ISSN 2348–2370 Vol.08,Issue.06, June-2016, Pages:1298-1307 www.ijatir.org

New Method of Monitoring Data Access Franchise and the Anonymous User Based Encryption in Cloud MUSTAFA ALI HASAN1, M. YESURATHNAM2 1

M.Sc Scholar, Dept of CSE, Nizam College, Osmania University, Hyderabad, TS, India. Assistant Professor, Dept of CSE, Nizam College, Osmania University, Hyderabad, TS, India.

2

Abstract: Cloud computing is a progressive figuring worldview, which empowers adaptable, on-interest, and ease use of registering assets, however the information is outsourced to some cloud servers, and different protection concerns rise up out of it. Different plans in view of the trait based encryption proposed to secure the distributed storage. Be that as it may, most work spotlights on the information substance security and the entrance control, while less consideration is paid to the benefit control and the character protection. In this paper, we display a semi anonymous benefit control plan AnonyControl to address the information protection, as well as the client personality security in existing access control plans AnonyControl decentralizes the focal power to constrain the character spillage and consequently accomplishes semi anonymity. Plus, it additionally sums up the record access control to the benefit control, by which benefits of all operations on the cloud information can be overseen in a fine-grained way. In this manner, we introduce the AnonyControl-F, which completely keeps the nd accomplish the full secrecy. Our security investigation demonstrates that both AnonyControl and our execution assessment shows the practicality of our plans. Keywords: Anonymity, Multi-Authority, Attribute-Based Encryption. I. INTRODUCTION Cloud computing is a progressive registering method, by which processing assets are given powerfully by means of Internet and the information stockpiling and calculation are outsourced to somebody or some gathering in a 'cloud'. It enormously pulls in consideration and enthusiasm from both the scholarly world and industry because of the productivity, yet it likewise has no less than three difficulties that must be taken care of before going to our genuine to the best of our insight. As a matter of first importance, information secrecy ought to be ensured. The information protection is not just about the information substance. Since the most alluring part of the distributed computing is the calculation outsourcing, it is a long ways sufficiently past to simply direct an entrance control. More probable, clients need to control the benefits of information control over different clients or cloud servers. This is on the grounds that when delicate data or calculation is outsourced to the cloud servers or another client, which is out of clients' control by and large, security dangers would rise

drastically on the grounds that the servers may unlawfully examine clients' information and access touchy data, or different clients may have the capacity to induce touchy data from the outsourced calculation. Consequently, the entrance as well as the operation ought to be controlled. Also, individual data (characterized by every client's properties set) is at danger since one's personality is verified in view of his data with the end goal of access control (or benefit control in this paper). As individuals are turning out to be more worried about their character security nowadays, the personality security additionally should be ensured before the cloud enters our life. Ideally, any power or server alone ought not know any customer's close to home data. To wrap things up, the distributed computing framework ought to be flexible on account of security break in which some a player in the framework is traded off by assailants. Different procedures have been proposed to ensure the information substance protection by means of access control. Personality based encryption (IBE) was initially presented by Shamir, in which the sender of a message can determine a character such that exclusive a recipient with coordinating character can unscramble it. Couple of years after the fact, Fuzzy Identity-Based Encryption is proposed, which is otherwise called Attribute-Based Encryption (ABE). In such encryption plot, a character is seen as an arrangement of expressive characteristics, and unscrambling is conceivable if a decrypter's personality has some covers with the one indicated in the ciphertext. Before long, more broad treebased ABE plans, Key-Policy Attribute-Based Encryption (KP-ABE and Ciphertext-Policy Attribute-Based Encryption (CP-ABE), are displayed to express more broad condition than straightforward 'cover'. They are partners to each other as in the choice of encryption approach (who can or can't unscramble the message) is made by various gatherings

In the kp-ABE, a ciphertext is connected with an arrangement of properties, and a private key is ssociated with a monotonic access structure like a tree, which portrays this current client's personality (e.g. IIT AND (Ph.D OR Master)). A client can decode the ciphertext if

Copyright @ 2016 IJATIR. All rights reserved.

MUSTAFA ALI HASAN, M. YESURATHNAM and just if the entrance tree in his private key is fulfilled by  We give definite examination on security and the traits in the ciphertext. execution to show practicality of the plan AnonyControl and AnonyControl-F.  We firstly execute the genuine toolbox of a multiauthority based encryption plan AnonyControl and AnonyControl-F. Whatever is left of the paper is composed as follows. SectionII depicts related works and SectionIII presents preparatory cryptographic foundations. At that point, SectionIV formally characterizes our issue for the development of AnonyControl in SectionV and AnonyControl-F in Section VI. At long last, we assess the security in Section VII and execution in Section VIII, and close in Section IX.

Fig1. General flow of our scheme. Be that as it may, the encryption approach is depicted in the keys, so the encrypter does not have whole control over the encryption arrangement. He needs to trust that the key generators issue keyswith right structures to right clients. Moreover, when a re-encryption happens, the greater part of the clients in the same framework must have their private keys re-issued in order to access the re-encoded records, and this procedure causes significant issues in execution. Then again, those issues and overhead are all illuminated in the CP-ABE. In the CP-ABE, ciphertexts are made with an entrance structure,which indicates the encryption strategy, and private keys are produced by qualities. A client can decode the ciphertext if and just if his qualities in the private key fulfill the entrance tree indicated in the ciphertext. By doing so,the encrypter holds a definitive power about the encryption arrangement. Additionally, the as of now issued private keys will never be altered unless the entire framework reboots. Not at all like the information secrecy, less exertion is paid to ensure clients' personality security amid those intelligent conventions. Clients' personalities, which are portrayed with their qualities, are for the most part revealed to key guarantors, and the backers issue private keys as per their traits. In any case, it appears to be common that clients will keep their characters mystery while despite everything they get their private keys. Thusly, we propose AnonyControl and AnonyControl-F (Fig. 1) to permit cloud servers to control clients' entrance benefits without knowing their personality data. Their principle benefits are:  The proposed plans can ensure client's protection against every single power. Fractional data is uncovered in AnonyControl and no data is revealed in AnonyControlF.  The proposed plans are tolerant against power trade off, and bargaining of up to (N −2) powers does not cut the entire framework down.

II. RELATED WORK In and, a multi-power framework is introduced in which every client has an ID and they a collaborate with every key generator (power) utilizing distinctive aliases. One client's diverse pen names attached to his private key, however key generators never think about the private keys, and subsequently they are not ready to connect different pen names to the same client. Additionally, the entire properties set is separated into N disjoint sets and oversaw by N qualities powers. In this setting, every power knows just a part of any client's qualities, which are insufficient to make sense of the client's personality. Notwithstanding, the plan proposed by Chase et al. considered the fundamental edge based KP-ABE, which needs all inclusive statement in the encryption arrangement expression. Numerous trait based encryption plans having different powers have been proposed a short time later, however they either likewise utilize an edge based ABE, or have a semi-legitimate focal power, or can't endure subjectively numerous clients' plot assault.The work by Lewko et al. and Muller et al. are the most comparable ones to our own in that they additionally attempted to decentralize the focal power in the CP-ABE into various ones. Lewko et al. utilize a LSSS network as an entrance structure, yet their plan just changes over the AND, OR entryways to the LSSS matrix,which limits their encryption strategy to boolean recipe, while we acquire the adaptability of the entrance tree having edge doors. Muller et al. additionally underpins just Disjunctive Normal Form (DNF) in their encryption approach. Other than the way that we can express subjectively broad encryption strategy, our framework additionally endures the trade off assault towards traits powers, which is not secured in numerous current works. As of late, there additionally seemed traceable multi-power ABE and , which are on the other way of our own. Those plans present responsibility such that malignant clients' keys can be followed. Then again, comparative bearing as our own can be found in, who attempt to shroud encryption arrangement in the ciphertexts, however their answers don't keep the trait revelation in the key era stage. To some degree, these three works and our own supplement each other as in the mix of these two sorts security will prompt a totally unknown ABE.

International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

New Method of Monitoring Data Access Franchise and the Anonymous User Based Encryption in Cloud benefit than the n-th one when m > n). The tree is III. PRELIMINARIES Give G0 a chance to be a multiplicative cyclic gathering of comparative to the one characterized in [4]. Given a tree, if prime request p and g be its generator. The bilinear guide e is numx is the quantity of the hub x's kids hub and kx is its characterized as takes after: e: G0 × G0 →GT, where GT is edge esteem 0 < kx ≤ numx , then hub x is doled out a the codomain of e. The bilinear guide e has the accompanying genuine quality if at any rate kx youngsters hubs have been alloted genuine worth. Specially,the hub turns into an OR properties: ∀u,v∈G0 and a, b ∈ Zp, e(ua, vb) = e(u, v)ab door when kx = 1 and an AND entryway when kx = numx . (bilinearity); for all u, v ∈ G0, e(u, v) = e(v, u) (symmetry); Fulfilling the Privilege Tree If a client's qualities set S and e(g, g) = 1 (non-decadence). fulfills the benefit tree Tp or the hub x, we characterize it Definition1: The Decisional Bilinear Diffie-Hellman (DBDH) as Tp(S) = 1 or x(S) = 1 individually. Tp(S) is figured issue in gathering G0 of prime request p with generator g is recursively as takes after. On the off chance that x is a leaf characterized as takes after: on information g, ga, gb, gc ∈ G0 node,x(S) = 1 if and just if att (x) ∈ S. On the off chance and e(g, g)z ∈ GT, where a, b, c ∈ Zp, choose whether e(g, g)z that x is a non-leaf hub, x(S) = 1 just when at any rate kx = e(g, g)abc. The security of numerous ABE plans and our kid hubs return 1. For the root hub Rp of Tp, Tp(S) = 1 just own depend on the suspicion that no probabilistic if Rp(S) = 1. polynomialtime calculations can take care of the DDH or DBDH issue with non-immaterial point of preference (DDH IV. PROBLEM FORMULATION presumption and DBDH supposition). This suspicion is A. Framework Model sensible since discrete logarithm issues in expansive number In our framework, there are four sorts of substances: N field are generally considered to be obstinate, and the Attribute Authorities (meant as A), Cloud Server, Data gatherings we picked are cyclic multiplicative gatherings of Owners and Data Consumers. A client can be a Data prime request, in which DBDH issues are accepted to be hard. Owner and a Data Consumer at the same time. Powers are We present the Lagrange coefficient i,S for i∈ Zp and a set, S, expected to have intense calculation abilities,and they are of components in Zp: i,S (x) := j∈S, j=I x−j i−j , which will be directed by government workplaces since some properties utilized as a part of the polynomial introduction in the halfway contain clients' by and by identifiable data. The unscrambling calculation. Also, a restricted hash capacity H : entire characteristic set is partitioned into N disjoint sets {0, 1}∗ →G0 is characterized as an irregular prophet, which and controlled by every power, along these lines every maps any credit quality to an arbitrary component in Zp. power knows about just piece of qualities. A Data Owner is Benefit Trees Tp In our work, encryption strategy is portrayed the substance who wishes to outsource encoded with a tree called access tree. Each non-leaf hub of the tree is information document to the Cloud Servers. The Cloud an edge gate,and every leaf hub is depicted by a characteristic. Server, who is accepted to have sufficient capacity limit, One access tree is required in each information document to does only store them. Recently joined Data Consumers ask characterize the encryption strategy. In this paper, we augment for private keys from the greater part of the powers, and existing plans by summing up the entrance tree to a benefit they don't know which qualities are controlled by which tree. The benefit in our plan is characterized as like the powers. At the point when the Data Consumers demand benefits oversaw in standard working frameworks. An their private keys from the powers, powers mutually make information record has a few operations executable on itself, relating private key and send it to them. All Data and each of them is permitted just to approved clients with Consumers can download any of the scrambled various level of capabilities. For instance, {Read_mine, information records, however just those hose private keys Read_all, Delete, Modify, Create} is a benefits set of fulfill the benefit tree Tp can execute the operation understudies' evaluations. connected with benefit p. The server is designated to execute an operation p if and just if the client's At that point, perusing Alice's evaluations is permitted to qualifications are confirmed through the benefit tree Tp. her and her educators, yet all different benefits ought to be approved just to the teachers, so we have to give the B. Dangers Model "Read_mine" to Alice and all other to the teachers. Each We expect the Cloud Servers are semi-fair, who carry on operation is connected with one benefit p, which is depicted appropriately in the greater part of time however may plot by a benefit tree Tp. On the off chance that a client's traits with vindictive Data Consumers or Data Owners to reap fulfill Tp, he is conceded the benefit p. Thusly, we control the others' document substance to increase unlawful benefits. record access as well as control other executable operations, In any case, they are likewise accepted to increase lawful which makes the document controlling fine-grained and in this advantage when clients' solicitations are effectively manner appropriate for distributed storage administration. In prepared, which implies they will take after the convention our plan, a few trees are required in each information by and large. N powers are thought to be untrusted. That is, document to confirm clients' personality and to concede him a they will take after our proposed convention as a rule, benefit as needs be. There should be r these sort of structures, however attempt to discover however much data as could which implies there are r distinctive benefits characterized for reasonably be expected separately. All the more the comparing information record. The benefit 0 is particularly, we expect they are occupied with clients' characterized as the benefit to peruse the document, and ascribes to accomplish the personalities, however they different benefits might be characterized self-assertively (the won't plot with clients or different powers. This m-th benefit does not as a matter of course have more intense International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

MUSTAFA ALI HASAN, M. YESURATHNAM supposition is like numerous past hunts on security issue in challenger flips a random binary coin b and encrypts Mb distributed computing and it is likewise sensible since these with T0. The ciphertext CT is given to the adversary. powers will be examined by government workplaces. Be that Phase 2: Phase 1 is repeated adaptively, but none of the as it may, we will facilitate unwind this suspicion and permit queried keys satisfy T0. the agreement between the compelling voices in Section VI. Guess: The adversary outputs a guess b of b. The Data Consumers are entrusted since they are random users advantage of an adversary A in this game is defined as Pr[b including attackers. They may collude with other Data = b] − 12. Consumers to illegally access what they are not allowed Definition 2: Our scheme is secure and indistinguishable to.Besides, we do not consider the identity leakage from the against chosen-attribute attack (IND-CAA) if all underlying network since this can be trivially prevented by probabilistic polynomial-time adversaries (PPTA) have at employing anonymized network protocols. most a negligible advantage in the above game. Note that the IND-CAA defined above implies IND-CCA since the adversary can conduct encryptions and C. Security Mode To formally define the security of our AnonyControl, we decryptions using the public keys and secret keys it owns first give the following in Phase 1 and Phase 2 (but he cannot decrypt the target Definitions.Setup→PK,Mkk : This algorithm takes nothing ciphertext since none of its secret keys satisfy T0). as input except implicit inputs such as security parameters. Attributes authorities execute this algorithm to jointly D. Design Goals compute asystem-wide public parameter PK as well as an Our goal is to achieve a multi-authority CP-ABE which: authority-wide public parameter yk , and to individually achieves the security defined above; guarantees the compute a master key MKk .KeyGenerate(PK, MKk, Au) → confidentiality of Data Consumers’ identity information; SKu: This algorithm enables a user to interact with every and tolerates compromise attacks on the authorities or the attribute authority, and obtains a private key SKu collusion attacks by the authorities For the visual comfort, corresponding to the input attribute set Au. Encrypt(PK, M, we frequently use the following notations hereafter. Ak denotes the k-th attribute authority; Au denotes the {Tp}p∈{0,...,r−1}) → (CT,VR): This algorithm takes as input attributes set of user u; Auk denotes the subset of Au the public key PK, a message M, and a set of privilege trees controlled by Ak; and ATp denotes the attributes set {Tp}p∈{0,...,r−1}, where r is determined by the encrypter. It included in tree Tp. will encrypt the message M and returns a ciphertext CT and a V.SYSTEM MODEL verification set VR so that a user can execute specific A. Notation And Definitions operation on the ciphertext if and only if his attributes satisfy 1. Notation the corresponding privilege tree Tp. As we defined, T0 stands for the privilege to read the file.  →, →→, and _: denote single-hop communications, Decrypt(PK, SKu , CT) → M or verification parameter: multi-hop communications, and concatenation, This algorithm will be used at file controlling (e.g. reading, respectively. modification, deletion). It takes as input the public key PK, a  CL, MR, GW, and TA: abbreviations for client, mesh ciphertext CT, and a private key SKu, which has a set of router, gateway, and trusted authority, respectively. attributes Au and corresponds to its holder’s GIDu. If the set  I Dx: the real identity of an entity x in our WMN Au satisfies any tree in the set {Tp}p∈{0,...,r−1}, the system. algorithm returns a message M or a verification parameter. If  P Sx: the pseudonym self-generated by a CL x by using the verification parameter is successfully verified by Cloud its real identity I Dx. Servers, who use VR to verify it, the operation request will be  H1(M ) and H1(M ): {0, 1}∗ → G1, cryptographic hash processed. Next, we define the security of our AnonyControl functions mapping an arbitrary string M to G1. with the following game.  H2: a cryptographic secure hash function: G31 ×G52 → Init: The adversary A declares the set of compromised Zq . authorities {Ak} ⊂ A (where at least two authorities in A are  H3: a cryptographic secure hash function: G2 × G2 ×I not controlled by A) that are under his control (remaining DGW × date/time → Zq . authorities A/{Ak } are controlled by the challenger). Then,  H1(I Dx)/Γx and H1(I DTx)/ψx: the public/private key he declares T0 that he wants to be hallenged, in which some pairs assigned to an entity x in the standard IBC and attributes are being in charged by the challenger’s authorities. the hierarchical IBC, respectively. Setup∗: The challenger and the adversary jointly run the Setup  P Sx/Γx and P STx/ψx: the self-generated pseudonym/ algorithm to receive the valid outputs. private key pairs based on the above public/private key Phase 1: The adversary launches KeyGenerate algorithms to pairs. query for as many private keys as he wants, which correspond  SIGΓx(m): the ID-based signature on a message m to attribute sets A1, . . . ,Aq being disjointly in charged by all using the signer x’s private key Γx. authorities {Ak }, but none of these keys satisfy T0.  VER(SIG): the verification process of the above signaBesides, he also conducts arbitrarily many computations using ture which returns “accept” or “reject”. the public and secret keys that he has (belonging to  HIDSψx,sx(m): the hierarchical ID-based signature on a compromised authorities). Challenge: The adversary submits message m generated by the signer x using its secret two messages M0 and M1 of equal size to the challenger. The International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

