Achieving Secure And Scalable Cloud computing
- 1. P R E S E N T A T I O N O N ACHIEVING SECURE, SCALABLE, AND FINE-GRAINED DATA ACCESS CONTROL IN CLOUD COMPUTING P.S.G.V.P.M’s D.N.Patel C.O.E. Shahada Department Of Computer & IT GUIDED BY: PROF.V.T.PATIL PRESENTED BY: GIRASE KIRAN V. RAJPUT NILESH D. {COMPUTER SCIENCE}
- 2. Contents INTRODUCTION LITERATURE SURVEY ARCHITECTURE WORKING MODULE DESCRIPTION UML DIAGRAMS ADVANTAGES DISADVANTAGES CONCLUSION REFERENCES 2 DEPARTMENT OF COMPUTER & IT 2014-15
- 3. INTRODUCTION Cloud computing is a promising computing paradigm which recently has drawn extensive attention from both academia and industry. By combining a set of existing and new techniques from research areas such as Service-Oriented Architectures (SOA) and virtualization, cloud computing is regarded as such a computing paradigm in which resources in the computing infrastructure are provided as services over the Internet. The proposed scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. 3 DEPARTMENT OF COMPUTER & IT 2014-15
- 4. DEPARTMENT OF COMPUTER & IT 2014-15 4 Data security, as it exists in many other applications, is among these challenges that would raise great concerns from users when they store sensitive information on cloud servers. These concerns originate from the fact that cloud servers are usually operated by commercial providers which are very likely to be outside of the trusted domain of the users. The owner enjoy fine-grained access control of data stored on cloud servers, a feasible solution would be encrypting data through certain cryptographic primitive(s), and disclosing decryption keys only to authorized users.
- 5. LITERATURE SURVEY This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine- grained data access control to cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute- based encryption (ABE), proxy re-encryption, and lazy re- encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. This Paper presents more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. 5 DEPARTMENT OF COMPUTER & IT 2014-15
- 6. ARCHITECTURE OF CLOUD COMPUTING DEPARTMENT OF COMPUTER & IT 2014-15 6
- 7. WORKING DEPARTMENT OF COMPUTER & IT 2014-15 7 we consider a cloud data system consisting of data owners, data users, Cloud Servers, and a third Party Auditor. A data owner stores his sensitive data on Cloud Servers. Users are issued attributes. To access the remote stored data files shared by the data owner, users need to download the data files from the Cloud Servers. For simplicity, we assume that the only access privilege for users is data file reading. Cloud Servers are always online and operated by Cloud Service Provider (CSP). The Third Party Auditor is also an always online party which audits every file access event. In addition, we also assume that the data owner can store data files besides running his own code on Cloud Servers to manage his data files.
- 8. MODULE DESCRIPTION DEPARTMENT OF COMPUTER & IT 2014-15 8 KP-ABE(Key Policy-Attribute Based Encryption):-It is a public key cryptography primitive for one-to-many communications. In KP-ABE, data are associated with attributes for each of which a public key component is defined. it with the corresponding public key components. Each user is assigned an access structure which is usually defined as an access tree over data attributes.
- 9. DEPARTMENT OF COMPUTER & IT 2014-15 9 Setup This algorithm takes as input a security parameter κ and the attribute universe U = {1, 2, . . .,N} of cardinality N. It defines a bilinear group G1 of prime order p with a generator g, a bilinear map e : G1 × G1 → G2 which has the properties of bilinearity, computability, and non-degeneracy. It returns the public key PK as well as a system master key MK as follows: PK = (Y, T1, T2, . . . , TN) MK = (y, t1, t2, . . . , tN) where Ti ∈ G1 and ti ∈ Zp are for attribute i, 1 ≤ i ≤ N, and Y ∈ G2 is another public key component. While PK is publicly known to all the parties in the system, MK is kept as a secret by the authority party.
- 10. DEPARTMENT OF COMPUTER & IT 2014-15 10 Encryption: This algorithm takes a message M, the public key PK, and a set of attributes I as input. It outputs the cipher text E with the following format: E = (I, ˜ E, {Ei}i ) where ˜E = MY, Ei = Ti. Secret key generation: This algorithm takes as input an access tree T, the master key MK, and the public key PK. It outputs a user secret key SK as follows. SK = {ski} Decryption: This algorithm takes as input the cipher text E encrypted under the attribute set U, the user’s secret key SK for access tree T, and the public key PK. Finally it output the message M if and only if U satisfies T.
- 11. UML Diagrams 1.USE CASE DEPARTMENT OF COMPUTER & IT 2014-15 11
- 12. 2.CLASS DIAGRAM DEPARTMENT OF COMPUTER & IT 2014-15 12
- 13. 3.SEQUENCE DIAGRAM DEPARTMENT OF COMPUTER & IT 2014-15 13
- 14. ADVANTAGES DEPARTMENT OF COMPUTER & IT 2014-15 14 Low initial capital investment Shorter start-up time for new services Lower maintenance and operation costs Higher utilization through virtualization Easier disaster recovery
- 15. DISADVANTAGES DEPARTMENT OF COMPUTER & IT 2014-15 15 • Software update could change security settings, assigning privileges too low • Security concerns Control of your data/system by third-party
- 16. Conclusion DEPARTMENT OF COMPUTER & IT 2014-15 16 This paper constructs an ABE based cryptography scheme for implementing fine-grained access control for cloud computing. The constructed scheme enables user accoutability, which can be used to prevent illegal key usages. we identify the need for fine-grained access control in cloud computing. we achieve user accountability by inserting user specific information into users’ attribute private keys. we perform a comprehensive security analysis with respect to data confidentiality and finegrained access control.
- 17. DEPARTMENT OF COMPUTER & IT 2014-15 17
- 18. REFERENCES DEPARTMENT OF COMPUTER & IT 2014-15 18 M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski,G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” University of California, Berkeley, Tech. Rep. USB- EECS-2009-28, Feb 2009. Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public verifiability and data dynamics for storage security in cloud computing,” in Proc. of ESORICS ’09, 2009. L. Youseff, M. Butrico, and D. D. Silva, “Toward a unified ontology of cloud computing,” in Proc. of GCE’08, 2008.
- 19. Any Questions ? DEPARTMENT OF COMPUTER & IT 2014-15 19
Editor's Notes
- #14: CE