Fine Grained Security in Cloud with Cryptographic Access Control
ABSTARCT :
Fine-grained access control schemes are commonly used in cloud computing. In this type of schemes, each data item is given its own access control policy. The entity that wants to access the data item needs to provide its credentials to a policy enforcer. In a cloud environment, normally, the policy enforcer is not the owner of the data. The access control policies and the credentials might reveal some information that the policy enforcer is not entitled to know. This paper proposed a finegrained access control scheme. It prevents the policy enforcers from comprehending the access control policies and the entities’ credentials by using cryptographic techniques. Compared with the existing schemes, the proposed scheme provides higher level privacy.
EXISTING SYSTEM :
? Attribute-based encryption (ABE) is well suited for finegrained access control for data residing on a cloud server. However, existing approaches for user revocation are not satisfactory.
? However, existing homomorphic encryption schemes do not allow for fine-grained access control policies.
? A main issue to be addressed when using ABE for encryption of cloud storage is user revocation. In this work we proposed a decryption-capability splitting approach for user revocation, which is advantageous over existing solutions.
? Data residing on a cloud storage need to be encrypted in order to safeguard their secrecy against the untrusted cloud provider , and to serve as an access control mechanism where a user’s decryption capability is assigned according to the access control policy.
DISADVANTAGE :
? To avoid the problems mentioned above, the contents of the credentials and the policies should be made incomprehensible to the policy enforcers.
? The problem with the existing fine-grained access control schemes is that the access control policies are not entirely hidden from the policy enforcers.
? The owner of the data issues credential certificate to an entity. The credential certificate states the attributes that the owner assigns to the entity.
? This assumption is reasonable as, during service negotiation, GreenCar would issue the relevant credentials to Sparky to allow Sparky to access the data that are needed by Sparky’s contract.
PROPOSED SYSTEM :
• To gauge its performance, we have implemented and experimented with our proposed scheme.
• Our proposed scheme distinguishes itself from all the above work because the computation at the user side is lightweight, independent of the complexity of the access control policy of the underlying ABE scheme.
• We further proposed a concrete scheme instantiating the approach, which is featured with lightweight computation at the user side such that users can use resource-constrained devices to access cloud data.
• We propose a concrete scheme instantiating the approach, which features lightweight computation at the user side.
ADVANTAGE :
? The tracking mechanism is also used to inform the service providers of the revoked credential certificates.
? Then, the policies or the attributes of the entities are used to decrypt the data.
? In order to encrypt or decrypt the information, the attributes that are used to encrypt the data must be attached to the encrypted data.
? Compared with the existing schemes, the proposed scheme provides a higher level of security, and it is more efficient and flexible than the existing schemes that hide policies and credentials.
? In these approaches, attribute-based encryptions are used to encrypt data. The encrypted data can only be decrypted by the clients who possess the desired attributes. Encryption-based access control is designed for storing data on storage service providers.
|