Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with Verifiable Delegation in Cloud Computing

ABSTRACT:

In the cloud, for achieving access control and keeping data confidential, the data owners could adopt attribute-based encryption to encrypt the stored data. Users with limited computing power are however more likely to delegate the mask of the decryption task to the cloud servers to reduce the computing cost. As a result, attribute-based encryption with delegation emerges. Still, there are caveats and questions remaining in the previous relevant works. For instance, during the delegation, the cloud servers could tamper or replace the delegated ciphertext and respond a forged computing result with malicious intent. They may also cheat the eligible users by responding them that they are ineligible for the purpose of cost saving. Furthermore, during the encryption, the access policies may not be flexible enough as well. Since policy for general circuits enables to achieve the strongest form of access control, a construction for realizing circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation has been considered in our work. In such a system, combined with verifiable computation and encrypt-then-mac mechanism, the data confidentiality, the fine-grained access control and the correctness of the delegated computing results are well guaranteed at the same time. Besides, our scheme achieves security against chosen-plaintext attacks under the k-multilinear Decisional Diffie-Hellman assumption. Moreover, an extensive simulation campaign confirms the feasibility and efficiency of the proposed solution.

EXISTING SYSTEM:

• The servers could be used to handle and calculate numerous data according to the user’s demands. As applications move to cloud computing platforms, ciphertext-policy attribute-based encryption (CP-ABE) and verifiable delegation (VD) are used to ensure the data confidentiality and the verifiability of delegation on dishonest cloud servers.
• The increasing volumes of medical images and medical records, the healthcare organizations put a large amount of data in the cloud for reducing data storage costs and supporting medical cooperation.
• There are two complementary forms of attribute based encryption. One is key-policy attribute-based encryption (KP-ABE) and the other is ciphertext-policy attribute-based encryption (CPABE).

DISADVANTAGES OF EXISTING SYSTEM:

• The cloud server might tamper or replace the data owner’s original ciphertext for malicious attacks, and then respond a false transformed ciphertext.
• The cloud server might cheat the authorized user for cost saving. Though the servers could not respond a correct transformed ciphertext to an unauthorized user, he could cheat an authorized one that he/she is not eligible.

PROPOSED SYSTEM:

• We firstly present a circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation scheme. General circuits are used to express the strongest form of access control policy.
• The proposed scheme is proven to be secure based on k-multilinear Decisional Diffie-Hellman assumption. On the other hand, we implement our scheme over the integers.
• During the delegation computing, a user could validate whether the cloud server responds a correct transformed ciphertext to help him/her decrypt the ciphertext immediately and correctly.

ADVANTAGES OF PROPOSED SYSTEM:

• The generic KEM/DEM construction for hybrid encryption which can encrypt messages of arbitrary length.
• They seek to guarantee the correctness of the original ciphertext by using a commitment.
• We give the anti-collusion circuit CP-ABE construction in this paper for the reason that CPABE is conceptually closer to the traditional access control methods.

SYSTEM ARCHITECTURE:

MODULES:

• Attribute Authority
• Cloud Server
• Data owner
• Data Consumer

MODULES DESCRIPTION:

1. Attribute Authority:

Authority will have to provide the key, as per the user’s key request. Every users request will have to be raised to authority to get access key on mail. There are two complementary forms of attribute-based encryption. One is key-policy attribute-based encryption (KP-ABE) and the other is ciphertext-policy attribute-based encryption (CPABE). In a KP-ABE system, the decision of access policy is made by the key distributor instead of the encipherer, which limits the practicability and usability for the system in practical applications.

2. Cloud Server:

Cloud server will have the access to files which are uploaded by the data owner

Cloud server needs to decrypt the files available under their permission.

Furthermore data user will have to decrypt the data to access the original text by providing the respective key. File has been decrypted successfully and provided for consumer.

3. Data owner:

Data owner will have to register initially to get access to the profile. Data Owner will upload the file to the cloud server in the encrypted format. Random encryption key generation is happening while uploading the file to the cloud. Encrypted file will be stored on the cloud.

4. Data Consumer:

Data consumer will initially ask for the key to the Authority to verify and decrypt the file in the cloud. Data consumer can access the file based on the key received from mail id. As per the key received the consumer can verify and decrypt the data from the cloud.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

• System : Pentium Dual Core.
• Hard Disk : 120 GB.
• Monitor : 15’’ LED
• Input Devices : Keyboard, Mouse
• Ram :

SOFTWARE REQUIREMENTS:

• Operating system : Windows 7.
• Coding Language : JAVA/J2EE
• Tool : Netbeans 7.2.1
• Database : MYSQL

REFERENCE:

Jie Xu, Qiaoyan Wen, Wenmin Li, and Zhengping Jin, “Circuit Ciphertext-Policy Attribute-Based Hybrid Encryption with Verifiable Delegation in Cloud Computing”, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 27, NO. 1, JANUARY 2016.