Fuzzy Authorization for ClouStorage
Abstract:
By leveraging and modifying Cipher text-Policy Attribute Based Encryption (CP-ABE) and OAuth, we proposea new authorization scheme, called fuzzy authorization, to facilitate an application registered with one cloud partyto access data residing in another cloud party. The new proposed scheme enables the fuzziness of authorization toenhance the scalability and flexibility of file sharing by taking advantage of the one-to-one correspondence betweenLinear Secret-Sharing Scheme (LSSS) and generalized Reed Solomon (GRS) code. Furthermore, by conductingattribute distance checking and distance adjustment, operations like sending attribute sets and satisfying an accesstree are eliminated. In addition, the automatic revocation is realized with update of TimeSlot attribute whendata owner modifies the data. The security of the fuzzy authorization is proved under the d-BDHE assumption.In order to measure and estimate the performance of our scheme, we have implemented the protocol flow offuzzy authorization with OMNET++ and realized the cryptographic part with Pairing-Based Cryptography(PBC) library. Experimental results show that fuzzy authorization can achieve fuzziness of authorization amongheterogeneous clouds with security and efficiency.
ALGORITHM
Main Procedures of Fuzzy Authorization
In lieu of using symmetric pairing which can only be constructed by some suitable supersingular elliptic
curves, we adopt asymmetric pairing which allows a greater variety of known curves to be used
bilinear pairing is adopted here. Recall that, G1, G2 and GT are cyclic groups of prime order q.Assume that Diffie-Hellman problem is hard in G1. Let φ : G2 → G1 be an efficient computable groupisomorphism. Set g1 = φ(g2). A security parameter, k, determines the size of those three groups
Delegate(SK, _ω): The algorithm takes in a secret key SK with which an attribute set ω is embedded
and another attribute set _ω ⊂ ω. Normally, this algorithm is used by an ASP.
SYSTEM ANALYSIS
EXISTING SYSTEM
The greedy strategy seems to providbetter welfare than the random strategy and at the same time is computationally as efficient.While the runtime for GATA per allocation is around 10seconds, both random and greedy run almost instantlyWe get similar results for the number ofunstable pairs, which are most often lower for the greedystrategy than the random strategy here not sharing the user friend user their our wish of not count for the List of friends the system enablesresourcesharing using social networks without the exchange ofmoney and relying on a notion of trust to avoid freeriding. Like our approach, they use a virtual containerto provide virtualization within the existing virtualmachine instance, however our approach using Seattle’sprogramming level virtualization provides a muchmore lightweight model at the expense of flexibility
PROPOSED SYSTEM
we propose FA which carries out a flexible file-sharing scheme between an owner whostores his/her data in one cloud party and applications which are registered within another cloud party. The
simulation of FA protocol proves that our scheme can successfully adjust the attribute distance, quicklycorrect the unmatched indirect secret shares, resoundingly recover the top secret and then efficiently
perform the decryption for KE. FA’s self-distance-checking ability eliminates sending file attributes toASP and distance-correcting ability omits necessity of performing satisfying the access treeprocedure.
Furthermore, the simulation indicates that with the update of TimeSlot attribute, FA scheme automaticallyinvalidates the authorized reading right from ASP. Comparing to Fuzzy IBE1 and FuzzyIBE2,experimental results also demonstrates that FA reduces the storage consumption when distance is one unitand graph structure. Like Friend List Count Increase their List of view and number of authorization file is less than nine which is the most often occurring situation. The averagetime consumption of protocol collected in our simulation implies that FA is at the same efficiency levelas AAuth.While this work mainly addresses the reading authorization issue on cloud storage, the future work will
aim to solve the security issue arising from writing right accreditation in cloud computing. For the latter,a more rigorous authentication is needed among data owner, ASP and AS, which makes the problem more
challenging.
Advantage
The new scheme enables the fuzziness of authorization toenhance the scalability and flexibility of file sharing by taking advantage of the one-to-one correspondence between
Linear Secret-Sharing Scheme (LSSS) and generalized Reed Solomon (GRS) code List can be increase andDecrease
H could be used. For each new set of share componentsobtained, (28) and (29) can be applied to checkwhether they are the correct share components. Ifsatisfied for a certain set of potential
a data owner stores several PDF files inside Justcloud, which is the top one cloudstorage service providerLater on, data owner wants to merge some of the PDF files
System architecture:
MODULE DESCRIPTION
Access control,
attribute based encryption,
ciphertext-policy,
cloud storage,
fuzzy authorization,
privacy,
.
Access control
Register
In this module new user regiter the information in order to use the Fuzzy AuthorizationEnd users are the one who initiates the flow by giving their registration details, set permissions etc.
Permission Guide
A Permission Guide that guides users through the requested permissions, and shows them a set of recommendations on each of the requested permissions. It is represented by a browser extension that integrates into the authorization process by capturing the scope parameter value within the request URI generated by a third-party application. Once the scope is captured, the extension parses the requested permissions and presents them in a user-friendly manner.
attribute based encryption,
attribute based encryption, Service returns a set of recommendations for the permissions requested by the client.
fuzzy authorization,
1) Overview of the Protocol: There are four main entities in the system as shown in Fig. 1.
Data owner: an entity who stores his/her data inside cloud storage and wishes to utilize cloudapplication services to process the data. A data owner must register with cloud storage provider
and must be logged-in in order to upload, access data or authorize.
• Application service provider (ASP): an entity to be authorized to access cloud storage data. It is an
application software resides in vendor’s system or cloud and can be accessed by users through a webbrowser or a special purpose client software. For example, PDFMerge is an online tool which can
be used to merge several pdf files into one pdf file. With proper authorization, PDFMerge fetchesthe source pdf files from cloud storage. As a result, uploading files from data owner’s local deviceis avoided.
Fuzzy authorization
OAuth uses a mechanism where the roles of third-party applications and resource owners are separated. It does not require users to share their private credentials with third-party applications, instead it issues a new set of credentials for each application. These new set of credentials are per application, and reflect a unique set of permissions to a user’s online resources. In OAuth, these new credentials are represented via an Access Token. An Access Token is a string which denotes a certain scope of permissions granted to an application, it also denotes other attributes such as the duration the Access Token is considered valid. We are mainly interested in the scope attribute within an Access Token. Access Tokens are issued by an authorization server after the approval of the resource owner.
Cloud storage
Cloud storage is simply a term that refers to online space that you can use to store your data. As well as keeping a backup of your files on physical storage devices such as: external hard drives, USB flash drives, etc., cloud storage provides a secure way of remotely storing your important data. Online storage solutions are usually provided using a large network of virtual servers that also come with tools for managing files and organizing your virtual storage space.
.
SYSTEM SPECIFICATION
Hardware Requirements:
System: Pentium IV 2.4 GHz.
Hard Disk : 40 GB.
Floppy Drive: 1.44 Mb.
Monitor : 14’ Colour Monitor.
Mouse: Optical Mouse.
Ram : 512 Mb.
Software Requirements:
Operating system : Windows 7 Ultimate.
Coding Language: ASP.Net with C#
Front-End: Visual Studio 2010 Professional.
Data Base: SQL Server 2008.