1. International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
100
Securely Sharing Data in Multi-Owner for Dynamic
Groups in the Cloud
1
A.V.Khandalkar, 2
Prof.P.D .Thakare
ME(CSE) Jagadmbha College, Assistant Professor
Department of Computer Engg
Jagadmbha College of Engineering, Yavatmal
ashleshakhandalkar@gmail.com
Abstract- The main aim of the cloud computing technique is secure data sharing in dynamic cloud computing. it
implies that any user in the group can securely share data with others by the untrusted cloud. cloud computing
provides an economical and efficient solution for sharing resource among cloud users. this method is able to the
support dynamic groups capably, specifically, new granted users can directly decrypt data files uploaded before
their participation without contacting with data owners. user revocation can be easily achieved through a novel
revocation list without updating the secret Keys of the remaining users. The size and computation overhead of
encryption are constant and independent with the number of revoked users it present a secure and privacy-
preserving access control to users, which guarantee any member in a group it utilize the cloud resource , the real
identities of data owners can be revealed by the group manager when disputes occur. it provide rigorous security
analysis, and the perform extensive simulations to demonstrate the efficiency of our scheme in terms of storage
and computation overhead Cloud computing.
Keywords: Cloud computing, data sharing, access control, dynamic groups, Privacy- preserving.
1. INTRODUCTION
Cloud computing is the long dreamed vision of
computing as a utility, where data owners can
remotely store their data in the cloud to enjoy on-
demand high-quality applications and services from a
shared pool of configurable computing resources.
Cloud is a new business model wrapped around new
technologies such as server virtualization that take
advantage of economies of scale and multi-tenancy to
reduce the cost of using information technology
resources. It also brings new and challenging security
threats to the outsourced data. Since cloud service
providers (CSP) are separate administrative entities,
data outsourcing actually relinquishes the owner’s
ultimate control over the fate of their data [1]. The
term cloud computing probably comes from (at least
partly) the use of a cloud image to represent the
Internet or some large networked environment.
Cloud computing really is accessing resources and
services needed to perform functions with dynamically
changing needs. An application or service developer
requests access from the cloud rather than a specific
endpoint or named resource. What goes on in the
cloud manages multiple infrastructures across multiple
organizations and consists of one or more frameworks
overlaid on top of the infrastructures tying them
together. Cloud computing platforms are growing very
quickly [2]. Organizations can provide hardware for
clouds internally (internal clouds), or a third party can
provide it externally (hosted clouds). A cloud might be
restricted to a single organization or group (private
clouds), available to the general public over the
Internet (public clouds), or shared by multiple groups
or organizations (hybrid clouds).
The cloud computing platform gives people the
opportunity for sharing resources, services and
information among the people of the whole world. In
private cloud system, information is shared among the
persons who are in that cloud. For this, security or
personal information hiding process hampers. In this
thesis proposed a new security architecture for cloud
computing platform [3]. This ensures secure data and
hiding information from others. It is used AES
Algorithm use for improving the Security.
to improving the Security. To develop better user
interface design, which will influence users to secure
and confidentiality data from intruders, hacking, etc A
potential improvement would be to user can safely
upload and download his file on public could. This
model also helps to solve main security issues like
malicious intruders, hacking, etc. in cloud computing
platform.[4]
2. International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
101
1.1.1 Data Encryption:
Today’s global village concept has brought the many
unknown people together via electronic media and
information technology. Most of the people in today’s
world are familiar with Internet, World Wide Web
applications, out of these people 40% of them are still
uses the unsafe browsing facility. As we talk about
global village, there are many transactions happening
each and every second of time, between people. To
make sure that they do safe transactions every time,
there must be some technology, which assures and
safeties of usage. This is known to be Encryption. [5]
The data encryption is to transmit the data securely
over the network so that no unauthorized user can able
to decrypt the data. Basically encryption will be
defined as the conversion of plain message into a form
called a cipher text that cannot be read by any people
without decrypting the encrypted text. Decryption is
the reverse process of encryption which is the process
of converting the encrypted text into its original plain
text, so that it can be read. So the transformation of
plain text to cipher text is called as encryption. The
transformation of cipher text to plain text is called
decryption. Encryption and decryption are controlled
by keys. As shown in Fig. (1), assuming that the
plaintext and the cipher text are denoted by P and C,
respectively, the encryption procedure in a cipher can
be described as C = E Ke (P), where Ke is the
encryption key and E (・ ) is the encryption function.
[5]Similarly, the decryption procedure is P =DKd (C),
where Kd is the decryption key and D (・ ) is the
decryption function When Ke = Kd, the cipher is
called a private-key cipher or a symmetric cipher For
private-key ciphers, the encryption-decryption key
must be transmitted from the sender to the receiver via
a separate secret channel. When Ke ≠ Kd, the cipher is
called a public-key cipher or an asymmetric cipher.
For public-key ciphers, the encryption key Ke is
published, and the decryption key Kd is kept private,
for which no additional secret channel is needed for
key transfer.[6]
Figure1.1: ) Traditional Encryption Technique
1.1.2 Cryptography
Information security is called cryptography
Cryptography technique is used when secret message
are transferred from one party to another over a
communication line. Cryptography is a hierarchical
science that may be divided into several sub-layers. At
the highest layer,[6][7][8] cryptographic protocols are
used to provide security in various applications such
as online banking, remote login and secure e-mail.
there are two main types of cryptography one is Secret
key cryptography and other one is Public key
cryptography Secret key cryptography is also known
as symmetric key cryptography. With this type of
cryptography, both the sender and the receiver know
the same secret code, called the key. Messages are
encrypted by the sender using the key and decrypted
by the receiver using the same key. Public key
cryptography ,also called asymmetric key
cryptography, uses a pair of keys for encryption and
decryption. With public key cryptography, keys work
in pairs of matched public and private keys. The
security of encrypted data is entirely dependent on two
things: the strength of the cryptographic algorithm and
the secrecy of the key. The key is used for encryption
and decryption and must be kept secret, thereby
requiring the sender and receiver to agree on the same
key before making any data transmissions. The key is
independent of the plaintext. Therefore, the same
plaintext encrypts to different cipher text with
different keys, and thus both processes are impossible
without the use of the correct key.[9]
1.1.2.1 Basic Terms Used in Cryptography
・ Plain Text
The original message that the person wishes to
communicate with the other is defined as Plain Text.
In cryptography the actual message that has to be
send to the other end is given a special name as Plain
Text. For example, Alice is a person wishes to send
“Hello Friend how are you” message to the person
Bob. Here “Hello Friend how are you” is a plain text
message.[10]
・ Cipher Text
The message that cannot be understood by anyone or
meaningless message is what we call as Cipher Text.
In Cryptography the original message is transformed
into non readable message before the transmission of
actual message. For example,
“Ajd672#@91ukl8*^5%” is a Cipher Text produced
for “Hello Friend how are you”.
・ Encryption
A process of converting Plain Text into Cipher Text is
called as Encryption. Cryptography uses the
encryption technique to send confidential messages
through an insecure channel. The process of
encryption requires two things- an encryption
algorithm and a key. An encryption algorithm means
the technique that has been used in encryption.
Encryption takes place at the sender side.
・ Decryption
A reverse process of encryption is called as
Decryption. It is a process of converting Cipher Text
into Plain Text. Cryptography uses the decryption
technique at the receiver side to obtain the original
message from non readable message (Cipher Text).
The process of decryption requires two things- a
3. International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
102
Decryption algorithm and a key. A Decryption
algorithm means the technique that has been used in
Decryption. Generally the encryption and decryption
algorithm are same. Some techniques included in
cryptography are the merging of words with images,
microdots and the different ways of hiding the data in
storage. Cryptography mainly concern with the
conversion plain text into cipher text. This process is
called encryption. The reverse of this process is called
decryption.[11]
2 LITERATURE REVIEW
2.1 Achieving Secure, Scalable, and Fine-grained
Data Access Control in Cloud Computing
Shucheng Yu_, Cong Wang†, Kui Ren†, and Wenjing
Lou_Dept. of ECE, Worcester Polytechnic Institute,
Email: {yscheng, wjlou}@ece.wpi.edu
This paper challenging open issue by, on one hand,
defining and enforcing access policies based on data
attributes, and, on the other hand, allowing the data
owner to delegate most of the computation tasks
involved in fine grained data access control to
untrusted cloud servers without disclosing the
underlying data contents. We achieve this goal by
exploiting and uniquely combining techniques of
attribute-based encryption (ABE), proxy re-
encryption, and lazy re-encryption. Our proposed
scheme also has salient properties of user access
privilege confidentiality and user secret key
accountability.[11]
2.2 Plutus: Scalable secure file sharing on
untrusted storage
Mahesh San Francisco, CA, USA March 31–April 2,
2003
This paper has introduced novel uses of cryptographic
primitives applied to the problem of secure storage in
the presence of untrusted servers and a desire for
owner managed key distribution. Eliminating almost
all requirements for server trust (we still require
servers not to destroy data – although we can detect if
they do) and keeping key distribution (and therefore
access control) in the hands of individual data owners
provides a basis for a secure storage system that can
protect and share data at very large scales and across
trust boundaries.[12]
2.3 SiRiUS: Securing Remote Untrusted Storage
Eu-Jin Goh_, Hovav Shacham†, Nagendra Modadugu,
Dan Boneh‡Stanford University.
This paper presents SiRiUS, a secure file system
designed to be layered over insecure network and P2P
file systems such as NFS, CIFS, Ocean Store, and
Yahoo! Briefcase. SiRiUS assumes the network
storage is untrusted and provides its own read-write
cryptographic access control for file level sharing. Key
management and revocation is simple with minimal
out-of-band communication. File system freshness
guarantees are supported by SiRiUS using hash tree
constructions. SiRiUS contains a novel method of
performing file random access in a cryptographic file
system without the use of a block server.
2.4 Secure Provenance: The Essential of Bread and
Butter of Data Forensics in Cloud Computing
Rongxing Lu†, Xiaodong Lin‡, Xiaohui Liang†, and
Xuemin (Sherman) Shen
In this paper proposed scheme is characterized by
providing the information confidentiality on sensitive
documents stored in cloud, anonymous authentication
on user access, and provenance tracking on disputed
documents. With the provable security techniques, we
formally demonstrate the proposed scheme is secure in
the standard model.[13]
2.5 Ciphertext-Policy Attribute-Based Encryption:
An Expressive, E_cient, and Provably Secure
Realization
Brent Waters _University of Texas at Austin The
present a new methodology for realizing Cipher text-
Policy Attribute Encryption (CP- ABE) under concrete
and non interactive cryptographic assumptions in the
standard model. Our solutions allow any encryptor to
specify access control in terms of any access formula
over the attributes in the system. In our most e_cient
system, ciphertext size, encryption, and decryption
time scales linearly with the complexity of the access
formula. The only previous work to achieve these
parameters was limited to a proof in the generic group
model.
2.6 Attribute-Based Encryption for Fine-Grained
Access Control of Encrypted Data
Vipul Goyal¤ Omkant Pandeyy Amit Sahaiz Brent
Waters x In this work presents more sensitive data is
shared and stored by third-party sites on the Internet,
there will be a need to encrypt data stored at these
sites. One drawback of encrypting data, is that it can
be selectively shared only at a coarse-grained level
(i.e., giving another party your private key). We
develop a new cryptosystem for ¯ ne-grained sharing
of encrypted data that we call Key-Policy Attribute-
Based Encryption (KP-ABE). In our cryptosystem,
ciphertexts are labeled with sets of attributes and
private keys are associated with access structures that
control which ciphertexts a user is able to decrypt. We
demonstrate the applicability of our construction to
sharing of audit-log information and broadcast
encryption.[15]
2.7 Revocation and Tracing Schemes for Stateless
Receivers ?
Dalit Naor1, Moni Naor2??, and Je® Lotspiech1
This method provide a general traitor tracing
mechanism that can be integrated with any Subset-
Cover revocation scheme that satis¯ es a bifurcation
property". This mechanism does not need an a priori
bound on the number of traitors and does not expand
the message length by much compared to the
revocation of the same set of traitors.[16]
4. International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
103
3 PROBLEM STATEMENT
Cloud Computing can handle data both in public and
private domain. But this apparently undisruptive way
of thinking about building applications that has its
own set of issues. The problem is that when cloud
service providers provide service, that time the hacker
might hack the username and the password. So, to
prevent this problem we executed the concept of
encryption technique. encryption is generally used to
encrypt the data. when user upload files, data in the
form of encrypted this data or files download into
decrypted means original form.
4 PROPOSED WORK
In this proposed work we want to secure our data in
cloud because security is the major issue which is
faced by every user. Consider an organization where
there are number of Employees (Users) are working.
Each User has its own LOG IN ID and PASSWORD
where they can store their data and all the organization
is managed and operated by ADMIN. With the help of
RBAC Admin restrict the system from unauthorized
access because there are number of restriction to
download the files of cloud with every user. If any
unauthorized user wants to access the data due to
downloading restriction they can affect some files rest
of files will be saved. RBAC helps to secure our data
in Cloud. encrypt the data and works on these
encrypted data and generate the public key and private
key. Public key will be generated with every file and
Private Key helps to generate the key which is
required for downloading time. This key will be
accessed by user via mail. It also provides a better
storage and security technique over Cloud
architecture.[19][20]
Admin: In an organization, admin create roles for
users & also specify the number of transactions per
user as per their role.
User: A user can upload/ download file. When
uploading file data encryption algorithm used to
encrypt data & signature is included to lock that data
and when downloading the files inversely Blowfish
and RSA are used to decrypt data & signature is used
to unlock the file.
Public Cloud: Public Cloud is used to store data in
the encrypted form.
One Time Password(OTP)
Securing access to your network with OTP provides
an additional layer of security to username and
password. When the user needs to access corporate
data resources, they simply enter their username and
the numeric code provided by the OTP device. The
authentication server validates the code and access is
granted to appropriate network resources. This
increases the security of the login process by ensuring
that the person accessing the network is in possession
of two factors of identity verification. In this case, the
something you have is the OTP device and the
something you know is the username and potentially a
password. This means that someone cannot simply
find a password written down or obtain in through
social engineering, the actually need to have the OTP
device and the right code in conjunction with the
user’s other information to gain access. OTP is a good
first step in securing your network especially when
granting access to remote users. In making this first
step, it is also important to understand the security of
the OTP solution you are implementing. With recent
events, one of the critical factors in OTP security is
key management and token personalization. It is
important to know how the keys for the token were
created and key stored
Algorithm
RSA
RSA is widely used Public-Key algorithm. RSA
stands for Ron Rivest, Adi amir and Len Adleman,
who first publicly described it in 1977. In this
proposed work, used RSA algorithm to encrypt the
data to provide security so that only the concerned
user can access it. [5]. User data is encrypted first and
then it is stored in the Cloud. When required, user
places a request for the data for the Cloud provider,
Cloud provider authenticates the user and delivers the
data. Here we explain RSA algorithm.
RSA algorithm involves three steps:
Key Generation:
Before the data is encrypted, Key generation should be
done. This process is done between the Cloud service
provider and the user.
Encryption:
Encryption is the process of converting original plain
text (data) into cipher text (data).
