Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016 24

Abstract--- Cloud computing is emerging as a powerful architecture to perform large-scale and complex computing. It widens the information technology (IT) capability by giving on-demand admittance to work out resources for dedicated use. The security information and privacy are the main concerns over the cloud from user viewpoint. In cloud computing cloud users and cloud severs are not present in the same domain. Due to this problem of data security and privacy, access control is required. Generally access control in clouds is centralized in environment. In centralized cloud system is given only with single key distribution Centre and makes use of symmetric key approach algorithm. But in decentralized cloud system multiple key distribution centres are available. So it is used to avoid the leakage of keys for malicious users. The proposed scheme is to hide the user’s attributes using Attribute Based Encryption algorithm for providing Anony control. In this system the cloud confirm the authenticity of the user with no knowing the users identity before storing the data. This method contains an added feature of access control in which only the valid users are able to decrypt the stored information from cloud sever.

Keywords--- Access Control, Anony Control, Attribute based Encryption, Data Security, Multi-authority

I. INTRODUCTION LOUD Computing is a new computing paradigm that is built on virtualization, parallel and distributed computing,

utility computing and service-oriented architecture. In the last years, cloud computing has emerged as one of the most influential paradigms in the IT industry, and has attracted extensive attention from both academia and industry. Cloud storage is an important service of cloud computing. It allows data owner to host their data in the cloud that provides data access to the users. The benefits of cloud computing include reduce costs and capital expenditures, increased operational efficiencies, scalability, flexibility, immediate time to market, and so on. Different service-oriented cloud computing models have been proposed, including Infrastructure as a service (IaaS), Platform as a service (PaaS), and Software as service (SaaS). Cloud storage is an important of cloud computing. It

S. Usha, Assistant Professor, Department of CSE, University College of Engineering, BIT Campus, Tiruchirappalli. E-mail: anbuselvamusha2000@yahoo.co.in

P. Sangeetha, PG Scholar, Department of CSE, University College of Engineering, BIT Campus, Tiruchirappalli. E-mail:Sangeethaams43@gmail.com DOI: 10.9756/BIJDM.7019

allows data owner to host their data in the cloud that provide data access to the users. Data access control is an effective way to ensure the data security in the cloud. However, cloud storage service separates the roles of the data owner from the data service provider, and the data owner does not interact with the user directly for providing data access service, which makes the data access control a challenging issue in cloud computing. Indeed cloud storage is more adaptable, how the security and protection are accessible for the outsourced data turns into a genuine concern. The security issues are confidentiality, integrity, and availability. To overcome the issues there is lot of policies and techniques to make secure transaction and storage. Recently experts Anonymous Authentication for data archiving to clouds. Anonymous authentication [1] is the procedure or accepting the user without the details of the user. So the cloud server doesn’t know the details of the user, which gives security to the user to conceal their details from other user of that cloud. Access control in clouds is gaining attention because it is important that only authorized users have access to valid service. A huge amount of information is being stored in the cloud, and much of this is sensitive. Care should be taken to ensure access control of this sensitive which can often related to health, military, government legitimate, important documents or even Personal information is at risk because one’s identity is authenticated based on his information for the purpose of access control. As people becoming more concerned about their identity privacy these days, the identity privacy also needs protected before the cloud enters our life. So various techniques have proposed to protect the data contents privacy via access control. Existing methods works on access control in cloud are centralized in nature and use single key distribution center for uploading and downloading. The techniques are Attribute Based Encryption techniques [2]. Attribute based encryption is public key based encryption that enables access control over encrypted data using access policies and described attributes. Attribute based Encryption is an effective for implementing flexible and fine-grained access control of encrypted data. In the ABE systems, each user viewed as a set of attributes, and the trusted authority issues the private key for each user and assigns access privileges of encrypted data to him. Ciphertexts are associated with the set of attributes specified by the senders. A user can decrypt ciphertexts only if the user’s attributes satisfy the access control policy about the ciphertexts. The basic ABE only support threshold access policies. To express more flexible access control policies. So ABE firstly proposed key-policy ABE (KP-ABE) [3], where the access policies are embedded

Multiple Attribute Authority based Access Control and Anonymous Authentication in Decentralized

Cloud S. Usha and P. Sangeetha

C

ISSN 2277 - 5048 | © 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016 25

in user’s private keys, and ciphertext are annotated by the sets of attributes. Then secondly proposed the ciphertext-policy ABE (CP-ABE) [4], where user’s private keys is related to his attributes, and ciphertexts are associated with access policies specified by senders. In the KP-ABE, a ciphertext is associated with a set of attributes and private key is associated with a monotonic access structure like a tree, which describes this user’s identity. A user can decrypt the ciphertext if and only if the access tree in his private key is satisfied by the attributes in the ciphertext. However, the encryption policy is described in the keys, so the encryptor does not have entire control over the encryption policy. To overcome this problem ABE proposed ciphertext policy (CP-ABE) In the CP-ABE, ciphertexts are created with an access structure, which specifies the encryption policy, and private keys are generated according to user’s attributes. A user can decrypt the ciphertexts if and only if his attributes in the private key satisfy the access tree specified in the ciphertext. By doing so, the encryptor holds the ultimate authority about the encryption policy. Also the already issued private keys will never be modified unless the whole system reboots. Attributes may come from different authorities in the real world and it is not practical to assume that a central authority can issues private keys for all users. To address this problem the ABE scheme proposed multi-authority KP-ABE [5] with central authority. Subsequently chase proposed multi-authority KP-ABE without central authority.

II. RELATED WORK This paper is mostly related to works in cryptographically

enforced access control for outsourced data and attribute based encryption. For protecting the data content privacy in cloud computing various techniques have been proposed as Identity Based Encryption (IBE) was first introduced by Shamir [6], and then next proposed Fuzzy Identity Based Encryption [7] and Attribute Based Encryption in which the encryption and decryption is based on identity. The message sender can specify an identity and message is only decrypted when the receiver with matching identity. It is based on a public key cryptosystem. In which not generating random pair of keys, the user chooses his name and address as his public key, or any combination of name, address, telephone number etc.

A. Attribute based Encryption A.Sahai and B.Waters et al [7]. ABE is a public key based

one to many encryption that allows users to encrypt and decrypt data based on user attributes. In which the secret key of a user and the ciphertext are dependent upon attributes. In such a system the decryption of a ciphertext is possible if the set of attributes of the user key matches the attribute of the ciphertext. Advantages of attribute based encryption is provide security and access control. And also provide fine-grained access control

B. Decentralized Attribute based Encryption A. Lewko and B.Waters et al [7].Decentralized access

scheme for secure data storage in clouds that support anonymous authentication. Decentralized system use multiple key distribution Centre and use asymmetric key approach algorithm. In this system cloud verify the authenticity of the

sever without knowing user’s identity before storing data and also valid users are able to decrypt the stored information.

Merits: Prevents the replay attacks and support modification, creation, reading and writing.

Issues: Cloud knows access policy for each record in the cloud

C. Fully Secure Multi-authority ABE Traitor and Tracing G.Zeng, Z.Wang et al [8]. In multi-authority ABE setting

is that malicious user leak their private keys to construct pirate decryption devices and distribute them to illegal user. To deal with key abuse problem proposed MABTT. The MABTT scheme is proved to be fully secure by using dual system encryption method.

Merits: Flexible method to alleviate the key leakage problem.

Issues: MABTT is not practical due do infeasible large sizes of public key and ciphertext.

D. A Hierarchical Attribute based Solution for Flexible and Scalable Access Control in Cloud Computing

Z. Wan, Z.Liu et al [9]. HBSBE is driven by the CP-ABE with hierarchical structure or cloud server. This approach not only achieves scalability it achieves both flexibility and fine-grained access control of data in cloud. The work for storing the data in encrypted form is a common method of information privacy protection. Cloud system is responsible for both tasks on storage and encryption or decryption of data

Merits 1. Achieve flexibility and scalability. 2. It is also support compound attributes of Attribute

based encryption. Issues: HASBE not only support compound attributes due

do flexible attribute set but also achieves efficient user revocation because of multiple assignments of attributes

E. Attribute based Secure Data Sharing with Hidden Policies in Smart Grid

J. Hur and X. Chenet al [10]. In smart grid as well as data, policies for sharing the data may be sensitive because they directly contain sensitive information, and reveal information about underlying data protected by the policy, or about the data owner or recipients. So Hur proposed attribute based sharing scheme in smart grid. Not only the data but also the access policies are obfuscated in grid operator’s point of view during the data sharing process. Thus, the data privacy and policy privacy preserved in the proposed scheme.

Merits 1. Ciphertext is obfuscated while supporting any

arbitrary access formula. 2. The expressiveness of the access policy is enhanced

and privacy is preserved. Issues: Key escrow problem.

ISSN 2277 - 5048 | © 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016 26

F. Scalable and Secure Sharing or Personal Health Records in Cloud Computing Using ABE

Y. Zheng, K.Ren et al [11]. Personal health record is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party such as cloud providers. However, there have been wide concerns as personal health information to be stored at a third party servers and to unauthorized parties. Yet issue such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most challenges toward achieving fine-grained, cryptographically enforced data access control. So Zheng proposed novel patient centric framework and a suite of mechanism for data access control to PHRs semi trusted. To achieve fine grained and scalable data access control for PHRs use ABE to encrypt each patient’s PHRs file.

Merits 1. Reduce the complexity of key management problem. 2. This scheme enables dynamic modification of access

policies or file attributes.

Issues 1. Key management complexity. 2. It is not support dynamic policy updates.

G. Effective Data Access Control for Multi Authority Cloud Storage System

K.Yang, B.Zhang et al [11]. Ciphertext policy attribute based encryption is a promising technique for access control of encrypted data. It requires a trusted authority manages all the attributes and distributes key in the system. In cloud storage system, there are multiple authorities co-exist and each authority is able to issue attributes independently. This cause inefficiency of decryption and revocation. To overcome this problem DAC-MACS was proposed. It is an effective and secure data access control scheme with efficient decryption and revocation

Merits: DAC-MACS is provably secure in the random oracle model and incurs less cost and computation cost

Issues: Key escrow problem

III. PROBLEM FORMULATION

A. System Model System model consists of four entities. These are Data

Owner, N-attribute authorities, Data Consumer and server. Data Owner: Data Owner is the entity who wishes to

outsource encrypted data file to the cloud servers. Cloud Server: The Cloud sever who is assumed to have

adequate storage capacity, does nothing but store them. Attribute Authority: Authorities are assumed to have

powerful computation abilities, and they are supervised by government offices because some attributes partially contain user’s personally identifiable information. Therefore each authority is aware of only part of attribute. The whole attribute set divided into N-disjoint set and controlled by each authority.

Fig. 1: Architecture of System Model

System Working Steps 1. Request public key 2. Upload outsource encrypted file 3. Request attribute secret private key 4. Downloaded the encrypted file Data Consumer: Data Consumers are request private keys

from all of the attribute authorities, and they do not know which attributes are controlled by which authorities .When the Data Consumers request their private keys from authorities, authorities jointly create corresponding private key and sent it to them. All data Consumers are able to download any of the encrypted data files, but only those whose private keys satisfy the privilege tree Tp can execute the operation associated with privilege p.

System model consists of five modules. They are follows 1. Register 2. Appeal for public key 3. Upload the file 4. Moderately decrypting and sending private key 5. Fully decrypting and downloading the file Register: In this module, the Data Owner, Data Consumer

and Authority are register their personal details with corresponding role. For example User Name, role, password, email address.

Appeal for public key: The Data Owner appeal for public key to the authority for uploading the information to the cloud that are going to be accessed by the user. Then, the authority check the data owner and send the public key access key to the data owner.

ISSN 2277 - 5048 | © 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016 27

Upload File: Data owner upload the file to the server using public key from authority and the owner send the private key to the user for downloading the file. And it will send to authority for confidential

Moderately decrypted and sending the private key: Authority partially decrypt the file using private key and allow permission to user for downloading file through key. The user private key sent to the user email and user get the private key downloading the file and viewed the file.

Fully decrypting and downloading the file: User fully decrypts the file using private key from mail and downloading the necessary files for further access

B. Anony Control Construction Attribute Based Encryption algorithm steps: Public Key: the public key is a random generated binary

key, generated and maintained by key manager itself. Particularly used for encryption and decryption.

Private Key: Private Key is the combination of the user name, password. The private key is maintained by client itself. Used for decrypt the file.

ABE Key: It is associated with a policy. The access key is built on attribute based encryption. File access is of read and write. It also include user role based on the policy.

1. Setup: A randomized algorithm setup (k) takes in as input a security parameter and provides a set of public parameters (PK) and the master key values (MK)

2. 2.Key Generation: The KeyGen(MK,PK,A) algorithms takes the master key values (MK) the public parameters (PK) and the attributes set of the user (A) and outputs for the user and set of decryption key SK which conform the users possession of all the attributes in A and no other external attributes.

3. Encryption: The algorithm encryption (M, T, PK) is a randomized algorithm that takes as input the message to be encrypted (M), the access structure T which needs to be satisfied and the public parameters (PK), to the output ciphertext CT

4. Decryption: The decryption algorithm Dec (CK, SK, PK) take as input the ciphertext CT, the user secret key SK and the public key parameters PK and it outputs the encryption message (M) if and only if attribute A embedded in SK satisfy the access structure T which was used while encrypting ciphertext CT. If T (A) =1 them message M is outputs else, it outputs 0

C. Security Model RSA key generation algorithm steps. The steps are follows:

Key Generation 1. Generate two large random primes, p and q, of

approximately equal size such that their product n = pq, is of the required bit length, e.g. 1024 bits.

2. Compute n = pp. and (phi) φ = (p-1) (q-1)

3. Choose an integer e, 1 < e < phi, such that gcd (e, phi) = 1.

4. Compute the secret exponent d, 1 < d < phi, such that ed≡ 1 (mod phi).

5. The public key is (n, e) and the private key (d, p, q). Keep all the values d, p, q and phi secret. Where n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent. d is known as the secret exponent or decryption exponent.

Encryption Sender A does the following:

1. Obtains the recipient B's public key (n, e). 2. Represents the plaintext message as a positive integer

m, 1 < m < n 3. Computes the cipher text c = me mod n. 4. Sends the cipher text c to B.

Decryption The plaintext message can be quickly recovered when the

decryption key d, an inverse of e modulo (p-1) (q-1) Is known. (Such an inverse exists since gcd (e, (p-1) (q-1)) =1). To see this, note that if d e *1 (mod (p-1) (q-1)), there is an integer k such that d e = 1 + k (p-1) (q-1). It follows that.Cd = (Me) d = M de = M1+k (p-1) (q-1)

By Fermat's theorem (assuming that gcd (M, p) = gcd (M, q) = 1, which holds except in rare cases, it follows that Mp-1 *1 (mod p) and Mq-1 *1 (mod q), consequently.

Cd = M · (Mp-1) k (q-1) *M · 1 *M (mod p) andCd = M · (Mq-1) k (p-1) *M · 1 *M (mod q) since gcd (p, q) = 1, it follows that-Cd *M (mod pp.)

D. Requirement Specification

Hardware Specifications Processor: Pentium IV Processor RAM: 512 MB Hard Drive: 40GB Monitor : 14” VGA COLOR MONITOR Disk Space: 1 GB

Software Specifications Operating System: Windows Xp / 7 Front End: JSP Backend: My SQL

ISSN 2277 - 5048 | © 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016 28

IV. RESULTS AND DISCUSSION

A. Screen Shots

Screenshot 1: Homepage of the System

Screenshot 2: Register Page

Screenshot 3: Login Page

Screenshot 4: Authority Send Request

Screenshot 5: Public Key Request

Screenshot 6: Upload the File

ISSN 2277 - 5048 | © 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016 29

Screenshot 7: Download the File

V. CONCLUSION This paper proposes two Anonymous Attribute Based

Encryption scheme such as Anonycontrol and Anonycontrol-F to protect the user privacy the cloud computing system, these schemes are achieve not only the data content but also user identity anonymity while conducting privilege control based on user’s identity information. More significantly, this system can tolerate up to N-2 authority compromise, which is highly superior particularly in internet based cloud computing environment. So Anonycontrol and Anonycontrol-F are both secure and efficient for cloud storage system

VI. FUTURE ENHANCEMENT In Anonymous Attribute Based Encryption scheme

produce truthfulness of user in this case of using attribute based encryption key and it is also needs to trust the key requester for he picks correct attribute keys corresponding to his identity and extra communication overhead incurred. In future to overcome this problem it is efficient to introduce user revocation mechanism on Anonymous Attribute Based Encryption scheme. This is the one of the great challenge in the application of ABE

REFERENCES [1] Y. Zhang, X. Chen, J. Li, D. S. Wong and H. Li, “Anonymous attribute

based Encryption,” Proc. 8thASIACCS, Pp. 511–516, 2013. [2] V. Goyal, O. Pandey, A. Sahai and B. Waters, “Attribute-based

encryption for FINE-grained access control of encrypted data,” Proc. 13th CCS, Pp. 89–98, 2006.

[3] J. Bethencourt, A. Sahai and B. Waters, “Key-policy attribute based encryption,” Proc. IEEE SP, Pp. 321–334, May 2007.

[4] J. Li, Q. Huang, X. Chen, S.S. Chow, D.S. Wong and Xie, “Multi authority ciphertext-policy attribute-based encryption with accountability,” Proc. 6th ASIACCS, Pp. 386–390, 2011.

[5] V. Božovi´c, D. Socek, R. Steinwandt and V. I. Villányi, “Multi-authority attribute-based encryption with honest-but-curious central authority,” Int.J. Comput. Math., Vol. 89, No. 3, Pp. 268–283, 2012.

[6] S. Hohenberger and B. Waters, “Attribute-based encryption with fast decryption,” Public-Key Cryptography. Berlin, Germany: Springer-Verlag, Pp. 162–179, 2013.

[7] A. Lewko and B. Waters, “Decentralizing attribute-based encryption,” Advances in Cryptology. Berlin, Germany: Springer-Verlag, Pp. 568–588, 2011.

[8] H. Ma, G. Zeng, Z. Wang and J. Xu, “Fully secure multi-authority attribute-based traitor tracing,” J. Comput. Inf. Syst., Vol. 9, No. 7, Pp. 2793–2800, 2013.

[9] Z. Wan, J. Liu, and R. H. Deng,“ HASBE: A hierarchical attribute based solution for flexible and scalable access control in cloud computing, ” IEEE Trans. Inf. Forensics Security, Vol. 7, No. 2, Pp. 743–754, Apr. 2012.

[10] J. Hur, “Attribute-based secure data sharing with hidden policies in smart Grid,” IEEE Trans. Parallel Distrib. Syst., Vol. 24, No. 11, Pp. 2171–2180, Nov. 2013.

[11] M. Li, S. Yu, Y. Zheng, K. Ren and W. Lou, “Scalable and secure sharing of personal health records in cloud computing using attribute based encryption,” IEEE Trans. Parallel Distrib. Syst., Vol. 24, No. 1, Pp. 131–143, Jan. 2013.

[12] K. Yang, X. Jia, K. Ren and B. Zhang, “DAC-MACS: Effective data access control for multi-authority cloud storage systems,” Proc. IEEEINFOCOM, Pp. 2895–2903, Apr. 2013.

[13] Tor: Anonymized Network. [Online]. Available: https://www. torproject.org/, accessed 2014.

[14] J. Liu, Z. Wan and M.Gu, “Hierarchical attribute-set based encryption for scalable, flexible and fine-grained access control in cloud computing,” Information Security Practice and Experience. Berlin, Germany: Springer-Verlag, Pp. 98–107, 2014.

[15] L. Zhang, X.-Y. Li, Y. Liu, and T. Jung, “Verifiable private multiparty computation: Ranging and ranking,” in Proc. IEEE INFOCOM, Pp. 605–609, Apr. 2013.

[16] Ciphertext-Policy Attribute-Based Encryption Toolkit. [Online]. Available: http://acsc.csl.sri.com/cpabe/, accessed 2014.

[17] S. Yu, C. Wang, K. Ren and W. Lou, “Attribute based data sharing with Attribute revocation,” Proc. 5th ASIACCS, Pp. 261–270, 2010.

[18] S. Yu, K. Ren, and W. Lou, “Attribute-based content distribution with hidden policy,” in Proc. 4th Workshop Secure Network. Protocols, Pp. 39–44, 2008.

[19] A. Kapadia, P.P. Tsang and S.W. Smith, “Attribute-based publishing with hidden credentials and hidden policies,” Proc. NDSS, Pp. 179–192, 2007.

[20] T. Jung, X. Mao, X.-Y. Li, S.-J. Tang, W. Gong and L. Zhang, “Privacy preserving Data aggregation without secure channel: Multivariate polynomial evaluation,” Proc. IEEE INFOCOM, Pp. 2634–2642, Apr. 2013.

[21] C. Wang, N. Cao, J. Li, K. Ren and W. Lou, “Secure ranked keyword search over encrypted cloud data,” Proc. IEEE 30th ICDCS, Pp. 253–262, Jun 2010.

ISSN 2277 - 5048 | © 2016 Bonfring