International Journal of Scientific Research in ... · ID-based encryption, or identity-based...

A SECURED AND SEARCHABLE KEY POLICY ATTRIBUTE BASE

ENCRYPTION IN CLOUD STORAGE

Priyanka Shah*, Pragnesh Patel

Computer Engineering, Ipcowala Institute of Engineering and Technology, Dharmaj, India.

CORRESPONDING AUTHOR S ADDRESS:

Ms. Priyanka Shah

PG Scholar,

Dept. of Computer Engineering

Ipcowala Institute of Engineering and Technology, Dharmaj, India.

ABSTRACT:

Cloud computing is most popular technologies used for handling voluminous data and its

storage. Lots of useful applications and services are developed and later provided to regular

users. Cloud computing technology provides unlimited resources and services like data

storage service which helps to manage the user data. In cloud computing, to protect data from

leaking, users need to encrypt their data before being shared. Many cryptographic algorithms

are used for encryption of the data. Existing schemes Identity Based Encryption, RSA, AES

are not suitable for one-upload-many-download cloud storage systems. This paper focuses on

key policy attribute based encryption technique and a comparison table. Attribute-based

encryption (ABE) is a public-key based one-to-many encryptions that allows users to encrypt

and decrypt data based on user attributes. On top of this using KP-ABE on-demand

revocation, fine gained access control is also achieved.

KEYWORDS:

Identity Based Encryption, RSA, AES, on demand revocation, fine gained access control

INTRODUCTION

Cloud computing has been one of the popular technologies in the past recent years. Tons of

useful applications and services are developed and later provided to regular users. Take cloud

storage service as an example; Drop box, Google Drive, ASUS CLOUD, Sky Drive, etc.,

allow users to store their data in cloud storage and access them remotely later. With the

burgeoning of network technology and mobile terminal, online data sharing has become a

new “pet”, such as Facebook, MySpace, and Badoo.[1] Meanwhile, cloud computing is one

of the most promising application platforms to solve the explosive expanding of data sharing.

In cloud computing, to protect data from leaking, users need to encrypt their data before

being shared. Access control is paramount as it is the first line of defense that prevents

International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017

IJSRE Vol. 1 (2), February, 2017 www.ijsre.in 2

unauthorized access to the shared data. Recently, attribute-based encryption (ABE) has been

attracted much more attentions since it can keep data privacy and realizes fine-grained, one-

to-many, and non interactive access control[1]. Attribute-based encryption (ABE) is a

relatively recent approach that reconsiders the concept of public-key cryptography. In

traditional public-key cryptography, a message is encrypted for a specific receiver using the

receiver’s public-key. Identity-based cryptography and in particular identity-based encryption

(IBE) changed the traditional understanding of public-key cryptography by allowing the

public-key to be an arbitrary string, e.g., the email address of the receiver. ABE goes one step

further and defines the identity not atomic but as a set of attributes, e.g., roles, and messages

can be encrypted with respect to subsets of attributes (key-policy ABE - KP-ABE). There are

authority, sender and receiver in the ABE scheme, and authority’s role is to generate keys for

data sender and users to encrypt or decrypt data. In this scheme, the authority generates keys

according to attributes; and these attributes of public key and master key, which are

generated by the authority.

RELATED WORK

Criteria of Attribute Base Encryption

Constraints of an ideal attribute-based encryption schemes are listed as follows:

1. Data confidentiality

Data Confidentiality is a set of rules or a promise that limits access or places restrictions on

certain types of information. In cloud, the data was encrypted by the data owner and

unauthorized parties including the cloud cannot know the information about the encrypted

data hence data confidentiality is maintained.

2. Secured access control: Secured Access Control is any mechanism by which a cloud

system grants or revokes the right to access some data, or perform some action. In cloud users

are granted with different access right to access data to provide security.

3. Scalability: Scalability is defined as the capability to handle the user load supported, the

number of transactions, the data volume etc. When the authorized users increase, the system

can work efficiently. So the number of authorized users cannot affect the performance of the

system.

4. User accountability: If the authorized user is dishonest, he would share his attribute

private key with the other unauthorized user. It causes the problem that the illegal key would

share among unauthorized users.


IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 13

5. User revocation: If the user quits the system, the scheme can revoke his access right from

the system directly. The revocable user cannot access any stored data, because his access

right was revoked.

