Upload
guellord-mpia
View
80
Download
0
Tags:
Embed Size (px)
Citation preview
Decentralized Access Control with Anonymous
Authentication of Data Stored in Clouds
Abstract
1. Decentralized access control scheme is made for secure data storage in clouds that
supports anonymous authentication.
2. In the proposed scheme, the cloud verifies the authenticity of the series without
knowing the user’s identity before storing data.
3. This scheme also has the added feature of access control in which only valid users
are able to decrypt the stored information.
4. The scheme prevents replay attacks and supports creation, modification, and reading
data stored in the cloud.
Objective
1. Moreover, the authentication and access control scheme is decentralized and
robust, unlike other access control schemes designed for clouds which are
centralized.
2. The communication, computation, and storage overheads are comparable to
centralized approaches
Scope
1. Preserving authorized restrictions on information access
and disclosure. The main threat accomplished when storing
the data with the cloud.
Existing System
1. Existing work on access control in cloud are centralized in nature.
2. Except and , all other schemes use attribute based encryption (ABE).
3. The scheme in uses a symmetric key approach and does not support authentication.
The schemes do not support authentication as well.
4. Earlier work by Zhao et al. Provides privacy preserving authenticated access
control in cloud.
5. However, the authors take a centralized approach where a single key distribution
centre (KDC) distributes secret keys and attributes to all users.
6. Unfortunately, a single KDC is not only a single point of failure but difficult to
maintain because of the large number of users that are supported in a cloud
environment.
1. A single KDC is not only a single point of failure but difficult to maintain
because of the large number of users that are supported in a cloud environment
Disadvantages of Existing system
Proposed System
1. Proposed a decentralized approach, their technique does not authenticate users,
who want to remain anonymous while accessing the cloud.
2. This scheme propose a distributed access control mechanism in clouds.
3. However, the scheme did not provide user authentication. The other drawback was
that a user can create and store a file and other users can only read the file.
4. Write access was not permitted to users other than the creator. This scheme has
added features which enables to authenticate the validity of the message without
revealing the identity of the user who has stored information in the cloud. In this
version there is also address user revocation.
5. It uses attribute based signature scheme to achieve authenticity and privacy.
Advantages of Proposed System
1. This scheme extend the previous work with added features which enables to
authenticate the validity of the message without revealing the identity of the user who
has stored information in the cloud.
Architecture
List of Modules
1. System Initialization.
2. User Registration.
3. KDC setup.
4. Attribute generation.
5. Sign.
6. Verify.
Modules Description
KDC setup.
Public Key: The Public key is a random generated
binarykey, generated and maintained by the Key manager itself.
Particularly used for encryption/ decryption.
Private Key: It is the combination of the username, password
and two security question of user’s choice. The private key is
maintained by client itself. Used for encrypt / decrypt the file.
Access key: It is associated with a policy. Private access key is
maintained by the client. The access key is built on attribute based
encryption. File access is of read or write.
Attribute generation.
We used RSA algorithm for encryption/Decryption.
This algorithm is the proven mechanism for secure
transaction. Here we are using the RSA algorithm with key
size of 2048 bits. The keys are split up and stored in four
different places. If a user wants to access the file he/she
may need to provide the four set of data to produce the
single private key to manage encryption/decryption
Verify.
1. Download all the encrypted renew keys of each file from
the cloud.
2. Send the renew keys to the key manager for decrypt the
renew key with the control key.
3. Get the renew keys from the key manager.
4. Generate new renew keys and encrypts with control key.
5. Send the renew keys to the cloud to make the policy
renewal of each file.
System Configuration:-
H/W System Configuration:-
Processor - Duel Core
Speed - 3.0 GHZ
RAM - 2 GB
Hard Disk - 160 GB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
S/W System Configuration:-
•Operating System : Windows 7
•Application Server : Tomcat5.0/6.X
•Front End : HTML, Java, Jsp
• Scripts : JavaScript.
•Server side Script : Java Server Pages.
•Database : MySQL
•Database Connectivity : JDBC.
Reference
1. S Sushmita Ruj, Milos Stojmenovic and Amiya Nayak,
“Decentralized Access Control with Anonymous Authentication of
Data Stored in Clouds”, IEEE TRANSACTIONS ON PARALLEL
AND DISTRIBUTED SYSTEMS
2. Yang Tang, Patrick P.C. Lee, John C.S. Lui and Radia Perlman,
“Secure Overlay Cloud Storage with Access Control and Assured
Deletion”, IEEE Transcations on dependable and secure
computing,
3. G. Wang, Q. Liu, and J. Wu, “Hierarchical attribute-based
encryption for fine-grained access control in cloud storage
services,” in ACM CCS, , pp. 735–737, 2010
4. Y. Tang, P.P.C. Lee, J.C.S. Lui, and R. Perlman, “FADE: Secure
Overlay Cloud Storage with File Assured Deletion,” Proc. Sixth
Int’l ICST Conf.Security and Privacy in Comm. Networks
(SecureComm), 2010