PRIVACY PROTECTION BASED ACCESS CONTROL SCHEME IN CLOUD-BASED SERVICES
ABSTRACT:
With the quick advancement of PC innovation, cloud-based administrations have turned into a hotly debated issue. They furnish clients with comfort, as well as bring numerous security issues, for example, information sharing and protection issue. In this paper, we show an entrance control framework with benefit detachment in view of security insurance (PS-ACS). In the PS-ACS plot, we isolate clients into a private area (PRD) and open space (PUD) legitimately. In PRD, to accomplish read get to authorization and compose get to consent, we embrace the Key-Aggregate Encryption (KAE) and the Improved Attribute-based Signature (IBS) separately. In PUD, we build another multi-specialist ciphertext approach quality based encryption (CP-ABE) conspire with productive decoding to stay away from the issues of single purpose of disappointment and entangled key conveyance, and plan a proficient property repudiation strategy for it. The investigation and reproduction result demonstrates that our plan is practical and better than ensure clients’ security in cloud-based administrations.
Existing System:
- The trait based access control empowers information distributors to characterize information get to approaches without knowing what number of clients in the framework previously.
- The most critical preferred standpoint is that just a single duplicate of the scrambled information is created in attribute-based get to control. Since ABE can be utilized to ensure information security, naturally it can likewise be connected to ensure membership security.
- A clear strategy is to scramble membership trapdoor by utilizing ABE with another arrangement of parameters. In any case, this technique requires the expert, who is in charge of quality administration and key age in an ABE framework, to create labels for each distributed information or trapdoors for every datum endorser.
Proposed System
This may cause a tremendous overhead on the expert particularly in huge scale cloud frameworks, where membership trapdoors might be every now and again created/refreshed. Therefore, one test is the manner by which to “coordinate” membership arrangement registering with quality based access control of the distributed information, rather than utilizing another arrangement of ABE parameters.
CONCLUSIONS
In this paper, we propose access control system (PS-ACS), which is privilege separation based on privacy protection. Through the analysis of cloud environment and the characteristics of the user, we divide the users into personal domain (PSD) and public domain(PUD) logically. In the PSD, the KAE algorithm is applied to implement users read access permissions and greatly improved efficiency. The IABS scheme is employed to achieve the write permissions and the separation of read and write permissions to protect the privacy of the user’s identity. In the PUD, we use the HABE scheme to avoid the issues of single point of failure and to achieve data sharing. Furthermore, the paper analyzes the scheme from security and efficiency, and the simulation results are given. By comparing with the MAH-ABE scheme, the proposed scheme shows the feasibility and superiority to protect the privacy of data in cloud-based services.
REFERENCES
[1] S. Yu, C. Wang, K. Ren, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” Proc. IEEE INFOCOM, pp. 1-9, 2010.
[2] J. Bethencourt, A. Sahai, B. Waters, “Ciphertext-policy attribute-based encryption,” Proc. Security and Privacy, pp. 321-334, 2007.
[3] J. Hur, D.K. Noh, “Attribute-based access control with efficient revocation in data outsourcing systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 7 pp. 1214-1221, 2011.
[4] A. Lewko, B. Waters, “Decentralizing attribute-Based encryption,” Proc. Advances in Cryptology-EUROCRYPT, pp. 568-588, 2011.
[5] M. Li, S. Yu, Y. Zheng, “Scalable and secure sharing of personal health records in cloud computing using attribute-Based Encryption,” IEEE Transactions on Parallel and Distributed System, vol. 24, no. 1, pp. 131- 143, 2013.
[6] C.K. Chu, S.S.M. Chow, W.G. Tzeng, “Key-aggregate cryptosystem for scalable data sharing in cloud storage,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 2, pp.468-477, 2014.
[7] J. Li, K. Kim, “Hidden attribute-based signatures without anonymity revocation,” Information Sciences, vol. 180, no. 9, pp. 1681-1689, 2010.
[8] H.K. Maji, M. Prabhakaran, M. Rosulek, “Attribute-Based Signatures,” Proc. Topics in Cryptology – CT-RSA, pp. 376-392, 2011.
[9] S. Kumar, S. Agrawal, S. Balaraman, “Attribute based signatures for bounded multi-level threshold circuits,” Proc. Public Key Infrastructures, Services and Applications, pp. 141-154, 2011.