AnonyControl: Control Cloud Data Anonymously with Multi-Authority Attribute-Based Encryption

Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. However, those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute- Based Encryption (ABE) have been proposed recently. However, the privacy problem of cloud computing is yet to be solved. This paper presents an anonymous privilege control scheme AnonyControl to address the user and data privacy problem in a cloud. By using multiple authorities in cloud computing system, our proposed scheme achieves anonymous cloud data access, finegrained privilege control, and more importantly, tolerance to up to (N -2) authority compromise. Our security and performance analysis show that AnonyControl is both secure and efficient for cloud computing environment.Comment: 9 pages, 6 figures, 3 tables, conference, IEEE INFOCOM 201

Organize Cloud Data Access Privilege and Anonymity with Fully Nameless Attribute-Based Encryption

Cloud computing may be a computing ideas that allows once needed and low maintenance usage of resources, however the info is shares to some cloud servers and varied privacy connected issues emerge from it. Various schemes based on the Attribute-Based Encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. Anony Control decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes

A Novel Multi-Attribute Authority Based Encryption for Controlling Access to Cloud Data

Cloud computing has changed the way IT department are working with respect to outsourcing data and having controlled access to the data. In the new computing paradigm that supports on-demand services, the storage service became an attractive service for many cloud users. When data is outsourced to cloud, there is an issue of giving controlled access to the cloud data. Many schemes came into existence. Some of the schemes focus on auditing, provable data possession and proof of irretrievability. Some other schemes threw light into the access control on the cloud data. While giving privileges to accessing data attribute based encryption has achieved significant fine-grained control over the data. In this paper we propose a methodology that can allow controlled access to cloud data with multi-attribute authority based encryption. The multi-attribute based approach is used to make the scheme robust. Moreover the proposed approach is aimed at prevention of identity leakage and also achieves anonymity as well. We built a prototype application that demonstrates the proof of concept. The empirical results revealed that the proposed method improves access control significantly

Dynamic Policy Update on Cloud for File Access

In today’s era of digitalization everyone stores and access data online. Cloud computing has become prominent in data storage and access any where globally, but there is concern by data owners regarding data ownership. It is monotonous to assign access rights and simultaneously provide security in real time is a concern. To resolve this issue of access control in recent times Attribute based encryption method is widely preferred. One of the most popular method to handle access rights is by used is Attribute-based Encryption (ABE) method, the two ways for performing the implementation of ABE are ciphertext-policy and key-policy ABE. One of the widely practiced methods of safe communication is through cryptography. In this work we are proposing a method to handle access rights dynamically on the outlines of Ciphertext-policy attribute-based encryption (CP-ABE) scheme along with this we are using two symmetric encryption algorithm namely AES and Serpent for providing better security to the system. This work implements a new policy update method which helps to manage data access control in the dynamic policy update for data in the cloud storage. In this, same input key is utilized for the both encryption and decryption operation. Here two types of files are handled as an input such as Text file and image file. In experimental result, comparison of both algorithms is shown with the help of graphs with different parameters such as Time, Number of files, file size. And we have also shown the comparison of system having dynamic update policy and system with out in tabular form. We have also shown the comparative analysis of both algorithms that shows SERPENT encryption algorithm gives superior performance in Encryption

DEPLOYING AN UNIQUE CONTROL SCHEME TO REDUCE THE IDENTITY LEAKAGE

The help of cloud computing has attracted much attention from academia in addition to industry due to profitability however it's several challenges. Within our work we advise a competent way of enabling cloud servers to manage user access rights lacking of knowing their identity data. The suggested product is a semi-anonymous privilege control proposal for controlling of not just data privacy, but furthermore user identity privacy within traditional techniques of access control. This method decentralizes central authority to limit the leakage of identity and therefore attains semi-anonymity. Additionally, it furthermore generalizes file access control for privilege control, through which rights from the entire procedures over the system of cloud data re handled within fine-grained manner

Multiple Authorities Access under Public Cloud Storage: Review

Public cloud storage is a cloud storage model that provide services to individuals and organizations to store, edit and manage data. Public cloud storage service is also known as storage service, utility storage and online storage. Cloud storage has many advantages, there is still remain various challenges among which privacy and security of users data have major issues in public cloud storage. Attribute Based Encryption(ABE) is a cryptographic technique which provides data owner direct control over their data in public cloud storage. In the traditional ABE scheme involve only one authority to maintain attribute set which can bring a single-point bottleneck on security and performance. Now we use threshold multi-authority Cipher text-Policy Attribute-Based Encryption (CP-ABE) access control scheme, name TMACS. TMACS is Threshold Multi-Authority Access Control System. In TMACS, multiple authority jointly manages the whole attribute set but no user has full control of any specific attribute. By combining threshold secret sharing (t,n) and multi-authority CP-ABE scheme, we developed efficient multi-authority access control system in public cloud storage

Attribute Based Encryption for Secure Data Access in Cloud

Cloud computing is a progressive computing worldview, which empowers adaptable, on-request, and ease use of Information Technology assets. However, the information transmitted to some cloud servers, and various protection concerns are arising out of it. Different plans given the property-based encryption have been proposed to secure the Cloud Storage. In any case, most work spotlights on the information substance security and the get to control, while less consideration towards the benefit control and the character protection. In this paper, a semi-anonymous benefit control conspires AnonyControl to address the information protection, as well as the client character security in existing access control plans. AnonyControl decentralizes the central authority to restrain the character spillage and accordingly accomplishes semi-anonymity. Furthermore, it likewise sums up the document get to control to the benefit control, by which advantages of all operations on the cloud information managed in a fine-grained way. Along these lines, display the AnonyControl-F, which ultimately keeps the character spillage and accomplish the full secrecy. Our security assessment demonstrates that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie-Hellman presumption, and our execution assessment shows the attainability of our plans. Index Terms: Anonymity, multi-authority, attribute-based encryption

Offline privacy preserving proxy re-encryption in mobile cloud computing

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption keys are only issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing

Cryptographic Enforcement of Attribute-based Authentication

Doktorgradsavhandling,This dissertation investigates on the cryptographic enforcement about attributebased authentication (ABA) schemes. ABA is an approach to authenticate users via attributes, which are properties of users to be authenticated, environment conditions such as time and locations. By using attributes in place of users’ identity information, ABA can provide anonymous authentication, or more specifically, ABA enables to keep users anonymous from their authenticators. In addition, the property of least information leakage provides better protection for users’ privacy compared with public key based authentication approaches. These properties make it possible to apply ABA schemes in privacy preserving scenarios, for instance, cloud-based applications. The most important security requirements of ABA schemes consist of anonymity, traceability, unforgeability, unlinkability and collision resistance. In this dissertation, we combine these security requirements with other properties such as hierarchy to divide ABA schemes into different categories, based on which we use examples to demonstrate how to construct these schemes cryptographically. The main contributions of this dissertation include the following aspects: We categorize ABA schemes into different types and describe their structures as well as workflows, such that readers can gain a big picture and a clear view of different ABA schemes and their relations. This categorization serves as a guideline how to design and construct ABA schemes. We provide two examples to demonstrate how to construct ciphertext-policy attribute-based authentication (CP-ABA) schemes via two different approaches. Different from key-policy attribute-based authentication (KP-ABA) schemes, attribute keys generated in CP-ABA schemes are comparatively independent of relations among attributes. Thus compared with KP-ABA, CP-ABA extends the flexibility and usage scope of ABA schemes. We extend the core ABA schemes to hierarchical ABA (HABA) schemes by adding the property of hierarchy. Then we propose two different types of hierarchical structures, i.e., user related hierarchical ABA (U-HABA) and attribute related hierarchical ABA (A-HABA). According to these two hierarchical structures, an example is provided for each type to show how to use cryptographic primitives to build HABA schemes. All ABA schemes discussed above and proposed in this dissertation can be implemented to assist users to achieve anonymous authentication from their authenticators. Therefore, these schemes can offer more opportunities to protect users’ privacy, for example, in attribute-based access control (ABAC) and cloud-based services