ISSN ONLINE(2320-9801) PRINT (2320-9798)

All submissions of the EM system will be redirected to Online Manuscript Submission System. Authors are requested to submit articles directly to Online Manuscript Submission System of respective journal.

A Survey on Decentralized Access Control Strategies for Data Stored in Clouds

J.Ganeshkumar, N.Rajesh, J.Elavarasan, Prof.M.Sarmila, Prof.S.Balamurugan
Department of IT, Kalaignar Karunanidhi Institute of Technology, Coimbatore, TamilNadu, India
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering

Abstract

This paper details about various methods prevailing in literature of anonymous authentication mechanisms for data stored in clouds. It is a Decentralized access of system in which every system have the access control of data . The Cloud which is a Secured storage area where the anonymous authentication is used, so that only the permitted users can be accessed. Decrypting of data can be viewed only by a valid users and can also stored information only by Valid users. This Scheme prevents Replay attack which mean Eaves Dropping can be avoided, Support Creation of data inside storage, Modifying the data by unknown users , and Reading data stored in Cloud. User can revocate the data only by addressing through the cloud. The authentication and accessing the Cloud is Robust, Hence Overall Communication Storage are been developed by comparing to here the Centralized approaches. This paper would promote a lot of research in the area of Anonymous Authentication.

Keywords

Data Anonymization, Matching Dependencies(MDs), Object, Similarity Constraints, Information Mining.

INTRODUCTION

Accountability of cloud which means the amount of storage, which is been a Challenging task by an Technical issue and Law Enforcement. The Transaction involved in the Cloud by the user should maintain the log of transaction to know how much data are been Transacted and to address in the trust cloud and for the Secure provenance For example Alice the law student wants to send the report of malpractice by an University X to all the Professors of University X, Research Chairs and students belonging to the law department in all universities in the provenance , She needs to send the data in an anonymous and she stores the evidence of malpractice in Cloud. Accessing of this data should be permitted only by the authorized user and the problems which include in this like access control , Authentication, Privacy Protection which are solved is been explained through this paper
Access control of data which involves a secured data retrieval by the user, so that the accessing data like sensible data should be much care taken. There are three types of access control such as User Based Access Control(UBAC), Role Based Access Control(RBAC), and Attribute Based Access Control( ABAC). The UBAC which is a User Based Access Control can be accessed only through the users so that it is not feasible to use in Cloud. The RBAC which is a Role Based Access Control can be accessed only based roles for example the accessing of data can be permitted only for the Seniors and the Faculty membersnot for the Juniors .The ABAC which is a Attribute Based Access Control where only with the accessing of valid set of attribute only is used for access data for example the certain record can be accessed only by the faculty member having an Experience of 10 years or the Senior secretaries with more than 8 years. All these three access control are used in the Cloud by a Cryptographic primitive is known as Attribute Based Encryption(ABE). For example the patients staff nure in the hospital can be stored as data in Cloud, these data can be accessed through the ABE by a some set of conditions to identify the attribute and keys. Using this attribute and keys the user can identify by matching and can retrieve the information.

TRUSTCLOUD: A FRAMEWORK FOR ACCOUNTABILITY AND TRUST IN CLOUD COMPUTING

R.K.L. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M.Kirchberg, Q. Liang, and B.S. Lee,(2013) proposed Potential customer has a lack of trust in the Cloud, where the security and the privacy is been researched to developed in the cloud ,but still there is focuson the accountability and the auditability. The sheer amount of data revealed from the virtualization and the data distribution is been researched in the cloud accountability. As it has the responsible of customers concern of server health and the utilization in integrity of data and the safety of end user’s data. This paper tells the trusted cloud throught the detective control and presents the Trust cloud framework which are approached through technical and policy based approach

SECURE PROVENANCE: THE ESSENTIAL OF BREAD AND BUTTER OF DATA FORENSICS IN CLOUD COMPUTING

R. Lu, X. Lin, X. Liang, and X. Shen,(2010) proposed a Secure provenance is the technique in which the users data ownership and the story of the data object is stored and this one of the success in the cloud. In this paper the a new secure provenance scheme is used on the bilinear pairing techniques. As the bread and Buffer of data forensic and post investigation in cloud which proposes the information is confidential , anonyomous authentication of data access by the user and its an provenance of tracking the disputed document. With this technique this paper proves its an security model

ROLE-BASED ACCESS CONTROLS

D.F. Ferraiolo and D.R. Kuhn,(1992) proposed a Mandatory access Control (MAC) which is been used in the Secure Military application whereas the Discretionary Access Controls (DAC) is used in the Security processing of industria and the Civilian of Government.This paper argues that DAC is not found and it is inappropriate access for many commercial and civilian Government Organisation.This paper describes the non-discretionary access control and the role-based access control (RBAC) -that is more central to the secure processing needs of non-military systems than DAC.

ADDING ATTRIBUTES TO ROLE-BASED ACCESS CONTROL

D.R. Kuhn, E.J. Coyne, and T.R. Weil,(2010) proposed the Role Based Access Control(RBAC) which is a Information security helps to reduce the complexity of the Secure administration and it provides the permission to the user . It is been criticized for the difficulty of setting up an initial role structure and for inflexibility in rapidly changing domains. The Pure RBAC provide inadequate attribute for the user , to provide the dynamic attribute , particulary in large Organization the “Role Explosion” which results in thousands of roles been seprated to use for the different collection of the permission. Thus the attributes and the rules could either replace RBAC or make it simple and flexible

SECURING PERSONAL HEALTH RECORDS IN CLOUD COMPUTING: PATIENT-CENTRIC AND FINE-GRAINED DATA ACCESS CONTROL IN MULTI-OWNER SETTINGS

M. Li, S. Yu, K. Ren, and W. Lou,(2010) the Personal health Record is the way of storing the data of a patient personally in a Centralized way, this PHR service which facilitate the storage, access and sharing of personal health data. The PHR data should be encrypted so that it is scalable with the number of users having access. Since there is multiowners (patients) of records, each records are identified through the set of Cryptographic key. it is important to reduce the key distribution complexity in such multi-owner record storage . The Existing Cryptographic key is mostly used for the single owner. To enable fine-grained and scalable access control for PHRs, we use Attribute Based Encryption (ABE) techniques to encrypt each patients’ PHR data. To reduce the key distribution complexity, we divide the system into multiple security domains,where each domain manages only a subset of the users. In this way, each patient has full control over their own privacy, and the key managementis reduced. This scheme is flexible, in that it supports efficient and on-demand revocation of user access rights, and break-glass access under emergency scenarios.

ATTRIBUTE BASED DATA SHARING WITH ATTRIBUTE REVOCATION

S. Yu, C. Wang, K. Ren, and W. Lou,(2010) proposed the Ciphertext-policy Attribute Based Encryption(CPABE) is a Fine grained access control for sharing of data. Inthis each user has a set of attributes to identify their records, the user can decrypt the record only if the attribute satisfy the Ciphertext. In this paper the author focuses on importance of attribute revocation on CP-ABE scheme. As compared to existing schemes, the proposed solution enables the authority to revoke user attributes with minimal effort.Thus by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. The proposed scheme is secure against the cipher text attack. Hence this record is also applicable in Key-Policy Attribute Based Encryption (KP-ABE)

HIERARCHICAL ATTRIBUTE-BASED ENCRYPTION FOR FINE-GRAINED ACCESS CONTROL IN CLOUD STORAGE SERVICES

G. Wang, Q. Liu, and J. Wu,(2010) proposed Cloud Computing is an emerging paradigm where the user can access the data remotely to store and access the data. In medium sized and small sized enterprise uses the Cloud for their cloud based service in the Project.Thus by allowing cloud service providers (CSPs), which are not in the same trusted domains as enterprise users, to take care of confidential data,may raise potential security and privacy issues. To keep thesensitive user data confidential against untrusted CSPs, a cryptographic technique is need to use in it so that only authorized user can decrypt the information. When Enterprise user uses the confeditial data for the outsourcing the encryption system not only support the fine grained access control but also provide the high performance to obtain the data. Thus to obain the confedential data from the cloud server need to combine the hierarchical identity-based encryption (HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system and finally applying proxy re-encryption and lazy re-encryption to this paper.

REALIZING FINE-GRAINED AND FLEXIBLE ACCESS CONTROL TO OUTSOURCED DATA WITH ATTRIBUTE-BASED CRYPTOSYSTEMS

F. Zhao, T. Nishide, and K. Sakurai,(2011) proposed a problem for the security of the storage in case of sharing the outsourced data to others , where server is not trusted by the customer.Cloud storage service denotes an architectural shift toward thin clients and conveniently centralized provision of both computing and storage resources. While utilizing the data storage, the main problem faced in it is, both strong data confidentiality and flexible finegrained access control without imposing additional cost on the clients.To achieve this protocol the author proposed by combining the cryptographic technique as, attribute-based encryption (ABE) and attribute-based signature (ABS) .

CONCLUSION AND FUTURE WORK

This paper dealt about various methods prevailing in literature of anonymous authentication mechanisms for data stored in clouds. It is a Decentralized access of system in which every system have the access control of data . The Cloud which is a Secured storage area where the anonymous authentication is used, so that only the permitted users can be accessed. Decrypting of data can be viewed only by a valid users and can also stored information only by Valid users. This Scheme prevents Replay attack which mean Eaves Dropping can be avoided, Support Creation of data inside storage, Modifying the data by unknown users , and Reading data stored in Cloud. User can revocate the data only by addressing through the cloud. The authentication and accessing the Cloud is Robust, Hence Overall Communication Storage are been developed by comparing to the Centralized approaches. This paper would promote a lot of research in the area of Anonymous Authentication.
 

References