Anti Collusion Access Control Data Sharing Scheme to Dynamic Groups in Cloud Environment

Data access control is an efficient way to provide the data security in the cloud but due to data outsourcing over untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Attribute-based Encryption (ABE) technique is regarded as a most trustworthy cryptographic conducting tool to guarantee data owner’s direct control on their data in public cloud storage. In this paper, we propose a secure data sharing scheme for dynamic members. First, we propose a secure way for key distribution without any secure communication channels, and the users can securely obtain their private keys from group manager. Second, our scheme can achieve fine-grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud again after they are revoked. Third, we can protect the scheme from collusion attack, which means that revoked users cannot get the original data file even if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we can achieve a secure user revocation scheme. The network security mechanism also fulfil with this approach.

Introduction

Forward secure character based ring mark for information partaking in the cloud give secure information sharing of inside of the gathering in a productive way. It additionally give of the legitimacy and namelessness of the clients. Ring mark is the promising possibility to build an unknown and credible information sharing framework. It permits an information proprietor to thein mystery validate his information which can be put into the cloud for capacity or investigation reason. The framework can be to keep away from exorbitant testament check in the customary open key framework setting turns into a bottleneck for this answer for be versatile. Personality based ring the mark which is dispenses with of the procedure of testament for confirmation can be utilized. The security of the ID-based providing so as to ring mark as a forward security - If a mystery key of any client has been upheaval, then all past created marks that incorporate that client still stay legitimate. The property is particularly vital to any extensive size of information sharing framework, as it is difficult to ask all information proprietors to re-confirm their information regardless of the possibility that a mystery key of the one single client has been surrendered. Responsibility what's more, security issues with respect to cloud are turning into the noteworthy obstruction to the wide selection of cloud administrations. There is the part of headway happens in the framework concerning the web as a noteworthy worry in it'simplementation in a well compelling way separately furthermore give of the framework in multi-cloud environment. Huge numbers of the clients are a getting pulled in to this innovation because of the administrations included in it the took after by the diminished calculation took after by the expense furthermore the solid information of transmission happens in the framework in a well viable way respectively.

Literature survey

Xue proposes a novel heterogeneous framework to remove the problem of single-point performance bottleneck and provide a more efficient access control scheme with an auditing mechanism. Our framework employs multiple attribute authorities to share the load of user legitimacy verification. Meanwhile, in our scheme, a CA (Central Authority) is introduced to generate secret keys for legitimacy verified users. Unlike other multi authority access control schemes, each of the authorities in our scheme manages the whole attribute set individually. To enhance security, we also propose an auditing mechanism to detect which AA (Attribute Authority) has incorrectly or maliciously performed the legitimacy verification procedure.

Yang and Al. proposed a revocable multi-authority CP-ABE scheme, and apply it as the underlying techniques to design the data access control scheme. Our attribute revocation method can efficiently achieve both forward security and backward security. System also design an expressive, efficient and revocable data access control scheme for multi-authority cloud storage systems, where there are multiple authorities co-exist and each authority is able to issue attributes independently. The system proposed a secure way for anti collusion key distribution without any secure third party channels, and the users can securely get their private keys from group owner. second, this method can propsed fine grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud all over again after they are revoked. Thirdly, system can shield the scheme from collusion attack, that means that revoked users cannot get the actual data file even if they combine with the untrusted cloud. In this approach, by exploit polynomial capability, framework can complete a safe client negation conspire, Finally, this plan can accomplish fine efficiency, which implies past clients necessitate not to refresh their revoked from the group.

Another research proposes the major of key-approach feature which is based on KP-ABE with reflection of non-monotonic access structures and with regular cipher text size. System also proposes the first Key-Policy Attribute-based Encryption (KPABE) method allowing for non-granted access structures (i. e. , that may contain negated attributes) and with constant cipher text size. Towards achieving this goal, system first show that a certain class of identity based broadcast encryption schemes generically yields monotonic KPABE systems in the selective set model. System then describes a new efficient identity-based revocation mechanism that, when combined with a particular instantiation of our general monotonic construction, gives rise to the first truly expressive KP-ABE realization with constant-size cipher text.

Zhang and Kim proposed an ID-based ring signature approach, both approaches has defined base on bilinear pairings as well as Java pairing library. Also system analyzes their security and efficiency with different existing strategies. The Java Pairing library (JPBC) has used for data encryption and decryption purpose. Some user access control policies has design for end users that also enhance the privacy and anonymity of data owner.

Another approach proposed the first Identity-based threshold ring signature approach that does not support to java pairings. It propose the first Identity -based threshold verifiable ring signature strategy. System also analyze that the secrecy of the actual signers is maintained even against the PK generator (PKG) of the Identity-based system. Finally system shows how to add identity collusion and other existing base different schemes. Due to the dissimilar levels of signer inscrutability they support, the system proposed in this paper actually form a suite of Identity -based threshold ring signature method which is related to many real-world systems with varied anonymity needs.

According to Yan, system proposed Cipher text-Policy Attribute-based Encryption (CP-ABE) is a promising technique for access control of encrypted data. It requires a trusted authority manages all the attributes and distributes keys in the system. In cloud storage systems, there are multiple authorities co-exist and each authority is able to issue attributes independently. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority cloud storage systems, due to the inefficiency of decryption and revocation. In this paper, system propose DAC-MACS (Data Access Control for Multi-Authority Cloud Storage), an effective and secure data access control scheme with efficient decryption and revocation. Specifically, system construct a new multi-authority CP-ABE scheme with efficient decryption and also design an efficient attribute revocation method that can achieve both forward security and backward security.

Proposed system model

In this system, there are exist 6 entities:

1. Single i. e. global Certificate Authority (CA)
2. Multiple Attribute Authority (AA’s)
3. Data Owner
4. User
5. Cloud server
6. Trusted Third Party (TTP)

Attribute revocation method can efficiently achieve both forward security and backward security. An attribute revocation method is efficient in the sense that it incurs less communication cost and computation, cost, secure in the sense that it can achieve both backward security and forward security. There are five types of entities in the system: a certificate authority (CA), characteristic authorities (AAs), data owner (owners), the cloud server (server) and data consumers (users). The CA is a global trusted certificate authority in the scheme. It sets up the system and accepts the registration of all the users and AAs in the system. For each legal user in the system, the CA assign a global unique user identity to it and also generates a global public key for this user. However, the CA is not involved in any attribute organization and the formation of secret keys that are connected with attribute. For example, the CA can be the Social Security Administration, an independent agency of the United States government. Each user will be issued a Social Security Number (SSN) as its global identity. Every AA is an independent attribute influence that is responsible for entitling and revoking user’s attributes according to their role or identity in its domain. In our scheme, every attribute is associated with a single AA, but each AA can manage an arbitrary number of attributes. Every AA has full control over the structure and semantics of its attributes. Each AA is responsible for generating a public attribute key for each attribute it manages and a secret key. For each user reflecting his/her attributes.

Experimental result

For the system performance evaluation, calculate the matrices for accuracy. The system is implemented on java 3-tier architecture framework with INTEL 2. 8 GHz i3 processor and 4 GB RAM with public cloud Amazon EC2 consol. For the system evaluation we create 2 machines on physical environment with Wi-Fi and 10 VM with Amazon EC2 as public cloud environment. After implementing some part of system we got system performance on satisfactory level.

In second experimentation system show the user verification time with different approaches. In current system we consider as four different authorities for runtime verification.

Conclusion

In this work system design a secure anti-collusion data sharing scheme for dynamic groups in the cloud. In our scheme, the users can securely obtain their private keys from data owner, Certificate Authorities and secure communication channels. Also, our scheme is able to support dynamic groups efficiently, when a new user joins in the group or a user is revoked from the group, the private keys of the other users do not need to be recomputed and updated. Moreover, our scheme can achieve secure user revocation, the revoked users can not be able to get the original data files once they are revoked even if they conspire with the untrusted cloud.

Future work

The current architecture is very efficient for security purpose, but sometime it’s utilized multiple resources. When the such system allocate multiple resources it will generate a lot of dependencies. For the next updation we can focus on minimum resource utilization with system flexibility like power, VM’s, network, memory etc.