Abstract-Cloud
computing provides a simplest way of data sharing which gives various profits
to the users. But directly outsourcing the confidential data to the cloud will
bring various security issues as the data may contain important information.
Identity based encryption is a favourable technique for practical data sharing
system in which user is removed from the system if his/her authorization is
expired. Revoked user cannot access the data shared before and after the expiry
of authorization, thus IBE technique offers both forward and backward security
for shared data. The modification of IBE called RS-IBE technique aims to
provide more security and privacy for the data in the cloud by reducing the
time complexity and improving performance.
General terms-Revocation ,revocable storage-identity
based encryption, AES algorithm
Keywords-KUNode
algorithm
I. INTRODUCTION
Cloud computing has
recently reached popularity and developed into a major trend in IT. We perform
such a systematic review of cloud computing and explain the technical
challenges facing in this paper. In Public cloud the “Pay per use” model is
used. In private cloud, the computing service is distributed for a single
society. In Hybrid cloud, the computing services is consumed both the private
cloud service and public cloud service. Cloud computing has three types of services.
Software as a Service (SaaS), in which customer prepared one service and run on
a single cloud, then multiple consumer can access this service as per on
demand. Platform as a Service (PaaS), in which, it provides the platform to
create application and maintains the application. Infrastructure as a Service
(IaaS), as per term suggest to provides the data storage, Network capacity,
rent storage, Data centers etc. It is also known as Hardware as a Service
(HaaS). In Cloud computing data security is prepared by the
Authentication,Encryption&
Decryption, Message
authentication code,
Hash function, and Digital signature and so on. Diffie-Hellman algorithm is
used to generate keys for key exchange step. Then digital signature is used for
authentication, thereafter AES encryption algorithm is used to encrypt or
decrypt user’s data file. Diffie- Hellman key exchange algorithm is vulnerable
to main in the middle attack. The most serious limitation is the lack of the
authentication. In final step the users send the request service to cloud
service provider for using the cloud service and also cloud service, provide
service to users. After doing this step user can used the cloud service
provider. But for more security they performed RSA algorithm for encryption
& decryption and then they use Digital Signature for Authentication. RSA
algorithm and Digital signature are used for secure communication. The
Revocable-Storage Identity-Based Encryption is a similar data security
mechanism in cloud.Existing system focuses only on identity based encryption
thus we the proposed modified RS-IBE technique which reduces complexity and
improves performance.
II. RELATED WORKS
1
Revocable IBE-KUNode algorithm
Natural
revocation way for IBE was first proposed by Boneh and Franklin. Method used by
them was to append current time period to the cipher text and each time non
revoked users are provided with private keys by the key authority but this
method is not scalable. To over comeit’s drawbacks Boldyreva, Goyal and Kumar
put forward a more efficient revocation strategy using binary tree to manage
identity. This RIBE scheme reduces key revocation complexity to good extent.
Liang et al proposed a cloud based revocable identity based re-encryption which
utilized a broadcast encryption scheme for user revocation and cipher text
update. The drawback with such a system is that malicious non revoked users can
share update key with revoked users and there by collapsing the system.
2 Text
encryption and decryption by AES
Data provider in the system uses AES algorithm for
encrypting the file before uploading them to the cloud server. The uploaded
file by the client is encrypted and decrypted by AES algorithm. The input plain
text of AES algorithm is converted into a 4×4 array , called a state.Four transformations, Add Round
Key, Sub Bytes,Shift Rows and Mix Columns, perform various operations on
the state to calculate the output state (the final cipher text). Except for AddRoundKey
each of these operations.The AddRoundKey
routine is simple XOR addition of round key and a portion of expanded key into
plaintext.Subbyteis the
SBOX for AES. It operates on each byte inthe state and performs a non-linear
substitution in the GF(28) field, which is what makes AES a
non-linear cryptographic system. In order to be invertible each value of b’
must be generated from a unique value of b. A look up table can also be
implemented for SubBytes.
SubByte operation performs an affine transformation on the inverse of byte b,
and adds it to 0xC6. Shift Rows
operates on individual rows of the state. It provides diffusion
throughout the AES algorithm. The first row is not changed. The second row is
shifted one byte to the left, with the left most byte wrapping around. The
third row shifts two bytes to the left, and the fourth row shifts three bytes
to the left with appropriate
wrapping to the right. This description is for AES-128, the
number of shifts for each row changes based on the key size.Mix Columns operates on individual
columns of the state. It provides diffusion throughout the AES algorithm. The
columns are considered polynomials over GF(28) and multiplied modulo
x4+1 with a(x) where a(x) = {03}x3 + {01}x2 +
{01}x + {02} NOTE: x4+1 is relatively prime to a(x). This can be
represented as a matrix equation.
III. PROPOSED ARCHITECTURE
In the proposed system,uses
a concept called revocable-storage identity-based encryption (RS-IBE) for
building a cost-effective data sharing systemwhich can provide the data
confidentiality and forward/backward
security of cipher text by introducing the functionalities of user revocation
and cipher text update simultaneously.The data provider decides the user group who
can access the data before uploading them in the cloud storage. The encrypted
data can be decrypted by only those users who is non revoked (authorization not
expired).This system uses KUNodes algorithm to restrict revoked user at a time
period from decrypting the cipher text. Inputs to the KUNodes algorithm is the
revocation list and the time period. It outputs the smallest subset Y of nodes
of BT such that Y contains an ancestor for each node that is not revoked before
the time period t.
STEPS:
1.
Data owner upload the file in cloud with validity time
2. Data user access the data.
2.1.
If the user tries to access the data within a specified time only he is able to
access the data
2.2. Otherwise data owner need to
update the key.
3.
Data owner update the key used by the user.
4. Then he will update the cipher text. This
will provide both forward and backward security to the data stored in a cloud
.
