International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 3091

Data Sharing on Untrusted Domains using a Novel
Encryption Standard
D. Nageshwara Rao
1
, Ravi
2

D.Nageshwara rao, pursuing M.Tech(CSE) from Holy Mary Institute of Technology and Science, Hyderabad, Andhra Pradesh,
India, Affiliated to JNTU Hyderabad
Ravi, working as an Asst. Professor in Department of Computer Science Engineering at Holy Mary Institute of Technology and
Science, Hyderabad, Andhra Pradesh, India, Affiliated to JNTU Hyderabad





Abstract By the recent works made on data sharing paradigm
such as cloud computing and online social networks, it had been
proven that there was a huge demand for distributed data
security. Access policies and updates in the policies are one of the
challenging issues in data sharing systems. For this issue
attribute based encryption is one of the solutions for this
problem. Here the key generation centre will decrypt the
messages specified for particular users by generating their
private keys. It is not a perfect or suitable solution for our
applications because here the data owner should maintain their
private data only accessible to designated users. Additionally, by
applying ABE in the data sharing system will generates another
challenge with regard to user revocation due to which the access
policies are defined only over the attribute universe. So for that
we are proposing a novel encryption scheme for a data sharing
system by exploring the characteristic of system architecture.
Our proposed scheme features are: it solves the key escrow
problem by escrow-free key issuing protocol, which was
developed using the secure two-party computation between data
storing centre and key generation centre. And next feature is that
by using proxy encryption the fine-grained user revocation per
each attribute could be done.

KeywordsCipher text, plain text, private key, data sharing,
distributed data, proxy encryption, key generation centre, key
escrow protocol
I. INTRODUCTION
The main threat to the data is absolutely using improperly by
the storage server or unauthorized access by outside users.
The data owners make their private data only accessible to
authorized person i.e. the creditionals to whomthey provided.
One of the cryptographic approaches that achieve fine-grained
data access control is Attribute-based encryption (ABE).
Based on the different attributes of the requester or the data
object ABE provides a way of defining access policies.
Mainly, CP-ABE (cipher text policy attribute based
encryption) enables an encrypted to define the attribute set
over a universe of attributes that a descriptor needs to posses
inorder to decrypt the cipher text and also to enforce it on the
contents. So by this different user is allowed to decrypt
different pieces of data as per security policy with different set
of attributes. And this can be used for an application which is
called as "attribute-based encryption". With this application a
party will wish to encrypt a document with all users to the
person having certain set of attributes.
In order to performauthentication checks before delivering a
document, we are storing the data in untrusted storage server
instead of relying on trusted server. Firstly, the process we are
following for obtaining the secret key froman authority is
very natural and straight forward. This can be typically
involved supplementary documents or any other creditionals.
The robustness and the type of authentication that is necessary
is not always clear for this process is questionable. Typically,
here exists a tradeoff between a systemthat is less reliable and
one that is expensive in this step. The security of this phase is
only limited, if the operator is able to detect Imation attacks. It
is mandatory to not keep the measurement for an individual
secret. In fact, it is used as a public key if it is not. In several
situations if someone physically present, a user will want to
present an encryption key to them. It is not possible that only
one single authority to monitor every single attribute of all
users. The different authorities are responsible for issuing
different sets of attributes if Multi-authority attribute-based
encryption enables a more realistic deployment of attribute
based access control. The original solution by Chase employs
a trusted central authority and the use of a global identifier for
each user, which means the confidentiality, depends critically
on the security of the central authority and the user-privacy
depends on the honest behavior of the attribute-authorities.
Our proposed ABE schema works with trusted authority and
the anonymous key issuing protocols works for the existing
schemas and for the new construction. Data owners may want
to encrypt their data in such a way that only particular users
that are of authorized users should decrypt the data using the
decryption key. The primary technique is that to construct a
users private key as a set of private key components, one for
every attribute for all users identity.
A. Attribute Based Encryption
ABE comes in two flavors called text-policy ABE (CP-ABE)
and key-policy ABE (KPABE). In CP-ABE, the attributes are
used to describe users credentials, and an encrypt or that
determines a policy on who can decrypt the data, while in
International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 3092
KPABE, attributes are used to describe the encrypted data and
policies are built into users keys; Between the two
approaches, CP-ABE is more appropriate to the data sharing
systembecause it puts the access policy decisions in the hands
of the data owners.

II. KEY GENERATION

For the given password, we need to implement hashing
technique in order to generate the key. Here in my
terminology work for hashing technique, to generate the key
SHA1 algorithmis used.

A. Hash Function
In our proposal we need to apply hash function to our
application. A hash function H is a transformation that takes a
variable size input mand it returns a fixed-size string, which
is called hash value h(that is, h =H(m)). When employed in
cryptography the hash functions are usually chosen to have
some additional properties, if we use hash function with just
this property have a variety of general computational uses.
The basic requirements for a cryptographic hash function are:
the input can be of any length and the output has a fixed
length. H(x) is one-way and H(x) is collision-free. SHA-1 is a
cryptographic message digest algorithm. H(x) is relatively
easy to compute for any given x also SHA1, also known as
SHA160, is a hash algorithm. The SHA takes a message of
less than 264bits in length. SHA-1 is commonly used to verify
the integrity of as unique identifiers, software archive, and for
digital signatures.

III. REMOVE KEY ESCROW IN ABE

In the current proposed attribute based encryption key escrow
is an inherent property. In our paper, we are using a scheme
which removes the key escrow and maintaining some
important properties of ABE. Based on variant including an
authenticated key agreement we also introduced some
cryptosystems. In the user key issuing protocol the KGC and
data storing center are involved. Here, the key generation
centre is one which is responsible for issuing the key and
authenticating the user if he entitled to the attributes.

In a multi-authority system Chase et al presented a distributed
KP-ABE scheme which solves the key escrow problem. All
(disjoint) attribute authorities may be participating in the key
generation protocol in a distributed way such that they link
multiple attribute sets belonging to the same user and cannot
pool their data. By using this the only disadvantage is that this
kind of fully distributed approach is performance degradation.
Here all the attribute authorities should communicate with the
other authorities in the systemto generate user's private key or
secret key because there is no centralized authority with
master secret information. By this there may be chance that
communication overhead on the system setup phase and on
any rekeying phase, and requires each user to store additional
auxiliary key components besides the attribute keys, where N
is the number of authorities in the system.

Previously, many of people were worked on the
private key generation protocol and now recently Chow was
proposed in identity-based literature which is an anonymous
private key generation protocol such that the key generation
centre can issue a private key or secret key to an authenticated
user without knowing the lists of user identities. It was been
proved that this anonymous private key generation protocol
works properly in ABE systems when we treat an attribute as
an identity in this construction. And however, it had been
found that it cannot be accomplished to ABE systems due to
two reasons. Firstly was that in his protocol identities of users
are not public anymore, at least to the key generation centre
because the key generation centre can generate the user's
private keys otherwise. It needs additional secure protocols for
users to obtain the attribute information from attribute
authorities because public keys are no longer 'public'. And
coming to second one, the Key Generation Centre issues
different personalized key components to various users by
blinding themwith a randomsecret even if they are associated
with the same set of attributes because the collusion attack
between users is the main security threat in ABE. Here in our
proposal the randomsecret should be unique and it should
also be consistent with same user for any possible attribute
that change of the user. And however, it is quite impossible
for key generation center to issue a personalized key
component with same randomsecret as that of attribute key
components to a user, because of that the key generation
centre can by no means know which random secrets may be
assigned to which users in his key issuing protocol.


The key generation center and the data storing center are
mainly involved in the user key issuing protocol for issuing
the private keys to the user. A user is required to contact with
the two parties before getting a set of keys in this protocol.
The key generation centre is one of the centre which nis
mainly responsible for authenticating a user and issuing
attribute keys or secret keys to himif and only if the user is
entitled to the attributes. And this secret key is generated
using the secure 2PC protocol between the KGC and the data
storing centre. They had been engaged in the arithmetic secure
2PC protocol with master secret keys and issue independent
key components to a user. The data storing center
probabilistically outputs the public and private key pair.The
KGC and the data storing center are involvedin the key
generation protocol. Then, the user is able to generate the
whole secret keys with the key components separately
received fromthe two authorities. Then, the KGC and the data
storing center engage in a secure 2PC protocol. When one
member is normally compromised, the group can still will
continue with its data member. The value is personalized and
unique for secret to the user, which should be only consistent
International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 3093
for any further attribute additions to the user. The secure 2PC
protocol are deters themfromknowing each others master
secrets and so that none of them can generate the whole secret
keys froma user alone. The final and last property is the
dynamic compromised property, which again means the group
key agreement scheme of their property, returns both
efficiency and accuracy even if the group key retains
agreement then scheme involves agreement confidentiality,
dynamic membership events, meaning that the communication
data among a group of users are authorized. The value is
personalized and unique secret to the particular user, which
should be consistent for any further more attribute additions to
the user.




Figure: Generating key by KGC

IV. CP-AB BASED ENCRYPTION
For the purpose of removing escrow problem we are
modifying the procedure of key generation. Then our
proposed scheme is again built on a new CP-AB encryption
protocol for the purpose of user revocation. In order to handle
the fine-grained user revocation, the data storing centre were
obtain the particular user access list for every and ach attribute
group, because if not then revocation cannot take after all.
Here using this the centre which stores the data knows
revocation list will not violate fromthe security requirements,
through which it will not allowed for re-encryption the
encrypted text and by this cannot be means obtaining any
information for the attribute key users.

A. Encryption

In cryptography, encryption is the process of encoding
messages (or information) in such a way that intruders or
hackers cannot read it, but only that authorized parties can. In
an encryption format, the message or information (referred to
as plaintext) is encrypted using an encryption algorithm,
turning it into an unreadable format that is cipher text (ibid.).
This is usually done with the use of an encryption key or
secret key, which specifies how the message is to be encoded
or encrypted. Any adversary or intruder that can see the cipher
text should not be able to determine anything about the users
original message. An Authorized user will be able to decode
the cipher text using an algorithmfor decryption that mainly
requires a secret decryption key for decryption, which has no
access if wrong. For some technical problems, an encryption
criterion usually requires a key-generation algorithm to
randomly produce the keys.


B. Decryption

Decryption is the reverse operation of encryption. For
secret key encryption, one must know both the key that we
were used for encrypting the data. For public-key encryption,
you one know either only public key (if the data was
encrypted using the private key) or the private key (if the data
was encrypted using the public key). The decryption of data
encrypted with symmetric algorithms is similar to the process
used to encrypt data with symmetric algorithms. The Crypto
Streamclass is used with symmetric cryptography classes
provided by the .NET Framework to decrypt data read from
any managed streamobject.

V. FUNCTIONING OF CP-AB ENCRYPTION

In our paper we are proposing CP-ABE in order to improve
efficiency of data such that only authenticated user can access
particular data. Here we are maintaining secret keys in order
to encrypt or decrypt the data. The secret key here will be
provided by the third-party key generator. He was the person
who will share the key among the entire authorized user who
are involved in the application. Firstly, in order to upload a
file by any of the user he first made registration with our
services and then after if the admin gives total rights to the
International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 3094
user then he can upload or he can download the particular files
fromthe cloud. After completing successful registration a user
need to login with the application and further he can upload
using data encryption and download using data decryption
base.

While Uploading a file to the cloud a user must encrypt
the data using any of algorithms like plain cipher using the
secret key which was provided by the key generation center
and stored in the data base. Then after the key generation
centre will generate decryption key for the same and he was
the person who is responsible to send the keys to authorized
users for decryption purpose.

So in order to gain data from a particular user, an
authenticated user must possess first key from the key
generation centre and then after he need to decrypt the chosen
file using decryption key. So by this only authenticated user
can use the data and it was proved that we are improving
efficiency of data.

A. ABE data encryption

While encrypting a file in uploading time a user must
encrypt the data using any of algorithmlike plain cipher using
the secret key which was provided by the key generation
center and stored in the data base. Then after the key
generation centre will generate decryption key for the same
and he was the person who is responsible to send the keys to
authorized users for decryption purpose.

B. ABE data Decryption

While decrypting a file in downloading time a user must
decrypt the data using any of algorithms like plain cipher
using the same secret key which was provided by the key
generation center at the time of encryption and can store in his
own data base.

C. Key Update:

After a while if user wants to change his key then he needs to
update his key by intimating key generation centre. He was
the only person who has the rights to change the key. Firstly,
the user gives a request to the key generation centre about the
updating of key. Here he needs to specify the file that which
was updating the key. Here updating the key is in the sense
that we are re-encrypting the same file. So next when the
request was received fromthe user by the key generation
center then he will re-encrypt the data using again same plain
cipher algorithm. After that he must send the secret key or
encryption key to all the authenticated users who are
registered with the service. So here authenticated users may
receive an acknowledgement fromthe Key generation center
about updating of the key then they will use the key while
downloading. And the reasons behind re-encryption by a
particular user is due to that, if he have any doubts on the
users or else if he come to know that an intruders was received
his secret key. And sometimes if he have no trust on Key
Generation Center also. At last if any user was left fromthe
group then there may be a chance that he can misuse the
information. So this may be one of cause to update the key.



VI. ALGORITHM INVOLVED

A. Plain cipher Algorithm

Plain cipher encryption technique is an implementation of
cryptography. It is the practice and study of techniques for
secure communication in the presence of the third parties.
More usually, it is only about for constructing and
analysing protocols that we need to overcome the influence of
adversaries and which are related to various aspects
in information security such as data integrity security,
authentication purpose, data confidentiality in
internet, and non-repudiation data. Modern cryptography
techniques intersect the disciplines of computer sciences, in
electrical engineering and in mathematics. Applications of
cryptography data include ATMs computer /laptop passwords,
and all electronic commerce.


Fig 3-Plain cipher cryptography

Algorithm- Plain cipher
INPUT- original data,key
Step 1-convert original data in corresponding byte format by
using ASCII value of each letter.
For ex- let original data is-hello and key is A.
ASCII value-104,101,108,108,111

International Journal of Computer Trends and Technology (IJCTT) volume4Issue 9 Sep 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 3095
Step 2-convert key to corresponding ASCII value and subtract
this value to each letter corresponding ASCII value.
Ex- key ASCII-64
Adding to original -40, 37, 44, 44, 47

Step 3-change the resultant data into corresponding original
format which will be known as cipher text
Ex-
Original value will be- ( % /(cipher text).

Step 4-Store this data to cloud

Step 5-For decryption we need to follow vice versa process.
Ex-
Key value is-A(64)
Cipher text is- ( % / (40,37,44,44,47)
Add key ASCII to cipher ASCII
104,101,108,108,111.
Convert into character- hello (original data).

VII. CONCLUSION
Our experiment has proved that ABE is one of the solution for
improving efficiency and security for data privacy problem.
By this, the data owners make their private data only
accessible to authorized person i.e. the creditionals to whom
they provided. One of the cryptographic approaches that
achieve fine-grained data access control is Attribute-based
encryption (ABE).

REFERENCES
[1]. J. Bethencourt, Waters, Sahai, Ciphertext-Policy
Attribute-Based Encryption ,

[2]. M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss,
A.Hysyanskaya, H. Shacham, Randomizable Proofs and
Delegatable Anonymous Credentials.

[3]. L. Ibraimi, Petkovic, Nikova, Jonker, Hartel, Mediated
Ciphertext-Policy Attribute-Based Encryption

[4]. S.S.M. Chow, Removing Escrow from Identity - Based
Encryption

[5]. R. Ostrovsky, Waters, Sahai, Attribute-Based Encryption
with Non-Monotonic

AUTHORS PROFILE


D.Nageshwara Rao pursuing
M.Tech (CSE) from Holy Mary
Institute of Technology and
Science, Hyderabad, Andhra
Pradesh, India, Affiliated to
JNTU Hyderabad.


Mr. Ravi, working as an Asst.
Professor in the Department of
Computer science Engineering at
Holy Mary Institute of
Technology and Science,
Hyderabad, Andhra Pradesh,
India, Affiliated to JNTU
Hyderabad