a fully anonymous attribute-based encryption to control cloud data access and anonymity
TRANSCRIPT
05/03/2023 Jain University, ISE Department 1
A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and Anonymity
Submitted by Under the Guidance of Pavan Boora Santosh NaikM.Tech (Network & Internet Engineering) Assistant Professor ISE Department ISE Department Jain University Bangalore Jain University Bangalore
05/03/2023 Jain University, ISE Department 2
Contents 1) Problem statement2) Motivation3) Introduction4) Existing system5) Drawbacks of existing system6) Literature Survey7) Proposed system8) Software requirements 9) System design 10) System implementation11) Results12) Testing 13) Conclusion 14) Future enhancements15) References
05/03/2023 Jain University, ISE Department 3
Problem Statement
• To design and implement a multi authority fully anonymous Attribute
Based Encryption control scheme to address the data privacy and
user identity privacy problems in cloud computing environment .
05/03/2023 Jain University, ISE Department 4
Motivation
• Cloud Computing provides big trends in today’s IT world. Due to the
benefits…. it provides attention on business, industry as well as academia.
• It provides computing resources dynamically via Internet. But has some
challenges related, like data confidentiality, data privacy and security.
• Privacy is related to the data contents and the users identity, so it is need
to protect the identity of users.
05/03/2023 Jain University, ISE Department 5
Introduction• Cloud computing provides many advantages in the today’s IT world,
which enables flexible, ubiquitous, on-demand, and low-cost usage of
computing resources.
• But the data is outsourced to some cloud servers, and various privacy
concerns come out from it.
• An anonymous ABE privilege control scheme to address not only the data
privacy, but also the user identity privacy.
05/03/2023 Jain University, ISE Department 6
• AnonyControl-F decentralizes the central authority and makes multi
authorities to limit the identity leakage and thus we can achieves
anonymity.
Evolution to ABE
• Identity-based encryption (IBE) was first introduced by Shamir, in which
the sender of a message can add an identity to msg and only a receiver
with matching identity can decrypt it.
• Few years later, Fuzzy Identity-Based Encryption is proposed, which is also
known as Attribute-Based Encryption (ABE).
05/03/2023 Jain University, ISE Department 7
• In ABE an identity is viewed as a set of descriptive attributes, and
decryption is possible if a decrypter’s identity has some overlaps (same
attributes) with the one specified in the Ciphertext.
• Soon after, more general tree-based ABE schemes Key-Policy Attribute-
Based Encryption (KP-ABE) and Ciphertext-Policy Attribute-Based
Encryption (CP-ABE)
05/03/2023 Jain University, ISE Department 8
CP-ABE• In the CP-ABE, ciphertexts are created with an access structure e.g. (A or
B) AND ( E AND F), which specifies the encryption policy, and private keys
are generated according to user’s attributes.
• A user can decrypt the ciphertext if and only if his/her attributes private
key(s) satisfy the access structure specified in the ciphertext.
• By doing so, the encrypter holds the ultimate authority about the
encryption policy. Also, the already issued private keys will never be
modified unless the whole system reboots.
05/03/2023 Jain University, ISE Department 9
Access Control via CP-ABE
PKMSK
SKSarah:“manager”“IT dept.”
SKKevin:“manager”“sales”
OR
IT dept. AND
manager marketing
05/03/2023 Jain University, ISE Department 10
Existing System
• A semi anonymous privilege control scheme called AnonyControl that
addresses the data Confidentiality, and partial user identity privacy
leakage is present in existing access control methods. Partially tolerates
the compromise attacks towards attribute authorities.
• The key point of the identity information leakage we had in existing
scheme is that key generator issues attribute’s private key based on the
reported attribute, and the generator has to know the user’s attribute to
do so.
05/03/2023 Jain University, ISE Department 11
Drawbacks of Existing System
• Privacy risks would rise drastically because the servers may illegally inspect
user's data and access sensitive information.
• Personal data is at risk because one's identity is authenticated based on
his/her data. Scope of collude(come to a secret understanding) with
malicious Data Consumers or Data Owners to harvest others’ file contents
to gain illegal profits.
05/03/2023 Jain University, ISE Department 12
Literature Survey
Author Name of the paper Existing Solution Drawbacks
V. Božovi´ c, D. Socek, R. Steinwandt, and V. I. Villányi,
Multi-authority attribute-based encryption with honest-but-curious central authority
scheme is secure in the selective ID model and can tolerate an honest-but-curious central authority.
Cant not tolerates the compromise attacks towards attribute authorities. Violating the intent of the encrypting party
05/03/2023 Jain University, ISE Department 13
Literature Survey (continued..)
Author Name of the paper Existing system Drawbacks
M. Chase and S. S. M. Chow
Improving privacy and security in multi-authority attribute-based encryption
Multi-authority attribute-based encryption enables a more realistic deployment of attribute-based access control, such that different authorities are responsible for issuing different sets of attributes
Data contents confidentiality and privacy has been achieved but identity privacy neglected
05/03/2023 Jain University, ISE Department 14
Literature Survey (continued..)
Author Name of the paper Existing system Drawback
A. Sahai and B. Waters
Fuzzy identity-based encryption
Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.
Open problem is to build other Fuzzy-IBE schemes that use different distance metrics between identities.
J. Bethencourt, A. Sahai, and B. Waters
Ciphertext-policy attributebased encryption
techniques encrypted data can be kept confidential even if the storage server is untrusted
User identity privacy and anonymity neglected
05/03/2023 Jain University, ISE Department 15
Proposed System• We propose AnonyControl-F to allow cloud servers to control user’s access
privileges without knowing their identity information.
• The proposed schemes are able to protect user’s privacy against each
single authority. No information is disclosed in AnonyControl-F.
• Proposed method implements the multiauthority Attribute Based
Encryption Control Scheme AnonyControl-F.
05/03/2023 Jain University, ISE Department 16
Software Requirements
• Operating System Windows
• Web Application Server Tomcat Web Server
• Front End Design HTML, Java, JavaScript
• Server Side Script Java Server Pages
• Database Connectivity JDBC
• Database Mysql
05/03/2023 Jain University, ISE Department 17
System Design
05/03/2023 Jain University, ISE Department 18
System Design(Continued)
Cloud Server:
• The Cloud Server, who is assumed to have adequate storage capacity, does
nothing but store them.
N Attribute Authorities:
• Authorities are assumed to have powerful computation abilities, and they
are supervised by government offices.
• The whole attribute set is divided into N disjoint sets and controlled by
each authority, therefore each authority is aware of only part of attributes.
05/03/2023 Jain University, ISE Department 19
Data Owner:
• A Data Owner is the entity who wishes to outsource encrypted data file to
the Cloud Servers. A user can be a Data owner and a Data consumer
simultaneously
Data Consumers:
• Newly joined Data Consumers request private keys from all of the
authorities, and they do not know which attributes are controlled by
which authorities.
System Design(Continued)
05/03/2023 Jain University, ISE Department 20
System Design(Continued)
• When the Data Consumers request their private keys from the authorities,
authorities will jointly create corresponding private key and send it to
them.
• All Data Consumers are able to download any of the encrypted data files,
but only those whose private keys satisfy the Encryption Policy can
execute the operation.
05/03/2023 Jain University, ISE Department 21
Owner_
+username+password+file Upload()+Profile()+Logout()
User Registration
+name+username+password+gender+email+contact NO+Location+Experiance+Specialiazation+Medical Degree+registration()
Class Login
+username+password+login()
File Upload
+fileid+fname+file data+Get SecreteKey()+Select Attribute()+Set Operations()+Upload() Profile_
+View Profile()
Cloud Server_
+username+password+Strrage Files()+Requests()+Logout()
AA_
+username+password+Sign Up()+Login()+Generate Keys()
User_
+username+password+sighn up()+Login()+Profile()+File Download()+Logout()
File Download
+File ID+File name+Secrete Key+Decrypt()+Download()
CA_
+username+password+Login()+User's()+AA's()+Logout()
Class Diagram
05/03/2023 Jain University, ISE Department 22
Central Authority Collaboration Diagram
05/03/2023 Jain University, ISE Department 23
Attribute Authority Collaboration Diagram
05/03/2023 Jain University, ISE Department 24
Owner Collaboration Diagram
05/03/2023 Jain University, ISE Department 25
User Collaboration Diagram
05/03/2023 Jain University, ISE Department 26
System Implementation
Fully Anonymity Achieved
• The key point of the identity information leakage we had in our previous
scheme as well as every existing attribute based encryption schemes is
that key generator (or attribute authorities in our scheme) issues private
key based on the reported attribute, and the generator has to know the
user’s attribute (identities) to do so.
• We need to introduce a new technique to let key generators issue the
correct attribute key without knowing what attributes the users have.
05/03/2023 Jain University, ISE Department 27
• The solution is to give all the private keys of all the attributes to the key
requester and let him pick whatever he wants.
• In this way, the key generator does not know which private keys the key
requester picked, but we have to fully trust the key requester.
• To solve this, we leverage the following to Oblivious Transfer (OT).
System Implementation ( Continued)
05/03/2023 Jain University, ISE Department 28
System Implementation ( Continued)
1-out-of-n oblivious transfer
• In cryptography, an oblivious transfer protocol (OT) is a type of protocol.........
in which a sender transfers one of many pieces of information to a receiver,
but sender remains oblivious(unware) as what piece of information has been
transferred to receiver.
• In an 1-out-of-n OT, the sender Bob has n messages M1, . . . , Mn , and the
receiver Alice wants to pick one Mi from those M1, . . . , Mn . Alice
successfully achieves Mi, and Bob does not know which Mi is picked by Alice.
05/03/2023 Jain University, ISE Department 29
• By introducing the 1-out-of-k Oblivious Transfer in our KeyGenerate
algorithm, the key-requester achieves the correct private key that he
wants but the attribute authority does not have any useful information
about what attribute is achieved by the requester.
• The key requester achieves the full anonymity(user identity privacy) in our
scheme and no matter how many attribute authorities collude (come to
secret understanding) his identity information is kept secret
System Implementation ( Continued)
05/03/2023 Jain University, ISE Department 30
Results
Home Page
05/03/2023 Jain University, ISE Department 31
• Central Authority approves the attribute authorities and users then after
approval users can request attribute authorities for unique private keys.
• In this project there are two attribute authorities which can provide
private keys against user profile attributes and these authorities can
distribute the keys without looking into the user identity information
hence anonymity has achieved
Results (continued..)
05/03/2023 Jain University, ISE Department 32
User 1 Registration Page
05/03/2023 Jain University, ISE Department 33
Attribute Authority Page
05/03/2023 Jain University, ISE Department 34
• Attribute authorities generate private keys against attributes of users here
for user1 attributes are considered as Location, Experience, Specialty, &
MedicalDegree. We can create multiple authorities and each authority can
select attributes randomly & generate private keys.
• For example if we create two Attribute authorities, one authority will
generate private keys for 2 attributes out of 4 attributes and second one
will generate for rest of 2 attributes.
Results (continued..)
05/03/2023 Jain University, ISE Department 35
Owner File Upload by applying Access policy
05/03/2023 Jain University, ISE Department 36
• Owner uploads a file with encryption by using public key generated by
authority and owner adds an access policy structure such as
(India&&Cardiology)&&(MD||exp>4) and encryption hence attribute
based encryption achieved.
Results (continued..)
05/03/2023 Jain University, ISE Department 37
User 1 trying to access(Decrypt) uploaded file
Results (continued..)
05/03/2023 Jain University, ISE Department 38
• User will decrypt the file only attributes can match the access structure
policy, in the above case user1 can not able to access & decrypt the file
and because user1 will get the popup window such as "Sorry the file
cannot Access by you", but user 2 can access & decrypt the file as user2
can satisfy the attributes which are part of access policy. Just for
verification see the user2 profile below.
Results (continued..)
05/03/2023 Jain University, ISE Department 39
User 2 Profile Page
05/03/2023 Jain University, ISE Department 40
Testing Test Id
Test case Title Description Expected outcome
Status
1 Successful user verification
The login to the system should be tried by the admin with correct password
Login should be successful and user should enter into the system
Success
2 Unsuccessful verification due to wrong password
Login to the system with a wrong password
Login should fail with an error “invalid Password”
success
3 Unsuccessful verification due to invalid login id
Login to the system with a invalid login id
Login should fail with an error “invalid user id”
Success
05/03/2023 Jain University, ISE Department 41
Acceptance Testing
Test Id Description of coverage
Expected Results Covered by script
1 Verification of a particular record
If a particular record already exists it displays a message
This type of test in {verify} procedure in every Jsp file where a record is inserted via an interface
2 Updating of a particular record
All the details should not be updated
This type of test is covered in all the Asp files where updations are made.
3 Validity of login Only the authorized persons must access system.
This is covered in the login procedure for the validity of a user
05/03/2023 Jain University, ISE Department 42
Conclusion
• A semi-anonymous attribute-based privilege control scheme AnonyControl
and a fully-anonymous attribute-based privilege control scheme
AnonyControl-F to address the user privacy problem in a cloud storage
server.
• Using multiple authorities in the cloud computing system, our proposed
schemes achieve not only fine-grained privilege control but also identity
anonymity while conducting privilege control based on users’ identity
information.
05/03/2023 Jain University, ISE Department 43
• More importantly, our system can tolerate up to N − 2 authority
compromise, which is highly preferable especially in Internet-based cloud
computing environment.
05/03/2023 Jain University, ISE Department 44
Future enhancements
• One of the future works is to introduce the efficient user revocation
mechanism on top of anonymous Attribute Based Encryption. Supporting
user revocation is an important issue in the real application.
05/03/2023 Jain University, ISE Department 45
References
• [1] A. Shamir, “Identity-based cryptosystems and signature schemes,” in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 47–53.
• [2] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2005, pp. 457–473.
• [3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proc. 13th CCS, 2006, pp. 89–98.
• [4] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attributebased encryption,” in Proc. IEEE SP, May 2007, pp. 321–334.
05/03/2023 Jain University, ISE Department 46
References • [5] M. Chase, “Multi-authority attribute based encryption,” in Theory of
Cryptography. Berlin, Germany: Springer-Verlag, 2007, pp. 515–534.
• [6] M. Chase and S. S. M. Chow, “Improving privacy and security in multi-authority attribute-based encryption,” in Proc. 16th CCS, 2009, pp. 121–130.
• [7] H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority attribute based encryption without a central authority,” Inf. Sci., vol. 180, no. 13, pp. 2618–2632, 2010.
• • [8] V. Božovi´ c, D. Socek, R. Steinwandt, and V. I. Villányi, “Multi-authority
attribute-based encryption with honest-but-curious central authority,” Int. J. Comput.Math., vol. 89, no. 3, pp. 268–283, 2012.
05/03/2023 Jain University, ISE Department 47
References • [9] F. Li, Y. Rahulamathavan, M. Rajarajan, and R. C.-W. Phan, “Low
complexity multi-authority attribute based encryption scheme for mobile cloud computing,” in Proc. IEEE 7th SOSE, Mar. 2013, pp. 573–577.
• [10] K. Yang, X. Jia, K. Ren, and B. Zhang, “DAC-MACS: Effective data access control for multi-authority cloud storage systems,” in Proc. IEEE INFOCOM, Apr. 2013, pp. 2895–2903.
• [11] http://www.sourcefordgde.com
• [12] http://www.networkcomputing.com/
• [13] http://www.roseindia.com/
05/03/2023 Jain University, ISE Department 48
Thank You