ISSN ONLINE(2320-9801) PRINT (2320-9798)
V.Karthik1, K.S.Arvind2 |
Related article at Pubmed, Scholar Google |
Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering
Cloud computing, as an emerging computing standard. Cloud computing enables users to remotely store their data in a cloud and also benefit from services on-demand. With rapid development of cloud computing, more enterprises will outsource their sensitive data for sharing in a cloud. To maintain the shared data confidential against untrusted cloud service providers (CSPs), a natural way is to store only the encrypted data in a cloud. The major problems of this approach include establishing Decomposing Access Control Polices, delegated access control for the encrypted data, proof of ownership allow storage server to check a user data ownership based on hash value and the access rights from users when they are no longer authorized to access the encrypted data. In the proposed approach the privacy of users is protected while enforcing attribute based ACPs and utilizing the two layer of encryption reduce the overhead at Owner, opposed to unauthorized access to data and to any data leak during sharing process, providing levels of access control verification.
Keywords |
||
cloud computing; TLE; policy decomposition; privacy preserving; access control | ||
INTRODUCTION |
||
In adoption of cloud technology for storage environment represents major concerns in the part of security and privacy. Here we need to assure the confidentiality of the user’s data and protect the privacy of the user. The Traditional Encryption Approach is not sufficient for assure the confidentiality of records from the cloud server. Nowadays most of the organization perform access control polices (ACPs) means “which users can access which data or records”; these access control policies can be expressed in the terms of user property, called as identity attribute by using access control language like XACML. Such an approach, called as Attribute Based Access Control (ABAC) support finegrained access control which is necessary for high-assurance data security and secrecy |
||
Fine Grained Access Control: Fine grained access control is the ability to resolve who can access individual data items and attributes. Fine grained access control allows one to implement selective access to the content based on policy specification. These system make possible yielding differential access rights to a set of users and allow exibility in specify the access rights of individual users only. Several methods are known for implementing fine grained access control. |
||
Delegation: Delegation is a method of transmission access rights to a user. Delegation may occur in two forms: administrative delegation and user delegation. An administrative delegation allows an administrative user to assign access rights to a user and does not (necessarily) require that the administrative user possesses the ability to use the access right. A user delegation allows a user to allocate a subset of his available rights to 2 another user. However, a user delegation operation requires that the user performing the delegation must possess the ability to use the access right. Furthermore, we believe that an administrative delegation operation is often long-lived and more durable (permanent) than a user delegation operation that is short-lived (temporary) and intended for a specific purpose. |
||
LITERATURE SURVEY |
||
Mohamed Nabeel and Elisa Bertino, proposed a paper [1] “Privacy preserving delegated access control in public cloud”, these afford efficient group key management scheme that supports expressive ACPs. It assures the confidentiality of the data and preserves the privacy of users from the cloud while delegating most of the access control enforcement to the cloud. Here two layer encryption is performed, one by data owner and another one by cloud. Under our approach, the data owner performs a coarse-grained encryption, where cloud performs a fine-grained encryption on top of the owner encrypted data. A major issue is how to decompose access control policies (ACPs) such that the two layer encryption can be performed. Our approach is based on a privacy preserving attribute based key management scheme that protect the privacy of users while enforcing attribute based ACPs. Here decomposing the ACPs and utilize the two layer of encryption decrease the transparency at the Owner. |
||
Mohamad Nabeel Dept. of Computer Science., Purdue Univ., West Lafayette, IN, USA, proposed a paper [2] “Privacy preserving delegated access control in the storage as a service model”. Here a new approach for delegating privacypreserving fine-grained access enforcement to the cloud. The approach is based on a recent key management scheme that allows users whose attributes satisfy a certain policy to derive the data encryption keys only for the content they are allowed to access from the cloud. His approach preserves the confidentiality of the data and the user privacy from the cloud, where delegating most of the access control enforcement to the cloud. Additionally, in order to reduce the cost of re-encryption required whenever the access control policies changes, these approach uses incremental encryption techniques. |
||
Elisa Bertino, Mohamed Nabeel proposed a paper [5] “Towards attribute based group key management”. Attribute based system permit fine-grained access control among a group of users each identified by a set of attributes. A protected collaborative applications need such flexible attribute based systems for managing and distributing group keys. These system able to support any monotonic access control policy over a set of attributes. When the group changes, the rekeying operations do not affect the private information of existing group members and thus our schemes eliminate the need of establishing expensive private communication channels |
||
Nesrine Kaaniche, Maryline Laurent proposed a paper [6] ”A Secure Client Side Deduplication Scheme in Cloud Storage Environments”, here a new client-side deduplication scheme for securely storing and sharing outsourced data via the public cloud that towards the security and privacy of the public cloud environments. Here originality of proposal system is twofold. First, it ensures better confidentiality towards unauthorized users. Therefore every client compute a per data key to encrypt the data that he intends to store in the cloud. As such, the data access is managed by the data owner. Second, by integrate access privileges in metadata file, an authorized user can decode an encrypted file only with his private key. These solution is also shown to be resistant to unauthorized access to data and to any data disclosure during sharing procedure, given that two levels of access control verification. |
||
COMPARISON OF APPROACHES |
||
In this section we compare ABE-based existing approaches as a whole and the two AB-GKM based approaches. A common feature of all these approaches is that they support secure attribute based group communication. |
||
As shown in Table 1, while ABE-based approaches rely on asymmetric cryptography, our two approaches rely only on symmetric cryptography which is more efficient than the asymmetric cryptography. A key issue in the ABE-based approaches is that they do not support resourceful user revocations unless they use additional attributes. Our schemes address the revocation problem. |
||
It should be well-known that the ABE based approaches and our SLE approach (Fig.1) follows the expected data outsourcing scenario by which the data owner manages all users and data before uploading the encrypted data to the cloud, whereas the Two Layer Encryption based approach(Fig.2) provides the advantage of limited management of users and data in the cloud itself while assuring confidentiality of the data and privacy of users. With always increasing user base and large amount of data, while such delegation of user management and access control is becoming very important, it also has tradeoffs in terms of privacy. Compared to the SLE approach, in the TLE approach, the data owner has to expose partial access control policies to the cloud which may allow the cloud to infer some details about the identity attributes of users. It is an interesting topic to investigate how to construct symmetric key based practical solutions to hide the access control policies from the cloud while utilizing the benefits of delegation of control. |
||
CONCLUSION |
||
Current technologies for uploading the encrypted data incurs high cost because it manages all keys. Whenever user credentials changes therefore burden on the owner to manage all keys. To reduce the overhead of the data owner, we proposed a two layer encryption based approach to solve the problem of delegated access control and reduce the burden on the data owner. Here decompose of Access Control Polics is done on the cloud, so that owner has to handle minimum number of attribute conditions. We showed that the policy decomposition problem is NP-Complete and provided estimate algorithms. Based on the decomposed Access Control Policies, we proposed a novel approach to privacy preserving fine-grained delegated access control to data in public clouds environment. Here our approach is based on a privacy preserving attribute based key management scheme that protects the privacy of users while enforcing attribute based Access Control Polices. This proposal is shown to support data deduplication, as it employs an preverification of data subsistence, in cloud servers which is helpful for saving bandwidth. Thus the proposed system provides better security and privacy of the user’s data and incurs low communication cost when compared to the existing system. Thus, the approach is based on a privacy preserving attribute based key management scheme that protects the privacy of users while enforcing attribute based Access Control Polices. |
||
Tables at a glance |
||
|
||
Figures at a glance |
||
|
||
References |
||
|