An Efficient Secure Data and Truncation Scheme in Cloud

DOI : 10.17577/IJERTCONV4IS22017

Download Full-Text PDF Cite this Publication

Text Only Version

An Efficient Secure Data and Truncation Scheme in Cloud

Adarsha D P



Shwetha Rani K P

Asst profr dept of CSE DBIT Bangalore

Abstract:- With the fast advancement of adaptable cloud administrations, it turns out to be progressively vulnerable to utilize cloud administrations to share information in a companion circle in the distributed computing environment. Since it is not doable to actualize full lifecycle protection security, access control turns into a testing errand, particularly when we share touchy information on cloud servers. Keeping in mind the end goal to handle this issue, we propose a key-strategy trait based encryption with time- determined qualities (KP-TSABE), a novel secure information self-destructing plan in distributed computing. In the KP- TSABE plan, each ciphertext is marked with a period interim while private key is connected with a period moment. The ciphertext must be decoded if both the time moment is in the permitted time interim and the properties connected with the ciphertext fulfill the key's entrance structure. The KP-TSABE can take care of some essential security issues by providing so as to support userdefined approval period and fine-grained access control amid the period. The delicate information will be safely self-destructed after a client indicated lapse time. The KP-TSABE plan is ended up being secure under the choice l-bilinear Diffie-Hellman reversal (l-Expanded BDHI) supposition. Far reaching examinations of the security properties demonstrate that the KP-TSABE plan proposed by us fulfills the security prerequisites and is better than other existing plans.

Keywords: Ciphertext, KP-TSABE, cloud administrations.


    Cloud computing is considered as the accompanying step in the improvement of on-interest information development which unites a course of action of existing and new systems from examination ranges, for instance, organization arranged structures (SOA) and virtualization. With the quick headway of versatile appropriated computing development and organizations, it is standard for customers to impact circulated capacity organizations to grant data to others in a buddy circle, e.g., Dropbox, Google Drive and AliCloud. He shared data in cloud servers, in any case, generally contains customers' fragile information (e.g., singular profile, money related data, wellbeing records, et cetera.) and ought to be all around secured. As the obligation regarding data is secluded from the association of them , the cloud servers may move customers' data to other cloud servers in outsourcing or share them in cloud looking for.

    Thusly, it transforms into a noteworthy test to guarantee the security of those common data in cloud, especially in cross-cloud and gigantic data environment. To meet this test, it is essential to arrange a complete response for reinforce customer described endorsement period and to

    give fine-grained access control in the midst of this period. The normal data should act actually wrecked after the customer described breach time. One of the techniques to moderate the issues is to store data as a commonplace mixed structure. The impairment of scrambling data is that the customer can't share his/her encoded data at a fine- grained level. Exactly when a data proprietor needs to share some person his/her information, the proprietor must know definitely the one he/she needs to confer to.

    In various applications, the data proprietor needs to grant information to a couple of customers as demonstrated by the security course of action considering the customers' capabilities. Trademark based encryption (ABE) has imperative advanatges in perspective of the traditio open key encryption as opposed to facilitated encryption since it achieves versatile one-to-various encryption. ABE arrangement gives an extreme system to finish both data security and fine-grained access control. In the key- technique ABE (KP-ABE) plan to be clarified in this paper, the ciphertext is set apart with set of unmistakable properties. Exactly when the course of action of illustrative properties satisfies the passage structure in the key, the customer can get the plaintext. When all is said in done, the proprietor has the benefit to verify that particular sensitive information is real for a confined time period, or should not be released before a particular time.

    Timed-release encryption (TRE) gives an interesting encryption organization where an encryption key is associated with a predefined release time, and a beneficiary can simply build up the looking at unscrambling key in this time event. On this reason, Paterson and Quaglia proposed a period specific encryption (TSE) arrangement, which can decide a suitable time break such that the ciphertext must be unscrambled in this between time (deciphering time interval, DTI). It can be used as a part of various applications, e.g., Internet programming challenge, electronic settled offer closeout, etc.

    Electronic settled offer closeout is a system to develop the expense of stock through the Internet while keeping the offers secret in the midst of the offering stage. That is, the offers (ciphertext) should be kept riddle in the midst of the offering organize (a specific time between time). Regardless, applying the ABE to the basic data will familiarize a couple issues with deference with time- specific prerequisite and self-obliteration, while applying the TSE will familiarize issues with deference with fine- grained access control. Consequently, in this paper, we attempt to deal with these issues by using KP-ABE and

    including a necessity of time interval to each trademark in the game plan of unscrambling properties.


