Upload
vuongliem
View
213
Download
0
Embed Size (px)
Citation preview
International Journal of Modern Computer Science (IJMCS) ISSN: 2320-7868 (Online) Volume 4, Issue 2, April, 2016
RES Publication © 2012 Page | 125 http://ijmcs.info
Anti-Collusion Data Sharing Schema For Dynamic
Groups in Cloud Computing Environment
M. Usha M. Phil Research Scholar,
Department of Computer Science,
Mother Teresa Women’s University
Kodaikanal, India
Dr. K. Kavitha Assistant Professor,
Department of Computer Science,
Mother Teresa Women’s University
Kodaikanal, India
Abstract: Cloud Computing now a day is increasing over the last few years due to its attractive features like scalability, flexibility, low cost and
easy start up for the beginners. It provides effective security of the data and information in the cloud storage. The data Distribution in many
users accessing for dynamic groups preserves data and its identity and privacy from an untrusted cloud and grants access to frequent change of
membership. The group manager can revoke any number of users from the dynamic group. But there is possible for collusion when the revoked
user can try to access the cloud data without the knowledge of the group manager. In order to stop collusion, this paper proposes a set of schema
to make it possible. Primarily, a safe key distribution in a secure communication channel and the users can get the private key from the group
manager. Along with it, the group user can categorize their fine-grained access control as creator, reader and writer in the system. Also, the
revoked user of the group cannot get data and information from the untrusted cloud. Finally, this paper uses an effective polynomial function for
performing revocation of the group users.
Keywords: Cloud computing, anti-collusion, group manager, group user
I. INTRODUCTION
Cloud computing denotes to applications and services
distributed done on the Internet. These services are present
from data centers all over the existence, which joints are
referred to as the "cloud." This representation epitomizes the
intangible manner, and yet the universal nature of the Internet.
The hint of the "cloud" streamlines many networks and
computer systems, complicated in linked online services. This
symbolizes the Internet's wide-ranging reach, while
streamlining its complexity. Any user with an Internet
connection can contact the cloud and enjoy the services it
provides to them. Since these services are oftentimes coupled,
users can share information between several systems and with
other users.
The examples of cloud computing include
available backup services, dynamic social networking services,
and individual data services, etc. The Cloud computing also
includes online applications, such as those accessible through
Microsoft Online Services. The hardware services, similar as
redundant servers, mirrored websites or files, and Internet-
based clusters are also examples of cloud computing.
The services offered by the Cloud Computing are also
called as on demand computing, utility computing’s or pay as
we need to go computing. The services offered by the cloud
are Saas (Software as a service), Paas (Platform as Services),
Iaas (Infrastructure as Services). The deployment models of
cloud are Private Clouds, Public Clouds, Hybrid Clouds and
Community Clouds.
The cloud computing security is a definite set of
control based technologies and policies designed to observe to
monitoring the submission of rules and protect the information
and its data, application and infrastructure linked with cloud
computing to use. There are two issues in the security of the
cloud are Security issue faced by Cloud Service Provider
(CSP) and security issue faced by the users.
Some of the cloud security controls used is as stated
Deterrent Control
Preventive Control
Detective Control
Corrective Control
In cloud computing, preserving security and privacy
is quantified as Identity Management, Physical Security,
Personnel Security and Privacy. In addition to that, Data
security is enumerated as Data Confident, Data Access Control
and Data Integrity.
In this paper, we propose the secure key dispersion,
data confidentiality, fine grained access control, privacy
preserving user data application.
II. EXISTING SYSTEMS
In 2003, Kallahalla et al.[1] planned a system named
PLUTUS. It enables the secure file sharing on the untrusted
cloud servers by spending the cryptographic storage system.
Here, the files are divided into the file groups and encrypting
both groups with a unique file block key. Now then, the user
can share the file groups with the others by delivering the
matching lock box keys. The lock box key is used for
translating the file-block keys. But this conveys a heavy key
dispersion for the enormous amounts of file sharing.
Additionally, the file-block keys need to be restructured every
time every time the user revocation occurs. The updated keys
have to be distributed.
In 2007 C. Delerablee et al.[2] introduces advance,
capable constructions for public-key broadcast which suggests
International Journal of Modern Computer Science (IJMCS) ISSN: 2320-7868 (Online) Volume 4, Issue 2, April, 2016
RES Publication © 2012 Page | 126 http://ijmcs.info
stateless scheme receivers, collusion-safe encryption, and great
security. The new users can join anytime without inferring
modification of user decryption keys or even permanently
revoke any users. This system achieves the prime bound of
O(1). That is the size either for ciphertext or decryption keys,
or also bids a dynamic broadcast encryption technique that
improves all earlier efficiency methods for both finishing time
and its sizes in the private-key setting.
In 2013 Yong Cheng et al.[3] projected a security for
users to store and share their complex data in the cloud
storage. It provides a basic encryption and decryption for
security and data confidentiality. So, the cloud storage still has
some faults in its behavior. Primarily, it is ineffective for data
owners to allot the symmetric keys one by one, particularly
when there is a large number of files shared online. Also, the
access policy revocation is expensive, since the data owner has
to reclaim the data, and re-publish it. The first problem can be
resolved by consuming ciphertext policy attribute-based
encryption (CP-ABE) algorithm. To adjust the revocation
procedure, they are existing a new, capable revocation scheme.
In this schema, the original data are first divided into a number
of slices, and then issued to the cloud storage. When a
revocation occurs, the data owner requests only to retrieve one
slice, and re-encrypt and re-publish it. So, the revocation
process is affected by only one slice in its place of the whole
data.
III. DESIGN OBJECTIVES OF PROPOSED SYSTEM
The main design objectives of the schema include: [1]
A safe key dispersion with no secure
communication channel. The user gets the private
key from Certificate authorities with the public key.
The group users can provide fine-grained access
control of the group manager.
The group user can revoke from the dynamic groups
safely with the influence of the polynomial function.
The number of the user revoked is independent of the
existing user in dynamic groups getting the private
key.
A. SYSTEM MODEL
The System model consists of the Group Manager,
Group user, and the Cloud[1]. The Group member or group
users can divide as creator, reader and writer.
The system setup is as follows
Step1: Set up the Cloud Server
Step2: Confirm the Group Manager
Step3: Select Group Member with privileges
Step4: Group Member Registration
Step5: Key Distribution for Group Member & Group
Manager
Step 6: Data Read/Write/Create
Step 7: Revocation procedures
The work flow of the system model is
File Upload
Revocation File download
Approval
User Request
Consent ok
Divides as
B. Methodology
Preliminaries:[1]
Bilinear Maps:
Let G1 and G2 be additive cyclic groups of the same
prime order q.
Let e: G1 x G2 G2 denote a bilinear map
constructed with the following properties:
1. Bilinear: a, b Z*q and P,Q G1,
e( aP,bQ) = e(P,Q)ah
2. Non generate: There exists a point Q such
that e(Q.Q)≠ 1.
3. Computable: There is an efficient algorithm to
compute e(P,Q) for any P,Q G1.
C. Asymmetric Encryption Algorithm
Step 1: Select two Prime Numbers P and Q
Step 2: Compute N=p*q
Compute φ(N)=(p-1)*(q-1)
Step 3: Choose e such that 1<e<φ(N) and
e and N are Co prime
Step 4: Computer a value for d such that
(d *e) % φ(N)=1
Step 5: Public key is (e, N)
Private Key is (d, N)
The asymmetric Encryption techniques enable the
group manager to dynamically increase fresh user and at the
same time reserves the earlier calculated information. So,
newly joined users can straightly decrypt data files without
cloud
Group
Manager
Group User
1. Creator
2. Writer
3. Reader
International Journal of Modern Computer Science (IJMCS) ISSN: 2320-7868 (Online) Volume 4, Issue 2, April, 2016
RES Publication © 2012 Page | 127 http://ijmcs.info
contacting with the owners. So that there will be no need to
change user decryption keys.
