Essay details:

  • Subject area(s): Engineering
  • Price: Free download
  • Published on: 7th September 2019
  • File format: Text
  • Number of pages: 2

Text preview of this essay:

This page is a preview - download the full version of this essay above.

Improving Security and Efficiency in

Attribute-Based Data Sharing

1.Mr.Gadhe Nilesh B.

Department of Computer Engineering,Shri Chhatrapti Shivaji College of Engineering,Rahuri,India

[email protected]

2.Mr.Bhaskar Swapnil A.

Department of Computer Engineering, Shri Chhatrapti Shivaji College of Engineering,Rahuri,India

[email protected]

Abstract-In the recent data sharing paradigm in distributed systems are online social networks. One of the most dangerous issues in data sharing systems is the access policies. Cipher text policy attribute-based encryption (CP-ABE) is cryptographic solution for this issue. The data owners to define their own access policies over user attributes and enforce the policies on data to be distributed. However, a key escrow problem is a major drawback in existing system. In our contribution we solve key escrow problem. The key generation center generating their private keys and decrypt any messages addressed to specific users. This is not suitable for data sharing system where the data owner make their private data only accessible to authorized users. Therefore by applying CP-ABE in the data sharing system introduce another challenge with regard to the user revocation hence the access policies are defined over the attribute universe. So, in this paper, we propose a novel CP-ABE scheme for a data sharing system by using the characteristic of the system architecture.The proposed scheme gives the following advantages: 1) the key escrow problem could be solved, the secure two-party computation between the key generation center and the data-storing center is performed, and 2) Due to proxy encryption, the selective attribute group key distribution of the ABE. Theproposed scheme gives performance and security analyses in the is efficient to securely manage the data distributed in the data sharing system.

Keywords'Data sharing, attribute-based encryption, revocation, removing escrow,access control.


In previous development of the network and computing technology(data sharing) enables many people to easily share their data with others using computing technology means external storages over the internet. People can share their data and message with friends by uploading their private photos or text message into the online social networks such as WhatsApp and Facebook; or upload highly secure personal health records (PHRs)& military information into online data servers such as Google Health for ease of sharing with their primary doctors. As people take advantage of these new services and technologies, their rights about data security and access right control also improved. The use of the data is not properly by the storage server. People would be like to make their private or secure data only accessible to the authorized people. Attribute-based encryption (ABE) is a promising cryptographic approach that gives a fine-grained data access control [3], [4], [5], [6].

 It defines access policies based on various attributes of the user,the data objector environment. The ciphertextpolicy attribute-based encryption  define the attribute set over a universe of attributes that a descriptor needs to possess fordecryption the ciphertext, and enforce it on the contents [5]. Therefore each user with a various set of attributes is allowed to decrypt various pieces of data as per the security policy. This effectively removes the need to rely on data storage server for preventing unauthorized data access, which is the traditional access control [1]. By applying cipher text policy attribute-based encryption in the data sharing system has several challenges. In CP-ABE, the key generation center (KGC) generates private keys of users on the basis of the KGC's private keys to users' associated set of attributes. The major advantage of this system is to reduce the need for processing and storing publickey certificates under  public key infrastructure (PKI). So, the  main advantage of the CP-ABE comes with a major drawback which is known as a key escrow problem.

The Key Generation Center can decrypt every CP addressed to specificusers by generating their attribute keys. Other challenge is the key revocation. Since some users can change their associate attributes at some time, and some private keys to be compromised, update or key revocation for each attribute is necessary for systems secure. This issue is even more complex especially in ABE.


