A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and Anonymity

A Fully Anonymous Attribute-Based Encryption to
Control Cloud Data Access and Anonymity
Submitted by Under the Guidance of
Pavan Boora Santosh Naik
M.Tech (Network & Internet Engineering) Assistant Professor
ISE Department ISE Department
Jain University Bangalore Jain University Bangalore
11/27/2016 1Jain University, ISE Department

Contents
1) Problem statement
2) Motivation
3) Introduction
4) Existing system
5) Drawbacks of existing system
6) Literature Survey
7) Proposed system
8) Software requirements
9) System design
10) System implementation
11) Results
12) Testing
13) Conclusion
14) Future enhancements
15) References
11/27/2016 Jain University, ISE Department 2

Problem Statement
• To design and implement a multi authority fully anonymous Attribute
Based Encryption control scheme to address the data privacy and
user identity privacy problems in cloud computing environment .

Motivation
• Cloud Computing provides big trends in today’s IT world. Due to the
benefits…. it provides attention on business, industry as well as academia.
• It provides computing resources dynamically via Internet. But has some
challenges related, like data confidentiality, data privacy and security.
• Privacy is related to the data contents and the users identity, so it is need
to protect the identity of users.

Introduction
• Cloud computing provides many advantages in the today’s IT world,
which enables ﬂexible, ubiquitous, on-demand, and low-cost usage of
computing resources.
• But the data is outsourced to some cloud servers, and various privacy
concerns come out from it.
• An anonymous ABE privilege control scheme to address not only the data
privacy, but also the user identity privacy.

• AnonyControl-F decentralizes the central authority and makes multi
authorities to limit the identity leakage and thus we can achieves
anonymity.
Evolution to ABE
• Identity-based encryption (IBE) was ﬁrst introduced by Shamir, in which
the sender of a message can add an identity to msg and only a receiver
with matching identity can decrypt it.
• Few years later, Fuzzy Identity-Based Encryption is proposed, which is also
known as Attribute-Based Encryption (ABE).

• In ABE an identity is viewed as a set of descriptive attributes, and
decryption is possible if a decrypter’s identity has some overlaps (same
attributes) with the one speciﬁed in the Ciphertext.
• Soon after, more general tree-based ABE schemes Key-Policy Attribute-
Based Encryption (KP-ABE) and Ciphertext-Policy Attribute-Based
Encryption (CP-ABE)

CP-ABE
• In the CP-ABE, ciphertexts are created with an access structure e.g. (A or
B) AND ( E AND F), which specifies the encryption policy, and private keys
are generated according to user’s attributes.
• A user can decrypt the ciphertext if and only if his/her attributes private
key(s) satisfy the access structure specified in the ciphertext.
• By doing so, the encrypter holds the ultimate authority about the
encryption policy. Also, the already issued private keys will never be
modified unless the whole system reboots.

Access Control via CP-ABE
PK
MSK
SKSarah:
“manager”
“IT dept.”
SKKevin:
“manager”
“sales”
OR
IT dept. AND
manager marketing








Existing System
• A semi anonymous privilege control scheme called AnonyControl that
addresses the data Confidentiality, and partial user identity privacy
leakage is present in existing access control methods. Partially tolerates
the compromise attacks towards attribute authorities.
• The key point of the identity information leakage we had in existing
scheme is that key generator issues attribute’s private key based on the
reported attribute, and the generator has to know the user’s attribute to
do so.

Drawbacks of Existing System
• Privacy risks would rise drastically because the servers may illegally
inspect user's data and access sensitive information.
• Personal data is at risk because one's identity is authenticated based on
his/her data. Scope of collude(come to a secret understanding) with
malicious Data Consumers or Data Owners to harvest others’ ﬁle contents
to gain illegal proﬁts.

Literature Survey
Author Name of the paper Existing Solution Drawbacks
V. Božovi´ c, D.
Socek, R.
Steinwandt, and V.
I. Villányi,
Multi-authority
attribute-based
encryption with
honest-but-curious
central authority
scheme is secure in
the selective ID
model and can
tolerate an honest-
but-curious central
authority.
Cant not tolerates
the compromise
attacks towards
attribute
authorities.
Violating the intent
of the encrypting
party

Literature Survey (continued..)
Author Name of the paper Existing system Drawbacks
M. Chase and S. S.
M. Chow
Improving privacy
and security in
multi-authority
attribute-based
encryption
Multi-authority
attribute-based
encryption enables
a more realistic
deployment of
attribute-based
access control, such
that different
authorities are
responsible for
issuing different
sets of attributes
Data contents
confidentiality and
privacy has been
achieved but
identity privacy
neglected

