- Open Access
- Total Downloads : 14
- Authors : Umme Sadiya
- Paper ID : IJERTCONV2IS13062
- Volume & Issue : NCRTS – 2014 (Volume 2 – Issue 13)
- Published (First Online): 30-07-2018
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
Files and Accounts Security for Multi-Owners in Cloud
M.Tech (Computer Science & Engg) HKBK College of Engineering Bangalore, India firstname.lastname@example.org
Abstract Advances in networking technology and an increase in the need for computing resources have prompted many organizations to outsource their storage and computing needs. This new economic and computing model is commonly referred to as Cloud computing. Cloud computing enables its users to share the Group resources efficiently. Due to the frequent change of membership, preserving the data and identity is still a challenging issue. This paper proposes a secure multi-owner data sharing scheme, for dynamic Groups in the Cloud. For the Cloud users to share the data anonymously, we use the Group signature and Dynamic broadcast encryption technique.
KeywordsCloud computing, dynamic Groups, data sharing and privacy preserving.
In Cloud computing , Cloud service providers such as Amazon, provides various services to the users. These users can migrate their local data into the Cloud and can enjoy high quality services of the Cloud. The most fundamental services offered by the Cloud service provider is data storage.
Considering an example, a company allows its users to share and store their files in the Cloud, either from the same or different Groups. By this Users can save significant investment on their local data management and can be released from the troubles caused by it. But how can they trust the Cloud servers that are managed by the Cloud providers? The data that is stored by the Users can be sensitive, such as business plans or other confidential data. These data can be stolen, modified or misused by other rival companies. The basic solution to preserve the privacy would be encryption. The encrypted files can be uploaded into the Cloud. It is an easy task to design an efficient secure system due to some following issues-
First identity privacy. Without ensuring their privacy Users may be unwilling to store or share the data into the Cloud. Second, in a multi-owner fashion, any member should be able to enjoy the data storing and sharing services provided by the Cloud. It is more flexible compared to single-owner access in practical applications. Lastly, when a new staff participates or current employee cancellation and replacement, they can learn the content of the data uploaded before their participation such that they could not have to contact data owners to obtain all the decryption keys.
To overcome these issues we try to propose secure multi- owner data sharing scheme which is also able to provide:
Secure multi-owner data sharing scheme, where any User of the Group can be able to enjoy the services provided by the Cloud.
Secure and privacy preserving access to Users, where any user can share the file hiding their identities from untrusted Cloud.
Support to the dynamic Groups efficiently, where a new User can access the file uploaded before their participation.
This paper is organized as follows:
Section 2 overviews the related work. In section 3, algorithms and its steps are reviewed. In section 4, finally we conclude the paper.
In , specifically the blocks of contents were encrypted using symmetric content keys by the data owner. The master public key was used to encrypt again these content keys. For access control, the server uses proxy cryptography to directly re-encrypt the content keys. But the problem was collusion attack between the malicious user and the untrusted server can be happen through which it is possible to learn the decryption keys of all the encrypted blocks.
In , the paper is based upon Group signature and cipher text policy attribute-based encryption technique. Each user will obtain two keys after registration: a Group signature key and an attribute key. Therefore the user can encrypt a data file using attribute-based encryption and the other Users in the Group can use attribute keys to decrypt the data. But the user revocation is not supported in this scheme.
In , the files were divided into file Groups and they were encrypted using a unique file-block key. Further this file-block key is encrypted using a lock-box key when data owner needs to share the file with the other Users. But the problem is, for large-scale data sharing there will be heavy key distribution overhead.
In , there were two parts in the file stored on the untrusted server (file metadata and the file data). The file metadata consists of the access control information. But here the user revocation is intractable for large-scale data sharing, because the file metadata needs to be updated frequently.
In, this paper enable to hide the identities of data owner's within an organization (Group) from any verifiers in the multi- owner scenario, where a data file is owned and can be modified by a number of Users. However, both of these two schemes introduce significant overheads on verification metadata to ensure anonymity.
In , Key Policy Attribute Based Encryption (KP-ABE) technique was used. The file was encrypted using the random key by the data owner; further random keys are encrypted using the set of attributes using KP-ABE. When the Group manager assigns an access structure and the corresponding secret key to the user, user can only decrypt the cipher text if and only if the data file attributes satisfy the access structure. However a single owner manner may hinder the application, where as any Group member should be able to store and share the data files with others.
In , a new concept called provable data possession (PDP) using hash index hierarchy and homomorphic verifiable response was defined. This method either unnecessarily reveals the identity of a data owner to the untrusted Cloud or any public verifiers or introduces significant overheads on verification metadata to preserve anonymity.
From the above analysis, we can observe that it is a challenging issue to securely share the data in a multi-owner manner while preserving identity from an untrusted Cloud. To overcome some of the above discussed problems, we try to propose a secure multi-owner data sharing scheme.
DESIGN AND SYSTEM MODEL
Fig. 1: System Model
We consider the Cloud computing by taking an example of the company that uses a Cloud to enable its users from same or different Group to share the files. The system model (Fig 1) consists of Cloud, System Admin, Group Admin, Users, Sub- groups as illustrated in Fig 1.
MODULES The system consists of following modules-
User and Group management
Responsibilities of Group and System Admin
User permission management
User and Group Management: System Admin will be responsible for the creation of Group and Users. Group Admin is responsible for the creation of Sub-Groups. Users are created by System Admin only, but access permission to file is given by Group Admin.
Responsibilities of Group and System Admin: System Admin can only create Users and Groups. Access permission between Groups, Sub-Groups and Users can be done by Group Admin only. System Admin and Group Admin can upload any files. File uploaded by System Admin is visible to all Groups and Sub-Groups. But file uploaded by Group Admin is only visible to its particular Group and Sub-Group. Group Admin can give permission to the user who needs acces to the file.
Key Generation: While creating a Group, User needs to enter his email ID and same needs to be verified. After verification of email ID only access key will be generated which will be sent to Group Admin email address. Group Admin needs to enter his secret key, which can be used in case if Group Admin forgets his access key. RSA algorithm is used to generate access key. Again when user needs to access the file uploaded by the Group Admin, he will get common key (common to all the users who access the file). DiffieHellman algorithm  is used to generate common key. MD5 or SHA is used for cryptography, to generate hash value.
File Management: Any uploaded file will have Read, Write and Delete permission. Group Admin assigns each file to User/Sub-Group to whom he wants to give access to the file. When the file is uploaded by System Admin or Group Admin, file will come to the users queue. A unique common key is sent to users mail ID. When User clicks on the link, he needs to enter his secret key and need to enter common key to access file.
Permission management: Permission will be given to user by Group Admin. Once User is deleted from the
System by System Admin, all rights given to each Group for each file will be revoked automatically.
Generating hash value
Check the validity of data.
Get the instances for a given digest scheme MD5 or SHA.
Generate the digest. Pass in the text as bytes, length to the bytes (offset) to be hashed; for full string pass 0 to text.length ().
Get the String representation of hash bytes, create a big integer out of bytes then convert it into hex value (16 as input to String method)
Return the digest.
Using Diffie-Hellman Algorithm
Global public elements Select any prime number: q Calculate the primitive root of q: asuch that a<q
Asymmetric key generation by User A Select a random number as the private key XA, where XA < q Calculate the public key YA=aXA mod q
Key Generation by User B Select a random number as the private key XB, where XB < q
Calculate the public key YB=aXB mod q
Exchange the values of public key between A & B
Symmetric key (K) generation by User A, K= Y XA mod q
Symmetric key (K) generation by User B, K= Y XB mod q
Using RSA Algorithm
Choose two distinct prime numbers p & q
Find n such that n=p * q
Find the quotient n, phi (n) Phi (n) = (p-1)(q-1)
Choose an e such that 1<e<phi (n), e is kept as the public key exponent
Determine d using modular arithmetic d=1(mod phi(n))
d is kept as the private key exponent
For ciphertext C, C=me(modn)
For original message, m=Cd(modn)
This paper is simulated using java programming language. The simulation consists of 3 roles: System Admin, Group Admin, Users. The simulation is conducted in a laptop with Windows 2007 OS and Eclipse software. This paper consists of 5 modules. After simulation, it is deployed in a real Cloud Jelastic.
M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, A View of Cloud Computing, Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. 2010.
S. Kamara and K. Lauter, Cryptographic Cloud Storage, Proc. Intl Conf. Financial Cryptography and Data Security (FC), pp. 136- 149, Jan. 2010.
S. Yu, C. Wang, K. Ren, and W. Lou, Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing, Proc. IEEE INFOCOM, pp. 534-542, 2010.
M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proc. USENIX Conf. File and Storage Technologies, pp. 29-42, 2003.
E. Goh, H. Shacham, N. Modadugu, and D. Boneh, Sirius: Securing Remote Untrusted Storage, Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 131-145, 2003.
G. Ateniese, K. Fu, M. Green, and S. Hohenberger, Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage, Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 29-43, 2005.
R. Lu, X. Lin, X. Liang, and X. Shen, Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing, Proc. ACM Symp. Information, Computer and Comm. Security, pp. 282-292, 2010.
B. Waters, Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization, Proc. Intl Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, http://eprint.iacr.org/2008/290.pdf, 2008.
V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, Proc. ACM Conf. Computer and Comm. Security (CCS), pp. 89-98, 2006.
D. Naor, M. Naor, and J.B. Lotspiech, Revocation and
Tracing Schemes for Stateless Receivers, Proc. Ann. Intl Cryptology Conf. Advances in Cryptology (CRYPTO), pp. 41-62, 2001.
D. Boneh and M. Franklin, Identity-Based Encryption from the Weil Pairing, Proc. Intl Cryptology Conf. Advances in Cryptology (CRYPTO), pp. 213-229, 2001.
D. Boneh, X. Boyen, and H. Shacham, Short Group Signature, Proc. Intl Cryptology Conf. Advances in Cryptology (CRYPTO),pp. 41- 55, 2004.
D. Boneh, X. Boyen, and E. Goh, Hierarchical Identity Based
Encryption with Constant Size Ciphertext, Proc. Ann. Intl Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp. 440-456, 2005.
BRODKIN, J., Loss of customer data spur closure of online storage service. The linkup, Network world (Aug 2008).
B.WANG,b.Li,Knox:Privacy-preserving auding for shared data with large groups in the Cloud, proc. 10th Int'l conf.Applied Cryptography and NETWORK security,pp.507-525,2012.
R.Dingledine, N.Mathewson, P.Syrerson,Tor: The second-Generation Onion Router, Int'l conf, (Aug 2009).
B. wang,Sherman M.M.Chow,Mingli and H. Li,Storin Cloud via security-mediator in IEEE,2013,33rd Intl Conf,Distributed computing system.
C.Anand 1, Prabu.P 2, R.Prasath.V 3, Sasikumar.P 4, Silambarasan.P5, Mr.P.Sivakumar, Verifying Integrity and Availability in Multi-Cloud Using PDP, International Journal of Computer Science and Mobile Computing, IJCSMC, Vol. 2, Issue. 4, April 2013, pg.84 87 .