SECURING CLOUD SERVER AND DATA ACCESS

WITH MULTI-AUTHORITIES

Submitted by
Tejaswini R M
5ZF11SSZ22

Under the Guidance

of
Roopa C.K
Assistant
Professor,
Department of IS
& E, SJCE Mysore

INTRODUCTION
Cloud storage is an important service of cloud computing.
Data access control is an effective way to ensure the data security in

the cloud.
Cloud storage service separates the roles of the data owner from the

data service provider, and the data owner does not interact with the
user directly for pro-viding data access service.
To prevent the untrusted servers from accessing sensitive data,

traditional methods usually encrypt the data and only users holding
valid keys can access the data.
These methods incur high storage overhead on the server, because

the server should store multiple encrypted copies of the same data
for users with different keys.
2

EXISTING SYSTEM
Due to data outsourcing and untrusted cloud servers, the data access control

becomes a challenging issue in cloud storage systems.

Existing access control schemes are no longer applicable to cloud storage

systems, because they either produce multiple encrypted copies of the same
data or require a fully trusted cloud server.

PROBLEM STATEMENT
Cloud storage service separates the roles of the data owner from the data

service provider.
The data owner does not interact with the user directly for providing data

access service, which makes the data access control a challenging issue in
cloud storage systems.
The cloud server cannot be fully trusted by data owners, traditional server-

based access control methods are no longer applicable to cloud storage

systems.

PROPOSED
SYSTEM

We propose Third party auditor (TPA) which acts as a proxy server

to safeguard the cloud server.

We construct a new multi-authority CP-ABE scheme with efficient

decryption. Specifically, we outsource the main computation of the

decryption by using a token based decryption method.

We also design an efficient immediate attribute revocation method

for multi-authority CP-ABE scheme

SYSTEM ARCHITECTURE

System Architecture (Level 0)

User

Cloud

Display File

UID,GPK,GS
K
Request File

CID File
Upload File

Control
Agent

AID
Secret Key

OID, Owner
Key

Owne
r

TPA

Attribut
e

Upload File

DATA FLOW DIAGRAM- High Level Design

(Level 1)
Secret key +Global public
key
Token

User
Name, IP address,
attr name, sector
name

Packet
s

Request

Request
Processin
g

UID
Response

Owne
r

Token
processi
ng
Name, IP
address

Login
process
and
generate
Id

OID

Name, IP
address

UID

Attribute
Secret Key

UID ,
Attribute
name

AID

CID
Name, IP
address

Requestin
g Secret
Key

Secret Ke

User

Cloud
File
ID

Cipher
Cipher
Text
File
File
Downloade
d

Reques
t for
File

Work Flow Diagram (High Level Design)

Select no. of
users & user
login ID UID

Generat
e Key

Decrypt
using token
+Global
Private Key
+ Owner Key

Select no. of
Owners &
login ID OID

Select no. of
Cloud
Servers with
their login

Upload any
no. of file to
cloud from
owner

Implemen
t
Encryptio
n
Algorithm

Send a token
for reading
deciphered
text

Send Secret
Key &
Global Public
Key to Cloud

Implement
Decryption
Algorithm

Select File to
be
Downloaded

Show all the

files
available in
clod server

Send Secret
key to user
from
attribute

Use Random
Key
Generator
Algorithm
9

Use Case Diagram

Control Agent
Module

Generate
UID,GPK
Generate
OID

Generate
AD

Generate
OID

TPA
10

Use Case Diagram

User Module

Request
File
Download
File

Send
Secret Key
& GPK
Decrypt
Key

11

Use Case Diagram

Owner
Module

Upload File

Authenticat
e Download

Generate
Secret Key

Send
owner key

12

Use Case Diagram

Cloud Module

Request
File
Download
File
Send
Secret Key
& GPK
Send
Token
TPA

13

Use Case Diagram

Attribute Module

Send
Agent
Authenticat
e User

14

Modules
Network Configuration Module
Input:- User Inputs (User Name, IP Address, Attribute Names,

Cloud Name ,Cloud IP Address)

Output:- Network Details (Details of user, Cloud, Owner
login)

Control Agent Module

Input:-

Network Details (IP Address, Attribute Names,

Section Name)
Output:- Functionality (AID,OID,CID,UID)

15

Modules
Encryption/Decryption Module
Input:- Files (Data Files)
Output:- Encrypted/Decrypted Files (Encrypted data)

Key Generation Module

Input:- Random Key Generator Algorithm
Output:- Key Generated, Global Public Key Global Private

Key

Attribute Setup Module

Input:- User Information
Output:- AID, Secret key generated from Previous module
16

IMPLEMENTATION
We encrypt the data using the Global public key

and owners secret key.

We decrypt the data using the Global private
key and Attribute key.
We use the RSA algorithm concept here.
We encrypt using the public key and decrypt
using the private key.

17

RSA ALGORITHM
each user generates a public/private key pair by:
selecting two large primes at random - p, q
computing their system modulus N=p.q
note (N)=(p-1)(q-1)
selecting at random the encryption key e

where 1<e<(N), gcd(e,(N))=1

solve following equation to find decryption key d

e.d=1 mod (N) and 0dN
publish their public encryption key: KU={e,N}
keep secret private decryption key: KR={d,p,q}
18

Conclusion

19

REFERENCES
[1] P. Mell and T. Grance, The NIST definition of cloud computing,
National Institute of Standards and Technology, Tech. Rep., 2009.
[2] J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy

attribute-based encryption, in Proceedings of the 2007 IEEE

Symposium on Security and Privacy (S&P07). IEEE Computer
Society, 2007, pp.321334.
[3] A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters,

Fully secure functional encryption: Attribute-based encryption and

(hierarchical) inner product encryption, in Proceedings of the 29 th
Annual International Conference on the Theory and Applications of
Cryptographic Techniques: Advances in Cryptology - EUROCRYPT10.
Springer, 2010, pp. 6291.

20

THANK YOU!

21