Computing is one of todays most enticing technology areas due to its cost efficiency and also the Flexibility. Cloud computing security, sometime refer to simply as "cloud computing". It is also an Evolving sub domain of computer security, network security and more broadly information security. Cloud computing is also facing many challenges. Data security, as it exists in many other applications, is among these challenges that we are going to undertake in cloud computing. We address an issue and propose a secure and scalable fine-grained data access control scheme for cloud computing. One extremely challenging issue with this design is the implementation of user revocation which would inevitably require re-encryption of data files accessible to the leaving user and may need update of secret keys for all the remaining users. We achieve our design goals by exploiting a novel cryptographic primitive, namely key policy attribute based encryption.
KEYWORDS: Cloud Computing, Data Security, Encryption, Public Key, Private Key.
INTRODUCTION:
As cloud computing is facing many challenges, we consider some concerns that originate from the fact where cloud servers are usually operated by commercial providers when users outsource data for storage in the cloud. Data confidentiality is not only a security/privacy issue, but also of juristic concerns. Furthermore, we observe that there are also cases in which cloud users themselves are content providers. They publish data on cloud servers for sharing and need fine-grained data access control in terms of which user has the access privilege to different types of data.
Our proposed scheme is partially based on our observation that, in practical application scenarios each data file can be associated with a set of attributes which are meaningful in the context of interest. The access structure of each user can thus be defined as a unique logical expression over these attributes to reflect the scope of data files that the user is allowed to access. To enforce these access structures, we define a public key component for each attribute. Data files are encrypted using public key components corresponding to their attributes. User secret keys are defined to reflect their access structures so that a user is able to decrypt a cipher text if and only if the data file attributes Satisfy his access structure.
To resolve this challenging issue, our proposed scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. Actually this project is based on Data security in cloud where we take a challenge that would raise great concerns from users when they store sensitive information on cloud servers. This challenge can be achieved by applying a cryptographic concepts using DSA algorithm.
SOLUTION METHODOLGY:
A. Security Models:
In this model, we just consider Honest but Curious Cloud Servers as does Cloud Servers will follow our proposed protocol in general, but tries to find out as much secret information as possible based on their inputs. More specifically, Cloud Servers are more interested in file contents and user access privilege information than other secret information. Users would try to access files either within or outside the scope of their access privileges. To achieve this goal, unauthorized users may work independently or cooperatively. In addition, each party is preloaded with a public/private key pair and the public key can be easily obtained by other parties when necessary.
B. System Models:
In this model we assume that the system is composed of the following parties: the Data Owner, many Data Consumers, many Cloud Servers, and a Third Party Auditor (optional). To access data files that are shared by the data owner, Data Consumers, or users for brevity, download data files of their interest from Cloud Servers and then decrypt. Neither the data owner nor users will be always in online. Cloud Servers are always in online and operated by the Cloud Service Provider (CSP). They are assumed to have abundant storage capacity and computation power. The Third Party Auditor is also an online party which is used for auditing every file access event. In addition, we also assume that the data owner can not only store data files but also run his own code on Cloud Servers to manage his data files.
ARCHITECTURE:
The architecture for cloud data storage is proposed in figure 1.The general form of data flow is as follows: Cloud Service Provider, Users, Cloud, Storage, Servers, Security, Message Flow, and Optional Third Party Auditor. The operations performed in this architecture are block update, delete, insert and append. In this model, the point-to-point communication channels between each cloud server and the user is authenticated and reliable.
USER
THIRD PARTY AUDITOR
USER
DATA FLOW
CLOUD DATA STORAGE
SECURITY MESSAGE FLOW
CLOUD SERVER/PROVIDER
SYSTEM ANALYSIS:
Our existing solution applies cryptographic methods by disclosing data decryption keys only to an authorized user. These solutions inevitably introduce a heavy computation overhead on the data owner for key distribution when fine grained data access control is desired, and thus do not scale well. In order to achieve secure, scalable and fine-grained access control on outsourced data in the cloud, we utilize and uniquely combine the following three advanced cryptographic techniques:
Key Policy Attribute-Based Encryption (KP-ABE).
Proxy Re-Encryption (PRE)
Lazy re-encryption
DESCRIPTION:
1) Key Policy Attribute-Based Encryption (KP-ABE):
KP-ABE is a public key cryptography primitive for one-to-many communications. In KP-ABE, data are associated with attributes for each of which a public key component is defined. User secret key is defined to reflect the access structure so that the user is able to decrypt a cipher text if and only if the data attributes satisfy his access structure. A KP-ABE scheme is composed of four algorithms which can be defined as follows:
Setup Attributes
Encryption
Secret key generation
Decryption
Setup Attributes:
This algorithm is used to set attributes for users. From these attributes public key and master key for each user can be determined. The attributes, public key and master key are denoted as,
Attributes- U= {1, 2….N}
Public key- PK=(Y, T1, T2…TN)
Master key- MK=(y,t1,t2...m)
Encryption:
This algorithm takes a message M, the public key PK, and a set of attribute I as input. It outputs the cipher Text E with the following format:
E= (I, `E, {Ei} i), where `E=MY, Ei=Ti.
Secret key generation:
This algorithm takes the following as input, an access tree T, the master key MK, and the public key PK. It outputs a user secret key SK as follows.
SK= {Ski}
Decryption:
This algorithm takes the following as the input, the cipher text E encrypted under the attribute set U, the user's secret key SK for access tree T, and the public key PK. Finally it output the message M if and only if U Satisfies T.
Proxy Re-Encryption (PRE):
Proxy Re - Encryption (PRE) is a cryptographic primitive in which the proxy is able to convert a cipher text that is encrypted under Alice's public key into another cipher text that can be opened by Bob's private key without seeing the underlying plaintext. A PRE scheme allows the proxy, given the proxy re-encryption key rka↔b to translate cipher texts under public key pk1 into cipher texts under public key pk2 and vice versa.
3) Lazy re-encryption:
The lazy re-encryption technique allows Cloud Servers to aggregate computation tasks of multiple operations. The multiple operations are update secret keys and update attributes.
CONCLUSION:
This document contains lists of security recommendations. To provide a security, we proposed a scheme that enables the data owner to perform some tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. Hence with the help of data security, we achieved our goal. That is we secured sensitive information with the proposal of some schemes.
