IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage

International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 06 Issue: 12 | Dec 2019 www.irjet.net p-ISSN: 2395-0072
© 2019, IRJET | Impact Factor value: 7.34 | ISO 9001:2008 Certified Journal | Page 610
EFFICIENT TRACEABLE AUTHORIZATION SEARCH SYSTEM
FOR SECURE CLOUD STORAGE
L. Padmaja1, M. Jagadish2
1M. Tech Student, Dept. of Computer Science & Engineering, LIMAT, Andhra Pradesh, India
2Assistant Professor, Dept. of Computer Science & Engineering, LIMAT, Andhra Pradesh, India
----------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - Secure search over encrypted remote data is
crucial in cloud computing to guarantee the data privacy and
usability. To prevent unauthorized data usage, fine-grained
access control is necessary in multi-user system. However,
authorized user may intentionally leak the secret key for
financial benefit. Thus, tracing and revoking the malicious
user who abuses secret key needs to be solved imminently. In
this paper, we propose an escrow free traceable attribute
based multiple keywords subset search system with verifiable
outsourced decryption (EF-TAMKS-VOD).
The key escrow free mechanism could effectively
prevent the key generation centre (KGC) from unscrupulously
searching and decrypting all encrypted files of users. Also, the
decryption process only requires ultra lightweight
computation, which is a desirable feature for energy-limited
devices. In addition, efficient user revocation is enabled after
the malicious user is figured out. Moreover, the proposed
system is able to support flexible number of attributes rather
than polynomial bounded.
Flexible multiple keyword subset search pattern is realized,
and the change of the query keywordsorder doesnotaffectthe
search result. Security analysis indicates that EF-TAMKS-VOD
is provably secure. Efficiencyanalysisandexperimentalresults
show that EF-TAMKS-VOD improves the efficiencyandgreatly
reduces the computation overhead of users’ terminals.
Key Words: Secure, files, user, system, efficient
1. INTRODUCTION
With the development of new computing paradigm, cloud
computing becomes the most notable one, which provides
convenient, on-demand services from a shared pool of
configurable computing resources. Therefore, an increasing
number of companies and individuals prefer to outsource
their data storage to cloud server. Despite the tremendous
economic and technical advantages, unpredictable security
and privacy concerns become the most prominent problem
that hinders the widespread adoption of data storage in
public cloud infrastructure. Encryption is a fundamental
method to protect data privacy in remote storage .However,
how to effectively execute keyword search for plaintext
becomes difficult for encrypteddata duetotheunreadability
of ciphertext. Searchable en-cryptionprovidesmechanismto
enable keyword search over encrypted data For the file
sharing system, such as multi-owner multiuser scenario,
fine-grained search authorization is a desirable function for
the data owners to share their private data with other
authorized user. However, most of the available systems
require the user to perform a large amount of complex
bilinear pairing operations. These overwhelmed
computations become a heavy burden for user’s terminal,
which is especially serious for energy constrained devices.
The outsourced decryption method allows user to recover
the message with ultra lightweight decryption.However, the
cloud server might return wronghalf-decryptedinformation
as a result of malicious attack or systemmalfunction.Thus,it
is an important issue to guarantee the correctness of
outsourced decryption in public key encryption with
keyword search (PEKS) system. The authorized entities may
illegally leak their secret key to a third party for profits.
Suppose that a patient someday suddenly finds out that a
secret key corresponding his electronic medical data is sold
on e-Bay. Such despicable behavior seriously threatens the
patient’s data privacy. Even worse, if the private electronic
health data that contain serious health disease is abused by
the insurance company or the patient’s employment
corporation, the patient would be declined to renew the
medical insurance or labor contracts.
The intentional secret key leakage seriously underminesthe
foundation of authorized access control and data privacy
protection. Thus, it is extremely urgent to identify the
malicious user or even prove it in a court of justice. In
attribute based access control system, the secret key of user
is associated with a set of attributes rather than individual’s
identity. As the search and decryption authority can be
2168-7161 (c) 2018 IEEE. Personal use is permitted, but
republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/r
ights/index.html for more information. This articlehasbeen
accepted for publication in a future issue of this journal, but
has not been fully edited. Content may change prior to final
publication. Citation information: DOI
10.1109/TCC.2018.2820714, IEEE Transactions on Cloud
Computing IEEE TRANSACTIONS ON CLOUD COMPUTING 2
shared by a set of users who own the same set of attributes,
it is hard to trace the original key owner. Providing
traceability to a fine-grained search authorization system is
critical and not considered in previous searchable
encryption systems. More importantly, in the original
definition of PEKS scheme, key generation centre (KGC)
generates all the secret keys in the system, which inevitably
leads to the key escrow problem. That is, the KGC knows all
the secret keys of the users and thus can unscrupulously

