Improving Cloud Security for Authentication using Attribute Based Encryption. Attribute-based encryption is a type of public key encryption in which the secret key of a user and the cipher text are dependent upon attributes. The decryption of a cipher text is possible only if the set of attributes of the user key matches the attributes of the cipher text. A crucial security aspect of Attribute-Based Encryption is collusion-resistance: An adversary that holds multiple keys should only be able to access data if at least one individual key grants access. Cloud computing is a type of Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand. Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers that may be located far from the user–ranging in distance from across a city to across the world. There were several cases of security breach on the cloud in the past few year and data security was compromised like Adobe’s Security Breach, Amazon website failure and many security attacks like this motivated us to work on strict security measures on cloud. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE cipher text satisfied by that user’s attributes into a simple cipher text, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed cipher text. Security of an ABE system with outsourced decryption ensures that an adversary including a malicious cloud will not be able to learn anything about the encrypted message. The formal model of ABE with outsourced decryption forms a concrete scheme. Data owner decides the access using combinations of or policies and encrypt the file and corresponding authentic user can decrypt it using their policies.

1. Presented By-
Ankit Raj (1309113012)
Aqib Jamal (1309113017)
Nisha Gupta (1309113056)
Akash Prajapati (1309113008)
Authentication on Cloud using Attribute Based Encryption
Mentor-
Mrs. Archana Saxena

2. • As cloud is widely used for remote access
of information as well as transfer of
information geographically, so there is a
great need of making cloud even more
secure.
• Attribute Based Encryption can help in
increasing the security on cloud.
• ABE is a public-key based one-to-many
encryption that allows users to encrypt
and decrypt data based on user attributes.
Fig 1:Cloud Services[4]

3. Improving Cloud Security for Authentication using Attribute Based
Encryption.

4. • Design and develop attribute based encryption(ABE)
algorithm.
• Use a cloud environment and implement ABE on cloud.

5. • The concept of ABE was first proposed by Amit Sahai and Brent Waters[1]
Sahai and Waters gave two concepts
1. IBE: Concept uses Biometric Identities.
2. Attribute based Encryption: Encrypt a document to all users that have
certain set of attributes.
Contd…

6. Although ABE concept is very powerful and a promising mechanism, ABE systems suffer mainly from
two drawbacks:
• Non-efficiency.
• proposal was much expensive decryption.
Fig 2: ABE scheme[4]
OR

7. In order to reduce the cost of Decryption Lia[2] suggested to outsource the
majority of actual data without revealing private key.
Considering a new requirement of ABE with outsourced decryption: Modifying
the original model of ABE with outsourced decryption proposed by Green to
include verifiability.
A concrete ABE scheme with outsourced decryption and proved that it is secure.
Lin[3] proposed an algorithm that provided a decryption algorithm for ABE,
whose computational time and cost was half as that of traditional decryption
algorithm of ABE.
Contd…

8. If receiver wants to download the file, they have to send request to cloud proxy server.
When proxy server will verify receiver then server will ask for transformation key. This
key will be generated through the attributes of receiver.
Transformation key is used for transforming cipher text into simpler cipher text.
Now simpler cipher text is send to receiver who decrypt simpler cipher text into plain text
using receiver secret key.
Fig:3 System Architecture[2]

10. Encrypt
Cloud Authentication
Cloud
Authority
Consumer
Portal
Consumer Decrypt
Fig. 4: Architecture of ABE on cloud
Owner

11. 1. Setup: Here is the depth of key structure. Take as input a parameter. It outputs a
public key PK and master secret key MK.
2. Key-gen: Takes as input the master secret key MK, user attributes, It outputs a
secret key SK for user u.
3. Encrypt: Takes as input the public key PK, a message M, and an access tree T . It
outputs a ciphertext CT.
4. Decrypt: Take as input a ciphertext CT and a secret key SK for user u. It outputs a
message m . If the key structure A associated with the secret key SK, satisfies the
access tree T, associated with the ciphertext CT, then m is the original correct
message M.

12. Setup Algorithm

13. Key Gen Algorithm

14. Encryption Algorithm

15. Decryption Algorithm

22. Successful Decryption for Authentic User

23. Decryption Fails for Unauthentic User

24. Fig 4: Comparison with other technique[6]

25. • Files stored in cloud can be corrupted. So for this issue
using the file recovery technique to recover the corrupted
file successfully.
• Data loss may occur because replicas of file storage is not
maintained.
• The project can be extended for multi user attribute
system where if all the authorized users are present then
only file can be decrypted successfully. Less than required
authorized users can’t decrypt the file.
Implementation of Attribute Based Encryption is done with
outsource decryption Technique.
Following are the future scope for our project

26. Decrypt

27. [1] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” International
Association for Cryptologic Research, Springer,2005.
[2] J. Lai, R. H. Deng, C. Guan, and J. Weng, “Attribute-based encryption
with verifiable outsourced decryption,” IEEE Trans. Inf. Forensics Security,
vol. 8, no. 8, pp. 1343–1354, Aug. 2013.
[3] Suqing Lin, Rui Zhang, Hui Ma, and Mingsheng Wang,“Revisiting
Attribute-Based Encryption With Verifiable Outsourced Decryption“, IEEE
Transactions On Information Forensics And Security, Vol. 10, No. 10, Feb
2016

28. [4] http://cloudcomputingvilla.com/how-does-cloud-computing-work/
[5] http://ualr.edu/sxyu1/cloud.htm
[6] P.Madhubala, Dr.P.Thangaraj ,” Comprehensive and Comparative Analysis of
Cryptographic Solutions in Cloud,” International Journal of Innovative Research in
Computer and Communication Engineering, Vol. 2, Issue 10, October 2014
[7] Eric Zavattoni, Luis J. Dominguez Perez, Shigeo Mitsunari, Ana H. S´anchez-
Ram´ırez, Tadanori Teruya, and Francisco Rodr´ıguez-Henr´ıquez, ”Software
implementation of an Attribute-Based Encryption scheme,” IEEE Transactions on
Computers, May 2015