Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks
This paper presents a novel Multi-message Ciphertext Policy Attribute-Based Encryption (MCP-ABE) technique, and employs the MCP-ABE to design an access control scheme for sharing scalable media based on data consumers’ attributes (e.g., age, nationality, or gender)rather than an explicit list of the consumers’ names. The scheme is efficient and flexible because MCP-ABE allows a content provider to specify an access policy and encrypt multiple messages within one Ciphertext such that only the users whose attributes satisfy the access policy can decrypt the Ciphertext. Moreover, the paper shows how to support resource-limited mobile devices by offloading computational intensive operations to cloud servers while without compromising data privacy
A promising approach to access control in content sharing services is to empower users to enforce access controls on their data directly, rather than through a central administrator. However, this requires flexible and scalable cryptographic key management to support complex access control policies. A native access control solution is to assign one key for each user attribute, distribute the appropriate keys to users who have the corresponding attributes, and encrypt the media with the attribute keys repeatedly Another method is to classify users into different roles based on their attributes, assign role keys to users, and then encrypt the content using the role keys. However, this approach results in high complexity, i.e., the number of keys for each user and the number of cipher texts for one message are on the order of where is the number of all possible user attributes. Both of these solutions suffer from the rigid and inflexible definition of the underlying access control policies. A remedy to this problem is employing Ciphertext Policy Attribute-Based Encryption (CP-ABE). In CP-ABE, a Ciphertext is embedded with an access control policy, or access policy for short, associated with user attributes. A recipient of the ciphertext is able to decrypt the ciphertext only if her attributes satisfy the access policy in the ciphertext. CP-ABE can be viewed as a one-to-many public key encryption scheme and hence enables a data owner to grant access to an unknown set of users. Nonetheless, existing CP-ABE schemes merely deliver one encrypted message per ciphertext to all authorized users and are not optimal for efficient sharing of scalable media.
DISADVANTAGES OF EXISTING SYSTEM:
v In an existing system solution is flexible, but it is vulnerable to collusion attack.
v The existing method is to classify users into different roles based on their attributes, assign role keys to users, and then encrypt the content using the role keys. However, this approach results in high complexity.
v Existing CP-ABE schemes merely deliver one encrypted message per ciphertext to all authorized users and are not optimal for efficient sharing of scalable media.
In this paper we present an access control scheme for scalable media. The scheme has several benefits which make it especially suitable for content delivery. For example, it is extremely scalable by allowing a data owner to grant data access privileges based on the data consumers’ attributes (e.g., age, nationality, gender) rather than an explicit list of user names; and it ensures data privacy and exclusiveness of access of scalable media by employing attribute-based encryption. For this purpose, we introduce a novel Multi-message Ciphertext Policy AttributeBased Encryption (MCP-ABE) technique. MCP-ABE encrypts multiple messages within one ciphertext so as to enforceflexible attribute-based access control on scalable media. Specifically, the scheme constructs a key graph which matches users’ access privileges, encrypts media units with the corresponding keys, and then encrypts the key graph with MCP-ABE; only those data consumers with the required user attributes can decrypt the encryption of the key (sub) graph and then decrypt the encrypted media units. To cater for resource-limited mobile devices, the scheme offloads computational intensive operations to cloud servers while without compromising user data privacy.
ADVANTAGES OF PROPOSED SYSTEM:
v The present scheme is also secure against user collusion attacks due to use of attribute-based encryption.
v The experiments demonstrate that the present scheme is applicable on smartphone, especially when a cloud platform is available.
v We present an access control scheme for scalable media. The scheme has several benefits which make it especially suitable for content delivery
2. Attribute oriented access control
3. One-way hash function
4. Cipher-text policy attribute-based encryption
In this module normal registration for the multiple users. There are multiple owners, multiple AAs, and multiple users. The attribute hierarchy of files – leaf nodes is atomic file categories while internal nodes are compound categories. Dark boxes are the categories that a PSD’s data reader has access to.
PUD - public domains
PSD -personal domains
AA -attribute authority
MA-ABE - multi-authority ABE
KP-ABE - Key Policy Attribute based Encryption
MCP-ABE - Multi-message Cipher-text Policy Attribute-Based Encryption
Attribute oriented access control
In this Module, supports ï¬ne-grained access control policies and dynamic group membership6by using CP-ABE scheme. In addition, is able to revoke a user without issuing new keys to other users or re-encrypting existing cipher-texts by using a proxy.
KP-ABE (Key Policy Attribute based Encryption) to enforce access policies basedon data attributes. Their scheme allows data owners to delegate most of the computation tasks involved in ï¬ne-grained data access control to untrusted cloud servers without disclosing the underlying data contents by combining techniques of attribute-based encryption, proxy re-encryption, and lazy re-encryption an information management architecture using CP-ABE and optimized security.
One-way hash function
In this Module, usuallyfor security or data management purposes. The "one way" means that it's nearly impossible to derive the original text from the string. A one-way hash function is used to create digital signatures, which in turn identify and authenticate the sender and message of a digitally distributed message.
Cipher-text policy attribute-based encryption
In this Module, every user’s personal secret key is associated with a set of attributes while every ciphertextis associated with an access policy. A user successfully decrypts a ciphertext only if her set of attributes satisï¬es the access policy speciï¬ed in the ciphertext. We brieï¬‚y describe the CP-ABE.
We will extend this CP-ABE scheme to MCP-ABE scheme and use the latter in our access control scheme.
It is an initialization algorithm run by an Attribute Authority (AA). It takes as input a security and outputs a public key PK and a master secret key.
It is run by AA to issue a personal secret key to a user. It takes as input MK and the set of attributes A of the user, and outputs the personal secret key SK associated with Speciï¬cally, for each user.
Data owner to encrypt a message according to an access tree.
Data consumer in possession of a set of attributes A and the secret key SK in order to decrypt the cipher-text CT with an access policy.
• System : Pentium IV 2.4 GHz.
• Hard Disk : 40 GB.
• Floppy Drive : 1.44 Mb.
• Monitor : 15 VGA Colour.
• Mouse : Logitech.
• Ram : 512 Mb.
• Operating system : - Windows XP.
• Coding Language : ASP.NET, C#.Net.
• Data Base : SQL Server 2005
Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks(2013)