International Journal of Scientific Research in ... · ID-based encryption, or identity-based...
Transcript of International Journal of Scientific Research in ... · ID-based encryption, or identity-based...
A SECURED AND SEARCHABLE KEY POLICY ATTRIBUTE BASE
ENCRYPTION IN CLOUD STORAGE
Priyanka Shah*, Pragnesh Patel
Computer Engineering, Ipcowala Institute of Engineering and Technology, Dharmaj, India.
CORRESPONDING AUTHOR S ADDRESS:
Ms. Priyanka Shah
PG Scholar,
Dept. of Computer Engineering
Ipcowala Institute of Engineering and Technology, Dharmaj, India.
ABSTRACT:
Cloud computing is most popular technologies used for handling voluminous data and its
storage. Lots of useful applications and services are developed and later provided to regular
users. Cloud computing technology provides unlimited resources and services like data
storage service which helps to manage the user data. In cloud computing, to protect data from
leaking, users need to encrypt their data before being shared. Many cryptographic algorithms
are used for encryption of the data. Existing schemes Identity Based Encryption, RSA, AES
are not suitable for one-upload-many-download cloud storage systems. This paper focuses on
key policy attribute based encryption technique and a comparison table. Attribute-based
encryption (ABE) is a public-key based one-to-many encryptions that allows users to encrypt
and decrypt data based on user attributes. On top of this using KP-ABE on-demand
revocation, fine gained access control is also achieved.
KEYWORDS:
Identity Based Encryption, RSA, AES, on demand revocation, fine gained access control
INTRODUCTION
Cloud computing has been one of the popular technologies in the past recent years. Tons of
useful applications and services are developed and later provided to regular users. Take cloud
storage service as an example; Drop box, Google Drive, ASUS CLOUD, Sky Drive, etc.,
allow users to store their data in cloud storage and access them remotely later. With the
burgeoning of network technology and mobile terminal, online data sharing has become a
new “pet”, such as Facebook, MySpace, and Badoo.[1] Meanwhile, cloud computing is one
of the most promising application platforms to solve the explosive expanding of data sharing.
In cloud computing, to protect data from leaking, users need to encrypt their data before
being shared. Access control is paramount as it is the first line of defense that prevents
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 12
unauthorized access to the shared data. Recently, attribute-based encryption (ABE) has been
attracted much more attentions since it can keep data privacy and realizes fine-grained, one-
to-many, and non interactive access control[1]. Attribute-based encryption (ABE) is a
relatively recent approach that reconsiders the concept of public-key cryptography. In
traditional public-key cryptography, a message is encrypted for a specific receiver using the
receiver’s public-key. Identity-based cryptography and in particular identity-based encryption
(IBE) changed the traditional understanding of public-key cryptography by allowing the
public-key to be an arbitrary string, e.g., the email address of the receiver. ABE goes one step
further and defines the identity not atomic but as a set of attributes, e.g., roles, and messages
can be encrypted with respect to subsets of attributes (key-policy ABE - KP-ABE). There are
authority, sender and receiver in the ABE scheme, and authority’s role is to generate keys for
data sender and users to encrypt or decrypt data. In this scheme, the authority generates keys
according to attributes; and these attributes of public key and master key, which are
generated by the authority.
RELATED WORK
Criteria of Attribute Base Encryption
Constraints of an ideal attribute-based encryption schemes are listed as follows:
1. Data confidentiality
Data Confidentiality is a set of rules or a promise that limits access or places restrictions on
certain types of information. In cloud, the data was encrypted by the data owner and
unauthorized parties including the cloud cannot know the information about the encrypted
data hence data confidentiality is maintained.
2. Secured access control: Secured Access Control is any mechanism by which a cloud
system grants or revokes the right to access some data, or perform some action. In cloud users
are granted with different access right to access data to provide security.
3. Scalability: Scalability is defined as the capability to handle the user load supported, the
number of transactions, the data volume etc. When the authorized users increase, the system
can work efficiently. So the number of authorized users cannot affect the performance of the
system.
4. User accountability: If the authorized user is dishonest, he would share his attribute
private key with the other unauthorized user. It causes the problem that the illegal key would
share among unauthorized users.
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 13
5. User revocation: If the user quits the system, the scheme can revoke his access right from
the system directly. The revocable user cannot access any stored data, because his access
right was revoked.
Key Policy Attribute Based Encryption
It is a public key cryptography primitive that is for one-to-many communications. In this,
data are associated with attributes for each of which a public key is defined. The one who
encrypts the data, i.e., the encrypt associates the set of attributes to the data or message by
encrypting it with a public key. Users are assigned with an access structure which is defined
as an access tree over the data attributes. The nodes those are interior of the access tree. Key-
policy attribute-based encryption (KP-ABE) is an important class of ABE [7][10], where
cipher texts are labeled with sets of attributes and private keys are associated with access
structures that control which cipher texts a user is able to decrypt. KP-ABE has important
applications in data sharing on un trusted cloud storage. However, the cipher text size grows
linearly with the number of attributes embedded in cipher text in most existing KP-ABE
schemes. In cloud computing, an access control mechanism based on KP-ABE together with
a re-encryption technique is used for efficient user revocation. This scheme enables a data
owner to reduce most of the computational overhead to cloud servers. The use of this
encryption scheme KP-ABE provides fine-grained access control.
LITERATURE SURVEY ON VARIOUS ENCRYPTION METHOD
The challenges in privacy protection are sharing data while protecting personal information.
The typical systems that require privacy protection are e-commerce systems that store credit
cards and health care systems with health data. The ability to control what information to
reveal and who can access that information over the Internet has become a growing concern.
These concerns include whether personal information can be stored or read by third parties
without consent, or whether third parties can track the web sites someone has visited. Another
concern is whether web sites which are visited collect, store, and possibly share personal
information about users. The key to privacy protection in the cloud environment is the strict
separation of sensitive data from non-sensitive data followed by the encryption of sensitive
elements. The problem of searching over encrypted data has become an important issue in
security and cryptography. Users outsource their data to un-trusted server. But user doesn’t
have trust on it as he loses control over the data. Hence the confidentiality of data is a major
concern in cloud security. To achieve the confidentiality, data is stored in encrypted form on
cloud storage. But, it is difficult to perform any operation on encrypted data. User need to
download the encrypted data, and then decrypt it and performs operation on it. The resulting
data need to be encrypted and uploaded on the cloud.
Authors explain and solve the interesting problem of privacy preserving multi keywords
ranked search over encrypted cloud data[8], and create a set of strict privacy necessities for
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 14
such a safe cloud data application system to be effected in real. They first offer a basic idea
for the multi keyword ranked search over encrypted cloud data (MRSE) based on effective
comparison measure of coordinate matching, i.e. as many matches as possible, in order to
capture the significance of data documents to the search query. Then they give two
considerably developed multi keywords ranked search encryption schemes to reach many
tough privacy requirements in two differ threat models. Firstly they describe and resolve the
difficult of multi-keyword ranked search over encrypted cloud data, and create a variety of
privacy requirements. Between numerous multi-keyword semantics, they select the effective
similarity measure of “coordinate matching” [1][7][10], i.e., as various matches as likely, to
effectively capture the relevance of outsourced documents to the query communication.
Advantages of RSA algorithm
Convenience: It solves the problem of distributing the key for encryption.
Disadvantages of RSA algorithm
Still the real queries can be connected to real identity.
A Sharable ID-based encryption with keyword search in cloud computing environment[5],
which enables users to search in data owners’ shared storage while preserving privacy of
data. For the performance analysis, they demonstrate the compared resultant with others ID-
based or ID-relative encryption. In addition to that, authors show the formal proof to verify
the security. they focus on asymmetric searchable encryption schemes, more precisely, public
key encryption with keyword search (PEKS) schemes and identity-based encryption with
keyword search (IDEKS) schemes. However, unlike other researchers, they mainly focus on
IDEKS in cloud storage, in which the public information of data owner is also involved in
algorithms. This is because users are able to search in the owner’s storage and we need to
take care of the owner’s privacy.
Advantages of ID-based encryption
A recipient’s public key is derived from his identity.
Disadvantages of ID-based encryption
Need for regular renewals.
A novel multi-keyword fuzzy search scheme[4] by exploiting the locality-sensitive hashing
technique. Their scheme achieves fuzzy matching through algorithmic design rather than
expanding the index file. It also eliminates the need of a predefined dictionary and effectively
supports multiple keyword fuzzy searches without increasing the index or search complexity.
Extensive analysis and experiments on real-world data show that their scheme is secure,
efficient and accurate.
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 15
Advantages of Searchable Encryption
Its virtually unlimited data storage capabilities.
Disadvantages of Searchable Encryption
It is a time consumes process.
Sr.No Algorithm Drawbacks Description
1 Identity-
Based
Encryption
1. IF the key is public,
someone may be able to
figure out the private key.
2. For large files, strong
encryption may take
significant time to decrypt
Requires a secure channel
between a sender or
recipient and the IBE
server for transmitting the
private key.
ID-based encryption, or identity-
based encryption (IBE)[5] is an
important primitive of ID-based
cryptography. As such it is a type of
public-key encryption in which the
public key of a user is some unique
information about the identity of the
user (e.g. a user's email address).
2 AES 1. Too Simple algebraic
structure.
2. Problem in sharing keys.
3. Encryption process is
slow
It is a symmetric key block cipher
established by the U.S. NIST in 2001.
AES is based on substitution and
permutation network, it is fast in both
hardware and software. It has a fixed
block size of 128 bits and key size
of 128, 192 and256 bits. If the key
size is 128 bits AES perform 10
rounds, if the key size is 192 bits
it performs 12 rounds and if the key
size is 256 rounds it performs 14
rounds
3 RSA 1. Public keys should/must
be authenticated
2. public key encryption is
slow compared to
symmetric encryption
3. loss of private key may be
irreparable
RSA is designed by Ron Rivest, Adi
Shamir, and Leonard Adleman in
1978. It is one of the best known
public key cryptosystems for key
exchange or digital signatures or
encryption of blocks of data. RSA
uses a variable size encryption block
and a variable size key. It is an
asymmetric (public key) cryptosystem
based on number theory, which is a
block cipher system
Table 1: Comparison of Various Encryption Method
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 16
The original goal of searchable encryption is to provide privacy-preserving keyword searches
of encrypted data against an intermediate gateway such as a mail server or a network router,
which involves a message exchange process between the sender and the receiver. The first
searchable encryption scheme was the Public-key Encryption with Keyword Search (PEKS)
scheme based on Identity-Based Encryption (IBE), originally proposed by Boneh et al. Since
PEKS is devised to forward the encrypted contents to a designated receiver with its unique
identity, this scheme restricts expressiveness as regards access policy. To provide better
expressiveness, other searchable encryption schemes based on ABE are introduced.
Sr.
No
Techniques Drawbacks Description
1 Searchable
Encryption
Tech[9]
Due to symmetric-key-based solutions
more complex data utilization cannot
be efficiently evaluated.
They introduce a scheme where
they prevent from leaking
information about search data
and user query
2 Multi-
keyword
ranked
search[8]
Their solution does not tolerate
keyword spelling error.
they choose the efficient
principle of “coordinate
matching” They provide strict
privacy to make cloud data
accessing more secure with
MRSE
3 Multi
keyword
fuzzy search
scheme[4]
Time consuming process They provide fuzzy matching
without any search complexity.
They achieve this by several
novel designs based on locality-
sensitive hashing (LSH) and
Bloom filters.
Table 2: Comparison of Various Searching Method
SYSTEM ARCHITECTURE OF KP-ABE
This system involves four different entities.
1. A data encryptor can mark a specified keyword description for a data, and upload the
encrypted data to a cloud server. It can be a data receiver as well (indicating a user
encrypts data for itself).
2. A data receiver can download encrypted data from cloud server, have fully decryption
rights of the encrypted data, but also to construct a search token with help of a fully
trusted authority.
3. A fully trusted authority takes charge of generating the public parameters for the
system, initializing the system, issuing a partial search token to a data receiver to help
the data receiver construct a keyword search token.
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 17
4. A cloud server given a search token associated with a search policy and a ciphertext
tagged with unknown keyword description, it verifies whether the ciphertext and the
token match or not. If there is a match, output 1 and return the corresponding
ciphertext; otherwise, output 0.
Key Policy Attribute based Encryption Algorithm
All the parameters described in this scheme and parameters of the ABE scheme are the same
[1]. Only Key Gen() and Decrypt() part will be changed.
Setup(d): The authority uniformly and randomly chooses t1,...,tn, y from Zq, and
publishes the public key, PK=(T1=gt1,...,Tn=gtn,Y=e(g ,g)y). And the master
key is MK= (t1,...,tn,y).
KeyGen(AU−KP,PK,MK): The authority generates private key components for
each leaf node x in the access structure. The private key components are where i is
equal to a leaf node in the access structure. These components will be merged into the
user's private key, and be sent to an user.
Encrypt (ACT, PK, M): Data owner encrypts message M∈G2 with a set of
attributes ACT. Choose a random number s ∈ Zq, and the encrypted data is
published as CT= (ACT,E = MYs = e(g, g) Ei=gtis}∀i∈ACT
Decrypt (CT,D): This algorithm can be executed by a recursive algorithm, It inputs the
encrypted data, user's private key, and nodes of the access structure in user's private key. If i
is equal to the leaf node, and i is in the access structure of user's private key, it will call the
decrypt node function, e( Dx, Ei) = e(g, g)s·qx(0) If i is not in the access structure of an
user's private key, it will call the decrypt node function; and it outputs invalid. If i is not
equal to the leaf node, it will call decrypt node function and input all children nodes of node
x, z, and use lagrange coefficient to compute to obtain e(g, g) s·qx(0).
Notation Signification
Gx The bilinear group of prime order p, x = 1; 2
G A generator of G1
AU Attributes of data user U in private key
ACT Attributes with the encrypted data CT
AU_KP The access structure in user's private key
D User's private key
M The Message
PK Public key
MK Master key
Table 3: The notations
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 18
ADVANTAGES OF KP-ABE SCHEME
1. To reduce the communication overhead of the Internet,
2. To provide a fine-grained access control.
3. This effectively eliminates the need to rely on the data storage server for preventing
unauthorized data access and provides integrity. The scheme substantially reduced
the computation time required for resource-limited devices to recover plaintexts.
4. Data can be encrypted with respect to subsets of attributes. The key issue is that
someone should only be able to decrypt a cipher text if the person holds a key for
"matching attributes" where user keys are always issued by some trusted party.
5. Data confidentiality
6. On-demand revocation
7. Write access control
8. Scalability and usability
CONCLUSION
Remotely data storage delivers convenience to Internet users and meanwhile, brings security
concerns. The fact that users cannot have full physical possession of their data immediately
rises up two serious practical questions: how to guarantee the confidentiality of the data, and
how to retrieve the data. In this paper we proposed an efficient file hierarchy attribute-based
encryption scheme .The layered access structures are integrated into a single access structure,
and then, the hierarchical files are encrypted with the integrated access structure. Data owners
encrypt their secret data for the data receivers using KP-ABE Encryption scheme. The
ciphertext components related to attributes could be shared by the files. Therefore, both
ciphertext storage and time cost of encryption are saved.
REFERENCES
1] Privacy-Preserving and Regular Language Search over Encrypted Cloud Data,Kaitai
Liang, Xinyi Huang, FuchunGuo, and Joseph K. Liu,IEEE Transactions on Information
Forensics and Security, 2016.
2] The Foundation of Cryptography. Basic Applications, Goldreich, Vol.2. Cambridge
University Press, 2004.
3] Can homomorphic encryption be practical?,Naehrig, M., Lauter, K., Vaikhuntanathan,
V. , In Proceedings of the 3rd
ACM Cloud Computing Security Workshop, CCSW,
2011.
4] Fuzzy keyword search over encrypted data in cloud computing, J. Li, Q. Wang, C.
Wang, N.
5] Cao, K. Ren, and W. Lou,in IEEE INFOCOM 2010, mini-conference, San Diego, CA,
USA, March 2010.
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 19
6] Identity-based encryption from the weil pairing. In: Proceedings of advances in
cryptology, Boneh D, Franklin M, CRYPTO, vol 2001, pp 213–229.
7] Public key encryption with keyword search, D. Boneh, G. D. Crescenzo, R. Ostrovsky,
and G. Persiano.In EUROCRYPT, vol. 3027 of LNCS,pp. 506–522. Springer, 2004.
8] Conjunctive, subset, and range queries on encrypted data, D. Boneh and B. Waters, In
TCC, vol. 4392 of LNCS, pp. 535–554. Springer,2007.
9] Privacy-preserving multi-keyword ranked search over encrypted cloud data.N. Cao, C.
Wang, M. Li, K. Ren, and W. Lou, IEEE Trans. ParallelDistrib. Syst., 25(1):222–233,
2014.
10] Practical techniques for searches on encrypted data,D. X. Song, D. Wagner, and A.
Perrig, In S&P, pp. 44–55. IEEE Computer Society, 2000.
11] Functional encryption for regular languages, B. Waters, In CRYPTO, vol. 7417 of
LNCS, pp. 218–235. Springer, 2012.
12] Public-key encryption with fuzzy keyword search: A provably secure scheme under
keyword guessing attackP. Xu, H. Jin, Q. Wu, and W. Wang, IEEE Trans. Computers,
62(11):2266–2277, 2013.
13] VABKS: verifiable attribute-based keyword search over outsourced encrypted data. Q.
Zheng, S. Xu, and G. Ateniese, In INFOCOM, pp. 522–530. IEEE, 2014.
14] Analysis of Security Algorithms in Cloud Computing, Randeep Kaur ,SupriyaKinger, in
International Journal of Application or Innovation in Engineering & Management
(IJAIEM), Volume 3, Issue 3, March 2014.
15] Searching Techniques in Encrypted Cloud Data, Deepa P L, S Vinoth Kumar, Dr S
Karthik, inInternational Journal of Advanced Research in Computer Engineering &
Technology (IJARCET), Volume 1, Issue 8, October 2012.
16] A Survey of Different Searching Techniques for Encrypted Data Sharing on Cloud,
17] Ajay Gawade, Rashmi Dhumal, in International Journal of Advanced Research in
Computer Science and Software Engineering,Volume 6, Issue 7, July 2016.
18] Practical techniques for searches on encrypted data, D.Song,D.wanger, and A.Perrig,in
Proc. of S&P, 2000.
International Journal of Scientific Research in Engineering (IJSRE) Vol. 1 (2), February, 2017
IJSRE Vol. 1 (2), February, 2017 www.ijsre.in Page 20