Securing Shared Cloud Data Using Key stacks

DOI : 10.17577/IJERTCONV4IS34044

Download Full-Text PDF Cite this Publication

Text Only Version

Securing Shared Cloud Data Using Key stacks

Nagasree D, M.Tech

Department of Computer Science and Engineering SRKR Engineering College

Bhimavaram, India

  1. MNSSVKR Gupta, Asst.Prof Department of Computer Science and Engineering

    SRKR Engineering College Bhimavaram, India

    Abstract Data discussing is a vital functionality in cloud storage. We describe new public-key cryptosystems that leave constant-size cipher texts so that efficient delegation of understanding legal rights for just about any group of cipher texts are possible. Within this paper, we show how you can safely, efficiently, and flexibly share information with other people in cloud storage. The novelty is that you can aggregate any group of secret keys making them as compact like a single key, but encompassing the strength of all of the keys being aggregated. Quite simply, the key holder can to produce constant-size aggregate key for flexible selections of cipher text occur cloud storage, however the other encoded files outdoors the set remain private. We describe other use of our schemes. This compact aggregate key could be easily delivered to others or perhaps be kept in a wise card with limited secure storage. We offer formal security analysis in our schemes within the standard model. A canonical use of KAC is data discussing. The important thing aggregation rentals are especially helpful whenever we expect the delegation to become efficient and versatile. The schemes enable a content provider to talk about her data inside a private and selective way, having a fixed and small cipher text expansion, by disbursing to every approved user just one and small aggregate key.

    KeywordsCloudStorage,keyaggregate-cryptosystems, datasharing, aggregate keys,wise card.


    Thinking about data privacy, a conventional method to make sure it is to depend around the server to enforce the access control after authentication, meaning any unpredicted privilege escalation will expose all data. Inside a shared- tenancy cloud computing atmosphere, things become a whole lot worse. Data from various clients could be located on separate virtual machines (VMs) but reside on one physical machine. Data discussing is a vital functionality in cloud storage [1]. The cruel problem is how you can effectively share encoded data. Customers should have the ability to delegate the access legal rights from the discussing data to other people to enable them to access these data in the server directly. However, finding a competent and secure method to share partial data in cloud storage isn't trivial. Because of various data leakage possibility Alice cannot feel relieved just by depending around the privacy protection systems supplied by Drop box, so she encrypts all of the photos using her very own keys before uploading. Eventually, Alices friend, Bob, asks her to talk about the photos absorbed many years which Bob made an appearance in. Alice may then make use of the share purpose of Drop box, the main problem now is how you can delegate the understanding legal rights of these photos to Bob. A viable alternative Alice can pick would be to safely

    send Bob the key keys involved. Using symmetric file encryption, when Alice wants the information to become came from a 3rd party, she needs to provide the encrypt or her secret key clearly, this isn't always desirable. By comparison, the file encryption key and understanding key will vary in public key file encryption. Using public-key file encryption gives more versatility for the programs. Because the understanding key ought to be sent using a secure funnel and stored secret, small key dimensions are always desirable. For instance, we can't expect large storage for understanding keys within the resource-constraint products like wise phones, wise cards, or wireless sensor nodes. Especially, these secret keys are often kept in the tamper-proof memory, which is relatively costly [2]. We advise several concrete KAC schemes with various security levels and extensions within this paper. Alice can easily send Bob just one aggregate key using a secure e-mail. Bob can download the encoded photos from Alices Drop box space after which make use of this aggregate answer to decrypt these encoded photos. All buildings could be proven secure within the standard model. With this solution,


      1. Cloud Computing

        Cloud Computing [6] is an internet based computing, now a days its gaining lots of attention by its on demand service offerings to users. Cloud offers many remote services to users via internet. For example., the cloud services are Dropbox, Amazon Ec2, Google Accounts, Google Drive etc., User can access the cloud service from anywhere, anytime and on any kind of device. Clouds offers many service resources like SAAS,PAAS,IAAS.

      2. Software As A Service (SAAS)

        SAAS [7] offers the on demand software services to the users & it is one of the major service delivery models, Some characteristics of SAAS include customisation, On-demand self services and the accessibility. Customisation is very little in SAAS user has very limited access to customise the overall application. User must be able to use the service with cloud provider interaction. Any SAAS application gets accessible to users through any network device like pc, laptop, mobile and PDAs. Software services includes develop, buy, sell and use of the software. In this model software is available as a service to the users where the cloud user can access those services via users web browser without being worry about the deploying, installation and the maintenance of the software. Cloud provider manages the applications security, availability and performance of users applications. SAAS [6] uses a

        multitenant architecture to end users desired application through internet to the customers.

