Itdcc01 Fr

HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN

CLOUD COMPUTING

INTRODUCTION

Cloud computing is a new computing paradigm that is built on virtualization, parallel and

distributed computing, utility computing, and service-oriented architecture. We propose a

hierarchical attribute-set-based encryption (HASBE) scheme for access control in cloud

computing. HASBE extends the cipher text-policy attribute- set-based encryption (CP-ASBE, or

ASBE for short) scheme with a hierarchical structure of system users, so as to achieve scalable,

flexible and fine-grained access control.

SCOPE OF THE PROJECT

However, most of them suffer from hardness in implementing complex access control

policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data

in cloud computing. We propose hierarchical attribute-set-based encryption (HASBE) by

extending cipher-text-policy attribute-set-based encryption (ASBE) with a hierarchical structure

of users. The proposed scheme not only achieves scalability, flexibility and fine-grained access

control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value

assignments for access expiration time to deal with user revocation more efficiently than existing

schemes. The main operations of HASBE: System Setup, Top-Level Domain Authority Grant,

New Domain Authority/User Grant, New File Creation, User Revocation, File Access, and File

Deletion.

LITERATURE SURVEY

High-Performance Cloud Computing: A View of Scientific Applications

Author: Christian Vecchiola Suraj Pandey and Rajkumar Buyya

Year: 2009

Scientific computing often requires the availability of a massive number of computers for

performing large scale experiments. Traditionally, these needs have been addressed by using

high-performance computing solutions and installed facilities such as clusters and super

computers, which are difficult to setup, maintain, and operate. Cloud computing provides

scientists with a completely new model of utilizing the computing infrastructure. Compute

resources, storage resources, as well as applications, can be dynamically provisioned (and

integrated within the existing infrastructure) on a pay per use basis. These resources can be

released when they are no more needed. Such services are often offered within the context of a

Service Level Agreement (SLA), which ensure the desired Quality of Service (QoS). Aneka, an

enterprise Cloud computing solution, harnesses the power of compute resources by relying on

private and public Clouds and delivers to users the desired QoS. Its flexible and service based

infrastructure supports multiple programming paradigms that make Aneka address a variety of

different scenarios: from finance applications to computational science. As examples of scientific

computing in the Cloud, we present a preliminary case study on using Aneka for the

classification of gene expression data and the execution of fMRI brain imaging workflow.

Principles of Policy in Secure Groups

Author: H. Harney, A. Colgrove and P. D. McDaniel,

Year: 2001

Security policy is increasingly being used as a vehicle for specifying complex entity

relationships. When used to define group security, policy must be extended to state the entirety

of the security context. For this reason, the policy requirements of secure groups are more

complex than found in traditional peer communication; group policies convey information about

associations greater and more abstract than their pair-wise counterparts. This paper identifies

and illustrates universal requirements of secure group policy and reasons about the adherence of

the Group Security Association Key Management Protocol (GSAKMP) to these principles.

Methods and Limitations of Security Policy Reconciliation

Author: P. D. McDaniel and A. Prakash

Year: 2002

A security policy is a means by which participant session requirements are specified.

However, existing frameworks provide limited facilities for the automated reconciliation of

participant policies. This paper considers the limits and methods of reconciliation in a general-

purpose policy model. We identify an algorithm for efficient two-policy reconciliation, and show

that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest

efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the

policy model, we describe the design and implementation of the Ismene policy language. The

expressiveness of Ismene, and indirectly of our model, is demonstrated through the

representation and exposition of policies supported by existing policy languages. We conclude

with brief notes on the integration and enforcement of Ismene policy within the Antigone

communication system.

A Unified Scheme for Resource Protection in Automated Trust Negotiation

Author: T. Yu and M. Winslett

Year: 2003.

