Policy-Attribute based Access Control Approach for Big Data Architecture Security S. Regha #1 , M. Manimekalai *2 #1 Research Scholar, Department of Computer Science, Shrimati Indira Gandhi College, Tiruchirappalli, India *2 Professor, Director, and Head, Department of Computer Science, Shrimati Indira Gandhi College, Tiruchirappalli, India Abstract— Attribute-based encryption is a promising system that accomplishes adaptable, and fine-grained data access control over encoded data, which is entirely appropriate for a secure data-sharing condition, for example, the at present well-known cloud computing. Apache Hadoop is a transcendent programming system for circulated process and capacity with the ability to deal with gigantic measures of data, ordinarily alluded to as Big Data. This data gathered from various ventures and government offices frequently incorporate private and touchy data, which should be secured from unapproved access. Be that as it may, conventional attribute-based encryption neglects to give a productive keyword-based inquiry on encoded data, which to some degree, debilitates the intensity of this encryption strategy, as search is generally the most significant way to deal with rapidly acquire data of enthusiasm from a considerable amount dataset. In this paper, Policy - Attribute-Based Access Control is proposed, which is based on the out and out key-policy attribute-based encryption scheme. Keywords— Attribute-based Access Control, Encryption, Hadoop Ecosystem, Key-Policy, Cloud computing I. INTRODUCTION Big Data has become a fundamental resource for endeavors, which are saddling its potential for producing extra income, offering better client experience, and forming bits of knowledge into their plans of action. The data created from different and fluctuated sources, including the Internet of Things, social stages, medicinal services, system logs, bio-informatics, etc. contribute and characterize the ethos of Big Data, which is volume, velocity, and variety [1][2]. Data lake framed by the amalgamation of data from these sources requires incredible, adaptable, and strong, stockpiling, and preparing stages to uncover the genuine worth covered up inside this data mine [3]. In the course, Apache Hadoop has developed as a dominating stage for taking care of Big Data. Alongside center Hadoop 2.x segments including Hadoop Common, MapReduce, Hadoop Distributed File System (HDFS), and Apache YARN, a few activities have added to settle on Hadoop ecosystem the prime decision as a powerful, flexible and flaw tolerant Big Data handling system [4]. Open source ventures like Apache HBase, Apache Hive, Apache Knox, Apache Storm, Spark, and so on have made this system accessible and usable to business and non-specialized clients additionally, making it pervasive in undertakings, the scholarly community and somewhere else. Such wide acknowledgment of this stage propels specialists and researchers to make it progressively secure, considering the way that it handles the most valuable resource of any endeavor, for example, Data. In the year 2017 alone, a few cases of data ruptures were brought to the notification of the world, which intensifies and accentuates the requirement for better digital security and protection instruments [5]. Hadoop system security is exceptionally testing, considering its conveyed nature and expansive assault surface. This multi-occupant stage must be secure to anticipate unapproved access to delicate data and group assets utilized inside this system. Since numerous clients would be running various applications and employments on this stage, it is significant that no data rupture happens, and essential data is just uncovered to approved clients [6]. The classification and honesty of data and assets can be undermined if attacks like Hadoop administration daemons (HDFS NameNode, DataNode, YARN ResourceManager etc.) pantomime, refusal of bunch assets, murdering or adjusting of client applications by the pernicious client, unapproved data access in HDFS, etc. are organized. For instance, in the event of Hadoop daemons disguising, when a malignant help is enrolled as a piece of the Hadoop bunch, unapproved clients can access data squares dwelling on data hubs or even expend all group assets by running high asset requesting occupations, hence, averting different clients to utilize the bunch. Such attacks can be sorted out from ISSN NO: 1021-9056 http://infokara.com/ 1040 INFOKARA RESEARCH Volume 8 Issue 12 2019
