Decentralized Access Control with Anonymous

Authentication of Data Stored in Clouds

Abstract

1. Decentralized access control scheme is made for secure data storage in clouds that

supports anonymous authentication.

2. In the proposed scheme, the cloud verifies the authenticity of the series without

knowing the user’s identity before storing data.

3. This scheme also has the added feature of access control in which only valid users

are able to decrypt the stored information.

4. The scheme prevents replay attacks and supports creation, modification, and reading

data stored in the cloud.

Objective

1. Moreover, the authentication and access control scheme is decentralized and

robust, unlike other access control schemes designed for clouds which are

centralized.

2. The communication, computation, and storage overheads are comparable to

centralized approaches

Scope

1. Preserving authorized restrictions on information access

and disclosure. The main threat accomplished when storing

the data with the cloud.

Existing System

1. Existing work on access control in cloud are centralized in nature.

2. Except and , all other schemes use attribute based encryption (ABE).

3. The scheme in uses a symmetric key approach and does not support authentication.

The schemes do not support authentication as well.

4. Earlier work by Zhao et al. Provides privacy preserving authenticated access

control in cloud.

5. However, the authors take a centralized approach where a single key distribution

centre (KDC) distributes secret keys and attributes to all users.

6. Unfortunately, a single KDC is not only a single point of failure but difficult to

maintain because of the large number of users that are supported in a cloud

environment.

1. A single KDC is not only a single point of failure but difficult to maintain

because of the large number of users that are supported in a cloud environment

Disadvantages of Existing system

Proposed System

1. Proposed a decentralized approach, their technique does not authenticate users,

who want to remain anonymous while accessing the cloud.

2. This scheme propose a distributed access control mechanism in clouds.

3. However, the scheme did not provide user authentication. The other drawback was

that a user can create and store a file and other users can only read the file.

4. Write access was not permitted to users other than the creator. This scheme has

added features which enables to authenticate the validity of the message without

revealing the identity of the user who has stored information in the cloud. In this

version there is also address user revocation.

5. It uses attribute based signature scheme to achieve authenticity and privacy.

Advantages of Proposed System

1. This scheme extend the previous work with added features which enables to

authenticate the validity of the message without revealing the identity of the user who

has stored information in the cloud.

Architecture

List of Modules

1. System Initialization.

2. User Registration.

3. KDC setup.

4. Attribute generation.

5. Sign.

6. Verify.

Modules Description

KDC setup.

Public Key: The Public key is a random generated

binarykey, generated and maintained by the Key manager itself.

Particularly used for encryption/ decryption.

Private Key: It is the combination of the username, password

and two security question of user’s choice. The private key is

maintained by client itself. Used for encrypt / decrypt the file.

Access key: It is associated with a policy. Private access key is

maintained by the client. The access key is built on attribute based

encryption. File access is of read or write.

Attribute generation.

We used RSA algorithm for encryption/Decryption.

This algorithm is the proven mechanism for secure

transaction. Here we are using the RSA algorithm with key

size of 2048 bits. The keys are split up and stored in four

different places. If a user wants to access the file he/she

may need to provide the four set of data to produce the

single private key to manage encryption/decryption

Verify.

1. Download all the encrypted renew keys of each file from

the cloud.

2. Send the renew keys to the key manager for decrypt the

renew key with the control key.

3. Get the renew keys from the key manager.

4. Generate new renew keys and encrypts with control key.

5. Send the renew keys to the cloud to make the policy

renewal of each file.

System Configuration:-

H/W System Configuration:-

Processor - Duel Core

Speed - 3.0 GHZ

RAM - 2 GB

Hard Disk - 160 GB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA

S/W System Configuration:-

•Operating System : Windows 7

•Application Server : Tomcat5.0/6.X

•Front End : HTML, Java, Jsp

• Scripts : JavaScript.

•Server side Script : Java Server Pages.

•Database : MySQL

•Database Connectivity : JDBC.

Reference

1. S Sushmita Ruj, Milos Stojmenovic and Amiya Nayak,

“Decentralized Access Control with Anonymous Authentication of

Data Stored in Clouds”, IEEE TRANSACTIONS ON PARALLEL

AND DISTRIBUTED SYSTEMS

2. Yang Tang, Patrick P.C. Lee, John C.S. Lui and Radia Perlman,

“Secure Overlay Cloud Storage with Access Control and Assured

Deletion”, IEEE Transcations on dependable and secure

computing,

3. G. Wang, Q. Liu, and J. Wu, “Hierarchical attribute-based

encryption for fine-grained access control in cloud storage

services,” in ACM CCS, , pp. 735–737, 2010

4. Y. Tang, P.P.C. Lee, J.C.S. Lui, and R. Perlman, “FADE: Secure

Overlay Cloud Storage with File Assured Deletion,” Proc. Sixth

Int’l ICST Conf.Security and Privacy in Comm. Networks

(SecureComm), 2010