Professional Documents
Culture Documents
PHASE I REVIEW 1
ABSTRACT
In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper, they propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE.
SYSTEM MODEL
The cloud service provider manages a cloud to provide data storage service. Data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Each data owner/consumer is administrated by a domain authority. A domain authority is managed by its parent domain authority or the trusted authority. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *
EXISTING SYSTEM
Several schemes employing attribute-based encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies. To achieve flexible and fine-grained access control, a number of schemes have been proposed more recently. Unfortunately, these schemes are only applicable to systems in which data owners and the service providers are within the same trusted domain.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *
ACCESS CONTROL
Access control is a classic security topic which dates back to the 1960s or early 1970s, and various access control models have been proposed since then. Among them, Bell-La Padula (BLP) and BiBa are two famous security models.To achieve exible and ne-grained access control, a number of schemes have been proposed more recently. Unfortunately, these schemes are only applicable to systems in which data owners and the service providers are within the same trusted domain. Since data owners and service providers are usually not in the same trusted domain in cloud computing, a new access control scheme employing ATTRIBUTED-BASED
ENCRYPTION
Existing system uses disjunctive normal form policy and assumes all attributes in one conjunctive clause are administrated by the same domain master. Thus the same attribute may be administrated by multiple domain masters according to specific policies, which is difficult to implement in practice.
PROPOSED SYSTEM
In this system, neither data owners nor data consumers will be always online. They come online only when necessary, while the cloud service provider, the trusted authority, and domain authorities are always online. The cloud is assumed to have abundant storage capacity and computation power. In addition, they assume that data consumers can access data files for reading only.
In the hierarchical structure of the system users given in Fig. 1, each party is associated with a public key and a private key, with the latter being kept secretly by the party. The trusted authority acts as the root of trust and authorizes the toplevel domain authorities. A domain authority is trusted by its subordinate domain authorities or users that it administrates, but may try to get the private keys of users outside its domain.
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING
HIERARCHICAL ATTRIBUTE-SET-BASED E
Scheme for access control in cloud computing. HASBE extends the ciphertext-policy at- tribute-set-based encryption (CP-ASBE, or ASBE for short) scheme by Bobba et al. with a hierarchical structure of system users, so as to achieve scalable, exiblem and ne-grained access control. HASBE extends the ASBE algorithm with a hierarchical structure to improve scalability and exibility while at the same time inherits the feature of ne-grained access control of ASBE.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *
HASBE SCHEME
The proposed HASBE scheme seamlessly extends the ASBE scheme to handle the hierarchical structure of system users The trusted authority is responsible for generating and distributing system parameters and root master keys as well as authorizing the top-level domain authorities. A domain authority is responsible for delegating keys to subordinate domain authorities at the next level or users in its domain. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *
LITERATURE SURVEY-1
FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks
Shucheng Yu, Member, IEEE, Kui Ren, Member, IEEE, and Wenjing Lou, Senior Member, IEEE
FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks
A distributed data access control scheme that is able to enforce fine-grained access control over sensor data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.
LITERATURE SURVEY-2
Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems
Junbeom Hur and Dong Kun Noh, Member, IEEE
In this paper, they propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. They demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.
LITERATURE SURVEY-3
ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks
Lo-Yao Yeh, Yen-Cheng Chen, and Jiun-Long Huang
In this paper, they propose an Attribute-Based Access Control System (ABACS) for emergency services with security assurance over Vehicular Ad Hoc Networks (VANETs). ABACS aims to improve the efficiency of rescues mobilized via emergency communications over VANETs. By adopting fuzzy identity-based encryption, ABACS can select the emergency vehicles that can most appropriately deal with an emergency and securely delegate the authority to control traffic facilities to the assigned emergency vehicles. Using novel cryptographic preliminaries, ABACS realizes confidentiality of messages, prevention of collusion attacks, and fine-grained access control. As compared to the current PKI scheme, the computational delay and transmission overhead can be reduced by exploiting the advantages afforded by message broadcasting, which is heavily used in ABACS. The performance evaluation demonstrates that ABACS is a suitable candidate for realizing emergency services via VANETs.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *
LITERATURE SURVEY-4
Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption
Ming Li Member, IEEE, Shucheng Yu, Member, IEEE, Yao Zheng, Student Member, IEEE, Kui Ren, Senior Member, IEEE, and Wenjing Lou, Senior Member, IEEE
In this paper, They propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, they leverage attribute based encryption (ABE) techniques to encrypt each patients PHR file. Different from previous works in secure data outsourcing, they focused on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *
LITERATURE SURVEY-5
Improving Privacy and Security in MultiAuthority Attribute-Based Encryption
Sherman S.M. Chow Department of Computer Science Courant Institute of Mathematical Sciences New York University, NY 10012, USA schow@cs.nyu.edu Melissa Chase Microsoft Research 1 Microsoft Way Redmond, WA 98052, USA melissac@microsoft.com
In this paper, they propose a solution which removes the trusted central authority, and protects the users privacy by preventing the authorities from pooling their information on particular users, thus making ABE more usable in practice.
LITERATURE SURVEY-6
Multi-Authority Attribute Based Encryption
Melissa Chase Computer Science Department Brown University Providence, RI 02912
LITERATURE SURVEY-7
Distributed Attribute-Based Encryption
Sascha Miller, Stefan Katzenbeisser, and Claudia Eckert Technische University Darmstadt Hochschulstr. 10 D 64289 Darmstadt
LITERATURE SURVEY-8
Ciphertext-Policy Attribute-Based Encryption
John Bethencourt Carnegie Mellon University bethenco@cs.cmu.edu Amit Sahai UCLA sahai@cs.ucla.edu Brent Waters SRI International bwaters@csl.sri.com
LITERATURE SURVEY-9
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques
Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques
In this paper they present a Ciphertext-Policy Attribute-Based Encryption scheme that is proven fully secure while matching the eciency of the state of the art selectively secure systems.
REFERENCES
[1] R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Comput. Syst., vol. 25, pp.599 616, 2009. [2] Amazon Elastic Compute Cloud (Amazon EC2) [Online]. Available:http://aws.amazon.com/ec2/ [3] Amazon Web Services (AWS) [Online]. Available: https://s3.amazonaws.com/ [4] R. Martin, IBM brings cloud computing to earth with massive new data centers, InformationWeek Aug. 2008 [Online]. Available: http://www.informationweek.com/news/hardware/data_centers/209901523
Any Questions
THANK YOU
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *