Printer Friendly

Data sharing for dynamic groups using GDH and TGDH in public cloud.

INTRODUCTION

In the recent years the technology has been growing and there may be tremendous changes in applications and services for various domains. Cloud Computing refers the applications delivered as services over the Internet and the hardware and systems software in the data centres that provide those services. It provide efficient access to personal files and data from any computer with internet access. This technology allows much more efficient computation by centralizing storage, memory and processing. Data security and privacy becomes more important when using cloud computing. Data owners outsource their data to the cloud for the reasons of economy, scalability and efficient accessibility. To satisfy the need for data storage and high performance computation, many cloud computing service providers have appeared, such as Amazon Simple Storage Service (Amazon S3), Google App Engine, Microsoft Azure, Dropbox and so on. There are two obvious advantages to store data in Cloud Servers: 1) The data owners save themselves out from the trouble of buying extra storage servers and hiring server management engineers 2) It is easy to data owner to share their data with intended recipients when the data is stored in the cloud. The cloud usually managed and maintained by cloud provider who considered as semi-trusted third party. So, Data owners will be a need to encrypt the data stored at cloud. Only authorized members can download it and decrypt them with given keys. Several security schemes for data sharing an untrusted servers have been proposed [4], [5]. In these approaches, data owners can store the encrypted data files in untrusted storage and distribute the corresponding decryption keys only available to authorized users. Thus, the unauthorized users as well as storage servers cannot learn the content of the data files because they have no knowledge of the decryption keys. Here the problem is how to update and distribute session keys among group members and also support to forward and backward secrecy. Group Key Agreement means that multiple parties want to create a common secret key to be used to exchange information securely.

Furthermore, group key agreement also needs to address the security issue related to membership changes (join or leave the group). The membership changes requires frequent changes of group key. This can be done either periodically or updating every membership changes. The changed group key ensures backward and forward secrecy. With frequent changes in group membership, the recent researches began to pay more attention on the efficiency of group key update. Here Diffie-Hellman key agreement protocol is used which based on the difficulty of computing discrete logarithms of large numbers. It is a real time over untrusted network requires no prior secrets. In cloud, there is not possible to use a single group key for the entire network because of the enormous cost of computation and communication in rekeying. So, we divide the group into several subgroups [7]; let each subgroup has its subgroup key shared by all members of the subgroup. Each group has sub group controller node and gateway node, in which the sub group controller node is controller of subgroup and gateway node is controller among subgroups. Let each gateway member contribute a partial key to agree with a common Outer group key among the subgroups. In our proposed scheme, it enables the group to update the group key pairs even though not all of the group members are online together. From the security and performance analysis, the proposed scheme can achieve the design goal, and keep a lower computational complexity and communication overhead in each group members' side.

Related Work:

Group key agreement technique which supports dynamic group membership and handles network failures. And also secure against hostile eavesdroppers [6]. The decentralized group key distribution where an existing group member is dynamically selected to act as a key server. This scheme is more robust because, if there is any partition, then a new key server can be selected by the existing members in that group. But the scalability of such scheme will still be a concern because the existing node will be additionally overloaded with the key management for all group members. To overcome the disadvantages of the existing schemes, contributory group key management scheme was proposed. The idea here is that each group member contributes an equal share to the common group key thereby avoiding the single point of failure. Steiner et al. [8], [9], [10] proposed CLIQUES protocol suite that consist of group key agreement protocols for dynamic groups called Group Diffie-Hellman (GDH). It consists of three protocols GDH.1, GDH.2 and GDH.3. These protocols are similar since they achieve the same group key but the difference arises out of the computation and communication costs. There are several works for privacy preserving data sharing issue in cloud based on various tools such as attribute based encryption (ABE) [11], Hybrid encryption[3].Yongdae Kim et al. [4, 8] proposed Tree-Based Group Diffie-Hellman (TGDH) protocol, wherein each member maintains a set of keys arranged in a hierarchical binary tree [2]. TGDH is scalable and require a few rounds (O (log (n)) for key computation but their major drawback is that they require a group structure and member serialization for group formation. Group has many subgroups which are connected together in tree structure [7], So Computation load is distributed among many hosts [11]. The key trees are used to efficiently compute and update the group keys and the Diffie-Hellman key exchange is used to achieve secure and distributed protocol. In this paper, we propose a combination of two protocols which uses the GDH.2 and TGDH protocols. The GDH.2 protocols are attractive because these do not involve simultaneous broadcast and round synchronization. The costs in TGDH are moderate, when the key tree is fully balanced. Therefore, these are well suited for dynamic membership in group sharing.

Framework Structure:

A. Group formation Architecture:

Group leader (GL) create the group and make available the data to his Group members (GM). The system architecture is shown in Fig. 1. The group leader can effectively grant the access of group management to one or more chosen group members. GL promote the group member as a Group Admin (GA). The group has many subgroups. Each subgroup maintained by using Group Diffie-Hellman (GDH) and links with other subgroups using Tree-based Group Diffie-Hellman (TGDH). In combined GDH and TGDH, generate Subgroup key (SK) using GDH and generate Group key (GK) using TGDH Protocol. The binary tree used to organize the subgroups. Let N([n.sub.1], [n.sub.2], ... [n.sub.s]) be the total number of group members, and M([M.sub.1], [M.sub.2], ... [M.sub.s]) be the number of subgroup, then there will be N/M subgroups. Group formation using GDH and TGDH is shown in Fig.2.

[FIGURE 1 OMITTED]

Each subgroup has equal number of group members and it's controlled under the supervision of subgroup leader. A leader promote a group member as admin. Subgroup leader distribute the Subgroup Key (SK) and Group Key (GK) to all its group member. By using Subgroup Key (SK) the group members can communicate with in subgroup and using Group Key (GK) the group members can communicate with another subgroup member.

[FIGURE 2 OMITTED]

B. Design Considerations:

* GL Outsource Encrypted files to cloud

* Implement GDH-TGDH Protocol

* Support forward and backward secrecy

* Dynamic membership

* Manage subgroups

* Distribute computation load

* Generate Subgroup key using GDH Protocol

* Generate Group key using TGDH Protocol

* Members decrypt the files with given keys

C. Description of the Proposed Algorithm:

The aim of proposed algorithm which distribute the computation load among groups. Here we use combined GDH and TGDH for secure group sharing. It divides the group divided into subgroups, each maintain its subgroup using Group Diffie-Hellman (GDH) and links with other subgroups using Tree-based Group Diffie-Hellman (TGDH). So Computation load is distributed among many subgroups. And also support forward and backward secrecy. A group key shared by all group members is required. Whenever a member leaves or joins the group, the group key should be updated to provide forward and backward secrecy.

[FIGURE 3 OMITTED]

Forward secrecy should be guaranteed when a group member leaves, which ensure he cannot learn the new group key. Backward secrecy should be guaranteed when a newly joined members cannot learn previous group keys. GDH strongly depends on the number of current group members, since the last member in the current group becomes the sponsor or admin. The sub group controlled by sub group controller. TGDH is a distributed protocol, it requires no centralized entity to transport secret keys. All blinded keys in TGDH are public. Therefore, no secure channels are required in TGDH. TGDH provides key adjustment protocols to cope with the membership changes in any dynamic peer group. The TGDH provides protocols for members join, leave, merge, partition and key refresh. In combined GDH and TGDH, the binary tree used to organize the group members. Let N([n.sub.1], [n.sub.2], ... [n.sub.s]) be the total number of group members, and M([M.sub.1], [M.sub.2], ... [M.sub.s]) be the number of subgroup, then there will be N/M subgroups.

There are two shared keys in this group key agreement scheme. The subgroup key (SK) is used to encrypt and decrypt the messages broadcast with in subgroup members. The group key (GK) is used to encrypt and decrypt the messages broadcast among subgroup admin.

I. Algorithms and Concepts:

A. Algorithms Implementation:

AES algorithm is used for both encryption and decryption. SHA and MD5 algorithm is used in this framework for encryption purpose. The global variables are encrypted with some pass key. Session and Cookies are the most sensitive data in the web application. So it has to be encrypted before it used by the browser.

B. Encryption and Decryptions:

The password encryption was takesplace in Javascript and Decryption of the password in server side php script. The library CRYPT.js was used to match both js and PHP encryption and decryption.

C. Usage and Implementations:

The main focus of the framework is to be secure.

* Group formation

N members in the group (N=[n.sub.1], [n.sub.2], ... [n.sub.s])

* Subgroup formation

The number of members in subgroup

N/M < 100 Where, M - number of subgroup (M=[M.sub.1], [M.sub.2], ... [M.sub.s])

1. The Key Agreement Protocol (Combined GDH and TGDH) is implemented among the group members.

It consists of three levels.

a. Assign admin of subgroup.

b. Using GDH to generate one common Subgroup key (SK)

c. Using TGDH to generate one common Group Key (GK)

2. Sub group controller and Admin distribute SK,GK to its group members.

3. Key refreshed when membership changes occurs.

The Diffie-Hellman key exchange is one of the simplest and most efficient way by which the keys can be exchanged by two parties. If Alice and Bob need to agree on a key for their message exchange, then both agree on a long prime number p and a primitive root or base [alpha]. Alice has her secret private key x and she calculates [[alpha].sup.x] (mod p) and sends this value to Bob. Meanwhile Bob who has his own secret private key y calculates [[alpha].sup.y] (mod p) and sends it to Alice. Now Alice and Bob both compute [[alpha].sup.xy] mod p using each other values. Now both use this key for encrypting their message which they want to send it to one another. It is mathematically impossible to find x and y using p, [alpha], [[alpha].sup.x] (mod p) and [[alpha].sup.y] (mod p).

RESULTS AND DISCUSSIONS

The experiment conducted on 10 systems running on 2.4 GHz Pentium CPU with 2GB of memory. To test this project in more realistic environment, the implementation is done by using Netbeans IDE 8.0 in network where users can securely share their data. The following figures describes the proposed algorithm shows GDH subgroups organized in TGDH.

The Computational cost depends on the Serial exponentiations and the number of members joining and leaving the group. So, when the member and group size increase, the computation cost also increases significantly When the number of subgroup increases, O (n) steps is really time consuming to build a tree.

[FIGURE 4 OMITTED]

[FIGURE 5 OMITTED]

Conclusions:

The Combined GDH and TGDH has been proposed which can enhance the secure group sharing using secret keys among group members. In existing scheme [1] using single key for group sharing. The proposed scheme use multiple keys which exploits asymmetric keys. Using group key agreement scheme which effectively distribute the secret key to multiple subgroups. The computation load is distributed among many subgroups and also support forward and backward secrecy. The group key updated when subgroup membership changes (join, leave) occurs. When the number of subgroup increases, O (n) steps is really time consuming to build a tree. The proposed scheme can achieve the design goal, and keep a lower computational complexity and communication overhead in each group member's side. Compared with other schemes, the new proposed Region-Based scheme can significantly reduce the storage and communication overheads in the rekeying process, with acceptable computational overhead. In future work, propose a new key agreement protocol which will support for subgroup increases. And construct a tree in log (n) steps using effective group key agreement algorithm in future.

REFERENCES

[1.] Kaiping Xue, Peilin Hong, 2014. "A Dynamic Secure Group Sharing Framework in Public Cloud Computing", IEEE Transactions on Cloud Computing, 2(4): 459-470.

[2.] L'm, S. Szebeni and L. Butty'n, 2012. "Invitation-oriented TGDH: Key management for dynamic groups in an asynchronous communication model," pp: 269-276.

[3.] Tysowski, P. and M. Hasan, 2013. "Hybrid attribute-and re-encryption based key management for secure and scalable mobile applications in clouds," IEEE Transactions on Cloud Computing, 1(2): 172-186.

[4.] Boneh, D., X. Boyen and E. Goh, 2005. "Hierarchical Identity Based Encryption with Constant Size Ciphertext," Proc. Ann. Int'l Conf. Theory and Applications of Cryptographic Techniques (EUROCRYPT), pp: 440-456.

[5.] Bowers, K.D., A. Juels and A. Oprea, 2009. "Hail: A high-availability and integrity layer for cloud storage," in Proc. Of CCS" pp: 187-198.

[6.] Kim, Y., A. Perrig and G. Tsudik, 2004. "Group key agreement efficient in communication," IEEE Transactions on Computers, 53(7): 905-921.

[7.] Kumar, K., Dr.V. Sumathy and J. Nafeesa Begum, 2008. "Cost Effective Region-Based Group Key Agreement Protocol for Secure Group Communication," IEEE.

[8.] Steiner, M., G. Tsudik and M. Waidner, 1996. "Diffie-Hellman key distribution extended to group communication", In proc of 3rd ACM conference on Computer and communication security, pp: 31-3.

[9.] Steiner, M., G. Tsudik and M. Waidner, 1998. "Cliques: A new approach to group key agreement", In proc of the 18th International conference on Distributed computing systems, pp: 380-387.

[10.] Steiner, M., G. Tsudik and M. Waidner, 2000. "Key Agreement in Dynamic Peer Groups", IEEE Trans. Parallel and Distributed Systems, 11: 8.

(1) Vinupriya R and (2) Caroline kayalvizhi M

(1) PG Student, IT Dept, (2) Assistant Professor, CSE Dept, Muthayammal Engineering College, Rasipuram, Tamilnadu, India.

Received 25 January 2016; Accepted 28 April 2016; Available 5 May 2016

Address For Correspondence:

Vinupriya R, PG Student, IT Dept, Assistant Professor, CSE Dept, Muthayammal Engineering College, Rasipuram, Tamilnadu, India.

E-mail: vinupriyaramasamy@gmail.com
COPYRIGHT 2016 American-Eurasian Network for Scientific Information
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2016 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Vinupriya, R.; Caroline, Kayalvizhi M.
Publication:Advances in Natural and Applied Sciences
Date:May 15, 2016
Words:2552
Previous Article:Protected scrutinization with key disclosure resistance.
Next Article:Design of dual band pattern diversity antenna with RFSR.
Topics:

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters