a fully anonymous attribute-based encryption to control cloud data access and anonymity

05/03/2023 Jain University, ISE Department 1

A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and Anonymity

Submitted by Under the Guidance of Pavan Boora Santosh NaikM.Tech (Network & Internet Engineering) Assistant Professor ISE Department ISE Department Jain University Bangalore Jain University Bangalore


Contents 1) Problem statement2) Motivation3) Introduction4) Existing system5) Drawbacks of existing system6) Literature Survey7) Proposed system8) Software requirements 9) System design 10) System implementation11) Results12) Testing 13) Conclusion 14) Future enhancements15) References


Problem Statement

• To design and implement a multi authority fully anonymous Attribute

Based Encryption control scheme to address the data privacy and

user identity privacy problems in cloud computing environment .


Motivation

• Cloud Computing provides big trends in today’s IT world. Due to the

benefits…. it provides attention on business, industry as well as academia.

• It provides computing resources dynamically via Internet. But has some

challenges related, like data confidentiality, data privacy and security.

• Privacy is related to the data contents and the users identity, so it is need

to protect the identity of users.


Introduction• Cloud computing provides many advantages in the today’s IT world,

which enables flexible, ubiquitous, on-demand, and low-cost usage of

computing resources.

• But the data is outsourced to some cloud servers, and various privacy

concerns come out from it.

• An anonymous ABE privilege control scheme to address not only the data

privacy, but also the user identity privacy.


• AnonyControl-F decentralizes the central authority and makes multi

authorities to limit the identity leakage and thus we can achieves

anonymity.

Evolution to ABE

• Identity-based encryption (IBE) was first introduced by Shamir, in which

the sender of a message can add an identity to msg and only a receiver

with matching identity can decrypt it.

• Few years later, Fuzzy Identity-Based Encryption is proposed, which is also

known as Attribute-Based Encryption (ABE).


• In ABE an identity is viewed as a set of descriptive attributes, and

decryption is possible if a decrypter’s identity has some overlaps (same

attributes) with the one specified in the Ciphertext.

• Soon after, more general tree-based ABE schemes Key-Policy Attribute-

Based Encryption (KP-ABE) and Ciphertext-Policy Attribute-Based

Encryption (CP-ABE)


CP-ABE• In the CP-ABE, ciphertexts are created with an access structure e.g. (A or

B) AND ( E AND F), which specifies the encryption policy, and private keys

are generated according to user’s attributes.

• A user can decrypt the ciphertext if and only if his/her attributes private

key(s) satisfy the access structure specified in the ciphertext.

• By doing so, the encrypter holds the ultimate authority about the

encryption policy. Also, the already issued private keys will never be

modified unless the whole system reboots.


Access Control via CP-ABE

PKMSK

SKSarah:“manager”“IT dept.”

SKKevin:“manager”“sales”

OR

IT dept. AND

manager marketing


Existing System

• A semi anonymous privilege control scheme called AnonyControl that

addresses the data Confidentiality, and partial user identity privacy

leakage is present in existing access control methods. Partially tolerates

the compromise attacks towards attribute authorities.

• The key point of the identity information leakage we had in existing

scheme is that key generator issues attribute’s private key based on the

reported attribute, and the generator has to know the user’s attribute to

do so.


Drawbacks of Existing System

• Privacy risks would rise drastically because the servers may illegally inspect

user's data and access sensitive information.

• Personal data is at risk because one's identity is authenticated based on

his/her data. Scope of collude(come to a secret understanding) with

malicious Data Consumers or Data Owners to harvest others’ file contents

to gain illegal profits.


Literature Survey

Author Name of the paper Existing Solution Drawbacks

V. Božovi´ c, D. Socek, R. Steinwandt, and V. I. Villányi,

Multi-authority attribute-based encryption with honest-but-curious central authority

scheme is secure in the selective ID model and can tolerate an honest-but-curious central authority.

Cant not tolerates the compromise attacks towards attribute authorities. Violating the intent of the encrypting party


Literature Survey (continued..)

Author Name of the paper Existing system Drawbacks

M. Chase and S. S. M. Chow

Improving privacy and security in multi-authority attribute-based encryption

Multi-authority attribute-based encryption enables a more realistic deployment of attribute-based access control, such that different authorities are responsible for issuing different sets of attributes

Data contents confidentiality and privacy has been achieved but identity privacy neglected


Literature Survey (continued..)

Author Name of the paper Existing system Drawback

A. Sahai and B. Waters

Fuzzy identity-based encryption

Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.

