See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/320980065

IMPLEMENTATION OF ATTRIBUTE BASED ENCRYPTION WITH PRIVACY

PRESERVING IN CLOUD APPLICATION

Article · April 2016

CITATION READS

1 1,179

1 author:

Anand Krishnamurthy
Chennai Institute Of Technology
9 PUBLICATIONS   16 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

512 Bit Data Encryption using AES algorithm View project

All content following this page was uploaded by Anand Krishnamurthy on 10 November 2017.

The user has requested enhancement of the downloaded file.

 International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE)
ISSN: 0976-1353 Volume 21 Issue 2 – APRIL 2016.

IMPLEMENTATION OF ATTRIBUTE BASED

ENCRYPTION WITH PRIVACY PRESERVING
IN CLOUD APPLICATION
Vetripriya M1and Anand K2
1
PG Scholar, Department of CSE, Saveetha Engineering College, Chennai, Tamil Nadu, India
2
Associate professor, Department of CSE, Saveetha Engineering College, Chennai, Tamil Nadu, India.
[email protected]
[email protected]
On one side cloud services and utilization grows
Abstract— Security and privacy are very important issues in exponentially and on the other side, authority and security
cloud computing. In existing system access control in clouds analysts are complaining about the non-competitive security
are centralized in nature. The scheme uses a symmetric key attributes of the cloud. This concession can be removed by
approach and does not support authentication. Symmetric key rolling out newer, efficient and effective cloud security up
algorithm uses same key for both encryption and decryption.
divergence like good access control techniques, strong
The authors take a centralized approach where a single key
distribution center (KDC) distributes secret keys and digital signature, and competent encryption/decryption
attributes to all users. A new decentralized access control algorithms.
scheme for secure data storage in clouds that supports
anonymous authentication. The validity of the user who stores In cloud the access control methods sets the control and
the data is also verified. The proposed scheme is resilient to constrains to the actions done by several users over the data
replay attacks. In this scheme using Secure Hash algorithm for on the cloud. It progress the capability to allow or deny
authentication purpose, SHA is the one of several access to a resource on the cloud based on particular
cryptographic hash functions, most often used to verify that a constraints and protocols followed more progress for all the
file has been unaltered. The Blowfish and Pailier crypto system
users. The access control algorithm sets the abstraction level
is a probabilistic asymmetric algorithm for public key
cryptography. Blowfish algorithm is used to encrypt the data to the data for the cloud users by that achieving
that are stored in cloud. Pailier algorithm use for Creation of confidentiality, integrity, availability and scalability.
access policy, file accessing and file restoring process.

Index Terms—Attribute-based encryption, cloud computing, II. RELATED WORK

cipher text policy, fine-grained access control, re-encryption
The literature survey that contains a study of different
methods that available in Attribute Based
I. INTRODUCTION encryption(ABE).That methods are KP-ABE,CP-ABE,
Attribute-based Encryption methods with Non-Monotonic
In the past decade if it determines the value of investments Access Structures, ABE and Monotonic ABE .It also
made by software industries, several billions were done on contains a comparison table of each methods based on fine
Cloud. It will be more than any expense made for any other grained access control,efficiency, computational upward and
technology. More and more software, manufacturing and collusion resistant.
other region that produce quick revenue are moving towards
cloud for their storage, computing and services. The main A. Attribute based encryption (ABE)
bounce of cloud is its capability to reduce the infrastructure An attribute based encryption method introduced by
and maintenance cost needed to start computing. Cloud has Sahai and Waters in 2005 and the goal is to contribute
also become a unrigged option for companies to store and security and access control. Attribute-based encryption
maintain data securely without overheads. Let us take an (ABE) contains a public-key based one to many other
example of a scenario, to maintain the very need of cloud encryptions that allows users to encrypt and decrypt data
computing. Analysing the case of startups. Startup software based on user attributes. In that the secret key of a user and
companies are a tendency in developing countries, where a the cipher text are reliant upon attributes. In this type of
pool of talented human resources comes together to create a system, the decryption of a cipher text is probable only if the
software. After the progress and testing process is over, the set of attributes of the user key contest the attributes of the
application should be made available to the public to be cipher text. Decryption is only desirable when the number of
consumed. It use a lot of budget in terms of framework like matching is at minimum a threshold value d. Collusion-
servers, hardware, software’s and tools. Further, the cloud resistance is deciding security feature of Attribute-Based
provides all these needs by means of various models like Encryption. An attacker that holds multiple keys should only
platform as a service (PaaS), Infrastructure as a service be able to access data if at least one has their own key grants
access.
(IaaS) and software as a service (SaaS) organizing all the
computing needs.
B. Public key cryptography(PKC)
PKCbasedsolutionsweresuggested duetoitsability to

