A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage by IJIRST

IJIRST â&#x20AC;&#x201C;International Journal for Innovative Research in Science & Technology| Volume 3 | Issue 10 | March 2017 ISSN (online): 2349-6010

A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage Sadanand H Bhuse ME Student Department of Computer Engineering Sinhgad Academy of Engineering Pune

Santosh N Shelke Assistant Professor Department of Computer Engineering Sinhgad Academy of Engineering Pune

Abstract Due to reliability, there are millions of the uses of the cloud storages. So clouds are widely developing field for various purposes. Many cloud hosts are providing services to different clients for their data. Due to disaster management cloud can be used as trustworthy storage mechanism. For such cloud storages encryption is done many a ways for securing data. The attribute based encryption is the method to encrypt the contents. This paper discusses the attribute based encryption method for the cloud storages. The method is also used to hide identity of the user that means the anonymous authentication can be implemented only by use of attributes. Keywords: Attributes, Encryption, Anonymity, Authentication _______________________________________________________________________________________________________ I.

INTRODUCTION

Cloud is the storage mechanism for various electronic data such as databases, Software, Platforms, communication services, Commercial data storages etc. The security is also a big issue for the contents in the storage at cloud. Various encryption mechanisms are used to protect data from unauthorized access as well as from the losses, attacks etc. There are methods used such as public key infrastructure, Identity based encryption as well as fuzzy identity based encryption method. The attribute based encryption is also a method to encrypt the contents by using attributes only. This paper contents few of these methods to secure cloud storage by using attribute based authentication. Many sensitive data can be secured by using this mechanism. For the same, we may achieve the anonymous authentication. II. ACCESS CONTROL AND ENCRYPTION FOR AUTHENTICATION The Encryption process is required to maintain security of the data, and also to control the access over the storage for specific users. Generally the access control can be Identity Based Access Control, Role Based Access Control or Attribute Based Access Control [2]. .

Fig. 1: Identity Based Access Control

227

A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage (IJIRST/ Volume 3 / Issue 10/ 042)

Fig. 2: Role Based Access Control

In User Based Access control, (Shown in fig 1) the system has list of authorized users who can get access after successful login process (i.e. to enter valid credentials). In case of Role Based (Shown in fig 2) Access Control the users are divided by their master roles. The certain role is eligible for the specific access. As there are too many users, UBAC is not feasible for the cloud storage. In second method there are groups and many persons can get same services as per group policy. In case of attribute based access control, it has extended scope. Each user is provided set of attributes. Only those users are allowed to access who have valid set of attributes [1]. The attribute based signature is also solution over the ring signature, group signature and mesh signatures as those are not feasible for cloud security due to various reasons [1] . (Shown in fig 3).

Fig. 3: Attribute Based Access Control By referring the references [1], [2]&[3] general comparison between above discussed access control methods is shown in following table fig no.4

Fig. 4: Comparison between Various access controls

228

A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage (IJIRST/ Volume 3 / Issue 10/ 042)

ABE is a technique with public key encryption based on the attributes possessed by the user. Using ABE, the data sets are encrypted with respect to access policy, after that it is stored it to the cloud. Users have sets of attributes and keys. So, only users who are matching the set of attributes are able to decrypt the contents on the storage in cloud. ABE has two classes as follows. 1) Key-policy ABE (KP-ABE) 2) Ciphertext-policy ABE (CP-ABE) The general comparison between these two policies are described in table below.(fig. 5)

Fig. 5: Comparison of Kp-Abe & Cp-Abe

In [7], Chase et.al presented an ABE scheme which is efficient for the case of multiple authorities. In which the sender specifies a set of attributes for each authority and a threshold number "k". Only if a user possess at least some "k" attributes from each authority, can decrypt the message. It is noticed that the allowed attributes can be monitored by any number of individual agencies. In this case the drawback may be the honesty of the administrator. In [5] , system uses combination of private key of the user with attributes expressed in strings. When a source encodes content, he requires specification of the access structure of attributes. The owner of the attribute satisfies the access structure alone, can decode the encrypted text stored by the source. The access structure is monotonic in this case. In the access structure, intermediate nodes contain gates and leaves contain attributes. The collusion-resistance is mandatory thing in this ref.: “If multiple users combine their attributes, the stored ciphertext can be decrypted only if at least one of the users could decrypt it on their own”[28]. The scheme is free from the collisions The limitation of this algorithm is attribute affects the length of the cipher text and the pairs. Lewko et.al discussed about a Multi-Authority ABE system [16], which is secure with respect to collusions of the number of users. In this system, any user can create keys and issue them to the particular user, without any public coordination. Using recent dual system encryption, the system has been established as secure system. This scheme considers the user’s privacy. In [1] Ruj et. al explained the distributed attribute based encryption method to keep user hidden i.e. user’s identity is kept hidden. Though there is curious administrator, is not capable to watch the users’ detail. In [17] , Lewko et.al presented Hierarchical Identity-Based Encryption (HIBE) and ABE schemes. With the increase in attribute space, the public parameters are also increased III. ANNONYMOUS AUTHENTICATION USING ABE In case of sensitive information storage, it is supposed to keep user unknown for the system and system administrator to avoid the conflictions and many more problems. In case of curious administrator, the contents will be visible but user will be hidden. Cao et.al proposed an anonymous authentication system [6]. The scheme express interaction between service provider and user here mobile user"s privacy is protected with Location Based Services (LBS). Privacy Protection is the major issue for Location Based Services. This is because; the mobile users will not disclose any details but service providers needs to authenticate valid users. In Cao et.al protocol, blind signature has been used by service providers to generate the user’s anonymous identity and ring signature has been used by users to shuffle the anonymous identity with other set of users[28]. In [24], Hua et.al proposed algorithm which is based on Diffie-Hellman problem, This scheme does not require CA. The key feature of the scheme is that the key escape and key revocation problems. The limitation is that it less efficient and less secure too, when using Identity based authentication in case of providing anonymous authentication. In [23], efficient and secure password based two-factor mutual authentication scheme using Schnorr digital signature and feature extraction from user"s finger-print was implemented by Yassin et.al.

229

A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage (IJIRST/ Volume 3 / Issue 10/ 042)

The system works without additional setup such as Software or devices are not required. This scheme has also additional feature such as anonymity, freely chosen password, mutual authentication, and session key agreement between user and service provider. The beneficial thing is that this system is resisting from off-line attack, dictionary attack, parallel session attack, MITM attack, insider attack, and replay attack etc. It works very better in case of password authentication system. It also allows users to to authenticate Service Provider to avoid active adversary attacks. Due to use of biometric it is more complex as far as the computations are concerned. Khan et.al proposed an Anonymous Cloud framework [15]. The framework covers the data provenance from nodes where data computation actually occurs and identities of the recipients by ownership labels and IP addresses. Using Tor anonymity circuit, the users have received and replied the private data / jobs to achieve the Anonymity. The data ownership metadata has been separated from labeled private data by utilizing public-key cryptography-based anonymous authentication. Separate node has been used to bill the customers by ownership metadata without having access to private data, while computation nodes carry out the anonymous job having access to private data. The advantage of Anonymous Cloud scheme is providing a high success rate against a large percentage of attackers in the system and data ownership privacy. The drawback is High Computational overhead in the construction of Tor circuits.[28] [1] This scheme is proposed for: A user is creating a file and storing to cloud. Two protocols are used in this scheme i.e ABE and ABS. as per fig 1 there are three users such as creator, reader, and writer. Here trustee provides token to creator, assuming that trustee in honest. Multiple KDCs are there which can be scattered. On presenting the token a creator or more KDCs receive keys for encryption or decryption and signing. As per fig SKs are secret keys given for decryption and Kx are keys for signing in. MSG is the encrypted message under access policy X. Access for the particular user is decided by access policy e.g. who can access data from the cloud storage. The claim policy is decided by creator to prove his authenticity and signs the message under the claim. The cipher-text C with signature is c and it is sent to cloud. The signature is verified by cloud. And cipher-text C is stores by cloud. If any user (reader) wants to read the contents, he must have same attributes for decrypting the data. The principle of creating file is used for write proceeds. The time required for individual users for verifying themselves is reduced due to the attribute based verification system designed. If it has enough attributes matching with the access policy, then it decrypts the information stored in the cloud. Storage mechanism in Cloud The registration of the user is done with one or more trustees. Then user gets tokens, private/public keys, and A . For an attribute x belonging to KDC Ai is calculated as Kx = K1/(a+bx) base , where (a, b) ∈ ASK[i]. The encrypted message can be explained as C = ABE . Encrypt (MSG,X) σ = ABS . Sign (Public key of trustee, Public key of KDCs, token, signing key, message, access claim) c = (C, τ, σ, Y). – This is the final information stored to the cloud. Retrieval from cloud If some user makes request to the cloud for accessing data, the cipher-text C is sent by cloud with SSH protocol. Decryption is committed using ABE .decrypt (C{skiu }) Writing to the clouds Using claim policy user requests for access to the cloud for writing something to the cloud. The claim policies are verified by the cloud and only those are permitted who are authentic.

