Está en la página 1de 15

Audit-Free Cloud Storage via Deniable Attribute-based Encryption

AIM
To design a new cloud storage encryption scheme that enables cloud storage providers to create
convincing fake user secrets to protect user privacy. Since coercers cannot tell if obtained secrets
are true or not, the cloud storage providers ensure that user privacy is still securely protected.
OBJECTIVE
Secret sharing schemes are used to restrict access to such sensitive and confidential data.
Threshold secret sharing schemes is a scheme in which the number of the participants in the
reconstruction phase is important for recovering the secret. The performance of the Shamirs
secret sharing scheme, is used in a multi cloud environment.
SCOPE
The policy of a file may be denied under the request by the customer, when terminating the time
of the agreement or totally move the files starting with one cloud then onto the next cloud
nature's domain. The point when any of the above criteria exists the policy will be repudiated and
the key director will totally evacuates the public key of the associated file. So no one can recover
the control key of a repudiated file in future. For this reason we can say the file is certainly
erased. To recover the file, the user must ask for the key supervisor to produce the public key.
For that the user must be verified. The key policy attribute based encryption standard is utilized
for file access which is verified by means of an attribute connected with the file. With file access
control the file downloaded from the cloud will be in the arrangement of read just or write
underpinned. Every client has connected with approaches for each one file. So the right client
will access the right file. For making file access the key policy attribute based encryption.
PROBLEM STATEMENT
Most deniable public key schemes are bitwise, which means these schemes can only process one
bit a time; therefore, bitwise deniable encryption schemes are inefficient for real use, especially
in the cloud storage service case. To solve this problem, designed a hybrid encryption scheme
that simultaneously uses symmetric and asymmetric encryption. They use a deniably encrypted
plan-ahead symmetric data encryption key, while real data are encrypted by a symmetric key
encryption mechanism. Most deniable encryption schemes have decryption error problems.
These errors come from the designed decryption mechanisms. uses the subset decision

mechanism for decryption. The receiver determines the decrypted message according to the
subset decision result. If the sender chooses an element from the universal set but unfortunately
the element is located in the specific subset, then an error occurs. The same error occurs in all
translucent set- based deniable encryption schemes.

EXISTING SYSTEM
Most previous deniable encryption schemes, we do not use translucent sets or simulatable public
key systems to implement deniability. Instead, we adopt the idea proposed in with some
improvements. We construct our deniable encryption scheme through a multidimensional space.
All data are encrypted into the multidimensional space. Only with the correct composition of
dimensions is the original data obtainable. With false composition, ciphertexts will be decrypted
to predetermined fake data. The information defining the dimensions is kept secret. We make use
of composite order bilinear groups to construct the multidimensional space. We also use
chameleon hash functions to make both true and fake messages convincing.
PROPOSED SYSTEM
Techniques used in previous deniable encryption schemes, we build two encryption
environments at the same time, much like the idea proposed in .We build our scheme with
multiple dimensions while claiming there is only one dimension. This approach removes obvious
redundant parts in . We apply this idea to an existing ABE scheme by replacing prime order
groups with composite order groups. Since the base ABE scheme can encrypt one block each
time, our deniable CPABE is certainly a blockwise deniable encryption scheme. Though the
bilinear operation for the composite order group is slower than the prime order group, there are
some techniques that can convert an encryption scheme from composite order groups to prime
order groups for better computational performance.

Advantages:
Blockwise Deniable ABE:
This reduces the repeating number from the block size to the key size. Though
bitwise deniable encryption is more flexible than blockwise deniable encryption in
cooking fake data, when considering cloud storage services, blockwise encryption is
much more efficient in use.
Consistent Environment:

we build a consistent environment for our deniable encryption scheme. By consistent


environment, we means that one encryption environment can be used for multiple
encryption times without system updates.
Deterministic Decryption:
The concept of our deniable scheme is different than these schemes described
above. Our scheme extends a pairing ABE, which has a deterministic decryption
algorithm

ABSTRACT

Cloud storage services have become increasingly popular. Because of the importance of privacy,
many cloud storage encryption schemes have been proposed to protect data from those who do
not have access. All such schemes assumed that cloud storage providers are safe and cannot be
hacked; however, in practice, some authorities (i.e., coercers) may force cloud storage providers
to reveal user secrets or confidential data on the cloud, thus altogether circumventing storage
encryption schemes. In this paper, we present our design for a new cloud storage encryption
scheme that enables cloud storage providers to create convincing fake user secrets to protect user
privacy. Since coercers cannot tell if obtained secrets are true or not, the cloud storage providers
ensure that user privacy is still securely protected. Most of the proposed schemes assume cloud
storage service providers or trusted third parties handling key management are trusted and cannot
be hacked; however, in practice, some entities may intercept communications between users and
cloud storage providers and then compel storage providers to release user secrets by using
government power or other means. In this case, encrypted data are assumed to be known and
storage providers are requested to release user secrets.