Key Policy Attribute Based Encryption

It is a public key cryptography primitive that is for one-to-many communications. In this,

data are associated with attributes for each of which a public key is defined. The one who

encrypts the data, i.e., the encrypt associates the set of attributes to the data or message by

encrypting it with a public key. Users are assigned with an access structure which is defined

as an access tree over the data attributes. The nodes those are interior of the access tree. Key-

policy attribute-based encryption (KP-ABE) is an important class of ABE [7][10], where

cipher texts are labeled with sets of attributes and private keys are associated with access

structures that control which cipher texts a user is able to decrypt. KP-ABE has important

applications in data sharing on un trusted cloud storage. However, the cipher text size grows

linearly with the number of attributes embedded in cipher text in most existing KP-ABE

schemes. In cloud computing, an access control mechanism based on KP-ABE together with

a re-encryption technique is used for efficient user revocation. This scheme enables a data

owner to reduce most of the computational overhead to cloud servers. The use of this

encryption scheme KP-ABE provides fine-grained access control.

LITERATURE SURVEY ON VARIOUS ENCRYPTION METHOD

The challenges in privacy protection are sharing data while protecting personal information.

The typical systems that require privacy protection are e-commerce systems that store credit

cards and health care systems with health data. The ability to control what information to

reveal and who can access that information over the Internet has become a growing concern.

These concerns include whether personal information can be stored or read by third parties

without consent, or whether third parties can track the web sites someone has visited. Another

concern is whether web sites which are visited collect, store, and possibly share personal

information about users. The key to privacy protection in the cloud environment is the strict

separation of sensitive data from non-sensitive data followed by the encryption of sensitive

elements. The problem of searching over encrypted data has become an important issue in

security and cryptography. Users outsource their data to un-trusted server. But user doesn’t

have trust on it as he loses control over the data. Hence the confidentiality of data is a major

concern in cloud security. To achieve the confidentiality, data is stored in encrypted form on

cloud storage. But, it is difficult to perform any operation on encrypted data. User need to

download the encrypted data, and then decrypt it and performs operation on it. The resulting

data need to be encrypted and uploaded on the cloud.

Authors explain and solve the interesting problem of privacy preserving multi keywords

ranked search over encrypted cloud data[8], and create a set of strict privacy necessities for



such a safe cloud data application system to be effected in real. They first offer a basic idea

for the multi keyword ranked search over encrypted cloud data (MRSE) based on effective

comparison measure of coordinate matching, i.e. as many matches as possible, in order to

capture the significance of data documents to the search query. Then they give two

considerably developed multi keywords ranked search encryption schemes to reach many

tough privacy requirements in two differ threat models. Firstly they describe and resolve the

difficult of multi-keyword ranked search over encrypted cloud data, and create a variety of

privacy requirements. Between numerous multi-keyword semantics, they select the effective

similarity measure of “coordinate matching” [1][7][10], i.e., as various matches as likely, to

effectively capture the relevance of outsourced documents to the query communication.

Advantages of RSA algorithm

Convenience: It solves the problem of distributing the key for encryption.

Disadvantages of RSA algorithm

Still the real queries can be connected to real identity.

A Sharable ID-based encryption with keyword search in cloud computing environment[5],

which enables users to search in data owners’ shared storage while preserving privacy of

data. For the performance analysis, they demonstrate the compared resultant with others ID-

based or ID-relative encryption. In addition to that, authors show the formal proof to verify

the security. they focus on asymmetric searchable encryption schemes, more precisely, public

key encryption with keyword search (PEKS) schemes and identity-based encryption with

keyword search (IDEKS) schemes. However, unlike other researchers, they mainly focus on

IDEKS in cloud storage, in which the public information of data owner is also involved in

algorithms. This is because users are able to search in the owner’s storage and we need to

take care of the owner’s privacy.

Advantages of ID-based encryption

A recipient’s public key is derived from his identity.

Disadvantages of ID-based encryption

Need for regular renewals.

A novel multi-keyword fuzzy search scheme[4] by exploiting the locality-sensitive hashing

technique. Their scheme achieves fuzzy matching through algorithmic design rather than

expanding the index file. It also eliminates the need of a predefined dictionary and effectively

supports multiple keyword fuzzy searches without increasing the index or search complexity.

Extensive analysis and experiments on real-world data show that their scheme is secure,

efficient and accurate.



Advantages of Searchable Encryption

Its virtually unlimited data storage capabilities.

Disadvantages of Searchable Encryption

It is a time consumes process.

Sr.No Algorithm Drawbacks Description

1 Identity-

Based

Encryption

1. IF the key is public,

someone may be able to

figure out the private key.

2. For large files, strong

encryption may take

significant time to decrypt

Requires a secure channel

between a sender or

recipient and the IBE

server for transmitting the

private key.

ID-based encryption, or identity-

based encryption (IBE)[5] is an

important primitive of ID-based

cryptography. As such it is a type of

public-key encryption in which the

public key of a user is some unique

information about the identity of the

user (e.g. a user's email address).

2 AES 1. Too Simple algebraic

structure.

2. Problem in sharing keys.

3. Encryption process is

slow

It is a symmetric key block cipher

established by the U.S. NIST in 2001.

