Privacy Preserving cloud data access

with Multi authority

ABSTRACT

Cloud computing is a revolutionary computingparadigm which enables flexible, on-demand and low-cost usageof computing resources. However, those advantages, ironically,are the causes of security and privacy problems, which emergebecause the data owned by different users are stored in somecloud servers instead of under their own control. To deal with

security problems, various schemes based on the Attribute-BasedEncryption have been proposed recently. However, the privacyproblem of cloud computing is yet to be solved. Here presents an anonymous privilege control scheme AnonyControlto address the user and data privacy problem in a cloud.By using multiple authorities in cloud computing system, our

proposed scheme achieves anonymous cloud data access, finegrainedprivilege control. Our security and performance analysisshows that AnonyControl is both secure and efficient for cloudcomputing environment

Existing System

Existing Fuzzy Identity-Based Encryption, which is also known as Attribute-Based Encryption(ABE). In their work, an identity is viewed as a set of descriptive attributes. Different from the IBE, where the decrypter could decrypt the message if and only if his identity is exactly the same as what specified by the encrypter, this fuzzy IBE enables the decryption if there are ‘identity overlaps’ exceeding a pre-set threshold between the one specified by encrypter and the one belongs to decrypter.

Disadvantage:

1)However, this kind of threshold-based scheme was limited for designing more general system because the threshold based semantic cannot express a general condition.

2) In the KP-ABE , a ciphertext is associated with a set of attributes, which partially represents the ciphertext’s encryption policy. A private key is associated with a monotonic access structure like a tree, which describes this user’s identity (e.g. IIT AND (Ph.D OR Master)). A user can decrypt the ciphertext if and only if the access tree in his private key is satisfied by the attributes in the ciphertext. However, the encryption policy is described in the keys, so the encrypter does not have entire control over the encryption policy (who has access to the data and who does not). He has to trust that the key generators issue correct keys to correct users.

Proposed System

Existing problems are all solved in the CP-ABE.In the CP-ABE, ciphertexts are created with an accessstructure, which specifies the encryption policy, and privatekeys are generated according to users’ attributes. A user candecrypt the ciphertext if and only if his attributes in the privatekey satisfy the access tree specified in the ciphertext. By doing so, the encrypter holds the ultimate authority about theencryption policy. Also, the already issued private keys willnever be modified unless the whole system crashes.In Chase introduced a multi-authority system, whereeach user has an ID and they can interact with each keygenerator (authority) using different pseudonyms.

One user’sdifferent pseudonyms are tied to his private key, but keygenerators never know about the private keys, and thus they arenot able to link multiple pseudonyms belonging to the sameuser. In fact they are even not able to distinguish the sameuser in different transactions. Also, the whole attributes setis divided into N disjoint sets and managed by N attributesauthorities. That is, an attribute authority will only issue keycomponents which it is in charge of. In this setting, even if anauthority successfully guesses a user’s ID, it knows only partsof the user’s attributes, which are not enough to figure outthe user’s identity. However, the scheme proposed by Chase considered the basic threshold-based ABE, whichis mentioned at the beginning of this section, and thus lacksexpressibility in terms of encryption policy.

System Configuration:-

H/W System Configuration:-

Processor - Pentium –III

Speed - 1.1 Ghz

RAM - 256 MB(min)

Hard Disk - 20 GB

Floppy Drive - 1.44 MB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

S/W System Configuration:-

Operating System :Windows95/98/2000/XP

Application Server : Tomcat5.0/6.X

Front End : HTML, Java, Jsp

 Scripts : JavaScript.

Server side Script : Java Server Pages.

Database : Mysql 5.0

Database Connectivity : JDBC.

IMPLEMENTATION

Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.

The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.

Main Modules:-

Algorithm used: Advanced CP-ABE algorithms

  1. Data Owner

A Data Owner achieves public key from any one of theauthorities, and he uses the public key to encrypt the datafile before outsourcing it to the Cloud Servers. The CloudServer, who is assumed to have adequate storage capacity,does nothing but store them.

  1. Data Consumer

Newly joined Data Consumers request private keys from allof the authorities, and they do not know which attributes arecontrolled by the authorities. On the other hand, authoritiesdo not know which Data Consumers are interacting with thembecause each of them knows only a part of Data Consumers’attributes. When the Data Consumers request their private keys.

  1. Attribute Authority:

Authorities are assumed to have powerful computation abilities.The whole attribute set is divided into N disjoint sets and

controlled by each authority. One practical method to dividethe attributes set is to divide them by The authorities jointlycompute a system-wide public key, and individually computetheir master keys at the initialization phase. The public key isused for all operations within the system, and the master keysare used by each attribute authority when he generates privatekeys for Data Consumers.

4. Encryption

The encryption algorithm takes as input the public key PK,a message M, and a set of privilege trees {Tp}p∈{0,··· ,r−1},where r is determined by the encrypter. It will encrypt themessage M and returns a ciphertext CT and a verificationset VR so that a user can execute specific operation on theciphertext if and only if his attributes satisfy the correspondingprivilege tree Tp. As we defined, T0 stands for the privilegeto read the file.

5. Key Generate:

The Key Generation algorithm enables a user to interactwith every attribute authority, and obtains a private key SKu corresponding to the input attribute set Au and his globalID GIDu. From the authorities’ perspective, the algorithmenables them to jointly generate a private key SKu, using thepublic key PK and master keys MKk, according to the input Au and a pseudonym nymGIDu , which is created accordingto the GIDu. Authorities are not able to derive a user’s GIDubased on the pseudonym nymGIDu .

Architecture