Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks

   October 15, 2013    Comments Off on Attribute-Based Access to Scalable Media in Cloud-Assisted Content Sharing Networks    Posted in: Final year projects

Abstract:

In this paper presents a novel Multi-message Ciphertext Policy Attribute-Based Encryption (MCP-ABE) technique, and employs the MCP-ABE to design an access control scheme for sharing scalable media based on data consumers’ attributes (e.g., age, nationality, gender) rather than an explicit list of the consumers’ names. The scheme is efficient and flexible because MCP-ABE allows a content provider to specify an access policy and encrypt multiple messages within one cipher text such that only the users whose attributes satisfy the access policy can decrypt the cipher text. Moreover, the paper shows how to support resource-limited mobile devices by offloading computational intensive 10 operations to cloud servers while without compromising data privacy.

Existing System

In Existing System, there are multiple owners who may encrypt according to their own ways, possibly using different sets of cryptographic keys. Letting each user obtain keys from every owner who’s records she wants to read would limit the accessibility since patients are not always online. An alternative is to employ a central authority (CA) to do the key management on behalf of all record owners, but this requires too much trust on a single authority (i.e., cause the key escrow problem). Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees’ private communications, or governments, who may wish to be able to view the contents of encrypted communications.

Proposed system

In proposed System, proposed an information management architecture using CP-ABE and optimized security enforcement efficiency. Furthermore, they employed the architecture and optimization method on two example applications:
An HIPAA (Health Insurance Portability and Accountability Act) compliant distributed file system and a content delivery network.
An approach to access control in content sharing services is to empower users to enforce access controls on their data directly, rather than through a central administrator. However, this requires flexible and scalable cryptographic key management to support complex access control policies. A native access control solution is to assign one key for each user attribute, distribute the appropriate keys to users who have the corresponding attributes, and encrypt the media with the attribute keys repeatedly.

Modules
1. Registration
2. Attribute oriented access control
3. One-way hash function
4. Cipher-text policy attribute-based encryption

Modules Description

Registration

In this module normal registration for the multiple users. There are multiple owners, multiple AAs, and multiple users. The attribute hierarchy of files – leaf nodes is atomic file categories while internal nodes are compound categories. Dark boxes are the categories that a PSD’s data reader has access to.

• PUD – public domains
• PSD – personal domains
• AA – attribute authority
• MA-ABE – multi-authority ABE
• KP-ABE – Key Policy Attribute based Encryption
• MCP-ABE – Multi-message Cipher-text Policy Attribute-Based Encryption

Attribute oriented access control

In this Module, supports fine-grained access control policies and dynamic group membership6 by using CP-ABE scheme. In addition, is able to revoke a user without issuing new keys to other users or re-encrypting existing cipher-texts by using a proxy.
KP-ABE (Key Policy Attribute based Encryption) to enforce access policies based on data attributes. Their scheme allows data owners to delegate most of the computation tasks involved in fine-grained data access control to untrusted cloud servers without disclosing the underlying data contents by combining techniques of attribute-based encryption, proxy re-encryption, and lazy re-encryption an information management architecture using CP-ABE and optimized security.

One-way hash function

In this Module, usually for security or data management purposes. The “one way” means that it’s nearly impossible to derive the original text from the string. A one-way hash function is used to create digital signatures, which in turn identify and authenticate the sender and message of a digitally distributed message.

Cipher-text policy attribute-based encryption

In this Module, every user’s personal secret key is associated with a set of attributes while every ciphertext is associated with an access policy. A user successfully decrypts a ciphertext only if her set of attributes satisfies the access policy specified in the ciphertext. We briefly describe the CP-ABE.
We will extend this CP-ABE scheme to MCP-ABE scheme and use the latter in our access control scheme.
• AB-Setup
It is an initialization algorithm run by an Attribute Authority (AA). It takes as input a security and outputs a public key PK and a master secret key.
• AB-Keygen
It is run by AA to issue a personal secret key to a user. It takes as input MK and the set of attributes A of the user, and outputs the personal secret key SK associated with Specifically, for each user.
• AB-Encrypt
Data owner to encrypt a message according to an access tree.
• AB-Decrypt
Data consumer in possession of a set of attributes A and the secret key SK in order to decrypt the cipher-text CT with an access policy.

SYSTEM SPECIFICATION
Hardware Requirements:

• System : Pentium IV 2.4 GHz.
• Hard Disk : 80 GB.
• Ram : 1 Gb.

Software Requirements:
• Operating system : Windows 7 Ultimate
• Front End : VS2010
• Coding Language : ASP.Net with C#
• Data Base : SQL Server 2008

  

Comments are closed.