Open problem is to build other Fuzzy-IBE schemes that use different distance metrics between identities.

J. Bethencourt, A. Sahai, and B. Waters

Ciphertext-policy attributebased encryption

techniques encrypted data can be kept confidential even if the storage server is untrusted

User identity privacy and anonymity neglected


Proposed System• We propose AnonyControl-F to allow cloud servers to control user’s access

privileges without knowing their identity information.

• The proposed schemes are able to protect user’s privacy against each

single authority. No information is disclosed in AnonyControl-F.

• Proposed method implements the multiauthority Attribute Based

Encryption Control Scheme AnonyControl-F.


Software Requirements

• Operating System Windows

• Web Application Server Tomcat Web Server

• Front End Design HTML, Java, JavaScript

• Server Side Script Java Server Pages

• Database Connectivity JDBC

• Database Mysql


System Design


System Design(Continued)

Cloud Server:

• The Cloud Server, who is assumed to have adequate storage capacity, does

nothing but store them.

N Attribute Authorities:

• Authorities are assumed to have powerful computation abilities, and they

are supervised by government offices.

• The whole attribute set is divided into N disjoint sets and controlled by

each authority, therefore each authority is aware of only part of attributes.


Data Owner:

• A Data Owner is the entity who wishes to outsource encrypted data file to

the Cloud Servers. A user can be a Data owner and a Data consumer

simultaneously

Data Consumers:

• Newly joined Data Consumers request private keys from all of the

authorities, and they do not know which attributes are controlled by

which authorities.




• When the Data Consumers request their private keys from the authorities,

authorities will jointly create corresponding private key and send it to

them.

• All Data Consumers are able to download any of the encrypted data files,

but only those whose private keys satisfy the Encryption Policy can

execute the operation.


Owner_

+username+password+file Upload()+Profile()+Logout()

User Registration

+name+username+password+gender+email+contact NO+Location+Experiance+Specialiazation+Medical Degree+registration()

Class Login

+username+password+login()

File Upload

+fileid+fname+file data+Get SecreteKey()+Select Attribute()+Set Operations()+Upload() Profile_

+View Profile()

Cloud Server_

+username+password+Strrage Files()+Requests()+Logout()

AA_

+username+password+Sign Up()+Login()+Generate Keys()

User_

+username+password+sighn up()+Login()+Profile()+File Download()+Logout()

File Download

+File ID+File name+Secrete Key+Decrypt()+Download()

CA_

+username+password+Login()+User's()+AA's()+Logout()

Class Diagram


Central Authority Collaboration Diagram


Attribute Authority Collaboration Diagram


Owner Collaboration Diagram


User Collaboration Diagram


System Implementation

Fully Anonymity Achieved

• The key point of the identity information leakage we had in our previous

scheme as well as every existing attribute based encryption schemes is

that key generator (or attribute authorities in our scheme) issues private

key based on the reported attribute, and the generator has to know the

user’s attribute (identities) to do so.

• We need to introduce a new technique to let key generators issue the

correct attribute key without knowing what attributes the users have.


• The solution is to give all the private keys of all the attributes to the key

requester and let him pick whatever he wants.

• In this way, the key generator does not know which private keys the key

requester picked, but we have to fully trust the key requester.

• To solve this, we leverage the following to Oblivious Transfer (OT).

System Implementation ( Continued)



1-out-of-n oblivious transfer

• In cryptography, an oblivious transfer protocol (OT) is a type of protocol.........

in which a sender transfers one of many pieces of information to a receiver,

but sender remains oblivious(unware) as what piece of information has been

transferred to receiver.

• In an 1-out-of-n OT, the sender Bob has n messages M1, . . . , Mn , and the

receiver Alice wants to pick one Mi from those M1, . . . , Mn . Alice

successfully achieves Mi, and Bob does not know which Mi is picked by Alice.


• By introducing the 1-out-of-k Oblivious Transfer in our KeyGenerate

algorithm, the key-requester achieves the correct private key that he

wants but the attribute authority does not have any useful information

about what attribute is achieved by the requester.

• The key requester achieves the full anonymity(user identity privacy) in our

scheme and no matter how many attribute authorities collude (come to

secret understanding) his identity information is kept secret



Results

Home Page


• Central Authority approves the attribute authorities and users then after

approval users can request attribute authorities for unique private keys.

• In this project there are two attribute authorities which can provide

private keys against user profile attributes and these authorities can

distribute the keys without looking into the user identity information

hence anonymity has achieved

Results (continued..)


