HASBE access control model with Secure Key Distribution and Efficient Domain Hierarchy for cloud computing

Cloud computing refers to the application and service that run on a distributed system using virtualized resources and access by common internet protocol and networking standard. Cloud computing virtualizes system by pooling and sharing resources. System and resources can be monitored from central infrastructure as needed. It requires high security because now day’s companies are placing more essential and huge amount of data on cloud. Hence traditional access control models are not sufficient for cloud computing applications. So encryption based on Attribute (“ABE”-“Attribute based encryption”) has been offered for access control of subcontracted data in cloud computing with complex access control policies. Traditional HASBE provides Flexibility, scalability and fine-grained access control but does not support hierarchical domain structure. In this paper, we had enhanced “Hierarchical attribute-set-based encryption” (“HASBE”) access control with a hierarchical assembly of users, with flexible domain Hierarchy structure and Secure key distribution with predefined polic

A PEFKS- and CP-ABE-Based Distributed Security Scheme in Interest-Centric Opportunistic Networks

Security is a crucial issue in distributed applications of multihop wireless opportunistic network due to the features of exposed on the fly communication, relaxed end-to-end connectivity, and vague destinations literately. In this paper, we focus on problems of user privacy leakage and end-to-end confidentiality invasion in content-based or interest-centric wireless opportunistic network. And we propose a public-encryption-with-fuzzy-keyword-search- (PEFKS-) and ciphertext-policy-attribute-based-encryption- (CP-ABE-) based distributed security scheme by refining and compromising two-pairing-based encryption, searchable encryption, and attribute-based encryption. Our scheme enables opportunistic forwarding according to fuzzy interests preserving full privacy of users and ensures end-to-end confidentiality with a fine-grained access control strategy in an interest-centric scenario of large-scale wireless opportunistic networks. Finally, we analyze and evaluate the scheme in terms of security and performance

A Review on Enhancing Organization Security using Attribute-Based Encryption for Data Sharing

With the recent growth of networking, peoples can share their data with others through online, by using social networks or cloud computing but at the same time there has been increasing demand for data security. People would like to make their private data only accessible to the authorized people. In data sharing systems, access policies and the support of policies updates are most challenging issues. Attribute-based encryption (ABE) and Cipher text policy attribute based encryption (CP-ABE) are becoming promising cryptographic solutions to this issue and achives a fine-grained data access control. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. The major drawback of these systems is the key escrow problem. The proposed scheme solves the key escrow problem which depends on attribute based encryption technique for the shared data. Paillier Cryptosystem is utilized for encryption of keys for assignment and revocation process while Twofish algorithm is used to encrypt and decrypt stored data of users. Whenever data owner upload personal documents on cloud server, first the keywords will get fetched from the documents and index will be created. Lucene indexing algorithm is used for indexing of keywords. A Blind Storage scheme allows a client to store a set of files on a remote server

SECURE, POLICY-BASED, MULTI-RECIPIENT DATA SHARING

In distributed systems users often need to share sensitive data with other users based on the latter's ability to satisfy various policies. In many cases the data owner may not even know the identities of the data recipients, but deems it crucial that they are legitimate; i.e., satisfy the policy. Enabling such data sharing over the Internet faces the challenge of (1) securely associating access policies with data and enforcing them, and (2) protecting data as it traverses untrusted proxies and intermediate repositories. Furthermore, it is desirable to achieve properties such as: (1) flexibility of access policies; (2) privacy of sensitive access policies; (3) minimal reliance on trusted third parties; and (4) efficiency of access policy enforcement. Often schemes enabling controlled data sharing need to trade one property for another. In this dissertation, we propose two complimentary policy-based data sharing schemes that achieve different subsets of the above desired properties. In the first part of this dissertation, we focus on CiphertextPolicy Attribute- Based Encryption (CP-ABE) schemes that specify and enforce access policies cryptographically and eliminate trusted mediators. We motivate the need for flexible attribute organization within user keys for efficient support of many practical applications. We then propose Ciphertext-Policy Attribute-Set Based Encryption (CP-ASBE) which is the first CP-ABE scheme to (1) efficiently support naturally occurring compound attributes, (2) support multiple numerical assignments for a given attribute in a single key and (3) provide efficient key management. While the CP-ASBE scheme minimizes reliance on trusted mediators, it can support neither context-based policies nor policy privacy. In the second part of this dissertation, we propose Policy Based Encryption System (PBES), which employs mediated decryption and supports both context-based policies and policy privacy. Finally, we integrate the proposed schemes into practical applications (i.e., CP-ASBE scheme with Attribute-Based Messaging (ABM) and PBES scheme with a conditional data sharing application in the Power Grid) and demonstrate their usefulness in practice

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors