Achieving Secure Scalable Fine-Grained Data Access in Cloud

P R E S E N T A T I O N O N
ACHIEVING SECURE, SCALABLE,
AND FINE-GRAINED DATA ACCESS
CONTROL IN CLOUD COMPUTING
P.S.G.V.P.M’s
D.N.Patel C.O.E. Shahada
Department Of Computer & IT
GUIDED BY:
PROF.V.T.PATIL
PRESENTED BY:
GIRASE KIRAN V.
RAJPUT NILESH D.
{COMPUTER SCIENCE}

Contents
INTRODUCTION
LITERATURE SURVEY
ARCHITECTURE
WORKING
MODULE DESCRIPTION
UML DIAGRAMS
ADVANTAGES
DISADVANTAGES
CONCLUSION
REFERENCES
2
DEPARTMENT OF COMPUTER & IT 2014-15

INTRODUCTION
 Cloud computing is a promising computing paradigm which
recently has drawn extensive attention from both academia and
industry. By combining a set of existing and new techniques
from research areas such as Service-Oriented Architectures
(SOA) and virtualization, cloud computing is regarded as such
a computing paradigm in which resources in the computing
infrastructure are provided as services over the Internet.
 The proposed scheme enables the data owner to delegate tasks
of data file re-encryption and user secret key update to cloud
servers without disclosing data contents or user access
privilege information.
3
DEPARTMENT OF COMPUTER & IT
2014-15

2014-15
4
 Data security, as it exists in many other applications, is among
these challenges that would raise great concerns from users
when they store sensitive information on cloud servers. These
concerns originate from the fact that cloud servers are usually
operated by commercial providers which are very likely to be
outside of the trusted domain of the users.
 The owner enjoy fine-grained access control of data stored on
cloud servers, a feasible solution would be encrypting data
through certain cryptographic primitive(s), and disclosing
decryption keys only to authorized users.

LITERATURE SURVEY
 This paper addresses this challenging open issue by, on one
hand, defining and enforcing access policies based on data
attributes, and, on the other hand, allowing the data owner to
delegate most of the computation tasks involved in fine-
grained data access control to cloud servers without disclosing
the underlying data contents. We achieve this goal by
exploiting and uniquely combining techniques of attribute-
based encryption (ABE), proxy re-encryption, and lazy re-
encryption. Our proposed scheme also has salient properties of
user access privilege confidentiality and user secret key
accountability. This Paper presents more sensitive data is
shared and stored by third-party sites on the Internet, there will
be a need to encrypt data stored at these sites.
5
2014-15

ARCHITECTURE OF CLOUD COMPUTING
2014-15
6

WORKING
2014-15
7
 we consider a cloud data system consisting of data owners,
data users, Cloud Servers, and a third Party Auditor. A data
owner stores his sensitive data on Cloud Servers.
 Users are issued attributes. To access the remote stored data
files shared by the data owner, users need to download the data
files from the Cloud Servers. For simplicity, we assume that
the only access privilege for users is data file reading.
 Cloud Servers are always online and operated by Cloud
Service Provider (CSP). The Third Party Auditor is also an
always online party which audits every file access event. In
addition, we also assume that the data owner can store data
files besides running his own code on Cloud Servers to
manage his data files.

MODULE DESCRIPTION
2014-15
8
 KP-ABE(Key Policy-Attribute Based Encryption):-It is a
public key cryptography primitive for one-to-many
communications. In KP-ABE, data are associated with
attributes for each of which a public key component is
defined. it with the corresponding public key components.
Each user is assigned an access structure which is usually
defined as an access tree over data attributes.

2014-15
9
 Setup This algorithm takes as input a security parameter κ and the
attribute universe U = {1, 2, . . .,N} of cardinality N. It defines a
bilinear group G1 of prime order p with a generator g, a bilinear
map e : G1 × G1 → G2 which has the properties of bilinearity,
computability, and non-degeneracy.
It returns the public key PK as well as a system master key MK as
follows:
PK = (Y, T1, T2, . . . , TN)
MK = (y, t1, t2, . . . , tN)
where Ti ∈ G1 and ti ∈ Zp are for attribute i, 1 ≤ i ≤ N, and Y ∈ G2
is another public key component. While PK is publicly known to all
the parties in the system, MK is kept as a secret by the authority
party.

2014-15
10
 Encryption:
This algorithm takes a message M, the public key PK, and a set of
attributes I as input. It outputs the cipher text E with the following format:
E = (I, ˜ E, {Ei}i )
where ˜E = MY, Ei = Ti.
 Secret key generation:
This algorithm takes as input an access tree T, the master key MK, and the
public key PK. It outputs a user secret key SK as follows.
SK = {ski}
 Decryption:
This algorithm takes as input the cipher text E encrypted under the attribute
set U, the user’s secret key SK for access tree T, and the public key PK. Finally it
output the message M if and only if U satisfies T.

UML Diagrams 1.USE CASE
2014-15
11

2.CLASS DIAGRAM
2014-15
12

3.SEQUENCE DIAGRAM
2014-15
13

ADVANTAGES
2014-15
14
 Low initial capital investment
 Shorter start-up time for new services
 Lower maintenance and operation costs
 Higher utilization through virtualization
 Easier disaster recovery

DISADVANTAGES
2014-15
15
• Software update could change security settings,
assigning privileges too low
• Security concerns
 Control of your data/system by third-party

Conclusion
2014-15
16
 This paper constructs an ABE based cryptography scheme for
implementing fine-grained access control for cloud computing.
The constructed scheme enables user accoutability, which can be
used to prevent illegal key usages.
 we identify the need for fine-grained access control in cloud
computing.
 we achieve user accountability by inserting user specific
information into users’ attribute private keys.
 we perform a comprehensive security analysis with respect to
data confidentiality and finegrained access control.

2014-15
17

REFERENCES
2014-15
18
 M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A.
Konwinski,G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M.
Zaharia, “Above the clouds: A berkeley view of cloud
computing,” University of California, Berkeley, Tech. Rep. USB-
EECS-2009-28, Feb 2009.
 Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public
verifiability and data dynamics for storage security in cloud
computing,” in Proc. of ESORICS ’09, 2009.
 L. Youseff, M. Butrico, and D. D. Silva, “Toward a unified
ontology of cloud computing,” in Proc. of GCE’08, 2008.

Any Questions ?
2014-15
19

Achieving Secure Scalable Fine-Grained Data Access in Cloud

Recommended

Recommended

More Related Content

What's hot

What's hot (17)

Similar to Achieving Secure Scalable Fine-Grained Data Access in Cloud

Similar to Achieving Secure Scalable Fine-Grained Data Access in Cloud (20)

Recently uploaded

Recently uploaded (20)

Achieving Secure Scalable Fine-Grained Data Access in Cloud

Editor's Notes