        Cryptographic key assignment schemes goal to reduce the cost in storing and controlling secret keys for general cryptographic use. Employing a tree structure, a vital for any given branch may be used to derive the keys of their descendant nodes. The idea could be generalized from the tree to some graph. More complex cryptographic key assignment schemes support access policy that may be modeled by an acyclic graph or perhaps a cyclic graph. We go ahead and take tree structure for example fig1. Alice can first classify the cipher text classes based on their subjects. Each node within the tree signifies a secret key, as the leaf nodes represent the keys for individual cipher text classes. Filled circles represent the keys for that classes to become delegated and circles circumvented by dotted lines represent the secrets of be granted [4]. Generally, hierarchical approaches can solve the issue partly if a person expects to talk about all files within certain branch within the hierarchy. Typically, the amount of keys increases with the amount of branches. The development is straightforward so we briefly review its key derivation process for a concrete description of do you know the desirable qualities you want to achieve. There's a reliable party known as private key generator in IBE which holds an expert-secret key and issues a secret answer to each user with regards to the user identity. The encrypt or may take the general public parameter along with a user identity to secure a note. The recipient can decrypt this cipher text by his secret key. Attribute-based file encryption (ABE) enables each cipher text to become connected by having an attribute, and also the master-secret key holder can extract a secret key for any policy of those characteristics to esure that a cipher text could be decrypted with this key if it is connected attribute adjusts towards the policy. PRE established fact to possess numerous programs including cryptographic file system. The style of our fundamental plan is inspired in the collusion-resistant broadcast file encryption plan suggested by Boneh et al. Although their plan supports constant-size secret keys, every key only has the ability for decrypting cipher texts connected to particular index. We, thus, have to devise a brand new Extract formula and also the corresponding Decrypt formula. However, we are able to observe that understanding only takes two pairings while only one of these requires the aggregate key. Efficient software implementations exist for sensor nodes [5]. Our motivation would be to lessen the secure storage which is a compromise between 2 kinds of storage. We achieve local aggregation, meaning the key keys underneath the same branch can invariably be aggregated. We make use of a quaternary tree during the last level only for better instance of our distinctive feature. We are able to also prove the semantic security of the extended plan. The proof is much like that for that fundamental plan and for that reason is overlooked. The general public-key in our CCA construction to become presented below may also be extended utilizing the same Extend formula. On the other hand, within our suggested approach, the delegation of understanding could be efficiently implemented using the aggregate key that is only of fixed size. In PCE, the record is decomposed right into a hierarchical representation in line with the utilization of

        different ontologies, and people are the parties who generate and store secret keys. When there's an excuse for healthcare personnel to gain access to area of the record, someone will release the key for that concerned area of the record.


      It provides the framework and definition for key aggregate file encryption. Only then do we describe using KAC inside a scenario of their application in cloud storage. A vital- aggregate file encryption plan includes five polynomial-time calculations the following. The information owner establishes the general public system parameter via Setup and creates a key pair via Key Generation. Messages could be encoded via Secure by anybody who also decides what cipher text class is connected using the plaintext message to become encoded. The information owner may use the actual-secret to create an aggregate understanding key for some cipher text classes via Extract. Finally, any user by having an aggregate key can decrypt any cipher text so long as the cipher texts class is within the aggregate key via Decrypt. Here are the following steps:

        • Setup(1, ): This setup action performed by the dataowner to setup an account on server. On input security level parameter 1 and no. of cipher text classes .

        • KeyGen: Key generation phase executed by the dataowner to randomly generate a key pair (pk,Msk)

        • Encrypt(pk,i,m):This phase performed by anybody who wants to encrypt the data. On input a public key pk, an index I, denoting cipher text class ,and a message m, it results the cipher text C.

        • Extract(Msk,S): Executed by the dataowner for delegating the decrypting power for set of cipher text classes to a delegatee. On input open secret key Msk and a set S of indices corresponding to different classes,it results the aggregate key for set S denoted by


        • Decrypt(S,S,i,C): Performed by delegate who received an aggregate key generated by Extract. It results the decrypted format m.

      Fig: Architecture of aggregate key system


      A canonical use of KAC is data discussing. The important thing aggregation rentals are especially helpful whenever we expect the delegation to become efficient and versatile [3]. The schemes enable a content provider to talk about her data inside a private and selective way, having a fixed and small cipher text expansion, by disbursing to every approved user just one and small aggregate key[8]. Proposes a threshold key aggregator plan and integrate it having a decentralized erasure codes to aid data transfers, encoding and encryptions. The distributed storage system not just supports secure and powerful data storage and retrieval, but additionally allows a person forward his data within the storage servers to a different user. Key aggregator plan supports encoding procedures over encoded messages in addition to forwarding procedures over encoded and encoded messages. Fully integrates encrypting, encoding, and forwarding thus producing a better cloud performance towards the consumer. Prior techniques fully integrate encrypting, encoding, and forwarding. This compact aggregate key could be easily delivered to others or perhaps be kept in a wise card with limited secure storage.We can access the wisecards by bypassing the data assigned cloud resourses. Particularly, prior schemes provide the first public-key controlled file encryption for flexible hierarchy. Nevertheless its major limitation may be the predefined bound of the amount of maximum cipher text classes leading less quantity of key aggregates. In cloud storage, the amount of cipher texts usually develops quickly. Therefore we offer reserve enough cipher text courses of instruction for more key aggregates utilizing an erasure code generation formula.

      Fig.1.Proposed key assignment system

      The implementation of KAC as discussed they didnt show how to store the secret keys in wise cards. In this the implementation of storing the secret keys in wise cards using the scripting such as cross origin resource sharing or Cross site scripting algorithm. The compact aggregate key could be easily delivered to others or perhaps be kept in a wise card with limited secure storage. We can access the wise cards by bypassing the data assigned cloud resources.


During this paper, we consider the easiest method to compress secret keys in public places-key cryptosystems which support delegation of secret keys for several cipher text classes in cloud storage. The easiest method to safeguard users data privacy could be a central question of cloud storage. With elevated mathematical tools, cryptographic schemes have grown to be handier and often involve multiple keys for nearly any single application. Magnified one of the power quantity of classes, the delegate can more often than not provide an aggregate key of constant size. Our approach is much more flexible than hierarchical key assignment that may only save spaces if all key-holders share exactly the same quantity of legal rights. However, when one carries the delegated keys around within the mobile phone without needing special reliable hardware, the finish outcome is prompt to leakage, creating a leakage-resilient cryptosystem yet enables efficient and versatile key delegation is an additional fascinating direction. A limitation within our jobs are the predefined bound of the amount of maximum cipher text classes. In cloud storage, the amount of cipher texts usually evolves quickly. And then we must reserve enough cipher text classes money for hard occasions extension. Even though the parameter accessible with cipher texts, it might be better whether its dimension is furthermore for the nearly all cipher text classes.


  1. F. Guo, Y. Mu, Z. Chen, and L. Xu, Multi-Identity Single-Key Decryption without Random Oracles, Proc. Information Security and Cryptology (Inscrypt 07), vol. 4990, pp. 384-398, 2007.

  2. J. Benaloh, Key Compression and Its Application to Digital Fingerprinting, technical report, Microsoft Research, 2009.

  3. D. Naor, M. Naor, and J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers, Proc. Advances in Cryptology Conf. (CRYPTO 01), pp. 41-62, 2001.

  4. B. Alomair and R. Poovendran, Information Theoretically Secre Encryption with Almost Free Authentication, J. Universal Computer Science, vol. 15, no. 15, pp. 2937-2956, 2009.

  5. M. Chase and S.S.M. Chow, Improving Privacy and Security in Multi-Authority Attribute-Based Encryption, Proc. ACM Conf. Computer and Comm. Security, pp. 121-130. 2009.

  6. Akanksha Singh, Smita Sharma, Shipra Ravi Kumar and Suman Avdesh Yadav Overview of Pass and Saas and its application in Cloud Computing.

  7. K.V.Mahesh Kumar Software as a service for efficient cloud computing.


  9. Cheng-Kang Chu ,Chow, S.S.M, Wen-Guey Tzeng, Jianying Zhou, and Robert H. Deng , Key-Aggregate Cryptosystem for Scalable DataSharing in Cloud storage, IEEE Transactions in Parallel and Distributed Systems. Volume 25, Issue:2, Year:2014

Leave a Reply