There are two policies ofABE that is key-policy ABE (KP-ABE) and CP-(Cipher text) ABE. The KP-ABE are used to encrypt datadescribe by attributes and policies are built into users private keys; In CP-ABE, the attributes shows the users credentials, and  encryptor determines a policy on the user. In above two policies, CP-ABE is more essential to the data sharing system because it having the access policy decisions in the hands of the data owners[1].Cipher text-Policy Attribute-Based Encryption (CP-ABE), The user private key is based on set of attributes, and the CP(cipher text) is associated an access policy through attributes. The user can decrypt the message  if the attribute set of his private key satisfies the access policy denoted in the cipher text. In many distributed systems if a user having a certain set of credentials or attributes then a authorized user should only be able to access data .So, the only method for  a such policies is to employ a trusted server to store the data [2]. In [3], the public key revocation encryption scheme in which small cryptographic private and public keys. The important characteristics of the system are public and private key size. First, public keys in our two systems are small size. The private key is the second key cryptographic  material that must be stored on the receiving devices is small. The size of private key storage is as small as possible is very important as cryptographic keys will often be stored in tamper-resistant memory. This can be especially in sensor nodes, where maintaining less device cost is particularly crucial [3].

IBE(Identity-based encryption) is an exciting another method to public-key encryption, as IBE removes the need for a Public Key Infrastructure (PKI). The senders using Identity-based encryption do not need to look up the public keys ,the identities (e.g. IP addresses or email) are sufficient to encrypt. The most popular solution requires the data owners to also use time periods when encrypting, and all the users to update their private keys regularly by contacting the trusted authority [4].

A] Existing System

In existing system consist ofmany algorithms easily decrypt the data and single key is used for this. Most of the existing ABE schemes are based on the architecture in witch a single trusted authority, or KGC generate the whole private keys of users  private information.So, the key escrow problem is main disadvantage of existing system. The key generation center generates private keys for userfor decrypt any messages addressed to specific users. This is not sufficient for data sharing scheme, where the data owner make their private data only accessible to authorized users.

B] Proposed Solution

In this paper, we introduce a new CP-ABE scheme for a secure data sharing system. The key issuing protocol creates and issues user secret keys by performing a secure two-party computation two PC protocol in the key generation center and the data storing center. The 2PC protocol deters them from obtaining any secret information of each other so none of them  generate the whole set of user keys alone. In our scheme ,the informationprivacy and confidentiality can be cryptographically enforced against any curious KGC or data storing center. The 2PC protocol solvedkey escrow problem, which is constructed using. By taking advantage of the selective attribute group key distribution,the fine-grained user revocation per each attribute could be done by proxy encryption.


A] Data Owner

The data owner create the data, and upload it into the external data storing center for sharing. The sender  defines (attribute based) access policy, and the data owner own their data by encrypting the data under the policy before share it. Data Owner Encrypt the file using their attributes. Encryption is  process of  conversion of data in the form of cipher text .The unauthorized people that cannot be easily access this data.

B] Data Storing Centre

Data storing center stores the user data. Data storing center provides a data to the data sharing service. It controls the accesses of outside users to the storing data and providing corresponding services. The data storing centerhaving key authority that generates secrete user key with the KGC, and issues and revokes attribute group keys to authorized users according to their attribute, which gives a fine-grained user access control.. Data Storage Centers provides services like offsite record and storage,  retrieval, delivery.

C] User

The user is a person who use this system. The user access the data. If a user having a set of attributes satisfying the access policy of the encrypted data  and these policies defined by the data owner, and is not same as any of the attribute groups, then user will decrypt the cipher text and obtain the data. The user  can send the key request for decryption of data to the data owner. The received message can be decrypt using the  key send by data owner.

D ] Key Generation Centre

Key generation center generates public and private keys for CP-ABE. It is used for issuing, ,updating andrevoking  attribute keys for users. Based on their attributes it gives differential access rights to each users. Key generation center generate  keys for cryptography. This key is used to encryption and decryption of the data .


Fig: 3.1-Architecture of a data sharing system.


The key generation center and the data storing center generates users secrete key by using secure two-party computation (2PC) protocol. In the existing ABE schemes are based on the architecture where a single trusted authority, theKey generation center to generate the whole private keys of users by using its master secret information. So, the key escrow problem is inherent such that the KGC can decrypt the cipher text addressed to users by generating their private keys at any time.

Cipher text ' Policy Attribute Based Encryption

We define the CP-ABE with user revocation capability scheme. This scheme consists of the following six algorithms:

1]Setup: This algorithm is a randomized algorithm that takes no input other than the implicit security parameter. It gives outputs themaster key MK and public key PK.

