Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds(2014)

Note: Please Scroll Down to See the Download Link.

ABSTRACT:

We propose a new decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. In the proposed scheme, the cloud verifies the authenticity of the series without knowing the user’s identity before storing data. Our scheme also has the added feature of access control in which only valid users are able to decrypt the stored information. The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. We also address user revocation. Moreover, our authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralized approaches.

EXISTING SYSTEM:

Ø Existing work on access control in cloud are centralized in nature. Except and, all other schemes use ABE. The scheme in uses a symmetric key approach and does not support authentication. The schemes do not support authentication as well.

Ø It provides privacy preserving authenticated access control in cloud. However, the authors take a centralized approach where a single key distribution center (KDC) distributes secret keys and attributes to all users.

DISADVANTAGES OF EXISTING SYSTEM:

Ø The scheme in uses asymmetric key approach and does not support authentication.

Ø Difficult to maintain because of the large number of users that are supported in a cloud environment.

PROPOSED SYSTEM:

Ø We propose a new decentralized access control scheme for secure data storage in clouds that supports anonymous authentication.

Ø  In the proposed scheme, the cloud verifies the authenticity of the series without knowing the user’s identity before storing data.

Ø Our scheme also has the added feature of access control in which only valid users are able to decrypt the stored information.

Ø  The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud.

ADVANTAGES OF PROPOSED SYSTEM:

Ø Distributed access control of data stored in cloud so that only authorized users with valid attributes can access them.

Ø Authentication of users who store and modify their data on the cloud.

Ø The identity of the user is protected from the cloud during authentication.

MODULES:

Ø Encryption / Decryption

Ø File Upload / Download

Ø Policy Revocation for File Assured Deletion

Ø File Access Control

Ø Policy Renewal

MODULES DESCRIPTION:

A. Encryption / Decryption

We used RSA algorithm for encryption/Decryption. This algorithm is the proven mechanism for secure transaction. Here we are using the RSA algorithm with key size of 2048 bits. The keys are split up and stored in four different places. If a user wants to access the file he/she may need to provide the four set of data to produce the single private key to manage encryption/decryption.

B. File Upload / Download

1. File Upload

The client made request to the key manager for the public key, which will be generated according to the policy associated with the file. Different policies for files, public key also differs. But for same public key for same policy will be generated. Then the client generates a private key by combining the username, password and security credentials. Then the file is encrypted with the public key and private key and forwarded to the cloud.

2. File Download

The client can download the file after completion of the authentication process. As the public key maintained by the key manager, the client request the key manager for public key. The authenticated client can get the public key. Then the client can decrypt the file with the public key and the private key. The users credentials were stored in the client itself. During download the file the cloud will authenticate the user whether the user is valid to download the file. But the cloud doesn’t have any attributes or the details of the user.

C. Policy Revocation for File Assured Deletion

The policy of a file may be revoked under the request by  the client, when expiring the time period of the contract or  completely move the files from one cloud to another cloud  environment. When any of the above criteria exists the policy will be revoked and the key manager will completely removes the public key of the associated file. So no one recover the control key of a revoked file in future. For this reason we can say the file is assuredly deleted. Automatic file revocation scheme is also introduced to  revoke the file from the cloud when the file reaches the  expiry and the client didn’t renew the files duration.

D. File Access Control

Ability to limit and control the access to host systems and applications via communication links. To achieve, access must be identified or authenticated. After achieved the authentication process the users must associate with correct policies with the files. To recover the file, the client must request the key manager to generate the public key. For that the client must be authenticated. The attribute based encryption standard is used for file access which is authenticated via an attribute associated with the file. With file access control the file downloaded from the cloud will be in the format of read only or write supported. Each user has associated with policies for each file. So the right user will access the right file. For making file access the attribute based encryption scheme is utilized.

E. Policy Renewal

Policy renewal is a tedious process to handle the renewal of the policy of a file stored on the cloud. Here we implement one additional key called as renew key, which is used to renew the policy of the file stored on the cloud. The renew key is stored in the client itself.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

Ø System                          :         Pentium IV 2.4 GHz.

Ø Hard Disk                      :         40 GB.

Ø Floppy Drive                 :         1.44 Mb.

Ø Monitor                         :         15 VGA Colour.

Ø Mouse                            :         Logitech.

Ø Ram                               :         512 Mb.

SOFTWARE REQUIREMENTS:

Ø Operating system           :         Windows XP/7.

Ø Coding Language         :         ASP.net, C#.net

Ø Tool                                  :         Visual Studio 2010

Ø Database                        :         SQL SERVER 2008

Click here to download Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds(2014) source code