Printer Friendly

Secure data sharing in cloud storage using KAC with certificateless encryption.


Cloud computing has begun to emerge as a hotspot in both industry and academics. It represents a business model and computing paradigm that enables on-demand provisioning of computational and storage resources. Data sharing is an important functionality in cloud storage. For example, bloggers can allow their friends to view a subset of their private pictures, an enterprise may grant her employees to access only a portion of their data that are sensitive. The users can download the encrypted data from the cloud storage, decrypt them, and can share it with other members in the group. Users should be able to provide the access rights to the files that are shared with others so that they can access these files from the cloud server directly.

Security and privacy concerns should be considered while transferring to public cloud. Computing involves a transfer of responsibility and control to the cloud provider over information as well as system components that were previously under the organization's direct control. The transition is usually carried out by loss of direct control over the management of operations and also a loss of influence over decisions made about the computing environment. Cloud performs the entire complex task whose processing power is high.

Cloud computing represents a very dynamic area with new suppliers and new offerings arriving all the time. One possible solution to keep your data safe and secure, is to encrypt it before storing it in cloud. Encryption is the process of making your files unreadable with an encryption key so that even if somebody gains access to your files, they cannot read the original content unless they are provided with a key. Data may be encrypted to make it difficult for someone to steal the information. Some companies store their data in cloud by encrypting it for security purpose and also to do complex task by utilizing cloud resources. If this data needs to be viewable, it may require decryption. While there are currently a variety of cloud storage services out they were preceded by a dedicated data sharing services, whose motivation was to permit people to upload and download files that were too large to send via email.

Related Work:

Many literatures are available on data sharing and cloud storage. Among them, B. Wang et al (2013) described that cloud computing is widely used in business enterprises for utilizing resources and performing complex task in cloud but data management and the services they provide may not be fully trusted and data integrity, privacy and confidentiality are of major concern. The trusted third party (TTP) verifies the integrity of data stored in cloud on behalf of the client or the user. However, TTP cannot be fully trusted.

G. Ateniese et al (2012) proposed that time has to be bounded while encrypting a file for a set of classes which contains a large dataset. A hierarchy of classes is present for delivering the keys to a user. When a parent key of that hierarchy is given then those users have access to all the files that are present in the hierarchy. But, this scheme is not suitable when a user request files from different branches of a tree the keys to be generated increases simultaneously.

M.J. Atallah et al (2009) addressed the problem of access control policies where only authorized users who satisfy the specific attributes alone will be given access to read or write a file. This constraint will be checked by the Cloud Service Provider (CSP). Because, checking these task manually will be time consuming so cloud resources are used to achieve this. Only if the users attribute matches with the attribute which the CSP have, the key for decryption will be provided. This makes the key management task quite simple. It also follows a tree based approach for deriving the keys for the users. To enhance security, Re-encryption can take place which assures the user that their files will be stored securely in cloud.

V. Goyal et al (2006) proposed that when sensitive data are to be stored in cloud, the possible way is to encrypt the file before storing it in the cloud. The encryption could be done in two levels one is the fine grained approach other one is the coarse grained approach. In fine grained approach, each and every page will be encrypted separately whereas in coarse grained approach, the whole document will be encrypted only once. Fine grained approaches are considered to be more secure but it is time consuming. a new cryptosystem that is used in fine grained approach is the Key-Policy Attribute-Based Encryption (KP-ABE).in this system, the ciphertext are marked with the attributes and private keys only if that constraints are satisfied the user will be able to decrypt it.

System Architecture:

The architecture of the system proposed in this paper is shown in Fig1. It consists of three major modules they are encrypting the data, encrypting the password and decrypting and downloading the respective file. Initially users register their details with the cloud with the generated password they can login again and upload their files. The uploaded files are encrypted before being stored in the cloud because cloud being a public network there is a possibility that third parties can intrude. Files can be shared with anyone in the group. The user generated passwords are encrypted with a salt byte before storing in the cloud. It prevents from unauthorized persons hacking the password of the user or changing the content of the file. Once the files are shared with other users an aggregated key will be send to the receiver with which he can download all the files that has been shared with him.

Cloud allows the creation of Users in order to provide different levels of access to the Shares that are present on the drive at any given time. User Management includes a host of administrative tools to help contract administrators manage and control user access to benefits. In this module the new user register their details to be a member of the Cloud server and they mention about the scheme they choose regarding the storage of their data either as an individual or Organization. A registered user is an individual who has been assigned to a product and the cloud services associated to that product. Handling user uploaded images on your website can be a time consuming task. In this module the user uploads his file and the data are stored in the database based on the scheme the user chooses during the registration. if images are uploaded directly to the cloud servers, it requires some heavy processing, and storage space. One way to do all these computation is to transfer them to cloud storage. A smarter option is to enable uploading of images directly from users' browsers to the cloud.

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption by itself is not secure, but it denies the message content to the attacker. The uploaded files are encrypted before being stored in the cloud. Jelastic is a public network so there is a possibility that is secret files may be corrupted or leaked. So mainly for security purpose we encrypt all are file before uploading it.

