keccak attribute based encryption in attribute based encryption in cloud ... policy attribute...

Download KECCAK ATTRIBUTE BASED ENCRYPTION IN   ATTRIBUTE BASED ENCRYPTION IN CLOUD ... policy attribute based encryption ... D. Generation of access policy After the key was received by the User,

Post on 08-May-2018




1 download

Embed Size (px)


  • IJAET International Journal of Application of Engineering and Technology, ISSN: 2395-3594

    Vol-1 No.-2

    KECCAK ATTRIBUTE BASED ENCRYPTION IN CLOUDAshish Yadava, Deepak Choudharya, and PawanTiwari3a

    1aM.Tech Scholar 1, IET College, Alwar and India2aAssistant Professor 2, IET College, Alwar and India3a M.Tech Scholar 1, IET College, Alwar and India,,

    I. INTRODUCTIONABE was proposed by Sahai and Waters. In ABE, auser has a set of attributes in addition to its uniqueID. There are two classes of ABEs. In Key-policyABE or KP-ABE (Goyalet al.), the sender has anaccess policy to encrypt data. A writer whoseattributes and keys have been revoked cannot writeback stale information. The receiver receivesattributes and secret keys from the attribute authorityand is able to decrypt information if it has matchingattributes. In Cipher text-policy, CP-ABE, thereceiver has the access policy in the form of a tree,with attributes as leaves and monotonic accessstructure.All the approaches take a centralized approach andallow only one KDC, which is a single point offailure. Chase proposed a multi-authority ABE, inwhich there are several KDC authorities (coordinatedby a trusted authority) which distribute attributes andsecret keys to users. Multi-authority ABE protocolwas studied in which required no trusted authoritywhich requires every user to have attributes from atall the KDCs. Recently, Lewko and Waters proposeda fully decentralized ABE where users could havezero or more attributes from each authority and didnot require a trusted server. In all these cases,decryption at users end is computation intensive. So,this technique might be inefficient when users accessusing their mobile devices. To get over this problem,Green etal.proposed to outsource the decryption taskto a proxy server, so that the user can compute withminimum resources (for example, hand held devices).However, the presence of one proxy and one keydistributionCenter makes it less robust thandecentralized approaches. Both these approaches had

    no way to authenticate users, anonymously. Yang etal. presented a modification of, authenticate users,

    who want to remain anonymous while accessing thecloud. To ensure anonymous user authenticationAttribute Based Signatures were introduced byMajiet al. This was also a centralized approach. Arecent scheme by the same authors takes adecentralized approach and provides authenticationwithout disclosing the identity of the users. However,as mentioned earlier in the previous section it isprone to replay attack.

    II. PROPOSED WORKThe main contributions of this paper are thefollowing:

    1. Distributed access control in such a waythat the only authorized user can haveaccess to the source of data.

    2. Confidentiality in regards of the Identity ofthe user.

    3. The architecture is decentralized.4. The access control and authentication are

    both collusion resistant, meaning that notwo users can collude and access data orauthenticate themselves, if they areindividually not authorized.

    5. Implementation of SHA-3 to overcomedrawbacks of SHA1 & SHA-3

    6. The proposed scheme is resilient to replayattacks. A writer whose attributes and keyshave been revoked cannot write back staleinformation.

    7. The protocol supports multiple read andwrite on the data stored in the cloud.

    On presenting her id the trustee gives her a token. Acreator on presenting the token to one or more KDCs


    The advancement in the field of cloud computing made more and more enterprises to join the cloud computingputting aside the traditional methods for sharing sensitive data by outsourcing it. To maintain the confidentialityagainst the untrusted source and service provider, the best is to store the data by encrypting. The obstacle in theway is how to provide the access to the employee at various levels within the cloud (access policies and rights).Paper aim to solve the problem by first propose a hierarchical attribute based encryption scheme and cipher textpolicy attribute based encryption (CP-ABE) system, to provide control.

    Keywords: - Attribute, Keccak, SHA-3, KDC (Key Distribution Authority)


  • Yadav journal of Application of Engineering and Technology Vol.-1No.-2

    receives keys for encryption/decryption and signing.SKs are secret keys given for decryption, Kx are keysfor signing. The message MSG is encrypted under theaccess policy X. The access policy decides who canaccess the data stored in the cloud. The creatordecides on a claim policy Y, to prove her authenticityand signs the messageunder this claim. The ciphertext C with signature is c, and is sent to the cloud.The cloud verifies the signature and stores the ciphertext C. When a reader wants to read, the cloud sendsC. If the user has attributes matching with accesspolicy, it can decrypt and get back original message.Write proceeds in the same way as file creation. Bydesignating the verification process to the cloud, itrelieves the individual users from time consumingverifications. When a reader wants to read some datastored in the cloud, it tries to decrypt it using thesecret keys it receives from the KDCs. If it hasenough attributes matching with the access policy,then it decrypts the information stored in the cloud.

    A. Creation of KDCDifferent number of KDC's are created and to registera user details. KDC name, KDC id and KDCpassword are given as input to create KDC. Inputswill save in a database and to register a user detailsgiven a input as username and user id.

    B. KDC AuthenticationAfter KDC give a user id to a user, the user willenroll the personal details to KDC's given an input asuser name, user id, password etc. The KDC willverify the user details and it will save it in Database.

    C. User AccessibilityUsers can get the token from trustee for the fileupload. After trustee was issuing a token, trustee canview the logs. User can login with their credentialsand request the token from trustee for the file uploadusing the user id. After the user id received by thetrustee, trustee will be create token using user id, keyand user signature (SHA).

    D. Generation of access policyAfter the key was received by the User, the messageMSG is encrypted under the access policies. Theaccess policies decide who can access the data storedin the cloud. The cipher text C with signature c, andis sent to the cloud. The cloud verifies the signatureand stores the cipher text C. When a reader wants toread, the cloud sends C. If the user has attributesmatching with access policy, it can decrypt and getback original message and user can upload the fileafter user get key from the KDC.

    E. File accessing

    Using their access policies the users can downloadtheir files by the help of kdcs to issue the privatekeys for the particular users. After trustee tokenissuance for the users, the users produce the token tothe KDC then the token verify by the KDC if it isvalid then KDC will provide the public and Privatekey to the user. After users received the keys the filesare encrypt with the public keys and set their Accesspolicies (privileges).

    F. File RestorationFiles stored in cloud can be corrupted. So for thisissue, using the file recovery technique to recover thecorrupted file successfully and to hide the accesspolicy and the user attributes.

    G. Secure Hash AlgorithmDefinition: SHA-3 after a research for near a decadethe result has provided with highly significant HashAlgorithm that is a advancement over the previousscheme that is SHA-1which was used to find out thatweather the file or information is altered or not. AnSHA-2 cryptographic hash function is also available.

    One iteration within the SHA-1 compressionfunction. A, B, C, D and E are 32bit words of thestate. F is a nonlinear function that varies. ndenotes aleft bit rotation by n places. nvaries for eachoperation. Wt is the expanded message word of roundt. Kt is the round constant of round t. denotesaddition modulo 232.

    H. Paillier AlgorithmThe Paillier cryptosystem, named after and inventedby Pascal Paillier is a probabilistic asymmetricalgorithm for public key cryptography.

    Key generation Choose two large prime number pand q randomly and independently of each other suchthat gcd (pq,(p-1)(q-1))=1. This property is assured ifboth primes are of equivalent length, i.ep,q {0,1 }s-1for security parameter S . Compute n=pq and=lcm(p-1,q-1).Select random integer g where gZ*n2. Ensure ndivides the order of g by checking the existence ofthe following modular multiplicative inverse .=(L(g mod n2))-1mod n, where function L is defindas The public (encryption) key is (n,g).. The private(decryption) key is (, ).

    Encryption Let m be a message to be encryptedwhere m Zn. Select random r where r Z*n. Computecipher text as: c= gm .rn mod n2 Decryption Ciphertext: cZ*n2.Compute message: m =L(c mod n2). mod n


  • Yadav journal of Application of Engineering and Technology Vol.-1No.-2

    Decryption Cipher text: cZ*n2.Compute message: m=L(cmod n2). mod n

    computing putting aside the traditionalmethods of sharing sensitive data byoutsourcing it. To maintain the confidentialityagainst the untrusted source and serviceprovider, the best is to store the data byencrypting. The obstacle in the way is how toprovide the access to the employee at variouslevels within the cloud(access policies andrights)? Paper aims to solve the problem by firstpropose a hierarchical attribute basedencryption scheme and cipher text policyattribute based encryption (CP-ABE) system, toprovide control.

    III. IMPLANTATION OF SHA-3The basis of keccak is the state which is a 5 x 5array of words. A word is a 64-bit value. So, therepresentation would be 5 x 5 x 64 cube witheach s


View more >