Decryption:
Decryption is the process of converting the cipher text
(data) to the original plain text (data).
An RSA algorithm is the genetic algorithms in the
security system in the cryptography [6].
AES
As a replacement ,NIST in 1997 issued a call for
proposals for new Advanced Encryption Standard
(AES) ,which should have security strength equal to or
better than 3DES and significant ,improved
Encrypt
edion
5. International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
104
efficiency.In addition to these general requirement,
NIST specified that AES must be a symmetric block
cipher with a block length of 128 bits and support for
key lengths of128,192,and 256bits. Overall Structure
of AES-
1]The input to the encryption and decryption
algorithms is single 128-bit block.
2]This block is copied into State array ,which is
modified at each stage of encryption or decryption.
3]After the final stage ,state is copied to an output
matrix .the example ,the first four bytes of 128-bit
plaintext input to the encryption cipher occupy the
first column of the in matrix ,the second four bytes
occupy the second column ,and so on. 4]Similarly ,the
first four bytes of the expanded key, which form a
word, occupy the first column of the w matrix. The
Admin login page shows the admin id label and its
respective password label along with login button.
After entering the correct admin id and password,
admin has to click on login button to get redirected on
its respective account
Admin login form
Admin basic settings if any regarding profile pictures
and basic information Changes.
Admin setting
The User login page shows the User id label and its
respective password label along with login button.
After entering the correct user id and password, user
has to click on login button to get redirected on its
respective account. User login for registered and
authenticate users with their valid username and
password.
User login
User home assignment after successfully user
authentication and user login with valid username and
password.
User Setting
User basic settings if any regarding profile pictures
and basic information Changes. As well password
changes and OTP i.e. identity token getting by email if
there is a possibility of forgetting token keywords.
Total Upload on all server graph
5. CONCLUSION
In this paper , it design a secure data sharing
scheme,for dynamic groups in an untrusted cloud. user
is able to share data with others in the group without
revealing identity privacy to the cloud. Additionally, it
supports efficient user revocation and new user
joining. More specially, efficient user revocation can
be achieved through a public revocation list without
updating the private keys of the remaining users, and
6. International Journal of Research in Advent Technology, Vol.3, No.12, December 2015
E-ISSN: 2321-9637
Available online at www.ijrat.org
105
new users can directly decrypt files stored in the cloud
before their participation. Moreover, the storage
overhead and the encryption computation cost are
constant. Extensive analyses show that our proposed
scheme satisfies the desired security requirements and
guarantees efficiency as well. In proposed work a
cryptographic storage system that enables secure file
sharing on untrusted servers, named Plutus. By
dividing files into file groups and encrypting each file
group with a unique file-block key, the data owner can
share the file groups with others through delivering the
corresponding lockbox key, where the lockbox key is
used to encrypt the file-block keys. However, it brings
about a heavy key distribution overhead for large-
scale file sharing. Additionally, the file-block key
needs to be updated and distributed again for a user
revocation.
REFERENCES
[1] Xuefeng Liu, Yuqing Zhang, Member, IEEE,
Boyang Wang, and Jingbo YannMona:“Secure
Multi-Owner Data Sharingfor Dynamic Groups in
the Cloud”IEEE Transactions on Parallel and
Distributed System vol 24,no.6.June 2013
[2] Danan Thilakanathan, Shiping Chen, Surya Nepal
and Rafael A. Calvo “Security, Privacy and Trust
in Cloud Systems”, 45 DOI: 10.1007/978-3-642-
38586-5Springer-Verlag Berlin Heidelberg 2014
[3] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph,
R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson,
A. Rabkin, I. Stoica, and M. Zaharia, “A View of
Cloud Computing,” Comm. ACM, vol. 53,no. 4,
pp. 50-58, Apr. 2010
[4] G. Wang, Q. Liu, J. Wu and M. Guo,
“Hierarchical Attribute-Based Encryption and
Scalable User Revocation for Sharing Data in
Cloud Servers”, IEEE Computers & Society, vol.
30, no. 5, pp. 320–331,2013.
[5] Uma B. Ajantiwale1, Prof. RanjaBadre “ Security
Provided by Using Two Layer Encryption
Process in Public Cloud.” International Journal of
Futuristic Machine Intelligence & Application
(IJFMIA) Vol. 1 Issue2,ISSN 2395-308x
[6] Suresh Sakhare, Sunil Shinde, and Nayna
Sonawane “Privacy Preserving Delegated Access
Control in Public Clouds with Two Layer
Encryption” IJISET - International Journal of
Innovative Science, Engineering & Technology,
Vol. 2 Issue 3, March 2015. ISSN 2348 – 7968
[7] K. Suganya, V. Geetha EFFICIENT FINE-
GRAINED PRIVACY PRESERVING SYSTEM
FOR PUBLIC CLOUD NETWORKS
International Journal of Advanced Research in
Computer Engineering & Technology (IJARCET)
Volume 3 Issue 11, November 2014
[8] P Lavanya, S Komala and N Vikram
“Anonymous Data Sharing Scheme form
Dynamic Groups in an Untrusted Cloud”
International Journal of Computer Science
Volume 2, Issue 8, August 2014
[9] umar Piyush, 2A.Ganesh Kumar”A Methodology
for Assigning Access Control to Public Clouds”
International Journal of Computer Science and
Mobile Computing A Monthly Journal of
Computer Science and Information Technology
Vol. 3, Issue. 12, December 2014, pg.126 – 132
ISSN 2320–088X
[10]Wassim Itani Ayman Kayssi Ali Chehab “Privacy
as a Service: Privacy-Aware Data Storage and
Processing in Cloud Computing Architectures”
International Conference on Dependable,
Autonomic and Secure Computing 2011
[11]Goldreich, “Data Storage Security in Cloud
Computing” IEEE transactions on parallel and
distributed system, Volume 24, NO. 6, June-
2013.
[12]Parsi kalpana, Sudha Singaraju. “Data Security in
Cloud Computing Using MREA algorithm and
RSA Method ”, International Journal of Computer
science and technology ,Vol 1, No. 6, pp. 891-
904, September 2012.
[13]Masoud Nosrati Ronak Karimi Mehdi Harir
“Audio Steganography: A Survey on Recent
Approaches” IEEE Transactions On Dependable
And Secure Computing, Vol 2, No 3, March
2012.
[14]Sathana, J.Shanthini, “Three Level Security
System for Dynamic Group in Cloud
“International Journal of Computer Science
Trends and Technology (IJCST) – Volume1
Issue2, Nov-Dec 2013
[15]Singla, Jasmeet Singh. "Cloud data security using
authentication and encryption technique."
“International Journal of Computer Science –
Volume1 Issue2, Nov-2013
[16]Parsi, and Sudha Singaraju. "Data security in
cloud computing using RSA algorithm."IEEE
International Conference on Trust, Security and
Privacy in Computing and Communications, 978-
0-7695-5022, pp. 768 to 775, November 2013
[17]Shashank Bajpai, Padmija Srivastava, “A Fully
Homomorphic Encryption Implementation on
Cloud Computing”, ," IEEE Trans. on Cloud
Computing., vol. 11, no. 6, pp. 670 - 684, 2014.
[18]E. Damiani, S. De Capitani di Vimercati, S.
Foresti, S. Jajodia, S. Paraboschi and P. Samarati,
“Key Management for Multi-User Encrypted
Databases,” in Proc. ACM Workshop Storage
Security and Survivability, pp. 74 – 83. Nov
2012.
[19] H. Patil, Rakesh R. Bhavsar and Akshay S.
Thorve, “Data Security over Cloud”, IEEE
Transactions On Parallel And Distributed
Systems,Vol-24,No.4 pp. 11-14, 2012.