Essay details:

  • Subject area(s): Engineering
  • Price: Free download
  • Published on: 7th September 2019
  • File format: Text
  • Number of pages: 2

Text preview of this essay:

This page is a preview - download the full version of this essay above.

Audit Free Cloud Storage Using Deniable Attribute Based Encryption Algorithm

  1Shalini M, 2S Mounica, 2Vinutha T S, 2Sahana S, and 2Vijaya Shetty S

1Department of Computer Science and Engineering, Nitte Meenakshi Institute of Technology, Bangalore, India;

[email protected]; [email protected]; [email protected]; [email protected] [email protected]


The term "cloud storage" is been used everywhere. In the simplest terms, cloud storage means storing and accessing data over the Internet instead of our computer's hard drive. To ensure privacy of an individual, many schemes are proposed for encrypting the data of users in cloud storage to protect from the one who don't have access. All schemes that were proposed will assume that storage providers are secure and stored data is never disclosed; however, in reality, some of the authorities may force the cloud storage providers to leak out the cloud user secrets or personal data that is stored on the cloud. In our work, we provide a design for a cloud storage encryption scheme that allows cloud storage providers to create fake users information to ensure user privacy. Since authorities who demand for user secrete cannot decide if the information they get about the user are true or not, therefore the cloud storage providers make sure that user privacy is still protected. The user is assigned with a rank based on personal information (Attribute) when he registers. This rank of a user enhances the privacy and provides access control to the data which is stored on cloud. Each file uploaded will be assigned with ranks i.e. which rank user can only access the file. If rank of the user does not match then a fake file will be downloaded.

Keywords: Cloud Storage, Cloud Storage Providers, Attribute Based Encryption (ABE), Deniable Encryption, Rank, Access Control.


Cloud storage is defined as 'the storage of data online in the cloud', where in data is stored and accessible from multiple distributed and connected system that consists of cloud. The physical storage is usually accessed by multiple servers, and the physical environment is generally owned and handled by an organization. These cloud storage providers are answerable for keeping the data available and accessible. Many organizations buy or rent storage from the cloud providers to store their application data. This cloud storage services can be accessed by web application programming interface (API) or by mobile apps. Because to protect user data that is stored is encrypted using different scheme [1]. Attribute-based encryption is a kind of public-key encryption in which the secret key of a user and the ciphertext are reliant upon attributes. In such a structure, the decryption of a ciphertext is possible only if the set of attributes of the user key equals the attributes of the ciphertext. A central security feature of Attribute-Based Encryption is collusion-resistance.  These schemes assume that, cloud providers don't disclose the cloud user's data and secretes. As an example, in 2010, without notifying its users, Google released user documents to the FBI after receiving a search warrant [2]. In 2014, Edward Snowden disclosed the existence of global surveillance programs that collect such cloud data as emails, texts, and voice messages from some technology companies [3], [4]. Since it is difficult to fight against illegal access we built a deniable encryption. this was first proposed in[5] In this encryption a fake user data will be created if the person found to be unauthorized , so they will be satisfied with the fake data and assume it to be original and don't try to access again. In our work we have used a concept of Rank, where each user has their own rank and uses when they upload a file to cloud. This ensures that a file is secured and only authorized person can access.


The concept of Attribute Based Encryption (ABE) is that the attributes of the user is used to provide file access to the other users .When the user tries to access a file which is encrypted and is stored on cloud, the attributes of that user are checked first, if matches with the file attributes only then the user will get decrypted file. If attributes do not match, then the user can not decrypt the file [6]. This concept has helped cloud storage providers to maintain privacy of the user data. There are 2 types of ABE 1.Key Policy ABE (kp-ABE) 2.Cipher text Policy ABE. In Key Policy ABE user encrypts the data using set of attributes of the user [7]. In concept of kp-ABE the private key is associated with the access policy and cipher text is associated with the set of attribute. The concept of deniability is used along with the ABE, where it helps to deny the unauthorized users. The scheme of deniable encryption is nothing but it also similar to common encryption schemes, deniable encryption can be separated into a deniable shared key scheme and a public key scheme. For cloud storage scenario we focus on public key scheme. Because of this scheme, the dispatcher gets a data which seems to be oblivious plane text that was stored [8]. This scheme is applied on to the receiver side such that the scheme is a bi-deniable scheme as it is used both on sender and receiver side but while performing this scheme operation there are some disadvantage like Computational overhead on both the side.

