Automated Attribute-Based Solution Cryptographic Credentials For
Scalable Access Control InCloud ComputingLiterature surveyData
security and access control is one of the most challenging ongoing
research work in cloud computing, because of users outsourcing
their sensitive data to cloud providers. Existing solutions that
use pure cryptographic techniques to mitigate these security and
access control problems suffer from heavy computational overhead on
the data owner as well as the cloud service provider for key
distribution and management.Problems of access control in cloud
computing includes the mechanism to distribute decryption
key,number of users may become large and solution is not
efficient.[6]In distributed systems users need to share sensitive
objects with others basedon the recipients ability to satisfy a
policy. Attribute-Based Encryption (ABE)[3]is paradigm where such
policies are specified and cryptographically enforcedin the
encryption algorithm itself.the drawbacks include the threshold
lacksexpressibility,flexibility.Both ciphertext and decryption keys
are associated with set of attributes.[3]Ciphertext-Policy ABE
(CP-ABE)[1] is a form ofABE where policies are associated with
encrypted data and attributes are associatedwith keys. User
attributes are represented in keys. The advantage includes the user
who can see the message content can decrypt in absence of group
keys,It save the cost to distribute group keys.This scheme suffered
with the major drawback of lacking in updating efficiency,if any
changes made to the attribute the private key associated with the
attribute should also be changed.[1]CP-ASBE a new form of CP-ABE
which, unlike existingCP-ABE schemes that represent user attributes
as a monolithic set in keys, organizesuser attributes into a
recursive set based structure and allows users to imposedynamic
constraints on how those attributes may be combined to satisfy a
policy. Specifically CP-ASBE allows user attributes to be organized
into a recursive family of sets and policies that can selectively
restrict decrypting users to use attributes from within a single
set or allow them to combine attributes from multiple sets. Thus by
grouping user attributes into sets such that those belonging to a
single set have no restrictions on how they can be combined.Key
Policy Attribute Based Encryption(KP-ABE)[1],Cipher text is
associated with set of attributes where the decryption key is
associated with tree access structure. interior nodes of the access
tree are threshold gates and leaf nodes are associated with
attributes. User secret key is definedto reflect the access
structure so that the user is able to decrypta ciphertext if and
only if the data attributes satisfy his accessstructure.A KP-ABE
scheme is composed of four algorithmsSetup:This algorithm takes as
input a security parameter and the attribute universe U = {1, 2, .
. . ,N} of cardinalityN. It defines a bilinear group G1 of prime
order p with agenerator g,a bilinear map e : G1 G1 ! G2 which has
theproperties of bilinearity, computability, and non-degeneracy.It
returns the public key PK as well as a system master key.MK as
followsPK = (Y, T1, T2, . . . , TN)MK = (y, t1, t2, . . . ,tN)
While PK is publicly known toall the parties in the system, MK is
kept as a secret by theauthority party.Encryption:This algorithm
takes a message M, the public keyPK, and a set of attributes I as
input. It outputs the ciphertextKey Generation:This algorithm takes
as input an access treeT, the master key MK, and the public key PK.
It outputsa user secret key SK as follows. Then it outputs SK as
follows.SK = {ski}i2Lwhere L denotes the set of attributes attached
to the leafnodes of T and ski = gpi(0)ti .Decryption:This algorithm
takes as input the ciphertext Eencrypted under the attribute set I,
the users secret keySK for access tree T, and the public key PK. It
first computes e(Ei, ski) = e(g,g)pi(0)s for leaf nodes. Then,
itaggregates these pairing results in the bottom-up manner usingthe
polynomial interpolation technique. Finally, it may recoverthe
blind factor Y s = e(g, g)ysand output the message M ifand only if
I satisfies T. This is an enhanced KP-ABE scheme which supports
usersecret key accountability.[2]Fuzzy Identity Based Encryption
From Lattices[3],Inconstructing a Fuzzy IdentityBased Encryption
(Fuzzy IBE) scheme based on lattices. A fuzzy IBE scheme is exactly
like anidentity-based encryption scheme except that ciphertext
encrypted under an identity idenc can be decrypted using the secret
key correspondingto any identity iddecthat is close enough" to
idenc. Examples arise when using one's biometric information as the
identity, but also in general access control systems that permit
access as long asthe user satisfies a certain number of
conditions.Theconstruction is secure in the selective security
model under the learning with errors (LWE) secure under the
worst-case hardness of shortvector problems" on arbitrary lattices.
Extended the construction to handle large universes,and to resist
chosen ciphertext (CCA) attacks. [3]Identity Based Encryption(IBE)
is an important primitive ofID-based cryptography. As such it is a
type ofpublic-key encryptionin which thepublic key of a user is
some unique information about the identity of the user (e.g. a
user's email address). This can use the text-value of the name or
domain name as a key or the physical IP address it translates to.
The first implementation of an email-address based PKI was
developed byAdi Shamirin 1984which allowed users to verifydigital
signaturesusing only public information such as the user's
identifier.He was however only able to give an instantiation
ofidentity-based signatures. It includes the major advantages of
any identity-based encryption scheme is that if there are only a
finite number of users, after all users have been issued with keys
the third party's secret can be destroyed. This can take place
because this system assumes that, once issued, keys are always
valid .The obtained drawback is if a Private Key Generator (PKG)[7]
is compromised, all messages protected over the entire lifetime of
the public-private key pair used by that server are also
compromised. This introduces a key-management problem where all
users must have the most recent public key for the server.Because
the Private Key Generator (PKG) generates private keys for users,
it may decrypt and/or sign any message without authorisation. This
implies that IBE systems cannot be used fornon-repudiation IBE
solutions may rely on cryptographic techniques that are insecure
against code breakingquantum computerattacks.Hierarchical Identity
Based Encryption (HIBE)[5] system where the ciphertext consists of
just three group elements and decryption requires only two bilinear
map computations,regardless of the hierarchy depth. Encryption is
as ecient as in other HIBE systems.The scheme is selective-ID
secure in the standard model and fully secure in the random oracle
model. This system has a number of applications, it gives very
ecient forward secure public key and identity based cryptosystems ,
it converts the NNL broadcast encryption system into an ecient
public key broadcast system, and it provides an ecient mechanism
for encrypting to the future. The system also supports limited
delegation where users can be given restricted private keys that
only allow delegation to bounded depth.The HIBE system can be
modied to support sublinear size private keys at the cost of some
ciphertext expansion.[5]In Hierarchical Attribute Based
Encryption[4] to keep the shared data confidential against
untrusted cloud service providers (CSPs), a natural way is to store
only the encrypted data in a cloud. The key problems of this
approach include establishing access control for the encrypted
data, and revoking the access rights from users when they are no
longer authorized to access the encrypted data. This approach
solves both problems.[8]The hierarchical attribute-based encryption
scheme (HABE) is introduced by combining a hierarchical
identity-based encryption (HIBE) system and a ciphertext-policy
attribute-based encryption (CP-ABE) system, so as to provide not
only fine-grained access control, but also full delegation and high
performance.It provides the scalable revocation scheme by applying
proxy re-encryption (PRE) and lazy re-encryption (LRE) to the HABE
scheme, so as to efficiently revoke access rights from
users.[4]`REFERENCES[1]S. Yu, C. Wang, K. Ren, and W. Lou.
Achieving Secure, Scalable, and Fine-grained Data Access Control in
Cloud Computing. In Proceedings of IEEE INFOCOM 2010, pages
534-542.[2] G.Wang, Q. Liu, and J.Wu, Hierachicalattibute-based
encryption forfine-grained access control in cloud storage
services, in Proc. ACMConf. Computer and Communications Security
(ACM CCS), Chicago,IL, 2010.[3]S. Yu, C. Wang, K. Ren, and W. Lou,
Achiving secure, scalable, and fine-grained data access control in
cloud computing, in Proc. IEEEINFOCOM 2010, 2010, pp. 534542.
[4]R. Bobba, H. Khurana, and M. Prabhakaran, Attribute-sets: A
practicallymotivated enhancement to attribute-based encryption, in
Proc.ESORICS, Saint Malo, France, 2009. [5] A. Sahai and B. Waters,
Fuzzy identity based encryption, in Proc.Acvances in
CryptologyEurocrypt, 2005, vol. 3494, LNCS, pp.457473 [6] Dan
Boneh,XavierBoyen and Eu-Jin Goh,Hierarchical Identity Based
Encryption with Constant Size Ciphertext, , in Proc.Acvances in
CryptologyEurocrypt, 2005, vol. 3494, LNCS, pp.723-762[7]J. Li, N
Li, and W. H. Winsborough, Automated trust negotiation using
cryptographic credentials, in Proc. ACM Conf. Computer
andCommunications Security (CCS), Alexandria, VA, 2005.[8]T. Yu and
M. Winslett, A unified scheme for resource protection inautomated
trust negotiation, in Proc. IEEE Symp. Security and
Privacy,Berkeley, CA, 2003.