226
 International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE)
ISSN: 0976-1353 Volume 21 Issue 2 – APRIL 2016.

divide the write and read privileges. To recognize fine- symmetric key derivation schemes, which can produce
grained access control, the classic public key encryption fine-grained access control. Unfortunately, the
(PKE) based method proposed by J.Benaloh, M.Chase,E. complications of file creation and user grant/revocation process
Horvitz,and K.Lauter[1] in their discussion of ―Patient arelineartothenumberof recognizedusers,
controlled encryption: privacy of electronic medical whichislessscalable.
records‖, they described the solution for the scenario and
shows how public and symmetric based encryption are III. ARCHITECTURE
used ,disadvantage of their solution is either contain high Architecture gives a diagrammatical representation
key management overhead, or require encrypting multiple of proposed system.it consists of several components that
copies of a file using different users’ keys. are involved in enabling security in cloud application and
integrating the user, application with cloud storage. The
C. Key Policy Attribute Based Encryption(KP-ABE) components are User, Original file, Encoding, Attribute
It is the one of the modified form of traditionalmodel of based encryption, key upload, Decryption.
ABE. Users are allowing with an access tree structure over
the data attributes. Threshold values are the nodes of the
access tree. The attributes are associatedby leaf nodes. To
reproduce the access tree Structure the secret key of the user
is defined. Cipher texts are labelled with sets of attributes
and private keys are combining with monotonic access
structures that authorized which cipher texts a user is
capable to decrypt. Key Policy Attribute Based Encryption
(KP-ABE) method is designed for one-to-many
communications.

KP-ABE scheme consists of the following four functions:

a) Setup: Algorithm takes input K as a security parameter

and return the value of PK as public key and a system
master secret key MK.PK is used by message senders
for encryption. MK is used to produce user secret keys
and is described only to the authority.
b) Encryption: Algorithmit takes a message M, the public
key PK, and it contains of attributes as input. It outputs
the ciphertext E.
c) Key Generation: Algorithm takes as input to access a
structure T and the master secret key MK. It produces
an output as a secret key SK that enables the user to
decrypt a message encrypted under a set of attributes if
and only if matches T.
d) Decryption: It takes as input the user’s secret key SK
for access structure T and the ciphertext E, which was
encrypted under the attribute set . This algorithm
outputs the message M if and only if the attribute set
satisfies the user’s access structure T. Fig.1. Architecture of Attribute based Encryption process
The KP-ABE scheme can achieve fine-grained access
control and more flexibility to control users than ABE The architecture contains the works of user, attribute based
scheme. encryption, request file access, key upload and decryption.
The problem with KP-ABE scheme is the encryptor cannot
decide who can decrypt the encrypted data. It can only A. User:
choose descriptive attributes for the data, it is unsuitable in User can upload the file in the cloud storage for
some application because a data owner has to trust the key later use and they can share the files with other users. The
issuer. user can also act as Data owner
D. Symmetrickeycryptography(SKC)
Symmetric-keyalgorithmsareone of B. Attribute based Encryption:
theclassofalgorithmsforcryptographythatusethesamecrypto Here the attribute based encryption contains the
graphickeysfor both the operation of encrypting encrypting the files by using an algorithm of blowfish and
theplaintextanddecrypting Pailier algorithm using that the encryption process are
theciphertext.Thekeysmaybeexact ortheremaybeasimple carried out.
transformationtogobetweenthetwokeys.The keys,in
proceeding,representa sharing of secret between two or C. Requesting file access:
more parties that can be used to preserve a confidential After the uploading of file from the Data owner the
information link Vimercati Suggested a solution for other user can also access the file and use the file by
securing outsourced dataonsemi-trusted servers form on requesting the file access from the data owner through the

227
 International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE)
ISSN: 0976-1353 Volume 21 Issue 2 – APRIL 2016.

mail. The request is send through the mail and response is D. Encryption
sent back through mail with the encryption key. An attribute based encryption scheme (ABE), in
contrast, is a scheme in which each user is identified by a set
D. Key Upload of attributes, and some function of those attributes is used to
After the response through the mail the encryption determine decryption ability for each cipher text. It takes
key is send to the user who requesting the file by uploading the input public key and secret key. The generated Secret
the encryption key the file can downloaded by the user. key (SK), H matches with the access tree and encrypt the
hash function. That results in Digital signature. The
IV. IMPLEMENTATION encryption of hash function takes place if and only if it
Implementation includes Insertion of Data, Enrolling the matches with the Access structure (A). Otherwise it returns
Userdetails, User request,Encryption and the processing that theλ . The encryption method is to find value of H(x). Thus
are carried out. resultant of encryption is H(x).Thus Encryption of data is
A. Insertion of Data done using Cloud server. Encryption is the most effective
In this module and admin has to upload its files in a way to achieve data security. To read an encrypted file, you
cloud server, he/she should register first. Then only he/she must have access to a secret key or password that enables
can be able to do it. For that he needs to fill the details in the you to decrypt it. Unencrypted data is called plain text
registration form. These details are maintained in a database. encrypted data is referred to as cipher text.Data, often
Any of the above mentioned person have to login, they referred to as plaintext t, is encrypted using an encryption
should login by giving their email id and password. Initially algorithm and an encryption key. This process generates
data admin request for registration to cloud service. Then ciphertext that can only be viewed in its original form if
service provider sends random value and the encrypted decrypted with the correct key. Let m be a message to be
secret key to the data owner as shown below: encrypted where m Zn. Select random r where r Z*n. •
Ack(Di)=Msg(r,enc(sk)) After retrieving of the data from Compute cipher text as: c= ek (x; r ) = gm.rn mod n2
the cloud service provider, data owner upload or manipulate Decryption • Cipher text: cZ*n2. • Compute message:
his file after authenticate him as shown below.Auth1=fist m=dk(y)= (L(yλ mod n2 ))/((L(gλmodn2))modn.
part (Enc(Dec(Sk))/2) Auth2=Second part(enc(Dec(sk))/2)
Auth1 code sent to service and second to verifier. If the both V. CONCLUSION
authorities approved his authentication parameters then only In Attribute based encryption techniques different
he allowed uploading or manipulating the data in cloud methods are used like Public key cryptography,Key Policy
service. Attribute Based Encryption and Symmetrickeycryptography
are used for the data security in cloud applications and cloud
B. Enrolling the user details storages. The implementation process contain with the
A system user is a person who interacts with encryption algorithm of blowfish and pailier algorithm
a system, typically through an interface, to extract some through that it prevent the data with more security and
functional benefit. User-centered design, often associated unauthorized used cannot able to access the data and
with human–computer interaction, considers a wide range of authorized user cannot access the file without the permission
generic systems. System user also defines the behavior of of the data owner and encryption key from the above
the system operations and how the audience (end-user) algorithm and method it provide an High data security to the
would interact with the system using pre-designed triggers files in cloud applications.
such as buttons/mouse/keyboard. In order for the system to
work on a larger scale using various databases system would REFERENCES
have to create an interface that would be suitable for specific
[1] Arshad, J, Townend, P, JieXu (2009).‖Quantification of Security for
level of knowledge that the end user acquires.
Compute Intensive Workloads in Clouds‖ Parallel and Distributed
Systems (ICPADS), 15th International Conference on , vol., no.,
C. User Request pp.479,486, 8-11 Dec.. Sahai and B. Waters‖.Fuzzy identity-based
In this module if a user wants to access the data encryption‖,ǁ in Proc.EUROCRYPT, (2005), pp. 457–473.
[2] Attrapadung.N, Herranz.J, Laguillaumie.F,Libert.B, Panafieu.E, and
which is stored in a cloud, he/she should register their
Ràfols.C,(2012) ―Attribute-based encryption schemes with constant-
details first. These details are maintained in a Database. The size ciphertexts‖ Theor. Comput.Sci., vol. 422, pp. 15–38.
Authorized users can download the file from cloud database. [3] Bellare.M, Boldyreva.A, and Palacio.A (2004), ―An uninstantiable
In this module, if a cloud service provider (maintainer of random oracle- model scheme for a hybrid-encryption problem,‖ in
Proc. EUROCRYPT, pp. 171188. M. Green, A. Akinyele, and M.
cloud) wants to do some cloud offer, they should register
Rushanan, Libfenc: The Functional Encryption Library.
first. Users can able to access his/her account by the [4] Canetti.R, Goldreich.O, and Halevi.S, (1998), ―The random oracle
corresponding data admin.Methods, systems and computer methodology, revisited (preliminary version),‖ in Proc. STOC, pp.
program products are disclosed for monitoring user login 209–218.
[5] CCSW 2009. ACM, New York, NY, USA, 97-102.
activity for a server application in a computer network. The
[6] Chatterjee.S and A.Menezes (2011). ―On cryptographic protocols
methods, systems, and computer program products can employing asymmetric pairings‖—The role of
monitor communication data between a server application revisited,ǁDiscreteAppl.Math., vol. 159, no. 13, pp. 1311–1322.
and a client. The methods, systems, and computer program [7] Cheung.L and Newpor C. (2007), ―Provably secure ciphertext policy
ABE,‖ in Proc. ACM Conf. Computer and Communications Security,
products can also include applying one or more detectors to
pp. 456–465.17.
the communication data to identify a variety of [8] Chung. Y. T., Kalai Y. T., and Vadhan. S. P. (2010), ―Improved
predetermined activity. delegation of computation using fully homomorphic encryption,‖ in
Proc. CRYPTO, pp. 483–501.
[9] Computing by Mohit Marwaha1, Rajeev Bedi( 2013).‖ Applying
Encryption Algorithm for Data Security and Privacy in Cloud‖ in

228
 International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE)
ISSN: 0976-1353 Volume 21 Issue 2 – APRIL 2016.
International Journal of Computer Science Issues, Vol. 10, Issue 1,
No 1, January.
[10] Ed. Springer-Verlag, Berlin, Heidelberg, 465-482.
[11] Gennaro.RGentry.C, and Parno.B,(2010)―Non-interactive verifiable
computing: Outsourcing computation to untrusted workers,‖ in
Proc.CRYPTO, pp. 465–482.
[12] GentryMN. C., ―Fully homomorphic encryption using ideal lattices,
(2009)‖ in Proc. STOC, pp. 169–178.
[13] Gentry.C and Halevi.S(2011), ―Implementing gentry’s fully-
homomorphic encryption scheme,‖ in Proc. EUROCRYPT, pp. 129–
148.
[14] Goldwasser.S and Kalai Y. T ( 2003), ―On the (in)security of the fiat-
shamir paradigm,‖ in Proc. FOCS, pp. 102–113.
[15] Green.M, Hohenberger.S, and Waters.B, (2011) ―Outsourcing the
decryption of ABE ciphertexts,‖ in Proc. USENIX Security Symp.,
San Francisco, CA, USA.
[16] Hohenberger.S and Waters.B, (2013) ―Attribute-based encryption
with fast decryption,‖ in Proc. Public Key Cryptography, pp. 162–
179.
[17] JunzuoLai,Deng, R.H, Chaowen Guan, JianWeng (2013),‖Attribute-
Based Encryption With Verifiable Outsourced Decryption‖
Information Forensics and Security, IEEE Transactions on , vol.8,
no.8, pp.1343,1354, Aug.
[18] Matthew Green, Susan Hohenberger, and Brent Waters (2010).‖
Outsourcing the decryption of ABE ciphertexts‖. In Proceedings of
the 20th USENIX conference on Security (SEC'11).USENIX
Association, Berkeley, CA, USA, 34-34.
[19] MihaiChristodorescu, Reiner Sailer, Douglas Lee Schales, Daniele
Sgandurra, and Diego Zamboni (2009). ―Cloud security is not (just)
virtualization security‖: a short paper. In Proceedings of the ACM
workshop on Cloud computing security
[20] Nielsen J. B (2002), ―Separating random oracle proofs from
complexity theoretic proofs: The non-committing encryption case,‖ in
Proc. CRYPTO, pp. 111–126.
[21] Patrick P. Tsang, Sherman S. M. Chow, and Sean W. Smith (2007).‖
Batch pairing delegation‖.InProceedings of the Security 2nd
international conference on Advances in information and computer
security (IWSEC'07), Atsuko Miyaji,Hiroaki Kikuchi, and Kai
Rannenberg (Eds.). Springer-Verlag, Berlin, Heidelberg, 74-90.
[22] QiangDuan, Yuhong Yan, Vasilakos,AV.‖A Survey on Service-
Oriented Network Virtualization Toward Convergence of Networking
and Cloud Computing‖ Network and Service Management, IEEE
Transactions on, vol.9, no.4, pp.373,392.
[23] RafailOstrovsky, AmitSahai, and Brent Waters (2007). ―Attribute-
based encryption with non-monotonic access structures‖ In
Proceedings of the 14th ACM conference on Computer and
communications security (CCS '07). ACM, New York,
[24] Rosario Gennaro, Craig Gentry, and Bryan Parno (2010).‖ Non-
interactive verifiable computing: outsourcing computation to
untrusted workers.‖ In Proceedings of the 30th annual conference on
Advances in cryptology (CRYPTO'10), Tal Rabin
[25] Saravana Kumar Na,Rajya Lakshmi G.Vb,BalamuruganBa (2015)
―Enhanced Attribute Based Encryption for Cloud Computing
“International Conference on Information and Communication
Technologies (ICICT). r Science 46 689 – 696.
[26] VipulGoyal, OmkantPandey, AmitSahai, and Brent Waters (2006).
―Attribute-based encryption for fine-grained access control of
encrypted data‖. In Proceedings of the 13th ACM conference on
Computer and communications security (CCS).ACM, New York, NY,
USA, 89-98.
[27] Waters.B(2011) ―Ciphertext-policy attribute-based encryption: An
expressive, efficient, and provably secure realization in Proc. Public
Key Cryptography‖.

229
View publication stats