Automated trust negotiation is an approach to establishing trust between strangers

through iterative disclosure of digital credentials. In automated trust negotiation, access control

policies play a key role in protecting resources from unauthorized access. Unlike in traditional

trust management systems, the access control policy for a resource is usually unknown to the

party requesting access to the resource, when trust negotiation starts. The negotiating parties can

rely on policy disclosures to learn each other's access control requirements. However, a policy

itself may also contain sensitive information. Disclosing policies' contents unconditionally may

leak valuable business information or jeopardize individuals' privacy. In this paper, we propose

UniPro, a uni_ed scheme to model protection of resources, including policies, in trust

negotiation. UniPro improves on previous work by modeling policies as _rst-class resources,

protecting them in the same way as other resources, providing _ne-grained control over policy

disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which

gives users more _exibility in expressing their authorization requirements. We also show that

UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the

choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to

succeed in establishing trust.

Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud

Computing

Author: S. Yu, C. Wang, K. Ren, and W. Lou

Year: 2010

Cloud computing is an emerging computing paradigm in which resources of the

computing infrastructure are provided as services over the Internet. As promising as it is, this

paradigm also brings forth many new challenges for data security and access control when users

outsource sensitive data for sharing on cloud servers, which are not within the same trusted

domain as data owners. To keep sensitive user data confidential against untrusted servers,

existing solutions usually apply cryptographic methods by disclosing data decryption keys only

to authorized users. However, in doing so, these solutions inevitably introduce a heavy

computation overhead on the data owner for key distribution and data management when

finegrained data access control is desired, and thus do not scale well. The problem of

simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control

actually still remains unresolved. This paper addresses this challenging open issue by, on one

hand, defining and enforcing access policies based on data attributes, and, on the other hand,

allowing the data owner to delegate most of the computation tasks involved in finegrained data

access control to untrusted cloud servers without disclosing the underlying data contents. We

achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption

(ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient

properties of user access privilege confidentiality and user secret key accountability. Extensive

analysis shows that our proposed scheme is highly efficient and provably secure under existing

security models.

Ciphertext-Policy Attribute-Based Encryption

Author: John Bethencourt, Amit Sahai and Brent Waters

Year: 2007

In several distributed systems a user should only be able to access data if a user posses a

certain set of cre-dentials or attributes. Currently, the only method for enforcing such policies is

to employ a trusted server to store the data and mediate access control. However, if any server

storing the data is compromised, then the confidentiality of the data will be compromised. In this

paper we present a system for realizing complex access control on encrypted data that we call

Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be

kept confidential even if the storage server is untrusted; moreover, our methods are secure

against collusion attacks. Previous Attribute-Based Encryption systems used attributes to

describe the encrypted data and built policies into user’s keys; while in our system attributes are

used to describe a user’s credentials, and a party encrypting data determines a policy for who can

decrypt. Thus, our methods are conceptually closer to traditional access control methods such as

Role-Based Access Control (RBAC).In addition, we provide an implementation of our system

and give performance measurements.

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted

Data

Author: Vipul Goyal, Omkant Pandey, Amit Sahaiz and Brent Waters

Year: 2006

As more sensitive data is shared and stored by third-party sites on the Internet, there will

be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be

selectively shared only at a coarse-grained level (i.e., giving another party your private key). We

develop a new cryptosystem for ¯ne-grained sharing of encrypted data that we call Key-Policy

Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of

attributes and private keys are associated with access structures that control which ciphertexts a

user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-

log information and broadcast encryption. Our construction supports delegation of private keys

which subsumes Hierarchical Identity-Based Encryption (HIBE).

Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based

Encryption

Author: Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran

Year: 2009

In distributed systems users need to share sensitive objects with others based on the

recipients’ ability to satisfy a policy. Attribute-Based Encryption (ABE) is a new paradigm

where such policies are specified and cryptographically enforced in the encryption algorithm

itself. Cipher text-Policy ABE (CP-ABE) is a form of ABE where policies are associated with

encrypted data and attributes are associated with keys. In this work we focus on improving the

flexibility of representing user attributes in keys. Specifically, we propose Cipher text Policy

Attribute Set Based Encryption (CP-ASBE) - a new form of CP-ABE - which, unlike existing

CP-ABE schemes that represent user attributes as a monolithic set in keys, organizes user

attributes into a recursive set based structure and allows users to impose dynamic constraints on

how those attributes may be combined to satisfy a policy. We show that the proposed scheme is

more versatile and supports many practical scenarios more naturally and efficiently. We provide

a prototype implementation of our scheme and evaluate its performance overhead.

