HASBE Scheme for Private Clouds

PHASE I REVIEW 1

Presented By Darwin V Tomy (713511421001) II ME-SE

*

Guided By Mrs. S Dhanalakshmi ASP/CSE

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

ABSTRACT
In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper, they propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

SYSTEM MODEL
The cloud service provider manages a cloud to provide data storage service. Data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Each data owner/consumer is administrated by a domain authority. A domain authority is managed by its parent domain authority or the trusted authority. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

EXISTING SYSTEM
Several schemes employing attribute-based encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies. To achieve flexible and fine-grained access control, a number of schemes have been proposed more recently. Unfortunately, these schemes are only applicable to systems in which data owners and the service providers are within the same trusted domain.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

ACCESS CONTROL
Access control is a classic security topic which dates back to the 1960s or early 1970s, and various access control models have been proposed since then. Among them, Bell-La Padula (BLP) and BiBa are two famous security models.To achieve exible and ne-grained access control, a number of schemes have been proposed more recently. Unfortunately, these schemes are only applicable to systems in which data owners and the service providers are within the same trusted domain. Since data owners and service providers are usually not in the same trusted domain in cloud computing, a new access control scheme employing ATTRIBUTED-BASED

ENCRYPTION

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

ATTRIBUTE-BASED ENCRYPTION (ABE)

Have been proposed for access control of outsourced data in cloud computing.
Which adopts the so-called key-policy attribute-based encryption (KP-ABE) to enforce ne-grained access control. However, this scheme falls short of exibility in attribute management and lacks scalability in dealing with multiplelevels of attribute authorities. They note that in contrast to KPABE, ciphertext-policy ABE (CP-ABE)

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

DISADVANTAGES OF EXISTING SYSTEM

The primary drawback of the existing system that its threshold semantics lacks expressibility. One of the prominent security concerns is data security and privacy.

Existing system uses disjunctive normal form policy and assumes all attributes in one conjunctive clause are administrated by the same domain master. Thus the same attribute may be administrated by multiple domain masters according to specific policies, which is difficult to implement in practice.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

PROPOSED SYSTEM
In this system, neither data owners nor data consumers will be always online. They come online only when necessary, while the cloud service provider, the trusted authority, and domain authorities are always online. The cloud is assumed to have abundant storage capacity and computation power. In addition, they assume that data consumers can access data files for reading only.

In the hierarchical structure of the system users given in Fig. 1, each party is associated with a public key and a private key, with the latter being kept secretly by the party. The trusted authority acts as the root of trust and authorizes the toplevel domain authorities. A domain authority is trusted by its subordinate domain authorities or users that it administrates, but may try to get the private keys of users outside its domain.
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

HIERARCHICAL ATTRIBUTE-SET-BASED E
Scheme for access control in cloud computing. HASBE extends the ciphertext-policy at- tribute-set-based encryption (CP-ASBE, or ASBE for short) scheme by Bobba et al. with a hierarchical structure of system users, so as to achieve scalable, exiblem and ne-grained access control. HASBE extends the ASBE algorithm with a hierarchical structure to improve scalability and exibility while at the same time inherits the feature of ne-grained access control of ASBE.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

HASBE SCHEME
The proposed HASBE scheme seamlessly extends the ASBE scheme to handle the hierarchical structure of system users The trusted authority is responsible for generating and distributing system parameters and root master keys as well as authorizing the top-level domain authorities. A domain authority is responsible for delegating keys to subordinate domain authorities at the next level or users in its domain. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

ADVANTAGES OF PROPOSED SYSTEM

Scalability Flexibility Fine-grained access control Efficient User Revocation Expressiveness
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-1
FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks
Shucheng Yu, Member, IEEE, Kui Ren, Member, IEEE, and Wenjing Lou, Senior Member, IEEE

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks

A distributed data access control scheme that is able to enforce fine-grained access control over sensor data and is resilient against strong attacks such as sensor compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LITERATURE SURVEY-2
Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems
Junbeom Hur and Dong Kun Noh, Member, IEEE

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

In this paper, they propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. They demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LITERATURE SURVEY-3
ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks
Lo-Yao Yeh, Yen-Cheng Chen, and Jiun-Long Huang

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

ABACS: An Attribute-Based Access Control System for Emer

In this paper, they propose an Attribute-Based Access Control System (ABACS) for emergency services with security assurance over Vehicular Ad Hoc Networks (VANETs). ABACS aims to improve the efficiency of rescues mobilized via emergency communications over VANETs. By adopting fuzzy identity-based encryption, ABACS can select the emergency vehicles that can most appropriately deal with an emergency and securely delegate the authority to control traffic facilities to the assigned emergency vehicles. Using novel cryptographic preliminaries, ABACS realizes confidentiality of messages, prevention of collusion attacks, and fine-grained access control. As compared to the current PKI scheme, the computational delay and transmission overhead can be reduced by exploiting the advantages afforded by message broadcasting, which is heavily used in ABACS. The performance evaluation demonstrates that ABACS is a suitable candidate for realizing emergency services via VANETs.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-4
Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption
Ming Li Member, IEEE, Shucheng Yu, Member, IEEE, Yao Zheng, Student Member, IEEE, Kui Ren, Senior Member, IEEE, and Wenjing Lou, Senior Member, IEEE

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Scalable and Secure Sharing of Personal Health Records in Clo

In this paper, They propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, they leverage attribute based encryption (ABE) techniques to encrypt each patients PHR file. Different from previous works in secure data outsourcing, they focused on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability and efficiency of our proposed scheme.
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-5
Improving Privacy and Security in MultiAuthority Attribute-Based Encryption
Sherman S.M. Chow Department of Computer Science Courant Institute of Mathematical Sciences New York University, NY 10012, USA schow@cs.nyu.edu Melissa Chase Microsoft Research 1 Microsoft Way Redmond, WA 98052, USA melissac@microsoft.com

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Improving Privacy and Security in Multi-Authority Attrib

In this paper, they propose a solution which removes the trusted central authority, and protects the users privacy by preventing the authorities from pooling their information on particular users, thus making ABE more usable in practice.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LITERATURE SURVEY-6
Multi-Authority Attribute Based Encryption
Melissa Chase Computer Science Department Brown University Providence, RI 02912

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Multi-Authority Attribute Based Encryption

Ther scheme allows any polynomial number of independent authorities to monitor attributes and distribute secret keys. An encryptor can choose, for each authority, a number dk and a set of attributes; he can then encrypt a message such that a user can only decrypt if he has at least dk of the given attributes from each authority k. Their scheme can tolerate an arbitrary number of corrupt authoritites.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LITERATURE SURVEY-7
Distributed Attribute-Based Encryption
Sascha Miller, Stefan Katzenbeisser, and Claudia Eckert Technische University Darmstadt Hochschulstr. 10 D 64289 Darmstadt

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Distributed Attribute-Based Encryption

In this paper, they introduce the concept of Distributed AttributeBased Encryption (DABE), where an arbitrary number of parties can be present to maintain attributes and their corresponding secret keys. This is in stark contrast to the classic CP-ABE schemes, where all secret keys are distributed by one central trusted party. They provide the rst construction of a DABE scheme; the construction is very ecient, as it requires only a constant number of pairing operations during encryption and decryption.
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LITERATURE SURVEY-8
Ciphertext-Policy Attribute-Based Encryption
John Bethencourt Carnegie Mellon University bethenco@cs.cmu.edu Amit Sahai UCLA sahai@cs.ucla.edu Brent Waters SRI International bwaters@csl.sri.com

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Ciphertext-Policy Attribute-Based Encryption

In this paper they present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept condential even if the storage server is untrusted; moreover, their methods are secure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describe the encrypted data and built policies into users keys; while in their system attributes are used to describe a users credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC). In addition, they provide an implementation of our system and give performance measurements.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

LITERATURE SURVEY-9
New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques
Allison Lewko University of Texas at Austin alewko@cs.utexas.edu Brent Waters University of Texas at Austin bwaters@cs.utexas.edu

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques
In this paper they present a Ciphertext-Policy Attribute-Based Encryption scheme that is proven fully secure while matching the eciency of the state of the art selectively secure systems.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

REFERENCES
[1] R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Comput. Syst., vol. 25, pp.599 616, 2009. [2] Amazon Elastic Compute Cloud (Amazon EC2) [Online]. Available:http://aws.amazon.com/ec2/ [3] Amazon Web Services (AWS) [Online]. Available: https://s3.amazonaws.com/ [4] R. Martin, IBM brings cloud computing to earth with massive new data centers, InformationWeek Aug. 2008 [Online]. Available: http://www.informationweek.com/news/hardware/data_centers/209901523

[5] Google App Engine [Online]. Available: http://code.google.com/appengine/

[6] K. Barlow and J. Lane, Like technology from an advanced alien culture:Google apps for education at ASU, in Proc. ACM SIGUCCS User Services Conf., Orlando, FL, 2007. [7] B. Barbara, Salesforce.com: Raising the level of networking, Inf.Today, vol. 27, pp. 4545, 2010. [8] J. Bell, Hosting EnterpriseData in the CloudPart 9: InvestmentValue Zetta, Tech. Rep., 2010. [9] A. Ross, Technical perspective: A chilly sense of security, Commun. ACM, vol. 52, pp. 9090, 2009.

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Any Questions

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

THANK YOU
* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *