A Secure
Anti-Collusion Data Sharing Scheme for Dynamic Groups in the Cloud
Abstract:
Benefited from cloud computing, users can achieve an effective and
economical approach for data sharing among group members in the cloud with the
characters of low maintenance and little management cost. Meanwhile, we must
provide security guarantees for the sharing data files since they are
outsourced. Unfortunately, because of the frequent change of the membership,
sharing data while providing privacy-preserving is still a challenging issue,
especially for an untrusted cloud due to the collusion attack. Moreover, for
existing schemes, the security of key distribution is based on the secure
communication channel, however, to have such channel is a strong assumption and
is difficult for practice. In this paper, we propose a secure data sharing
scheme for dynamic members. Firstly, we propose a secure way for key
distribution without any secure communication channels, and the users can
securely obtain their private keys from group manager. Secondly, our scheme can
achieve fine-grained access control, any user in the group can use the source
in the cloud and revoked users cannot access the cloud again after they are
revoked. Thirdly, we can protect the scheme from collusion attack, which means
that revoked users cannot get the original data file even if they conspire with
the untrusted cloud. In our approach, by leveraging polynomial function, we can
achieve a secure user revocation scheme. Finally, our scheme can achieve fine
efficiency, which means previous users need not to update their private keys
for the situation either a new user joins in the group or a user is revoked
from the group.
Existing
System
In cloud computing, users can achieve an
effective and economical approach for data sharing among group members in the
cloud with the characters of low maintenance and little management cost.
Meanwhile, we must provide security guarantees for the sharing data files since
they are outsourced. Unfortunately, because of the frequent change of the
membership, sharing data while providing privacy-preserving is still a
challenging issue, especially for an untrusted cloud due to the collusion
attack. Moreover, for existing schemes, the security of key distribution is
based on the secure communication channel, however, to have such channel is a
strong assumption and is difficult for practice
Proposed System
proposed a secure provenance scheme by leveraging group signatures and
ciphertext-policy attribute-based encryption techniques [9]. Each user obtains
two keys after the registration while the attribute key is used to decrypt the
data which isencrypted by the attribute-based encryption and the group
signature key is used for privacy-preserving and traceability. However, the
revocation is not supported in this scheme. We describe the main design goals of the
proposed scheme including key distribution, data confidentiality, access
control and efficiencywe propose a secure way for key distribution without any
secure communication channels, and the users can securely obtain their private
keys from group manager. Secondly, our scheme can achieve fine-grained access
control, any user in the group can use the source in the cloud and revoked users
cannot access the cloud again after they are revoked. Thirdly, we can protect
the scheme from collusion attack, which means that revoked users cannot get the
original data file even if they conspire with the untrusted cloud. In our
approach, by leveraging polynomial function, we can achieve a secure user
revocation scheme. Finally, our scheme can achieve fine efficiency, which means
previous users need not to update their private keys for the situation either a
new user joins in the group or a user is revoked from the group.
Problem Statement
Data confidentiality requires that unauthorized users including the
cloud are incapable of learning the content of the stored data. To maintain the
availability of data confidentiality for dynamic groups is still an important
and challenging issue. Specifically, revoked users are unable to decrypt the
stored data file after the revocation.
Scope
Cloud computing, users can achieve an
effective and economical approach for data sharing among group members in the
cloud with the characters of low maintenance and little management cost.
Meanwhile, we must provide security guarantees for the sharing data files since
they are outsourced. Unfortunately, because of the frequent change of the
membership, sharing data while providing privacy-preserving is still a
challenging issue, especially for an untrusted cloud due to the collusion
attack. Moreover, for existing schemes, the security of key distribution is
based on the secure communication channel, however, to have such channel is a
strong assumption and is difficult for practice. In this paper, we propose a
secure data sharing scheme for dynamic members. Firstly, we propose a secure
way for key distribution without any secure communication channels, and the
users can securely obtain their private keys from group manager. Secondly, our
scheme can achieve fine-grained access control, any user in the group can use
the source in the cloud and revoked users cannot access the cloud again after
they are revoked. Thirdly, we can protect the scheme from collusion attack,
which means that revoked users cannot get the original data file even if they
conspire with the untrusted cloud. In our approach, by leveraging polynomial
function, we can achieve a secure user revocation scheme. Finally, our scheme
can achieve fine efficiency, which means previous users need not to update
their private keys for the situation either a new user joins in the group or a
user is revoked from the group. our scheme is able to support dynamic groups
efficiently, when a new user joins in the group or a user is revoked from the
group, the private keys of the other users do not need to be recomputed and
updated. Moreover, our scheme can achieve secure user revocation, the revoked
users can not be able to get the original data files once they are revoked even
if they conspire with the untrusted cloud.
