ISSN ONLINE(2320-9801) PRINT (2320-9798)

Yakışıklı erkek tatil için bir beldeye gidiyor burada kendisine türk Porno güzel bir seksi kadın ayarlıyor Onunla beraber otel odasına gidiyorlar Otel odasına rokettube giren kadın ilk önce erkekle sohbet ederek işi yavaş halletmeye çalışıyor sex hikayeleri Kocası fabrikatör olan sarışın Rus hatun şehirden biraz uzak olan bir türk porno kasabaya son derece lüks bir villa yaptırıp yerleşiyor Kocasını işe gönderip mobil porno istediği erkeği eve atan Rus hatun son olarak fotoğraf çekimi yapmak üzere türk porno evine gelen genç adamı bahçede azdırıyor Güzel hatun zengin bir iş adamının porno indir dostu olmayı kabul ediyor Adamın kendisine aldığı yazlık evde sikiş kalmaya başlayan hatun bir süre sonra kendi erkek arkadaşlarını bir bir çağırarak onlarla porno izle yapıyor Son olarak çağırdığı arkadaşını kapıda üzerinde beyaz gömleğin açık sikiş düğmelerinden fışkıran dik memeleri ile karşılayıp içeri girer girmez sikiş dudaklarına yapışarak sevişiyor Evin her köşesine yayılan inleme seslerinin eşliğinde yorgun düşerek orgazm oluyor

Data Access Control in Cloud Using Attribute Based Revocation Algorithm

Karthikeyan.C1, Vignesh.R2
  1. M.E, Department of CSE, Arunai Engineering College, Tiruvannamalai, Tamilnadu, India1
  2. M.E, Department of CSE, Arunai Engineering College, Tiruvannamalai, Tamilnadu, India2
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering

Abstract

Cloud computing as an emerging technology allows the user to store the data and information in the third party cloud such that users can use the services of the cloud on-demand. For small and medium level industries, budget is a major constraint. Thus while data is present in third party data centers, data confidentiality and integrity is a major concern. Many researches tried to achieve security in the cloud by using various algorithms. Traditionally to secure our data stored in the third party data center, encryption and decryption mechanisms are used. Here we mainly concentrate on business cloud where various organizations store their data about their business plans in the cloud. In this paper, we use an attribute based revocation algorithm in which it provides a secure access to data in the cloud. The user of an organization can be able to access the particular set of information present in the cloud. This technique also uses revocation list which contains the set of users associated with specific projects such that those privileged users can only be able to access the information. Moreover, the overhead caused due to storage and encryption techniques are eradicated and independent to the number of users. We have analyzed the security of our algorithm and also the efficiency.

Keywords

Attribute based encryption, Group Signature, Revocation list, Business Cloud.

INTRODUCTION

The traditional form of information technology is nowadays replaced by the cloud computing technology. The basic definition of cloud computing isa compilation of existing techniques and technologies, packaged within a new infrastructure paradigm that offers improved scalability, elasticity, business agility, faster start up time, reduced management costs, and availability of resources. Because of its basic qualities like on-demand, low cost, high computation power, it is most demanded technology. Cloud provides 24/7 reliable services to its users. There are various types of cloud namely private cloud which is used with in a private organization for their private storage and computation purposes. Public cloud is a type of cloud which is used by any type of organizations for various types of purposes. Community cloud is also one of the type of cloud in which it is used for a particular community. Hybrid clouds are certain types of cloud in which it is used both as a public and private cloud. These types of cloud are called the deployment models of the cloud.
There are various types of security threats. In this paper we have addressed some of them. First is that the third party cloud service provider (csp) cannot be trusted. Those cloud service providers are vulnerable in nature. Also they themselves can perform some malpractices. For example, cloud service providers may delete the files which are no longer used such that they can save the storage capacity. Also to maintain their reputation, they can hide any data loss or any storage errors. Second, certain sensitive data which are present in an organization are made hidden to some users to provide the integrity and confidentiality of the data. Hence those sensitive data must be protected from the cloud service providers, attackers and from internal threats. On one hand, the sensitive data must be protected and given access only to selected users in an organization and on the other hand, staffs can resign from the organization or can be shifted to other projects such that they should not be given access once they are revoked. Both must be seriously handled in order to maintain the confidentiality of the data.

BACKGROUND

In this section, we are going to present our techniques and policies.

Assumptions

The cloud is a honest one in the sense that cloud service providers can be only able to read the contents and cannot be able to modify it. This is a valid assumption that can be made in order to hold the algorithm good. Also users can be able to read or write or can perform both the read and write operations on the data present in the cloud. The secure shell protocol, ssh is used to communicate between the users and the cloud. All the communication is via this particular protocol.

Access Control Policy

Attribute based access policy is used in which the data are provided with access policy and users are given with attributes based on which the files are accessed.

Encryption Technique

Attribute based encryption is used to encrypt the files. In this attribute based encryption, the data which are to be given security is encrypted under some access policy and then stored in the cloud. Then the users are given with a set of attributes and their corresponding keys. The individual users can only decrypt the files if and only if the corresponding set of attributes matches with the access policy.

Group Signature

The group signature concept was introduced in by chaum and van heyst[10]. Group signatures are used to allow any member of the group to sign the data. Sometimes later while accessing and modifying the data file, this group signature is used to verify that the person who is accessing the data file is an authorized user or not.

DESIGN GOALS

Our main goal of this paper is to provide security to the data files present in the cloud server. Especially we allow the data owner to provide an access policy for each data. The users are given with a set of attributes and their corresponding keys. The individual users can only decrypt the files if and only if the corresponding set of attributes matches with the access policy. In addition to that, we handle the users who are revoked. That is users who are not authorized but once upon a time authorized must not be able to access the data.

Maintaining Confidentiality

This property assures that the unauthorized users are not allowed to read or modify the data file and thus maintain the confidentiality of the data file in the cloud.

Data Access

The data access can be described in two ways. First, any member of the group can access the data present in the cloud. Second, unauthorized and revoked users cannot gain access to the files of the cloud resources.

OUR PROPOSED SCHEME

Main Idea

In order to achieve a secure sharing in the cloud, we utilize the combination of attribute based encryption technique with the group signature. In this, any user can be able to read the file which is shared. Also any user can be able to modify the data file which is shared. This scheme handles user revocation in which a revocation list is used to check the user’s availability and can gain access. Instead of updating the keys of the each and every user, this scheme uses a revocation list, which consists of the revoked users.

Scheme Description

This section describes the step by step process of implementation of each and every module of the algorithm.

System Initialization

The administrator is responsible for the system initialization.
1. Administrator creates a master key
2. This master key is used to access the files

File Creation

1. The file is created by the administrator.
2. Once the file is created, a file id is created.

User Registration

1. The new users are registered in the cloud.
2. Once the user gets the registration message to the cloud, the cloud sends a private key to the user.
3. This private key is associated with a set of attributes.
4. The individual users can only decrypt the files if and only if the corresponding set of attributes matches with the access policy.

File Storing

1. The file which is created is encrypted using attribute based encryption.
2. The cipher-text is stored in the cloud.
3. Along with the cipher-text, the file id, the group id, and a group signature is stored.

Revocation List

1. A revocation list is used created by the administrator
2. In this list, the id’s of the unauthorized users are added
3. This list is used to check for the revoked users

File Read Access

1. To read the data file in the cloud, the private key of the user is used.
2. This private key is initiated and created by the cloud during user registration.
3. Using this private key, the user can decrypt the files stored in the cloud.
4. Before that, the cloud checks for the revocation list.
5. The user id must not be present in the revocation list.
6. If the user id is present in the list, then the user is not allowed to read the data file in the cloud.
7. Else the user is allowed to access and read the cloud.
8. The users can only decrypt the files if and only if the corresponding set of attributes matches with the access policy.

File Write Access

1. To write or modify a file in the cloud, the user also uses the private key.
2. Before that, the cloud checks for the revocation list.
3. The user id must not be present in the revocation list.
4. If the user id is present in the list, then the user is not allowed to modify the data file in the cloud.
5. Else the user is allowed to access and modify the cloud.
6. Once the data is modified, the data file must be uploaded into the cloud.
7. Now the cloud will check and verify for the signature.
8. If the signature is verified, the data file is uploaded successfully into the cloud.
9. This scheme of using revocation list reduces the overhead of updating the keys of every user when there is a revocation or a new participation.

File Deletion

1. File deletion is done by the data owner.
2. While storing the file in the cloud, there will be a data owner id inserted in the message.
3. Using that id, the data owner can be identified and can be able to delete
4. Only the data owner can be able to delete the file

File Storing

1. The file which is created is encrypted using attribute based encryption.
2. The cipher-text is stored in the cloud
3. Along with the cipher-text, the file id, the group id, and a group signature is stored.

PERFORMANCE ANALYSIS

As the cloud performs various operations, it is much speeder in its performance. Cloud has a distributed environment. As the computations are shared between the user and the administrator and the cloud, the performance of the algorithm is good.

COMPUTATION COMPLEXITY

The various functionalities and the computations are shared between the users of the cloud namely the administrator, the user, and the cloud. So the computation overhead is minimized. During revocation, it is not necessary to update the keys of every user when there is a staff revocation happens. Instead we have a revocation list which consists of the users who are revoked. Based on this, the access is determined.

CONCLUSION

Data confidentiality and integrity is a major concern. We mainly concentrate on business cloud where various organizations store their data about their project in the cloud. In this paper, we use an attribute basedrevocation algorithm in which it provides a secure access to data in the cloud. Here the user of an organization can be able to access the particular set of information present in the files and only particular users who are involved in particular project is allowed to access the information. This technique also uses revocation list which handles the set of users associated with particular projects such that those users can only be able to access the information. Moreover, the overhead caused due to storage and encryption techniques are eradicated and independent to the number of users. We have analysed the security of our algorithm and also the efficiency.
 

Tables at a glance

Table icon Table icon
Table 1 Table 2
 

Figures at a glance

Figure 1 Figure 2
Figure 1 Figure 2
 

References