By the recent works made on data sharing paradigm
such as cloud computing and online social networks, it had been
proven that there was a huge demand for distributed data
security. Access policies and updates in the policies are one of the
challenging issues in data sharing systems. For this issue
attribute based encryption is one of the solutions for this
problem. Here the key generation centre will decrypt the
messages specified for particular users by generating their
private keys. It is not a perfect or suitable solution for our
applications because here the data owner should maintain their
private data only accessible to designated users. Additionally, by
applying ABE in the data sharing system will generates another
challenge with regard to user revocation due to which the access
policies are defined only over the attribute universe. So for that
we are proposing a novel encryption scheme for a data sharing
system by exploring the characteristic of system architecture.
Our proposed scheme features are: it solves the key escrow
problem by escrow-free key issuing protocol, which was
developed using the secure two-party computation between data
storing centre and key generation centre. And next feature is that
by using proxy encryption the fine-grained user revocation per
each attribute could be done.
Original Title
Data Sharing on Untrusted Domains using a Novel
Encryption Standard
By the recent works made on data sharing paradigm
such as cloud computing and online social networks, it had been
proven that there was a huge demand for distributed data
security. Access policies and updates in the policies are one of the
challenging issues in data sharing systems. For this issue
attribute based encryption is one of the solutions for this
problem. Here the key generation centre will decrypt the
messages specified for particular users by generating their
private keys. It is not a perfect or suitable solution for our
applications because here the data owner should maintain their
private data only accessible to designated users. Additionally, by
applying ABE in the data sharing system will generates another
challenge with regard to user revocation due to which the access
policies are defined only over the attribute universe. So for that
we are proposing a novel encryption scheme for a data sharing
system by exploring the characteristic of system architecture.
Our proposed scheme features are: it solves the key escrow
problem by escrow-free key issuing protocol, which was
developed using the secure two-party computation between data
storing centre and key generation centre. And next feature is that
by using proxy encryption the fine-grained user revocation per
each attribute could be done.
By the recent works made on data sharing paradigm
such as cloud computing and online social networks, it had been
proven that there was a huge demand for distributed data
security. Access policies and updates in the policies are one of the
challenging issues in data sharing systems. For this issue
attribute based encryption is one of the solutions for this
problem. Here the key generation centre will decrypt the
messages specified for particular users by generating their
private keys. It is not a perfect or suitable solution for our
applications because here the data owner should maintain their
private data only accessible to designated users. Additionally, by
applying ABE in the data sharing system will generates another
challenge with regard to user revocation due to which the access
policies are defined only over the attribute universe. So for that
we are proposing a novel encryption scheme for a data sharing
system by exploring the characteristic of system architecture.
Our proposed scheme features are: it solves the key escrow
problem by escrow-free key issuing protocol, which was
developed using the secure two-party computation between data
storing centre and key generation centre. And next feature is that
by using proxy encryption the fine-grained user revocation per
each attribute could be done.
Data Sharing on Untrusted Domains using a Novel Encryption Standard D. Nageshwara Rao 1 , Ravi 2
D.Nageshwara rao, pursuing M.Tech(CSE) from Holy Mary Institute of Technology and Science, Hyderabad, Andhra Pradesh, India, Affiliated to JNTU Hyderabad Ravi, working as an Asst. Professor in Department of Computer Science Engineering at Holy Mary Institute of Technology and Science, Hyderabad, Andhra Pradesh, India, Affiliated to JNTU Hyderabad
Abstract By the recent works made on data sharing paradigm such as cloud computing and online social networks, it had been proven that there was a huge demand for distributed data security. Access policies and updates in the policies are one of the challenging issues in data sharing systems. For this issue attribute based encryption is one of the solutions for this problem. Here the key generation centre will decrypt the messages specified for particular users by generating their private keys. It is not a perfect or suitable solution for our applications because here the data owner should maintain their private data only accessible to designated users. Additionally, by applying ABE in the data sharing system will generates another challenge with regard to user revocation due to which the access policies are defined only over the attribute universe. So for that we are proposing a novel encryption scheme for a data sharing system by exploring the characteristic of system architecture. Our proposed scheme features are: it solves the key escrow problem by escrow-free key issuing protocol, which was developed using the secure two-party computation between data storing centre and key generation centre. And next feature is that by using proxy encryption the fine-grained user revocation per each attribute could be done.