Fuzzy Identity-Based Encryption

Author: Amit Sahai and Brent Waters

Year: 2005

We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy

Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A

Fuzzy IBE scheme allows for a private key for an identity, !, to decrypt a ciphertext encrypted

with an identity, !0, if and only if the identities ! and !0 are close to each other as measured by

the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using

biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely

what allows for the use of biometric identities, which inherently will have some noise each time

they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application

that we term “attribute-based encryption”.

In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can

be viewed as an Identity-Based Encryption of a message under several attributes that compose a

(fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks.

Additionally, our basic construction does not use random oracles. We prove the security of our

schemes under the Selective-ID security model.

Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in

Cloud Storage Services

Author: G.Wang, Q. Liu, and J.Wu

Year: 2010

Cloud computing, as an emerging computing paradigm, enables users to remotely store

their data into a cloud so as to enjoy scalable services on-demand. Especially for small and

medium-sized enterprises with limited budgets, they can achieve cost savings and productivity

enhancements by using cloud-based services to manage projects, to make collaborations, and the

like. However, allowing cloud service providers (CSPs), which are not in the same trusted

domains as enterprise users, to take care of confidential data, may raise potential security and

privacy issues. To keep the sensitive user data confidential against untrusted CSPs, a natural way

is to apply cryptographic approaches, by disclosing decryption keys only to authorized users.

However, when enterprise users outsource confidential data for sharing on cloud servers, the

adopted encryption system should not only support fine-grained access control, but also provide

high performance, full delegation, and scalability, so as to best serve the needs of accessing data

anytime and anywhere, delegating within enterprises, and achieving a dynamic set of users. In

this paper, we propose a scheme to help enterprises to efficiently share confidential data on

cloud servers. We achieve this goal by first combining the hierarchical identity-based encryption

(HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system, and then

making a performance-expressivity tradeoff, finally applying proxy re-encryption and lazy re-

encryption to our scheme.

MODULES NAME

Authentication

Trusted Authority

Domain Authority

Data Owner

Data Consumer

Cloud Service Provider

Login

Next PageCheckStatus

Database

MODULE DIAGRAM & DESCRIPTION

Authentication:

If you are the new user going to access the make request or process request then

they have to register first by providing necessary details. After successful completion of sign up

process, the user has to login into the application by providing username and exact password.

The user has to provide exact username and password which was provided at the time of

registration, if login success means it will take up to main page else it will remain in the login

page itself.

No

Yes

Trusted Authority:

Trusted Authority is Main part of this project. It is create one decryption key for the

relevant encryption key. After the decryption key provided the domain authority. Domain

authority, Data owner, Data consumer and Cloud service provider are controlled in Trusted

Authority.

Trusted Authority

Data Owner

Domain Authority

Data Consumer

Cloud Storage

Domain Authority

Data Owner


Data Consumer

Domain Authority:

Domain Authority is sub head for the trusted authority. Domain authority performs the

administrator operation. Data owner will not store the data without domain authority permission

and Data consumer will not get the data without Domain authority permission. So the domain

authority provides the permission to the Data owner and Data consumer.

Domain Authority

Data Owner

Public Key

Encrypted Data

Cloud Storage

Data Owner:

Data Owner is store the data in cloud service provider for secure purpose. Before Data

owner get the permission from the domain authority for store the data. After get the permission

Data owner first encrypt the file or data and store the data in cloud storage or cloud service

provider.

Data Consumer:

First Data Consumer sends the request to the trusted authority through the domain

authority. This request contains the filename and data owner name. Then the trusted authority

sends the private key to the data consumer through the domain authority. Finally Data Consumer

retrieves the data from cloud service provider and decrypts the data using the decryption key.

Data Consumer

Get Private Key

Filename, Owner name

Cloud Storage

Get Encrypted file & Decrypted Data

Domain Authority

Cloud Service Provider:

Cloud Service Provider is another name for cloud storage. Cloud storage is providing the

security for data. Only authorized user (get permission from the domain authority) allows

encrypting and storing the data. Authorized user allows retrieving the data and decrypting the

data.

Data Owner

Data Consumer

Cloud Storage

Encrypt & Store Data

Retrieve &Decrypt Data

GIVEN INPUT EXPECTED OUTPUT

Authentication:

Input: Provide username and password to get permission for access

Output: Become Authenticated person to request and process the request.

Trusted Authority:

Input: Store the data to cloud storage

Output: Provide the public and private Key to the domain authority

Domain Authority:

Input: Ask the Permission for store data to cloud storage.

Output: Provide the public key to the data owner.

Data Owner:

Input: Encrypt the Data in data owner.

Output: Store the Data to the cloud storage.

Data Consumer:

Input: send filename and data owner name to the domain authority.

Output: Receive private key and encrypted file then Decrypt the Data.

Cloud Service Provider:

Input: Data owner Store the Data in cloud storage

Output: Data consumer Receive the Data from the cloud storage.

TECHNIQUE USED

Hierarchical attribute-set-based encryption algorithm (HASBE):

First, we show how HASBE extends the ASBE algorithm with a hierarchical structure to

improve scalability and flexibility while at the same time inherits the feature of fine-grained

access control of ASBE. Second, we demonstrate how to implement a full-fledged access control

scheme for cloud computing based on HASBE. The scheme provides full support for hierarchical

user grant, file creation, file deletion, and user revocation in cloud computing. Our system model

consists of a trusted authority, multiple domain authorities, and numerous users corresponding to

data owners and data consumers. The trusted authority is responsible for generating and

distributing system parameters and root master keys as well as authorizing the top-level domain

authorities. A domain authority is responsible for delegating keys to subordinate domain

authorities at the next level or users in its domain. Each user in the system is assigned a key

structure which specifies the attributes associated with the user’s decryption key.

We are now ready to describe the main operations of HASBE: System Setup, Top-Level

Domain Authority Grant, New Domain Authority/User Grant, New File Creation, and File

Access.

System Setup:

The trusted authority calls the algorithm to create system public parameters PK and

master key MK0.PK will be made public to other parties and MK0 will be kept secret.

Top-Level Domain Authority Grant:

The trusted authority will first verify whether it is a valid domain authority. If so, the

trusted authority calls to Create DA (PK, MK0,A) generate the master key for DAi. After getting

the master key, DAi can authorize the next level domain authorities or users in its domain.

New Domain Authority/User Grant:

When a new user, denoted as u , or a new subordinate domain authority, denoted as

DAi+1 , wants to join the system, the administrating domain authority, denoted as DAi , will first

verify whether the new entity is valid. If true, DAi assigns the new entity a key structure A-

corresponding to its role and a unique ID. Note that A- is a subset of A, where A is the key

structure of DAi .

New File Creation:

To protect data stored on the cloud, a data owner first encrypts data files and then stores

the encrypted data files on the cloud. Each file is encrypted with a symmetric data encryption

key DEK, which is in turn encrypted with HASBE. Finally, the encrypted data file is stored on

the cloud.

File Access:

When a user sends request for data files stored on the cloud, the cloud sends the

corresponding cipher texts to the user. The user decrypts them by first calling Decrypt (CT,

SKu ) to obtain DEK and then decrypt data files using DEK.

HARDWARE & SOFTWARE REQUIREMENTS:

SOFTWARE REQUIREMENTS:

Operating system :- Windows7

IDE :- Microsoft Visual Studio .Net 2010

Front End :- WPF

Coding Language :- C#

Backend :- SQL Server 2005

HARDWARE REQUIREMENTS:

System : Pentium IV 2.4 GHZ

Hard disk : 40 GB

Mouse : Logitech.

RAM : 2GB(minimum)

Keyboard : 110 keys enhanced.

SYSTEM DESIGN

USE CASE DIAGRAM:

A use case diagram is a type of behavioral diagram created from a Use-case analysis. The

purpose of use case is to present overview of the functionality provided by the system in terms of

actors, their goals and any dependencies between those use cases.

Trusted Authority

Domain Authority

Data Owner

Data Consumer


Filename & Ownername

Get Permission

Encrypt & Store Data

Retrieve & Decrypt Data

Get Decryption KeyProvide Public & Private Key

In this use case diagram, trusted authority is the head for this project. It is generate the

public and private key. Domain authority is the subhead for this project. Data Owner first gets

the permission from the domain authority and encrypts the data using encryption key and store

the data in cloud storage. Data Consumer send filename and owner name to the domain authority

then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and

decrypts the data.

CLASS DIAGRAM

A class diagram in the UML is a type of static structure diagram that describes the

structure of a system by showing the system’s classes, their attributes, and the relationships

between the classes.

Private visibility hides information from anything outside the class partition. Public

visibility allows all other classes to view the marked information.

Protected visibility allows child classes to access information they inherited from a parent

class.

Storage

Data

Store()Retrieve()

Trusted

Public KeyPrivate Key

Control()

Owner

DataPublic Key

Get Permission()Encrypt Data()Domain

Public KeyPrivate Key

Administrator() Consumer

FilenameOwnernamePrivate Key

Retrieve Data()Decrypt Data()

In this class diagram, trusted authority is the head for this project. It is generate the public

and private key. Domain authority is the subhead for this project. Data Owner first gets the

permission from the domain authority and encrypts the data using encryption key and store the

data in cloud storage. Data Consumer send filename and owner name to the domain authority


decrypts the data.

OBJECT DIAGRAM:

An object diagram in the Unified Modeling Language (UML) is a diagram that shows a

complete or partial view of the structure of a modeled system at a specific time.

An Object diagram focuses on some particular set of object instances and attributes, and

the links between the instances. A correlated set of object diagrams provides insight into how an

arbitrary view of a system is expected to evolve over time.

Trusted AuthorityPublic Key=pub.pkPrivate Key=pri.pke

Domain AuthorityUsername=domainPassword=******Key name=abc.pk

Data Consumer Owner name= hari File name=abc.txt Retrieve pri.pke Decrypt abc.txt

Data Owner Encrypt abc.txt

Cloud Storage Store abc.txt

Object diagrams are more concrete than class diagrams, and are often used to provide

examples, or act as test cases for the class diagrams. Only those aspects of a model that are of

current interest need be shown on an object diagram.

In this object diagram, trusted authority is the head for this project. It is generate the





decrypts the data.

STATE DIAGRAM

A state diagram is a type of diagram used in computer science and related fields to

describe the behavior of systems. State diagrams require that the system described is composed

of a finite number of states; sometimes, this is indeed the case, while at other times this is a

reasonable abstraction. There are many forms of state diagrams, which differ slightly and have

different semantics.

Trusted Authority

Domain Authority

Data OwnerData Consumer

Cloud storage

In this state diagram, trusted authority is the head for this project. It is generate the public

and private key. Domain authority is the subhead for this project. Data Owner first gets the

permission from the domain authority and encrypts the data using encryption key and store the

data in cloud storage. Data Consumer send filename and owner name to the domain authority


decrypts the data.

ACTIVITY DIAGRAM:

Activity diagram are a loosely defined diagram to show workflows of stepwise activities

and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be

used to describe the business and operational step-by-step workflows of components in a system.

UML activity diagrams could potentially model the internal logic of a complex operation. In

many ways UML activity diagrams are the object-oriented equivalent of flow charts and data

flow diagrams (DFDs) from structural development.

Trusted

Domain

Owner Consumer

Storage

Login

is valid user?

No

Key Generation

Get PermissionFile &

Ownername

In this activity diagram, trusted authority is the head for this project. It is generate the





decrypts the data.

SEQUENCE DIAGRAM:

A sequence diagram in UML is a kind of interaction diagram that shows how the

processes operate with one another and in what order.

It is a construct of a message sequence chart. Sequence diagrams are sometimes called

Event-trace diagrams, event scenarios, and timing diagrams.

The below diagram shows the sequence flow shows how the process occurs in this

project.

Trusted Authority Data Owner Data Consumer Cloud StorageDomain Authority

Get Permission

Encrypt and Store data

Provide PrivateKey

Filename & Owner name

Provide PrivateKey

Provide PublicKey

Provide PublicKey

Get Encryptedfile & Decrypt Data

In this sequence diagram, trusted authority is the head for this project. It is generate the





decrypts the data.

COLLABORATION DIAGRAM:

A collaboration diagram show the objects and relationships involved in an interaction,

and the sequence of messages exchanged among the objects during the interaction.

The collaboration diagram can be a decomposition of a class, class diagram, or part of a

class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case

diagram.

The collaboration diagram shows messages being sent between classes and object

(instances). A diagram is created for each system operation that relates to the current

development cycle (iteration).

Trusted Authority

Data Owner

Data Consumer

Cloud Storage

Domain Authority

6: Provide PrivateKey2: Provide PublicKey

1: Get Permission

3: Provide PublicKey

4: Encrypt and Store data

5: Filename & Owner name7: Provide PrivateKey

8: Get Encryptedfile & Decrypt Data

In this collaboration diagram, trusted authority is the head for this project. It is generate

the public and private key. Domain authority is the subhead for this project. Data Owner first

gets the permission from the domain authority and encrypts the data using encryption key and

store the data in cloud storage. Data Consumer send filename and owner name to the domain

authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud

storage and decrypts the data.

COMPONENT DIAGRAM:

The component diagram's main purpose is to show the structural relationships between the

components of a system. A component represented implementation items, such as files and

executables. Unfortunately, this conflicted with the more common use of the term component,"

which refers to things such as COM components. Over time and across successive releases of

UML, the original UML meaning of components was mostly lost. UML 2 officially changes the

essential meaning of the component concept; in UML 2, components are considered

autonomous, encapsulated units within a system or subsystem that provide one or more

interfaces.

Trusted Authority

Domain Authority

Data Consumer

Data Owner

Cloud Storage

In this component diagram, trusted authority is the head for this project. It is generate the





decrypts the data.

DATA FLOW DIAGRAM:

A data flow diagram (DFD) is a graphical representation of the “flow” of data through an

information system. It differs from the flowchart as it shows the data flow instead of the control

flow of the program. A data flow diagram can also be used for the visualization of data

processing. The DFD is designed to show how a system is divided into smaller portions and to

highlight the flow of data between those parts.

User1 Authentication Login

D0 Database

D1 Database

1 Trusted Authority Public Key

1 Cloud Storage Store Data

1 Domain Authority Public Key Administrator

1 Data Owner Get Permission Encrypt Data by public key

User

D2 Database

2 Trusted Authority Private Key


2 Domain Authority Private Key Administrator

2 Data Consumer Get Private KeyRetrieve & Decrypt Data

LEVEL 0

LEVEL 1

LEVEL 2

2 Data Consumer Get Private KeyRetrieve & Decrypt Data

User1 Authentication Login

D0 Database

D1 Database

1 Trusted Authority Public &Private Key


1 Domain Authority Public & Private Key Administrator

1 Data Owner Get Public Key Encrypt Data

ALL Levels:

In this data flow diagram (DFD), trusted authority is the head for this project. It is generate the





decrypts the data.

Trusted Authority

Domain Authority

Data Owner

Data consumer

Cloud storage

Public & Private KeyPublic & Private Key

Name

Get Private Key

Store Data

Password

DataEncrypt

File name,owner name

Get Permission


E-R DIAGRAM:

In software engineering, an entity-relationship model (ERM) is an abstract and

conceptual representation of data. Entity-relationship modeling is a database modeling method,

used to produce a type of conceptual schema or semantic data model of a system, often

a relational database, and its requirements in a top-down fashion. Diagrams created by this

process are called entity-relationship diagrams, ER diagrams, or ERDs.

In this entity relationship (ER) diagram, trusted authority is the head for this project. It is

generate the public and private key. Domain authority is the subhead for this project. Data

Owner first gets the permission from the domain authority and encrypts the data using encryption

key and store the data in cloud storage. Data Consumer send filename and owner name to the

domain authority then get the decryption key. Finally Consumer gets the encrypted file from the

cloud storage and decrypts the data.

