* *DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

Presented ByDarwin V Tomy (713511421001)II ME-SE

Guided ByMrs. S Dhanalakshmi ASP/CSE

HASBE Scheme for Private Clouds

PHASE I

REVIEW 1

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper, they propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users.

The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE.

ABSTRACT

SYSTEM MODEL

* *DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

The cloud service provider manages a cloud to provide data storage service. Data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Each data owner/consumer is administrated by a domain authority. A domain authority is managed by its parent domain authority or the trusted authority. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Several schemes employing attribute-based encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies.

To achieve flexible and fine-grained access control, a number of schemes have been proposed more recently. Unfortunately, these schemes are only applicable to systems in which data owners and the service providers are within the same trusted domain.

EXISTING SYSTEM

Access control is a classic security topic which dates back to the 1960s or early 1970s, and various access control models have been proposed since then. Among them, Bell-La Padula (BLP) and BiBa are two famous security models.To achieve flexible and fine-grained access control, a number of schemes have been proposed more recently. Unfortunately, these schemes are only applicable to systems in which data owners and the service providers are within the same trusted domain. Since data owners and service providers are usually not in the same trusted domain in cloud computing, a new access control scheme employing ATTRIBUTED-BASED ENCRYPTION

ACCESS CONTROL

* *DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

ATTRIBUTE-BASED ENCRYPTION (ABE)Have been proposed for access control of outsourced data in cloud computing.

Which adopts the so-called key-policy attribute-based encryption (KP-ABE) to enforce fine-grained access control. However, this scheme falls short of flexibility in attribute management and lacks scalability in dealing with multiple-levels of attribute authorities. They note that in contrast to KP-ABE, ciphertext-policy ABE (CP-ABE)

* *DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

•The primary drawback of the existing system that its threshold semantics lacks expressibility.

•One of the prominent security concerns is data security and privacy.

•Existing system uses disjunctive normal form policy and assumes all attributes in one conjunctive clause are administrated by the same domain master. Thus the same attribute may be administrated by multiple domain masters according to specific policies, which is difficult to implement in practice.

DISADVANTAGES OF EXISTING SYSTEM

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

In this system, neither data owners nor data consumers will be always online. They come online only when necessary, while the cloud service provider, the trusted authority, and domain authorities are always online. The cloud is assumed to have abundant storage capacity and computation power. In addition, they assume that data consumers can access data files for reading only.

In the hierarchical structure of the system users given in Fig. 1, each party is associated with a public key and a private key, with the latter being kept secretly by the party. The trusted authority acts as the root of trust and authorizes the top-level domain authorities. A domain authority is trusted by its subordinate domain authorities or users that it administrates, but may try to get the private keys of users outside its domain.

PROPOSED SYSTEM

Scheme for access control in cloud computing. HASBE extends the ciphertext-policy at- tribute-set-based encryption (CP-ASBE, or ASBE for short) scheme by Bobba et al. with a hierarchical structure of system users, so as to achieve scalable, flexiblem and fine-grained access control.

HIERARCHICAL ATTRIBUTE-SET-BASED ENCRYPTION (HASBE)

HASBE extends the ASBE algorithm with a hierarchical structure to improve scalability and flexibility while at the same time inherits the feature of fine-grained access control of ASBE.

* *DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

HASBE SCHEME

The proposed HASBE scheme seamlessly extends the ASBE scheme to handle the hierarchical structure of system usersThe trusted authority is responsible for generating and distributing system parameters and root master keys as well as authorizing the top-level domain authorities.

A domain authority is responsible for delegating keys to subordinate domain authorities at the next level or users in its domain. Each user in the system is assigned a key structure which specifies the attributes associated with the user’s decryption key.

•Scalability•Flexibility•Fine-grained access control•Efficient User Revocation•Expressiveness

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

ADVANTAGES OF PROPOSED SYSTEM

FDAC: Toward Fine-Grained Distributed Data

Access Control in Wireless Sensor NetworksShucheng Yu, Member, IEEE, Kui Ren, Member, IEEE, and Wenjing Lou,

Senior Member, IEEE

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-1

A distributed data access control scheme that is able to enforce fine-grained access control over sensor data and is resilient against strong attacks such as sensor

compromise and user colluding. The proposed scheme exploits a novel cryptographic primitive called attribute-based encryption (ABE), tailors, and adapts it for WSNs with respect to both performance and security requirements. The feasibility of the scheme is

demonstrated by experiments on real sensor platforms. To our best knowledge, this paper is the first to realize distributed fine-grained data access control for WSNs.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

FDAC: Toward Fine-Grained Distributed DataAccess Control in Wireless Sensor Networks

Attribute-Based Access Control with Efficient

Revocation in Data Outsourcing SystemsJunbeom Hur and Dong Kun Noh, Member, IEEE

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-2

In this paper, they propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and

user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and

selective group key distribution in each attribute group. They demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results

indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Attribute-Based Access Control with EfficientRevocation in Data Outsourcing Systems

ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks

Lo-Yao Yeh, Yen-Cheng Chen, and Jiun-Long Huang

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-3

In this paper, they propose an Attribute-Based Access Control System (ABACS) for emergency services with security assurance over Vehicular Ad Hoc Networks

(VANETs). ABACS aims to improve the efficiency of rescues mobilized via emergency communications over VANETs. By adopting fuzzy identity-based encryption, ABACS can select the emergency vehicles that can most appropriately deal with an emergency

and securely delegate the authority to control traffic facilities to the assigned emergency vehicles. Using novel cryptographic preliminaries, ABACS realizes

confidentiality of messages, prevention of collusion attacks, and fine-grained access control. As compared to the current PKI scheme, the computational delay and

transmission overhead can be reduced by exploiting the advantages afforded by message broadcasting, which is heavily used in ABACS. The performance evaluation demonstrates that ABACS is a suitable candidate for realizing emergency services via

VANETs.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

ABACS: An Attribute-Based Access Control System for Emergency Services over Vehicular Ad Hoc Networks

Scalable and Secure Sharing of Personal Health

Records in Cloud Computing using Attribute-based Encryption

Ming Li Member, IEEE, Shucheng Yu, Member, IEEE, Yao Zheng, Student Member, IEEE, Kui Ren, Senior

Member, IEEE, and Wenjing Lou, Senior Member, IEEE

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-4

In this paper, They propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, they leverage attribute based

encryption (ABE) techniques to encrypt each patient’s PHR file. Different from previous works in secure data outsourcing, they focused on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that

greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. Our

scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the

security, scalability and efficiency of our proposed scheme.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption

Improving Privacy and Security in Multi-Authority Attribute-Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Melissa ChaseMicrosoft Research1 Microsoft WayRedmond, WA 98052, USAmelissac@microsoft.com

Sherman S.M. Chow∗Department of Computer ScienceCourant Institute of Mathematical SciencesNew York University, NY 10012, USAschow@cs.nyu.edu

LITERATURE SURVEY-5

In this paper, they propose a solution which removes the trusted central authority, and protects the users’ privacy

by preventing the authorities from pooling their information on particular users, thus making ABE more

usable in practice.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Improving Privacy and Security in Multi-Authority Attribute-Based Encryption

Multi-Authority Attribute Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Melissa ChaseComputer Science DepartmentBrown UniversityProvidence, RI 02912

LITERATURE SURVEY-6

Multi-Authority Attribute Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Ther scheme allows any polynomial number of independent authorities to monitor attributes and distribute secret keys. An encryptor can choose, for each authority, a number dk and a set of attributes; he can then encrypt a message such that a user can only decrypt if he has at least dk of the given attributes from each authority k. Their scheme can tolerate an arbitrary number of corrupt authoritites.

Distributed Attribute-Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Sascha Miller, Stefan Katzenbeisser, and Claudia EckertTechnische University DarmstadtHochschulstr. 10D – 64289 Darmstadt

LITERATURE SURVEY-7

Distributed Attribute-Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

In this paper, they introduce the concept of Distributed Attribute-Based Encryption (DABE), where an arbitrary number of parties can be present to maintain attributes andtheir corresponding secret keys. This is in stark contrast to the classic CP-ABE schemes, where all secret keys are distributed by one central trusted party. They provide the first construction of a DABE scheme; the construction is very e cient, as it requires ffionly a constant number of pairing operations during encryption and decryption.

Ciphertext-Policy Attribute-Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-8

John BethencourtCarnegie Mellon Universitybethenco@cs.cmu.edu

Amit Sahai UCLAsahai@cs.ucla.edu

Brent Waters SRI Internationalbwaters@csl.sri.com

Ciphertext-Policy Attribute-Based Encryption

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

In this paper they present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, their methods are secure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describe the encrypted data and built policies into user’s keys; while in their system attributes are used to describe a user’s credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC). In addition, they provide an implementation of our system and give performance measurements.

New Proof Methods for Attribute-Based Encryption:

Achieving Full Security through Selective Techniques

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

LITERATURE SURVEY-9

Allison Lewko University of Texas at Austinalewko@cs.utexas.edu

Brent Waters University of Texas at Austinbwaters@cs.utexas.edu

New Proof Methods for Attribute-Based Encryption:

Achieving Full Security through Selective Techniques

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

In this paper they present a Ciphertext-Policy Attribute-Based Encryption scheme that is proven fully secure while matching the e ciency of the state of the art selectively secure ffisystems.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

REFERENCES[1] R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, “Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future Generation Comput. Syst., vol. 25, pp.599–616, 2009.

[2] Amazon Elastic Compute Cloud (Amazon EC2) [Online]. Available:http://aws.amazon.com/ec2/

[3] Amazon Web Services (AWS) [Online]. Available: https://s3.amazonaws.com/

[4] R. Martin, “IBM brings cloud computing to earth with massive new data centers,” InformationWeek Aug. 2008 [Online]. Available: http://www.informationweek.com/news/hardware/data_centers/209901523

[5] Google App Engine [Online]. Available: http://code.google.com/appengine/

[6] K. Barlow and J. Lane, “Like technology from an advanced alien culture:Google apps for education at ASU,” in Proc. ACM SIGUCCS User Services Conf., Orlando, FL, 2007.

[7] B. Barbara, “Salesforce.com: Raising the level of networking,” Inf.Today, vol. 27, pp. 45–45, 2010.

[8] J. Bell, Hosting EnterpriseData in the Cloud—Part 9: InvestmentValue Zetta, Tech. Rep., 2010.

[9] A. Ross, “Technical perspective: A chilly sense of security,” Commun. ACM, vol. 52, pp. 90–90, 2009.

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

Any Questions

?

* DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING *

THANK YOU