International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
HASBE: Hierarchical Attribute-based solution
for Flexible and Scalable Access Control in
Cloud computing.
Gayathri. D1, Anusha.B 2, Sathya Anjusha.P 3, Madhuri.N 4
Dept. of CSE, BITM Bellari, Karnataka - 583104
1
[email protected],2
[email protected],
[email protected] ABSTRACT: It is used to describe both a platform and
Cloud is used for virtualization, type of application. It also describes
parallel and distributed computing, applications that are extended to be
utility computing, and service accessible through the internet. These cloud
oriented architecture to store user applications use large data centres and
data. the benefits of cloud computing powerful servers that host web applications
are reduced data leakage, decrease and web services. Anyone with a suitable
evidence acquisition time, they internet connection and a standard browser
eliminate or reduce service can access a cloud application.
downtime, they forensic readiness,
they decrease evidence transfer time.
main factor to be discussed is
security of cloud computing, which
is a risk factor involved in major
computing fields. Cloud computing
is basically an internet based
network made up of large number of
servers – mostly based on open
standards, modular and inexpensive.
I. INTRODUCTION
Cloud computing is internet-(“CLOUD”)
based development and use of computer
technology (“COMPUTING”). It is a
general term for anything that involves
delivering hosted services over the internet.
User of the cloud only care about the service
or information they are accessing – be it
from their PCs, mobile devices, or anything II. WORKING OF CLOUD
else connected to the Internet – not about the COMPUTING
underlying details of how the cloud works.
www.ijcrd.com Page 59
� International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
Super computers today are mainly used by
the military, government intelligence
agencies, universities and research labs, and
large companies to tackle enormously
complex calculations for such tasks as
simulating nuclear explosions, predicting
climate change, designing airplanes, and
analysing which proteins in the body are
likely to bind with potential new drugs.
Cloud computing aims to apply that kind of
power –measured in the tens of trillions of
computation per second- to problems like
analysing risk in financial portfolios,
delivering personalized medical information,
even powering immersive computer games, III. CLOUD SERVICES:
in a way that users can tap through the web.
It does that by networking large groups of Infrastructure-as-a-service:
servers that often use low cost consumer PC Infrastructure-as-a-service like
technology, with specialised connections to Amazon web services provides
spread data processing chores across them. virtual servers with unique IP
By contrast, the newest and most powerful address and blocks of storage on
desktops PCs process only about 3 billion demand. Customers benefit from an
computations a second. Let’s say you’re an API from which they can control
executive at a large corporation. Your their servers. Because customers can
particular responsibilities include making pay for exactly the amount of
sure that all of your employees have the service they use, like for electricity
right hardware and software they need to do or water, this service is also called
their jobs. Buying computers for everyone utility computing.
isn’t enough—you also have to purchase
software or software licenses to give Platform-as-a-service:
employees the tools they require. Whenever Platform-as-a-service is a set of
you have a new hire, you have to buy more software and development tools
software or make sure your current software hosted on the provider’s servers.
license allows another user. It’s so stressful Developers can create applications
that you find it difficult to go. using the providers APIs. Google
apps is one of the most famous
Platform-as-a-service provider’s
.Developers should take notice that
there aren’t any interoperability
standards(yet), so many providers
may not allow you to take your
application and put it on the other
platform.
Software-as-a-service:
www.ijcrd.com Page 60
� International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
Software-as-a-service is a broadest Choose the solution that best meets
market. In this case the provider the needs of your organization across
allows the customer only to use it on-premises, hosting provider, and
applicants. The software interacts Microsoft Azure.
with the user through a user
interface. These applicants can be V. APPLICATION
anything from web based email, to
applicants like Twitter and Last.fm. A cloud application leverages cloud
computing in software architecture, often
eliminating the need to install and run the
application on the customer’s own
computer, thus alleviating the burden of
software maintenance, ongoing operation,
and support. For example:
Peer-to-peer/volunteer computing
(BOINC, Skype)
Web applications (Webmail, Face
book, Twitter, You tube, Yammer)
Security as a Service ( Google Apps,
Sales force, Nivio ,Learn.com, Zoho
)
Software plus services (Microsoft
Online Services)
Storage [distributed]
Content distribution (Bit Torrent,
Amazon Cloud Front)
Synchronisation (Drop box, Live
IV. BENEFITS OF CLOUD Mesh, Spider Oak, Zumo Drive)
COMPUTING:
VI. HASBE:
Accelerate innovation and business
agility by providing faster ways to To provide additional security for the data
build and scale new apps and stored in the cloud. Various cryptographic
services to go from local to global in techniques has been used for secure
no time outsourcing of data. The proposed HASBE
Speed IT delivery to match the pace is used for enhanced security settings. In this
of business. Spend less time we use bilinear mapping techniques to
managing hardware and more time enhance secure key exchange of the data.
focusing on high-priority
investments
Reduce capital expenses—hardware,
facilities, operations, and even
power—with computing on-demand
www.ijcrd.com Page 61
� International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
• Easier disaster recovery.
IX. HASBE SCHEME
Our system model consists of a
trusted authority, multiple domain
authorities, and numerous users
corresponding to data owners and
data consumers. The trusted authority
is responsible for generating and
The system consists of five types of parties: distributing system parameters and
a cloud service provider, data owners, data root master keys as well as
consumers, a number of domain authorities, authorizing the top-level domain
and a trusted authority. The cloud service authorities.
provider manages a cloud to provide data
storage service. Data owners encrypt their X. IMPLEMENTATION
data files and store them in the cloud for
sharing with data consumers. To access the ALGORITHMS USED
shared data files, data consumers download hasbe -setup: Generates a public
encrypted data files of their interest from the key (PK) and a master key (MK)
cloud and then decrypt them. Each data hasbe -keygen: Given PK and MK ,
owner/consumer is administrated by a generates a private key for a key
domain authority. A domain authority is structure. The key structure with
managed by its parent domain authority or depth 1 or 2 is supported
the trusted authority. Data owners, data hasbe-enc: Given PK , encrypts a
consumers, domain authorities, and the file under an access tree policy .
trusted authority are organized in a hasbe-dec: Given a private key,
hierarchical manner as shown in the figure. decrypts a file.
hasbe-rec: Given PK, a private key
VII. KEYWORDS: and an encrypted file, re-encrypt the
file.
Attribute-based encryption, access
control, cloud computing, hierarchical OPERATIONS
attribute-based encryption., software
as a Service (Saas). Data Owner Module
VIII. ADVANTAGES In this module, the data owner
uploads their data in the cloud
• Low initial capital investment server. For the security purpose the
• Shorter start-up time for new data owner encrypts the data file and
services then store in the cloud. The data
• Lower maintenance and operation owner can change the policy over
costs data files by updating the expiration
• Higher utilization through time. The Data owner can have
virtualization capable of manipulating the
www.ijcrd.com Page 62
� International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
encrypted data file. And the data associated with the user’s decryption
owner can set the access privilege to key.The trusted authority calls the
the encrypted data file. algorithm to create system public
parameters PK and master key MK.
Data Consumer Module PK will be made public to other
parties and MK will be kept secret.
In this module, the user can only
When a user sends request for data
access the data file with the
files stored on the cloud, the cloud
encrypted key if the user has the
sends the corresponding ciphertexts
privilege to access the file. For the
to the user. The user decrypts them
user level, all the privileges are given
by first calling decrypt(CT,SK) to
by the Domain authority and the
obtain DEK and then decrypt data
Data user’s are controlled by the
files using DEK.
Domain Authority only. Users may
try to access data files either within XI. SECURITY AND PERFORMANCE
or outside the scope of their access
privileges, so malicious users may We assume that the cloud server provider is
collude with each other to get untrusted in the sense that it may coperate
sensitive files beyond their with malicious users (short for data
privileges. owners/data consumers) to harvest file
contents stored in the cloud for its own
Cloud Server Module benefit. In the hierarchical structure of the
system users given in Fig. 1, each party is
The cloud service provider manages
associated with a public key and a private
a cloud to provide data storage
key, with the latter being kept secretly by
service. Data owners encrypt their
the party. The trusted authority acts as the
data files and store them in the cloud
root of trust and authorizes the top-level
for sharing with data consumers. To
domain authorities. A domain authority is
access the shared data files, data
trusted by its subordinate domain authorities
consumers download encrypted data
or users that it administrates, but may try to
files of their interest from the cloud
get the private keys of users outside its
and then decrypt them.
domain. Users may try to access data files
either within or outside the scope of their
Attribute based key generation
access privileges, so malicious users may
Module
collude with each other to get sensitive files
The trusted authority is responsible beyond their privileges. In addition, we
for generating and distributing assume that communication channels
system parameters and root master between all parties are secured using
keys as well as authorizing the top- standard security protocols, such as SSL.
level domain authorities. A domain
authority is responsible for
delegating keys to subordinate
domain authorities at the next level
or users in its domain. Each user in
the system is assigned a key structure
which specifies the attributes
www.ijcrd.com Page 63
� International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
Fig. 2. Example key structure.
We analyze the computation complexity for
each system operation in our scheme as
follows.
System Setup.
Top-Level Domain Authority Grant.
New User/Domain Authority Grant.
New File Creation
User Revocation.
File Access.
File Deletion.
XI SCOPE XIII REFERENCES
HASBE employs multiple value [1] Amazon Elastic Compute Cloud
assignments for access expiration time (Amazon EC2) [Online]. Available:
to deal with user revocation more http://aws.amazon.com/ec2/.
efficiently than existing schemes. The
security of HASBE based on security of [2] Amazon Web Services (AWS) [Online].
the cipher text-policy attribute-based Available: https://s3.amazonaws.Com.
encryption (CP-ABE) scheme and
[3] G.Wang, Q. Liu, and J.Wu, “Hierachical
analyze its performance and
attibute-based encryption for fine-grained
computational complexity.
access control in cloud storage services,” in
XII CONCLUSION Proc. ACM Conf. Computer and
Communications Security (ACM CCS),
In this paper, we introduced HASBE for Chicago, IL, 2010.
providing addition security for the data [4] S. Yu, C. Wang, K. Ren, and W. Lou,
stored in the cloud. HASBE algorithm is “Achiving secure, scalable, and fine-grained
used for encryption, through RSA and DES data access control in cloud computing,” in
algorithm we can easily debug the key Proc. IEEE INFOCOM 2010, 2010.
concept, So that user can easily understand [5] Introduction to cloud computing
the encrypted data. To avoid this we have wikipedia
proposed HASBE. We formally prove the
security of HASBE .Finally, we [6] Web guild.org
implemented the proposed scheme, http://www.webguild.org/
evaluation, which showed its performance
and advantages. [7] How stuff works.com
http://communication.howstuffworks.com/
[8] Cloud security.org
http://cloudsecurity.org/
www.ijcrd.com Page 64
�International Journal of Combined Research & Development (IJCRD)
eISSN:2321-225X;pISSN:2321-2241 Volume: 2; Issue: 4; April-2014
www.ijcrd.com Page 65
