Data Access Control using Cryptographic techniques in Cloud Computing environment

Data Access Control using Cryptographic techniques in Cloud Computing environment

Prasad Adireddi,

Assistant Professor,Dept.of CSE

Sree Vidyanikethan Engineering College, Tirupati.

Abstract – Cloud computing provides a service based on internet for several shared resources and system software across various environment. For secure cloud storage the process of encryption of the data to the users for various needs has been brought by the delegated access control method. Generally storage in public cloud requires high communication, heavy load due to maximum storage and high computational costs. In this paper, we are implementing multi- cloud environment for secure storage where it acts as a public cloud and provides low costs, also it involves two- layer encryption over the data stored in the cloud. We are using an efficient AES algorithm which provides higher confidentiality and privacy for several users in the cloud and stores the data in multi-clouds where the users can retrieve with the keys later while delegating it through access control from the cloud[1]. Security as well as expenses are the peak issues in this field of research and they vary significantly, depending on the vendor.

Keywords: –

Privacy, Cloud computing, Delegation, Encryption, Access control

I.INTRODUCTION

1. Cloud computing

   Cloud computing is everywhere because the locality of physical resources and devices has been accessed in general are not aware to the customer. It also provides services for users to build, deploy and manage their applications on the cloud. It involves virtualization of resources that maintains and manages by itself. It is a tool for providing simple, needed network access to a shared resources of configurable computing environment (network, storage etc) which can

   be swiftly provisioned and released with negligible management effort otherwise service

   provider interaction. Now-a-days many companies are processing huge amounts of data in a manner of minimizing cost. Classic users are operators of Internet search engines such as Google, Yahoo, or Microsoft. The enormous data they are dealing every day has made database solutions more expensive.

2. Privacy and Security

   Security is mainly necessary for strong privacy in all online computing factors, but security alone is not enough. Security and cost are the pinnacle issues in this area of research and they vary greatly, depending on the vendor one choose[2]. Despite the first success and recognition of the cloud computing model and the extensive availability of providers and tools, a number of challenges and risks are innate to this new model of computing.

3. Delegation

   Data collector may share data with unknown parties if they do not follow the privacy policy. In the proposed model, delegation follows privacy policy which allows only legitimate parties accessing the data. It also sets the data usage guidelines for them. Between two parties as inter- visibility delegation[3]. The party or visibility which shares data is called source visibility while the visibility that receives data is called destination visibility. In addition, we study intra-visibility delegation where two users within a party share the access rights with each other. Users who delegate the rights are called delegators while users who receive the rights are called delegates.

   1. SYSTEM OVERVIEW

      A. Existing System

      Several factors based on encryption have been proposed for access control based on dissimilar symmetric key. Users will be issued keys for the data's which are accessible. Links to minimize the amount of keys that are to be distributed to the users who exploit them hierarchical and other relations among data items[4]. Such approach has several limitations. As the data owner doesn't handle a set of data, every time when a change occur in user dynamics, the owner needs to download the data for decryption, and re-encrypt it with the new keys for uploading. This progression must be practical applied to all the encrypted data items with the similar key. It is bungling if vast dataset is to be re-encrypted . To issue new keys, the owner wants to set up private communication

      channels by means of the users. The privacy and the identity of users are not taken into account. Therefore it can learn sensitive information about the organization and their users [7].

   2. PROPOSED ARCHITECTURE

      A.Proposed System

      In this paper, we are using two-layer encryption for storage of data across multi-clouds rather than a single public cloud. This two layer enforcement helps one to shrink the consignment on the owner as well as delegate access control enforcement over the cloud. Especially, it provides a better way for various updates, user locations, and modifications of the data [6]. Also, it provides several functions based on the decomposition or splitting of data to store across various clouds, which are finally retrieved by the user with the help of keys.

      Fig 1: Multi-cloud storage

      Fig 2 : Multi- cloud splitting

      Fig 3: Two layer encryption in multi-cloud environment

   3. TWO LAYER ENCRYPTION METHOD

      1. Identity token providence:

         IdP's issue identity tokens to multiple users depending on their attribute identity.

      2. Policy disintegration:

         The Owner decomposes each ACP into at most two sub ACPs such that the Owner enforces the minimum number of attributes to assure confidentiality of data from the Cloud.

         It is

         important to make sure that the decomposed ACPs [5] are consistent so that the sub ACPs together moves the original ACP's The Owner enforces the confidentiality related sub ACPs and the Cloud enforces the remaining sub ACPs.

         A. User Authentication

         Step 1: The user inputs the login credentials Step 2: Apply Symmetric key base security Step 3: Provide one time password

         Step 4: Check for client information request. Step 5: Execute data retrieval program.

         Step 6: Execute data storage program

      3. Identity token registration:

         Users register their identity tokens in order to obtain secrets to decrypt the data that they are allowed to access. Users register only those identity tokens related to the Owners sub ACPs and register the remaining identity tokens with the Cloud in a privacy preserving manner. It should be noted that the Cloud does not learn the identity attributes of Users during this phase.

         B. Encryption/Decryption Service

         Step 1: Retrieve each multiple users information. Step 2: Assign for each users data different key. Step 3: Store each users unique ID and keys.

         Step 4: Displays the client data to the user.

         Step 5: Delete any unencrypted data prevent the data from being stored

      4. Data encryption and uploading:

         The Owner encrypts the information supported the Owners sub ACPs so as to cover the content from the Cloud then uploads them alongside the general public information generated by the keygen algorithmic rule and therefore the remaining sub ACPs to the Cloud.It successively permits encoding supported the keys generated mistreatment its own algorithmic rule.

      5. Data decryption and downloading:

         The users decrypt the data twice. Users download the data which is encrypted from the Cloud and data is decrypted using the derived keys.

      6. Proposed Data Encryption and Decryption algorithms

      The following specific algorithms are proposed for efficient transfer of files in cloud computing. Initially the first algrithm notates the user authentication process to check whether the authenticated user is accessing the data or not the process is as follows

   4. CONCLUSION

In this paper, we present a unique method for privacy preserving of data storage in multi-cloud environment. It also provides several advancements in cloud computing due to its technical capabilities. The feature work may also involves load-balancing in multi-cloud environment for maximum storage and accuracy for various users. Cloud computing is a growing paradigm as an enabling technology to deliver on-demand and elastic storage and computing capabilities, while removing the ownership need

for hardware. But several privacy and security act demand strong protection of the cloud users, which in turn increases the complexity to develop privacy-preserving cloud services. The privacy preserving using delegated access control in multi-cloud delivers the critical capabilities

required for a robust, cost-effective, and secure cloud security implementation.

VI .REFERENCES

1. M. Nabeel and E. Bertino, Privacy preserving delegated access control in the storage as a service model, in EEE International Conference on Information Reuse and Integration (IRI), 2012.

2. Rakshit, A. , et. Al, Cloud Security Issues, 2009, IEEE

3. International Conference on Services Computing

4. M.S.B. Pridviraju et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (5) , 2012,5206 5209

5. E. Bertino and E. Ferrari, Secure and selective dissemination of XML documents, ACM Trans. Inf. Syst.

6. Secur., vol. 5, no. 3, pp. 290331, 2002.

1. G. Miklau and D. Suciu, Controlling access to published data using cryptography, in VLDB 2003: Proceedings of the 29th international conference on Very large data bases. VLDB Endowment, 2003, pp. 898909.

2. N. Shang, M. Nabeel, F. Paci, and E. Bertino, A privacy- preserving approach to policy-based content dissemination, in ICDE 10: Proceedings of the 2010 IEEE 26th International Conference on Data Engineering, 2010.

3. X. Liang, Z. Cao, H. Lin, and J. Shao, Attribute based proxy re-encryption with delegating capabilities, in Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ser. ASIACCS 09. New York, NY, USA: ACM, 2009, pp. 276286.