TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage
ABSTRACT:
Attribute-based
Encryption (ABE) is regarded as a promising cryptographic conducting
tool to guarantee data owners’ direct control over their data in public
cloud storage. The earlier ABE schemes involve only one authority to
maintain the whole attribute set, which can bring a single-point
bottleneck on both security and performance. Subsequently, some
multi-authority schemes are proposed, in which multiple authorities
separately maintain disjoint attribute subsets. However, the
single-point bottleneck problem remains unsolved. In this paper, from
another perspective, we conduct a threshold multi-authority CP-ABE
access control scheme for public cloud storage, named TMACS, in which
multiple authorities jointly manage a uniform attribute set. In TMACS,
taking advantage of (t; n) threshold secret sharing, the master key can
be shared among multiple authorities, and a legal user can generate
his/her secret key by interacting with any t authorities. Security and
performance analysis results show that TMACS is not only verifiable
secure when less than t authorities are compromised, but also robust
when no less than t authorities are alive in the system. Furthermore, by
efficiently combining the traditional multi-authority scheme with
TMACS, we construct a hybrid one, which satisfies the scenario of
attributes coming from different authorities as well as achieving
security and system-level robustness.
EXISTING SYSTEM:
- Attribute-based Encryption (ABE) is regarded as one of the most suitable schemes to conduct data access control in public clouds for it can guarantee data owners’ direct control over their data and provide a fine-grained access control service. Till now, there are many ABE schemes proposed, which can be divided into two categories: Key-Policy Attribute-based Encryption (KP-ABE) and Ciphertext-Policy Attribute-based Encryption (CP-ABE).
- In KP-ABE schemes, decrypt keys are associated with access structures while ciphertexts are only labeled with special attribute sets. On the contrary, in CP-ABE schemes, data owners can define an access policy for each file based on users’ attributes, which can guarantee owners’ more direct control over their data. Therefore, compared with KP-ABE, CP-ABE is a preferred choice for designing access control for public cloud storage.
DISADVANTAGES OF EXISTING SYSTEM:
- In most existing CP-ABE schemes there is only one authority responsible for attribute management and key distribution. This only-one-authority scenario can bring a single-point bottleneck on both security and performance.
- Once the authority is compromised, an adversary can easily obtain the only-one-authority’s master key, then he/she can generate private keys of any attribute subset to decrypt the specific encrypted data.
- Moreover, once the only-one-authority is crashed, the system completely cannot work well.
- Although some multi-authority CP-ABE schemes have been proposed, they still cannot deal with the problem of single-point bottleneck on both security and performance mentioned above.
- The adversary can obtain private keys of specific attributes by compromising specific one or more authorities.
- Crash or offline of a specific authority will make that private keys of all attributes in attribute subset maintained by this authority cannot be generated and distributed, which will still influence the whole system’s effective operation.
PROPOSED SYSTEM:
- In this paper, we propose a robust and verifiable threshold multi-authority CP-ABE access control scheme, named TMACS, to deal with the single-point bottleneck on both security and performance in most existing schemes.
- In TMACS, multiple authorities jointly manage the whole attribute set but no one has full control of any specific attribute. Since in CP-ABE schemes, there is always a secret key (SK) used to generate attribute private keys, we introduce (t; n) threshold secret sharing into our scheme to share the secret key among authorities.
- In TMACS, we redefine the secret key in the traditional CP-ABE schemes as master key. The introduction of (t; n) threshold secret sharing guarantees that the master key cannot be obtained by any authority alone.
ADVANTAGES OF PROPOSED SYSTEM:
- TMACS is not only verifiable secure when less than t authorities are compromised, but also robust when no less than t authorities are alive in the system.
- To the best of our knowledge, this paper is the first try to address the singlepoint bottleneck on both security and performance in CPABE access control schemes in public cloud storage.
- In existing access control systems for public cloud storage, there brings a single-point bottleneck on both security and performance against the single authority for any specific attribute.
- To the best of our knowledge, we are the first to design a multi-authority access control architecture to deal with the problem.
- By introducing the combining of (t; n) threshold secret sharing and multi-authority CP-ABE scheme, we propose and realize a robust and verifiable multi-authority access control system in public cloud storage, in which multiple authorities jointly manage a uniform attribute set.
- Furthermore, by efficiently combining the traditional multi-authority scheme with ours, we construct a hybrid one, which can satisfy the scenario of attributes coming from different authorities as well as achieving security and system-level robustness.
SYSTEM ARCHITECTURE:
SYSTEM REQUIREMENTS:
HARDWARE REQUIREMENTS:
- System : Pentium Dual Core.
- Hard Disk : 120 GB.
- Monitor : 15’’ LED
- Input Devices : Keyboard, Mouse
- Ram : 1GB.
SOFTWARE REQUIREMENTS:
- Operating system : Windows 7.
- Coding Language : JAVA/J2EE
- Tool : Netbeans 7.2.1
- Database : MYSQL
REFERENCE:
Wei
Li, Kaiping Xue, Yingjie Xue, and Jianan Hong, “TMACS: A Robust and
Verifiable Threshold Multi-Authority Access Control System in Public
Cloud Storage”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 27, NO. 5, MAY 2016.
No comments:
Post a Comment