Improving Security and Efficiency in
Attribute-Based Data Sharing
1.Mr.Gadhe Nilesh B.
Department of Computer Engineering,Shri Chhatrapti Shivaji College of Engineering,Rahuri,India
2.Mr.Bhaskar Swapnil A.
Department of Computer Engineering, Shri Chhatrapti Shivaji College of Engineering,Rahuri,India
Abstract-In the recent data sharing paradigm in distributed systems are online social networks. One of the most dangerous issues in data sharing systems is the access policies. Cipher text policy attribute-based encryption (CP-ABE) is cryptographic solution for this issue. The data owners to define their own access policies over user attributes and enforce the policies on data to be distributed. However, a key escrow problem is a major drawback in existing system. In our contribution we solve key escrow problem. The key generation center generating their private keys and decrypt any messages addressed to specific users. This is not suitable for data sharing system where the data owner make their private data only accessible to authorized users. Therefore by applying CP-ABE in the data sharing system introduce another challenge with regard to the user revocation hence the access policies are defined over the attribute universe. So, in this paper, we propose a novel CP-ABE scheme for a data sharing system by using the characteristic of the system architecture.The proposed scheme gives the following advantages: 1) the key escrow problem could be solved, the secure two-party computation between the key generation center and the data-storing center is performed, and 2) Due to proxy encryption, the selective attribute group key distribution of the ABE. Theproposed scheme gives performance and security analyses in the is efficient to securely manage the data distributed in the data sharing system.
Keywords'Data sharing, attribute-based encryption, revocation, removing escrow,access control.
In previous development of the network and computing technology(data sharing) enables many people to easily share their data with others using computing technology means external storages over the internet. People can share their data and message with friends by uploading their private photos or text message into the online social networks such as WhatsApp and Facebook; or upload highly secure personal health records (PHRs)& military information into online data servers such as Google Health for ease of sharing with their primary doctors. As people take advantage of these new services and technologies, their rights about data security and access right control also improved. The use of the data is not properly by the storage server. People would be like to make their private or secure data only accessible to the authorized people. Attribute-based encryption (ABE) is a promising cryptographic approach that gives a fine-grained data access control , , , .
It defines access policies based on various attributes of the user,the data objector environment. The ciphertextpolicy attribute-based encryption define the attribute set over a universe of attributes that a descriptor needs to possess fordecryption the ciphertext, and enforce it on the contents . Therefore each user with a various set of attributes is allowed to decrypt various pieces of data as per the security policy. This effectively removes the need to rely on data storage server for preventing unauthorized data access, which is the traditional access control . By applying cipher text policy attribute-based encryption in the data sharing system has several challenges. In CP-ABE, the key generation center (KGC) generates private keys of users on the basis of the KGC's private keys to users' associated set of attributes. The major advantage of this system is to reduce the need for processing and storing publickey certificates under public key infrastructure (PKI). So, the main advantage of the CP-ABE comes with a major drawback which is known as a key escrow problem.
The Key Generation Center can decrypt every CP addressed to specificusers by generating their attribute keys. Other challenge is the key revocation. Since some users can change their associate attributes at some time, and some private keys to be compromised, update or key revocation for each attribute is necessary for systems secure. This issue is even more complex especially in ABE.
II. LITERATURE SURVAY
There are two policies ofABE that is key-policy ABE (KP-ABE) and CP-(Cipher text) ABE. The KP-ABE are used to encrypt datadescribe by attributes and policies are built into users private keys; In CP-ABE, the attributes shows the users credentials, and encryptor determines a policy on the user. In above two policies, CP-ABE is more essential to the data sharing system because it having the access policy decisions in the hands of the data owners.Cipher text-Policy Attribute-Based Encryption (CP-ABE), The user private key is based on set of attributes, and the CP(cipher text) is associated an access policy through attributes. The user can decrypt the message if the attribute set of his private key satisfies the access policy denoted in the cipher text. In many distributed systems if a user having a certain set of credentials or attributes then a authorized user should only be able to access data .So, the only method for a such policies is to employ a trusted server to store the data . In , the public key revocation encryption scheme in which small cryptographic private and public keys. The important characteristics of the system are public and private key size. First, public keys in our two systems are small size. The private key is the second key cryptographic material that must be stored on the receiving devices is small. The size of private key storage is as small as possible is very important as cryptographic keys will often be stored in tamper-resistant memory. This can be especially in sensor nodes, where maintaining less device cost is particularly crucial .