Implementation of modules
Group Manager: Group manager takes charge of system
parameters generation, user registration, and user revocation. In the practical
applications, the group manager usually is the leader of the group. Therefore,
we assume that the group manager is fully trusted by the other parties.
Group members: Group members (users) are a set of registered
users that will store their own data into the cloud and share them with others.
In the scheme, the group membership is dynamically changed, due to the new user
registration and user revocation.
We describe the main design goals of the
proposed scheme including key distribution, data confidentiality, access
control and efficiency as follows:
Key
Distribution: The
requirement of key distribution is that users can securely obtain their private
keys from the group manager without any Certificate Authorities. In other
existing schemes, this goal is achieved by assuming that the communication channel
is secure, however, in our scheme, we can achieve it without this strong
assumption.
Access
control: First, group
members are able to use the cloud resource for data storage and data sharing.
Second, unauthorized users cannot access the cloud resource at any time, and
revoked users will be incapable of using the cloud resource again once they are
revoked.
Data
confidentiality: Data
confidentiality requires that unauthorized users including the cloud are
incapable of learning the content of the stored data. To maintain the
availability of data confidentiality for dynamic groups is still an important
and challenging issue. Specifically, revoked users are unable to decrypt the
stored data file after the revocation.
Efficiency: Any group member can store and share data
files with others in the group by the cloud. User revocation can be achieved
without involving the others, which means that the remaining users do not need
to update their private keys.
Cloud
module: cloud module
plays an important role ,group managers upload some files into cloud those
files are stored in encrypted format because
a secure access control scheme on encrypted data in cloud storage by
invoking role-based encryption technique. It is claimed that the scheme can
achieve efficient user revocation that combines role-based access control
policies with encryption to secure large data storage in the cloud.
Unfortunately, the verifications between entities are not concerned, the scheme
easily suffer from attacks, for example, collusion attack. Finally, this attack
can lead to disclosing sensitive data files. The cloud, maintained by the cloud service providers,
provides storage space for hosting data files in a pay-as-you-go manner.
However, the cloud is untrusted since the cloud service providers are easily to
become untrusted. Therefore, the cloud will try to learn the content of the
stored data.
Algorithm:
we propose a secure data sharing scheme, which can achieve secure key
distribution and data sharing for dynamic group. The below steps are included
in this algorithms,
1. We provide a secure way for key
distribution without any secure communication channels. The users can securely
obtain their private keys from group manager without any Certificate
Authorities due to the verification for the public key of the user.
2. Our
scheme can achieve fine-grained access control, with the help of the group user
list, any user in the group can use the source in the cloud and revoked users
cannot access the cloud again after they are revoked.
3. We
propose a secure data sharing scheme which can be protected from collusion
attack. The revoked users can not be able to get the original data files once
they are revoked even if they conspire with the untrusted cloud. Our scheme can
achieve secure user revocation with the help of polynomial function.
4. Our
scheme is able to support dynamic groups efficiently, when a new user joins in
the group or a user is revoked from the group, the private keys of the other
users do not need to be recomputed and updated.
5. We
provide security analysis to prove the security of our scheme. In addition, we
also perform simulations to demonstrate the efficiency of our scheme.
Conclusion:
we design a secure anti-collusion data
sharing scheme for dynamic groups in the cloud. In our scheme, the users can
securely obtain their private keys from group manager Certificate Authorities
and secure communication channels. Also, our scheme is able to support dynamic
groups efficiently, when a new user joins in the group or a user is revoked
from the group, the private keys of the other users do not need to be
recomputed and updated. Moreover, our scheme can achieve secure user revocation,
the revoked users can not be able to get the original data files once they are
revoked even if they conspire with the untrusted cloud.
Comments
Post a Comment