AES is based on substitution and

permutation network, it is fast in both

hardware and software. It has a fixed

block size of 128 bits and key size

of 128, 192 and256 bits. If the key

size is 128 bits AES perform 10

rounds, if the key size is 192 bits

it performs 12 rounds and if the key

size is 256 rounds it performs 14

rounds

3 RSA 1. Public keys should/must

be authenticated

2. public key encryption is

slow compared to

symmetric encryption

3. loss of private key may be

irreparable

RSA is designed by Ron Rivest, Adi

Shamir, and Leonard Adleman in

1978. It is one of the best known

public key cryptosystems for key

exchange or digital signatures or

encryption of blocks of data. RSA

uses a variable size encryption block

and a variable size key. It is an

asymmetric (public key) cryptosystem

based on number theory, which is a

block cipher system

Table 1: Comparison of Various Encryption Method



The original goal of searchable encryption is to provide privacy-preserving keyword searches

of encrypted data against an intermediate gateway such as a mail server or a network router,

which involves a message exchange process between the sender and the receiver. The first

searchable encryption scheme was the Public-key Encryption with Keyword Search (PEKS)

scheme based on Identity-Based Encryption (IBE), originally proposed by Boneh et al. Since

PEKS is devised to forward the encrypted contents to a designated receiver with its unique

identity, this scheme restricts expressiveness as regards access policy. To provide better

expressiveness, other searchable encryption schemes based on ABE are introduced.

Sr.

No

Techniques Drawbacks Description

1 Searchable

Encryption

Tech[9]

Due to symmetric-key-based solutions

more complex data utilization cannot

be efficiently evaluated.

They introduce a scheme where

they prevent from leaking

information about search data

and user query

2 Multi-

keyword

ranked

search[8]

Their solution does not tolerate

keyword spelling error.

they choose the efficient

principle of “coordinate

matching” They provide strict

privacy to make cloud data

accessing more secure with

MRSE

3 Multi

keyword

fuzzy search

scheme[4]

Time consuming process They provide fuzzy matching

without any search complexity.

They achieve this by several

novel designs based on locality-

sensitive hashing (LSH) and

Bloom filters.

Table 2: Comparison of Various Searching Method

SYSTEM ARCHITECTURE OF KP-ABE

This system involves four different entities.

1. A data encryptor can mark a specified keyword description for a data, and upload the

encrypted data to a cloud server. It can be a data receiver as well (indicating a user

encrypts data for itself).

2. A data receiver can download encrypted data from cloud server, have fully decryption

rights of the encrypted data, but also to construct a search token with help of a fully

trusted authority.

3. A fully trusted authority takes charge of generating the public parameters for the

system, initializing the system, issuing a partial search token to a data receiver to help

the data receiver construct a keyword search token.



4. A cloud server given a search token associated with a search policy and a ciphertext

tagged with unknown keyword description, it verifies whether the ciphertext and the

token match or not. If there is a match, output 1 and return the corresponding

ciphertext; otherwise, output 0.

Key Policy Attribute based Encryption Algorithm

All the parameters described in this scheme and parameters of the ABE scheme are the same

[1]. Only Key Gen() and Decrypt() part will be changed.

Setup(d): The authority uniformly and randomly chooses t1,...,tn, y from Zq, and

publishes the public key, PK=(T1=gt1,...,Tn=gtn,Y=e(g ,g)y). And the master

key is MK= (t1,...,tn,y).

KeyGen(AU−KP,PK,MK): The authority generates private key components for

each leaf node x in the access structure. The private key components are where i is

equal to a leaf node in the access structure. These components will be merged into the

user's private key, and be sent to an user.

Encrypt (ACT, PK, M): Data owner encrypts message M∈G2 with a set of

attributes ACT. Choose a random number s ∈ Zq, and the encrypted data is

published as CT= (ACT,E = MYs = e(g, g) Ei=gtis}∀i∈ACT

Decrypt (CT,D): This algorithm can be executed by a recursive algorithm, It inputs the

encrypted data, user's private key, and nodes of the access structure in user's private key. If i

is equal to the leaf node, and i is in the access structure of user's private key, it will call the

decrypt node function, e( Dx, Ei) = e(g, g)s·qx(0) If i is not in the access structure of an

user's private key, it will call the decrypt node function; and it outputs invalid. If i is not

equal to the leaf node, it will call decrypt node function and input all children nodes of node

x, z, and use lagrange coefficient to compute to obtain e(g, g) s·qx(0).

Notation Signification

Gx The bilinear group of prime order p, x = 1; 2

G A generator of G1

AU Attributes of data user U in private key

ACT Attributes with the encrypted data CT

AU_KP The access structure in user's private key

D User's private key

M The Message

PK Public key

MK Master key

Table 3: The notations



ADVANTAGES OF KP-ABE SCHEME

1. To reduce the communication overhead of the Internet,

2. To provide a fine-grained access control.

3. This effectively eliminates the need to rely on the data storage server for preventing

unauthorized data access and provides integrity. The scheme substantially reduced

the computation time required for resource-limited devices to recover plaintexts.

4. Data can be encrypted with respect to subsets of attributes. The key issue is that

someone should only be able to decrypt a cipher text if the person holds a key for

"matching attributes" where user keys are always issued by some trusted party.

5. Data confidentiality

6. On-demand revocation

7. Write access control

8. Scalability and usability

CONCLUSION

Remotely data storage delivers convenience to Internet users and meanwhile, brings security

concerns. The fact that users cannot have full physical possession of their data immediately

rises up two serious practical questions: how to guarantee the confidentiality of the data, and

how to retrieve the data. In this paper we proposed an efficient file hierarchy attribute-based

encryption scheme .The layered access structures are integrated into a single access structure,

and then, the hierarchical files are encrypted with the integrated access structure. Data owners

encrypt their secret data for the data receivers using KP-ABE Encryption scheme. The

ciphertext components related to attributes could be shared by the files. Therefore, both

ciphertext storage and time cost of encryption are saved.

REFERENCES

1] Privacy-Preserving and Regular Language Search over Encrypted Cloud Data,Kaitai

Liang, Xinyi Huang, FuchunGuo, and Joseph K. Liu,IEEE Transactions on Information

Forensics and Security, 2016.

2] The Foundation of Cryptography. Basic Applications, Goldreich, Vol.2. Cambridge

University Press, 2004.

3] Can homomorphic encryption be practical?,Naehrig, M., Lauter, K., Vaikhuntanathan,

V. , In Proceedings of the 3rd

ACM Cloud Computing Security Workshop, CCSW,

2011.

4] Fuzzy keyword search over encrypted data in cloud computing, J. Li, Q. Wang, C.

Wang, N.

5] Cao, K. Ren, and W. Lou,in IEEE INFOCOM 2010, mini-conference, San Diego, CA,

USA, March 2010.



6] Identity-based encryption from the weil pairing. In: Proceedings of advances in

cryptology, Boneh D, Franklin M, CRYPTO, vol 2001, pp 213–229.

7] Public key encryption with keyword search, D. Boneh, G. D. Crescenzo, R. Ostrovsky,

and G. Persiano.In EUROCRYPT, vol. 3027 of LNCS,pp. 506–522. Springer, 2004.

8] Conjunctive, subset, and range queries on encrypted data, D. Boneh and B. Waters, In

TCC, vol. 4392 of LNCS, pp. 535–554. Springer,2007.

9] Privacy-preserving multi-keyword ranked search over encrypted cloud data.N. Cao, C.

Wang, M. Li, K. Ren, and W. Lou, IEEE Trans. ParallelDistrib. Syst., 25(1):222–233,

2014.

10] Practical techniques for searches on encrypted data,D. X. Song, D. Wagner, and A.

Perrig, In S&P, pp. 44–55. IEEE Computer Society, 2000.

11] Functional encryption for regular languages, B. Waters, In CRYPTO, vol. 7417 of

LNCS, pp. 218–235. Springer, 2012.

12] Public-key encryption with fuzzy keyword search: A provably secure scheme under

keyword guessing attackP. Xu, H. Jin, Q. Wu, and W. Wang, IEEE Trans. Computers,

62(11):2266–2277, 2013.

13] VABKS: verifiable attribute-based keyword search over outsourced encrypted data. Q.

Zheng, S. Xu, and G. Ateniese, In INFOCOM, pp. 522–530. IEEE, 2014.

14] Analysis of Security Algorithms in Cloud Computing, Randeep Kaur ,SupriyaKinger, in

International Journal of Application or Innovation in Engineering & Management

(IJAIEM), Volume 3, Issue 3, March 2014.

15] Searching Techniques in Encrypted Cloud Data, Deepa P L, S Vinoth Kumar, Dr S

Karthik, inInternational Journal of Advanced Research in Computer Engineering &

Technology (IJARCET), Volume 1, Issue 8, October 2012.

16] A Survey of Different Searching Techniques for Encrypted Data Sharing on Cloud,

17] Ajay Gawade, Rashmi Dhumal, in International Journal of Advanced Research in

Computer Science and Software Engineering,Volume 6, Issue 7, July 2016.

18] Practical techniques for searches on encrypted data, D.Song,D.wanger, and A.Perrig,in

Proc. of S&P, 2000.



International Journal of Scientific Research in ... · ID-based encryption, or identity-based...

Documents

Transcript of International Journal of Scientific Research in ... · ID-based encryption, or identity-based...