Secure Fine-Grained Access Control

And Data Sharing For Dynamic Groups

In Cloud
BATCH: C9
G. Bhagya sree (15D21A05D1)
K. Shravani (15D21A05D9)
CH. Srinidhi (15D21A05C4)
N. Pavani (15D21A05E8)

INTERNAL GUIDE
Mrs. D. Madhavi
Assistant Professor
 Abstract

• Defining and enforcing access policies based on the

attributes of the data. Permitting the key generation center
to efficiently update user credentials for dynamic user
groups.
• Specifically, we first design an efficient revocable attribute-
based encryption (ABE) scheme with the property of
cipher text delegation by exploiting and uniquely
combining techniques of identity-based encryption, ABE,
subset-cover framework, and cipher text encoding
mechanism.
• We then present a fine-grained access control and data
sharing system for on-demand services with dynamic user
groups in the cloud. The experimental data shows that our
proposed scheme is more efficient and scalable than the
state-of-the-art solution.
 Introduction
• CLOUD computing is widely accepted as a new computing
paradigm due to its intrinsic resource-sharing and low
maintenance characteristics.
• In cloud computing, the CSPs, such as Amazons EC2 and
S3, Google App Engine, and Microsoft Azure, are able to
deliver various services, including software as a service
(SaaS), platform as a service (PaaS) and infrastructure as a
service (IaaS), to cloud users.
• By migrating the local data management system into cloud
storage, users can enjoy cost savings and productivity
enhancements by using cloud-based services to manage
projects and establish collaborations.
• With the increasing development of cloud computing
technologies, it is not hard to imagine that in the near
future more and more businesses will be moved into the
cloud.
 Literature Survey

• V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-

based encryption for fine-grained access control of
encrypted data,” in 2006.
• G. Ateniese, K. Fu, M. Green, and S. Hohenberger,
“Improved proxy re-encryption schemes with applications
to secure distributed storage,” in NDSS, 2005.
• S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure,
scalable, and fine-grained data access control in cloud
computing,” in INFOCOM, 2010.
 Existing System

• CSPs are not fully trusted by users while the data files
stored in the cloud may be sensitive and confidential. To
address this issue, a basic solution is to encrypt data, and
then uploads the encrypted data into the cloud.
• However, the traditional encryption mechanisms are not
efficient or flexible for data sharing in the cloud.
• In order to achieve optimal usage of storage resources, it is
desirable to use advanced encryption mechanisms allowing
the data to be shared at a fine grained level.
Disadvantages

• User credentials being stolen/compromised/misused.

• User revocation is a critical security issue.
• Sharing cloud data among authorized users at a fine-
grained level is still a challenging issue
 Proposed System

• Revocable attribute-based encryption (RABE)

supporting cipher text delegation is a useful primitive
for enabling secure data sharing via a third-party storage
service provider such as cloud storage.
• RABE scheme, we present a secure and fine grained
access control and data sharing system for cloud based
on-demand service applications.
• Specifically, we use the cloud-based on-demand movie
streaming as a typical example.
Advantages

• Update cipher texts for handling revocation without any

delegated key and at the same time achieves high
efficiency.
• Original cipher text uploaded by the data owner and hence
it is easier for storage management and maintenance.
SYSTEM REQUIREMENT SPECIFICATION

HARDWARE REQUIREMENTS
• System : Intel core i3 or above.
• Hard Disk : 500 GB.
• Monitor : 15 VGA Color.
• Ram : 4 GB.
SYSTEM REQUIREMENT SPECIFICATION

SOFTWARE REQUIREMENTS
• Operating system : Windows 7 or above.
• Programming Language : HTML,CSS,JAVA/J2EE
• IDE : Eclipse Oxygen 3.0
• Database : MYSQL 5.5.50
System Architecture
 Modules

Here we have 4 modules

• Admin
• Data Owner
• End User
• File Security Module
Admin
• Admin can view all users and files.
• Admin has the right to give access permissions to data
owner, end user.
• If any user or data owner trying to modify the contents of a
file without having the write permission, then that user will
be revoked by the admin.
Data Owner
• Data owner will upload the file in the cloud.
• While uploading a file into the cloud, the algorithm will
generate a key.
• Data owner stores the generated key.
End user
• If the user wants to access the file stored in cloud, then he
will send a request for the secret key to the admin.
• End user can view the file shared by the owner.
• End user can download the file
File security
• Encrypting the data file.
• File stored in the cloud can be deleted by the admin or the
data owner.
Data Flow Diagram
UML Diagrams

Class Diagram
Admin use case diagram
Data Owner use case diagram
End user use case diagram
Sequence Diagram
Activity Diagram
Algorithms
• In Attribute-based encryption (ABE) a user’s
private-key is associated with a set of attributes.
• A user will be able to decrypt a ciphertext, if and
only if his attributes satisfy the policy of the
respective ciphertext.
• Revocable attribute-based algorithm(RABE) is
used to revoke the user.
 TESTING

• Testing is the process of trying to discover every

conceivable fault or weakness in a work product.
• Objectives of testing are all field entries must work
properly, pages must be activated from the identified link,
the entry screen, messages and responses must not be
delayed.
• Features to be tested are verify that the entries are of the
correct format, no duplicate entries should be allowed, all
links should take the user to the correct page.
 TEST CASES
S.NO Test Scenario Input Expected Output Result
Output

1 Verifying the Choose a File uploaded File uploaded Pass

functionality of file to Successfully Successfully
uploading a file by upload in
group member the cloud

2 Verifying the Upload a Key generation Key is Pass

functionality of file for the file generated for
generating a key for a the file
file

3 Verifying the Click on the We should get alert message is Pass

functionality of revoke alert message generated to
revoking an account. account whether to confirm whether
button delete an to delete an
account or not account or not
RESULTS
CONCLUSION

• Revocable attribute-based encryption (RABE) supporting

ciphertext delegation is a useful primitive for enabling
secure data sharing via a third-party storage service
provider such as cloud storage.
• We provided formal security proofs for our proposed
schemes and performed experiments to demonstrate that
our new schemes are indeed more efficient than the
previous solution.
• We also presented a fine-grained access control and data
sharing system for on-demand services based on the
proposed RABE scheme.
 REFERENCES

• A. Sahai and B. Waters, “Fuzzy identity-based encryption,”

in Proc. Annu. Int. Conf. Theory Appl. Cryptogr. Techn.,
2005.
• V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-
based encryption for fine-grained access control of
encrypted data,” in Proc. ACM Conf. Comput. Commun.
Secur., 2006.
• G. Ateniese, K. Fu, M. Green, and S. Hohenberger,
“Improved proxy re-encryption schemes with applications
to secure distributed storage,” in Proc. NDSS Symp., 2005.
THANK YOU