IBE(Identity-based encryption) is an exciting another method to public-key encryption, as IBE removes the need for a Public Key Infrastructure (PKI). The senders using Identity-based encryption do not need to look up the public keys ,the identities (e.g. IP addresses or email) are sufficient to encrypt. The most popular solution requires the data owners to also use time periods when encrypting, and all the users to update their private keys regularly by contacting the trusted authority .
A] Existing System
In existing system consist ofmany algorithms easily decrypt the data and single key is used for this. Most of the existing ABE schemes are based on the architecture in witch a single trusted authority, or KGC generate the whole private keys of users private information.So, the key escrow problem is main disadvantage of existing system. The key generation center generates private keys for userfor decrypt any messages addressed to specific users. This is not sufficient for data sharing scheme, where the data owner make their private data only accessible to authorized users.
B] Proposed Solution
In this paper, we introduce a new CP-ABE scheme for a secure data sharing system. The key issuing protocol creates and issues user secret keys by performing a secure two-party computation two PC protocol in the key generation center and the data storing center. The 2PC protocol deters them from obtaining any secret information of each other so none of them generate the whole set of user keys alone. In our scheme ,the informationprivacy and confidentiality can be cryptographically enforced against any curious KGC or data storing center. The 2PC protocol solvedkey escrow problem, which is constructed using. By taking advantage of the selective attribute group key distribution,the fine-grained user revocation per each attribute could be done by proxy encryption.
ATTRIBUTE BASED DATA SHARING SYSTEM
A] Data Owner
The data owner create the data, and upload it into the external data storing center for sharing. The sender defines (attribute based) access policy, and the data owner own their data by encrypting the data under the policy before share it. Data Owner Encrypt the file using their attributes. Encryption is process of conversion of data in the form of cipher text .The unauthorized people that cannot be easily access this data.
B] Data Storing Centre
Data storing center stores the user data. Data storing center provides a data to the data sharing service. It controls the accesses of outside users to the storing data and providing corresponding services. The data storing centerhaving key authority that generates secrete user key with the KGC, and issues and revokes attribute group keys to authorized users according to their attribute, which gives a fine-grained user access control.. Data Storage Centers provides services like offsite record and storage, retrieval, delivery.
The user is a person who use this system. The user access the data. If a user having a set of attributes satisfying the access policy of the encrypted data and these policies defined by the data owner, and is not same as any of the attribute groups, then user will decrypt the cipher text and obtain the data. The user can send the key request for decryption of data to the data owner. The received message can be decrypt using the key send by data owner.
D ] Key Generation Centre
Key generation center generates public and private keys for CP-ABE. It is used for issuing, ,updating andrevoking attribute keys for users. Based on their attributes it gives differential access rights to each users. Key generation center generate keys for cryptography. This key is used to encryption and decryption of the data .
Fig: 3.1-Architecture of a data sharing system.
The key generation center and the data storing center generates users secrete key by using secure two-party computation (2PC) protocol. In the existing ABE schemes are based on the architecture where a single trusted authority, theKey generation center to generate the whole private keys of users by using its master secret information. So, the key escrow problem is inherent such that the KGC can decrypt the cipher text addressed to users by generating their private keys at any time.
Cipher text ' Policy Attribute Based Encryption
We define the CP-ABE with user revocation capability scheme. This scheme consists of the following six algorithms:
1]Setup: This algorithm is a randomized algorithm that takes no input other than the implicit security parameter. It gives outputs themaster key MK and public key PK.
2]AttributeKeyGen: The attribute key generation algorithm has input master key, a attribute set and a set of user indices. It gives outputis a set of private attribute keys for each user in U that identifies by the attributes set.
3]KEKGen: The key encrypting key (KEK) generation algorithm has input a set of user indices and outputs KEKs for each user in U, which will be used for encrypting attribute wise group keys.
4]Encrypt: The encryption algorithm is a algorithm that takes as input the public parameter PK, a message 'M', and an access structure 'AA' over the universe of attributes. It gives a cipher text such that only a user who satisfies set of attributes and that satisfies the access structure will be decrypt the message.
5]ReEncrypt: The re-encryption is a randomized algorithm that has input the cipher text including an access structure and a attribute groups. If the attribute groups appear in 'AA', it re-encrypts for the attributes; else, returns specifically, it outputs a re-encrypted cipher text such that only a user who satisfies the set of attributes and that satisfies the access structure and has a authorized member for each of them at the same time able to decrypt the message.
6]Decrypt: The decryption algorithm takes the input cipher text which contains an access structure 'AA', a private key SK, and a set of attribute group keys according to set of attributes.
' Sharing personal health record
' Personal data sharing
' Military application
VI] EVOLUTION AND RESULT
Fig:6.5 Send Key Request
Fig: 6.6Send Key
Fig:6.7 View original message
Fig:6.8 Comparative Strength of ABE and RSA
In this paper, we proposed attribute based data sharing scheme to enforce a fine-grained data access control by exploiting the characteristic of the data sharing system. The proposed scheme features a key issuing mechanism that removes key escrow during the key generation. Thus, the proposed scheme enhances data privacy and confidentiality in the data sharing system against any system managers as well as adversarial outsiders without corresponding (enough) credentials. The proposed scheme can do an immediate user revocation on each attribute set while taking full advantage of the scalable access control provided by the cipher-text policy attribute-based encryption.
In the future, it would be interesting to consider attribute-based encryption systems by applying advanced technique for data sharing. In future, we encrypt multimedia content, to improve the performance, Neglected key expired time, we can use multi Data Storing Centre, Proxy servers to update user private key without sharing user attribute information.
Junbeom Hur, 'Improving Security and Efficiency in Attribute-Based Data Sharing,' IEEE. vol:25 ,no:10.october2013.
 M. Pratheepa, R. Bharathi, 'Improving Security and Efficiency in Attribute Based Data Sharing,' IJSR, Volume3, Issue 1, ,January2014.
 B. SakthiSaravanan, R.Dheenadayalu, A.Vijayaraj,'Improving Efficiency and Security Based Data Sharing in Large Scale Network,' IJESIT, Volume2, Issue1, January 2013.
John Bethencourt, Amit Sahai, BrentWaters , 'Ciphertext-Policy Attribute-Based Encryption',IEEE, pp:321-334,2007.
R. Ostrovsky, A. Sahai, and B. Waters,'Attribute-Based Encryption with Non-Monotonic Access Structures', IEEE, pp:195-203, 2007.
A. Lewko, A. Sahai, and B.Waters, 'Revocation Systems with Very Small Private
Keys',IEEE, pp:273-285, 2010.
A. Boldyreva, V. Goyal, and V. Kumar,'Identity-Based Encryption with Efficientm Revocation', ACM cof: , pp:417-426, 2001.
N. Attrapadung and H. Imai,'Conjunctive Broadcast and Attribute-Based Encryption',
Intl Conf :, pp:248-265, 2009.
S. Rafaeli and D. Hutchison,'A Survey of Key Management for Secure Group Communication',ACMComputingSurveys, vol:35, no:3, pp:309-329, 2003.
...(download the rest of the essay above)