KeywordsCipher text, plain text, private key, data sharing, distributed data, proxy encryption, key generation centre, key escrow protocol I. INTRODUCTION The main threat to the data is absolutely using improperly by the storage server or unauthorized access by outside users. The data owners make their private data only accessible to authorized person i.e. the creditionals to whomthey provided. One of the cryptographic approaches that achieve fine-grained data access control is Attribute-based encryption (ABE). Based on the different attributes of the requester or the data object ABE provides a way of defining access policies. Mainly, CP-ABE (cipher text policy attribute based encryption) enables an encrypted to define the attribute set over a universe of attributes that a descriptor needs to posses inorder to decrypt the cipher text and also to enforce it on the contents. So by this different user is allowed to decrypt different pieces of data as per security policy with different set of attributes. And this can be used for an application which is called as "attribute-based encryption". With this application a party will wish to encrypt a document with all users to the person having certain set of attributes. In order to performauthentication checks before delivering a document, we are storing the data in untrusted storage server instead of relying on trusted server. Firstly, the process we are following for obtaining the secret key froman authority is very natural and straight forward. This can be typically involved supplementary documents or any other creditionals. The robustness and the type of authentication that is necessary is not always clear for this process is questionable. Typically, here exists a tradeoff between a systemthat is less reliable and one that is expensive in this step. The security of this phase is only limited, if the operator is able to detect Imation attacks. It is mandatory to not keep the measurement for an individual secret. In fact, it is used as a public key if it is not. In several situations if someone physically present, a user will want to present an encryption key to them. It is not possible that only one single authority to monitor every single attribute of all users. The different authorities are responsible for issuing different sets of attributes if Multi-authority attribute-based encryption enables a more realistic deployment of attribute based access control. The original solution by Chase employs a trusted central authority and the use of a global identifier for each user, which means the confidentiality, depends critically on the security of the central authority and the user-privacy depends on the honest behavior of the attribute-authorities. Our proposed ABE schema works with trusted authority and the anonymous key issuing protocols works for the existing schemas and for the new construction. Data owners may want to encrypt their data in such a way that only particular users that are of authorized users should decrypt the data using the decryption key. The primary technique is that to construct a users private key as a set of private key components, one for every attribute for all users identity. A. Attribute Based Encryption ABE comes in two flavors called text-policy ABE (CP-ABE) and key-policy ABE (KPABE). In CP-ABE, the attributes are used to describe users credentials, and an encrypt or that determines a policy on who can decrypt the data, while in International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3092 KPABE, attributes are used to describe the encrypted data and policies are built into users keys; Between the two approaches, CP-ABE is more appropriate to the data sharing systembecause it puts the access policy decisions in the hands of the data owners.
II. KEY GENERATION
For the given password, we need to implement hashing technique in order to generate the key. Here in my terminology work for hashing technique, to generate the key SHA1 algorithmis used.
A. Hash Function In our proposal we need to apply hash function to our application. A hash function H is a transformation that takes a variable size input mand it returns a fixed-size string, which is called hash value h(that is, h =H(m)). When employed in cryptography the hash functions are usually chosen to have some additional properties, if we use hash function with just this property have a variety of general computational uses. The basic requirements for a cryptographic hash function are: the input can be of any length and the output has a fixed length. H(x) is one-way and H(x) is collision-free. SHA-1 is a cryptographic message digest algorithm. H(x) is relatively easy to compute for any given x also SHA1, also known as SHA160, is a hash algorithm. The SHA takes a message of less than 264bits in length. SHA-1 is commonly used to verify the integrity of as unique identifiers, software archive, and for digital signatures.
III. REMOVE KEY ESCROW IN ABE
In the current proposed attribute based encryption key escrow is an inherent property. In our paper, we are using a scheme which removes the key escrow and maintaining some important properties of ABE. Based on variant including an authenticated key agreement we also introduced some cryptosystems. In the user key issuing protocol the KGC and data storing center are involved. Here, the key generation centre is one which is responsible for issuing the key and authenticating the user if he entitled to the attributes.
In a multi-authority system Chase et al presented a distributed KP-ABE scheme which solves the key escrow problem. All (disjoint) attribute authorities may be participating in the key generation protocol in a distributed way such that they link multiple attribute sets belonging to the same user and cannot pool their data. By using this the only disadvantage is that this kind of fully distributed approach is performance degradation. Here all the attribute authorities should communicate with the other authorities in the systemto generate user's private key or secret key because there is no centralized authority with master secret information. By this there may be chance that communication overhead on the system setup phase and on any rekeying phase, and requires each user to store additional auxiliary key components besides the attribute keys, where N is the number of authorities in the system.
