Anonymous authentication for secure data storage in clouds
Abstract—We propose an anonymous authentication for secure data storage in clouds for different departmental activities of an institute. In this scheme, the cloud verifies the authenticity of the user without knowing the user’s identity before storing data, also has the feature of access control in which only valid users are able to decrypt the stored information. Along with access control user revocation is also done that is existing user can be removed and cannot further access the data stored in cloud. The cloud storage is distributed. The cloud storage can distributed according to the requirement of the organization. System is very useful for sending messages anonymously. But only authorized user can do so i.e. anonymous but valid user only can send messages. This makes cloud computing a more secure approach. The scheme also gives the feature of text filtration which eliminates the meaningless words to optimize cloud storage. Moreover, our scheme gives the feedback policy needed for the performance improvement with different parameters anonymously. The main focus is on anonymous authentication so that one can give valid feedback, complains without revealing once identity. We aim to promote paperless work by means of e-notices. This approach can prove helpful for government and non government organizations.
Keywords: Access control, Authentication, Attribute-based signatures, Attribute-based encryption, Cloud storage, Text filtering.
In today's high technology environment, organizations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organizations will identify information as an area of their operation that needs to be protected as part of their system of internal control. In today's high technology environment, organizations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organizations will identify information as an area of their operation that needs to be protected as part of their system of internal control.
It is vital to be worried about information security because much of the value of a business is concentrated in the value of its information. Information is, as Grant says, the basis of competitive advantage it is vital to be worried about information security because much of the value of a business is concentrated in the value of its information.Information is, as Grant says, the basis of competitive advantage.
The purpose of information security policies is to preserve:
1. Confidentiality:-Data is only accessed by those with the right to view the data.
2. Integrity:-Data can be relied upon to be accurate and processed correctly.
3. Availability:-Data can be accessed when needed.
Failure to comply with the requirements of these Information Security Guidelines may lead to disciplinary action.
More and more organizations are moving towards cloud storage rather than traditional schemes. Cloud has been boon to the organizations as the servers and its maintenance is looked after by cloud vendors. Cloud is fairly secure.
But cloud computing poses privacy concerns because the service provider can access the data that is on the cloud at any time. It could accidentally or deliberately alter or even delete information. Many cloud providers can share information with third parties if necessary for purposes of law and order even without a warrant. That is permitted in their privacy policies which users have to agree to before they start using cloud services. Solutions to privacy include policy and legislation as well as end users' choices for how data is stored. Users can encrypt data that is processed or stored within the cloud to prevent unauthorized access.
There is the risk that end users don't understand the issues involved when signing onto a cloud service (persons sometimes don't read the many pages of the terms of service agreement, and just click "Accept" without reading). Fundamentally private cloud is seen as more secure with higher levels of control for the owner,however public cloud is seen to be more flexible and requires less time and money investment from the user. So it’s extremely important to make cloud a secure approach.
So, we propose a decentralized and distributed scheme for cloud storage which can potentially cope up with the above issues. Decentralized scheme makes the system robust as single point of failure is bottleneck in centralized systems. Distributed cloud storage can reduce the overheads in significant amount. A separate cloud for every single department in an organization can be made. Our system anonymously authenticates user i.e. checks for valid user without revealing its identity. Then the user is able to store that data on cloud. For security purpose, the data is encrypted before storing it on cloud. The keys are distributed to those users whom the data owner has given the rights to view or modify the data. Access control restricts the unauthorized users from viewing or modifying the data. In order to prevent the use of invalid language in the message text filtering mechanism is incorporated. This will disallow use of improper words and text in the message. Message integrity will be user related issue i.e. depending upon the user. The users will be able to upload, download and view files and messages on cloud if they have the proper access right and key to do so. Sharing of message can be done using this system. Complaints can be posted without revealing the identity. This all will promote paperless work.
Aims
Our proposed system consists of cloud server or a trustee, a KDC that is key distribution center. KDC's are decentralized. Decentralization prevents the bottleneck of single point of failure. There exist different clouds for each individual department. So the higher authorities can send respective information to respective department clouds. Default access to this information is to head of the department like manager. Access can be further granted as per the wish of the creator. Same is the case with members of the department. They can upload the complaint, feedback or information on their departmental cloud anonymously without revealing their identity based on their attributes like department id or name of department, etc. Also can give access control to the data which means who can view, modify this data. The administrator which is highest authority can search on departmental cloud for the data which it has given the access.
The data will be encrypted on the user end and uploaded on cloud. But first user will get a token from the trustee who authenticates the user and gives token. KDC will authenticate the token and keys will be generated along with the access rights.
The information stored on the cloud is sensitive like medical records in healthcare and personal data in social networks. In cloud computing very big issue is of security and privacy. User’s privacy is must. But at the same time security too is important as information in wrong hands may cause damage to the data as well as to the person who owns the data. So user should be authenticated to provide security. Also, it must be ensured that cloud does not alter the data to preserve its privacy as well as integrity.
User privacy is required in cloud. By using privacy the cloud or other users do not know the identity of the other user. The cloud can hold the user accounts for the data in cloud, and likewise, to provide services the cloud itself is accountable. The validity of the user who stores the data is also verified. There is also a need for law enforcement apart from the technical solutions to ensure security and privacy.
Security and integrity of the data on the cloud is another important issue. The cloud is prone to data modification and server colluding attacks. The adversary can compromise storage servers in server colluding attack, so that server can modify data files even though the servers are internally consistent. The data needs to be encrypted to provide secure data storage. However, the data is often modified and this dynamic property needs to be taken into account while designing efficient secure storage techniques.
Efficient search on encrypted data is also an important fear in clouds. The clouds should not know the query but it can able to return the records that satisfy the query. Searchable encryption is used to achieve this scheme.
Users Authentication scheme using public key cryptographic techniques in cloud computing can be used. Many homomorphic encryption techniques have been optional to ensure that the cloud is not able to read the data while performing computations on the data. By using this encryption scheme, the cloud receives cipher text of the data and performs computations on the cipher text and returns the encoded value of the result to user then the user is able to decode the result, even though the cloud does not know what data it has operated on. In such circumstances, it must be probable for the user to verify that the cloud returns correct results.
Maintaining accountability i.e. keeping track of the operations performed by different users is also important in the scenario of cloud computing. Neither the clouds nor users should deny any operations performed or requested. So, it is important to have log of the transactions performed.
In 2006 A. Sahai and B. Waters, worked on Fuzzy Identity-Based Encryption. In Identity Based Encryption scheme, a user has a set of attributes in addition to its unique ID. A Fuzzy IBE scheme can be applied to enable encryption .In Fuzzy scheme biometric input used as identity. The advantage of that scheme was it was error tolerant. It was proved to be secured against collusion attacks. [1]
Another scheme named as "Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data "was introduced same year. In that scheme, the sender has an authorization to encrypt information. A revoked attributes and keys of users cannot write again to stale information. The attribute authority receives attributes and secret keys from the receiver and he/she is able to decrypt information if it has matching attributes. The main advent of that scheme was distribution of audit log information was present. [2]
Improvements kept coming after that scheme. Cipher text-Policy Attribute-Based Encryption was one of them. By using this approach the receiver has the access policy in the form of a tree. The tree contained attributes as leaves and monotonic access structure with AND, OR and other threshold gates. Advantages were encrypted information could be kept confidential even if the storage server was untrusted. Plus, it was secure against collusion attacks. [3]
In 2007 M. Chase, worked "Multi-Authority Attribute Based Encryption". This scheme describes several Key Distribution Authorities (coordinated by a trusted authority) which distribute attributes and secret keys to users. Multi authority Attribute Based Encryption protocol which requires no trusted authority which requires every user to have attributes from at all the KDCs. The fact that it allowed more number of attributes was the biggest advantage. [4]
Decentralizing Attribute-Based Encryption scheme came to the picture. The scheme where users could have zero or more attributes from each authority and did not require a trusted server. Collusion resistant was there which proved as an advantage. [5]
In 2011 M. Green, S. Hohenberger, and B. Waters, worked on "Outsourcing the Decryption of ABE Ciphertexts," .This paper subcontract the decryption task to a proxy Server, so that the user made computation on minimum resources like hand held devices. The user being able to significantly save bandwidth, without raising the number of transmission was biggest advantage. [6]
Attribute-Based Signatures: Achieving Attribute-Privacy and Collusion-Resistance was introduced. In that, to ensure anonymous user authentication ABSs were introduced. This was also a centralized approach. The user significantly saved decryption time, without raising the number of transmissions. [7]
In Attribute-Based Signatures importance of abs was outlined along with its use. This method takes a decentralized approach and provides authentication without disclosing the identity of the users. Advantages were security against a malicious attribute authority. [8]
There also exists a decentralized access control scheme for secure data storage in cloud that supports anonymous authentication. In that scheme, the cloud verifies the authenticity of the user without knowing its identity before storing data. It also has the added feature of access control in which only valid users are able to decrypt the stored information. The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. Moreover, authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized.
The cloud verifies the authenticity of the user without knowing the user’s identity before storing information. The scheme also has the added feature of access control in which only valid users are able to decrypt the stored information. The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. Moreover, the authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralized approaches.
The scheme not only provides fine-grained access control but also authenticates users who store information in the cloud. The cloud however does not know the identity of the user who stores information, but only verifies the user’s credentials. Key distribution is done in a decentralized way. [9]
So in order to address the issues mentioned above, we proposed a secure model for cloud computing. Currently, our concern is with distributed cloud computing. But our scheme can also prove in centralized model of cloud computing. Attribute based encryption makes our cloud model secure. In that, the data is encrypted using certain attribute of the user or data owner. The users having matching set of attributes can decrypt the data. Access rights ensure that user will access the data he/she has given right off preventing unauthorized users. User revocation is provided so that user cannot further use the cloud. Also user will be unable to view previous data as well which was absent in previous schemes.
We also propose text filtering which is absent in previous schemes. To rectify the various messages from improper use of language and validation of messages it is important to filter the messages. Naïve Bayes algorithm is used to achieve this goal. The Naive Bayes classifier is one of the most basic text classification techniques with various applications in email spam detection, personal email sorting, document categorization, sexually explicit content detection, language detection and sentiment detection. Naive Bayes performs well in many complex real-world problems.