Expressive, Efficient, and Revocable Data Access
Control for Multi-Authority Cloud Storage
ABSTRACT:
Data access
control is an effective way to ensure the data security in the cloud. Due to
data outsourcing and untrusted cloud servers, the data access control becomes a
challenging issue in cloud storage systems. Ciphertext-Policy Attributebased
Encryption (CP-ABE) is regarded as one of the most suitable technologies for
data access control in cloud storage, because it gives data owners more direct
control on access policies. However, it is difficult to directly apply existing
CP-ABE schemes to data access control for cloud storage systems because of the
attribute revocation problem. In this paper, we design an expressive, efficient
and revocable data access control scheme for multi-authority cloud storage
systems, where there are multiple authorities co-exist and each authority is
able to issue attributes independently. Specifically, we propose a revocable
multi-authority CP-ABE scheme, and apply it as the underlying techniques to
design the data access control scheme. Our attribute revocation method can efficiently
achieve both forward security and backward security. The analysis and
simulation results show that our proposed data access control scheme is secure
in the random oracle model and is more efficient than previous works.
EXISTING SYSTEM:
This new paradigm
of data hosting and data access services introduces a great challenge to
dataaccess control. Because the cloud server cannot be fully trusted by data
owners, they can no longer rely on servers to do access control.
Ciphertext-Policy Attribute-based Encryption (CP-ABE) is regarded as one of the
most suitabletechnologies for data access control in cloud storage
systems,because it gives the data owner more direct control on access policies.
In CP-ABE scheme, there is an authority that is responsible for attribute
management and key distribution.
DISADVANTAGES
OF EXISTING SYSTEM:
·
Chase’s
multi-authority CP-ABE protocol allows the central authority to decrypt allthe
ciphertexts, since it holds the master key of the system.
·
Chase’s
protocol does not support sattribute revocation.
PROPOSED SYSTEM:
In this paper,
we first propose a revocable multiauthority CP-ABE scheme, where an efficient
and secure revocation method is proposed to solve the attribute revocation
problem in the system. Our attribute revocation method is efficient in the
sense that it incurs less communication cost and computation cost, and is
secure in the sense that it can achieve both backward security (The revoked
user cannot decrypt any new ciphertext that requires the revoked attribute to
decrypt)and forward security (The newly joined user can also decrypt the
previously published ciphertexts1, if it has sufficient.attributes). Our scheme
does not require the server to be fully trusted, because the key update is
enforced by each attribute authority not the server. Even if the server is not
semitrusted in some scenarios, our scheme can still guarantee the backward
security. Then, we apply our proposed revocable multi-authority CP-ABE scheme
as the underlying techniques to construct the expressive and secure data access
control scheme for multi-authority cloud storage systems.
ADVANTAGES
OF PROPOSED SYSTEM:
·
We
modify the framework of the scheme and make it more practical to cloud storage
systems, in which data owners are not involved in the key generation.
·
We
greatly improve the efficiency of the attribute revocation method.
·
We
also highly improve the expressiveness of our access control scheme, where we
remove the limitation that each attribute can only appear at most once in a
ciphertext.
SYSTEM
ARCHITECTURE:
MODULES:
1. Certificate Authority
1. Certificate Authority
2. Attribute
Authorities
3. Data
Owners
4. Cloud
Server
5. Data
Consumers
MODULES DESCRIPTION:
Certificate Authority:
The CA is a global trusted certificate
authority in the system. It sets up the system and accepts the registration of all
the users and AAs in the system. For each legal user in the system, the CA
assigns a global unique user identity to it and also generates a global public
key for this user. However, the CA is not involved in any attribute management
and the creation of secret keys that are associated with attributes. For
example, the CA can be the Social Security Administration, an independent
agency of the United States government. Each user will be issued a Social Security
Number (SSN) as its global identity.
Attribute
Authorities:
Every AA is an independent
attribute authority that is responsible for entitling and revoking user’s
attributes according to their role or identity in its domain. In our scheme,
every attribute is associated with a single AA, but each AA can manage an
arbitrary number of attributes. Every AA has full control over the structure
and semantics of its attributes. Each AA is responsible for generating a public
attribute key for each attribute it manages and a secret key for each user
reflecting his/her attributes.
Data
Consumers:
Each user has a global
identity in the system. A user may be entitled a set of attributes which may
come from multiple attribute authorities. The user will receive a secret key
associated with its attributes entitled by the corresponding attribute
authorities.
Data
Owners:
Each owner first divides the
data into several components according to the logic granularities and encrypts each
data component with different content keys by using symmetric encryption
techniques. Then, the owner defines the access policies over attributes from
multiple attribute authorities and encrypts the content keys under the policies.
Cloud Server:
Then, the owner sends the
encrypted data to the cloud server together with the ciphertexts. They do not rely
on the server to do data access control. But, the access control happens inside
the cryptography. That is only when the user’s attributes satisfy the access
policy defined in the cipher text; the user is able to decrypt the ciphertext.
Thus, users with different attributes can decrypt different number of content
keys and thus obtain different granularities of information from the same data
SYSTEM
REQUIREMENTS:
HARDWARE REQUIREMENTS:
Ø
System : Pentium IV 2.4 GHz.
Ø
Hard Disk :
40 GB.
Ø
Floppy Drive : 1.44
Mb.
Ø
Monitor : 15
VGA Colour.
Ø
Mouse :
Logitech.
Ø Ram : 512 Mb.
SOFTWARE
REQUIREMENTS:
Ø Operating system : Windows
XP/7.
Ø Coding Language : JAVA/J2EE
Ø IDE : Netbeans 7.4
Ø Database : MYSQL
REFERENCE:
Kan Yang,
Student Member, IEEE, and Xiaohua Jia, Fellow, IEEE“Expressive, Efficient,
and Revocable Data Access Control for Multi-Authority Cloud Storage” IEEE
TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,VOL. 25,NO. 7,JULY 2014.