Previously, many of people were worked on the private key generation protocol and now recently Chow was proposed in identity-based literature which is an anonymous private key generation protocol such that the key generation centre can issue a private key or secret key to an authenticated user without knowing the lists of user identities. It was been proved that this anonymous private key generation protocol works properly in ABE systems when we treat an attribute as an identity in this construction. And however, it had been found that it cannot be accomplished to ABE systems due to two reasons. Firstly was that in his protocol identities of users are not public anymore, at least to the key generation centre because the key generation centre can generate the user's private keys otherwise. It needs additional secure protocols for users to obtain the attribute information from attribute authorities because public keys are no longer 'public'. And coming to second one, the Key Generation Centre issues different personalized key components to various users by blinding themwith a randomsecret even if they are associated with the same set of attributes because the collusion attack between users is the main security threat in ABE. Here in our proposal the randomsecret should be unique and it should also be consistent with same user for any possible attribute that change of the user. And however, it is quite impossible for key generation center to issue a personalized key component with same randomsecret as that of attribute key components to a user, because of that the key generation centre can by no means know which random secrets may be assigned to which users in his key issuing protocol.
The key generation center and the data storing center are mainly involved in the user key issuing protocol for issuing the private keys to the user. A user is required to contact with the two parties before getting a set of keys in this protocol. The key generation centre is one of the centre which nis mainly responsible for authenticating a user and issuing attribute keys or secret keys to himif and only if the user is entitled to the attributes. And this secret key is generated using the secure 2PC protocol between the KGC and the data storing centre. They had been engaged in the arithmetic secure 2PC protocol with master secret keys and issue independent key components to a user. The data storing center probabilistically outputs the public and private key pair.The KGC and the data storing center are involvedin the key generation protocol. Then, the user is able to generate the whole secret keys with the key components separately received fromthe two authorities. Then, the KGC and the data storing center engage in a secure 2PC protocol. When one member is normally compromised, the group can still will continue with its data member. The value is personalized and unique for secret to the user, which should be only consistent International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3093 for any further attribute additions to the user. The secure 2PC protocol are deters themfromknowing each others master secrets and so that none of them can generate the whole secret keys froma user alone. The final and last property is the dynamic compromised property, which again means the group key agreement scheme of their property, returns both efficiency and accuracy even if the group key retains agreement then scheme involves agreement confidentiality, dynamic membership events, meaning that the communication data among a group of users are authorized. The value is personalized and unique secret to the particular user, which should be consistent for any further more attribute additions to the user.
Figure: Generating key by KGC
IV. CP-AB BASED ENCRYPTION For the purpose of removing escrow problem we are modifying the procedure of key generation. Then our proposed scheme is again built on a new CP-AB encryption protocol for the purpose of user revocation. In order to handle the fine-grained user revocation, the data storing centre were obtain the particular user access list for every and ach attribute group, because if not then revocation cannot take after all. Here using this the centre which stores the data knows revocation list will not violate fromthe security requirements, through which it will not allowed for re-encryption the encrypted text and by this cannot be means obtaining any information for the attribute key users.
A. Encryption
In cryptography, encryption is the process of encoding messages (or information) in such a way that intruders or hackers cannot read it, but only that authorized parties can. In an encryption format, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable format that is cipher text (ibid.). This is usually done with the use of an encryption key or secret key, which specifies how the message is to be encoded or encrypted. Any adversary or intruder that can see the cipher text should not be able to determine anything about the users original message. An Authorized user will be able to decode the cipher text using an algorithmfor decryption that mainly requires a secret decryption key for decryption, which has no access if wrong. For some technical problems, an encryption criterion usually requires a key-generation algorithm to randomly produce the keys.
B. Decryption
Decryption is the reverse operation of encryption. For secret key encryption, one must know both the key that we were used for encrypting the data. For public-key encryption, you one know either only public key (if the data was encrypted using the private key) or the private key (if the data was encrypted using the public key). The decryption of data encrypted with symmetric algorithms is similar to the process used to encrypt data with symmetric algorithms. The Crypto Streamclass is used with symmetric cryptography classes provided by the .NET Framework to decrypt data read from any managed streamobject.
V. FUNCTIONING OF CP-AB ENCRYPTION
In our paper we are proposing CP-ABE in order to improve efficiency of data such that only authenticated user can access particular data. Here we are maintaining secret keys in order to encrypt or decrypt the data. The secret key here will be provided by the third-party key generator. He was the person who will share the key among the entire authorized user who are involved in the application. Firstly, in order to upload a file by any of the user he first made registration with our services and then after if the admin gives total rights to the International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3094 user then he can upload or he can download the particular files fromthe cloud. After completing successful registration a user need to login with the application and further he can upload using data encryption and download using data decryption base.
