HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING
HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING
INTRODUCTION
Cloud computing is a new computing paradigm that is built on virtualization, parallel and distributed computing, utility computing, and service-oriented architecture. We propose a hierarchical attribute-set-based encryption (HASBE) scheme for access control in cloud computing. HASBE extends the cipher text-policy attribute- set-based encryption (CP-ASBE, or ASBE for short) scheme with a hierarchical structure of system users, so as to achieve scalable, flexible and fine-grained access control.
SCOPE OF THE PROJECT
However, most of them suffer from hardness in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing. We propose hierarchical attribute-set-based encryption (HASBE) by extending cipher-text-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability, flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes. The main operations of HASBE: System Setup, Top-Level Domain Authority Grant, New Domain Authority/User Grant, New File Creation, User Revocation, File Access, and File Deletion.
MODULES NAME
• Authentication• Trusted Authority• Domain Authority• Data Owner• Data Consumer• Cloud Service Provider
MODULE DESCRIPTION
Authentication:
If you are the new user going to access the make request or process request then they have to register first by providing necessary details. After successful completion of sign up process, the user has to login into the application by providing username and exact password. The user has to provide exact username and password which was provided at the time of registration, if login success means it will take up to main page else it will remain in the login page itself.
Trusted Authority:
Trusted Authority is Main part of this project. It is create one decryption key for the relevant encryption key. After the decryption key provided the domain authority. Domain authority, Data owner, Data consumer and Cloud service provider are controlled in Trusted Authority.
Data Owner:
Data Owner is store the data in cloud service provider for secure purpose. Before Data owner get the permission from the domain authority for store the data. After get the permission Data owner first encrypt the file or data and store the data in cloud storage or cloud service provider.
Domain Authority:
Domain Authority is sub head for the trusted authority. Domain authority performs the administrator operation. Data owner will not store the data without domain authority permission and Data consumer will not get the data without Domain authority permission. So the domain authority provides the permission to the Data owner and Data consumer.
Cloud Service Provider:
Cloud Service Provider is another name for cloud storage. Cloud storage is providing the security for data. Only authorized user (get permission from the domain authority) allows encrypting and storing the data. Authorized user allows retrieving the data and decrypting the data.
Data Consumer:
First Data Consumer gets the permission from the domain authority for data. Data consumer pays some amount of money to the domain authority and gets the decryption key. Finally Data Consumer retrieves the data from cloud service provider and decrypts the data using the decryption key.
Login
Login
Next Page
Next Page
Check
Status
Check
Status
Database Database
Authentication:
Yes
No
Trusted Authority:
Trusted Authority Trusted Authority
Data Owner
Data Owner
Domain Authority Domain Authority
Data Consumer Data Consumer
Cloud Storage Cloud Storage
Domain Authority:
Domain Authority
Domain Authority
Data Owner Data Owner
Cloud
Service Provider
Cloud
Service Provider
Data Consumer Data Consumer
Data Owner:
Domain Authority
Domain Authority
Data Owner
Data Owner
Get Permission
Get Permission
Encrypted Data
Encrypted Data
Cloud Storage
Cloud Storage
Data Consumer:
Data Owner
Data Owner
Get Decryption Key
Get Decryption Key
Pay Money
Pay Money
Cloud Storage
Cloud Storage
Get & Decrypted Data
Get & Decrypted Data
Domain Authority
Domain Authority
Cloud Service Provider:
Data Owner
Data Owner
Data Consumer
Data Consumer
Cloud Storage
Cloud Storage
Encrypt & Store Data
Encrypt & Store Data
Retrieve &Decrypt Data
Retrieve &Decrypt Data
COMPONENT DIAGRAM:
The component diagram's main purpose is to show the structural relationships between the components of a system. A component represented implementation items, such as files and executables. Unfortunately, this conflicted with the more common use of the term component," which refers to things such as COM components. Over time and across successive releases of UML, the original UML meaning of components was mostly lost. UML 2 officially changes the essential meaning of the component concept; in UML 2, components are considered autonomous, encapsulated units within a system or subsystem that provide one or more interfaces.
Trusted Authority
Domain Authority
Data Consumer
Data Owner
Cloud Storage
In this component diagram, trusted authority is the head for this project. Domain authority is the subhead for this project. It performs the administrator operation. Data Owner first get the permission from the domain authority and encrypt the data and store the data in cloud storage. At a time trusted authority create one decryption key to relevant data and provide the decryption key to the domain authority. Data Consumer pay some amount of money to the domain authority and get the decryption key. Finally get and decrypt the data from cloud storage.
E-R DIAGRAM:
In software engineering, an entity-relationship model (ERM) is an abstract and conceptual representation of data. Entity-relationship modeling is a database modeling method, used to produce a type of conceptual schema or semantic data model of a system, often a relational database, and its requirements in a top-down fashion. Diagrams created by this process are called entity-relationship diagrams, ER diagrams, or ERDs.An entity-relationship (ER) diagram is a specialized graphic that illustrates the relationships between entities in a database. ER diagrams often use symbols to represent three different types of information. Boxes are commonly used to represent entities. Diamonds are normally used to represent relationships and ovals are used to represent attributes.
Trusted Authority
Trusted Authority
Domain AuthorityDomain Authority
Data Owner Data Owner
Data consumer Data consumer
Cloud storage Cloud storage
Decrypt KeyDecrypt Key
Decrypt KeyDecrypt Key
Name Name
Get Decrypt Key
Get Decrypt Key
Store DataStore Data
Password PasswordData
Encrypt
Data
Encrypt
Pay Money
Pay Money
Get Permission
Get Permission
Retrieve & Decrypt Data
Retrieve & Decrypt Data
In this entity relationship (ER), trusted authority is the head for this project. Domain authority is the subhead for this project. It performs the administrator operation. Data Owner first get the permission from the domain authority and encrypt the data and store the data in cloud storage. At a time trusted authority create one decryption key to relevant data and provide the decryption key to the domain authority. Data Consumer pay some amount of money to the domain authority and get the decryption key. Finally get and decrypt the data from cloud storage.
Future Enhancement Module Diagram & Description
File Auditing
The Data Owner first checks the file in cloud storage or cloud service provider. The file is available or not. If the file is not available means the data owner encrypt the file and store the file in cloud storage. File available means Auditing process success.
Data Owner Data Owner Auditing Success Auditing Success
Cloud Storage Cloud Storage
If check File
If check File
Yes
No
GIVEN INPUT EXPECTED OUTPUT
File Auditing
Input: Check the file available or not.Output: Available means auditing success and not available means encrypt & store the file in cloud storage.
ADVANTAGES
• Recall that our system model consists of a trusted authority, multiple domain authorities, and numerous users corresponding to data owners and data consumers.• Each user in the system is assigned a key structure which specifies the attributes associated with the user’s decryption key.• conducted comprehensive performance analysis and evaluation, which showed its efficiency
APPLICATION
Website
In Gmail, The user provides correct username and password means go to the next page. It is provide the secure for data. Only authorized person allow accessing the data. The authorized person receives the data from other and sends data to the other.
In Amazon website, the authorized person allows to view data and store some of the data and retrieve the data from this website. Unauthorized person not allow to accessing the data and Viewing the data and storing the data.
CONCLUSION
We achieve this goal by exploiting and individually combining techniques of attribute-based Encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has most important properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed schemes is highly efficient and provably secure under existing security models.