ABSTRACT

Security and privacy are very important issues in cloud computing. In existing system access
control in clouds are centralized in nature. The scheme uses a symmetric key approach and does
not support authentication. Symmetric key algorithm uses same key for both encryption and
decryption. We take a centralized approach where a single key distribution center (KDC)
distributes secret keys and attributes to all users. The validity of the user who stores the data is
also verified. Cloud computings multi-tenancy feature, which provides privacy, security and
access control challenges, because of sharing of physical resources among untrusted tenants. In
order to achieve safe storage, policy based file access control, policy based file assured deletion
and policy based renewal of a file stored in a cloud environment, a suitable encryption technique
with key management should be applied before outsourcing the data. In this paper we
implemented secure cloud storage by providing access to the files with the policy based file
access using Attribute Based Encryption (ABE) scheme with RSA key public-private key
combination. Private Key is the combination of the users credentials. So that high security will
be achieved. Time based file Revocation scheme is used for file assured deletion. When the time
limit of the file expired, the file will be automatically revoked and cannot be accessible to
anyone in future. Manual Revocation also supported. Policy based file renewal is proposed. The
Renewal can be done by providing the new key to the existing file, will remains the file until the
new time limit reaches. In any case, in completing thus, these results unavoidably present a
substantial processing overhead on the data possessor for key distribution and data
administration when fine-grained data access control is in demand, and subsequently don't scale
well. In the proposed scheme, the cloud adopts an access control policy and attributes hiding
strategy to enhance security. This new scheme supports secure and efficient dynamic operation
on data blocks, includ-ing: data update, creation, modification and reading data stored in the
cloud. Moreover, our authentication and access control scheme is decentralized and robust,
unlike other access control schemes designed for clouds which are centralized. We also provide
options for file recovery.

INTRODUCTION
Cloud computing is a promising computing model which currently has drawn far reaching
consideration from both the educational community and industry. By joining a set of existing and
new procedures from research areas, for example, Service-Oriented Architectures (SOA) and
virtualization, cloud computing is viewed all things considered a computing model in which
assets in the computing infrastructure are given as services over the Internet. It is a new business
solution for remote reinforcement outsourcing, as it offers a reflection of interminable storage
space for customers to have data reinforcements in a pay-as-you- go way. It helps associations
and government offices fundamentally decrease their financial overhead of data administration,
since they can now store their data reinforcements remotely to third-party cloud storage suppliers
as opposed to keep up data centers on their own. Numerous services like email, Net banking and
so forth are given on the Internet such that customers can utilize them from anyplace at any
time. Indeed cloud storage is more adaptable, how the security and protection are accessible for
the outsourced data turns into a genuine concern. The three points of this issue are availability,
confidentiality and integrity. To accomplish secure data transaction in cloud, suitable
cryptography method is utilized. The data possessor must encrypt the record and then store the
record to the cloud. Assuming that a third person downloads the record, they may see the record
if they had the key which is utilized to decrypt the encrypted record. Once in a while this may be
failure because of the technology improvement and the programmers. To overcome the issue
there is lot of procedures and techniques to make secure transaction and storage. Anonymous
authentication is the procedure of accepting the client without the details of the client. So the
cloud server doesnt know the details of the client, which gives security to the clients to conceal
their details from other clients of that cloud. Security and privacy assurance in clouds are
analyzed and tested by numerous researchers. Now a days cloud computing is a rationally
developed technology to store data from more than one client. Cloud computing is an
environment that enables users to remotely store their data. Remote backup system is the
advanced concept which reduces the cost for implementing more memory in an organization. It
helps enterprises and government agencies reduce their financial overhead of data management.
They can archive their data backups remotely to third party cloud storage providers rather than
maintain data centers on their own. An individual or an organization may not require purchasing

the needed storage devices. Instead they can store their data backups to the cloud and archive
their data to avoid any information loss in case of hardware / software failures. Even cloud
storage is more flexible, how the security and privacy are available for the outsourced data
becomes a serious concern. There are three objectives to be main issue
Confidentiality preserving authorized restrictions on information access and disclosure. The
main threat accomplished when storing the data with the cloud.
Integrity guarding against improper information modification or destruction.
Availability ensuring timely and reliable access to and use

Fig1: Example diagram for data sharing with cloud storage.

To achieve secure data transaction in cloud, suitable cryptography method is used. The data
owner must encrypt the file and then store the file to the cloud. If a third person downloads the
file, he/she may view the record if he/she had the key which is used to decrypt the encrypted file.
Sometimes this may be failure due to the technology development and the hackers.

To secure data, most systems use the variety of techniques, including:

Encryption, which translates to mean they choose an intricate algorithm to encode

information. To decode the encrypted files, an individual needs the encryption key. While
you can crack encrypted information, most hackers don't have access to the magnitude of
computer processing power they would have to decrypt information.

Authentication processes, which require creating an individual name and password.

Authorization practices -- the customer lists the people who are authorized to access
information stored over the cloud system. Many corporations have multiple numbers of
authorizations. Like, a front-line employee would've restricted authority to access data
stored about the cloud system, whilst the head of recruiting would've extensive authority
to access files.

Even with your protective measures positioned, a lot of us worry that data saved on an online
storage system is vulnerable. You can the possibility that a hacker just might discover searching
for back entrance and access data. Hackers might also endeavour to steal the physical machines
on which data are stored. A disgruntled employee could alter or destroy data using the
authenticated user name and password. Cloud storage companies invest a ton of money in
security measures so as to limit the chance of data theft or corruption. The opposite big concern,
reliability, is simply as important as security. An unstable cloud storage system is mostly a
liability. No one wants in order to save data towards a failure-prone system, nor do they need to
trust a business that's not financially stable. While many cloud storage systems make sure you
address this concern through redundancy techniques, there's still the possibility that a complete
system could crash as well as leaving clients without any method of accessing their saved data.
Cloud storage companies live and die by their reputations. It's in each company's desires to
provide one of the most secure and reliable service possible. If a business can't meet these basic
client expectations, very easy have much of a chance there are far too many other available
choices available over the market.

LITERATURE SURVEY
S. Ajitha, P.S. Apirajitha
In this project, a new decentralized access control scheme for secure data storage in clouds is
proposed, that support anonymous authentication. In this scheme the cloud verifies the
authenticity of the server without knowing the users identity before storing data. This scheme
also has the added feature of access control in which only valid users are able to decrypt the
stored information. The added feature of this project is access control, in which only valid users
are able to decrypt the stored information. This project prevents replay attacks and supports
creation, modification and reading data stored in cloud. In this scheme asymmetric key concept
is used for encryption and decryption, so the security is high compared to the other project. Here
the attributes and access policy of the users are hidden, so the security is high. In this project
authentication scheme is collusion secure and protects privacy of the user. Moreover our
authentication and access control scheme is decentralized and robust.

Raju M, Lanitha B
This paper describes the problems and explores potential solutions for providing long term
storage and access to research outputs, focusing mainly on research data. Access control scheme
for secure data storage in clouds that supports anonymous authentication. Feature of access
control in which only valid users are able to decrypt the stored information. Secure overlay cloud
storage system that achieves fine-grained, policy-based access control and file assured deletion.

S Divya Bharathy, T Ramesh

We propose a privacy preserving access control scheme for data storage, which supports
anonymous authentication and performs decentralized key management. In the proposed scheme,
the cloud adopts an access control policy and attributes hiding strategy to enhance security. This
new scheme supports secure and efficient dynamic operation on data blocks, includ-ing: data
update, creation, modification and reading data stored in the cloud. Moreover, our authentication

and access control scheme is decentralized and robust, unlike other access control schemes
designed for clouds which are centralized. We also provide options for file recovery. Extensive
security and performance analysis shows that the proposed scheme is highly effi-cient and
resilient against replay attacks. User revocation and access control policies highly contributes to
avoid abuse of cloud services and shared technology issues.

S.Seenu Iropia, R.Vijayalakshmi

The issue of at the same time accomplishing fine-grainedness, scalability, and data confidentiality of
access control really still remains uncertain. This paper addresses this open issue by, on one hand,
characterizing and implementing access policies based on data qualities, and, then again, permitting the
data owner to representative the majority of the calculation undertakings included in fine-grained data
access control to un-trusted cloud servers without unveiling the underlying data substance. We
accomplish this goal by exploiting and combining techniques of decentralized key policy Attribute Based
Encryption (KP-ABE) . Extensive investigation shows that the proposed approach is highly efficient and
secure.

EXISTING ARCHITECTURE
The pictorial overview of the existing architecture is depicted in Fig. 1.Existing access control
architecture in cloud are centralized in nature. Centralization lacks reliability. For example in this
project if we use single centralized KDC, if that fails then the whole system will shut down. If
The scheme uses a symmetric key approach and does not support authentication. Earlier work
provides privacy preserving authenticated access control in cloud. However, the authors take a
centralized approach where single key distribution center (KDC) distributes secret keys and
attributes to all users. Unfortunately, a single KDC is not only a single point of failure but
difficult to maintain because of large number of users that are supported in a cloud environment.
We, therefore, emphasize that clouds should take a decentralized approach while distributing
secret keys and attribute to users. It is also quite natural for clouds to have may KDCs in
different locations in the world. S Divya Bharathy et al,

Fig. 1 Single KDC architecture

PROPOSED ARCHITECTURE

The Single KDC architecture with no anonymous authentication makes it more complicated and
it also increases the storage overhead at the single KDC.
The pictorial overview of the decentralized KDC is depicted in Fig. 2.The proposed
decentralized architecture, also authenticates users, who want to remain anonymous while
accessing the cloud. We proposed a distributed access control mechanism in clouds. In the
preliminary version of this paper, we extend the previous work with added features which

enables to authenticate the validity of the message without revealing the identity of user who has
stored information in the cloud.

Fig. 2 Decentralized KDC architecture

In this paper, we also address user revocation. We use attribute based signature scheme to
achieve authenticity and privacy. Our scheme is resistant to replay attacks, in which user can
replace fresh data with stale data from previous write, even if it no longer has valid claim policy.
This is an important property because a user, revoked of its attributes, might no longer be able to
write to the cloud. The proposed architecture consists of the following modules. The
decentralized Key Distribution Centre archi-tecture here considers two KDCs. The pictorial
representation of the overall flow of the proposed architecture is depicted in Fig. 2a. The user
who is the file owner has a collection of files stores the files in cloud server in the form of
encrypted files and with indexing. The cloud au-thenticates the user even without knowing the
original identity of the user; rather two step authentications takes place with the help of the
Trusted Party Authenticator (TPA) and Key Distribution Centre (KDC).\

SYSTEM ARCHITECTECTURE
First the client was authenticated with the username and password, which is provided by the
user. Then the user was asked to answer two security levels with his/her choice. Each security
levels consist of 5 user selectable questions. The user may choose any one question from two
security levels. The private key for encrypt the file was generated with the combination of
username, password and the answers for the security level questions. After generating the private
key the client will request to the key manager for the public key. The key manager will verify the
policy associated with the file. If the policy matches with the file name then same public key will
be generated. Otherwise new public key will be generated. With the public key and private key
the file will be encrypted and uploaded into the cloud. If a user wants to download the file he/she
would be authenticated. If the authentication succeeded, the file will be downloaded to the user.
Still the user cant able to read the file contents. He / she should request the public key to the key
manager. According to the authentication, the key manager will produce the public key to the
user. Then the user may decrypt the file using the login credentials given by the user and the
public key provided by the key manager. The client can revoke the policy and renew the policy
due to the necessity.

Fig2: Overall system diagram.

KEY MANAGEMENT

Following are the cryptographic keys to protect data files stored on the cloud.

Public Key: The Public key is a random generated binary key, generated and maintained by the
Key manager itself. Particularly used for encryption/ decryption.

Private Key: It is the combination of the username, password and two security question of
users choice. The private key is maintained by client itself. Used for encrypt / decrypt the file.

Access key: It is associated with a policy. Private access key is maintained by the client. The
access key is built on attribute based encryption. File access is of read or write.

Renew key: Maintained by the client itself. Each has its own renew key. The renew key is used
to renew the policy of each necessary file at easy method.

PROPOSED WORK

Distributed access control of data stored in cloud so that only authorized users with valid
attributes can access them.

The identity of the user is protected from the cloud during authentication.

The architecture is decentralized, meaning that there can be several KDCs for key
management.

The access control and authentication are both collusion resistant, meaning that no two
users can collude and access data or authenticate themselves, if they are individually not
authorized.

Revoked users cannot access data after they have been revoked.

The proposed scheme is resilient to replay attacks. A writer whose attributes and keys
have been revoked cannot write back stale information.

The protocol supports multiple reads and writes on the data stored in the cloud.

The costs are comparable to the existing centralized approaches, and the expensive
operations are mostly done by the cloud.

A. Encryption / Decryption

We used RSA algorithm for encryption/Decryption. This algorithm is the proven mechanism for
secure transaction. Here we are using the RSA algorithm with key size of 2048 bits. The keys are
split up and stored in four different places. If a user wants to access the file he/she may need to
provide the four set of data to produce the single private key to manage encryption/decryption.

File Upload / Download

1. File Upload

Fig3: File uploading process.

