the term component,"
which refers to things such as COM components. Over time and across successive releases of
UML, the original UML meaning of components was mostly lost. UML 2 officially changes the
essential meaning of the component concept; in UML 2, components are considered
autonomous, encapsulated units within a system or subsystem that provide one or more
interfaces.
Trusted Authority
Domain Authority
Data Consumer
Data Owner
Cloud Storage
In this component diagram, trusted authority is the head for this project. It is generate the
public and private key. Domain authority is the subhead for this project. Data Owner first gets
the permission from the domain authority and encrypts the data using encryption key and store
the data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
DATA FLOW DIAGRAM:
A data flow diagram (DFD) is a graphical representation of the “flow” of data through an
information system. It differs from the flowchart as it shows the data flow instead of the control
flow of the program. A data flow diagram can also be used for the visualization of data
processing. The DFD is designed to show how a system is divided into smaller portions and to
highlight the flow of data between those parts.
User1 Authentication Login
D0 Database
D1 Database
1 Trusted Authority Public Key
1 Cloud Storage Store Data
1 Domain Authority Public Key Administrator
1 Data Owner Get Permission Encrypt Data by public key
User
D2 Database
2 Trusted Authority Private Key
2 Cloud Storage Store Data
2 Domain Authority Private Key Administrator
2 Data Consumer Get Private KeyRetrieve & Decrypt Data
LEVEL 0
LEVEL 1
LEVEL 2
2 Data Consumer Get Private KeyRetrieve & Decrypt Data
User1 Authentication Login
D0 Database
D1 Database
1 Trusted Authority Public &Private Key
1 Cloud Storage Store Data
1 Domain Authority Public & Private Key Administrator
1 Data Owner Get Public Key Encrypt Data
ALL Levels:
In this data flow diagram (DFD), trusted authority is the head for this project. It is generate the
public and private key. Domain authority is the subhead for this project. Data Owner first gets
the permission from the domain authority and encrypts the data using encryption key and store
the data in cloud storage. Data Consumer send filename and owner name to the domain authority
then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and
decrypts the data.
Trusted Authority
Domain Authority
Data Owner
Data consumer
Cloud storage
Public & Private KeyPublic & Private Key
Name
Get Private Key
Store Data
Password
DataEncrypt
File name,owner name
Get Permission
Retrieve & Decrypt Data
E-R DIAGRAM:
In software engineering, an entity-relationship model (ERM) is an abstract and
conceptual representation of data. Entity-relationship modeling is a database modeling method,
used to produce a type of conceptual schema or semantic data model of a system, often
a relational database, and its requirements in a top-down fashion. Diagrams created by this
process are called entity-relationship diagrams, ER diagrams, or ERDs.
In this entity relationship (ER) diagram, trusted authority is the head for this project. It is
generate the public and private key. Domain authority is the subhead for this project. Data
Owner first gets the permission from the domain authority and encrypts the data using encryption
key and store the data in cloud storage. Data Consumer send filename and owner name to the
domain authority then get the decryption key. Finally Consumer gets the encrypted file from the
cloud storage and decrypts the data.
SYSTEM ARCHITECTURE
The cloud computing system under consideration consists of five types of parties: a cloud
service Provider, data owners, data consumers, a number of domain authorities, and a trusted
authority. The cloud service provider manages a cloud to provide data storage service. Data
owners encrypt their data files and store them in the cloud for sharing with data consumers. To
access the shared data files, data consumers download encrypted data files of their interest from
the cloud and then decrypt them. Each data owner/consumer is administrated by a domain
authority. A domain authority is managed by its parent domain authority or the trusted authority.
Data owners, data consumers, domain authorities, and the trusted authority are organized in a
hierarchical manner. The trusted authority is the root authority and responsible for managing top-
level domain authorities.
Trusted Authority Administrator Stored Data
Encrypted Data
Data Consumer
Database
Public & Private Key Public &
Private Key
File & Owner name
Retrieve & Decrypt Data
Data Owner
Data Consumer
Cloud Storage
Encrypt & Store Image file
Retrieve Encrypted file &Decrypt Data
Future Enhancement Module Diagram & Description
Image File
General analysis shows that our proposed schemes is highly efficient and provably secure
under existing security models. This proposed scheme only supports the text files. As a future
work we can implement the image files.
GIVEN INPUT EXPECTED OUTPUT
Image File
Input: Get the image file and encrypted using public key.
Output: get the encrypted file and private key then decrypted.
ADVANTAGES:
Recall that our system model consists of a trusted authority, domain authorities, and
numerous users corresponding to data owners and data consumers.
Each user in the system is assigned a key structure which specifies the attributes
associated with the user’s decryption key.
conducted comprehensive performance analysis and evaluation, which showed its
efficiency
APPLICATION:
Website
In Gmail, The user provides correct username and password means go to the next page.
It is provide the secure for data. Only authorized person allow accessing the data. The authorized
person receives the data from other and sends data to the other.
In Amazon website, the authorized person allows to view data and store some of the data
and retrieve the data from this website. Unauthorized person not allow to accessing the data and
Viewing the data and storing the data.
CONCLUSION:
We achieve this goal by exploiting and individually combining techniques of attribute-
based Encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also
has most important properties of user access privilege confidentiality and user secret key
accountability. Extensive analysis shows that our proposed schemes is highly efficient and
provably secure under existing security models.
BIBILOGRAPHY:
1. R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, “Cloud computing and emerging it
platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future
Generation Comput. Syst., vol. 25, pp.599–616, 2009.
2. S. Yu, C. Wang, K. Ren, and W. Lou, “Achiving secure, scalable, and fine-grained data access
control in cloud computing,” in Proc. IEEE INFOCOM 2010, 2010, pp. 534–542.
3. R. Bobba, H. Khurana, and M. Prabhakaran, “Attribute-sets: A practically motivated
enhancement to attribute-based encryption,” in Proc. ESORICS, Saint Malo, France, 2009.
4. J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,” in
Proc. IEEE Symp. Security and Privacy, Oakland, CA, 2007.
5. A. Sahai and B. Waters, “Fuzzy identity based encryption,” in Proc. Acvances in Cryptology—
Eurocrypt, 2005, vol. 3494, LNCS, pp. 457–473.
6. G.Wang, Q. Liu, and J.Wu, “Hierachical attibute-based encryption for fine-grained access
control in cloud storage services,” in Proc. ACM Conf. Computer and Communications Security
(ACM CCS), Chicago, IL, 2010.
7. V. Goyal, O. Pandey, A. Sahai, and B.Waters, “Attibute-based encryption for fine-grained
access control of encrypted data,” in Proc. ACM Conf. Computer and Communications Security
(ACM CCS), Alexandria, VA, 2006.
8. H. Harney, A. Colgrove, and P. D. McDaniel, “Principles of policy in secure groups,” in Proc.
NDSS, San Diego, CA, 2001.
9. P. D. McDaniel and A. Prakash, “Methods and limitations of security policy reconciliation,” in
Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2002.
10. T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust
negotiation,” in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2003.