Single key which includes the power of all the aggregated keys-KAC(key aggregate cryptosystem). One can aggregate any set of secret keys and make them as compact as a single key, but includes the power of all the keys being aggregated. This compact aggregate key can be conveniently sent to others or be stored in a smart card with very limited secure storage.

Once the data gets encrypted, the key value will be sent to user's mail id. Even when the files are shared with other users in the group, the secret key will be mailed to that particular user. So the receiver can download the file from the Cloud Server by giving the key values that was mailed to them. Even if multiple files are shared the key for downloading all those files will be a single constant size key an aggregate key that will reduce the overhead of the user considerably.

Key Aggregate Cryptosystem Algorithm:

In this paper, we proposed a new model called Key Aggregate Cryptosystem Algorithm (KACA) which is the combination of secured user access with a single aggregate key generation. In this model, when more than one file is chosen to share with other members in a group, a single aggregate key which includes the power of all keys is generated. This aggregate key is of constant size and it is securely sent to the user via email.

4.1 Need for aggregate key and cloud:

Data sharing is the most important factor to be considered in cloud storage. Using storage alone in cloud is not an efficient method. Resources present in the cloud can be used to do complex task easily which is not suitable with the local server installed in our system. Highly efficient if the data stored by owner is of the order of hundreds of gigabytes and the computing power of User is very small Cloud can also convert the complex task into simpler ones by partially decrypting it for authorized users.

Considering about the complexity of decrypting each and every file with a unique key increases the complexity when thousands of files are being shared with a user at a time. So to overcome such difficulties, a single aggregate of constant size is needed which reduces the overhead of the receiver while decrypting such files.

4.2 Algorithm for aggregate key generation:

Step 1: Key Generation

Step 1.1 Choose two large prime numbers p and q randomly and independently of each other such that gcd (pq, (p - l'H'q - I)) = 1. This property is assured if both primes are of equal length.

Step 1.2 Compute n=pq and [lambda] = lcm (p - 1, q - l)


Step 1.4 Ensure n divides the order of g by checking the existence of the following modular multiplicative

inverse: [mu] = [(L ([g.sup.[lambda]] mod [n.sup.2] mod [n.sup.2])).sup.-1] mod n.

Where function L is defined as L(u) = u - 1/n

The public (Encryption) key is (n, Q)

The private (Decryption) key is ([lambda], [mu])

If p,q of equivalent length are used, a simpler variant of the above key generation steps would be to set g = n -+ 1, [lambda] = [phi](n) and (t = [phi]>[(n).sup.-1] mod n.

Where [phi](n) = (p - 1)(q - 1)

Step 2: Encryption

Let m be a message to be encrypted where m [member of] [Z.sub.n].

Select random r where r [member of] [Z.sup.*.sub.n]

Compute ciphertext as: c = [g.sup.m]. [r.sup.n] mod [n.sup.2]

Step 3: Decryption

Let c be the ciphertext to be decrypted, where [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII]

Compute the plaintext message as : m = L ([c.sup.[lambda]] mod [n.sup.2]). [mu] mod n

4.3 Process of generating aggregate key:

In this phase, KAC Algorithm is used to generate an aggregate key which is of constant size that is generated when more than one file is shared with other users in the group. This is deployed in public Cloud Jelastic where the resources and servers are utilized that is available in the cloud. Homomorphic encryption is a form of encryption which allows specific types of computations to be carried out on ciphertext which is the output of encryption. Certain computations are to be taken place to decrypt the ciphertext which gives back the original plain text. The Paillier cryptosystem is a probabilistic asymmetric algorithm for public key cryptography and the algorithm works as follows.

Key generation: client will generate pair of keys public key pk and secret key sk for encryption of plaintext.

Encryption: Using secret key sk client can encrypt the plain text PT and generate Esk(PT) and along with public key pk this cipher text CT will be sent to the cloud.

Evaluation: Server has a function f for doing evaluation of cipher text CT and performed this as per the required function using pk.

Decryption: Generated Eval(f(PT)) will be decrypted by client using its sk and it gets the original result. Homomorphic Encryption H is a set of four functions as shown in Figure 3.3

In this module the aggregate key is generated. Single key which includes the power of all the aggregated keys- KAC (key aggregate cryptosystem).

Performance Analysis:

In this section, we discuss about the performance analysis of our proposed algorithm used in third parity auditor access control system with other existing algorithms. The proposed and existing algorithms have been implemented in JAVA for measuring the actual computation time to perform access control with and without constraint operations. In order to measure the actual computation time taken for performing the constraint operation, we have used various numbers of CPUs, Memory in the server side. Similarly, the same number of hardware components is used in the cloud service provider side also for measuring the computation time.

The performance analysis of our proposed algorithm used in KAC with other existing algorithms is based on the number of keys to be issued. The proposed and existing algorithms have been implemented in JAVA for measuring the number of keys to be granted when the number of files to be shared increases.