The client made request to the key manager for the public key, which will be generated
according to the policy associated with the file. Different policies for files, public key also
differs. But for same public key for same policy will be generated. Then the client generates a
private key by combining the username, password and security credentials. Then the file is
encrypted with the public key and private key and forwarded to the cloud.

2. File Download

The client can download the file after completion of the authentication process. As the public key
maintained by the key manager, the client request the key manager for public key. The
authenticated client can get the public key. Then the client can decrypt the file with the public
key and the private key. The users credentials were stored in the client itself. During download
the file the cloud will authenticate the user whether the user is valid to download the file. But the
cloud doesnt have any attributes or the details of the user.

Fig4: File downloading process.

KEEP YOUR INFORMATION SECURE DURING THE CLOUD

Internet cloud services [13]: Services that store your data on the server rather than you are on
your hard disk so you have access to it from any Internet-enabled device are more efficient in the

past before. Banking sites replace expensive finance applications. Backing up photographs and
important documents has never been easier.
All we should do is being secure in the end use them. These are some simple safety tricks of
keeping your data secure during the cloud. Passwords are made to keep our information safe.
They're like locks. A hacker may force the threshold and break your lock. Remembering
Passwords are difficult, so we often take the easiest way out and use simple passwords that we
will never forget. But once they're memorable, they're also all too easy to guess. The more
complicated your password is, the safer your data will be. It's true, complex passwords definitely
won't be as speedy to recall. Have a safe area to record your passwords if you can't remember
them. The perfect passwords combine letters, numbers and symbols into an unusual
configuration. We also tend to decide on a small number of passwords and use them over and
over again for the e-mail, banking, Facebook and everything else. The fact is that, that's really
bad. In case your password is compromised, someone could easily gain usage of your e-mail
account. And change that password. And next go to each and every site you're registered on and
change those passwords; the replacement passwords are usually ship to your e-mail address. You
no longer repeat a password across sites. One last password tip: Don't tell other people your
passwords.
LastPass is really a password management utility that locks your whole unique passwords behind
one master password. Which means you can produce separate logins for e-mail, Facebook,
Twitter, cloud storage and any devices you should online, but still access those accounts by
memorizing a unitary password. LastPass will even help you create randomized passwords that
no-one will ever crack. If LastPass was hacked, that's possible, but LastPass has protocols in
position to encourage users to change their master passwords in the eventuality of a breach.
Moreover, validation tools like IP and e-mail address verification cause it to difficult a great
impostor to log-in in your LastPass account. Unexpected system failure could happen should you
least expect it. So back boost your protein data. Cloud storage Cloud storage solutions appear in
all shapes and sizes. Dropbox offers only a couple gigabytes of free storage.
WindowsLiveSkydrive is to restore all to easy to view and edit Office documents inside cloud.
Amazon's Cloud Drive offers 5 gigabytes of free storage rrncluding a Web interface for
uploading your files. Other services, like SugarSync and Mozy, focus much more about
automatically backing up your important data and storing it, and not rendering it easy to access

online. Internet hazards like viruses are, for the most part, all too easy to avoid. Antivirus
software programs are always a clever precaution, but smart browsing is far greater ally.
Specifically what does protecting your data inside cloud; exactly the same rules apply
concerning buying online or creating accounts on new Web pages: Make sure the site is
trustworthy.

Lock your device [14]: Since cloud computing is increasingly being done on cellular phones, it's
wise that this would be a weak spot; not surprisingly, it's much preferable to leave your phone
within a bar than to leave your computer there. Set your device to turn off after a period of
inactivity and demand password to open it back up. Make sure you use a secure network. Does
the Wi-Fi you use demand password to reach; are you aware that Wi-Fi companies can monitor
all traffic for their network, together with your private information; could be the site you're
accessing just an http or simply a safer https site? Paying attention to the details of the network
or sites you're accessing can certainly create big difference in for sure if your current data gets
hacked. The security vulnerabilities[15]: in EC2 (Elastic Compute Cloud) from misuse and
mismanagement belonging to the AMIs (Amazon Machine Images), consistent with a research
report titled A Security Analysis of Amazon's Elastic Compute Cloud Service. AMIs is virtual
images of preconfigured systems and applications, provided by third-party developers plus
Amazon it, for efficiently deploying services via EC2. For a five-month period, the researchers
analyzed well over 5,000 AMIs both Linux and Windows they will grabbed from data centers in
Europe, Asia, together with the United States. Case study found monetary companies security
failures of the AMIs they analyzed. First, 98 percent belonging to the Windows AMIs and 58
percent belonging to the Linux AMIs contained software with critical vulnerabilities. This
observation has not been typically restricted to the single application but often involved multiple
services: Typically 46 for Windows and 11 for Linux images, depending on report. On the
broader scale, we observed that countless images bring software which is well over twenty-four
old. These vulnerabilities leave users exposed to malware, not to mention to unsolicited
connections, which malicious hackers should use to collect more knowledge about an AMI's
usage and then collect IP target addresses for future attacks by a built-in backdoor. Vulnerability
involving leftover credentials; which is, a user's password or portion of their own SSH keys,
important for accessing a remote Linux server, might find themselves left while on an AMI. A

malicious hacker might leave their own public key intact while on an AMI so that they can log
on to any running instance of the style down the road. Additionally, a provider might leave SSH
keys or passwords within an AMI, which in turn can be exploited from a malicious third party.
AMIs also might contain exploitable information like browser history, which often can reveal
private information about a user, or shell history, through which a hacker can extract, credential
information as a DNS management password. A picture provider could simply delete this
sensitive information before you make an AMI public again.

CONCLUSION
We propose secure cloud storage using decentralized access control with anonymous
authentication. The files are associated with file access policies, that used to access the files
placed on the cloud. Uploading and downloading of a file to a cloud with standard
Encryption/Decryption is more secure. Revocation is the important scheme that should remove
the files of revoked policies. So no one can access the revoked file in future. The policy renewal
is made as easy as possible. The renew key is added to the file. Whenever the user wants to
renew the files he/she may directly download all renew keys and made changes to that keys, then
upload the new renew keys to the files stored in the cloud. In future the file access policy can be
implemented with Multi Authority based Attribute based Encryption. Using the technique we
can avoid the number of wrong hits during authentication. Create a random delay for
authentication, so the hacker can confuse to identify the algorithm. We have introduced a
decentralized access control system with anonymous authentication, which gives client
renouncement also prevents replay attacks. The cloud does not know the identity of the client
who saves data, however just checks the client's certifications. Key dissemination is carried out
in a decentralized manner. One limit is that the cloud knows the access strategy for each one
record saved in the cloud.

REFERENCES
[1] S Sushmita Ruj, Milos Stojmenovic and Amiya Nayak, Decentralized Access Control with
Anonymous Authentication of Data Stored in Clouds, IEEE TRANSACTIONS ON
PARALLEL AND DISTRIBUTED SYSTEMS
[2] Yang Tang, Patrick P.C. Lee, John C.S. Lui and Radia Perlman, Secure Overlay Cloud
Storage with Access Control and Assured Deletion, IEEE Transcations on dependable and
secure computing,
[3] G. Wang, Q. Liu, and J. Wu, Hierarchical attribute-based encryption for fine-grained access
control in cloud storage services, in ACM CCS, , pp. 735737, 2010
[4] Y. Tang, P.P.C. Lee, J.C.S. Lui, and R. Perlman, FADE: Secure Overlay Cloud Storage with
File Assured Deletion, Proc. Sixth Intl ICST Conf.Security and Privacy in Comm. Networks
(SecureComm), 2010
[5] R. Perlman, File System Design with Assured Delete, Proc. Network and Distributed
System Security Symp. ISOC (NDSS), 2007
[6] Ruj, A. Nayak, and I. Stojmenovic, DACC: Distributed access control in clouds, in IEEE
TrustCom, 2011
[7] A. Rahumed, H.C.H. Chen, Y. Tang, P.P.C. Lee, and J.C.S. Lui, A Secure Cloud Backup
System with Assured Deletion and Version
[8] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson,
A. Rabkin, I. Stoica, and M. Zaharia. A View of Cloud Computing. Comm. of the ACM,
53(4):5058, Apr 2010.
[9] Sushmita Ruj, Milos Stojmenovic and Amiya Nayak,Decentralized Access Control with
Anonymous Authentication of Data Stored in Clouds, IEEE TRANSACTIONS ON PARALLEL
AND DISTRIBUTED SYSTEMS.
[10] Wang, Q.Wang, K.Ren, N.Cao and W.Lou, Toward Secure and Dependable Storage
Services in Cloud Computing, IEEE T.Services Computing, Vol. 5, no.2, pp. 220-232, 2012.
[11] C.Gentry, A fully homomorphic encryption scheme, Ph.D. dissertation, Stanford
University, 2009, http://www.crypto.stanford.edu/craig.