Decentralized Access Control With Anonymous Authentication Of Data Stored In Clouds

DECENTRALIZED ACCESS CONTROL WITH ANONYMOUS AUTHENTICATION OF DATA STORED IN CLOUDS

ABSTRACT:

We propose a new decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. In the proposed scheme, the cloud verifies the authenticity of the series without knowing the user’s identity before storing data. Our scheme also has the added feature of access control in which only valid users are able to decrypt the stored information. The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. We also address user revocation. Moreover, our authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralized approaches.

EXISTING SYSTEM:

Much of the data stored in clouds is highly sensitive, for example, medical records and social networks. Security and privacy are, thus, very important issues in cloud computing. In one hand, the user should authenticate itself before initiating any transaction, and on the other hand, it must be ensured that the cloud does not tamper with the data that is outsourced. User privacy is also required so that the cloud or other users do not know the identity of the user. The cloud can hold the user accountable for the data it outsources, and likewise, the cloud is itself accountable for the services it provides. The validity of the user who stores the data is also verified. Apart from the technical solutions to ensure security and privacy, there is also a need for law enforcement. Efficient search on encrypted data is also an important concern in clouds. The clouds should not know the query but should be able to return the records that satisfy the query.

DISADVANTAGES OF EXISTING SYSTEM:

·       It is unsecure.

·       No privacy.

·       Anyone can able to access and modify the data.

·       Problem here is that the data records should have keywords associated with them to enable the search.

PROPOSED SYSTEM:

Although we proposed a decentralized approach, their technique does not authenticate users, who want to remain anonymous while accessing the cloud. In an earlier work, proposed a distributed access control mechanism in clouds. However, the scheme did not provide user authentication. The other drawback was that a user can create and store a file and other users can only read the file. Write access was not permitted to users other than the creator. In the preliminary version of this paper, we extend our previous work with added features that enables to authenticate the validity of the message without revealing the identity of the user who has stored information in the cloud. In this version we also address user revocation, that was not addressed. We use ABS scheme to achieve authenticity and privacy. Unlike our scheme is resistant to replay attacks, in which a user can replace fresh data with stale data from a previous write, even if it no longer has valid claim policy. This is an important property because a user, revoked of its attributes, might no longer be able to write to the cloud. We, therefore, add this extra feature in our scheme and modify appropriately. Our scheme also allows writing multiple times which was not permitted in our earlier work.

ADVANTAGES OF PROPOSED SYSTEM:

·       It provides authentication of users who store and modify their data on the cloud.

·       It revoked users cannot access data after they have been revoked.

·       Costs are comparable to the existing centralized approaches.

SYSTEM ARCHITECTURE:

SYSTEM CONFIGURATION:-

HARDWARE REQUIREMENTS:-

ü Processor                  -        Pentium –IV

ü Speed                        -        1.1 Ghz

ü RAM                         -        512 MB(min)

ü Hard Disk                 -        40 GB

ü Key Board                -        Standard Windows Keyboard

ü Mouse                       -        Two or Three Button Mouse

ü Monitor                     -        LCD/LED

SOFTWARE REQUIREMENTS:

Operating system      :         Windows XP.

Coding Language      :         .Net

Data Base                 :         SQL Server 2005

Tool                          :         VISUAL STUDIO 2008.

REFERENCE:

Sushmita Ruj, Milos Stojmenovic and Amiya Nayak, “Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds” IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 25, NO. 2, FEBRUARY 2014.

Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud

Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud

CLICK HERE TO VIEW THE OUTPUT

ABSTRACT:

With data storage and sharing services in the cloud, users can easily modify and share data as a group. To ensure shared data integrity can be verified publicly, users in the group need to compute signatures on all the blocks in shared data. Different blocks in shared data are generally signed by different users due to data modifications performed by different users. For security reasons, once a user is revoked from the group, the blocks which were previously signed by this revoked user must be re-signed by an existing user. The straightforward method, which allows an existing user to download the corresponding part of shared data and re-sign it during user revocation, is inefficient due to the large size of shared data in the cloud. In this paper, we propose a novel public auditing mechanism for the integrity of shared data with efficient user revocation in mind. By utilizing the idea of proxy re-signatures, we allow the cloud to re-sign blocks on behalf of existing users during user revocation, so that existing users do not need to download and re-sign blocks by themselves. In addition, a public verifier is always able to audit the integrity of shared data without retrieving the entire data from the cloud, even if some part of shared data has been re-signed by the cloud. Moreover, our mechanism is able to support batch auditing by verifying multiple auditing tasks simultaneously. Experimental results show that our mechanism can significantly improve the efficiency of user revocation.

EXISTING SYSTEM:

To protect the integrity of data in the cloud, a number of mechanisms have been proposed. In these mechanisms, a signature is attached to each block in data, and the integrity of data relies on the correctness of all the signatures. One of the most significant and common features of these mechanisms is to allow a public verifier to efficiently check data integrity in the cloud without downloading the entire data, referred to as public auditing (or denoted as Provable Data Possession ).This public verifier could be a client who would like to utilize cloud data for particular purposes (e.g., search, computation, data mining, etc.) or a third party auditor (TPA) who is able to provide verification services on data integrity to users. Most of the previous works  focus on auditing the integrity of personal data.

DISADVANTAGES OF EXISTING SYSTEM:

v Especially when the number of re-signed blocks is quite large.

v Existing users may access their data sharing services provided by the cloud with resource limited devices, such as mobile phones.

v Frequent Security Issues.

PROPOSED SYSTEM:

We propose Panda, a novel public auditing mechanism for the integrity of shared data with efficient user revocation in the cloud. In our mechanism, by utilizing the idea of proxy re-signatures, once a user in the group is revoked, the cloud is able to resign the blocks, which were signed by the revoked user, with a re-signing key. As a result, the efficiency of user revocation can be significantly improved, and computation and communication resources of existing users can be easily saved. Meanwhile, the cloud, which is not in the same trusted domain with each user, is only able to convert a signature of the revoked user into a signature of an existing user on the same block, but it cannot sign arbitrary blocks on behalf of either the revoked user or an existing user. By designing a new proxy re-signature scheme with nice properties, which traditional proxy re signatures do no have, our mechanism is always able to check the integrity of shared data without retrieving the entire data from the cloud.

ADVANTAGES OF PROPOSED SYSTEM:

v Easily Revocable of signatures for the existing users.

v The public verifier can audit the integrity of shared data without retrieving the entire data from the cloud.

SYSTEM ARCHITECTURE

SYSTEM CONFIGURATION:-

HARDWARE REQUIREMENTS:-

Processor                  -        Pentium –IV

Speed                        -        1.1 Ghz

RAM                         -        512 MB(min)

Hard Disk                 -        40 GB

Key Board                -        Standard Windows Keyboard

Mouse                       -        Two or Three Button Mouse

Monitor                     -        LCD/LED

SOFTWARE REQUIREMENTS:

Operating system      :         Windows XP.

Coding Language      :         .Net

Data Base                 :         SQL Server 2005

Tool                          :         VISUAL STUDIO 2008.

REFERENCE:

Boyang Wang, Baochun Li, and Hui Li, “Panda: Public Auditing for Shared Data with Efficient User Revocation in the Cloud” IEEE TRANSACTIONS ON SERVICE COMPUTING VOL. PP, NO. 99, December 2013

Balancing Performance, Accuracy, And Precision For Secure Cloud Transactions

BALANCING PERFORMANCE, ACCURACY, AND PRECISION FOR SECURE CLOUD TRANSACTIONS

CLICK HERE TO VIEW THE OUTPUT

 

ABSTRACT:

In distributed transactional database systems deployed over cloud servers, entities cooperate to form proofs of authorizations that are justified by collections of certified credentials. These proofs and credentials may be evaluated and collected over extended time periods under the risk of having the underlying authorization policies or the user credentials being in inconsistent states. It therefore becomes possible for policy-based authorization systems to make unsafe decisions that might threaten sensitive resources. In this paper, we highlight the criticality of the problem. We then define the notion of trusted transactions when dealing with proofs of authorization. Accordingly, we propose several increasingly stringent levels of policy consistency constraints, and present different enforcement approaches to guarantee the trustworthiness of transactions executing On cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, which is a modified version of the basic Two-Phase Validation Commit protocols. We finally analyze the different approaches presented using both analytical evaluation of the overheads and simulations to guide the decision makers to which approach to use.

EXISTING SYSTEM:

Interesting consistency problems can arise as transactional database systems are deployed in cloud environments and use policy-based authorization systems to protect sensitive resources. In addition to handling consistency issues among database replicas, we must also handle two types of security inconsistency conditions. First, the system may suffer from policy inconsistencies during policy updates due to the relaxed consistency model underlying most cloud services. For example, it is possible for several versions of the policy to be observed at multiple sites within a single transaction, leading to inconsistent (and likely unsafe) access decisions during the transaction. Second, it is possible for external factors to cause user credential inconsistencies over the lifetime of a transaction. For instance, a user’s login credentials could be invalidatedor revoked after collection by the authorization server, but before the completion of the transaction.

DISADVANTAGES OF EXISTING SYSTEM:

v Insecure Data’s.

v Time takes too long for authentication.

v Requiring expensive infrastructure.

PROPOSED SYSTEM:

We propose several increasingly stringent levels of policy consistency constraints, and present different enforcement approaches to guarantee the trustworthiness of transactions executing on cloud servers. We propose a Two-Phase Validation Commit protocol as a solution, which is a modified version of the basic Two-Phase Validation Commit protocols. We finally analyze the different approaches presented using both analytical evaluation of the overheads and simulations to guide the decision makers to which approach to use.

ADVANTAGES OF PROPOSED SYSTEM:

v Safe transactions, that identifies transactions that are both trusted and conform to the ACID properties of distributed database systems.

v Two-Phase Validation Commit (2PVC) protocol that ensures that a transaction is safe by checking policy.

SYSTEM ARCHITECTURE

SYSTEM CONFIGURATION:-

HARDWARE REQUIREMENTS:-

Processor                  -        Pentium –IV

Speed                        -        1.1 Ghz

RAM                         -        512 MB(min)

Hard Disk                 -        40 GB

Key Board                -        Standard Windows Keyboard

Mouse                       -        Two or Three Button Mouse

Monitor                     -        LCD/LED

SOFTWARE REQUIREMENTS:

Operating system      :         Windows XP.

Coding Language      :         .Net

Data Base                 :         SQL Server 2005

Tool                          :         VISUAL STUDIO 2008.

REFERENCE:

Marian K. Iskander, Tucker Trainor, Dave W. Wilkinson, Adam J. Lee, and Panos K. Chrysanthis, “Balancing Performance, Accuracy, and Precision for Secure Cloud Transactions” IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 25, NO. 2, FEBRUARY 2014