The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud storage to address privacy issues when users request to share access to each other's authorized data fields.
The SAPA allows for shared access authority through an anonymous access request matching mechanism that considers authentication, data anonymity, user privacy, and forward security. It also uses attribute based access control for users to only access their own data fields and proxy re-encryption for temporary data sharing among users.
The protocol is designed to enhance user privacy during access requests by not revealing a user's interests or access desires, whether or not they receive access permissions. It aims to simultaneously provide data access control, shared access authority, and privacy preservation
Shared authority based privacy preserving authentication protocol in cloud co...Adz91 Digital Ads Pvt Ltd
This document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud storage. SAPA allows for anonymous access requests and attribute-based access control, while encrypting data to preserve privacy. It aims to address privacy issues when a user requests data sharing from other users and the cloud server, where the request itself could reveal private information. The protocol uses anonymous matching of access requests, encryption of data, and temporary authorized data sharing between users through proxy re-encryption. It is designed to simultaneously provide access control, sharing of access authority, and privacy preservation for collaborative cloud applications.
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud data storage. SAPA allows for authentication and authorization without compromising a user's private information. It addresses privacy issues during data sharing in cloud storage by implementing an anonymous access request matching mechanism and applying attribute-based access control with proxy re-encryption for temporary authorized data sharing between users. The proposed system provides advantages over existing systems by allowing data owners to control access and sharing privileges while preserving user privacy during authentication and authorization.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Oruta privacy preserving public auditing for shared data in the cloudNexgen Technology
Ecruitment Solutions (ECS) is one of the leading Delhi based Software Development & HR Consulting Firm, which is assessed at the level of ISO 9001:2008 standard. ECS offers an awesome project and product based solutions to many customers around the globe.
In addition, ECS has also widened its wings by the way consummating academic projects especially for the final year professional degree students in India. ECS consist of a technical team that has solved many IEEE papers and delivered world-class solutions .
Shared authority based privacy preserving authentication protocol in cloud co...Adz91 Digital Ads Pvt Ltd
This document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud storage. SAPA allows for anonymous access requests and attribute-based access control, while encrypting data to preserve privacy. It aims to address privacy issues when a user requests data sharing from other users and the cloud server, where the request itself could reveal private information. The protocol uses anonymous matching of access requests, encryption of data, and temporary authorized data sharing between users through proxy re-encryption. It is designed to simultaneously provide access control, sharing of access authority, and privacy preservation for collaborative cloud applications.
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud data storage. SAPA allows for authentication and authorization without compromising a user's private information. It addresses privacy issues during data sharing in cloud storage by implementing an anonymous access request matching mechanism and applying attribute-based access control with proxy re-encryption for temporary authorized data sharing between users. The proposed system provides advantages over existing systems by allowing data owners to control access and sharing privileges while preserving user privacy during authentication and authorization.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Oruta privacy preserving public auditing for shared data in the cloudNexgen Technology
Ecruitment Solutions (ECS) is one of the leading Delhi based Software Development & HR Consulting Firm, which is assessed at the level of ISO 9001:2008 standard. ECS offers an awesome project and product based solutions to many customers around the globe.
In addition, ECS has also widened its wings by the way consummating academic projects especially for the final year professional degree students in India. ECS consist of a technical team that has solved many IEEE papers and delivered world-class solutions .
A secure anti collusion data sharing scheme for dynamic groups in the cloud1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
A cloud storage system for sharing data securely with privacy preservation an...eSAT Journals
Abstract Cloud computing provides much-known services for storing user data over cloud server and it provides attention towards a broad set of technologies, rules and controls deployed to provide security for applications and data. As the more and more firm uses the cloud, security in cloud environment is becoming very important issue. It is much needed that companies should work with partners doing best practices of cloud security and which facilitate transparency for their solutions. Number of security solutions today depends on the authentication for security but it did not provide solution for the privacy problems while sharing data in the cloud environment. Data access request from the user itself may expose users’ private data no matter his request approved or not. So this becomes very important in sharing data in the cloud environment. In this paper we proposed a system which provides attention towards the above mentioned problem. In proposed system we used the concept of data anonymity for sending data access request to data owner and also provide the data auditing facility to detect fraud in the integrity of users shared data. Keywords: Cloud computing, privacy preservation, data integrity, data sharing, authentication
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. IJCERT JOURNAL
In cloud computing outsourcing group resource among cloud users is a major challenge, so cloud computing provides a low-cost and well-organized solution. Due to frequent change of membership, sharing data in a multi-owner manner to an untrusted cloud is still its challenging issue. In this paper we proposed a secure multi-owner data sharing scheme for dynamic group in public cloud. By providing AES encryption with convergent key while uploading the data, any cloud user can securely share data with others. Meanwhile, the storage overhead and encryption computation cost of the scheme are independent with the number of revoked users. In addition, I analyze the security of this scheme with rigorous proofs. One-Time Password is one of the easiest and most popular forms of authentication that can be used for securing access to accounts. One-Time Passwords are often referred to as secure and stronger forms of authentication in multi-owner manner. Extensive security and performance analysis shows that our proposed scheme is highly efficient and satisfies the security requirements for public cloud based secure group sharing.
A secure anti collusion data sharing scheme for dynamic groups in the cloudKamal Spring
Benefited from cloud computing, users can achieve an effective and economical approach for data sharing among group members in the cloud with the characters of low maintenance and little management cost. Meanwhile, we must provide security guarantees for the sharing data files since they are outsourced. Unfortunately, because of the frequent change of the membership, sharing data while providing privacy-preserving is still a challenging issue, especially for an untrusted cloud due to the collusion attack. Moreover, for existing schemes, the security of key distribution is based on the secure communication channel, however, to have such channel is a strong assumption and is difficult for practice. In this paper, we propose a secure data sharing scheme for dynamic members. Firstly, we propose a secure way for key distribution without any secure communication channels, and the users can securely obtain their private keys from group manager. Secondly, our scheme can achieve fine-grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud again after they are revoked. Thirdly, we can protect the scheme from collusion attack, which means that revoked users cannot get the original data file even if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we can achieve a secure user revocation scheme. Finally, our scheme can achieve fine efficiency, which means previous users need not to update their private keys for the situation either a new user joins in the group or a user is revoked from the group.
Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the CloudShruthi Suresh
The document discusses secure multi-owner data sharing for dynamic groups in clouds. It outlines Mona, a scheme that uses dynamic broadcast encryption for access control and group signatures for authentication. Mona allows efficient revocation without updating other users' keys and supports anonymity and traceability. The document compares Mona to other schemes and finds Mona addresses issues around identity privacy and revocation more effectively. Future work aims to make Mona more reliable and scalable by handling failures of the group manager.
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
This document proposes a Shared Authority based Privacy preserving Authentication protocol (SAPA) for handling privacy issues in cloud storage. SAPA achieves shared access authority through an anonymous access request matching mechanism. It applies attribute-based access control to allow users to reliably access their own data fields. It also uses proxy re-encryption to provide temporary authorized data sharing among multiple users. The goal is to preserve user privacy during data access and sharing in the cloud.
Oruta proposes the first privacy-preserving mechanism for public auditing of shared data stored in the cloud. It exploits ring signatures to compute verification information needed to audit integrity without revealing signer identity. The third party auditor can verify integrity of shared data without retrieving the entire file, while keeping private which user signed each block. Existing methods do not consider privacy for shared data or dynamic groups. Oruta aims to efficiently audit integrity for static groups while preserving identity privacy.
secure multi-owner data sharing for dynamic groupsSuchithra Balan
The document presents a secure data sharing scheme for dynamic groups in cloud computing. The scheme leverages group signature and dynamic broadcast encryption techniques to allow cloud users to anonymously share data with others in a group while preserving identity privacy from an untrusted cloud. It aims to securely support data sharing in dynamic groups where attributes are not fixed and multiple owners are possible. The scheme's storage overhead and encryption costs are independent of the number of revoked users.
Messages addressed to specific users can be decrypted by Key Generation Centre (KGC) by generating their private keys. Data owner wants the data to be delivered only to specified user and not to unauthorized person that is the data owner makes their private data accessible only to authorized person. We propose attribute based encryption and escrow problem which means written agreement delivered to a third party to overcome this problem. Attribute based Encryption (ABE) is a type of public-key encryption in which the private key of a user and the cipher text are dependent upon attributes. It is a promising cryptographic approach.
A secure-anti-collusion-data-sharing-scheme-for-dynamic-groups-in-the-cloudPvrtechnologies Nellore
This document proposes a secure data sharing scheme for dynamic groups in the cloud. It allows group members to securely access and share data files stored in the cloud. The scheme provides secure key distribution without requiring secure communication channels. It also enables fine-grained access control and prevents collusion attacks between revoked users and the cloud. When users join or leave the group, other users do not need to update their private keys. The scheme aims to address limitations of existing approaches that require updating file-block keys for revocations and have overhead linearly increasing with member/revocation changes.
Ensuring distributed accountability for data sharing in the cloudSathya Moorthy
The document proposes a Cloud Information Accountability (CIA) framework to provide end-to-end accountability for data sharing in the cloud. The CIA framework uses a decentralized logging mechanism coupled with the user's data to automatically log all access. It also includes distinct push and pull modes for auditing, where logs are periodically sent or can be retrieved by the user. The implementation involves major components of loggers that record access and a log harmonizer that allows user access to the logs.
Secure data sharing for dynamic groups in multi-owner using cloudSagar Dhanake
This document summarizes a seminar presentation on secure data sharing for dynamic groups in multi-owner cloud environments. The presentation covered cloud computing fundamentals and challenges with identity privacy. It proposed a system called MONA that allows any group member to securely store and share encrypted data files on an untrusted cloud. Key features of MONA include dynamic group management such that new users can access previous data, anonymous yet traceable access control, and efficient user revocation. The presentation discussed the system architecture, models, modules including registration, login and file sharing, relevant algorithms, applications, advantages, and future work concerning reliability.
Integrity Privacy to Public Auditing for Shared Data in Cloud ComputingIJERA Editor
In cloud computing, many mechanisms have been proposed to allow not only a data owner itself but also a public verifier to efficiently perform integrity checking without downloading the entire data from the cloud, which is referred to as public auditing . In these mechanisms, data is divided into many small blocks, where each block is independently signed by the owner; and a random combination of all the blocks instead of the whole data is retrieved during integrity checking .However, public auditing for such shared data— while preserving identity privacy — remains to be an open challenge. Here, we only consider how to audit the integrity of shared data in the cloud with static groups. It means the group is pre-defined before shared data is created in the cloud and the membership of users in the group is not changed during data sharing. The original user is responsible for deciding who is able to share her data before outsourcing data to the cloud. Another interesting problem is how to audit the integrity of shared data in the cloud with dynamic groups — a new user can be added into the group and an existing group member can be revoked during data sharing.
Oruta is a privacy-preserving public auditing mechanism for shared data in the cloud that:
1) Utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data without retrieving the entire data while keeping the identity of the signer private.
2) Extends the mechanism to support batch auditing, enabling the verification of multiple shared data simultaneously in a single auditing task.
3) Continues to use random masking to support data privacy during public auditing and leverages index hash tables to support fully dynamic operations on shared data.
Cloud computing is rapidly emerging due to the provisioning of elastic, flexible, and on demand storage and computing services for customers. The data is usually encrypted before storing to the cloud. The access control, key management, encryption, and decryption processes are handled by the customers to ensure data security. A single key shared between all group members will result in the access of past data to a newly joining member. The aforesaid situation violates the confidentiality and the principle of least privilege.
SMONA: Secure Multi Owner Data Sharing for Dynamic Groups in the Cloudijsrd.com
The data is stored in the cloud. Storing data should be risky. Cloud provider should be trustful because the data is confidentential. The Group manager keeps the record of group members. The key distribution is done to the group of each department. The Group members can access the stored data from cloud. The encryption-decryption technique is used to store the data. Any cloud user can anonymously share data with others by providing group signature and dynamic broadcast encryption techniques. When new member joined in the group, new granted users can directly decrypt data files uploaded without contacting with data owners. Proposing a new model for Sharing Secure Data in the Cloud for the Multiuser Group.
Achieving Secure, sclable and finegrained Cloud computing reportKiran Girase
cloud computing is also facing many challenges that, if not well resolved, may impede its fast growth. Data security, as it exists in many other applications, is among these challenges that would raise great concerns from users when they store sensitive information on cloud servers. These concerns originate from the fact that cloud servers are usually operated by commercial providers which are very likely to be outside of the trusted domain of the users. Data confidential against cloud servers is hence frequently desired when users outsource data for storage in the cloud.
Mona secure multi owner data sharing for dynamic groups in the cloudAvinash K S
1) The document proposes a secure multi-owner data sharing scheme called Mona for dynamic groups in the cloud. Mona allows any user in a group to anonymously share data with others using techniques like group signatures and dynamic broadcast encryption.
2) Mona supports efficient membership changes without updating secret keys. New users can decrypt pre-existing files and revoking users does not require updating keys of remaining users.
3) Mona provides privacy-preserving access control where users can anonymously access cloud resources while allowing identity tracing by the group manager when needed. It aims to achieve secure and flexible data sharing for dynamic groups in the cloud.
SURVEY ON DYNAMIC DATA SHARING IN PUBLIC CLOUD USING MULTI-AUTHORITY SYSTEMijiert bestjournal
The continuous development of cloud computing,seve ral trends are opening up to new forms of outsourci ng. Public data integrity auditing is not secure and efficient for shared dynamic data. In existing scheme figure out the collusion attack and provide an efficient public integrity au diting scheme,with the help of secure group user r evocation based on vector commitment and verifier�local revocation group signature. It provides secure and efficient s cheme which support public checking and efficient user revocati on. Problem of existing work they used TPA (Third p arty auditor) for key generation and key agreement. Use of TPA as central system if it fails then whole system gets failed. If we are working with cloud,user identity is major conc ern because user doesn�t want to reveal his persona l information to public. This concept not included in it. In this paper,based these con�s we proposed a dynamic dat a sharing in public cloud using multi-authority system. The prop osed scheme is able to protect user�s privacy again st each single authority. .
A secure anti collusion data sharing scheme for dynamic groups in the cloud1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
A cloud storage system for sharing data securely with privacy preservation an...eSAT Journals
Abstract Cloud computing provides much-known services for storing user data over cloud server and it provides attention towards a broad set of technologies, rules and controls deployed to provide security for applications and data. As the more and more firm uses the cloud, security in cloud environment is becoming very important issue. It is much needed that companies should work with partners doing best practices of cloud security and which facilitate transparency for their solutions. Number of security solutions today depends on the authentication for security but it did not provide solution for the privacy problems while sharing data in the cloud environment. Data access request from the user itself may expose users’ private data no matter his request approved or not. So this becomes very important in sharing data in the cloud environment. In this paper we proposed a system which provides attention towards the above mentioned problem. In proposed system we used the concept of data anonymity for sending data access request to data owner and also provide the data auditing facility to detect fraud in the integrity of users shared data. Keywords: Cloud computing, privacy preservation, data integrity, data sharing, authentication
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. IJCERT JOURNAL
In cloud computing outsourcing group resource among cloud users is a major challenge, so cloud computing provides a low-cost and well-organized solution. Due to frequent change of membership, sharing data in a multi-owner manner to an untrusted cloud is still its challenging issue. In this paper we proposed a secure multi-owner data sharing scheme for dynamic group in public cloud. By providing AES encryption with convergent key while uploading the data, any cloud user can securely share data with others. Meanwhile, the storage overhead and encryption computation cost of the scheme are independent with the number of revoked users. In addition, I analyze the security of this scheme with rigorous proofs. One-Time Password is one of the easiest and most popular forms of authentication that can be used for securing access to accounts. One-Time Passwords are often referred to as secure and stronger forms of authentication in multi-owner manner. Extensive security and performance analysis shows that our proposed scheme is highly efficient and satisfies the security requirements for public cloud based secure group sharing.
A secure anti collusion data sharing scheme for dynamic groups in the cloudKamal Spring
Benefited from cloud computing, users can achieve an effective and economical approach for data sharing among group members in the cloud with the characters of low maintenance and little management cost. Meanwhile, we must provide security guarantees for the sharing data files since they are outsourced. Unfortunately, because of the frequent change of the membership, sharing data while providing privacy-preserving is still a challenging issue, especially for an untrusted cloud due to the collusion attack. Moreover, for existing schemes, the security of key distribution is based on the secure communication channel, however, to have such channel is a strong assumption and is difficult for practice. In this paper, we propose a secure data sharing scheme for dynamic members. Firstly, we propose a secure way for key distribution without any secure communication channels, and the users can securely obtain their private keys from group manager. Secondly, our scheme can achieve fine-grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud again after they are revoked. Thirdly, we can protect the scheme from collusion attack, which means that revoked users cannot get the original data file even if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we can achieve a secure user revocation scheme. Finally, our scheme can achieve fine efficiency, which means previous users need not to update their private keys for the situation either a new user joins in the group or a user is revoked from the group.
Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the CloudShruthi Suresh
The document discusses secure multi-owner data sharing for dynamic groups in clouds. It outlines Mona, a scheme that uses dynamic broadcast encryption for access control and group signatures for authentication. Mona allows efficient revocation without updating other users' keys and supports anonymity and traceability. The document compares Mona to other schemes and finds Mona addresses issues around identity privacy and revocation more effectively. Future work aims to make Mona more reliable and scalable by handling failures of the group manager.
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
This document proposes a Shared Authority based Privacy preserving Authentication protocol (SAPA) for handling privacy issues in cloud storage. SAPA achieves shared access authority through an anonymous access request matching mechanism. It applies attribute-based access control to allow users to reliably access their own data fields. It also uses proxy re-encryption to provide temporary authorized data sharing among multiple users. The goal is to preserve user privacy during data access and sharing in the cloud.
Oruta proposes the first privacy-preserving mechanism for public auditing of shared data stored in the cloud. It exploits ring signatures to compute verification information needed to audit integrity without revealing signer identity. The third party auditor can verify integrity of shared data without retrieving the entire file, while keeping private which user signed each block. Existing methods do not consider privacy for shared data or dynamic groups. Oruta aims to efficiently audit integrity for static groups while preserving identity privacy.
secure multi-owner data sharing for dynamic groupsSuchithra Balan
The document presents a secure data sharing scheme for dynamic groups in cloud computing. The scheme leverages group signature and dynamic broadcast encryption techniques to allow cloud users to anonymously share data with others in a group while preserving identity privacy from an untrusted cloud. It aims to securely support data sharing in dynamic groups where attributes are not fixed and multiple owners are possible. The scheme's storage overhead and encryption costs are independent of the number of revoked users.
Messages addressed to specific users can be decrypted by Key Generation Centre (KGC) by generating their private keys. Data owner wants the data to be delivered only to specified user and not to unauthorized person that is the data owner makes their private data accessible only to authorized person. We propose attribute based encryption and escrow problem which means written agreement delivered to a third party to overcome this problem. Attribute based Encryption (ABE) is a type of public-key encryption in which the private key of a user and the cipher text are dependent upon attributes. It is a promising cryptographic approach.
A secure-anti-collusion-data-sharing-scheme-for-dynamic-groups-in-the-cloudPvrtechnologies Nellore
This document proposes a secure data sharing scheme for dynamic groups in the cloud. It allows group members to securely access and share data files stored in the cloud. The scheme provides secure key distribution without requiring secure communication channels. It also enables fine-grained access control and prevents collusion attacks between revoked users and the cloud. When users join or leave the group, other users do not need to update their private keys. The scheme aims to address limitations of existing approaches that require updating file-block keys for revocations and have overhead linearly increasing with member/revocation changes.
Ensuring distributed accountability for data sharing in the cloudSathya Moorthy
The document proposes a Cloud Information Accountability (CIA) framework to provide end-to-end accountability for data sharing in the cloud. The CIA framework uses a decentralized logging mechanism coupled with the user's data to automatically log all access. It also includes distinct push and pull modes for auditing, where logs are periodically sent or can be retrieved by the user. The implementation involves major components of loggers that record access and a log harmonizer that allows user access to the logs.
Secure data sharing for dynamic groups in multi-owner using cloudSagar Dhanake
This document summarizes a seminar presentation on secure data sharing for dynamic groups in multi-owner cloud environments. The presentation covered cloud computing fundamentals and challenges with identity privacy. It proposed a system called MONA that allows any group member to securely store and share encrypted data files on an untrusted cloud. Key features of MONA include dynamic group management such that new users can access previous data, anonymous yet traceable access control, and efficient user revocation. The presentation discussed the system architecture, models, modules including registration, login and file sharing, relevant algorithms, applications, advantages, and future work concerning reliability.
Integrity Privacy to Public Auditing for Shared Data in Cloud ComputingIJERA Editor
In cloud computing, many mechanisms have been proposed to allow not only a data owner itself but also a public verifier to efficiently perform integrity checking without downloading the entire data from the cloud, which is referred to as public auditing . In these mechanisms, data is divided into many small blocks, where each block is independently signed by the owner; and a random combination of all the blocks instead of the whole data is retrieved during integrity checking .However, public auditing for such shared data— while preserving identity privacy — remains to be an open challenge. Here, we only consider how to audit the integrity of shared data in the cloud with static groups. It means the group is pre-defined before shared data is created in the cloud and the membership of users in the group is not changed during data sharing. The original user is responsible for deciding who is able to share her data before outsourcing data to the cloud. Another interesting problem is how to audit the integrity of shared data in the cloud with dynamic groups — a new user can be added into the group and an existing group member can be revoked during data sharing.
Oruta is a privacy-preserving public auditing mechanism for shared data in the cloud that:
1) Utilizes ring signatures to construct homomorphic authenticators, allowing a third party auditor to verify the integrity of shared data without retrieving the entire data while keeping the identity of the signer private.
2) Extends the mechanism to support batch auditing, enabling the verification of multiple shared data simultaneously in a single auditing task.
3) Continues to use random masking to support data privacy during public auditing and leverages index hash tables to support fully dynamic operations on shared data.
Cloud computing is rapidly emerging due to the provisioning of elastic, flexible, and on demand storage and computing services for customers. The data is usually encrypted before storing to the cloud. The access control, key management, encryption, and decryption processes are handled by the customers to ensure data security. A single key shared between all group members will result in the access of past data to a newly joining member. The aforesaid situation violates the confidentiality and the principle of least privilege.
SMONA: Secure Multi Owner Data Sharing for Dynamic Groups in the Cloudijsrd.com
The data is stored in the cloud. Storing data should be risky. Cloud provider should be trustful because the data is confidentential. The Group manager keeps the record of group members. The key distribution is done to the group of each department. The Group members can access the stored data from cloud. The encryption-decryption technique is used to store the data. Any cloud user can anonymously share data with others by providing group signature and dynamic broadcast encryption techniques. When new member joined in the group, new granted users can directly decrypt data files uploaded without contacting with data owners. Proposing a new model for Sharing Secure Data in the Cloud for the Multiuser Group.
Achieving Secure, sclable and finegrained Cloud computing reportKiran Girase
cloud computing is also facing many challenges that, if not well resolved, may impede its fast growth. Data security, as it exists in many other applications, is among these challenges that would raise great concerns from users when they store sensitive information on cloud servers. These concerns originate from the fact that cloud servers are usually operated by commercial providers which are very likely to be outside of the trusted domain of the users. Data confidential against cloud servers is hence frequently desired when users outsource data for storage in the cloud.
Mona secure multi owner data sharing for dynamic groups in the cloudAvinash K S
1) The document proposes a secure multi-owner data sharing scheme called Mona for dynamic groups in the cloud. Mona allows any user in a group to anonymously share data with others using techniques like group signatures and dynamic broadcast encryption.
2) Mona supports efficient membership changes without updating secret keys. New users can decrypt pre-existing files and revoking users does not require updating keys of remaining users.
3) Mona provides privacy-preserving access control where users can anonymously access cloud resources while allowing identity tracing by the group manager when needed. It aims to achieve secure and flexible data sharing for dynamic groups in the cloud.
SURVEY ON DYNAMIC DATA SHARING IN PUBLIC CLOUD USING MULTI-AUTHORITY SYSTEMijiert bestjournal
The continuous development of cloud computing,seve ral trends are opening up to new forms of outsourci ng. Public data integrity auditing is not secure and efficient for shared dynamic data. In existing scheme figure out the collusion attack and provide an efficient public integrity au diting scheme,with the help of secure group user r evocation based on vector commitment and verifier�local revocation group signature. It provides secure and efficient s cheme which support public checking and efficient user revocati on. Problem of existing work they used TPA (Third p arty auditor) for key generation and key agreement. Use of TPA as central system if it fails then whole system gets failed. If we are working with cloud,user identity is major conc ern because user doesn�t want to reveal his persona l information to public. This concept not included in it. In this paper,based these con�s we proposed a dynamic dat a sharing in public cloud using multi-authority system. The prop osed scheme is able to protect user�s privacy again st each single authority. .
This document summarizes a proposed system for providing data security and accountability in cloud computing. It discusses the existing issues around lack of security and accountability when data is stored in the cloud. The proposed system aims to address these issues through the use of technologies like OTP verification for user registration, encryption and fragmentation of user data, and monitoring of data and system activities by a Third Party Auditor. The system is designed with modules for data security, accountability, and integrity verification. It outlines the architecture including user registration and authentication, file uploading and downloading processes, and generation of alerts if any security issues are detected during internal monitoring.
Secure Data Sharing In an Untrusted CloudIJERA Editor
Cloud computing is a huge area which basically provides many services on the basis of pay as you go. One of the fundamental services provided by cloud is data storage. Cloud provides cost efficiency and an efficient solution for sharing resource among cloud users. A secure and efficient data sharing scheme for groups in cloud is not an easy task. On one hand customers are not ready to share their identity but on other hand want to enjoy the cost efficiency provided by the cloud. It needs to provide identity privacy, multiple owner and dynamic data sharing without getting effected by the number of cloud users revoked. In this paper, any member of a group can completely enjoy the data storing and sharing services by the cloud. A secure data sharing scheme for dynamic cloud users is proposed in this paper. For which it uses group signature and dynamic broadcast encryption techniques such that any user in a group can share the information in a secured manner. Additionally the permission option is proposed for the security reasons. This means the file access permissions are generated by the admin and given to the user using Role Based Access Control (RBA) algorithm. The file access permissions are read, write and delete. In this, owner can provide files with options and accepts the users using that option. The revocation of cloud user is a function generated by the Admin for security purpose. The encryption computational cost and storage overhead is not dependent on the number of users revoked. We analyze the security by proofs and produce the cloud efficiency report using cloudsim.
Preserving Privacy Policy- Preserving public auditing for data in the cloudinventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
Security Check in Cloud Computing through Third Party Auditorijsrd.com
In cloud computing, data owners crowd their data on cloud servers and users (data consumers) can access the data from cloud servers. Due to the data outsourcing, however, it requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity checking method scan only serve for static records data. Thus, cannot be used in the auditing service since the data in the cloud can be animatedly updated. Thus, an efficient and secure dynamic auditing protocol is required to convince data owners that the data are correctly stored in the cloud. In this paper, we first design an auditing framework for cloud storage systems for privacy-preserving auditing protocol. Then, we extend our auditing protocol to support the data dynamic operations, which is efficient to secure the random model.
In an organization specifically as virtual as cloud there is need for access control systems to constrain
users direct or backhanded action that could lead to breach of security. In cloud, apart from owner access
to confidential data the third party auditing and accounting is done which could stir up further data leaks.
To control such data leaks and integrity, in past several security policies based on role, identity and user
attributes were proposed and found ineffective since they depend on static policies which do not monitor
data access and its origin. Provenance on the other hand tracks data usage and its origin which proves the
authenticity of data. To employ provenance in a real time system like cloud, the service provider needs to
store metadata on the subject of data alteration which is universally called as the Provenance Information.
This paper presents a provenance-policy based access control model which is designed and integrated with
the system that not only makes data auditable but also incorporates accountability for data alteration
events.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Access Control and Revocation for Digital Assets on Cloud with Consideration ...IJERA Editor
In cloud computing applications, users’ data and applications are hosted by cloud providers. With internet and cloud availability increasing numbers of people are storing their content on cloud. Also with presence of social networking, contents stored on cloud are also shared. This requires more security for the contents on cloud. Traditional security solution address only encryption, decryption of data on cloud and its access control , but with this new trend of sharing, the scope of security becomes even higher. In this paper we propose a solution of integrated access control for contents shared on cloud and its efficient revocation.
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
This document summarizes a research paper that proposes a new password management system called Security Blanket Algorithm. The system uses strong encryption to securely store user logins, passwords, credit cards and other sensitive information in the cloud or locally on a device. When adding a new device, the system implements two-factor authentication for security. All data and communications are encrypted using AES-256. The system aims to provide secure password management while hiding encryption keys and passwords from cloud servers or third parties.
A Novel privacy preserving public auditing for shared data in cloudJAVVAJI VENKATA RAO
Here are the key UML diagrams for the proposed system:
Use Case Diagram:
Actors: User, Cloud Server, Attribute Authority
User can register, upload files to cloud server, download files, revoke access
Cloud Server stores and manages files
Attribute Authority issues/revokes access tokens
Class Diagram:
Key classes:
User - contains user credentials and attributes
File - contains file metadata like name, size, encryption key
AccessToken - provides read/write permissions to a file
Sequence Diagram:
Shows interaction between objects during key processes:
1. File upload - User uploads file to Cloud Server, which encrypts and stores it
2. File download - User requests file
The document proposes a decentralized access control and anonymous authentication scheme for secure data storage in clouds. The scheme allows users to store and modify data in the cloud while remaining anonymous. Only authorized users with valid attributes can access the stored data. The scheme is decentralized, with multiple key distribution centers managing user attributes and keys. It also addresses user revocation and is resilient to replay attacks from revoked users.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts. It also displays fake information if login is unsuccessful to avoid further intrusion attempts. Common security methods for user data protection include encryption before storage, user authentication, and secure transmission channels. Cloud computing provides on-demand access to computing resources over the Internet and allows users to access services without knowledge of the infrastructure.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts and displaying fake information for unsuccessful login attempts to avoid further trials. It also provides background on cloud computing and common security methods like encryption, authentication, and secure channels. The introduction describes the proposed system's process of requesting access to protected data, authenticating the user, and conditionally providing a fake database in the case of hacking attempts.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
1) The document proposes a system model for secure data sharing in cloud environments using cryptography.
2) It aims to provide data confidentiality, access control of shared data, remove the burden of key management and file encryption/decryption for users, and support dynamic changes to user membership without requiring the data owner to always be online.
3) The proposed system addresses common challenges with secure data sharing in cloud computing like data security, access control, key management, and user revocation and rejoining.
Anonymous Key Based Secure File Encryption in CloudIRJET Journal
This document proposes a new system for secure file encryption and sharing in the cloud. It aims to address security issues with sharing data in social media. The key aspects of the proposed system are:
1. It creates separate databases for individual users and a local server to securely store user keys for encryption/decryption.
2. Files are encrypted using triple DES before being stored in the cloud to prevent unauthorized access.
3. A user can share files with others by providing encryption keys through the local server.
4. When a file is shared, a temporary server decrypts and re-encrypts the file with the recipient's key for added security.
The system aims to improve data security when
Similar to Shared authority based privacy preserving authentication protocol in cloud computing (20)
This document proposes a reduced latency list decoding algorithm and high throughput decoder architecture for polar codes. The reduced latency list decoding algorithm visits fewer nodes in the decoding tree and considers fewer possibilities of information bits than existing successive cancellation list decoding algorithms, significantly reducing decoding latency and improving throughput with little performance degradation. An implementation of the proposed decoder architecture in a 90nm CMOS technology demonstrates significant latency reduction and area efficiency improvement compared to other list polar decoders.
A researcher developed a radix-8 divider for binary64 division units to improve energy efficiency at high clock rates. Simulation results showed the radix-8 divider requires less energy per division than radix-4 or radix-16 approaches. The researcher used Xilinx 10.1 and ModelSim 6.4b tools and VHDL/Verilog languages to develop and test the minimally redundant radix-8 divider.
Hybrid FPGA architectures containing a mixture of lookup tables (LUTs) and hardened multiplexers are evaluated to improve logic density and reduce chip area. Simulation results show that non-fracturable hybrid architectures naturally save up to 8% area after placement and routing without optimizing the technology mapper, and additional area is saved with architecture-aware mapping optimizations. Fracturable hybrid architectures only provide marginal area gains of up to 2% after placement and routing. For the most area-efficient hybrid architectures, timing performance is minimally impacted.
Input-Based Dynamic Reconfiguration of Approximate Arithmetic Units for Video...Pvrtechnologies Nellore
This document proposes a reconfigurable approximate architecture for MPEG encoders that optimizes power consumption while maintaining a particular Peak Signal-to-Noise Ratio threshold for any input video. It designs reconfigurable adder/subtractor blocks that can modulate their degree of approximation, and integrates them into the motion estimation and discrete cosine transform modules of the MPEG encoder. Experimental results show the approach dynamically adjusts the degree of hardware approximation based on the input video to respect the given quality bound across different videos while achieving up to a 38% power saving over a conventional non-approximated MPEG encoder architecture.
This document lists 69 MATLAB projects related to various domains including image processing, biometrics, medical image processing, computer vision, and more. It provides the project titles, domains or sub-domains, programming languages and years. It also lists the support that will be provided to registered students including the IEEE base paper, documentation, source code, execution help, and publication support. The projects involve techniques such as image segmentation, super resolution, steganography, action recognition, and license plate detection. Support includes documentation templates, software installation guides, and assistance with conferences or journal publications.
This document lists 50 VLSI projects from 2016-2017 across various domains such as low power, high speed data transmission, area efficient/timing and delay reduction, audio/video processing, networking, verification, and Tanner/Microwind. The projects cover a range of topics including ECG acquisition systems, modular multiplication, adaptive radios, arrhythmia prediction, electrical capacitance tomography, approximate computing using memoization, FFT processors, error correction coding, carry skip adders, dynamic voltage and frequency scaling, code compression, turbo decoding, variable digital filters, parallel FFTs, MIMO communications, timing error correction, LU decomposition, FPGA logic architectures, LDPC decoding, minimum energy systems, elliptic curve multiplication, NB
This document lists 97 potential final year projects for students in various domains including embedded systems, Internet of Things, robotics, ZigBee, GSM and GPS, consumer electronics, automation, and more. It provides contact information for the project coordinator and describes the domain and programming language/year for each potential project. Students who register will receive support including an IEEE base paper, documentation, source code, and assistance with publication.
This document describes a high-speed FPGA implementation of an elliptic curve cryptography processor based on redundant signed digit representation. The processor employs pipelining techniques to achieve high throughput for Karatsuba–Ofman multiplication. It also includes an efficient modular adder without comparison and a high throughput modular divider to maximize frequency. The processor supports the NIST P256 curve and performs single-point multiplication in 2.26 ms at a maximum frequency of 160 MHz on a Xilinx Virtex 5 FPGA.
Retiming of digital circuits is conventionally based on the estimates of propagation delays across different paths in the data-flow graphs (DFGs) obtained by discrete component
timing model, which implicitly assumes that operation of a node can begin only after the completion of the operation(s) of its preceding node(s) to obey the data dependence requirement. Such a discrete component timing model very often gives much higher
estimates of the propagation delays than the actuals particularly when the computations in the DFG nodes correspond to fixed point arithmetic operations like additions and multiplications
Pre encoded multipliers based on non-redundant radix-4 signed-digit encodingPvrtechnologies Nellore
This paper introduces an architecture for pre-encoded multipliers used in digital signal processing based on offline encoding of coefficients using a non-redundant radix-4 signed-digit encoding technique. Experimental analysis shows the proposed multipliers using this encoding technique, along with a coefficients memory, are more efficient in terms of area and power compared to conventional Modified Booth encoding schemes.
Quality of-protection-driven data forwarding for intermittently connected wir...Pvrtechnologies Nellore
The document proposes a quality-of-protection (QoP)-driven data forwarding strategy for intermittent wireless networks. The existing system relies on collaborative data delivery, but non-cooperative behavior impairs network QoP and user quality of experience (QoE). The proposed system evaluates process-based and relationship-based credibility of nodes in a distributed manner using locally recorded forwarding behavior information. An intrusion detection mechanism helps select reliable relay nodes for transmission, improving QoP, QoE, reducing network load, and enhancing resource utilization. Numerical results show the proposed approach provides reliable data transmission with high QoP and improved user QoE.
The document provides information about an IT services company called Coalesce Technologies. It discusses Coalesce's services, commitment to client satisfaction, growing network, and customized solutions. It also describes the library management system project, including the problems with existing systems, proposed new system features, and UML diagrams for modeling the system. Key aspects of the proposed system include automating transactions, providing a simple GUI, efficient database updating, and restricting administrative access for security.
The document discusses an e-voting system project that aims to provide a secure and user-friendly online voting system. It outlines the existing paper-based voting system and proposes an online voting system where voters can cast their votes from anywhere in India through a database that stores voter information and votes. The proposed system is designed to accurately record and retrieve voter information and votes in a planned, reliable, and redundant manner. It requires hardware like a PC and Windows OS along with Java programming language to develop the online voting software.
PVR Technology lists 26 new web-based projects including an airline automation system, attendance management system, automated college admission system, clustering datasets using machine learning algorithms, corporate transportation system, courier information system, e-voting system, e-complaints system in PHP, e-learning system in PHP, exam result application, hairstylesalon system, inventory management system, library management system, medical reference system, online placement and training system, online admission system, online bank system, vehicle investigation system, resource management system in PHP, online vegetables purchase system, online shopping for gadgets system, online seat booking system, online requitment system, online quiz system, online placement and training cell system, online movie ticket system,
The document proposes a new medium access control (MAC) protocol called PoCMAC that uses distributed power control to manage interference in full-duplex WiFi networks. PoCMAC allows simultaneous uplink and downlink transmissions between an access point and half-duplex clients. It identifies regimes where power control provides throughput gains and develops a full 802.11-based protocol for distributed selection of three-node topologies. Simulations and software-defined radio experiments show PoCMAC achieves higher capacity and throughput compared to half-duplex networks, while maintaining similar fairness.
This document contains information about PVR Technology, including their head office location, website, email, and phone number. It then lists 20 project titles related to power electronics and renewable energy systems. The projects cover topics like power quality improvement, single-stage converters, grid-connected inverters, maximum power point tracking, stand-alone energy sources, power factor correction, resonant inverters, DC-DC converters, AC-DC converters, filters, and induction heating applications.
Control cloud-data-access-privilege-and-anonymity-with-fully-anonymous-attrib...Pvrtechnologies Nellore
This document proposes a scheme called AnonyControl to address privacy concerns with cloud data access. It aims to control access privileges while preserving user identity privacy. AnonyControl decentralizes the central authority across multiple attribute authorities to limit identity leakage and achieve semi-anonymity. It also generalizes file access control to privilege control to manage cloud data operations in a fine-grained way. The document describes existing access control schemes, disadvantages related to identity privacy, and how AnonyControl improves on previous work by protecting user identities through attribute distribution across authorities.
Control cloud data access privilege and anonymity with fully anonymous attrib...Pvrtechnologies Nellore
This document proposes two schemes, AnonyControl and AnonyControl-F, to address privacy issues in existing access control schemes for cloud storage. AnonyControl decentralizes the central authority to limit identity leakage and achieve semi-anonymity. It also generalizes file access control to privilege control. AnonyControl-F fully prevents identity leakage and achieves full anonymity. The schemes use attribute-based encryption and a multi-authority system to securely control user access privileges without revealing identity information. Security analysis shows the schemes are secure under certain cryptographic assumptions.
The document proposes CloudKeyBank, a key management framework that addresses the confidentiality, search privacy, and owner authorization of outsourced encryption keys. It does so using a new cryptographic primitive called Searchable Conditional Proxy Re-Encryption (SC-PRE) that combines Hidden Vector Encryption and Proxy Re-Encryption. The framework allows key owners to encrypt keys for outsourcing while maintaining privacy and granting controlled authorization. It aims to solve security issues not addressed by traditional outsourced data solutions.
Circuit ciphertext policy attribute-based hybrid encryption with verifiablePvrtechnologies Nellore
The document proposes a scheme for circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. It aims to ensure data confidentiality, fine-grained access control, and verifiability of delegated computation results. The scheme uses a combination of ciphertext-policy attribute-based encryption, symmetric encryption, and verifiable computation. It is proven secure based on computational assumptions and simulations show it is practical for cloud computing applications.
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMHODECEDSIET
Time Division Multiplexing (TDM) is a method of transmitting multiple signals over a single communication channel by dividing the signal into many segments, each having a very short duration of time. These time slots are then allocated to different data streams, allowing multiple signals to share the same transmission medium efficiently. TDM is widely used in telecommunications and data communication systems.
### How TDM Works
1. **Time Slots Allocation**: The core principle of TDM is to assign distinct time slots to each signal. During each time slot, the respective signal is transmitted, and then the process repeats cyclically. For example, if there are four signals to be transmitted, the TDM cycle will divide time into four slots, each assigned to one signal.
2. **Synchronization**: Synchronization is crucial in TDM systems to ensure that the signals are correctly aligned with their respective time slots. Both the transmitter and receiver must be synchronized to avoid any overlap or loss of data. This synchronization is typically maintained by a clock signal that ensures time slots are accurately aligned.
3. **Frame Structure**: TDM data is organized into frames, where each frame consists of a set of time slots. Each frame is repeated at regular intervals, ensuring continuous transmission of data streams. The frame structure helps in managing the data streams and maintaining the synchronization between the transmitter and receiver.
4. **Multiplexer and Demultiplexer**: At the transmitting end, a multiplexer combines multiple input signals into a single composite signal by assigning each signal to a specific time slot. At the receiving end, a demultiplexer separates the composite signal back into individual signals based on their respective time slots.
### Types of TDM
1. **Synchronous TDM**: In synchronous TDM, time slots are pre-assigned to each signal, regardless of whether the signal has data to transmit or not. This can lead to inefficiencies if some time slots remain empty due to the absence of data.
2. **Asynchronous TDM (or Statistical TDM)**: Asynchronous TDM addresses the inefficiencies of synchronous TDM by allocating time slots dynamically based on the presence of data. Time slots are assigned only when there is data to transmit, which optimizes the use of the communication channel.
### Applications of TDM
- **Telecommunications**: TDM is extensively used in telecommunication systems, such as in T1 and E1 lines, where multiple telephone calls are transmitted over a single line by assigning each call to a specific time slot.
- **Digital Audio and Video Broadcasting**: TDM is used in broadcasting systems to transmit multiple audio or video streams over a single channel, ensuring efficient use of bandwidth.
- **Computer Networks**: TDM is used in network protocols and systems to manage the transmission of data from multiple sources over a single network medium.
### Advantages of TDM
- **Efficient Use of Bandwidth**: TDM all
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELgerogepatton
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Sinan KOZAK
Sinan from the Delivery Hero mobile infrastructure engineering team shares a deep dive into performance acceleration with Gradle build cache optimizations. Sinan shares their journey into solving complex build-cache problems that affect Gradle builds. By understanding the challenges and solutions found in our journey, we aim to demonstrate the possibilities for faster builds. The case study reveals how overlapping outputs and cache misconfigurations led to significant increases in build times, especially as the project scaled up with numerous modules using Paparazzi tests. The journey from diagnosing to defeating cache issues offers invaluable lessons on maintaining cache integrity without sacrificing functionality.
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesChristina Lin
Traditionally, dealing with real-time data pipelines has involved significant overhead, even for straightforward tasks like data transformation or masking. However, in this talk, we’ll venture into the dynamic realm of WebAssembly (WASM) and discover how it can revolutionize the creation of stateless streaming pipelines within a Kafka (Redpanda) broker. These pipelines are adept at managing low-latency, high-data-volume scenarios.
Shared authority based privacy preserving authentication protocol in cloud computing
1. Shared Authority Based Privacy-Preserving
Authentication Protocol in Cloud Computing
Hong Liu, Student Member, IEEE, Huansheng Ning, Senior Member, IEEE,
Qingxu Xiong, Member, IEEE, and Laurence T. Yang, Member, IEEE
Abstract—Cloud computing is an emerging data interactive paradigm to realize users’ data remotely stored in an online cloud
server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the
local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data
sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to
realize that a user’s privative data cannot be illegally accessed, but neglect a subtle privacy issue during a user challenging the
cloud server to request other users for data sharing. The challenged access request itself may reveal the user’s privacy no matter
whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving
authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is
achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data
anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access
its own data fields; 3) proxy re-encryption is applied to provide data sharing among the multiple users. Meanwhile, universal
composability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the
proposed protocol is attractive for multi-user collaborative cloud applications.
Index Terms—Cloud computing, authentication protocol, privacy preservation, shared authority, universal composability
Ç
1 INTRODUCTION
CLOUD computing is a promising information technol-
ogy architecture for both enterprises and individuals. It
launches an attractive data storage and interactive para-
digm with obvious advantages, including on-demand self-
services, ubiquitous network access, and location indepen-
dent resource pooling [1]. Towards the cloud computing, a
typical service architecture is anything as a service (XaaS),
in which infrastructures, platform, software, and others are
applied for ubiquitous interconnections. Recent studies
have been worked to promote the cloud computing evolve
towards the internet of services [2], [3]. Subsequently, secu-
rity and privacy issues are becoming key concerns with the
increasing popularity of cloud services. Conventional secu-
rity approaches mainly focus on the strong authentication
to realize that a user can remotely access its own data in on-
demand mode. Along with the diversity of the application
requirements, users may want to access and share each oth-
er’s authorized data fields to achieve productive benefits,
which brings new security and privacy challenges for the
cloud storage.
An example is introduced to identify the main motiva-
tion. In the cloud storage based supply chain management,
there are various interest groups (e.g., supplier, carrier, and
retailer) in the system. Each group owns its users which are
permitted to access the authorized data fields, and different
users own relatively independent access authorities. It
means that any two users from diverse groups should
access different data fields of the same file. Thereinto, a sup-
plier may want to access a carrier’s data fields, but it is not
sure whether the carrier will allow its access request. If the
carrier refuses its request, the supplier’s access desire will
be revealed along with nothing obtained towards the
desired data fields. Actually, the supplier may not send the
access request or withdraw the unaccepted request in
advance if it firmly knows that its request will be refused by
the carrier. It is unreasonable to thoroughly disclose the
supplier’s private information without any privacy consid-
erations. Fig. 1 illustrates three revised cases to address
above imperceptible privacy issue.
Case 1. The carrier also wants to access the supplier’s
data fields, and the cloud server should inform each
other and transmit the shared access authority to the
both users;
Case 2. The carrier has no interest on other users’
data fields, therefore its authorized data fields
should be properly protected, meanwhile the suppli-
er’s access request will also be concealed;
Case 3. The carrier may want to access the retailer’s
data fields, but it is not certain whether the retailer
will accept its request or not. The retailer’s autho-
rized data fields should not be public if the retailer
H. Liu and Q. Xiong are with the School of Electronic and Information
Engineering, Beihang University, Beijing, China.
E-mail: liuhongler@ee.buaa.edu.cn, qxxiong@buaa.edu.cn.
H. Ning is with the School of Computer and Communication Engineering,
University of Science and Technology Beijing, Beijing, China, and the
School of Electronic and Information Engineering, Beihang University,
Beijing, China. E-mail: ninghuansheng@ustb.edu.cn.
L.T. Yang is with the School of Computer Science and Technology,
Huazhong University of Science and Technology, Wuhan, Hubei, China,
and the Department of Computer Science, St. Francis Xavier University,
Antigonish, NS, Canada. E-mail: ltyang@stfx.ca.
Manuscript received 3 Nov. 2013; revised 23 Dec. 2013; accepted 30 Dec.
2013. Date of publication 24 Feb. 2014; date of current version 5 Dec. 2014.
Recommended for acceptance by J. Chen.
For information on obtaining reprints of this article, please send e-mail to:
reprints@ieee.org, and reference the Digital Object Identifier below.
Digital Object Identifier no. 10.1109/TPDS.2014.2308218
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 26, NO. 1, JANUARY 2015 241
1045-9219 ß 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
2. has no interests in the carrier’s data fields, and the
carrier’s request is also privately hidden.
Towards above three cases, security protection and privacy
preservation are both considered without revealing sensitive
access desire related information.
In the cloud environments, a reasonable security protocol
should achieve the following requirements. 1) Authentica-
tion: a legal user can access its own data fields, only the
authorized partial or entire data fields can be identified by
the legal user, and any forged or tampered data fields can-
not deceive the legal user. 2) Data anonymity: any irrelevant
entity cannot recognize the exchanged data and communi-
cation state even it intercepts the exchanged messages via
an open channel. 3) User privacy: any irrelevant entity can-
not know or guess a user’s access desire, which represents a
user’s interest in another user’s authorized data fields. If
and only if the both users have mutual interests in each oth-
er’s authorized data fields, the cloud server will inform the
two users to realize the access permission sharing. 4) For-
ward security: any adversary cannot correlate two communi-
cation sessions to derive the prior interrogations according
to the currently captured messages.
Researches have been worked to strengthen security pro-
tection and privacy preservation in cloud applications, and
there are various cryptographic algorithms to address
potential security and privacy problems, including security
architectures [4], [5], data possession protocols [6], [7], data
public auditing protocols [8], [9], [10], secure data storage
and data sharing protocols [11], [12], [13], [14], [15], [16],
access control mechanisms [17], [18], [19], privacy preserv-
ing protocols [20], [21], [22], [23], and key management [24],
[25], [26], [27]. However, most previous researches focus on
the authentication to realize that only a legal user can access
its authorized data, which ignores that different users may
want to access and share each other’s authorized data fields
to achieve productive benefits. When a user challenges the
cloud server to request other users for data sharing, the
access request itself may reveal the user’s privacy no matter
whether or not it can obtain the data access permissions. In
this work, we aim to address a user’s sensitive access desire
related privacy during data sharing in the cloud environ-
ments, and it is significant to design a humanistic security
scheme to simultaneously achieve data access control,
access authority sharing, and privacy preservation.
In this paper, we address the aforementioned privacy
issue to propose a shared authority based privacy-preserving
authentication protocol (SAPA) for the cloud data storage,
which realizes authentication and authorization without
compromising a user’s private information. The main contri-
butions are as follows.
1) Identify a new privacy challenge in cloud storage,
and address a subtle privacy issue during a user
challenging the cloud server for data sharing, in
which the challenged request itself cannot reveal the
user’s privacy no matter whether or not it can obtain
the access authority.
2) Propose an authentication protocol to enhance a
user’s access request related privacy, and the shared
access authority is achieved by anonymous access
request matching mechanism.
3) Apply ciphertext-policy attribute based access con-
trol to realize that a user can reliably access its own
data fields, and adopt the proxy re-encryption to
provide temp authorized data sharing among multi-
ple users.
The remainder of the paper is organized as follows.
Section 2 introduces related works. Section 3 introduces the
system model, and Section 4 presents the proposed authen-
tication protocol. The universal composability (UC) model
based formal security analysis is performed in Section 5
Finally, Section 6 draws a conclusion.
2 RELATED WORK
Dunning and Kresman [11] proposed an anonymous ID
assignment based data sharing algorithm (AIDA) for multi-
party oriented cloud and distributed computing systems. In
the AIDA, an integer data sharing algorithm is designed on
top of secure sum data mining operation, and adopts a vari-
able and unbounded number of iterations for anonymous
assignment. Specifically, Newton’s identities and Sturm’s
theorem are used for the data mining, a distributed solution
of certain polynomials over finite fields enhances the algo-
rithm scalability, and Markov chain representations are used
to determine statistics on the required number of iterations.
Liu et al. [12] proposed a multi-owner data sharing
secure scheme (Mona) for dynamic groups in the cloud
applications. The Mona aims to realize that a user can
securely share its data with other users via the untrusted
cloud server, and can efficiently support dynamic group
interactions. In the scheme, a new granted user can directly
decrypt data files without pre-contacting with data owners,
and user revocation is achieved by a revocation list without
updating the secret keys of the remaining users. Access con-
trol is applied to ensure that any user in a group can anony-
mously utilize the cloud resources, and the data owners’
real identities can only be revealed by the group manager
for dispute arbitration. It indicates the storage overhead
and encryption computation cost are independent with the
amount of the users.
Fig. 1. Three possible cases during data accessing and data sharing in
cloud applications.
242 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 26, NO. 1, JANUARY 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
3. Grzonkowski and Corcoran [13] proposed a zero-
knowledge proof (ZKP) based authentication scheme for
cloud services. Based on the social home networks, a user
centric approach is applied to enable the sharing of person-
alized content and sophisticated network-based services
via TCP/IP infrastructures, in which a trusted third party
is introduced for decentralized interactions.
Nabeel et al. [14] proposed a broadcast group key man-
agement (BGKM) to improve the weakness of symmetric
key cryptosystem in public clouds, and the BGKM realizes
that a user need not utilize public key cryptography, and
can dynamically derive the symmetric keys during decryp-
tion. Accordingly, attribute based access control mecha-
nism is designed to achieve that a user can decrypt the
contents if and only if its identity attributes satisfy the con-
tent provider’s policies. The fine-grained algorithm applies
access control vector (ACV) for assigning secrets to users
based on the identity attributes, and allowing the users to
derive actual symmetric keys based on their secrets and
other public information. The BGKM has an obvious
advantage during adding/revoking users and updating
access control policies.
Wang et al. [15] proposed a distributed storage integrity
auditing mechanism, which introduces the homomorphic
token and distributed erasure-coded data to enhance secure
and dependable storage services in cloud computing. The
scheme allows users to audit the cloud storage with light-
weight communication overloads and computation cost,
and the auditing result ensures strong cloud storage correct-
ness and fast data error localization. Towards the dynamic
cloud data, the scheme supports dynamic outsourced data
operations. It indicates that the scheme is resilient against
Byzantine failure, malicious data modification attack, and
server colluding attacks.
Sundareswaran et al. [16] established a decentralized
information accountability framework to track the users’
actual data usage in the cloud, and proposed an object-
centered approach to enable enclosing the logging mecha-
nism with the users’ data and policies. The Java ARchives
(JAR) programmable capability is leveraged to create a
dynamic and mobile object, and to ensure that the users’
data access will launch authentication. Additionally, distrib-
uted auditing mechanisms are also provided to strengthen
user’s data control, and experiments demonstrate the
approach efficiency and effectiveness.
In the aforementioned works, various security issues are
addressed. However, a user’s subtle access request related
privacy problem caused by data accessing and data sharing
has not been studied yet in the literature. Here, we identify
a new privacy challenge, and propose a protocol not only
focusing on authentication to realize the valid data access-
ing, but also considering authorization to provide the pri-
vacy-preserving access authority sharing. The attribute
based access control and proxy re-encryption mechanisms
are jointly applied for authentication and authorization.
3 SYSTEM MODEL
Fig. 2 illustrates a system model for the cloud storage archi-
tecture, which includes three main network entities: users
(Ux), a cloud server (S), and a trusted third party.
User. An individual or group entity, which owns its
data stored in the cloud for online data storage and
computing. Different users may be affiliated with a
common organization, and are assigned with inde-
pendent authorities on certain data fields.
Cloud server. An entity, which is managed by a
particular cloud service provider or cloud applica-
tion operator to provide data storage and comput-
ing services. The cloud server is regarded as an
entity with unrestricted storage and computational
resources.
Trusted third party. An optional and neutral entity,
which has advanced capabilities on behalf of the
users, to perform data public auditing and dispute
arbitration.
In the cloud storage, a user remotely stores its data via
online infrastructures, flatforms, or software for cloud serv-
ices, which are operated in the distributed, parallel, and
cooperative modes. During cloud data accessing, the user
autonomously interacts with the cloud server without exter-
nal interferences, and is assigned with the full and indepen-
dent authority on its own data fields. It is necessary to
guarantee that the users’ outsourced data cannot be unau-
thorized accessed by other users, and is of critical impor-
tance to ensure the private information during the users’
data access challenges. In some scenarios, there are multiple
users in a system (e.g., supply chain management), and the
users could have different affiliation attributes from differ-
ent interest groups. One of the users may want to access
other associated users’ data fields to achieve bi-directional
data sharing, but it cares about two aspects: whether the
aimed user would like to share its data fields, and how to
avoid exposing its access request if the aimed user declines
or ignores its challenge. In the paper, we pay more attention
on the process of data access control and access authority
sharing other than the specific file oriented cloud data
management.
In the system model, assume that point-to-point commu-
nication channels between users and a cloud server are reli-
able with the protection of secure shell protocol (SSH). The
related authentication handshakes are not highlighted in
the following protocol presentation.
Towards the trust model, there are no full trust relation-
ships between a cloud server S and a user Ux.
S is semi-honest and curious. Being semi-honest means
that S can be regarded as an entity that appropri-
ately follows the protocol procedure. Being curious
Fig. 2. The cloud storage system model.
LIU ET AL.: SHARED AUTHORITY BASED PRIVACY-PRESERVING AUTHENTICATION PROTOCOL IN CLOUD COMPUTING 243
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
4. means that S may attempt to obtain Ux’s private
information (e.g., data content, and user preferen-
ces). It means that S is under the supervision of its
cloud provider or operator, but may be interested in
viewing users’ privacy. In the passive or honest-but-
curious model, S cannot tamper with the users’ data
to maintain the system normal operation with unde-
tected monitoring.
Ux is rational and sensitive. Being rational means that
Ux’s behavior would be never based on experience
or emotion, and misbehavior may only occur for self-
ish interests. Being sensitive means that Ux is reluc-
tant to disclosure its sensitive data, but has strong
interests in other users’ privacy.
Towards the threat model, it covers the possible security
threats and system vulnerabilities during cloud data inter-
actions. The communication channels are exposed in public,
and both internal and external attacks exist in the cloud
applications [15]. The internal attacks mainly refer to the
interactive entities (i.e., S, and Ux). Thereinto, S may be self-
centered and utilitarian, and aims to obtain more user data
contents and the associated user behaviors/habits for the
maximization of commercial interests; Ux may attempt to
capture other users’ sensitive data fields for certain pur-
poses (e.g., curiosity, and malicious intent). The external
attacks mainly consider the data CIA triad (i.e., confidential-
ity, integrity, and availability) threats from outside adver-
saries, which could compromise the cloud data storage
servers, and subsequently modify (e.g., insert, or delete) the
users’ data fields.
4 THE SHARED AUTHORITY BASED PRIVACY-
PRESERVING AUTHENTICATION PROTOCOL
4.1 System Initialization
The cloud storage system includes a cloud server S, and
users {Ux} (x ¼ f1; . . . ; mg, m 2 NÃ
). Thereinto, Ua and Ub
are two users, which have independent access authorities
on their own data fields. It means that a user has an access
permission for particular data fields stored by S, and the
user cannot exceed its authority access to obtain other users’
data fields. Here, we consider S and {Ua, Ub} to present the
protocol for data access control and access authority sharing
with enhanced privacy considerations. The main notations
are introduced in Table 1.
Let BG ¼ ðq; g; h; G; G0
; e; HÞ be a pairing group, in which
q is a large prime, {G; G0
} are of prime order q, G ¼ hgi ¼ hhi,
and H is a collision-resistant hash function. The bilinear
map e : G Â G ! G0
satisfies the bilinear non-degenerate
properties: i.e., for all g; h 2 G and a; b 2 ZÃ
q, it turns out that
eðga
; hb
Þ ¼ eðg; hÞab
, and eðg; hÞ 6¼ 1. Meanwhile, eðg; hÞ can
be efficiently obtained for all g; h 2 G, and it is a generator
of G0
.
Let S and Ux respectively own the pairwise keys {pkS,
skS} and {pkUx , skUx }. Besides, S is assigned with all users’
public keys {pkU1
; . . . ; pkUm }, and Ux is assigned with pkS.
Here, the public key pkt ¼ gskt ðmod qÞ (t 2 fS; Uxg) and the
corresponding privacy key skt 2 ZÃ
q are defined according
to the generator g.
Let FðR
Uy
Ux
ðRUx
Uy
ÞT Þ¼Cont2Zq describe the algebraic relation of
{R
Uy
Ux
, RUx
Uy
}, which are mutually inverse access requests chal-
lenged by {Ux, Uy}, and Cont is a constant. Here, Fð:Þ is a
collision-resistant function, for any randomized polynomial
time algorithm A, there is a negligible function pðkÞ for a
sufficiently large value k:
Prob
h
fðx; x0
Þ; ðy; y0
Þg Að1k
Þ : ðx 6¼ x0
; y 6¼ y0
Þ
^ F
RUx
Uy
R
U0
y
U0
x
T
¼ Cont
i
pðkÞ:
Note that RUÃ
Uy
is a m-dimensional Boolean vector, in
which only the Ã-th pointed-element and the y-th self-
element are 1, and other elements are 0. It turns out that:
FðR
Uy
Ux
ðRUx
Uy
ÞT Þ¼Fð2Þ¼Cont means that both Ux and Uy are
interested in each other’s data fields, and the two
access requests are matched;
FðR
Uy
Ux
ðR
U~x
Uy
ÞT
Þ ¼ FðR
U~y
Ux
ðRUx
Uy
ÞT
Þ ¼ Fð1Þ means that
only one user (i.e., Ux or Uy) is interested in the
other’s data fields, and the access requests are not
matched. Note that U~x/U~y represents that the user is
not Ux/Uy;
FðR
U~y
Ux
ðR
U~x
Uy
ÞT Þ ¼ Fð0Þ means that neither Ux nor Uy is
interested in each other’s data fields, and the two
access requests are not matched.
Let A be the attribute set, there are n attributes
A ¼ fA1; A2; . . . ; Ang for all users, and Ux has its own attri-
bute set AUx A for data accessing. Let AUx and PUx be
monotone Boolean matrixes to represent Ux’s data attribute
access list and data access policy.
Assume that Ux has AUx ¼ ½aijŠnÂm, which satisfies
that aij ¼ 1 for Ai 2 A, and aij ¼ 0 for Ai =2 A.
Assume that S owns PUx ¼ ½pijŠnÂm, which is applied
to restrain Ux’s access authority, and satisfies that
pij ¼ 1 for Ai 2 PUx , and pij ¼ 0 for Ai =2 PUx . If
aij pij8i ¼ f1; . . . ; ng; j ¼ f1; . . . ; mg holds, it will
be regarded that AUx is within PUx ’s access authority
limitation.
TABLE 1
Notations
244 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 26, NO. 1, JANUARY 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
5. Note that full-fledged cryptographic algorithms (e.g.,
attribute based access control, and proxy re-encryption) can
be exploited to support the SAPA.
4.2 The Proposed Protocol Descriptions
Fig. 3 shows the interactions among {Ua, Ub, S}, in which
both Ua and Ub have interests on each other’s authorized
data fields for data sharing. Note that the presented interac-
tions may not be synchronously launched, and a certain
time interval is allowable.
4.2.1 {Ua, Ub}’s Access Challenges and S’s Responses
{Ua, Ub} respectively generate the session identifiers {sidUa ,
sidUb
}, extract the identity tokens {TUa , TUb
}, and transmits
{sidUa kTUa , sidUb
kTUa } to S as an access query to initiate a
new session. Accordingly, we take the interactions of Ua
and S as an example to introduce the following authentica-
tion phase. Upon receiving Ua’s challenge, S first generates
a session identifier sidSa , and establishes the master public
key mpk ¼ ðgi; h; hi; BG; eðg; hÞ; HÞ and master privacy key
msk ¼ ða; gÞ. Thereinto, S randomly chooses a 2 Zq, and
computes gi ¼ gai
and hi ¼ haiÀ1
(i ¼ f1; . . . ; ng 2 ZÃ
).
S randomly chooses s 2 f0; 1gÃ
, and extracts Ua’s access
authority policy PUa ¼ ½pijŠnÂm (pij 2 f0; 1g), and Ua is
assigned with the access authority on its own data fields
DUa within PUa ’s permission. S further defines a polynomial
FSa ðx; PUa Þ according to PUa and TUa :
FSa ðx; PUa Þ ¼
Yn;m
i¼1;j¼1
ðx þ ijHðTUa ÞÞpij
ðmod qÞ:
S computes a set of values {MSa0, MSa1, fMSa2ig, MSa3,
MSa4} to establish the ciphertext CSa ¼ fMSa1; fMSa2ig;
MSa3; MSa4g, and transmits sidSa kCSa to Ua.
MSa0 ¼ HðPUa kDUa kTUa ksÞ;
MSa1 ¼ hFSa
ða;PUa ÞMSa0 ;
MSa2i ¼ ðgiÞMSa0
; ði ¼ 1; . . . ; nÞ;
MSa3 ¼ Hðeðg; hÞMSa0
Þ È s;
MSa4 ¼ HðsidUa ksÞ È DUa :
Similarly, S performs the corresponding operations
for Ub, including that S randomly chooses a0
2 Zq and
s0
2 f0; 1gÃ
, establishes {g0
i, h0
i}, extracts {PUb
, DUb
},
defines FSb
ðx; PUb
Þ, and computes {MSb0, MSb1, fMSb2ig,
MSb3, MSb4} to establish the ciphertext CSb
for
transmission.
4.2.2 {Ua, Ub}’s Data Access Control
Ua first extracts it data attribute access list AUa ¼ ½aijŠ
(aij 2 f0; 1g, aij pij) to re-structure an access list
LUa ¼ ½lijŠnÂm for lij ¼ pij À aij. Ua also defines a polynomial
FUa ðx; LUa Þ according to LUa and TUa :
FUa ðx; LUa Þ ¼
Yn;m
i¼1;j¼1
ðx þ ijHðTUa ÞÞlij
ðmod qÞ:
It turns out that FUa ðx; LUa Þ satisfies the equation
FUa ðx; LUa Þ ¼
Yn;m
i¼1;j¼1
ðx þ ijHðTUa ÞÞpijÀaij
¼ FSa ðx; PUa Þ=FSa ðx; AUa Þ:
Afterwards, Ua randomly chooses b 2 Zq, and the decryp-
tion key kAUa
for AUa can be obtained as follows:
kAUa
¼ ðgðbþ1Þ=FSa
ða;AUa Þ
; hbÀ1
Þ:
Ua further computes a set of values {NUa1, NUa2, NUa3}.
Here, fSai is used to represent xi
’s coefficient in
FSa ðx; PUa Þ, and fUai is used to represent xi
’s coefficient
in FUa ðx; LUa Þ:
NUa1 ¼ e MSa21;
Yn
i¼1
ðhiÞfUai
hfUa0
!
;
NUa2 ¼ e
Yn
i¼1
ðMSa2iÞfUai
; hbÀ1
!
;
NUa3 ¼ eðgðbþ1Þ=FSa
ða;AUa
Þ
; MSa1Þ:
Fig. 3. The shared authority based privacy-preserving authentication protocol.
LIU ET AL.: SHARED AUTHORITY BASED PRIVACY-PRESERVING AUTHENTICATION PROTOCOL IN CLOUD COMPUTING 245
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
6. It turns out that eðg; hÞMSa0
satisfies the equation
eðg; hÞMSa0
¼
NUa3
ðNUa1NUa2Þ
1=fUa0
:
For the right side of (1), we have,
NUa1 ¼ e gaiMSa0 ;
Yn
i¼1
ðhiÞfUai
hfUa0
!
¼ eðg; hÞaMSa0
Pn
i¼1
ðaiÀ1fUaiþfUa0Þ
¼ eðg; hÞMSa0FUa ða;LUa Þ
;
NUa2 ¼ e
Yn
i¼1
gaiMSa0fUai ; hbÀ1
!
¼ eðg; hÞMSa0
ÀPn
i¼1
aifUaiþfUa0ÀfUa0
Á
ðbÀ1Þ
¼ eðg; hÞMSa0bFUa
ða;LUa
ÞÀMSa0fUa0
;
NUa3 ¼ e gðbþ1Þ=FSa
ða;AUa
Þ
; hfSa0MSa0
Yn
i¼1
ðhiÞfSaiMSa0
!
¼ eðg; hÞðbþ1Þ=FSa
ða;AUa ÞFSa
ða;PUa ÞMSa0
¼ eðg; hÞMSa0bFUa ða;LUa ÞþMSa0FUa ða;LUa Þ
:
Ua locally re-computes {s‘
, M‘
Sa0}, derives its own autho-
rized data fields DUa , and checks whether the ciphertext CSa
is encrypted by M‘
Sa0. If it holds, Ua will be a legal user that
can properly decrypt the ciphertext CSa ; otherwise, the pro-
tocol will terminate
s‘
¼ MSa3 È Hðeðg; hÞMSa0 Þ;
M‘
Sa0 ¼ H
À
PUa kDUa kTUa ks‘
Á
;
DUa ¼ MSa4 È H
À
sidUa ks‘
Á
:
Ua further extracts its pseudonym PIDUa , a session-
sensitive access request R
Ub
Ua
, and the public key pkUa .
Here, R
Ub
Ua
is introduced to let S know Ua’s data access
desire. It turns out that R
Ub
Ua
makes S know the facts: 1) Ua
wants to access Ub’s temp authorized data fields _DUb
;
2) Ra will also agree to share its temp authorized data
fields _DUa with Ub in the case that Ub grants its request.
Afterwards, Ua randomly chooses rUa 2 ZÃ
q, computes a
set of values {MUa0, MUa1, MUa2, MUa3} to establish a cipher-
text CUa , and transmits CUa to S for further access request
matching
MUa0 ¼ HðsidSa kPIDUa Þ È R
Ub
Ua
;
MUa1 ¼ gpkUa rUa ;
MUa2 ¼ eðg; hÞrUa ;
MUa3 ¼ hrUa :
Similarly, Ub performs the corresponding operations,
including that Ub extracts AUb
, and determines {LUb
,
FUb
ðx; LUb
Þ, fUbi}. Ub further randomly chooses b0
2 Zq, and
computes the values {NUb1, NUb2, NUb3, s0‘
, M‘
Ub
} to derive its
own data fields DUb
. Ub also extracts its pseudonym PIDUb
and an access request RUa
Ub
to establish a ciphertext CUb
with
the elements {MUb0; MUb1; MUb2; MUb3}.
4.2.3 {Ua, Ub}’s Access Request Matching and Data
Access Authority Sharing
Upon receiving the ciphertexts {CUa , CUb
} within an allow-
able time interval, and S extracts {PIDUa , PIDUb
} to derive
the access requests {R
Ub
Ua
, RUa
Ub
}:
R
Ub
Ua
¼ HðsidSa kPIDUa Þ È MUa0;
RUa
Ub
¼ HðsidSb
kPIDUb
Þ È MUb0:
S checks whether {R
Ub
Ua
, RUa
Ub
} satisfy FðR
Ub
Ua
ðRUa
Ub
ÞT
Þ ¼
Fð2Þ ¼ Cont. If it holds, S will learn that both Ua and Ub
have the access desires to access each other’s authorized
data, and to share its authorized data fields with each other.
S extracts the keys {skS, pkUa , pkUb
} to establish the aggre-
gated keys {kS, kSu
} by the Diffie-Hellman key agreement,
and computes the available re-encryption key kUu
for Uu
(u 2 fa; bg):
kS ¼ ðpkUa pkUb
ÞskS ¼ gðskUa þskUb
ÞskS ;
kSu
¼ ðpkUu
ÞskS ¼ gskUu
skS ;
kUu
¼ kSu
=pkUu
:
S performs re-encryption to obtain M0
Uu1. Towards Ua/Ub,
S extracts Ub/Ua’s temp authorized data fields _DUb
/ _DUa to
compute M0
Ub2/M0
Ua2:
M0
Uu1 ¼ ðMUu1ÞkUu ¼ gkSu
rUu ;
M0
Ua2 ¼ MUa2EkSb
ð _DUa Þ;
M0
Ub2 ¼ MUb2EkSa
ð _DUb
Þ:
Thereafter, S establishes the re-structured ciphertext
C0
Uu
¼ ðM0
Uu1; M0
Uu2; MUu3Þ, and respectively transmits
{C0
Ub
kkS, C0
Ua
kkS} to {Ua, Ub} for access authority sharing.
Upon receiving the messages, Ua computes kSa ¼ ðpkSÞskUa ,
and performs verification by comparing the following
equation:
e
À
M0
Ub1; h
Á
¼
?
eðgkS=kSa ; MUb3Þ:
For the left side of (2), we have,
e
À
M0
Ub1; h
Á
¼ e
À
gg
skUb
skS rUb ; h
Á
:
For the right side of (2), we have,
e
À
gkS=kSa ; MUb3
Á
¼ eðgðpkSÞ
skUb
; hrUb Þ
¼ eðg; hÞg
skSskUb rUb :
246 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 26, NO. 1, JANUARY 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
7. Ua derives Ub’s temp authorized data fields _DUb
:
_DUb
¼ EÀ1
kSa
À
M0
Ub2e
À
M0
Ub1; h
ÁÀkSa
=kS
Á
:
Similarly, Ub performs the corresponding operations,
including that Ub obtains the keys {kS, kSb
}, checks Ub’s
validity, and derives the temp authorized data field _DUa .
In the SAPA, S acts as a semi-trusted proxy to realize
{Ua, Ub}’s access authority sharing. During the proxy re-
encryption, {Ua, Ub} respectively establish ciphertexts
{MUa1, MUb1} by their public keys {pkUa , pkUb
}, and S gener-
ates the corresponding re-encryption keys {kUa , kUb
} for {Ua,
Ub}. Based on the re-encryption keys, the ciphertexts {MUa1,
MUb1} are re-encrypted into {M0
Ua1, M0
Ub1}, and {Ua, Ub} can
decrypt the re-structured ciphertexts {M0
Ub1, M0
Ua1} by their
own private key {skUa , skUb
} without revealing any sensitive
information.
Till now, {Ua, Ub} have realized the access authority shar-
ing in the case that both Ua and Ub have the access desires
on each other’s data fields. Meanwhile, there may be other
typical cases when Ua has an interest in Ub’s data fields with
a challenged access request R
Ub
Ua
.
1. In the case that Ub has no interest in Ua’s data fields,
it turns out that Ub’s access request R
Ub
Ub
and R
Ub
Ua
sat-
isfy that FðR
Ub
Ua
ðR
Ub
Ub
ÞT Þ¼Fð1Þ. For Ua, S will extract a
dummy data fields Dnull as a response. Ub will be
informed that a certain user is interested in its data
fields, but cannot determine Ua’s detailed identity
for privacy considerations.
2. In the case that Ub has an interest in Uc’s data fields
rather than Ua’s data fields, but Uc has no interest in
Ub’s data fields. It turns out that the challenged
access requests R
Ub
Ua
, RUc
Ub
, and R
U~b
Uc
satisfy that
FðR
Ub
Ua
ðRUc
Ub
ÞT Þ¼FðRUc
Ub
ðR
U~b
Uc
ÞT Þ¼Fð1Þ, in which U~b indicates
that the user is not Ub. Dnull will be transmitted to
{Ua, Ub, Uc} without data sharing.
In summary, the SAPA adopts integrative approaches to
address secure authority sharing in cloud applications.
Authentication. The ciphertext-policy attribute based
access control and bilinear pairings are introduced
for identification between Uu and S, and only the
legal user can derive the ciphertexts. Additionally,
Uu checks the re-computed ciphertexts according to
the proxy re-encryption, which realizes flexible data
sharing instead of publishing the interactive users’
secret keys.
Data anonymity. The pseudonym PIDUu
are hidden
by the hash function so that other entities cannot
derives the real values by inverse operations.
Meanwhile, U~u’s temp authorized fields _DU~u
are
encrypted by kSu
for anonymous data transmis-
sion. Hence, an adversary cannot recognize the
data, even if the adversary intercepts the transmit-
ted data, it will not decode the full-fledged cryp-
tographic algorithms.
User privacy. The access request pointer (e.g., RUx
Uu
) is
wrapped along with HðsidSu
kPIDUu
Þ for privately
informing S about Uu’s access desires. Only if both
users are interested in each other’s data fields, S will
establish the re-encryption key kUu
to realize author-
ity sharing between Ua and Ub. Otherwise, S will
temporarily reserve the desired access requests for a
certain period of time, and cannot accurately deter-
mine which user is actively interested in the other
user’s data fields.
Forward security. The dual session identifiers {sidSu
,
sidUu
} and pseudorandom numbers are introduced
as session variational operators to ensure the com-
munications dynamic. An adversary regards the
prior session as random even if {S, Uu} get corrupted,
or the adversary obtains the PRNG algorithm. The
current security compromises cannot correlate with
the prior interrogations.
5 FORMAL SECURITY ANALYSIS WITH THE
UNIVERSAL COMPOSABILITY MODEL
5.1 Preliminaries
The universal composability model specifies an approach
for security proofs [28], and guarantees that the proofs will
remain valid if the protocol is modularly composed with
other protocols, and/or under arbitrary concurrent protocol
executions. There is a real-world simulation, an ideal-world
simulation, and a simulator Sim translating the protocol
execution from the real-world to the ideal-world. Addition-
ally, the Byzantine attack model is adopted for security
analysis, and all the parties are modeled as probabilistic
polynomial-time Turing machines (PPTs), and a PPT cap-
tures whatever is external to the protocol executions. The
adversary controls message deliveries in all communication
channels, and may perform malicious attacks (e.g., eaves-
dropping, forgery, and replay), and may also initiate new
communications to interact with the legal parties.
In the real-world, let p be a real protocol, Pi (i ¼ f1; . . . ;
Ig 2 NÃ
) be real parties, and A be a real-world adversary. In
the ideal-world, let F be an ideal functionality, ~Pi be
dummy parties, and ~A be an ideal-world adversary. Z is an
interactive environment, and communicates with all entities
except the ideal functionality F. Ideal functionality acts as
an uncorruptable trusted party to realize specific protocol
functions.
Theorem 1. UC Security. The probability, that Z distin-
guishes between an interaction of A with Pi and an interac-
tion of ~A with ~Pi, is at most negligible probability. We have
that a real protocol p UC-realizes an ideal functionality F,
i.e., IdealF; ~A;Z % Realp;A;Z.
The UC formalization of the SAPA includes the ideal-
world model Ideal, and the real-world model Real.
Ideal: Define two uncorrupted idea functionalities
{Faccess, Fshare}, a dummy party ~P (e.g., ~Uu, ~S,
u 2 fa; bg), and an ideal adversary ~A. { ~P, ~A} cannot
establish direct communications. ~A can arbitrarily
interact with Z, and can corrupt any dummy party
~P, but cannot modify the exchanged messages.
Real: Define a real protocol pshare (run by a party
P including Uu and S) with a real adversary A and
an environment Z. Each real parties can
LIU ET AL.: SHARED AUTHORITY BASED PRIVACY-PRESERVING AUTHENTICATION PROTOCOL IN CLOUD COMPUTING 247
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
8. communicate with each other, and A can fully con-
trol the interconnections of P to obtain/modify the
exchanged messages. During the protocol execu-
tion, Z is activated first, and dual session identi-
fiers shared by all the involved parties reflects the
protocol state.
5.2 Ideal Functionality
Definition 1. Functionality Faccess. Faccess is an incorruptible
ideal data accessing functionality via available channels, as
shown in Table 2.
In Faccess, a party P (e.g., Uu, S) is initialized (via input
Initialize), and thereby initiates a new session along with
generating dual session identifiers {sidUu
, sidSu
}. P follows
the assigned protocol procedure to send (via input Send)
and receive (via input Receive) messages. A random num-
ber rPu
is generated by P for further computation (via input
Generate). Data access control is realized by checking
{sendð:Þ, recð:Þ, localð:Þ} (via input Access). If P is controlled
by an ideal adversary ~A, four types of behaviors may be
performed: ~A may record the exchanged messages on lis-
tened channels, and may forward the intercepted messages
to P (via request Forward); ~A may record the state of
authentication between Uu and S to interfere in the normal
verification (via request Accept); ~A may impersonate an
legal party to obtain the full state (via request Forge), and
may replay the formerly intercepted messages to involve
the ongoing communications (via request Replay).
Definition 2. Functionality Fshare. Fshare is an incorruptible
ideal authority sharing functionality, as shown in Table 3.
Fshare is activated by P (via input Activate), and the ini-
tialization is performed via Initialize of Faccess. The access
request pointers {R
Ub
Ua
, RUa
Ub
} are respectively published and
challenged by {Ua, Ub} to indicate their desires (via input
Challenge). The authority sharing between {Ua, Ub} is real-
ized, and the desired data fields { _DUb
, _DUa } are accordingly
obtained by {Ua, Ub} (via input Share). If P is controlled by
an ideal adversary ~A, ~A may detect the exchanged chal-
lenged access request pointer RUx
Uu
(via request Listen); ~A
may record the request pointer to interfere in the normal
authority sharing between Ua and Ub (via request
Forge/Replay).
In the UC model, Faccess and Fshare formally define the
basic components of the ideal-world simulation.
Party. Party P refers to multiple users Uu (e.g., Ua,
Ub), and a cloud server S involved in a session.
Through a successful session execution, {Uu, S} estab-
lish authentication and access control, and {Ua, Ub}
TABLE 3
Ideal Authority Sharing Functionality: Fshare
TABLE 2
Ideal Data Accessing Functionality: Faccess
248 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 26, NO. 1, JANUARY 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
9. obtain each other’s temp authorized data fields for
data authority sharing.
Session identifier. The session identifiers sidUu
and
sidSu
are generated for initialization by the environ-
ment Z. The ideal adversary ~A may control and cor-
rupt the interactions between Uu and S.
Access request pointer. The access request pointer RUx
Uu
is applied to indicate Uu’s access request on Ux’s
temp authorized data fields _DUx .
5.3 Real Protocol pshare
A real protocol pshare is performed based on the ideal func-
tionalities to realize Fshare in Faccess-hybrid model.
Upon input ActivateðPÞ at P (e.g., Uu, and S), P is acti-
vated via Fshare to trigger a new session, in which
Initialize of Faccess is applied for initialization and assign-
ment. {initðsidUu
; UuÞ, initðsidSu
; SÞ} are respectively
obtained by {Uu, S}. Message deliveries are accordingly per-
formed by inputting Send and Receive. Upon input Send
from Uu, Uu records and outputs sendðsidUu
; UuÞ via Faccess.
Upon input Receive from S, S obtains recðsidUu
; SÞ via
Faccess. Upon input GenerateðSÞ from S, S randomly choo-
ses a random number rSu
to output genðrSu
Þ and to establish
a ciphertext for access control. Upon input GenerateðUuÞ
from Uu, Uu generates a random number rUu
for further
checking the validity of {AUu
, PUu
}. Upon input Access from
Uu, Uu checks whether {sendð:Þ, recð:Þ, localð:Þ} are matched
via Faccess. If it holds, output validðAUu
; PUu
Þ is valid. Else,
output invalidðAUu
; PUu
Þ and terminate the protocol. Upon
input ChallengeðUxÞ from Uu, Uu generates an access
request pointer RUx
Uu
, and outputs challðRUx
Uu
Þ to Ux. Upon
input Send from Uu, Uu computes a message mUu
, records
and outputs sendðmUu
; UuÞ via Faccess, in which RUx
Uu
is
wrapped in mUu
. Upon input Receive from S, S obtains
recðmUu
; SÞ for access request matching. Upon input
Shareð _DUb
; UaÞ and Shareð _DUa ; UbÞ from {Ua, Ub}, S checks
whether {challðR
Ub
Ua
; UaÞ, challðRUa
Ub
; UbÞ} are matched. If it
holds, output shareð _DUb
; UaÞ to Ua and shareð _DUa ; UbÞ to Ub
to achieve data sharing. Else, output shareðDnull; UaÞ to Ua
and shareðDnull; UbÞ to Ub for regular data accessing.
5.4 Security Proof of pshare
Theorem 3. The protocol pshare UC-realizes the ideal functional-
ity Fshare in the Faccess-hybrid model.
Proof: Let A be a real adversary that interacts with the par-
ties running pshare in the Faccess-hybrid model. Let ~A be
an ideal adversary such that any environment Z cannot
distinguish with a non-negligible probability whether it
is interacting with A and pshare in Real or it is interacting
with ~A and Fshare in Ideal. It means that there is a simu-
lator Sim that translates pshare procedures into Real such
that these cannot be distinguished by Z.
Construction of the ideal adversary ~A: The ideal adver-
sary ~A acts as Sim to run the simulated copies of Z, A,
and P. ~A correlates runs of pshare from Real into Ideal:
the interactions of A and P is corresponding to the inter-
actions of ~A and ~P. The input of Z is forwarded to A as
A’s input, and the output of A (after running pshare) is
copied to ~A as ~A’s output.
Simulating the party P. Uu and S are activated and ini-
tialized by Activate and Initialization, and ~A simulates
as A during interactions.
Whenever ~A obtains {initðsidPu
; PÞ, genðrPu
; PÞ}
from Faccess, ~A transmits the messages to A.
Whenever ~A obtains {recð:Þ, sendð:Þ} from Faccess,
~A transmits the messages to A, and forwards A’s
response forwardðsidPu
; mPu
; PÞ to Faccess.
Whenever ~A obtains {initð:Þ, forwardð:Þ} from
Faccess, S transmits the messages to A, and for-
wards A’s response acceptðPÞ to Faccess.
Whenever ~A obtains challðRUx
Uu
; UuÞ from Fshare, ~A
transmits the message to A, and forwards A’s
response listenðRUx
Uu
; UuÞ to Fshare.
Simulating the party corruption. Whenever P is cor-
rupted by A, thereby ~A corrupts the corresponding ~P. ~A
provides A with the corrupted parties’ internal states.
Whenever ~A obtains accessðDUu
Þ from Faccess, ~A
transmits the message accessðDUu
Þ to A, and for-
wards A’s response acceptðPÞ to Faccess.
Whenever ~A obtains challðRUx
Uu
; UuÞ from Fshare, ~A
transmits the message to A, and forwards A’s
response shareðDnull; UuÞ to Fshare.
Ideal and Real are indistinguishable: Assume that {CS,
CUu} respectively indicate the events that corruptions of
{S, U}. Z invokes Activate and Initialize to launch an
interaction. The commands Generate and Access are
invoked to transmit accessðDUu
Þ to ~A, and A responds
acceptðPÞ to ~A. Thereafter, Challenge and Share are
invoked to transmit shareðRUx
Uu
; UuÞ, and A responds
shareðDnull; UuÞ to ~A. Note that initð:Þ independently
generates dual session identifiers {sidUu
, sidSu
}, and the
simulations of Real and Ideal are consistent even
though ~A may intervene to prevent the data access con-
trol and authority sharing in Ideal. The pseudorandom
number generator (introduced in {initð:Þ, genð:Þ}), and
the collision-resistant hash function (introduced in
{accessð:Þ, shareð:Þ}) are applied to guarantee that the
probability of the environment Z can distinguish the
adversary’s behaviors in Ideal and Real is at most negli-
gible. The simulation is performed based on the fact that
no matter the event CS or CUu occurs or not, Therefore,
pshare UC-realizes the ideal functionality Fshare in the
Faccess-hybrid model. tu
6 CONCLUSION
In this work, we have identified a new privacy challenge
during data accessing in the cloud computing to achieve
privacy-preserving access authority sharing. Authentica-
tion is established to guarantee data confidentiality and
data integrity. Data anonymity is achieved since the
wrapped values are exchanged during transmission. User
privacy is enhanced by anonymous access requests to pri-
vately inform the cloud server about the users’ access
LIU ET AL.: SHARED AUTHORITY BASED PRIVACY-PRESERVING AUTHENTICATION PROTOCOL IN CLOUD COMPUTING 249
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
10. desires. Forward security is realized by the session identi-
fiers to prevent the session correlation. It indicates that the
proposed scheme is possibly applied for privacy preserva-
tion in cloud applications.
ACKNOWLEDGMENTS
This work was funded by DNSLAB, China Internet Net-
work Information Center, Beijing 100190, China.
REFERENCES
[1] P. Mell and T. Grance, “Draft NIST Working Definition of Cloud
Computing,” Nat’l Inst. of Standards and Technology, 2009.
[2] A. Mishra, R. Jain, and A. Durresi, “Cloud Computing: Network-
ing and Communication Challenges,” IEEE Comm. Magazine,
vol. 50, no. 9, pp. 24-25, Sept. 2012.
[3] R. Moreno-Vozmediano, R.S. Montero, and I.M. Llorente, “Key
Challenges in Cloud Computing to Enable the Future Internet of
Services,”IEEEInternetComputing,vol.17,no.4,pp.18-25,http://
ieeexplore.ieee.org/stamp/stamp.jsp?tp=arnumber=6203493,
July/Aug.2013.
[4] K. Hwang and D. Li, “Trusted Cloud Computing with Secure
Resources and Data Coloring,” IEEE Internet Computing, vol. 14,
no. 5, pp. 14-22, Sept./Oct. 2010.
[5] J. Chen, Y. Wang, and X. Wang, “On-Demand Security Architec-
ture for Cloud Computing,” Computer, vol. 45, no. 7, pp. 73-78,
2012.
[6] Y. Zhu, H. Hu, G. Ahn, and M. Yu, “Cooperative Provable Data
Possession for Integrity Verification in Multi-Cloud Storage,”
IEEE Trans. Parallel and Distributed Systems, vol. 23, no. 12,
pp. 2231-2244, Dec. 2012.
[7] H. Wang, “Proxy Provable Data Possession in Public Clouds,”
IEEE Trans. Services Computing, vol. 6, no. 4, pp. 551-559, http://
ieeexplore.ieee.org/stamp/stamp.jsp?tp=arnumber=6357181,
Oct.-Dec. 2012.
[8] K. Yang and X. Jia, “An Efficient and Secure Dynamic Auditing
Protocol for Data Storage in Cloud Computing,” IEEE Trans. Paral-
lel and Distributed Systems, vol. 24, no. 9, pp. 1717-1726, http://
ieeexplore.ieee.org/stamp/stamp.jsp?tp=arnumber=6311398,
Sept. 2013.
[9] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling Public
Auditability and Data Dynamics for Storage Security in Cloud
Computing,” IEEE Trans. Parallel and Distributed Systems, vol. 22,
no. 5, pp. 847-859-25, May 2011.
[10] C. Wang, K. Ren, W. Lou, and J. Li, “Toward Publicly Auditable
Secure Cloud Data Storage Services,” IEEE Network, vol. 24, no. 4,
pp. 19-24, July/Aug. 2010.
[11] L.A. Dunning and R. Kresman, “Privacy Preserving Data Sharing
with Anonymous ID Assignment,” IEEE Trans. Information Foren-
sics and Security, vol. 8, no. 2, pp. 402-413, Feb. 2013.
[12] X. Liu, Y. Zhang, B. Wang, and J. Yan, “Mona: Secure Multi-Owner
Data Sharing for Dynamic Groups in the Cloud,” IEEE Trans. Paral-
lel and Distributed Systems, vol. 24, no. 6, pp. 1182-1191, http://
ieeexplore.ieee.org/stamp/stamp.jsp?tp=arnumber=6374615,
June 2013.
[13] S. Grzonkowski and P.M. Corcoran, “Sharing Cloud Services:
User Authentication for Social Enhancement of Home
Networking,” IEEE Trans. Consumer Electronics, vol. 57, no. 3,
pp. 1424-1432, Aug. 2011.
[14] M. Nabeel, N. Shang, and E. Bertino, “Privacy Preserving Policy
Based Content Sharing in Public Clouds,” IEEE Trans. Knowledge
and Data Eng., vol. 25, no. 11, pp. 2602-2614, http://ieeexplore.
ieee.org/stamp/stamp.jsp?tp=arnumber=6298891, Nov. 2013.
[15] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, “Toward Secure
and Dependable Storage Services in Cloud Computing,” IEEE
Trans. Services Computing, vol. 5, no. 2, pp. 220-232, Apr.-June 2012.
[16] S. Sundareswaran, A.C. Squicciarini, and D. Lin, “Ensuring Dis-
tributed Accountability for Data Sharing in the Cloud,” IEEE
Trans. Dependable and Secure Computing, vol. 9, no. 4, pp. 556-568,
July/Aug. 2012.
[17] Y. Tang, P.C. Lee, J.C.S. Lui, and R. Perlman, “Secure Overlay
Cloud Storage with Access Control and Assured Deletion,” IEEE
Trans. Dependable and Secure Computing, vol. 9, no. 6, pp. 903-916,
Nov./Dec. 2012.
[18] Y. Zhu, H. Hu, G. Ahn, D. Huang, and S. Wang, “Towards Tem-
poral Access Control in Cloud Computing,” Proc. IEEE INFO-
COM, pp. 2576-2580, Mar. 2012.
[19] S. Ruj, M. Stojmenovic, and A. Nayak, “Decentralized Access
Control with Anonymous Authentication for Securing Data in
Clouds,” IEEE Trans. Parallel and Distributed Systems, vol. 25,
no. 2, pp. 384-394, http://ieeexplore.ieee.org/stamp/stamp.jsp?
tp=arnumber=6463404, Feb. 2014.
[20] R. Sanchez, F. Almenares, P. Arias, D. Dıaz-Sanchez, and A.
Marın, “Enhancing Privacy and Dynamic Federation in IdM for
Consumer Cloud Computing,” IEEE Trans. Consumer Electronics,
vol. 58, no. 1, pp. 95-103, Feb. 2012.
[21] H. Zhuo, S. Zhong, and N. Yu, “A Privacy-Preserving Remote
Data Integrity Checking Protocol with Data Dynamics and Public
Verifiability,” IEEE Trans. Knowledge and Data Eng., vol. 23, no. 9,
pp. 1432-1437, Sept. 2011.
[22] Y. Xiao, C. Lin, Y. Jiang, X. Chu, and F. Liu, “An Efficient
Privacy-Preserving Publish-Subscribe Service Scheme for
Cloud Computing,” Proc. IEEE GLOBECOM ’10, Dec. 2010.
[23] I.T. Lien, Y.H. Lin, J.R. Shieh, and J.L. Wu, “A Novel Privacy Pre-
serving Location-Based Service Protocol with Secret Circular Shift
for K-NN Search,” IEEE Trans. Information Forensics and Security,
vol. 8, no. 6, pp. 863-873, http://ieeexplore.ieee.org/stamp/
stamp.jsp?tp=arnumber=6476681, June 2013.
[24] A. Barsoum and A. Hasan, “Enabling Dynamic Data and Indi-
rect Mutual Trust for Cloud Computing Storage Systems,”
IEEE Trans. Parallel and Distributed Systems, vol. 24, no. 12,
pp. 2375-2385, http://ieeexplore.ieee.org/stamp/stamp.jsp?
tp=arnumber=6392165, Dec. 2013.
[25] H.Y. Lin and W.G. Tzeng, “A Secure Erasure Code-Based Cloud
Storage System with Secure Data Forwarding,” IEEE Trans. Paral-
lel and Distributed Systems, vol. 23, no. 6, pp. 995-1003, June 2012.
[26] J.Yu,P.Lu,G.Xue,andM.Li,“TowardsSecureMulti-KeywordTop-
k Retrieval over Encrypted Cloud Data,” IEEE Trans. Dependable and
SecureComputing,vol.10,no.4,pp.239-250,http://ieeexplore.ieee.
org/stamp/stamp.jsp?tp=arnumber=6425381,July/Aug.2013.
[27] K.W.Park,J.Han,J.W.Chung,andK.H.Park,“THEMIS:AMutually
Verifiable Billing System for the Cloud Computing Environment,”
IEEETrans.ServicesComputing,vol.6,no.3,pp.300-313,http://ieeex-
plore.ieee.org/stamp/stamp.jsp?tp=arnumber=6133267,July-
Sept.2013.
[28] R. Canetti, “Universally Composable Security: A New Paradigm
for Cryptographic Protocols,” Proc. 42nd IEEE Symp. Foundations
of Computer Science (FOCS ’01), pp. 136-145, Oct. 2001.
Hong Liu is currently working toward the PhD
degree at the School of Electronic and Informa-
tion Engineering, Beihang University, China. She
focuses on the security and privacy issues in
radio frequency identification, vehicle-to-grid net-
works, and Internet of Things. Her research inter-
ests include authentication protocol design, and
security formal modeling and analysis. She is a
student member of the IEEE.
Huansheng Ning received the BS degree from
Anhui University in 1996 and the PhD degree
from Beihang University in 2001. He is a profes-
sor in the School of Computer and Communica-
tion Engineering, University of Science and
Technology Beijing, China. His current research
interests include Internet of Things, aviation
security, electromagnetic sensing and comput-
ing. He has published more than 50 papers in
journals, international conferences/workshops.
He is a senior member of the IEEE.
250 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 26, NO. 1, JANUARY 2015
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457
11. Qingxu Xiong received the PhD degree in elec-
trical engineering from Peking University, Beijing,
China, in 1994. From 1994 to 1997, he worked in
the Information Engineering Department at the
Beijing University of Posts and Telecommunica-
tions as a postdoctoral researcher. He is cur-
rently a professor in the School of Electrical and
Information Engineering at the Beijing University
of Aeronautics and Astronautics. His research
interests include scheduling in optical and wire-
less networks, performance modeling of wireless
networks, and satellite communication. He is a member of the IEEE.
Laurence T. Yang received the BE degree in
computer science from Tsinghua University,
China, and the PhD degree in computer science
from the University of Victoria, Canada. He is a
professor in the School of Computer Science
and Technology at the Huazhong University of
Science and Technology, China, and in the
Department of Computer Science, St. Francis
Xavier University, Canada. His research inter-
ests include parallel and distributed computing,
and embedded and ubiquitous/pervasive com-
puting. His research is supported by the National Sciences and Engi-
neering Research Council and the Canada Foundation for Innovation.
He is a member of the IEEE.
For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.
LIU ET AL.: SHARED AUTHORITY BASED PRIVACY-PRESERVING AUTHENTICATION PROTOCOL IN CLOUD COMPUTING 251
For More Details Contact G.Venkat Rao
PVR TECHNOLOGIES 8143271457