D. System Entities Work
1. User Registration
For user registration of user member has an ID. The
group manager adds the user ID into the group user
list, which will be used in tracking. After registration,
user obtains a private key, with will be used for group
signature and file decryption. While during
registration itself, the user differentiates themselves
as a creator or a writer or a reader.
Registered to
Adds user to
Send to
2. Upload Files
The File upload is done only by the group
Manager or an admin.
3. Files Update
Moreover, the creator and writer only can do
editing of the data with the consent of the group
manager. The reader can only use the data content
with authorization.
4. File Deletion
The file or data stored in the cloud are
deleted by either the group manager or the
member who uploaded the file into the server.
5. Revoke user from the group
User revocation is performed by group manager
by executing a polynomial function done by group
manager alone. Once the user is revoked from the
group, then the group member cannot be able access
the cloud resources and its data.
Revokes
Details of Revoked user
Sent to
IV. ADVANTAGES OF PROPOSED SYSTEM
The computation cost is irrelevant to the number of
revoked users. Since the number of users revoked is
independent of the operations of the members to decrypt the
data files almost remain same. Again the cost is not dependent
on the number of users revoked. Because, the file upload in
this schema consists of two verifications for signature. The
user can obtain the private key safely from group manager
Certificate Authorities and secure communication channels.
This scheme supports the dynamic group efficiently, as in the
private key of any user need not to be changed when a user is
revoked.
V. CONCLUSION
Here, we frame a secure anti- collusion data sharing
schema for dynamic groups in cloud computing. The scheme
includes safe and secure key dispersion, fine grained access
control, safe user revocation procedure and no change of the
private key for the users are manipulated in the cloud
computing environment.
REFERENCES
[1] Zhongma Zhu and Rui Jiang, “A secure anti-collusion data
sharing scheme for dynamic groups in the cloud”, IEEE Transactions
on parallel and distributed systems, vol.27, no.1, January 2016
[2] C. Delerablee, P. Paillier, and D. Pointcheval, “Fully Collusion
Secure Dynamic Broadcast Encryption with Constant-Size
Ciphertexts or Decryption Keys,” Proc. First Int’l Conf. Pairing-
Based Cryptography, pp. 39-59, 2007.
[3] Yong CHENG, Jun MA and Zhi-ying “Efficient revocation in
cipertext-policy attribute-based encryption based cryptographic cloud
storage” Zhejiang University and Springer-Verlag Berlin 2011
[4] Xuefeng Liu, Yuqing Zhang, Boyang Wang, and Jingbo Yan,
“Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the
Cloud”, IEEE Transactions On Parallel and Distributed Systems,
Vol.24, No. 6, June 2013.
[5] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure,
Scalable, and Fine-Grained Data Access Control in Cloud
Computing,” Proc. IEEE INFOCOM, pp. 534- 542, 2010.
[6] D. Boneh, X. Boyen, and H. Shacham, Short Group Signature,
Proc. Intl Cryptology Conf. Advances in Cryptology (CRYPTO), pp.
41-55, 2004. D. Dolev and A. C. Yao, “On the security of public key
protocols,”
[7] B. Waters, “Ciphertext-Policy Attribute-Based Encryption: An
Expressive, Efficient, and Provably Secure Realization,”
Proc.Int’lConf. Practice and Theory in Public Key Cryptography
Conf. Public Key Cryptography, http://eprint.iacr.org/2008/290.pdf,
2008.
[8] Theory in Public Key Cryptography Conf. Public Key
Cryptography, http://eprint.iacr.org/2008/290.pdf, 2008.
[9] M. Armbust, A. Fox, R. Griffith, A. D. Joseph,R. Katz, A.
Konwinski, G.Lee, D. Patterson, A. Rabkin, I. Stoica and M. Zaharia,
“A view of cloud computing “, commun. ACM, vol. 53, no. 4, pp.50-
58, April 2010.
[10] https://en.wikipedia.org/wiki/Cloud_computing_security
Group user Group
Manager
Active User
List Cloud
Group
Manager User
Revocation
List Cloud