ABSTRACT

Security and privacy are very important issues in cloud computing. In existing system access
control in clouds are centralized in nature. The scheme uses a symmetric key approach and does
not support authentication. Symmetric key algorithm uses same key for both encryption and
decryption. We take a centralized approach where a single key distribution center (KDC)
distributes secret keys and attributes to all users. The validity of the user who stores the data is
also verified. Cloud computing’s multi-tenancy feature, which provides privacy, security and
access control challenges, because of sharing of physical resources among untrusted tenants. In
order to achieve safe storage, policy based file access control, policy based file assured deletion
and policy based renewal of a file stored in a cloud environment, a suitable encryption technique
with key management should be applied before outsourcing the data. In this paper we
implemented secure cloud storage by providing access to the files with the policy based file
access using Attribute Based Encryption (ABE) scheme with RSA key public-private key
combination. Private Key is the combination of the user’s credentials. So that high security will
be achieved. Time based file Revocation scheme is used for file assured deletion. When the time
limit of the file expired, the file will be automatically revoked and cannot be accessible to
anyone in future. Manual Revocation also supported. Policy based file renewal is proposed. The
Renewal can be done by providing the new key to the existing file, will remains the file until the
new time limit reaches. In any case, in completing thus, these results unavoidably present a
substantial processing overhead on the data possessor for key distribution and data
administration when fine-grained data access control is in demand, and subsequently don't scale
well. In the proposed scheme, the cloud adopts an access control policy and attributes hiding
strategy to enhance security. This new scheme supports secure and efficient dynamic operation
on data blocks, includ-ing: data update, creation, modification and reading data stored in the
cloud. Moreover, our authentication and access control scheme is decentralized and robust,
unlike other access control schemes designed for clouds which are centralized. We also provide
options for file recovery.

To overcome the issue there is lot of procedures and techniques to make secure transaction and storage.go way. Net banking and so forth… are given on the Internet such that customers can utilize them from anyplace at any time. confidentiality and integrity. Numerous services like email. which gives security to the clients to conceal their details from other clients of that cloud. They can archive their data backups remotely to third party cloud storage providers rather than maintain data centers on their own. Service-Oriented Architectures (SOA) and virtualization. It is a new business solution for remote reinforcement outsourcing. To accomplish secure data transaction in cloud. The data possessor must encrypt the record and then store the record to the cloud. The three points of this issue are availability. as it offers a reflection of interminable storage space for customers to have data reinforcements in a pay-as-you.INTRODUCTION Cloud computing is a promising computing model which currently has drawn far reaching consideration from both the educational community and industry. cloud computing is viewed all things considered a computing model in which assets in the computing infrastructure are given as services over the Internet. Security and privacy assurance in clouds are analyzed and tested by numerous researchers. It helps associations and government offices fundamentally decrease their financial overhead of data administration. suitable cryptography method is utilized. So the cloud server doesn’t know the details of the client. they may see the record if they had the key which is utilized to decrypt the encrypted record. By joining a set of existing and new procedures from research areas. since they can now store their data reinforcements remotely to third-party cloud storage suppliers as opposed to keep up data centers on their own. for example. An individual or an organization may not require purchasing . Remote backup system is the advanced concept which reduces the cost for implementing more memory in an organization. Anonymous authentication is the procedure of accepting the client without the details of the client. Now a days cloud computing is a rationally developed technology to store data from more than one client. how the security and protection are accessible for the outsourced data turns into a genuine concern. Once in a while this may be failure because of the technology improvement and the programmers. Cloud computing is an environment that enables users to remotely store their data. Indeed cloud storage is more adaptable. It helps enterprises and government agencies reduce their financial overhead of data management. Assuming that a third person downloads the record.

If a third person downloads the file. To secure data. suitable cryptography method is used. he/she may view the record if he/she had the key which is used to decrypt the encrypted file. most systems use the variety of techniques. how the security and privacy are available for the outsourced data becomes a serious concern.the needed storage devices. There are three objectives to be main issue Confidentiality – preserving authorized restrictions on information access and disclosure. including: . The main threat accomplished when storing the data with the cloud. To achieve secure data transaction in cloud. The data owner must encrypt the file and then store the file to the cloud. Availability – ensuring timely and reliable access to and use Fig1: Example diagram for data sharing with cloud storage. Instead they can store their data backups to the cloud and archive their data to avoid any information loss in case of hardware / software failures. Integrity – guarding against improper information modification or destruction. Sometimes this may be failure due to the technology development and the hackers. Even cloud storage is more flexible.

most hackers don't have access to the magnitude of computer processing power they would have to decrypt information.the customer lists the people who are authorized to access information stored over the cloud system. To decode the encrypted files. While many cloud storage systems make sure you address this concern through redundancy techniques. .  Authorization practices -. very easy have much of a chance there are far too many other available choices available over the market. It's in each company's desires to provide one of the most secure and reliable service possible. there's still the possibility that a complete system could crash as well as leaving clients without any method of accessing their saved data. whilst the head of recruiting would've extensive authority to access files. No one wants in order to save data towards a failure-prone system. The opposite big concern.  Authentication processes. a lot of us worry that data saved on an online storage system is vulnerable. Many corporations have multiple numbers of authorizations. Hackers might also endeavour to steal the physical machines on which data are stored. nor do they need to trust a business that's not financially stable. a front-line employee would've restricted authority to access data stored about the cloud system. Like. If a business can't meet these basic client expectations. is simply as important as security. Encryption. You can the possibility that a hacker just might discover searching for back entrance and access data. Cloud storage companies invest a ton of money in security measures so as to limit the chance of data theft or corruption. Even with your protective measures positioned. Cloud storage companies live and die by their reputations. which translates to mean they choose an intricate algorithm to encode information. an individual needs the encryption key. which require creating an individual name and password. reliability. A disgruntled employee could alter or destroy data using the authenticated user name and password. While you can crack encrypted information. An unstable cloud storage system is mostly a liability.

a new decentralized access control scheme for secure data storage in clouds is proposed. Raju M. Apirajitha In this project. so the security is high compared to the other project. our authentication . Feature of access control in which only valid users are able to decrypt the stored information. Here the attributes and access policy of the users are hidden. creation. policy-based access control and file assured deletion. Lanitha B This paper describes the problems and explores potential solutions for providing long term storage and access to research outputs. Access control scheme for secure data storage in clouds that supports anonymous authentication. S Divya Bharathy. in which only valid users are able to decrypt the stored information. Moreover. In this scheme asymmetric key concept is used for encryption and decryption. T Ramesh We propose a privacy preserving access control scheme for data storage. In this project authentication scheme is collusion secure and protects privacy of the user. so the security is high. Moreover our authentication and access control scheme is decentralized and robust.LITERATURE SURVEY S. In this scheme the cloud verifies the authenticity of the server without knowing the user’s identity before storing data.S. The added feature of this project is access control. which supports anonymous authentication and performs decentralized key management. modification and reading data stored in cloud. the cloud adopts an access control policy and attributes hiding strategy to enhance security. Ajitha. that support anonymous authentication. includ-ing: data update. This new scheme supports secure and efficient dynamic operation on data blocks. This project prevents replay attacks and supports creation. focusing mainly on research data. modification and reading data stored in the cloud. In the proposed scheme. P. Secure overlay cloud storage system that achieves fine-grained. This scheme also has the added feature of access control in which only valid users are able to decrypt the stored information.

Vijayalakshmi The issue of at the same time accomplishing fine-grainedness. Extensive investigation shows that the proposed approach is highly efficient and secure. We accomplish this goal by exploiting and combining techniques of decentralized key policy Attribute Based Encryption (KP-ABE) . then again. characterizing and implementing access policies based on data qualities.Seenu Iropia. unlike other access control schemes designed for clouds which are centralized. R. and. and data confidentiality of access control really still remains uncertain. permitting the data owner to representative the majority of the calculation undertakings included in fine-grained data access control to un-trusted cloud servers without unveiling the underlying data substance.and access control scheme is decentralized and robust. scalability. This paper addresses this open issue by. We also provide options for file recovery. on one hand. User revocation and access control policies highly contributes to avoid abuse of cloud services and shared technology issues. S. Extensive security and performance analysis shows that the proposed scheme is highly effi-cient and resilient against replay attacks. .

also authenticates users. we extend the previous work with added features which . 1. the authors take a centralized approach where single key distribution center (KDC) distributes secret keys and attributes to all users. In the preliminary version of this paper. a single KDC is not only a single point of failure but difficult to maintain because of large number of users that are supported in a cloud environment. We proposed a distributed access control mechanism in clouds. if that fails then the whole system will shut down. therefore.EXISTING ARCHITECTURE The pictorial overview of the existing architecture is depicted in Fig.The proposed decentralized architecture. If The scheme uses a symmetric key approach and does not support authentication. S Divya Bharathy et al. Unfortunately. who want to remain anonymous while accessing the cloud. It is also quite natural for clouds to have may KDCs in different locations in the world. For example in this project if we use single centralized KDC. However. 1 Single KDC architecture PROPOSED ARCHITECTURE The Single KDC architecture with no anonymous authentication makes it more complicated and it also increases the storage overhead at the single KDC. 2. Centralization lacks reliability. We. Earlier work provides privacy preserving authenticated access control in cloud. Fig. emphasize that clouds should take a decentralized approach while distributing secret keys and attribute to users. The pictorial overview of the decentralized KDC is depicted in Fig.Existing access control architecture in cloud are centralized in nature.

\ . rather two step authentications takes place with the help of the Trusted Party Authenticator (TPA) and Key Distribution Centre (KDC).enables to authenticate the validity of the message without revealing the identity of user who has stored information in the cloud. 2a. 2 Decentralized KDC architecture In this paper. in which user can replace fresh data with stale data from previous write. The proposed architecture consists of the following modules. might no longer be able to write to the cloud. Our scheme is resistant to replay attacks. even if it no longer has valid claim policy. The pictorial representation of the overall flow of the proposed architecture is depicted in Fig. The decentralized Key Distribution Centre archi-tecture here considers two KDCs. Fig. This is an important property because a user. we also address user revocation. revoked of its attributes. We use attribute based signature scheme to achieve authenticity and privacy. The cloud au-thenticates the user even without knowing the original identity of the user. The user who is the file owner has a collection of files stores the files in cloud server in the form of encrypted files and with indexing.

With the public key and private key the file will be encrypted and uploaded into the cloud. the file will be downloaded to the user. If a user wants to download the file he/she would be authenticated. Then the user may decrypt the file using the login credentials given by the user and the public key provided by the key manager. Still the user cant able to read the file contents. The user may choose any one question from two security levels. Otherwise new public key will be generated. He / she should request the public key to the key manager. The private key for encrypt the file was generated with the combination of username. The client can revoke the policy and renew the policy due to the necessity. Then the user was asked to answer two security levels with his/her choice. According to the authentication. After generating the private key the client will request to the key manager for the public key. which is provided by the user. Each security levels consist of 5 user selectable questions. Fig2: Overall system diagram. If the authentication succeeded.SYSTEM ARCHITECTECTURE First the client was authenticated with the username and password. password and the answers for the security level questions. If the policy matches with the file name then same public key will be generated. the key manager will produce the public key to the user. . The key manager will verify the policy associated with the file.

meaning that there can be several KDCs for key management. The private key is maintained by client itself. meaning that no two users can collude and access data or authenticate themselves.  The architecture is decentralized. Private Key: It is the combination of the username. Public Key: The Public key is a random generated binary key. A writer whose attributes and keys have been revoked cannot write back stale information. Each has its own renew key. Used for encrypt / decrypt the file.  Revoked users cannot access data after they have been revoked.  The proposed scheme is resilient to replay attacks. The renew key is used to renew the policy of each necessary file at easy method.  The identity of the user is protected from the cloud during authentication. The access key is built on attribute based encryption. File access is of read or write.KEY MANAGEMENT Following are the cryptographic keys to protect data files stored on the cloud. . generated and maintained by the Key manager itself. PROPOSED WORK  Distributed access control of data stored in cloud so that only authorized users with valid attributes can access them. password and two security question of user’s choice. Particularly used for encryption/ decryption. Renew key: Maintained by the client itself. Access key: It is associated with a policy.  The protocol supports multiple reads and writes on the data stored in the cloud.  The access control and authentication are both collusion resistant. if they are individually not authorized. Private access key is maintained by the client.

Encryption / Decryption We used RSA algorithm for encryption/Decryption. Then the file is encrypted with the public key and private key and forwarded to the cloud. . Different policies for files. File Upload / Download 1. File Upload Fig3: File uploading process. The client made request to the key manager for the public key. The costs are comparable to the existing centralized approaches. The keys are split up and stored in four different places. and the expensive operations are mostly done by the cloud. Then the client generates a private key by combining the username. which will be generated according to the policy associated with the file. This algorithm is the proven mechanism for secure transaction. Here we are using the RSA algorithm with key size of 2048 bits. A. password and security credentials. If a user wants to access the file he/she may need to provide the four set of data to produce the single private key to manage encryption/decryption. But for same public key for same policy will be generated. public key also differs.

File Download The client can download the file after completion of the authentication process. KEEP YOUR INFORMATION SECURE DURING THE CLOUD Internet cloud services [13]: Services that store your data on the server rather than you are on your hard disk so you have access to it from any Internet-enabled device are more efficient in the . The authenticated client can get the public key. the client request the key manager for public key. As the public key maintained by the key manager. But the cloud doesn’t have any attributes or the details of the user.2. Then the client can decrypt the file with the public key and the private key. Fig4: File downloading process. The users credentials were stored in the client itself. During download the file the cloud will authenticate the user whether the user is valid to download the file.

All we should do is being secure in the end use them. So back boost your protein data. Unexpected system failure could happen should you least expect it. If LastPass was hacked. that's possible. the replacement passwords are usually ship to your e-mail address. Banking sites replace expensive finance applications. complex passwords definitely won't be as speedy to recall. Passwords are made to keep our information safe. Backing up photographs and important documents has never been easier. And next go to each and every site you're registered on and change those passwords. so we often take the easiest way out and use simple passwords that we will never forget. But once they're memorable.past before. A hacker may force the threshold and break your lock. that's really bad. Cloud storage Cloud storage solutions appear in all shapes and sizes. banking. Facebook and everything else. Moreover. focus much more about automatically backing up your important data and storing it. Remembering Passwords are difficult. but still access those accounts by memorizing a unitary password. Amazon's Cloud Drive offers 5 gigabytes of free storage rrncluding a Web interface for uploading your files. LastPass will even help you create randomized passwords that no-one will ever crack. Which means you can produce separate logins for e-mail. cloud storage and any devices you should online. The fact is that. Have a safe area to record your passwords if you can't remember them. they're also all too easy to guess. The perfect passwords combine letters. like SugarSync and Mozy. and not rendering it easy to access . You no longer repeat a password across sites. Other services. numbers and symbols into an unusual configuration. Dropbox offers only a couple gigabytes of free storage. but LastPass has protocols in position to encourage users to change their master passwords in the eventuality of a breach. We also tend to decide on a small number of passwords and use them over and over again for the e-mail. Twitter. The more complicated your password is. It's true. validation tools like IP and e-mail address verification cause it to difficult a great impostor to log-in in your LastPass account. someone could easily gain usage of your e-mail account. LastPass is really a password management utility that locks your whole unique passwords behind one master password. These are some simple safety tricks of keeping your data secure during the cloud. Facebook. the safer your data will be. In case your password is compromised. They're like locks. WindowsLiveSkydrive is to restore all to easy to view and edit Office documents inside cloud. One last password tip: Don't tell other people your passwords. And change that password.

are you aware that Wi-Fi companies can monitor all traffic for their network. it's much preferable to leave your phone within a bar than to leave your computer there. depending on report. This observation has not been typically restricted to the single application but often involved multiple services: Typically 46 for Windows and 11 for Linux images. together with your private information.000 AMIs both Linux and Windows they will grabbed from data centers in Europe. important for accessing a remote Linux server. Specifically what does protecting your data inside cloud. not to mention to unsolicited connections. The security vulnerabilities[15]: in EC2 (Elastic Compute Cloud) from misuse and mismanagement belonging to the AMIs (Amazon Machine Images). which is. AMIs is virtual images of preconfigured systems and applications. Antivirus software programs are always a clever precaution. Asia. all too easy to avoid. Does the Wi-Fi you use demand password to reach. for the most part. might find themselves left while on an AMI. the researchers analyzed well over 5. a user's password or portion of their own SSH keys. Vulnerability involving leftover credentials. For a five-month period. On the broader scale. not surprisingly. for efficiently deploying services via EC2. it's wise that this would be a weak spot. together with the United States. Internet hazards like viruses are. These vulnerabilities leave users exposed to malware.online. Lock your device [14]: Since cloud computing is increasingly being done on cellular phones. Set your device to turn off after a period of inactivity and demand password to open it back up. Case study found monetary companies security failures of the AMIs they analyzed. Make sure you use a secure network. consistent with a research report titled A Security Analysis of Amazon's Elastic Compute Cloud Service. exactly the same rules apply concerning buying online or creating accounts on new Web pages: Make sure the site is trustworthy. 98 percent belonging to the Windows AMIs and 58 percent belonging to the Linux AMIs contained software with critical vulnerabilities. which malicious hackers should use to collect more knowledge about an AMI's usage and then collect IP target addresses for future attacks by a built-in backdoor. First. we observed that countless images bring software which is well over twenty-four old. but smart browsing is far greater ally. provided by third-party developers plus Amazon it. A . could be the site you're accessing just an http or simply a safer https site? Paying attention to the details of the network or sites you're accessing can certainly create big difference in for sure if your current data gets hacked.

a provider might leave SSH keys or passwords within an AMI. AMIs also might contain exploitable information like browser history. .malicious hacker might leave their own public key intact while on an AMI so that they can log on to any running instance of the style down the road. credential information as a DNS management password. which in turn can be exploited from a malicious third party. through which a hacker can extract. which often can reveal private information about a user. A picture provider could simply delete this sensitive information before you make an AMI public again. or shell history. Additionally.

One limit is that the cloud knows the access strategy for each one record saved in the cloud. Using the technique we can avoid the number of wrong hits during authentication. The files are associated with file access policies. The renew key is added to the file. .CONCLUSION We propose secure cloud storage using decentralized access control with anonymous authentication. The cloud does not know the identity of the client who saves data. Uploading and downloading of a file to a cloud with standard Encryption/Decryption is more secure. that used to access the files placed on the cloud. The policy renewal is made as easy as possible. which gives client renouncement also prevents replay attacks. Whenever the user wants to renew the files he/she may directly download all renew keys and made changes to that keys. Revocation is the important scheme that should remove the files of revoked policies. Create a random delay for authentication. however just checks the client's certifications. so the hacker can confuse to identify the algorithm. We have introduced a decentralized access control system with anonymous authentication. then upload the new renew keys to the files stored in the cloud. Key dissemination is carried out in a decentralized manner. In future the file access policy can be implemented with Multi Authority based Attribute based Encryption. So no one can access the revoked file in future.

G. I.Lou. and R.edu/craig. A. K. Wang. and J. D. “A fully homomorphic encryption scheme”.S. [9] Sushmita Ruj. Vol. . A. P.C. Griffith. Lui and Radia Perlman. Konwinski.crypto.Gentry.2. 2011 [7] A. Stanford University. Liu. Wu.” in ACM CCS. [11] C. Q. Zaharia. 53(4):50–58. Y. Perlman. Armbrust. 220-232.C. “DACC: Distributed access control in clouds. http://www.“Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds”.S.” in IEEE TrustCom. John C.S. Apr 2010. “File System Design with Assured Delete. IEEE Transcations on dependable and secure computing.D. Lee. 735–737. Comm. no. Network and Distributed System Security Symp. IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS [2] Yang Tang. “FADE: Secure Overlay Cloud Storage with File Assured Deletion.C. P. Lee. D. “A Secure Cloud Backup System with Assured Deletion and Version [8] M. . R.Ren. dissertation. 5. Rahumed. 2012. A View of Cloud Computing. Lee. ISOC (NDSS). J. Perlman.P. 2007 [6] Ruj. Patrick P. Nayak. A. H. Stoica.stanford. Networks (SecureComm). [10] Wang. of the ACM. R. Stojmenovic. and J. “Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds”.Cao and W. [3] G. IEEE T. Katz.C. Lee. “Secure Overlay Cloud Storage with Access Control and Assured Deletion”. Milos Stojmenovic and Amiya Nayak. Lui.” Proc.REFERENCES [1] S Sushmita Ruj. and I. A. 2010 [5] R.” Proc. Chen. “Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. Ph. pp. pp. Milos Stojmenovic and Amiya Nayak. Tang. N.Services Computing. and M. Lui. Patterson.P. A. “Toward Secure and Dependable Storage Services in Cloud Computing”.Wang.C.H. Fox. Q. Rabkin. IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS.Security and Privacy in Comm.C. 2009. 2010 [4] Y. Sixth Int’l ICST Conf. Tang. Joseph.