search and decrypt on all encrypted files, which is a
significant threat to data security and privacy. Beside, the
key escrow problem brings another problem when
traceability ability is realized in PEKS. If a secretkeyisfound
to be sold and the identity of secret key’s owner (i.e., the
traitor) is identified, the traitor may claimthatthesecretkey
is leaked by KGC. There is no technical methodtodistinguish
who is the true traitor if the key escrow problem is not
solved.
1.2 Searchable Encryption:
Searchable encryption enables keyword search over
encrypted data. The concept of public key encryption with
keyword search (PEKS) was proposed by Boneh et al, which
is important in protecting the privacy of outsourced data.
Data owners in PEKS schemes store their files in encrypted
form in the remote untrusted data server. The data users
query to search on the encrypted files by generating a
keyword trapdoor, and the data server executes the search
operation. Waters et al. showed that PEKS schemes could be
utilized to construct searchable audit logs.
Later, Xu et al. presented a general framework to combine
PEKS and fuzzy keyword search without concrete
construction. Tang proposed a multiparty searchable
encryption scheme together with a bilinear pairing based
scheme. In 2016, Chen et al. introduced the concept “dual-
server” into PEKS to resist off-line keyword guessing attack.
Yang et al. introduced time-release and proxy reencryption
method to PEKS scheme in order to realize time controlled
authority delegation. Wang et al. proposed a ranked
keyword search scheme for searchable symmetric
encryption, in which the order-preserving symmetric
encryption is utilized. Cao et al. designed a novel system to
realize multiple keyword ranked search. Searchable
encryption is also further studied
1.3 ABE:
ABE is an important method to realize fine-grained data
sharing. In ABE schemes, descriptive attributes and access
policies are associated with attribute secret keys and
ciphertexts. A certain secret key can decrypt a cipher text if
and only if the associated attributes and the access policy
match each other. The notion of ABE was proposed by Sahai
et al. in 2005. According to whether the accesscontrol policy
associates with the ciphertext or the secret key, ABE
schemes can be classified into ciphertext-policy ABE (CP-
ABE) and key-policyABE(KP-ABE).SincetheSahai’sseminal
work, ABE based access control becomes a research focus
.Considering the challenges in expressing access control
policy, ABE scheme with non-monotonic access structure is
proposed. ABE systems with constant size cipher text are
constructed to reduce the storage overhead. In order to
accelerate the decryption, researchers make effort to speed
up the decryption algorithm. Decentralized ABE is
investigated in which multiple authorities work
independently without collaboration.
1.4 Traitor Tracing:
Traitor tracing was introduced by Chor et al. to help content
distributors identifying pirates. In the digital content
distribution system, there is no way to prevent a legitimate
user to give (or sell) his decryption key to the others.Traitor
tracing mechanism helps the distributor to find out the
misbehaved user by running “tracing” algorithm so that he
could take legal action against the owner oftheleakedsecret
key. Later, traitor tracing mechanism is introduced to
broadcast encryption, where a sender is able to generate
ciphertext and only the users in the designated receiver set
can decrypt. The traceability function enables the
broadcaster to identify the traitor, and prevents the
authorized users from leaking their keys. The approach is to
give each user a distinct set of keys, which is deemed as
“watermark” for tracing. Traceability is further investigated
for broadcast encryption in. In CP-ABE scheme, secret keys
are not defined over identities. Instead, they are associated
with a set of attributes. Multiple users may share the same
set of attributes. This brings convenience to expressive
access control. However, given a leaked secret key, it is
impossible to figure out the original key ownerintraditional
ABE system. It means that the malicious user, who sells his
secret key, almost has little risk of being identified. The
traceability problem in CP-ABE is studied.
2. PROPOSED SYSTEM:
 Flexible System Extension: We propose an
efficient system which supports flexible system
extension, which accommodates flexible numberof
attributes. The attributes are notfixedinthesystem
initialization phase and the size of attribute set is
not restricted to polynomially bound, so that new
attribute can be added to the system at any time.
 Moreover, the size of public parameter does not
grow with the number of attributes. No matter how
many attributes are supported in the system, no
additional communication nor storage costs is
brought to the system. This feature is desirable for
the cloud system for its ever increasing user
volume.
 Efficient Verifiable Decryption. We propose a
system which adopts the outsouced decryption
mechanism to realize efficient decryption. Most of
the decryption computation are outsourced to the
cloud server, and the data user is able to complete
the final decryption with an ultra lightweight
computation. Moreover,the correctnessofthecloud
server’s partial decryption computation can be
verified by the user.
 Efficient User Revocation. Oncea userisidentified
as traitor throughtracingalgorithm,systemrevokes
this malicious user from the authorized group.
Compared with the existing scheme this revocation
mechanism has much better efficiency.

2.1 ADVANTAGES
 Flexible System Extension:
 Efficient Verifiable Decryption.
 Efficient User Revocation.
 Traceability of Abused Secret Key.
3. GOALS:
The Primary goals in the design of the UML are as
follows:
1. Provide users a ready-to-use, expressive visual
modeling Language so that they can develop and
exchange meaningful models.
2. Provide extendibility and specialization
mechanisms to extend the core concepts.
3. Be independent of particular programming
languages and development process.
4. Provide a formal basis for understanding the
modeling language.
5. Encourage the growth of OO tools market.
6. Support higher level development concepts suchas
collaborations, frameworks, patterns and
components.
7. Integrate best practices.
3.1 USE CASE DIAGRAM:
A use casediagramintheUnifiedModelingLanguage
(UML) is a type of behavioral diagram defined byandcreated
from a Use-case analysis. Its purpose is topresentagraphical
overview of the functionality provided by a system in terms
of actors, their goals (represented as use cases), and any
dependencies between those use cases. The main purpose of
a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system
can be depicted.
4. SYSTEM IMPLEMENTATION
4.1 MODULES:-
 Key generation centre (KGC).
 Cloud server (CS).
 Data owner.
 Data user.
4.2 MODULES DESCRIPTION:-
Key generation centre (KGC):
KGC is responsible to generate the public parameter for the
system and the public/secret key pairs for the users. Once
the user’s secret key is leaked for profits or other purposes,
KGC runs trace algorithm to find the malicioususer.After the
traitor is traced, KGC sends user revocation request to cloud
server to revoke the user’s search privilege.
Cloud server (CS):
Cloud server has tremendous storage space and powerful
computing capability, which provides on-demand service to
the system. Cloud server is responsible to store the data
owner’s encrypted files and respond on data user’s search
query.
Data owner:
Data owner utilizes the cloud storage service to store the
files. Before the data outsourcing, the data owner extracts
keyword set from the file and encrypts it into secure index.
The document is also encrypted to cipher text. During the
encryption process, the access policy is specified and
embedded into the cipher text to realize fine grained access
control.
Data user:
Each data user has attribute set to describe his
characteristics, such as professor, computer ScienceCollege,
dean, etc. The attribute set is embedded into user’s secret
key. Using the secret key, data user is able to search on the
encrypted files stored in the cloud, i.e., chooses a keyword
set that he wants to search. Then, the keyword is encrypted
to a trapdoor using user’s secret key. If the user’s attribute
set satisfies the access policy defined in the encrypted files,
the cloud server responds on user’s search query and finds
the match files. Otherwise, the search queryisrejected.After
the match files are returned, the user runs decryption
algorithm to recover the plaintext
USER ACTIVATION:
Fig -1: User activation

OWNER ACTIVATION:
Fig -2: Owner activation
SENDING KEYS:
Fig -3: Sending keys
FILE INFORMATION:
Fig -4: File Information
MALICIOUS USER BLOCKING:
Fig -5: Malicious User Blocking
MALICIOUS USER UNBLOCKING:
Fig -6: Malicious User unBlocking
OTP:
Fig -7: OTP
FILE DOWNLOAD:
Fig -8: File Download
5. CONCLUSION
The enforcement of access control and the support of
keyword search are important issuesinsecurecloudstorage
system. In this work, we defined a new paradigm of
searchable encryption system, and proposed a concrete
construction. It supports flexible multiple keywords subset
search, and solves the key escrow problem during the key
generation procedure. Malicious user who sells secret key
for benefit can be traced. The decryption operation is partly
outsourced to cloud server and the correctness of half-
decrypted result can be verified by data user. The
performance analysis and simulation show its efficiency in
computation and storage overhead. Experimental results
indicate that the computation overhead at user’s terminal is

significantly reduced, which greatly saves the energy for
resource-constrained devices of users.
REFERENCES
[1] C. Wang, N. Cao, J. Li, K. Ren, W. Lou. “Secure ranked
keyword search over encrypted cloud data”[C]//IEEE 30th
International Conference on DistributedComputingSystems
(ICDCS), IEEE, 2010: 253-262.
[2] Q. Zhang, L. T. Yang, Z. Chen, P. Li, M. J. Deen. “Privacy-
preserving Double-ProjectionDeepComputationModel with
Crowd sourcing on Cloud for Big Data Feature Learning,”
IEEE Internet of Things Journal, 2017, DOI:
10.1109/JIOT.2017.2732735.
[3] R. Chen, Y. Mu, G. Yang, F. Guo and X. Wang, “Dual-Server
Public- Key Encryption with Keyword Search for Secure
Cloud Storage,” IEEE Transactions on InformationForensics
and Security, 2016, vol.11, no. 4, 789-798.
[4] X. Liu, R.H. Deng, K.K.R. Choo, J. Weng. ”An efficient
privacy preserving outsourced calculation toolkit with
multiple keys.” IEEE Transactions on Information Forensics
and Security 11 (2016): 2401-2414.
[5] B. R. Waters, D. Balfanz, G. Durfee, and D. K. Smetters,
“Building an encrypted and searchable audit log,” in NDSS,
2004.
[6] Y. Yang, X. Liu, R.H. Deng, “Multi-user Multi-Keyword
Rank Search over Encrypted Data in Arbitrary Language”.
IEEE Transactions on Dependable and Secure Computing,
2018, publish online, DOI: 10.1109/TDSC.2017.2787588.
[7] W. Sun, S. Yu, W. Lou, Y. Hou and H. Li, “Protecting Your
Right: Verifiable Attribute-based Keyword Search with
Finegrained Owner-enforced Search Authorization in the
Cloud,” IEEE Transactions on Parallel and Distributed
Systems, 2016, vol. 27, no.4, pp. 1187-1198.
[8] K. Liang, W. Susilo, “Searchable Attribute-Based
Mechanism with Efficient Data Sharing for Secure Cloud
Storage,” IEEE Transactions on Information Forensics and
Security, 2015, vol. 10, no. 9, pp. 1981-1992.
[9] M. Green, S. Hohenberger, andB.Waters,“Outsourcingthe
decryption of ABE ciphertexts,” in USENIX Security
Symposium, ACM, 2011, pp. 34-34.
[10] J. Lai, R. H. Deng, C. Guan, and J. Weng, “Attribute-based
encryption with verifiable outsourced decryption,” IEEE
Transactions on Information Forensics and Security, 2013,
vol. 8, no. 8, pp. 1343-1354.
[11] B. Qin, R. H. Deng, S. Liu, and S. Ma, “Attribute-Based
Encryption with EfficientVerifiableOutsourcedDecryption,”
IEEE Transactions on Information Forensics and Security,
2015, vol. 10, no. 7, pp. 1384-1394.
[12] D. Boneh, G. D. Crescenzo, R. Ostrovsky, andG.Persiano,
“Public key encryption with keyword search,” in:
EUROCRYPT, 2004, pp.506-522.
[13] Z. Liu, Z. Cao, D.S. Wong, “White-box traceable
ciphertext-policy attribute-basedencryptionsupporting any
monotone access structures,” IEEE Transactions on
Information Forensics andSecurity,2013,vol.8,no.1,pp. 76-
88.
[14] J. Ning, X. Dong, Z. Cao, L. Wei, X. Lin, “White-Box
Traceable Ciphertext-Policy Attribute-Based Encryption
Supporting Flexible Attributes,” IEEE Transactions on
Information Forensics and Security,2015, vol. 10, no. 6, pp.
1274-1288.
[15] Z. Liu, Z. Cao, D.S. Wong, “Traceable CP-ABE: how to
trace decryption devices found in the wild,” IEEE
Transactions on Information Forensics and Security, 2015,
vol. 10, no. 1, pp. 55-68.
[16] D. Boneh and B. Waters, “Conjunctive, subset,andrange
queries on encrypted data,” in: 4th Theory Cryptogrophy
Confonference, 2007, vol. 4392, pp. 535-554.
[17] P. Xu, H. Jin, Q. Wu and W. Wang,“Public-KeyEncryption
with Fuzzy Keyword Search: A Provably Secure Scheme
under Keyword Gusssing Attack,” IEEE Transactions on
Computers, 2013, vol. 62, no. 11, 2266-2277.
[18] Q. Tang, “Nothing is for Free: Security in Searching
Shared and Encrypted Data,” IEEE Transactions on
Information Forensics and Security, 2014, vol. 9, no. 11,
1943-1952.
[19] Y. Yang and M. Ma, “Conjunctive Keyword Search With
Designated Tester and Timing Enabled ProxyRe-Encryption
Function for E-Health Clouds,” IEEE Transactions on
Information Forensics and Security, 2016,vol.11,no.4,746-
759.
[20] B. Zhang, F. Zhang, “An efficient public key encryption
with conjunctive-subset keywords search,” Journal of
Network and Computer Applications, 2011, vol.34,no.1, pp.
262-267.
BIOGRAPHIES
Mrs. L. Padmaja done her
graduation in Vishnu College. She
Published four papers in various
Journals.
Mr. M. Jagadish guided 5 master
projects and 12 UG projects. He
published 10 papers in various
Journals.

IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage

More Related Content

What's hot (20)

Similar to IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage (20)

More from IRJET Journal (20)

Recently uploaded (20)

IRJET- Efficient Traceable Authorization Search System for Secure Cloud Storage