2]AttributeKeyGen: The attribute key generation algorithm  has input  master key, a  attribute set and a set of user indices. It gives outputis a set of private attribute keys for each user in U that identifies by the attributes set.

3]KEKGen: The key encrypting key (KEK) generation algorithm has input a set of user indices and outputs KEKs for each user in U, which will be used for encrypting attribute wise group keys.

4]Encrypt: The encryption algorithm is a algorithm that takes as input the public parameter PK, a message 'M', and an access structure 'AA' over the universe of attributes. It gives a cipher text such that only a user who satisfies set of attributes and that satisfies the access structure will be decrypt the message.

5]ReEncrypt: The re-encryption is a randomized algorithm that has input the cipher text including an access structure and a attribute groups. If the attribute groups appear in 'AA', it re-encrypts for the attributes; else, returns specifically, it outputs a re-encrypted cipher text such that only a user who satisfies the set of attributes and that satisfies the access structure and has a authorized member for each of them at the same time able to decrypt the message.

6]Decrypt: The decryption algorithm takes the input  cipher text which contains an access structure 'AA', a private key SK, and a set of attribute group keys according to set of attributes.


' Sharing personal health record

' Personal data sharing

' Military application


Fig:-6.1Registration  page

Fig:6.2-Login page

Fig:-6.3Send message

Fig:-6.4View message

Fig:6.5 Send Key Request

Fig: 6.6Send Key

Fig:6.7 View original message

Fig:6.8  Comparative Strength of ABE and  RSA


In this paper, we proposed attribute based data sharing scheme to enforce a fine-grained data access control by exploiting the characteristic of the data sharing system. The proposed scheme features a key issuing mechanism that removes key escrow during the key generation. Thus, the proposed scheme enhances data privacy and confidentiality in the data sharing system against any system managers as well as adversarial outsiders without corresponding (enough) credentials. The proposed scheme can do an immediate user revocation on each attribute set while taking full advantage of the scalable access control provided by the cipher-text policy attribute-based encryption.


In the future, it would be interesting to consider attribute-based encryption systems by applying advanced technique for data sharing. In future, we encrypt multimedia content, to improve the performance, Neglected key expired time, we can use multi Data Storing Centre, Proxy servers to update user private key without sharing user attribute information.


[1]Junbeom Hur, 'Improving Security and Efficiency in Attribute-Based Data Sharing,' IEEE. vol:25 ,no:10.october2013.

[2] M. Pratheepa, R. Bharathi, 'Improving Security and Efficiency in Attribute Based Data Sharing,' IJSR, Volume3, Issue 1, ,January2014.

[3] B. SakthiSaravanan, R.Dheenadayalu, A.Vijayaraj,'Improving Efficiency and Security Based Data Sharing in Large Scale Network,' IJESIT, Volume2,  Issue1, January 2013.

[4]John Bethencourt, Amit Sahai, BrentWaters , 'Ciphertext-Policy Attribute-Based Encryption',IEEE,  pp:321-334,2007.

[5]R. Ostrovsky, A. Sahai, and B. Waters,'Attribute-Based Encryption with Non-Monotonic Access Structures', IEEE, pp:195-203, 2007.

[6]A. Lewko, A. Sahai, and B.Waters, 'Revocation Systems with Very Small Private

Keys',IEEE, pp:273-285, 2010.

[7]A. Boldyreva, V. Goyal, and V. Kumar,'Identity-Based Encryption with Efficientm Revocation', ACM cof: , pp:417-426, 2001.

[8]N. Attrapadung and H. Imai,'Conjunctive Broadcast and Attribute-Based Encryption',

Intl Conf :,  pp:248-265, 2009.

[9]S. Rafaeli and D. Hutchison,'A Survey of Key Management for Secure Group Communication',ACMComputingSurveys, vol:35, no:3, pp:309-329, 2003.

...(download the rest of the essay above)

About this essay:

This essay was submitted to us by a student in order to help you with your studies.

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, . Available from:< > [Accessed 07.06.20].