The future enhancement of this scheme can by using ciphertext-policy Attribute Based Encryption (CP-ABE) using this CP-ABE cloud storage providers can provide convincing fake user information to the outside coercer [9]. As the coercer don't know the data that he gets  about the user is original or fake, he never tries again to disturb the cloud providers to obtain the users data. So by using this CP-ABE in cloud storage the user privacy is still confined and his information is not disclosed to anyone by assigning the access control.



Deniable encryption involves both senders and receivers, senders are the one who encrypts the data and transmit it to the user who is called receiver decrypts it. In which a fake data of a cipher texts is created, such that coercers (unauthorized person) are satisfied and don't try again to access. Senders are the one who upload the file and receiver are the one who download the encrypted file from cloud [10].This approach tries to make the efforts of the coerces useless but he assume that his efforts are worth full .We make use of this technique such that cloud storage providers can ensure the audit-free storage services for the cloud users by providing fake data. We use the characteristics of ABE (attributes of user used for encryption) for securing stored data and deniable encryption to prevent outside auditing.


A cloud storage service has widely been used by everyone all over the world for storing their application file. User can store their data on the cloud and access it anywhere and anytime. To preserve user privacy, the data stored on the cloud is encrypted and protected from access by other users. However, in reality entities like some authorities or coercer intercept communications between user and cloud storage providers where they request to leak out the user secrets by using government or other means of power [11]. Thus, we define an algorithm; Attribute based Encryption (ABE) which uses the attributes of the user to generate a key and this key is used in encryption scheme. Hence, ABE is regarded as one of the most suitable encryption scheme for cloud storage. In this algorithm the attributes are verified before the data he try to access and he can successfully decrypt if he has access permission else he is denied by the deniability scheme [12].


Deniable (CP-ABE): Our plan-ahead, bideniable, and multi-distributional CP-ABE scheme is composed of the following algorithms [13]:

Setup(1) ' (PP,MSK): This algorithm takes security parameter  as input and returns public parameter PP and system master key MSK.

KeyGen(MSK, S) ' SK: Given set of attributes S and MSK, this algorithm outputs private key SK.

Enc(PP,M,A) ' C: This encryption algorithm takes as input public parameter PP, message M, and access structure A = (M, p) over the attributes. This algorithm encrypts message, M and outputs a ciphertext C, which can be decrypted by those who has an attribute set that satisfies access structure A.

Dec(PP, SK,C) ' {M,'}: This decryption algorithm takes as input public parameter PP, private key SK with its attribute set S, and ciphertext C with its access structure A. If S satisfies A, then this algorithm returns M(message); otherwise, this algorithm returns '(fake message)[14].

Fig 3.4.1: Decryption process using CP-ABE

 Figure 2.4.1 Show how the decryption is done using cipher text policy ABE. The user satisfying the attribute set only gets the original message


Cloud storage has become a social phenomenon used by everyone to store their organizational data and files. User may lose their control on their data stored on cloud, because the data is stored on someone else storage device. The different authority (coercer) may force the storage providers to disclose the user secretes to avoid, their many schemes proposed but they assume cloud storage providers are trusted and no one hack their data [15]. We propose a scheme in which a rank is assigned to each user and they use this rank when they upload the data to cloud. The user who try to access this file should satisfy the rank only then he gets an original file else a convincing fake data is provide. So the authority does not try again to access the file.


Rank is an attribute of a user generated using date of joining and designation. It is an important parameter used to upload file to cloud and download file from cloud. Joindate is passed to a function where it is compared with a threshold value, if it is equal or less than the threshold value then value of Rank1 variable is 1 else it is the difference between joindate and threshold value. Designation of a person is compared with an array containing list of designations. If this matches it returns an index value and this is a second variable known as Rank2.One more function is created to calculate the average of Rank1 and Rank2 variables and the final value is assigned to a variable called Rank.

Joindate(): this function takes a input of user joining date compares with threshold date and generates a number called num1.

Design(): the function takes users designation as input and produce a number called num2.

RankingAlgo(): The input for this algorithm is from the above 2 functions, using this two parameter a algorithm generates a rank for each user.




Fig 5.1: Proposed System Architecture

The system Architecture shows the process of encryption and decryption of the file. A key is generated by using the attributes of user. This Attribute key is used to encrypt the data and uploaded to the cloud. When a another user try to access this data his attribute and key is checked if matches he is authorized user and gets original data, otherwise he is treated has unauthorized user and he will get a fake data from which he will be convinced and do not try again to access. Here an attribute of a user plays an important role to protect the privacy and which decides who can only access the encrypted data by setting an access control for multiple user data sharing but still maintaining the privacy of the user files.


The results of the proposed system and different test cases are given below.

Test case 1: Admin Login

' Admin enters admin id and password.

' System checks for correctness of admin id and password.

' If match then home page is displayed else an error message to re-enter the admin id and                         password is shown

Test case 2: User is created

' Admin can create user by providing his personal information like user id, name, password, e-mail id etc.,

' The system check the user id already exists or not.

' If the user id doesn't exists user is successfully created and the user id, password, and the rank is mailed     to the users e-mail id else user id should be changed to create a new user.

Test case 3:  User Login

' User login to the system using his user id and password.

' System check for match of user id and password.

' If match is correct then user home page is displayed else a error message to re-enter the user id and password is shown.

Test case 4: File Upload

' User selects a file to upload it to cloud storage.

' The system checks whether file already exists, if exists it checks the rank and if it is higher than the previous rank the file is replaced else error message is displayed saying you don't have right to replace the file.

' If file doesn't exist then the user is asked to enter a rank to give file access permission.

Test case 5: File Download

' User chooses a file to download.

' System checks the access permission of the file; if he has permission then he can download else he will get a fake file.


In our work, we have proposed a deniable ABE scheme to build an audit-free cloud storage service. The deniability feature makes unauthorized users invalid, and the property of ABE ensures secure cloud multiple user data sharing with access control. Our work provides a scheme to ensure user to share data with different priorities of rank. Rank is an attribute of a user. The scheme also provides a possible way to fight against unauthorized interference with the right of privacy by providing the fake data while decryption of the cipher text, If rank do not match and these schemes can be created to protect cloud user privacy. The idea of the proposed replication technique is to provide data security by giving set of privileges to the users to perform duplicate check of the files that are outsourced on the cloud and make a copy of it in another cloud for backup from which a user can store his data in cloud without any auditing on the storage frequently.


[1]   PO-Wen Chi and Chi-Laung Lei, Member, IEEE, 'Audit-Free Cloud Storage via Deniable Attribute-Based        Encryption', IEEE Transaction on Cloud Computing, 2015.

[2]   Wired. (2014) Spam suspect uses google docs; fbi happy.


[3]   Wikipedia. (2014) Global surveillance disclosures (2014present). [Online]. Available surveillance disclosures (2014-present)     

[4]   (2014) Edward snowden. [Online]. Available: Snowden

[5]   R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky, 'Deniable Encryption,' in Crypto, 1997, pp. 90'104.        

[6]  C.Anusha, M.Srilakshmi, Dr. S.Prem Kumar 'Audit Free Cloud Storage via Deniable attribute based Encryption', in International Journal of Computer Engineering In Research Trends,2015, pp. 722-726.

[7]   A. Sahai, H. Seyalioglu, and B. Waters, 'Dynamic credentials and ciphertext delegation for Attribute-based encryption,' in Crypto, 2012, pp. 199'217.          

[8]   Dr. T Ramaprahu, S priya. 'An Auditing-free Cloud Storage Using Control Attribute Based Encryption', in '' IJIRCCE 2016, DOI: 10,15680/IJIRCCE.2016.0407141.

 [9] Cheng-Chi Lee, Pei-Shan Chung and Min-Shiang Hwang 'A Survey on Attribute Based Encryption Scheme of Access Control in Cloud Environment', in international journal of Network Security, 2013, pp. 231-240.

[10]  P. Lokesh Kumar Reddy, B. Rama Bhupal Reddy, S. Rama Krishna, 'Deniable Encryption key' in IOSR-JCE, 2013, pp. 08-12.

 [11]  S. Hohenberger and B. Waters, 'Attribute-based   encryption with fast decryption,' in Public Key  Cryptography, 2014, pp. 162'179.

[12]  V. Goyal, O. Pandey, A. Sahai, and B. Waters, 'Attribute-based encryption for fine-grained access  control of encrypted data,' in ACM Conference on Computer and Communications Security, 2006, pp.  89'98.

[13]  Minu George, Dr. C. Suresh Gnanadhas, Saranya .K, 'A Survey on Attribute Based Encryption Scheme in Cloud Computing' in ijarcce 2013

[14]  Salini K, Sruthy Manmadhan, 'CP-ABE Secure Data Retrieval', in IJRASET 2015, IC Value: 13.98.

[15] 'Cloud Storage service' [online]. Available:

...(download the rest of the essay above)

About this essay:

This essay was submitted to us by a student in order to help you with your studies.

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, . Available from:< > [Accessed 24.10.19].