RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage

•Download as PPTX, PDF•

1 like•1,206 views

This document proposes a robust and auditable access control system with multiple attribute authorities for public cloud storage. It addresses the single point of failure and low efficiency issues of existing ciphertext-policy attribute-based encryption (CP-ABE) schemes that rely on a single attribute authority. The proposed system employs multiple attribute authorities to share the user verification load and introduces a central authority to generate secret keys for legitimate users. It also includes an auditing mechanism to detect any attribute authority that incorrectly performs user verification.

RAAC: Robust and Auditable
Access Control with Multiple
Attribute Authorities for Public
Cloud Storage

ABSTRACT
• Data access control is a challenging issue in public cloud
storage systems. Ciphertext-policy attribute-based
encryption (CP-ABE) has been adopted as a promising
technique to provide flexible, fine-grained, and secure
data access control for cloud storage with honest-but-
curious cloud servers.
• However, in the existing CP-ABE schemes, the single
attribute authority must execute the time-consuming
user legitimacy verification and secret key distribution,
and hence, it results in a single-point performance
bottleneck when a CP-ABE scheme is adopted in a large-
scale cloud storage system.

CONTI..
• Users may be stuck in the waiting queue for a
long period to obtain their secret keys, thereby
resulting in low efficiency of the system.
• Although multi-authority access control schemes
have been proposed, these schemes still cannot
overcome the drawbacks of single-point
bottleneck and low efficiency, due to the fact that
each of the authorities still independently
manages a disjoint attribute set

EXISTING SYSTEM
• To address the issue of data access control in cloud storage,
there have been quite a few schemes proposed, among which
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is re-
garded as one of the most promising techniques.
• A salient feature of CP-ABE is that it grants data owners direct
control power based on access policies, to provide flexible,
fine-grained and secure access control for cloud storage
systems.
• In CP-ABE schemes, the access control is achieved by using
cryptography, where an owner’s data is encrypted with an ac-
cess structure over attributes, and a user’s secret key is labelled
with his/her own attributes.

CONTI..
• Only if the attributes associated with the user’s
secret key satisfy the access structure, can the
user decrypt the corresponding ciphertext to
obtain the plaintext.

PROPOSED SYSTEM
• In this paper, we propose a novel heterogeneous
framework to remove the problem of single-point
performance bottleneck and provide a more efficient
access control scheme with an auditing mechanism.
Our framework employs multiple attribute authorities
to share the load of user legitimacy verification.
• Meanwhile, in our scheme, a central authority is
introduced to generate secret keys for legitimacy
verified users.

CONTI..
• Unlike other multi-authority access control
schemes, each of the authorities in our scheme
manages the whole attribute set individually.
• To enhance security, we also propose an
auditing mechanism to detect which attribute
authority has incorrectly or maliciously
performed the legitimacy verification
procedure.

SYSTEM REQUIREMNTS
• HARDWARE REQUIREMENS
• System : Pentium IV 2.4 GHz.
• Hard Disk : 40 GB.
• Ram : 512 Mb.
• SOFTWARE REQURIEMENTS
• Operating system : Windows XP/7.
• Coding Language: : JAVA/J2EE
• IDE : Netbeans 7.4
• Database : MYSQL

This document discusses an attribute-based storage system that supports secure deduplication of encrypted data in the cloud. It aims to allow data providers to outsource encrypted data to the cloud while maintaining confidentiality. The system uses a hybrid cloud setting where a private cloud detects duplicates and a public cloud manages storage. This allows confidential data sharing through access policies rather than key sharing, and provides semantic security for data confidentiality. Existing systems only provide weaker security. The system requirements for hardware include a Pentium IV 2.4 GHz processor and 1 GB RAM, and for software include Windows 7, C# coding, Visual Studio IDE, and MS SQL Server database.

Time and Attribute Factors Combined Access Control on Time-Sensitive Data in ...

Prasadu Peddi

This document proposes a new scheme called TAFC (Time and Attribute Factors Combined) access control for time-sensitive data stored in the cloud. It embeds timed-release encryption into ciphertext-policy attribute-based encryption (CP-ABE) to allow fine-grained access control based on user attributes and time factors. Existing approaches have limitations like high client overhead or lack of practical fully homomorphic encryption. The proposed TAFC scheme aims to address these issues by leveraging cloud storage advantages while protecting data confidentiality against untrusted cloud servers through attribute-based encryption.

A Cross Tenant Access Control (CTAC) Model for Cloud Computing: Formal Specif...

Prasadu Peddi

This document proposes a Cross Tenant Access Control model for cloud computing. It specifies a cloud resource mediation service that acts as a trusted third party to facilitate secure resource sharing between tenants. Formal specifications and verification are provided for permission activation and delegation algorithms that govern resource access between tenants. The model addresses limitations of traditional access control for cross-tenant resource sharing in cloud environments.

Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Prese...

Prasadu Peddi

This document proposes an identity-based remote data integrity checking protocol for cloud storage that provides perfect data privacy while reducing complexity. It formalizes the security model for identity-based remote data integrity checking, including security against malicious servers and zero-knowledge privacy for third-party verifiers. The proposed protocol uses an asymmetric group key agreement primitive to construct an identity-based remote data integrity checking scheme without relying on public key infrastructure.

Distributed, Concurrent, and Independent Access to Encrypted Cloud Databases

JPINFOTECH JAYAPRAKASH

Distributed, Concurrent, and Independent Access to Encrypted Cloud Databases To get this project in ONLINE or through TRAINING Sessions, Contact:JP INFOTECH, Old No.31, New No.86, 1st Floor, 1st Avenue, Ashok Pillar, Chennai -83. Landmark: Next to Kotak Mahendra Bank. Pondicherry Office: JP INFOTECH, #45, Kamaraj Salai, Thattanchavady, Puducherry -9. Landmark: Next to VVP Nagar Arch. Mobile: (0) 9952649690 , Email: jpinfotechprojects@gmail.com, web: www.jpinfotech.org Blog: www.jpinfotech.blogspot.com

Ensuring data integrity on cloud data storage

Ratheesh Kumar R

Cloud storage moves user data to remote data centers that users do not control, posing new security challenges. The document proposes a scheme using hash-based message authentication codes and RSA signatures to allow users to verify the integrity of their cloud data, addressing problems of data integrity and security. It aims to reduce costs for clients with limited resources to check data integrity in the cloud.

Data Integrity proofs in cloud storage

Sameer Mohd

This document discusses cloud computing and proposes a scheme for proof of data integrity in the cloud. It begins by defining cloud computing and describing the infrastructure needed to run applications over the internet. It then discusses security issues with cloud storage, where users do not have control over remotely stored data. The proposed scheme generates encrypted metadata for files and allows users to verify integrity by challenging the data center to provide specific bits, proving the file was not illegally modified. The scheme is best suited for encrypted static files stored in the cloud.

Hasbe a hierarchical attribute based solution for flexible and scalable acces...

parry prabhu

The document proposes a Hierarchical Attribute-Set-Based Encryption (HASBE) scheme to provide scalable and flexible access control for outsourced data in cloud computing. HASBE extends Ciphertext-Policy Attribute-Set-Based Encryption with a hierarchical user structure for scalability. It also supports compound attributes for flexibility and fine-grained access control. HASBE employs multiple expiration times to more efficiently revoke users compared to existing schemes. The security of HASBE is formally proven based on CP-ABE security. The scheme is implemented and experiments show it efficiently and flexibly handles access control for outsourced cloud data.

This document summarizes a seminar on encrypted cloud storage. It discusses the need for cloud encryption due to security concerns about data privacy when using cloud providers. It recommends encrypting data stored in the cloud and keeping encryption keys controlled by the organization rather than the cloud provider. It also describes how user-oriented cloud storage solutions can provide local encryption of files that are synced with cloud services in a transparent way. Finally, it discusses how cloud security gateways aim to allow confidential use of software as a service applications in the cloud through encryption while potentially impacting some cloud features.

Cloud Computing PPT

Aakanksha Mane

Azure IoT Hub: what is it and why we select other solution (production projec...

Katherine Golovinova

Final year presentation

Abhishek Jain

This document outlines a project to develop and implement an access control mechanism for outsourced data on the cloud. The project has four modules: a supporting application, service development, encryption/decryption, and role-based access. It discusses key terms like access control, access control models, outsourced data, and cloud computing. The system works by allowing a data owner to encrypt and outsource data to the cloud, which then processes and forwards the data to authorized users based on an agreed access policy.

Multi-tenancy in Private Clouds

Patrick Nicolas

Data Security Essentials for Cloud Computing - JavaOne 2013

javagroup2006

This document discusses data security considerations and best practices for cloud computing. It covers cryptographic concepts like hashing, symmetric and asymmetric encryption, and digital signatures. It also discusses recent trends like using hardware security modules and encryption gateways to securely store keys and encrypt data before it reaches the cloud. The goal is to provide comprehensive data security while data is in transit to and stored in the cloud.

Keeping your Enterprise’s Big Data Secure by Owen O’Malley at Big Data Spain ...

Big Data Spain

JPJ1407 Expressive, Efficient, and Revocable Data Access Control for Multi-...

chennaijp

Data Governance and Management in Cloud pak nam

PT Datacomm Diangraha

An efficient certificateless encryption for data sharing on public cloud

Abhijeet Patil

This document summarizes a seminar presentation on an efficient certificate-less encryption for secure data sharing in public clouds. The presentation covers the introduction to cloud computing and encryption/decryption techniques. It discusses the scope of applying mediated certificate-less public key encryption to solve key escrow and revocation problems. The objective is to design an attribute-based encryption scheme that allows encrypted data access based on access policies. The presentation reviews existing algorithms and proposes a pairing-free certificate-less public key cryptography approach. It describes the system architecture and implementation details. The results show the proposed scheme improves efficiency and provides confidentiality of data and keys when using untrusted public clouds.

expressive, efficient, and revocable data access control for multi authority ...

swathi78

Analysis-of-Security-Algorithms-in-Cloud-Computing [Autosaved]

Mahmuda Rahman

This document analyzes security algorithms in cloud computing. It discusses challenges like security and privacy in cloud computing. It describes how data is stored and secured in the cloud, including issues like unauthorized access. It then explains existing security algorithms like AES and RSA. AES uses symmetric encryption with a variable key length and multiple rounds of transformations. RSA uses asymmetric encryption with a public/private key pair. The document proposes further developments in areas like multiple encryption and biometric security before concluding.

tcp cloud - Advanced Cloud Computing

MarketingArrowECS_CZ

Elastic at KPN

Elasticsearch

This document discusses KPN's use of Elastic to power their security operations center (SOC). KPN is a managed security services provider in the Netherlands with 400 employees that provides 24/7 SOC and security information and event management (SIEM) services. They were facing challenges with exponential data growth and security tool limitations. Elastic has helped KPN simplify data, gain better security visibility and analysis, and utilize resources efficiently. Future plans include multi-tenancy, data enrichment, anomaly detection, and an automated normalization layer to further scale Elastic.

Advanced Cryptography for Cloud Security

Neel Chakraborty

The document discusses advanced cryptographic techniques for securing cloud computing. It introduces fully homomorphic encryption and functional encryption. Fully homomorphic encryption allows computations to be performed on encrypted data and obtain encrypted results, providing privacy for cloud data and computations. Functional encryption allows decryption of ciphertexts using secret keys to reveal specific functions of the plaintext without other information. The document proposes constructing an efficient fully homomorphic encryption scheme based on learning with errors to enable encrypted computations in cloud computing.

ATTRIBUTE-BASED DATA SHARING SCHEME REVISITED IN CLOUD COMPUTING,bulk ieee pr...

Nexgen Technology

The Elastic Evolution of CenturyLink’s Network Management System

Elasticsearch

Advances in technology are enabling a data and information revolution, and managing the network that moves all that data requires the right technology stack. It’s all about finding the right data at the right time for CenturyLink, creators of one of the largest networks in the world. See how CenturyLink has evolved their Network Management System and how Elastic plays a big part in their evolving platform. Learn how they address issues like volume, variety, and velocity of data being generated by disparate network devices and how they are creating simple yet scalable solutions to find the right data at the right time.

Integrity for join queries

Papitha Velumani

Managing the Dewey Decimal System

DataWorks Summit

Test

RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage

Similar to RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage (20)

More from Prasadu Peddi

More from Prasadu Peddi (13)

Recently uploaded

Recently uploaded (20)

RAAC: Robust and Auditable Access Control with Multiple Attribute Authorities for Public Cloud Storage