11
Embed
Policy-Attribute based Access Control Approach for Big ...infokara.com/gallery/102-dec-3393.pdf · Policy-Attribute based Access Control Approach for Big Data Architecture Security
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Policy-Attribute based Access Control Approach for Big
Data Architecture Security S. Regha #1, M. Manimekalai *2
#1 Research Scholar, Department of Computer Science, Shrimati Indira Gandhi College, Tiruchirappalli, India *2 Professor, Director, and Head, Department of Computer Science, Shrimati Indira Gandhi College, Tiruchirappalli, India
Abstract— Attribute-based encryption is a promising system that accomplishes adaptable, and fine-grained data access control over
encoded data, which is entirely appropriate for a secure data-sharing condition, for example, the at present well-known cloud
computing. Apache Hadoop is a transcendent programming system for circulated process and capacity with the ability to deal with
gigantic measures of data, ordinarily alluded to as Big Data. This data gathered from various ventures and government offices
frequently incorporate private and touchy data, which should be secured from unapproved access. Be that as it may, conventional
attribute-based encryption neglects to give a productive keyword-based inquiry on encoded data, which to some degree, debilitates
the intensity of this encryption strategy, as search is generally the most significant way to deal with rapidly acquire data of
enthusiasm from a considerable amount dataset. In this paper, Policy - Attribute-Based Access Control is proposed, which is based on
the out and out key-policy attribute-based encryption scheme.
Step 5.2: Output: The Generation of Transform key.
Step 5.3: The key generation algorithm is called by the authority to generate the key for new
attribute set.
Step 5.4: Then the encryption algorithm is used to encrypt the message with attribute sets and
with access structure, to generate the transform key.
Fig. 1.5: Transform Key Generation Algorithm in the proposed PA-BAC
Step 6: Re-Encryption
Step 6.1: Input: Cipher Text association with first access structure and Transformation
Key.
Step 6.2: Output: Generation of the Updated Cipher Text
ISSN NO: 1021-9056
http://infokara.com/1043
INFOKARA RESEARCH
Volume 8 Issue 12 2019
Step 6.3: The updation of the cipher text is done with the access structure which is
satisfied by the attribute set, and with the set of constants.
Step 6.4: The below equations (8),(9) and (10) are used to update the cipher text.
Fig. 1.6: Re-Encryption Algorithm in the proposed PA-BAC
Step 7: Decryption
Step 7.1: Input: The private key and the updated cipher text.
Step 7.2: Output: Plain text or symbol message.
Step 7.3: The decryption of the cipher text takes place if the access structure with the
cipher text is satisfied by the attribute key.
Step 7.4: The equation is used to check the correct authority. If the
verification is not passed, then the key is generated from the malicious authority, then the
process is stopped.
Step 7.5: The computation of the key is done with equation (11) in the figure 7.
Step 7.6: The equation (12) is used to decrypt the original message.
Fig. 1.7: Decryption Algorithm in the proposed PA-BAC
Step 8: Output Decryption
Step 8.1: Input: Cipher text, Outsourced key and the retrieve key.
Step 8.2: Output: Message or symbol.
Step 8.3: The Linear Secret Sharing Scheme (LSSS) is set as the threshold.
ISSN NO: 1021-9056
http://infokara.com/1044
INFOKARA RESEARCH
Volume 8 Issue 12 2019
Step 8.4: The outsourced key is send for a set and the cipher text for the given access
structure.
Fig. 1.8: Output Decryption Algorithm in the proposed PA-BAC
Step 9: Policy to Update
Step 9.1: When the data owner wants to change the access policy from previous policy A to a new
policy A, he first runs the update-key generation algorithm and then sends the updated keys
to the cloud server.
Step 9.2: After receiving update keys, the cloud server executes the ciphertext-update
algorithm to update the ciphertext.
IV. RESULT AND DISCUSSION
In this paper, we have exhibited a policy-attribute based access control system of the big data
design security for the cloud stockpiling systems, which is both effective and secure. Table 1 delineates
the Encryption computing time taken in seconds for the changing number of specialists engaged with the
policy-attribute based access control system. Figure 2 speaks to the graphical portrayal of the encryption
calculation time in seconds with several specialists utilizing proposed PA-BAC and existing A-BAC
systems. From table 1 and figure 2, the proposed PA-BAC plays out the encryption in less time than the
current A-BAC system.
TABLE 1: ENCRYPTION COMPUTATION TIME IN SECONDS BY THE PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND
EXISTING ATTRIBUTE-BASED ACCESS CONTROL SYSTEM FOR VARYING NUMBER OF AUTHORITIES
Number of Authorities
Encryption time in seconds
Proposed Policy-Attribute based
Access Control
Existing Attribute-based Access
control
2 12 22
3 18 30
4 22 41
5 25 52
6 29 63
7 38 81
8 52 97
9 64 105
10 78 128
11 85 146
ISSN NO: 1021-9056
http://infokara.com/1045
INFOKARA RESEARCH
Volume 8 Issue 12 2019
Fig. 2: Graphical Representation of the encryption computation time in seconds with several authorities using proposed PA-BAC and existing A-
BAC systems
Table 2 delineates the key age calculation time in seconds utilizing proposed PA-BAC and existing
A-BAC systems for the differing number of specialists. Figure 3 speaks to the graphical portrayal of the
key age calculation time in seconds with several specialists utilizing proposed PA-BAC and existing A-
BAC systems. From table 2 and figure 3, the proposed PA-BAC plays out the key age in less time than the
current A-BAC system.
TABLE 2: KEY GENERATION COMPUTATION TIME IN SECONDS BY THE PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND
EXISTING ATTRIBUTE-BASED ACCESS CONTROL SYSTEM FOR VARYING NUMBER OF AUTHORITIES
Number of Authorities
Key Generation time in seconds
Proposed Policy-Attribute based
Access Control
Existing Attribute-based Access
control
2 18 25
3 28 39
4 37 51
5 49 78
6 54 89
7 65 99
8 72 108
9 78 122
10 85 131
11 92 139
Fig. 3: Graphical Representation of the Key Generation computation time in seconds with several authorities using proposed PA-BAC and existing
A-BAC systems
ISSN NO: 1021-9056
http://infokara.com/1046
INFOKARA RESEARCH
Volume 8 Issue 12 2019
Table 3 portrays the Decryption calculation time in seconds utilizing proposed PA-BAC and
existing A-BAC systems for a shifting number of specialists. Figure 4 speaks to the graphical portrayal of
the unscrambling calculation time in seconds with several specialists utilizing proposed PA-BAC and
existing A-BAC systems. From table 3 and figure 4, the proposed PA-BAC plays out the unscrambling in
less time than the current A-BAC system.
TABLE 3: DECRYPTION COMPUTATION TIME IN SECONDS BY THE PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND
EXISTING ATTRIBUTE-BASED ACCESS CONTROL SYSTEM FOR VARYING NUMBER OF AUTHORITIES
Number of
Authorities
Decryption time in seconds
Proposed Policy-Attribute based
Access Control
Existing Attribute-based Access
control
2 16 28
3 21 35
4 32 48
5 39 56
6 49 68
7 56 75
8 68 89
9 75 95
10 82 109
11 93 115
Fig. 4: Graphical Representation of the Decryption computation time in seconds with several authorities using proposed PA-BAC and existing A-
BAC systems
Table 4 portrays the Encryption calculation time in seconds utilizing proposed PA-BAC and
existing A-BAC systems for the differing number of attributes per authority. Figure 5 speaks to the
graphical portrayal of the encryption calculation time in seconds with several attributes per specialist
utilizing proposed PA-BAC and existing A-BAC systems. From table 4 and figure 5, the proposed PA-
BAC plays out the encryption in less time than the current A-BAC system for the shifting number of
attributes per authority.
TABLE 4: ENCRYPTION COMPUTATION TIME IN SECONDS BY THE PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND
EXISTING ATTRIBUTE-BASED ACCESS CONTROL SYSTEM FOR VARYING NUMBER OF ATTRIBUTES PER AUTHORITY
Number of attributes per
authority
Encryption time in seconds
Proposed Policy-Attribute based
Access Control
Existing Attribute-based Access
control
6 21 35
8 29 48
10 35 68
12 51 79
14 63 92
16 75 118
ISSN NO: 1021-9056
http://infokara.com/1047
INFOKARA RESEARCH
Volume 8 Issue 12 2019
18 89 129
20 97 135
22 101 147
24 112 163
Fig. 5: Graphical Representation of the encryption computation time in seconds with the number of attributes per authority using proposed PA-
BAC and existing A-BAC systems
Table 5 portrays the Key Generation calculation time in seconds utilizing proposed PA-BAC and
existing A-BAC systems for shifting several attributes per authority. Figure 6 speaks to the graphical
portrayal of the key age calculation time in seconds with several attributes per specialist utilizing proposed
PA-BAC and existing A-BAC systems. From table 5 and figure 6, the proposed PA-BAC plays out the
key age in less time than the current A-BAC system for the changing number of attributes per authority.
TABLE 5: KEY GENERATION COMPUTATION TIME IN SECONDS BY THE PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND
EXISTING ATTRIBUTE-BASED ACCESS CONTROL SYSTEM FOR VARYING NUMBER OF ATTRIBUTES PER AUTHORITY
Number of attributes per
authority
Key Generation Computation time in seconds
Proposed Policy-Attribute based
Access Control
Existing Attribute-based Access
control
6 21 38
8 32 54
10 46 71
12 59 92
14 70 105
16 89 118
18 97 126
20 101 138
22 119 145
24 121 167
Table 6 portrays the Decryption calculation time in seconds utilizing proposed PA-BAC and
existing A-BAC systems for changing several attributes per authority. Figure 6 speaks to the graphical
portrayal of the decoding calculation time in seconds with the number of attributes per specialist utilizing
proposed PA-BAC and existing A-BAC systems. From table 6 and figure 6, the proposed PA-BAC plays
out the unscrambling in less time than the current A-BAC system for the shifting number of attributes per
authority.
Table 7 delineates the calculation overhead by Proposed Policy-Attribute based Access Control,
and Existing Attribute-based Access Control. Figure 7 speaks to the graphical portrayal of the
Computational Overhead in (ms) for the Proposed PA-BAC and existing A-BAC strategy for a given
ISSN NO: 1021-9056
http://infokara.com/1048
INFOKARA RESEARCH
Volume 8 Issue 12 2019
number of solicitations. From table 7 and figure 7, unmistakably, the proposed P-ABC strategy takes less
computational time than the current ABC.
Fig. 6: Graphical Representation of the key generation computation time in seconds with the number of attributes per authority using proposed
PA-BAC and existing A-BAC systems
TABLE 6: DECRYPTION COMPUTATION TIME IN SECONDS BY THE PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND EXISTING ATTRIBUTE-BASED ACCESS CONTROL SYSTEM FOR VARYING NUMBER OF ATTRIBUTES PER AUTHORITY
Number of attributes per
authority
Decryption Computation time in seconds
Proposed Policy-Attribute based
Access Control
Existing Attribute-based Access
control
6 18 26
8 28 39
10 39 56
12 48 72
14 64 89
16 75 98
18 88 110
20 97 128
22 105 139
24 116 156
Fig. 7: Graphical Representation of the decryption computation time in seconds with the number of attributes per authority using proposed PA-
BAC and existing A-BAC systems
TABLE 7: COMPUTATION OVERHEAD IN (MILLISECONDS) USING PROPOSED POLICY-ATTRIBUTE BASED ACCESS CONTROL AND EXISTING ATTRIBUTE-BASED ACCESS CONTROL FOR VARYING NUMBER OF REQUESTS
Number of Requests
Computation Overhead in (ms)
Proposed Policy-Attribute based Access
Control (P-ABC)
Existing Attribute-based Access
Control (ABC)
1000 985 1021
2000 1041 1125
3000 1174 1257
ISSN NO: 1021-9056
http://infokara.com/1049
INFOKARA RESEARCH
Volume 8 Issue 12 2019
4000 1214 1384
5000 1374 1498
6000 1414 1532
7000 1574 1684
8000 1698 1725
9000 1702 1824
Fig. 8: Graphical representation of the Computational Overhead in (ms) for the Proposed PA-BAC and existing A-BAC method for a given
number of requests
V. CONCLUSIONS
In this examination work, Policy-Attribute based Access Control scheme is exhibited for the cloud
stockpiling systems, which is secure and proficient. Also, the proposed system doesn't require any focal
power and coordination among numerous specialists, consequently taking out the weight of secure
communication and the deferral of shared calculation. The proposed system acted in less calculation time
for the encryption, key age, and decoding with a differing number of specialists and changing several
attributes per specialist. The proposed system is progressively appropriate for handy access control since it
bolsters dynamic tasks. Also, it bolsters a huge universe of attributes.
[2] Demchenko, Yuri, et al. "Addressing big data challenges for scientific data infrastructure." 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings. IEEE, 2012.
[3] Islam, Md Rafiqul, and Md Ezazul Islam. "An approach to provide security to unstructured Big Data." The 8th International Conference on Software,
Knowledge, Information Management and Applications (SKIMA 2014). IEEE, 2014. [4] Lee, Myungcheol, et al. "Load adaptive and fault-tolerant distributed stream processing system for explosive stream data." 2016 18th International
Conference on Advanced Communication Technology (ICACT). IEEE, 2016.
[5] Demchenko, Yuri, et al. "Big security for big data: Addressing security challenges for the big data infrastructure." Workshop on Secure Data Management. Springer, Cham, 2013.
[6] Moustafa, Nour, et al. "Collaborative anomaly detection framework for handling big data of cloud computing." 2017 Military Communications and
Information Systems Conference (MilCIS). IEEE, 2017. [7] Zhao, Jiaqi, et al. "A security framework in G-Hadoop for big data computing across distributed Cloud data centers." Journal of Computer and System
Sciences 80.5 (2014): 994-1007.
[8] Xie, Xingxing, et al. "New ciphertext-policy attribute-based access control with efficient revocation." Information and Communication Technology-EurAsia Conference. Springer, Berlin, Heidelberg, 2013.
[9] Ruj, Sushmita, and Amiya Nayak. "A decentralized security framework for data aggregation and access control in smart grids." IEEE transactions on
smart grid 4.1 (2013): 196-205. [10] Wang, Changji, and Jianfa Luo. "An efficient key-policy attribute-based encryption scheme with constant ciphertext length." Mathematical Problems in
Engineering 2013 (2013).
[11] Hu, Vincent C., et al. "Guide to attribute-based access control (ABAC) definition and considerations (draft)." NIST special publication 800.162 (2013). [12] Choi, Chang, Junho Choi, and Pankoo Kim. "Ontology-based access control model for security policy reasoning in cloud computing." The Journal of
Supercomputing 67.3 (2014): 711-722.
[13] Chen, Hongsong, Bharat Bhargava, and Fu Zhongchuan. "Multilabels-based scalable access control for big data applications." IEEE Cloud Computing 1.3 (2014): 65-71.
[14] Su, Jinshu, et al. "ePASS: An expressive attribute-based signature scheme with privacy and a unforgeability guarantee for the Internet of Things." Future
Generation Computer Systems 33 (2014): 11-18. [15] Durairaj, M., and T. S. Poornappriya. "Importance of MapReduce for Big Data Applications: A Survey." Asian Journal of Computer Science and