ABSTRACT
Data sharing is an important functionality in cloud
storage. In this article, we show how to securely, efficiently, and flexibly
share data with others in cloud storage. We describe new public-key
cryptosystems which produce constant-size ciphertexts such that efficient
delegation of decryption rights for any set of ciphertexts are possible. The
novelty is that one can aggregate any set of secret keys and make them as compact
as a single key, but encompassing the power of all the keys being aggregated.
In other words, the secret key holder can release a constant-size aggregate key
for flexible choices of ciphertext set in cloud storage, but the other
encrypted files outside the set remain confidential. This compact aggregate key
can be conveniently sent to others or be stored in a smart card with very
limited secure storage. We provide formal security analysis of our schemes in
the standard model. We also describe other application of our schemes. In
particular, our schemes give the first public-key patient-controlled encryption
for flexible hierarchy, which was yet to be known.
Existing System
There exist
several expressive ABE schemes where the decryption algorithm only requires a
constant number of pairing computations. Recently, Green et al. proposed
a remedy to this problem by introducing the notion of ABE with outsourced
decryption, which largely eliminates the decryption overhead for users. Based
on the existing ABE schemes, Green et al. also presented concrete ABE
schemes with outsourced decryption.
In these existing schemes, a user provides an
untrusted server, say a proxy operated by a cloud service provider, with a
transformation key TK that allows the latter to translate any ABE ciphertext CT
satisfied by that user’s attributes or access policy into a simple ciphertext
CT’, and it only incurs a small overhead for the user to recover the plaintext
from the transformed ciphertext CT’. The security property of the ABE scheme
with outsourced decryption guarantees that an adversary (including the
malicious cloud server) be not able to learn anything about the encrypted
message; however, the scheme provides no guarantee on the correctness of the
transformation done by the cloud server. In the cloud computing setting, cloud
service providers may have strong financial incentives to return incorrect
answers, if such answers require less work and are unlikely to be detected by
users.
Proposed
System:
We considered the
verifiability of the cloud’s transformation and provided a method to check the
correctness of the transformation. However, the we did not formally define
verifiability. But it is not feasible to construct ABE schemes with verifiable
outsourced decryption following the model defined in the existing. Moreover,
the method proposed in existing relies on random oracles (RO). Unfortunately,
the RO model is heuristic, and a proof of security in the RO model does not
directly imply anything about the security of an ABE scheme in the real world.
It is well known that there exist cryptographic schemes which are secure in the
RO model but are inherently insecure when the RO is instantiated with any real
hash function.
In this thesis work,
firstly modify the original model of ABE with outsourced decryption in the
existing to allow for verifiability of the transformations. After describing
the formal definition of verifiability, we propose a new ABE model and based on
this new model construct a concrete ABE scheme with verifiable outsourced
decryption. Our scheme does not rely on random oracles.
In
this paper we only focus on CP-ABE with verifiable outsourced decryption. The
same approach applies to KP-ABE with verifiable outsourced decryption.To assess
the performance of our ABE scheme with verifiable outsourced decryption, we
implement the CP-ABE scheme with verifiable outsourced decryption and conduct
experiments on both an ARM-based mobile device and an Intel-core personal
computer to model a mobile user and a proxy, respectively.
Problem Statement
One of the main
efficiency drawbacks of the most existing ABE schemes is that decryption is
expensive for resource-limited devices due to pairing operations, and the
number of pairing operations required to decrypt a ciphertext grows with the
complexity of the access policy.
The above observation
motivates us to study ABE with verifiable outsourced decryption in this thesis
work. Here emphasized that an ABE scheme with secure outsourced decryption does
not necessarily guarantee verifiability (i.e., correctness of the
transformation done by the cloud server).
Architecture:
MODULES”
1.
Setup Phase
2.
Encrypt Phase
3.
KeyGen Phase,
4.
Decrypt Phase
Modules Description
1
SETUP PHASE
The
setup algorithm takes no input other than the implicit security parameter. It
outputs the public parameters PK and a master key MK.
2
ENCRYPT PHASE
Encrypt(PK,M,
A). The encryption algorithm takes as input the public parameters PK, a message
M, and an access structure A over the universe of attributes. The algorithm
will encrypt M and produce a ciphertext CT such that only a user that possesses
a set of attributes that satisfies the access structure will be able to decrypt
the message. We will assume that the ciphertext implicitly contains A.
3
KEY GEN PHASE
Key
Generation(MK,S). The key generation algorithm takes as input the master key MK
and a set of attributes S that describe the key. It outputs a private key SK
4
DECRYPT PHASE
Decrypt(PK, CT,
SK). The decryption algorithm takes as input the public parameters PK, a
ciphertext CT, which contains an access policy A, and a privatekey SK, which is
a private key for a set S of attributes. If the set S of attributes satisfies
the access structure A then the algorithm will decrypt the ciphertext and
return a message M.
System Configuration:-
H/W System
Configuration:-
Processor - Pentium –III
Speed - 1.1 Ghz
RAM - 256
MB (min)
Hard
Disk - 20 GB
Floppy
Drive - 1.44 MB
Key
Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
S/W System
Configuration:-
v
Operating System :Windows95/98/2000/XP
v
Application
Server : Tomcat5.0/6.X
v
Front End
: HTML, Java, Jsp
v
Scripts : JavaScript.
v
Server side Script :
Java Server Pages.
v
Database : Mysql
v Database
Connectivity : JDBC.
CONCLUSION
How to protect users’ data privacy is a central
question of cloud storage. With more mathematical tools, cryptographic schemes
are getting more versatile and often involve multiple keys for a single
application. In this article, we consider how to “compress” secret keys in
public-key cryptosystems which support delegation of secret keys for different
ciphertext classes in cloud storage. No matter which one among the power set of
classes, the delegatee can always get an aggregate key of constant size. Our
approach is more flexible than hierarchical key assignment which can only save
spaces if all key-holders share a similar set of privileges.