SYSTEM ARCHITECTURE

The cloud computing system under consideration consists of five types of parties: a cloud

service Provider, data owners, data consumers, a number of domain authorities, and a trusted

authority. The cloud service provider manages a cloud to provide data storage service. Data

owners encrypt their data files and store them in the cloud for sharing with data consumers. To

access the shared data files, data consumers download encrypted data files of their interest from

the cloud and then decrypt them. Each data owner/consumer is administrated by a domain

authority. A domain authority is managed by its parent domain authority or the trusted authority.

Data owners, data consumers, domain authorities, and the trusted authority are organized in a

hierarchical manner. The trusted authority is the root authority and responsible for managing top-

level domain authorities.

Trusted Authority Administrator Stored Data

Encrypted Data

Data Consumer

Database

Public & Private Key Public &

Private Key

File & Owner name


Data Owner

Data Consumer

Cloud Storage

Encrypt & Store Image file

Retrieve Encrypted file &Decrypt Data

Future Enhancement Module Diagram & Description

Image File

General analysis shows that our proposed schemes is highly efficient and provably secure

under existing security models. This proposed scheme only supports the text files. As a future

work we can implement the image files.

GIVEN INPUT EXPECTED OUTPUT

Image File

Input: Get the image file and encrypted using public key.

Output: get the encrypted file and private key then decrypted.

ADVANTAGES:

Recall that our system model consists of a trusted authority, domain authorities, and

numerous users corresponding to data owners and data consumers.

Each user in the system is assigned a key structure which specifies the attributes

associated with the user’s decryption key.

conducted comprehensive performance analysis and evaluation, which showed its

efficiency

APPLICATION:

Website

In Gmail, The user provides correct username and password means go to the next page.

It is provide the secure for data. Only authorized person allow accessing the data. The authorized

person receives the data from other and sends data to the other.

In Amazon website, the authorized person allows to view data and store some of the data

and retrieve the data from this website. Unauthorized person not allow to accessing the data and

Viewing the data and storing the data.

CONCLUSION:

We achieve this goal by exploiting and individually combining techniques of attribute-

based Encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also

has most important properties of user access privilege confidentiality and user secret key

accountability. Extensive analysis shows that our proposed schemes is highly efficient and

provably secure under existing security models.

BIBILOGRAPHY:

1. R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, “Cloud computing and emerging it

platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future

Generation Comput. Syst., vol. 25, pp.599–616, 2009.

2. S. Yu, C. Wang, K. Ren, and W. Lou, “Achiving secure, scalable, and fine-grained data access

control in cloud computing,” in Proc. IEEE INFOCOM 2010, 2010, pp. 534–542.

3. R. Bobba, H. Khurana, and M. Prabhakaran, “Attribute-sets: A practically motivated

enhancement to attribute-based encryption,” in Proc. ESORICS, Saint Malo, France, 2009.

4. J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,” in

Proc. IEEE Symp. Security and Privacy, Oakland, CA, 2007.

5. A. Sahai and B. Waters, “Fuzzy identity based encryption,” in Proc. Acvances in Cryptology—

Eurocrypt, 2005, vol. 3494, LNCS, pp. 457–473.

6. G.Wang, Q. Liu, and J.Wu, “Hierachical attibute-based encryption for fine-grained access

control in cloud storage services,” in Proc. ACM Conf. Computer and Communications Security

(ACM CCS), Chicago, IL, 2010.

7. V. Goyal, O. Pandey, A. Sahai, and B.Waters, “Attibute-based encryption for fine-grained

access control of encrypted data,” in Proc. ACM Conf. Computer and Communications Security

(ACM CCS), Alexandria, VA, 2006.

8. H. Harney, A. Colgrove, and P. D. McDaniel, “Principles of policy in secure groups,” in Proc.

NDSS, San Diego, CA, 2001.

9. P. D. McDaniel and A. Prakash, “Methods and limitations of security policy reconciliation,” in

Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2002.

10. T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust

negotiation,” in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2003.

Documents

Itdcc01 Fr