LITERATURE SURVEY
Design And Implementation Of A Privacy Preserved Off-Premises Cloud Storage
Despite several cost-effective and flexible characteristics of cloud computing, some clients are
reluctant to adopt this paradigm due to emerging security and privacy concerns. Organization
such as Healthcare and Payment Card Industry where confidentiality of information is a vital act,
are not assertive to trust the security techniques and privacy policies offered by cloud service
providers. Malicious attackers have violated the cloud storages to steal, view, manipulate and
tamper clients data. Attacks on cloud storages are extremely challenging to detect and mitigate.

In order to formulate privacy preserved cloud storage, in this research paper, we propose an
improved technique that consists of five contributions such as Resilient role-based access control
mechanism, Partial homomorphic cryptography, metadata generation and sound steganography,
Efficient third-party auditing service, Data backup and recovery process. We implemented these
components using Java Enterprise Edition with Glassfish Server. Finally we evaluated our
proposed technique by penetration testing and the results showed that clients data is intact and
protected from malicious attackers.
A Survey on Various Techniques of Data Storage on Cloud using Third Party Auditor
In present scenario cloud computing emerges as one of the most powerful computing technology
to provide dynamic service on demand on very large scale over the internet. Cloud computing
offers various features like scalability, pay on use, using these features giants companies use
cloud to store their data, In cloud computing data stores on cloud at remote location and cloud
user hopes that his/her data is secured at cloud, but many times his/her data is altered, deleted or
modified. So that cloud user to check integrity, confidentiality and security of data in a span of
time, but cloud user and organization not able to put an eye on cloud provider all the time so they
resort a TPA (Third Party Auditor) to work on behalf of cloud user. In this paper we discuss
various Third Party Auditing schemes which ensure data integrity and privacy with their
advantages and disadvantages,
Storing Shared Data on the Cloud via Security-Mediator
Nowadays, many organizations outsource data storage to the cloud such that a member of an
organization (data owner) can easily share data with other members (users). Due to the existence
of security concerns in the cloud, both owners and users are suggested to verify the integrity of
cloud data with Provable Data Possession (PDP) before further utilization of data. However,
previous methods either unnecessarily reveal the identity of a data owner to the untrusted cloud
or any public verifiers, or introduce significant overheads on verification metadata for preserving
anonymity. In this paper, we propose a simple, efficient, and publiclyverifiable approach to
ensure cloud data integrity without sacrificing the anonymity of data owners nor requiring
significant overhead. Specifically, we introduce a security-mediator (SEM), which is able to
generate verification metadata (i.e., signatures) on outsourced data for data owners. Our
approach decouples the anonymity protection mechanism from the PDP. Thus, an organization
can employ its own anonymous authentication mechanism, and the cloud is oblivious to that
since it only deals with typical PDP-metadata, Consequently, the identity of the data owner is not
revealed to the cloud, and there is no extra storage overhead unlike existing anonymous PDP
solutions. The distinctive features of our scheme also include data privacy, such that the SEM
does not learn anything about the data to be uploaded to the cloud at all, and thus the trust on the
SEM is minimized. In addition, we extend our scheme to work with the multi-SEM model,
which can avoid the potential single point of failure. Security analyses prove that our scheme is
secure, and experiment results demonstrate that our scheme is efficient.

A Shamir Secret Based Secure Data sharing between Data owners


Out sourcing the information over cloud is still an important ant research issue in the field of
cloud computing, multi owner data sharing technique over cloud provides privacy and
complexity while handling the data sharing over cloud. The proposed technique works with
improvedlagrangeous polynomial group secret sharing group key mechanism and data can be
uploaded in to the server after the encryption of the content by the secret group key, when new
member joined in the group, new granted users can directly decrypt data files uploaded before
their participation without contacting with data owners.
SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME
FOR CLOUD STORAGE
With cloud storage services, it is commonplace for data to be not only stored in the cloud, but
also shared across multiple users. However, public auditing for such shared data while preserving
identity privacy remains to be an open challenge.Here secure and effective methods are needed
to secure integrity and privacy data stored in cloud.This paper provides a privacy preserving
public auditing scheme that supports public auditing and identity privacy on shared data stored in
the cloud storage service for enhancing its security and efficiency .This paper has mainly
concentrated on improving the security mechanism of ownCloud storage service.
SECURITY STORAGE SYSTEM FOR CLOUD USER USING OSD WITH A SELFDESTRUCTING DATA
Cloud computing focuses on maximizing the effectiveness of the sharing of resources. It is not
only shared by multiple users but can also dynamically reallocating as per demand. Cloud
computing is the notion of outsourcing on-site available services and data storage to an off-site.
Personal data stored in the cloud may contain account number, password, notes and other
important information that could be used and misused by a miscreant, a competitor or a court of
law. These data are cached, copied and archived by Cloud Service Providers (CSPs), often
without user authorization and control. To overcome this problem to propose a Self Destruction
method is protecting the user data privacy through Shamir Secret sharing algorithm, which can
generate a pair of keys. Self Destruction method is associated with Time to Live (TTL) property
to specify the life time of the keys. TTL trigger the Self Destruction operation, then the keys
becomes destructed or unreadable after a user specified period. User can decrypt after timeout,
either the user give correct keys. Shamir algorithm generates new keys to the user. Self
Destruction mechanism reduces the overhead during upload and download file in the cloud. The
result demonstrates that Self Destruction is practical to use and meet all privacy preserving goals.
In this paper, active storage framework provides virtualization environment to run clients
application and data is treated as objects to increase the throughput and decrease the latency.
Using Secret Sharing Algorithm for Improving Security in Cloud Computing

Cloud Computing is an emerging technology which has considerable potential as an alternative


process for traditional silo computing. One can deploy applications more speedily across shared
server storage resource pools than is possible with conventional enterprise solutions .Deploying
modern web applications across a cloud framework enables a new level of agility that is very
difficult to accomplish with traditional silo computing mode. Beside all the benefits cloud
computing has big issue to be concern which is its security, reason is involvement of third party.
Now days enterprises preferring multi-clouds, or in other words, interclouds or cloud-ofclouds rather than single cloud provider. This paper focuses on multicloud security by using
secret sharing algorithm.
Result Paper on Public Auditing by using KERBEROS to Secure Cloud Storage
Cloud computing is an environment which enables convenient, efficient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. Cloud is kind of centralized database where
many organizations/clients store their data, retrieve data and possibly modify data. Using cloud
storage, users can remotely store their data and enjoy the on-demand high-quality applications
and services from a shared pool of configurable computing resources, without the burden of local
data storage and maintenance. Data stored and retrieved in such a way may not be fully
trustworthy so here concept of TPA (Third Party Auditor) is used. Thus, enabling public
auditability for cloud storage is of critical importance so that users can resort to a third-party
auditor (TPA) to check the integrity of outsourced data and be worry free. To securely introduce
an effective TPA, the auditing process should bring in no new vulnerabilities toward user data
privacy, and introduce no additional online burden to user. It will be our attempt to further extend
the result to enable the TPA to perform audits for multiple users simultaneously and efficiently.
Extensive security by applying various encryption algorithms and Kerberos as a third party
authentication system shows the proposed schemes are provably secure and highly efficient.
Dynamic Auditing for Data Verification and Cloud Storages
Cloud computing is an ondemand service where customer can access various computer resources
with internet. Unlucky reliability of cloud data is subject to uncertainty due to infrastructure
breakup problem and possible of human errors. Various systems has been designed to protect the
cloud data to ensure data security. Cloud service provider may hide the data leakages due to
customer Satisfaction. Third Party Auditor validates the cloud customer information and ensures
data integrity. Traceability is the major problem occurs over the cloud audit mechanism. We
propose the cloud audit methodology for cloud data security with encrypted data with efficient
cloud security.
On Cloud Storage and the Cloud of Clouds Approach

Many recently proposed cloud storage architectures build a single virtual cloud storage system
by using a combination of diverse commercial cloud storage services - the so called cloud of
clouds approach. Thereby, the data to be stored is dispersed among different (independent) cloud
storage providers in a redundant way. This is commonly accomplished either by naively
replicating the data to several providers (storing an entire copy of a file at each provider) or by
dispersing suitably encoded data, i.e., only a certain threshold of file fragments is required for
reconstruction of a file. Furthermore, since many vendors of commercial cloud storage services
do not provide adequate means to securing the cloud from within the cloud infrastructure, many
recently proposed cloud storage architectures (transparently) add relevant security and privacy
features from the outside. In doing so, they are mainly trying not to affect the cloud providers
interfaces and inner workings. In this paper we take a closer look at distributed cloud storage
systems. We provide an overview of information dispersal strategies to realise reliable distributed
cloud storage systems and provide an overview of state-of-the-art cloud storage approaches.
Then, we analyse them with respect to security properties. Furthermore, we discuss the lack of
privacy features and in particular features to provide access privacy in existing distributed cloud
storage systems, which is an important direction for future research on distributed cloud storage.
A Novel Approach for Enhancing the Authentication Process in Cloud Computing
A cloud computing is a new computing model which is a successor of grid computing, utility
computing, parallel computing, distributed computing and other Virtualization technologies. The
cloud is a metaphor for the Internet and is an abstraction for the complex infrastructure it
conceals. Cloud Computing provides the capability to use computing and storage resources on
meter basis and reduce the investments in an organizations computing infrastructure. Although
data stored in third party storage systems like the cloud might not be secure since integrity,
confidentiality and authenticity of data are not guaranteed. Cloud is a third party service and so, a
client cannot trust the cloud service provider to store its data securely within the cloud. Hence,
many organizations and users are still not willing to use the cloud services to store their data in
the cloud until certain security guarantees are made. So to avoid this insecurity of users data
there is a need to authenticate a client before using the services. In this paper an authentication
model is proposed for cloud computing based on Kerberos protocol using threshold cryptography
to provide more security and to increase the availability of key. This model can also benefit by
filtering the unauthorized access and to reduce the burden of computation and memory usage of
cloud provider against authentication checks for each client. It acts as a third party between cloud
server and clients to allow authorized and secure access to cloud services.

Architecture

Use Case Diagram


Login

FileUpload

Encription

Decription

Verfication
Owner

User

Logout

Owner

Login

Initiate File Upload

Receive pp,msk

Encryption
Release Encryption Proof

Logout

Login

Download Request
User

Release Decrytion Proof

Verify Proof
Decryption

Logout

Data Flow Diagram

Login

File Upload

Receive pp,msk

Encryption
Release Encryption Proof

Download
Release Decription
Proof

Verify (Pp,C,M,PE,PD)

Fake Data

Orignal Data

Logout

Sequence Diagram

Modules Description

Deniable Encryption:
Deniable encryption involves senders and receivers creating convincing fake evidence of
forged data in ciphertexts such that outside coercers are satisfied. Note that deniability
comes from the fact that coercers cannot prove the proposed evidence is wrong and
therefore have no reason to reject the given evidence. This approach tries to altogether
block coercion efforts since coercers know that their efforts will be useless. We make use
of this idea such that cloud storage providers can provide audit-free storage services. In
the cloud storage scenario, data owners who store their data on the cloud are just like
senders in the deniable encryption scheme. Those who can access the encrypted data play
the role of receiver in the deniable encryption scheme, including the cloud storage
providers themselves, who have system wide secrets and must be able to decrypt all
encrypted data. We make use of ABE characteristics for securing stored data with a finegrained access control mechanism and deniable encryption to prevent outside auditing.

Composite Order Bilinear Group:

Design a deniable CP-ABE scheme with composite order bilinear groups for building
audit-free cloud storage services. Composite order bilinear groups have two attractive
properties, namely projecting and cancelling. We make use of the cancelling property for
building a consistent environment; however, Freeman also pointed out the important
problem of computational cost in regard to the composite order bilinear group. The
bilinear map operation of a composite order bilinear group is much slower than the
operation of a prime order bilinear group with the same security level. That is, in our
scheme, a user will spend too much time in decryption when accessing files on the cloud.
To make composite order bilinear group schemes more practical, into prime order
schemes. both projecting and cancelling cannot be simultaneously achieved in prime
order groups in . For the same reason, we use a simulating tool proposed to convert our
composite order bilinear group scheme to a prime order bilinear group scheme. This tool
is based on dual orthonormal bases and the subspace assumption. Different subgroups are
simulated as different orthonormal bases and therefore, by the orthogonal property, the
bilinear operation will be cancelled between different subgroups. Our formal deniable
CP-ABE construction method uses only the cancelling property of the composite order
group.
Attribute-Based Encryption:
Cloud storage services have rapidly become increasingly popular. Users can store their
data on the cloud and access their data anywhere at any time. Because of user privacy, the
data stored on the cloud is typically encrypted and protected from access by other users.
Considering the collaborative property of the cloud data, attribute-based encryption
(ABE) is regarded as one of the most suitable encryption schemes for cloud storage.
There are numerous ABE schemes that have been proposed, including . Most of the
proposed schemes assume cloud storage service providers or trusted third parties
handling key management are trusted and cannot be hacked; however, in practice, some
entities may intercept communications between users and cloud storage providers and
then compel storage providers to release user secrets by using government power or other
means. In this case, encrypted data are assumed to be known and storage providers are
requested to release user secrets. As an example, in 2010, without notifying its users,
Google released user documents to the FBI after receiving a search warrant . In 2013,
Edward Snowden disclosed the existence of global surveillance programs that collect
such cloud data as emails, texts, and voice messages from some technology companies.
Once cloud storage providers are compromised, all encryption schemes lose their
effectiveness. Though we hope cloud storage providers can fight against such entities to
maintain user privacy through legal avenues, it is seemingly more and more difficult.

Cloud Storage:
Cloud storage services have become increasingly popular. Because of the importance of privacy,
many cloud storage encryption schemes have been proposed to protect data from those who do
not have access. All such schemes assumed that cloud storage providers are safe and cannot be
hacked; however, in practice, some authorities (i.e., coercers) may force cloud storage providers
to reveal user secrets or confidential data on the cloud, thus altogether circumventing storage
encryption schemes. In this paper, we present our design for a new cloud storage encryption
scheme that enables cloud storage providers to create convincing fake user secrets to protect user
privacy. Since coercers cannot tell if obtained secrets are true or not, the cloud storage providers
ensure that user privacy is still securely protected. Most of the proposed schemes assume cloud
storage service providers or trusted third parties handling key management are trusted and cannot
be hacked; however, in practice, some entities may intercept communications between users and
cloud storage providers and then compel storage providers to release user secrets by using
government power or other means. In this case, encrypted data are assumed to be known and
storage providers are requested to release user secrets. we aimed to build an encryption scheme
that could help cloud storage providers avoid this predicament. In our approach, we offer cloud
storage providers means to create fake user secrets. Given such fake user secrets, outside
coercers can only obtained forged data from a users stored ciphertext. Once coercers think the
received secrets are real, they will be satisfied and more importantly cloud storage providers will
not have revealed any real secrets. Therefore, user privacy is still protected. This concept comes
from a special kind of encryption scheme called deniable encryption.

Owner Module:
Owner module is to upload their files using some access policy. First they get the public
key for particular upload file after getting this public key owner request the secret key for
particular upload file. Using that secret key owner upload their file.
User Module:
This module is used to help the client to search the file using the file id and file name .If
the file id and name is incorrect means we do not get the file, otherwise server ask the public key
and get the encryption file.If u want the the decryption file means user have the secret key.
1. ECDH Elliptic Curve Diffie Hellman
ECDH is a key agreement protocol that allows two parties to establish a shared secret key that
can be used for private key algorithms. Both parties exchange some public information to each

other. Using this public data and their own private data these parties calculates the shared secret.
Any third party, who doesnt have access to the private details of each device, will not be able to
calculate the shared secret from the available public information. An overview of ECDH process
is defined below. For generating a shared secret between A and B using ECDH, both have to
agree up on Elliptic Curve domain parameters. Both end have a key pair consisting of a private
key d (a randomly selected integer less than n, where n is the order of the curve, an elliptic curve
domain parameter) and a public key = d * G (G is the generator point, an elliptic curve domain
parameter).
Let (dA, QA) be the private key - public key pair of A and (dB, QB) be the private key - public
key pair of B.
1. The end A computes K = (xK, yK) = dA * QB
2. The end B computes L = (xL, yL) = dB * QA
3. Since dAQB = dAdBG = dBdAG = dBQA. Therefore K = L and hence xK = xL
4. Hence the shared secret is xK Since it is practically impossible to find the private key dA or
dB from the public key K or L, its not possible to obtain the shared secret for a third party.
Setup:
This algorithm takes as input security parameters and attribute universe of cardinality N. It then
defines a bilinear group of prime number. It returns a public key and the master key which is
kept secret by the authority party.
Encryption:
It takes a message, public key and set of attributes. It outputs a cipher text.
Key Generation:
It takes as input an access tree, master key and public key. It outputs user secret key.
Decryption:
It takes as input cipher text, user secret key and public key. It first computes a key for each leaf
node. Then it aggregates the results using polynomial interpolation technique and returns the
message.