User 1 Registration Page


Attribute Authority Page


• Attribute authorities generate private keys against attributes of users here

for user1 attributes are considered as Location, Experience, Specialty, &

MedicalDegree. We can create multiple authorities and each authority can

select attributes randomly & generate private keys.

• For example if we create two Attribute authorities, one authority will

generate private keys for 2 attributes out of 4 attributes and second one

will generate for rest of 2 attributes.



Owner File Upload by applying Access policy


• Owner uploads a file with encryption by using public key generated by

authority and owner adds an access policy structure such as

(India&&Cardiology)&&(MD||exp>4) and encryption hence attribute

based encryption achieved.



User 1 trying to access(Decrypt) uploaded file



• User will decrypt the file only attributes can match the access structure

policy, in the above case user1 can not able to access & decrypt the file

and because user1 will get the popup window such as "Sorry the file

cannot Access by you", but user 2 can access & decrypt the file as user2

can satisfy the attributes which are part of access policy. Just for

verification see the user2 profile below.



User 2 Profile Page


Testing Test Id

Test case Title Description Expected outcome

Status

1 Successful user verification

The login to the system should be tried by the admin with correct password

Login should be successful and user should enter into the system

Success

2 Unsuccessful verification due to wrong password

Login to the system with a wrong password

Login should fail with an error “invalid Password”

success

3 Unsuccessful verification due to invalid login id

Login to the system with a invalid login id

Login should fail with an error “invalid user id”

Success


Acceptance Testing

Test Id Description of coverage

Expected Results Covered by script

1 Verification of a particular record

If a particular record already exists it displays a message

This type of test in {verify} procedure in every Jsp file where a record is inserted via an interface

2 Updating of a particular record

All the details should not be updated

This type of test is covered in all the Asp files where updations are made.

3 Validity of login Only the authorized persons must access system.

This is covered in the login procedure for the validity of a user


Conclusion

• A semi-anonymous attribute-based privilege control scheme AnonyControl

and a fully-anonymous attribute-based privilege control scheme

AnonyControl-F to address the user privacy problem in a cloud storage

server.

• Using multiple authorities in the cloud computing system, our proposed

schemes achieve not only fine-grained privilege control but also identity

anonymity while conducting privilege control based on users’ identity

information.


• More importantly, our system can tolerate up to N − 2 authority

compromise, which is highly preferable especially in Internet-based cloud

computing environment.


Future enhancements

• One of the future works is to introduce the efficient user revocation

mechanism on top of anonymous Attribute Based Encryption. Supporting

user revocation is an important issue in the real application.


References

• [1] A. Shamir, “Identity-based cryptosystems and signature schemes,” in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 47–53.

• [2] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2005, pp. 457–473.

• [3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proc. 13th CCS, 2006, pp. 89–98.

• [4] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,” in Proc. IEEE SP, May 2007, pp. 321–334.


References • [5] M. Chase, “Multi-authority attribute based encryption,” in Theory of

Cryptography. Berlin, Germany: Springer-Verlag, 2007, pp. 515–534.

• [6] M. Chase and S. S. M. Chow, “Improving privacy and security in multi-authority attribute-based encryption,” in Proc. 16th CCS, 2009, pp. 121–130.

• [7] H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority attribute based encryption without a central authority,” Inf. Sci., vol. 180, no. 13, pp. 2618–2632, 2010.

• • [8] V. Božovi´ c, D. Socek, R. Steinwandt, and V. I. Villányi, “Multi-authority

attribute-based encryption with honest-but-curious central authority,” Int. J. Comput.Math., vol. 89, no. 3, pp. 268–283, 2012.


References • [9] F. Li, Y. Rahulamathavan, M. Rajarajan, and R. C.-W. Phan, “Low

complexity multi-authority attribute based encryption scheme for mobile cloud computing,” in Proc. IEEE 7th SOSE, Mar. 2013, pp. 573–577.

• [10] K. Yang, X. Jia, K. Ren, and B. Zhang, “DAC-MACS: Effective data access control for multi-authority cloud storage systems,” in Proc. IEEE INFOCOM, Apr. 2013, pp. 2895–2903.

• [11] http://www.sourcefordgde.com

• [12] http://www.networkcomputing.com/

• [13] http://www.roseindia.com/

http://www.sourcefordgde.com/

http://www.networkcomputing.com/

http://www.roseindia.com/


Thank You