Fig. 6: Claim Policy Structure

230

A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage (IJIRST/ Volume 3 / Issue 10/ 042)

IV. COMPARISON AMONG EXISTING SYSTEMS The comparison between various systems is shown in following table. System [2] [29] [3] [21] [5] [19] [14] [2]

Access Control (Fine Grained?) Yes Yes Yes Yes Yes Yes Yes Yes

Approach

W/R Access

Type of Encryption

Privacy Preserving

User Revocation?

Centralized Centralized Centralized Decentralized Centralized Decentralized Centralized Decentralized

OWMR OWMR OWMR OWMR OWMR OWMR MWMR MWMR

Symmetric Key AB Encryption AB Encryption AB Encryption AB Encryption AB Encryption AB Encryption AB Encryption

No authentication No authentication No authentication No authentication No authentication No privacy preserving authentication authentication

No No No Yes No Yes No Yes

V. CONCLUSION The attribute based access control, authentication, signature are the best methods to provide secure access control for various storages (especially cloud storages). In case of sensitive information, we can keep identity of the user hidden i.e. anonymous authentication can be achieved using attribute based access control. Though there is curious administrator, we can keep details of the users secret. In such cases only the content are visible but user is known only with its attribute not by its identity or role. ACKNOWLEDGEMENT Our heartfelt thanks goes to Sinhgad academy of engineering, kondhwa pune for providing strong platform to develop our skills and capabilities I would like to thank HOD Mr. Gite B.B, my guide Mr. Shelke S.N. and all the teachers for their valuable guidance. I would also like to thank everybody who directly or indirectly helped for processing the paper. REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24]