While Uploading a file to the cloud a user must encrypt the data using any of algorithms like plain cipher using the secret key which was provided by the key generation center and stored in the data base. Then after the key generation centre will generate decryption key for the same and he was the person who is responsible to send the keys to authorized users for decryption purpose.
So in order to gain data from a particular user, an authenticated user must possess first key from the key generation centre and then after he need to decrypt the chosen file using decryption key. So by this only authenticated user can use the data and it was proved that we are improving efficiency of data.
A. ABE data encryption
While encrypting a file in uploading time a user must encrypt the data using any of algorithmlike plain cipher using the secret key which was provided by the key generation center and stored in the data base. Then after the key generation centre will generate decryption key for the same and he was the person who is responsible to send the keys to authorized users for decryption purpose.
B. ABE data Decryption
While decrypting a file in downloading time a user must decrypt the data using any of algorithms like plain cipher using the same secret key which was provided by the key generation center at the time of encryption and can store in his own data base.
C. Key Update:
After a while if user wants to change his key then he needs to update his key by intimating key generation centre. He was the only person who has the rights to change the key. Firstly, the user gives a request to the key generation centre about the updating of key. Here he needs to specify the file that which was updating the key. Here updating the key is in the sense that we are re-encrypting the same file. So next when the request was received fromthe user by the key generation center then he will re-encrypt the data using again same plain cipher algorithm. After that he must send the secret key or encryption key to all the authenticated users who are registered with the service. So here authenticated users may receive an acknowledgement fromthe Key generation center about updating of the key then they will use the key while downloading. And the reasons behind re-encryption by a particular user is due to that, if he have any doubts on the users or else if he come to know that an intruders was received his secret key. And sometimes if he have no trust on Key Generation Center also. At last if any user was left fromthe group then there may be a chance that he can misuse the information. So this may be one of cause to update the key.
VI. ALGORITHM INVOLVED
A. Plain cipher Algorithm
Plain cipher encryption technique is an implementation of cryptography. It is the practice and study of techniques for secure communication in the presence of the third parties. More usually, it is only about for constructing and analysing protocols that we need to overcome the influence of adversaries and which are related to various aspects in information security such as data integrity security, authentication purpose, data confidentiality in internet, and non-repudiation data. Modern cryptography techniques intersect the disciplines of computer sciences, in electrical engineering and in mathematics. Applications of cryptography data include ATMs computer /laptop passwords, and all electronic commerce.
Fig 3-Plain cipher cryptography
Algorithm- Plain cipher INPUT- original data,key Step 1-convert original data in corresponding byte format by using ASCII value of each letter. For ex- let original data is-hello and key is A. ASCII value-104,101,108,108,111
International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 3095 Step 2-convert key to corresponding ASCII value and subtract this value to each letter corresponding ASCII value. Ex- key ASCII-64 Adding to original -40, 37, 44, 44, 47
Step 3-change the resultant data into corresponding original format which will be known as cipher text Ex- Original value will be- ( % /(cipher text).
Step 4-Store this data to cloud
Step 5-For decryption we need to follow vice versa process. Ex- Key value is-A(64) Cipher text is- ( % / (40,37,44,44,47) Add key ASCII to cipher ASCII 104,101,108,108,111. Convert into character- hello (original data).
VII. CONCLUSION Our experiment has proved that ABE is one of the solution for improving efficiency and security for data privacy problem. By this, the data owners make their private data only accessible to authorized person i.e. the creditionals to whom they provided. One of the cryptographic approaches that achieve fine-grained data access control is Attribute-based encryption (ABE).
REFERENCES [1]. J. Bethencourt, Waters, Sahai, Ciphertext-Policy Attribute-Based Encryption ,
[2]. M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A.Hysyanskaya, H. Shacham, Randomizable Proofs and Delegatable Anonymous Credentials.
[4]. S.S.M. Chow, Removing Escrow from Identity - Based Encryption
[5]. R. Ostrovsky, Waters, Sahai, Attribute-Based Encryption with Non-Monotonic
AUTHORS PROFILE
D.Nageshwara Rao pursuing M.Tech (CSE) from Holy Mary Institute of Technology and Science, Hyderabad, Andhra Pradesh, India, Affiliated to JNTU Hyderabad.
Mr. Ravi, working as an Asst. Professor in the Department of Computer science Engineering at Holy Mary Institute of Technology and Science, Hyderabad, Andhra Pradesh, India, Affiliated to JNTU Hyderabad