The document proposes an attribute-based storage system that supports secure deduplication of encrypted data in cloud computing. It uses ciphertext-policy attribute-based encryption (CP-ABE) which allows data to be encrypted for access by users with specific attributes, avoiding duplicate storage. A private cloud performs duplicate detection and regeneration of ciphertexts for the same data under different access policies, while a public cloud stores the data. This ensures secure data sharing and prevents wasted storage from duplicative encrypted copies of the same data.
Attribute-Based Cloud Storage with Secure Data Deduplication
1. Attribute-Based Storage Supporting SecureDeduplication of Encrypted Data
in Cloud
Abstract
Attribute-based encryption (ABE) has been widely used in cloud computing where
a data provider outsources his/herencrypted data to a cloud service provider, and
can share the data with users possessing specific credentials (or attributes).
However,the standard ABE system does not support secure de-duplication, which
is crucial for eliminating duplicate copies of identical data inorder to save storage
space and network bandwidth. In this paper, we present an attribute-based storage
system with securede-duplication in a hybrid cloud setting, where a private cloud is
responsible for duplicate detection and a public cloud manages thestorage.
Compared with the prior data de-duplication systems, our system has two
advantages. Firstly, it can be used to confidentiallyshare data with users by
specifying access policies rather than sharing decryption keys. Secondly, it
achieves the standard notion ofsemantic security for data confidentiality while
existing systems only achieve it by defining a weaker security notion. In addition,
we putforth a methodology to modify a ciphertext over one access policy into
ciphertexts of the same plaintext but under other access policieswithout revealing
the underlying plaintext.
Existing System:
In existing system a data provider Bob intends toupload a file M to the cloud, and
share M (file data) with users havingcertain credentials. In order to do so, Bob
encrypts M underan access policy A over a set of attributes, and uploadsthe
corresponding ciphertext to the cloud, such that onlyusers whose sets of attributes
satisfying the access policycan decrypt the ciphertext. Later, another data provider
Alice, uploads a ciphertext for the same underlying file Mbut ascribed to a
2. different access policy A0. Since the fileis uploaded in an encrypted form, the
cloud is not able todiscern that the plaintext corresponding to Alice’s ciphertextis
the same as that corresponding to Bob’s, and will storeM twice. Obviously, such
duplicated storage wastes storage space and communication bandwidth.
Proposed System:
In this paper, we present an attribute-based storage systemwhich employs
ciphertext-policy attribute-based encryption(CP-ABE) and supports secure
deduplication. In the proposed attributed-based system,the same file could be
encrypted to different ciphertextsassociated with different access policies, storing
only oneciphertext of the file means that users whose attributessatisfy the access
policy of a discarded ciphertext (but notthat of the stored ciphertext) will be denied
to access thedata that they are entitled to. To overcome this problem,we equip the
private cloud with another capability namedciphertext regeneration. For a
ciphertext c of a plaintext Mwith access policy A, the private cloud will be
provided witha trapdoor key which is generated along with the ciphertextc by a
data provider. The private cloud can use the trapdoorkey to convert the ciphertext c
with access policy A to anew ciphertext C with another access policy A0 without
knowing the underlying message M. Thus, if two dataproviders happen to upload
two ciphertexts correspondingto the same file but under different access policies A
andA0, the private cloud can regenerate a ciphertext for thesame underlying file
with an access policy A UA0 usingthe corresponding trapdoor key and then store
the newciphertext instead of the old one in the public cloud.
3. System Architecture:
Fig.1: System architecture of attribute-based storage withsecure deduplication.
Modules:
Data Provider:
A data provider wants to outsource his/her datato the cloud and share it with users
possessing certaincredentials.
Attribute Authority (AA):
In this system Attribute Authority can generate first Public Key PK and Master
Key MK as well The authority executes the algorithm which inputs a set of
attributes S(S ⊆ A˜) and creates a Secret Key SK and these keys can be send to
authorized User‘s.
Cloud:
The cloud consists of a public cloud which is in charge of data storage and a
private cloud which performs certain computation suchas tag checking.
4. User:
At the user side, each user can download an item, anddecrypt the ciphertext with
the attribute-based private keygenerated by the AA if this user’s attribute set
satisfies theaccess structure. Each user checks the correctness of thedecrypted
message using the label, and accepts the messageif it is consistent with the label.
SYSTEM CONFIGURATION:
Hardware requirements:
Processer : Any Update Processer
Ram : Min 1 GB
Hard Disk : Min 100 GB
Software requirements:
Operating System : Windows family
Technology : Java (1.7/1.8)
Front-End Technologies : Html, Html-5, JavaScript, CSS.
Web Server : Tomcat 7/8
Database (Back – End) : My SQL5.5
IDE : EditPlus
Implemented by
Development team : Cloud Technologies
Website : http://www.cloudstechnologies.in/
Contact : 8121953811, 040-65511811