Sushmita Ruj, Milos Stojmenovic, Amiya Nayak “Decentralized Access Control with AnonymousAuthentication of Data Stored in Clouds” IEEE Transactions On Parallel And Distributed Systems Vol:25 No:2 Year 2014. C. Wang, Q. Wang, K. Ren, N. Cao and W. Lou, “Toward Secure and Dependable Storage Services in Cloud Computing”, IEEE T. ServicesComputing, vol. 5, no. 2, pp. 220–232, 2012 Kartik, Chandrasekhar B N, Lakshmi H.“Fully Anonymous Attribute-Based Encryption with Privacy and Access Privilege”. International Conference on Computational Systems and Information Systems for Sustainable Solutions 2016. Allison Lewko,“Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption” Bethencourt J., Sahai A. and Waters B., "Ciphertext-Policy Attribute Based Encryption, " in IEEE Symposium on Security and Privacy, 2007. Cao Y., Li Y., Li H. and Wang x., "An Anonymous Authentication Protocol for Privacy Protection in Location Based Services, " in WiCOM, 2008. Chase M., "Multi-Authority Attribute-Based Encryption, " in TCC,2007. Faiza Fakhar and Muhammad Awais Shibli., "Management of Symmetric Cryptographic Keys in Cloud Based Environment " - International Conference on Advanced Communications Technology,20l3. Guojun Wang. and Qin Liu., "Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services, " in Proc. ACM Conf. Computer and Communications Security (ACM CCS), Chicago,IL, 2010. Han 1., Susilo W. and Mu Y.," Privacy-Preserving Decentralized Attribute-Based Encryption, " in IEEE Transactions on Parallel and Distributed Systems vo1.23, 2012. Hur J. and Noh D K., "Attribute-based access control with efficient revocation in data outsourcing systems, " in IEEE Transactions on Parallel and Distributed Systems, 20 II. Jaccard 1., Manraj A. and Nepal S., "Portable Key Management Service for Cloud Storage, " - 8th International Conference on Collaborative Computing, 2012. Jahid, Mittal P. and Borisov N., "EASiER: Encryption-based access control in social networks with efficient revocations, " in ACM ASIACCS, 20 II. Jyun-Yao Huang., I-En Liao. and Chen-Kang Chiang, "Efficient Identity-Based Key Management for Configurable Hierarchical Cloud Computing Environment, " -IEEE Transactions on Parallel and Distributed Systems, 2011. Khan S M. and Hamlen K M., "AnonymousCloud: A Data Ownership Privacy Provider Framework in Cloud Computing, " - IEEE II th International Conference on Trust, Security and Privacy in Computing and Communications, 2012. Lewko A., and Waters B., "Decentralizing Attribute Based Encryption, " in EUROCRYPT,2011. Lewko A. and Waters B., "Unbounded HTBE and Attribute-Based Encryption, " in EUROCRYPT, 2011. Liang x., Lu R., Lin X. and Shen X. "Cipher text Policy Attribute Based Encryption with Efficient Revocation, " Technical report, Univ. of Waterloo, 2011. Kan Yang, Xiaohua Jia and Kui Ren, “ DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems”, IACR Cryptology ePrint Archive, 419, 2012. ShuchengYu., Cong Wang., KuiRen. and Wenjing Lou., "Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing, " in Proc. IEEE TNFOCOM , pp. 534-542, 2010. Yan Zhu., Hongxin Hu., Gail-JoonAhn., Dijiang Huang. And Shanbiao Wang., “Towards Temporal Access Control in Cloud Computing, " in INFOCOM, 2010. Yassin A., Jin H., Ibrahim A., Qiang W. and Zou D., "A Practical Privacy-Preserving Password Authentication Scheme for Cloud Computing, " - IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum, 2012. Yu S., Wang C., Ren K. and Lou W., "Attribute based data sharing with attribute revocation, " in ACM Symposium on Information, Computer and Communications Security, pp. 261 - 270, 2010. 349 Zhang zhi-hua., Li jian-jun., Jiang Wei., Zhao Yong. and Gong Bei, "An New Anonymous Authentication scheme for Cloud Computing, " - International Conference on Computer Science and Education (ICCSE), 2012.

231

A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage (IJIRST/ Volume 3 / Issue 10/ 042) [25] Tysowski P.K., Hasan M.A., "Cloud-hosted key sharing towards secure and scalable mobile applications in clouds, " – International Conference on Computing, Networking and Communications (ICNC), 2013. [26] Sumathi, R. ; Kirubakaran, E. ; Thangavel, M., "A secure data transfer mechanism using single-handed re-encryption technique ", International Conference on Emerging Trends in Science, Engineering and Technology (INCOSET), Page(s): I - 9 2012 [27] Varalakshmi, P. ; Thangavel, M. ; Nithya, K. ; Priya, T. ; Sakthya, D. , EDSRPPC: “An efficient data storage and retrieval through personalization and prediction in cloud”, Fifth International Conference on Advanced Computing (ICoAC), Page(s): 413 – 418 2013. [28] M. Thangavel et al “A Survey On Security Over Data Outsourcing”, Sixth International Conference on Advanced Computing (ICoAC),2014 [29] M. Li, S. Yu, K. Ren, and W. Lou, “Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multiowner settings,” in SecureComm, pp. 89–106, 2010.

232