The performance of this paper is analyzed by giving different type of files such as pdf,doc,ppt extensions and so on. The KAC performance is analyzed only when multiple files are shared with authorized users. When multiple files are shared with users a single aggregate key is generated which reduces the complexity of decrypting thousands of files separately. This single key holds the power of decrypting any such files shared with him in a group.

Consider a tree based system where the number of keys to be generated for decryption increases initially to some point and later decreases. It is mainly based on the delegation ratio which is the ratio between delegated ciphertext class and the total number of classes present in a tree.

Table 1. Shows values of delegation ratio for trees of different heights. This value increases to some extent and decreases later. but in our approach which has been proposed in this paper always includes a single constant size aggregate key for decryption.

Fig.3 shows the graphical representation which compares our system with the existing tree based and one to one key generation system. From the graph it is clear that our system holds good and it is efficient to decrypt any number of files that has been shared with the authorized users who belong to the same group.


In this work, Multiple files can be encrypted and shared easily with any user in the cloud where a single aggregate key generation is enough to decrypt and download it. The key generated includes the power of all the keys being aggregated. The aggregate key is a constant size key so that it can be shared with any authorized users easily it can even be transferred via e-mail or via SMS. The fact is that, in one to one method where the number of files shared is equal to the number of keys generated to decrypt. The complexity increases to greater extent. In tree based approach, the number of keys depends on the delegation ratio which increases initially and decreases after some time whereas in our approach whatever be the number of files to be shared it will always generate a constant size key which decreases the overhead as the only a single key is generated. Certificateless encryption without using pairing operations can be used where two keys are used for decryption. Private keys are not stored in the cloud which enhances the security to a better extent.


Article history:

Received 12 October 2014

Received in revised form 26 December 2014

Accepted 1 January 2015

Available online 25 February 2015


Wang, C., S.S.M. Chow, Q. Wang, K. Ren and W. Lou, 2013. Privacy- Preserving Public Auditing for Secure Cloud Storage, IEEE Transaction on Computers, 62: 362-375.

Wang, B., S.S.M. Chow, M. Li and H. Li, 2013. Storing Shared Data on the Cloud via Security-Mediator, IEEE 33rd International Conference on Distributed Computing Systems (ICDCS), 55: 257-265.

Atallah, M.J., M. Blanton, N. Fazio and K.B. Frikken, 2009. Dynamic and Efficient Key Management for Access Hierarchies, ACM Transaction on Information and System Security, 18: 1-43.

Ateniese, G., A.D. Santis, A.L. Ferrara, and B. Masucci, 2012. Provably Secure Time-Bound Hierarchical Key Assignment Schemes, Journal of Cryptology, 25: 243-270.

Goyal, V., O. Pandey, A. Sahai and B. Waters, 2006. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data, Proceedings of 13th ACM Conference on Computer and Communication Security (CCS '06), 89-98.

Zhang, Q. and Y. Wang, 2004. A Centralized Key Management Scheme for Hierarchical Access Control, Proceedings of IEEE Global Telecomm. Conference in GLOBECOM '04, 2067-2071.

Yuen, T.H., S.S.M. Chow, Y. Zhang, and S.M. Yiu, 2012. Identity-Based Encryption Resilient to Continual Auxiliary Leakage,Proceedings of Advances in Cryptology Conference (EUROCRYPT '12), 7237: 117-134.

Chow, S.S.M., C. Boyd, and J. M. G. Nieto,2012. Security mediated certificateless cryptography, Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography, PKC'06, 508-524.

Al-Riyami, S., and K. Paterson, 2003. Advances in Cryptology -ASIACRYPT'03- Springer Berlin / Heidelberg, 2894: 452-473.

Anitha R., Pandiyaraju V., Muthurajkumar S., Sai Ramesh L., Rakesh R.

Department of Information Science and Technology, College of Engineering, Guindy, Anna University, Chennai 600025, India.

Corresponding Author: Anitha R., Department of Information Science and Technology, College of Engineering, Guindy, Anna University, Chennai 600025, India.

Table 1: Keys to be granted for Different
Delegation Ratios and Tree Heights.

                          Height of tree
Delegation ratio               (h)
                     16        18        20

0.1                 6224      24895     99590
0.2                 11772     47076    188322
0.3                 16579     66312    265254
0.4                 20545     82187    328749
0.5                 23520     94078    376317
0.6                 25263    101052    404205
0.7                 25400    101594    406385
0.8                 23252     93025    372085
0.9                 17334     69337    277343
0.98                11670     46628    186725
COPYRIGHT 2015 American-Eurasian Network for Scientific Information
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2015 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:key aggregate cryptosystem
Author:R., Anitha; V., Pandiyaraju; S., Muthurajkumar; L., Sai Ramesh; R., Rakesh
Publication:Advances in Natural and Applied Sciences
Article Type:Report
Date:Jun 1, 2015
Previous Article:Performance evaluation and characterization of IO workload analysis using data mining algorithms.
Next Article:Collision and transmission range based routing protocol for VANETs.

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |