This presentation discusses achieving secure, scalable, and fine-grained data access control in cloud computing. It proposes a scheme that enables data owners to delegate tasks like data file re-encryption and user secret key updates to cloud servers without disclosing data contents or access privileges. The scheme uses attribute-based encryption, proxy re-encryption, and lazy re-encryption to define access policies based on data attributes while allowing computation tasks to be delegated. The presentation covers an architecture, working, modules, advantages and disadvantages of the proposed scheme.
Introduction to IEEE STANDARDS and its different types.pptx
Achieving Secure Scalable Fine-Grained Data Access in Cloud
1. P R E S E N T A T I O N O N
ACHIEVING SECURE, SCALABLE,
AND FINE-GRAINED DATA ACCESS
CONTROL IN CLOUD COMPUTING
P.S.G.V.P.M’s
D.N.Patel C.O.E. Shahada
Department Of Computer & IT
GUIDED BY:
PROF.V.T.PATIL
PRESENTED BY:
GIRASE KIRAN V.
RAJPUT NILESH D.
{COMPUTER SCIENCE}
3. INTRODUCTION
Cloud computing is a promising computing paradigm which
recently has drawn extensive attention from both academia and
industry. By combining a set of existing and new techniques
from research areas such as Service-Oriented Architectures
(SOA) and virtualization, cloud computing is regarded as such
a computing paradigm in which resources in the computing
infrastructure are provided as services over the Internet.
The proposed scheme enables the data owner to delegate tasks
of data file re-encryption and user secret key update to cloud
servers without disclosing data contents or user access
privilege information.
3
DEPARTMENT OF COMPUTER & IT
2014-15
4. DEPARTMENT OF COMPUTER & IT
2014-15
4
Data security, as it exists in many other applications, is among
these challenges that would raise great concerns from users
when they store sensitive information on cloud servers. These
concerns originate from the fact that cloud servers are usually
operated by commercial providers which are very likely to be
outside of the trusted domain of the users.
The owner enjoy fine-grained access control of data stored on
cloud servers, a feasible solution would be encrypting data
through certain cryptographic primitive(s), and disclosing
decryption keys only to authorized users.
5. LITERATURE SURVEY
This paper addresses this challenging open issue by, on one
hand, defining and enforcing access policies based on data
attributes, and, on the other hand, allowing the data owner to
delegate most of the computation tasks involved in fine-
grained data access control to cloud servers without disclosing
the underlying data contents. We achieve this goal by
exploiting and uniquely combining techniques of attribute-
based encryption (ABE), proxy re-encryption, and lazy re-
encryption. Our proposed scheme also has salient properties of
user access privilege confidentiality and user secret key
accountability. This Paper presents more sensitive data is
shared and stored by third-party sites on the Internet, there will
be a need to encrypt data stored at these sites.
5
DEPARTMENT OF COMPUTER & IT
2014-15
7. WORKING
DEPARTMENT OF COMPUTER & IT
2014-15
7
we consider a cloud data system consisting of data owners,
data users, Cloud Servers, and a third Party Auditor. A data
owner stores his sensitive data on Cloud Servers.
Users are issued attributes. To access the remote stored data
files shared by the data owner, users need to download the data
files from the Cloud Servers. For simplicity, we assume that
the only access privilege for users is data file reading.
Cloud Servers are always online and operated by Cloud
Service Provider (CSP). The Third Party Auditor is also an
always online party which audits every file access event. In
addition, we also assume that the data owner can store data
files besides running his own code on Cloud Servers to
manage his data files.
8. MODULE DESCRIPTION
DEPARTMENT OF COMPUTER & IT
2014-15
8
KP-ABE(Key Policy-Attribute Based Encryption):-It is a
public key cryptography primitive for one-to-many
communications. In KP-ABE, data are associated with
attributes for each of which a public key component is
defined. it with the corresponding public key components.
Each user is assigned an access structure which is usually
defined as an access tree over data attributes.
9. DEPARTMENT OF COMPUTER & IT
2014-15
9
Setup This algorithm takes as input a security parameter κ and the
attribute universe U = {1, 2, . . .,N} of cardinality N. It defines a
bilinear group G1 of prime order p with a generator g, a bilinear
map e : G1 × G1 → G2 which has the properties of bilinearity,
computability, and non-degeneracy.
It returns the public key PK as well as a system master key MK as
follows:
PK = (Y, T1, T2, . . . , TN)
MK = (y, t1, t2, . . . , tN)
where Ti ∈ G1 and ti ∈ Zp are for attribute i, 1 ≤ i ≤ N, and Y ∈ G2
is another public key component. While PK is publicly known to all
the parties in the system, MK is kept as a secret by the authority
party.
10. DEPARTMENT OF COMPUTER & IT
2014-15
10
Encryption:
This algorithm takes a message M, the public key PK, and a set of
attributes I as input. It outputs the cipher text E with the following format:
E = (I, ˜ E, {Ei}i )
where ˜E = MY, Ei = Ti.
Secret key generation:
This algorithm takes as input an access tree T, the master key MK, and the
public key PK. It outputs a user secret key SK as follows.
SK = {ski}
Decryption:
This algorithm takes as input the cipher text E encrypted under the attribute
set U, the user’s secret key SK for access tree T, and the public key PK. Finally it
output the message M if and only if U satisfies T.
14. ADVANTAGES
DEPARTMENT OF COMPUTER & IT
2014-15
14
Low initial capital investment
Shorter start-up time for new services
Lower maintenance and operation costs
Higher utilization through virtualization
Easier disaster recovery
15. DISADVANTAGES
DEPARTMENT OF COMPUTER & IT
2014-15
15
• Software update could change security settings,
assigning privileges too low
• Security concerns
Control of your data/system by third-party
16. Conclusion
DEPARTMENT OF COMPUTER & IT
2014-15
16
This paper constructs an ABE based cryptography scheme for
implementing fine-grained access control for cloud computing.
The constructed scheme enables user accoutability, which can be
used to prevent illegal key usages.
we identify the need for fine-grained access control in cloud
computing.
we achieve user accountability by inserting user specific
information into users’ attribute private keys.
we perform a comprehensive security analysis with respect to
data confidentiality and finegrained access control.
18. REFERENCES
DEPARTMENT OF COMPUTER & IT
2014-15
18
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A.
Konwinski,G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M.
Zaharia, “Above the clouds: A berkeley view of cloud
computing,” University of California, Berkeley, Tech. Rep. USB-
EECS-2009-28, Feb 2009.
Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public
verifiability and data dynamics for storage security in cloud
computing,” in Proc. of ESORICS ’09, 2009.
L. Youseff, M. Butrico, and D. D. Silva, “Toward a unified
ontology of cloud computing,” in Proc. of GCE’08, 2008.