Literature Survey (continued..)
Author Name of the paper Existing system Drawback
A. Sahai and B.
Waters
Fuzzy identity-
based encryption
Fuzzy-IBE can be
used for a type of
application that we
term “attribute-
based encryption”.
Open problem is to
build other Fuzzy-
IBE schemes that
use different
distance metrics
between identities.
J. Bethencourt, A.
Sahai, and B.
Waters
Ciphertext-policy
attributebased
encryption
techniques
encrypted data can
be kept confidential
even if the storage
server is untrusted
User identity
privacy and
anonymity
neglected

Proposed System
• We propose AnonyControl-F to allow cloud servers to control user’s access
privileges without knowing their identity information.
• The proposed schemes are able to protect user’s privacy against each
single authority. No information is disclosed in AnonyControl-F.
• Proposed method implements the multiauthority Attribute Based
Encryption Control Scheme AnonyControl-F.

Software Requirements
• Operating System Windows
• Web Application Server Tomcat Web Server
• Front End Design HTML, Java, JavaScript
• Server Side Script Java Server Pages
• Database Connectivity JDBC
• Database Mysql

System Design

System Design(Continued)
Cloud Server:
• The Cloud Server, who is assumed to have adequate storage capacity, does
nothing but store them.
N Attribute Authorities:
• Authorities are assumed to have powerful computation abilities, and they
are supervised by government ofﬁces.
• The whole attribute set is divided into N disjoint sets and controlled by
each authority, therefore each authority is aware of only part of attributes.

Data Owner:
• A Data Owner is the entity who wishes to outsource encrypted data ﬁle to
the Cloud Servers. A user can be a Data owner and a Data consumer
simultaneously
Data Consumers:
• Newly joined Data Consumers request private keys from all of the
authorities, and they do not know which attributes are controlled by
which authorities.

• When the Data Consumers request their private keys from the authorities,
authorities will jointly create corresponding private key and send it to
them.
• All Data Consumers are able to download any of the encrypted data ﬁles,
but only those whose private keys satisfy the Encryption Policy can
execute the operation.

Owner_
+username
+password
+file Upload()
+Profile()
+Logout()
User Registration
+name
+username
+password
+gender
+email
+contact NO
+Location
+Experiance
+Specialiazation
+Medical Degree
+registration()
Class Login
+username
+password
+login()
File Upload
+fileid
+fname
+file data
+Get SecreteKey()
+Select Attribute()
+Set Operations()
+Upload()
Profile_
+View Profile()
Cloud Server_
+username
+password
+Strrage Files()
+Requests()
+Logout()
AA_
+username
+password
+Sign Up()
+Login()
+Generate Keys()
User_
+username
+password
+sighn up()
+Login()
+Profile()
+File Download()
+Logout()
File Download
+File ID
+File name
+Secrete Key
+Decrypt()
+Download()
CA_
+username
+password
+Login()
+User's()
+AA's()
+Logout()
Class Diagram

Central Authority Collaboration Diagram

Attribute Authority Collaboration Diagram

Owner Collaboration Diagram

User Collaboration Diagram

System Implementation
Fully Anonymity Achieved
• The key point of the identity information leakage we had in our previous
scheme as well as every existing attribute based encryption schemes is
that key generator (or attribute authorities in our scheme) issues private
key based on the reported attribute, and the generator has to know the
user’s attribute (identities) to do so.
• We need to introduce a new technique to let key generators issue the
correct attribute key without knowing what attributes the users have.

• The solution is to give all the private keys of all the attributes to the key
requester and let him pick whatever he wants.
• In this way, the key generator does not know which private keys the key
requester picked, but we have to fully trust the key requester.
• To solve this, we leverage the following to Oblivious Transfer (OT).
System Implementation ( Continued)

1-out-of-n oblivious transfer
• In cryptography, an oblivious transfer protocol (OT) is a type of protocol.........
in which a sender transfers one of many pieces of information to a receiver,
but sender remains oblivious(unware) as what piece of information has been
transferred to receiver.
• In an 1-out-of-n OT, the sender Bob has n messages M1, . . . , Mn , and the
receiver Alice wants to pick one Mi from those M1, . . . , Mn . Alice successfully
achieves Mi, and Bob does not know which Mi is picked by Alice.

• By introducing the 1-out-of-k Oblivious Transfer in our KeyGenerate
algorithm, the key-requester achieves the correct private key that he
wants but the attribute authority does not have any useful information
about what attribute is achieved by the requester.
• The key requester achieves the full anonymity(user identity privacy) in our
scheme and no matter how many attribute authorities collude (come to
secret understanding) his identity information is kept secret

Results
Home Page

• Central Authority approves the attribute authorities and users then after
approval users can request attribute authorities for unique private keys.
• In this project there are two attribute authorities which can provide
private keys against user profile attributes and these authorities can
distribute the keys without looking into the user identity information
hence anonymity has achieved
Results (continued..)

User 1 Registration Page

Attribute Authority Page

• Attribute authorities generate private keys against attributes of users here
for user1 attributes are considered as Location, Experience, Specialty, &
MedicalDegree. We can create multiple authorities and each authority can
select attributes randomly & generate private keys.
• For example if we create two Attribute authorities, one authority will
generate private keys for 2 attributes out of 4 attributes and second one
will generate for rest of 2 attributes.

Owner File Upload by applying Access policy

• Owner uploads a file with encryption by using public key generated by
authority and owner adds an access policy structure such as
(India&&Cardiology)&&(MD||exp>4) and encryption hence attribute
based encryption achieved.

User 1 trying to access(Decrypt) uploaded file

• User will decrypt the file only attributes can match the access structure
policy, in the above case user1 can not able to access & decrypt the file
and because user1 will get the popup window such as "Sorry the file
cannot Access by you", but user 2 can access & decrypt the file as user2
can satisfy the attributes which are part of access policy. Just for
verification see the user2 profile below.

User 2 Profile Page

Testing
Test
Id
Test case Title Description Expected
outcome
Status
1 Successful
user
verification
The login to the
system should be
tried by the admin
with correct
password
Login should
be successful
and user
should enter
into the
system
Success
2 Unsuccessful
verification
due to wrong
password
Login to the system
with a wrong
password
Login should
fail with an
error “invalid
Password”
success
3 Unsuccessful
verification
due to invalid
login id
Login to the system
with a invalid login
id
Login should
fail with an
error “invalid
user id”
Success

Acceptance Testing
Test Id Description of
coverage
Expected Results Covered by script
1 Verification of a
particular record
If a particular record
already exists it
displays a message
This type of test in
{verify} procedure in
every Jsp file where a
record is inserted via an
interface
2 Updating of a
particular record
All the details should
not be updated
This type of test is
covered in all the Asp files
where updations are
made.
3 Validity of login Only the authorized
persons must access
system.
This is covered in the
login procedure for the
validity of a user

Conclusion
• A semi-anonymous attribute-based privilege control scheme AnonyControl
and a fully-anonymous attribute-based privilege control scheme
AnonyControl-F to address the user privacy problem in a cloud storage
server.
• Using multiple authorities in the cloud computing system, our proposed
schemes achieve not only ﬁne-grained privilege control but also identity
anonymity while conducting privilege control based on users’ identity
information.

• More importantly, our system can tolerate up to N − 2 authority
compromise, which is highly preferable especially in Internet-based cloud
computing environment.

Future enhancements
• One of the future works is to introduce the efficient user revocation
mechanism on top of anonymous Attribute Based Encryption. Supporting
user revocation is an important issue in the real application.

References
• [1] A. Shamir, “Identity-based cryptosystems and signature schemes,” in
Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 47–
53.
• [2] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances
in Cryptology. Berlin, Germany: Springer-Verlag, 2005, pp. 457–473.
• [3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based
encryption for fine-grained access control of encrypted data,” in Proc. 13th
CCS, 2006, pp. 89–98.
• [4] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy
attributebased encryption,” in Proc. IEEE SP, May 2007, pp. 321–334.

References
• [5] M. Chase, “Multi-authority attribute based encryption,” in Theory of
Cryptography. Berlin, Germany: Springer-Verlag, 2007, pp. 515–534.
• [6] M. Chase and S. S. M. Chow, “Improving privacy and security in multi-
authority attribute-based encryption,” in Proc. 16th CCS, 2009, pp. 121–
130.
• [7] H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority
attribute based encryption without a central authority,” Inf. Sci., vol. 180,
no. 13, pp. 2618–2632, 2010.
•
• [8] V. Božovi´ c, D. Socek, R. Steinwandt, and V. I. Villányi, “Multi-authority
attribute-based encryption with honest-but-curious central authority,” Int.
J. Comput.Math., vol. 89, no. 3, pp. 268–283, 2012.

References
• [9] F. Li, Y. Rahulamathavan, M. Rajarajan, and R. C.-W. Phan, “Low
complexity multi-authority attribute based encryption scheme for mobile
cloud computing,” in Proc. IEEE 7th SOSE, Mar. 2013, pp. 573–577.
• [10] K. Yang, X. Jia, K. Ren, and B. Zhang, “DAC-MACS: Effective data access
control for multi-authority cloud storage systems,” in Proc. IEEE INFOCOM,
Apr. 2013, pp. 2895–2903.
• [11] http://www.sourcefordgde.com
• [12] http://www.networkcomputing.com/
• [13] http://www.roseindia.com/

Thank You

A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and Anonymity

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and Anonymity (20)

Recently uploaded (20)

A Fully Anonymous Attribute-Based Encryption to Control Cloud Data Access and Anonymity