    With the quick change of versatile cloud organizations, it ends up being dynamically weak to use cloud organizations to share data in a buddy circle in the dispersed computing environment. Since it is unrealistic to execute full lifecycle assurance security, access control transforms into a testing task, especially when we share unstable data on cloud servers. Remembering the deciding objective to handle this issue.

    A. Disadvantages

    One of the strategies to facilitate the issues is to store data as a run of the mill encoded structure. The burden of scrambling data is that the customer can't share his/her encoded data at a fine-grained level. Right when a data proprietor needs to share someone his/her information, the proprietor must know absolutely the one he/she needs to share with. In various applications, the data proprietor needs to confer information to a couple of customers according to the security technique considering the customers' affirmations.


    We propose a key-course of action quality based encryption with time-decided attributes (KP-TSABE), a novel secure data self-destructing arrangement in appropriated computing. In the KP-TSABE arrangement, each ciphertext is named with a period between time while private key is associated with a period minute. The ciphertext must be decoded if both the time minute is in the allowed time between time and the qualities associated with the ciphertext satisfy the key's passageway structure. The KP-TSABE can deal with some key security issues by giving in order to bolster userdefined endorsement period and fine-grained access control in the midst of the period. The delicate data will be securely self-destructed after a customer showed close time. The KP-TSABE arrangement is ended up being secure under the decision l-bilinear Diffie-Hellman inversion (l-Expanded BDHI) assumption. Thorough relationships of the security properties exhibit that the KP-TSABE arrangement proposed by us satisfies the security necessities and is superior to anything other existing arrangements.

    A. Advantages Of Proposed System

    • Attribute based encryption (ABE) has huge advanatges in light of the tradition open key encryption as opposed to facilitated encryption since it performs versatile good circumstances

    • With admiration to security and fine-grained access control stood out from other secure self-destructing plans.

    • Supporting customer described time-specific endorsement, fine-grained access control and data secure self pounding.


    Fig 1: system architecture

    1. Modules

      Data owner: Data owner can provide data or files that contain some sensitive information, which are used for sharing with his/her friends (data users). All these shared data are outsourced to the cloud servers to store.

      Authority: It is an indispensable entity which is responsible for generating, distributing and managing all the private keys, and is trusted by all the other entities involved in the system.

      Time server: It is a time reference server without any interaction with other entities involved in the system. It is responsible for a precise release time specification.

      Data users: Data users are some people who passed the identity authentication and access to the data outsourced by the data owner. Notice that the shared data can only be accessed by the authorized users during its authorization period.

      Cloud servers: It contains almost unlimited storage space which is able to store and manage all the data or files in the system. Other entities with limited storage space can store their data to the cloud servers.

    2. Algorithm


      • In Our Paper Attribute Base Encryption we are using, which is done by the User, Based on receiving the Attributes from the Admin or a Data Owner.

      • For ABE User is providing some Conditions as per his requirements, if any User satisfy that condition or verify his attributes then only he can decrypt User data.

    Bi-Linear Diffe-Helman

    • To implement Diffie-Hellman, the two end user, while communicating over a channel they know to be private, mutually agree on positive whole numbers p and q, such that p is a prime number and q is a generator of p. The generator q is a number that, when raised to positive whole-number powers less than p, never produces the same result for

    any two such whole numbers. The value of p may be large but the value of q is usually small.

    1. Once both user have agreed on p and q in private, they choose positive whole-number personal keys a and b, both less than the prime-number modulus p. Neither user divulges their personal key to anyone; ideally they memorize these numbers and do not write them down or store them anywhere. Next, both user compute public keys a*and b* based on their personal keys according to the formulas

      a* = qa mod p


      b* = qb mod p

      The two users can share their public keys a* and b* over a communications medium.

    2. From these public keys, a number x can be generated by either user on the basis of their own personal keys.

      Second user computes x using the formula

      x = (b*)a mod p

      Bob computes x using the formula

      x = (a*)b mod p

    3. The value of x turns out to be the same according to either of the above two formulas. However, the personal keys a and b, which are critical in the calculation of x, have not been transmitted over a public medium. Because it is a large and apparently random number, a potential hacker has almost no chance of correctly guessing x, even with the help of a powerful computer to conduct millions of trials. The two users can therefore, in theory, communicate privately over a public medium with an encryption method of their choice using the decryption key x.


      • The KP-TSABE scheme can be described as a collection of the following four algorithms:

      • Setup, Encrypt, KeyGen, and Decrypt .This algorithm is run by the Authority and takes as input the security parameter 1 and attribute universe U, generates system public parameters params and the master key MSK .

    Setup (1k,U) : This algorithm is run by the Authority and takes as input the security parameter 1k and attribute

    universeU. It also generates system public parameters params and the master key MSK. The Authority publishes params and keeps MSK secret to itself.

    Encrypt(M, params, S, TS). Given the public parameters params, the shared message M which the owner wants to encrypt, the attribute set S and the set of time intervals TS in which every element in TS is associated with a corresponding attribute in S, this algorithm generates the ciphertext CT which is associated with the fuzzy attribute set S.

    KeyGen(MSK, Y,T ). This algorithm takes as input the master key MSK, the access tree Y and the time set T. Every attribute x in Y is associated with a time instant tx belongs to T. It outputs a private key SK which contains Y.

    Decrypt (CT, SK). This algorithm takes as input the ciphertext CT and the private key SK. When a set of time specific attributes satisfies Y , it is able to decrypt the ciphertext and return the plaintext M.



With the quick progression of adaptable cloud advantages, a lot of new troubles have created. A champion amongst the most basic issues is the methods by which to securely eradicate the outsourced data set away in the cloud isolates. In this paper, we proposed a novel KP-TSABE arrangement which can achieve the timespecified ciphertext with a particular deciding objective to deal with these issues by executing versatile fine-grained access control in the midst of the endorsement period and time- controllable self-destruction after near the regular and outsourced data in conveyed processing. We moreover gave a system model and a security model for the KP- TSABE arrangement. Moreover, we showed that KP- TSABE is secure under the standard model with the decision l-Expanded BDHI assumption. The broad examination demonstrates that the proposed KP-TSABE arrangement is superior to anything other existing arrangements.


  1. B. Wang, B. Li, and H. Li, Oruta: Privacy-preserving public auditing for shared data in the cloud, IEEE Trans. Cloud Comput., vol. 2, no. 1, pp. 4356, Jan.Mar. 2014.

  2. J. Xiong, Z. Yao, J. Ma, X. Liu, Q. Li, and J. Ma, Priam: Privacy preserving identity and access management scheme in cloud, KSII Trans. Internet Inf. Syst., vol. 8, no. 1, pp. 282304, 2014.

  3. J. Xiong, F. Li, J. Ma, X. Liu, Z. Yao, and P. S. Chen, A full lifecycle privacy protection scheme for sensitive data in cloud computing, Peer-to-Peer Netw. Appl., Jun. 2014, DOI:10.1007/ s12083-014-0295-x.

  4. P. Jamshidi, A. Ahmad, and C. Pahl, Cloud migration research: A systematic review, IEEE Trans. Cloud Comput., vol. 1, no. 2, pp. 142157, Jul.Dec. 2013.

  5. R. Lu, H. Zhu, X. Liu, J. K. Liu, and J. Shao, Toward efficient and privacy-preserving computing in big data era, IEEE Netw., vol. 28, no. 4, pp. 4650, Jul./Aug. 2014.

  6. X. Liu, J. Ma, J. Xiong, and G. Liu, Ciphertext-policy hierarchical attribute-based encryption for fine-grained access control of encryption data, Int. J. Netw. Security, vol. 16, no. 4, pp. 351357, 2014.

  7. A. Sahai and B. Waters, Fuzzy identity-based encryption, in Proc. Adv. Cryptol., 2005, pp. 457473.

  8. V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine-grained access control of encrypted data, in Proc. 13th ACM Conf. Comput. Commun. Security, 2006, pp. 8998.

  9. A. . Chan and I. F. Blake, Scalable, server-passive, user- anonymous imed release cryptography, in Proc. Int. Conf. Distrib. Comput. Syst., 2005, pp. 504513.

  10. K. G. Paterson and E. A. Quaglia, Time-specific encryption, in Proc. 7th Int. Conf. Security Cryptography Netw., 2010, pp. 116.

Leave a Reply