New Method of Monitoring Data Access Franchise and the Anonymous User Based Encryption in Cloud point ψx and secret number sx for inter-domain as the access points (APs) of the WMN and the last resorts authentication. to the Internet, respectively. The hospital, campus, enterprise and residential buildings are instances of  HVER(HIDS, QT ): the verification process using the individual WMN domains subscribing to the Internet above HIDS and QT which returns “accept” or “reject”. services from upstream SPs, shown as the Internet cloud in  SKEκ(D): the symmetric key encryption on plaintext D Fig1. Each WMN domain, or trust domain (to be used using the shared secret key κ. interchangeably) is managed by a domain administrator  HMACκ(m): the keyed-hash message authentication code that serves as a trusted authority (TA), i.e., the central on a message m using cryptographic hash functions and server of a campus WMN. The TA and associated GWs are the symmetric key κ. connected by high speed wired or wireless links, displayed as solid and bold dashed lines, respectively. TAs and GWs 2. Definitions are assumed to be capable of handling computationally  Anonymity (Untraceability): The anonymity of a legitiintensive tasks. In addition, they are assumed to be mate CL refers to the untraceability of the CL’s network protected in private places and cannot be easily access activities. The CL is said to be anonymous if the compromised due to their important roles in the WMN. TA or the GW, or even the collusion of the two cannot The WMNs of interest here are those where the TA link the CL’s network access activities to the CL’s real provides free Internet access but requires the clients (CLs) identity. to be authorized and affiliated members generally for a  Traceability: A legitimate CL is said to be traceable if the long term, as the employees or students in the case of TA is able to link the CL’s network access activities to enterprise and hospital WMNs or campus WMNs. Such the CL’s real identity if and only if the CL misbehaves, individual WMN domains can be building blocks of an i.e., one or both of the following occurs: ticket-reuse and even larger metropolitan WMN domain. multiple-deposit.  Ticket-reuse: one type of misbehavior of a legitimate CL that refers to the CL’s use of a depleted ticket (val=0).  Multiple-deposit: one type of misbehavior of a legitimate CL that refers to the CL’s disclosure of its valid ticket and associated secrets to unauthorized entities or CLs with non-conformed behavior, so that these coalescing CLs can gain network access from different GWs simultaneously.  Collusion: the colluding of malicious TA and GW to trace a legitimate CL’s network access activities in the TA’s domain (i.e., to compromise the CL’s anonymity).  Doing so, the TA is able to falsely accuse the CL to have misbehaved and to revoke its access right B. Network Architecture Consider the network topology of a typical WMN depicted in Fig1. The wireless mesh backbone consists of mesh routers (MRs) and gateways (GWs) interconnected by ordinary wireless links (shown as dashed curves). MRs and GWs serve

Fig.1. Network Topology of a Typical WMN.

C. Trust Model 1. Trust Relationship: In general, the TA is trusted within the WMN domain. There is no direct trust relation-ship between the CL and the GW/MR. We will use IBC for authentication and secure communications both at the backbone and during network access inside a trust domain (i.e., intra-domain). We further assume the existence of pre-shared keys and secure communication channels between entities (TAs, GWs, MRs) at the backbone and will solely consider the authentication and key establishment during the network access of the CLs. The CL presents its ID upon registration at the TA, which assigns a private key associated with the CL’s ID. The CL selects a unique account numberA computed by a randomly chosen secret number u1 (cf. Section IV A 1)). The account number is stored with the CL’s ID at the TA. The TA also assigns an ID/private key pair to each GW and MR in its trust domain before deployment. Advantages of this general trust relationship with the TA stem from the direct authentication of the CLs travelling amongst GWs/MRs in the same domain, which reduces network access latency and communication overhead that will be overwhelming in future WMNs due to the large subscriber population and their high mobility. Due to the natural hierarchical architecture of the WMNs considered in this paper, we adopt the hierarchical ID-based signature scheme (HIDS) for inter-domain authentication that happens when a CL affiliated with the home TA visits neigh boring foreign TAs. Note that the basic HIDS is suitable when the level m of the signer in the hierarchical tree (HT) is close to the root at level 0, since the number of pairing operations and the size of the signature are determined by the signer’s absolute location m. If m is relatively high (i.e., the signer is located deep down the HT), the basic HIDS can be very

International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

MUSTAFA ALI HASAN, M. YESURATHNAM inefficient in terms of the computation and communication fidential. Suppose a child CHj is located at level j. The overhead. In this case, Dual-HIDS is more suitable if the lower-level setup is performed by the parent as follows. signer and verifier share a common ancestor at level l below  Compute Kj = H1(I D1, ..., I Dj ); the root, since the number of pairing operations and the size of  Compute CHj ’s private keys ψj = ψj−1 + sj−1Kj =j=1 the signature are determined by the signer’s relative location si−1Ki, Γj = πH1(I Dj ); to the common ancestor m−l. For instance, the two TAs in  Distribute QT = {Ql :1≤ l < j} to CHj, where Ql = slP0. Fig1 can be the domain administrators of neighbouring campuses or hospitals directly managed by the state In the above private key assignment, (I D1, ..., I Di) for 1 department of education (SDE), or the state department of ≤ i ≤ j is the ID tuple of CHj ’s ancestor at level i. ψj and Γj health (SDH), etc. For simplicity, we use the basic HIDS for are the private keys generated by the parent’s secret demonstrating the inter-domain authentication in this paper. numbers sj−1, π ∈ Zq and are to be used at the inter-domain Let the SDE (or SDH) be the root at level 0 in the HT of the and intra-domain authentication, respectively. For instance campus (or hospital) WMN. in Fig. 1, TA1 is the parent of all the entities in its domain which is located at level 1. The entities (GWs, MRs, CLs) All the TAs in the SDE’s domain are at level 1 and all are TA1’s children at level 2. Similarly, the SDE or SDH GWs, MRs and CLs in each TA’s domain are at level 2. Note (root PKG in our simple illustration) at level 0 is the parent that in reality, the campus (or hospital) WMN may be part of of TA1. Note that due to the hardness of DLP, it is not the HT of a larger WMN (i.e., the SDE or SDH is a child at possible to solve for sj−1 or π given any private key level n below the root). However, as long as the signer’s calculated from them with non-negligible probability. relative location to the common ancestor of the signer/verifier pair in the HT remains unchanged, the Dual-HIDS scheme can VI.THE PROPOSED SECURITY ARCHITECTURE be employed instead. In the WMN architecture in, we A. Ticket-Based Security Architecture handledsimilar inter-domain authentication issue with a First, we restrict our discussion to within the home different approach. When a CL roams to a foreign TA’s domain. The inter-domain protocols in our security domain (FTD) with a different master secret, we propose to architecture, which are executed when the CL roams get the foreign TA’s domain parameters certified by a trusted outside its home domain, will be presented in A 5). The third party (TTP). The domain parameter certificate (DPC) ticket-based anonymity scheme consists of ticket issuance, issued by the TTP is then included in the inter-domain ticket deposit, fraud detection, and ticket revocation authentication for verifying the authenticity of the domain protocols. In what follows, we will describe these protocols parameters, which will later be utilized to verify the signature in detail, together with the authentication, data integrity from the entities in FTD. Compared to that approach, the check, and confidential communications that may take adopted HIDS scheme eliminates the requirement for the TTP place during the execution of these protocols. and the DPCs. Furthermore, since we are concerned with the computation power of the CLs, using the level assignment 1. Ticket Issuance: In order to maintain the fairness (levels 0-2) mentioned in the example above, the CL need among CLs and the security of the network against compute 4 pairings for verifying the signature from the AP malicious attacks, the home TA may control the access of (the MR or GW). In, the CL need also compute 4 pairings, 2 each CL by issuing tickets based on the non-conformed for DPC validation and 2 for verifying the signature from the behavior history of the CL which reflects the TA’s AP if the efficient Hess’s ID-based signature is used. Thus, confidence about the CL to act properly. Ticket issuance the adopted HIDS scheme does not compromise the occurs when the CL initially attempts to access the network computation efficiency while avoiding the TTP and DPCs. or when all previously issued tickets are depleted. The CL We argue that the computational complexity of HIDS for the need reveal its real ID to the TA in order to obtain a ticket WMN architecture considered here is acceptable since the CL since the TA has to ensure the authenticity of this CL. is most frequently roaming within the home domain where the Moreover, the TA should be unable to link the ticket it standard IBC is used. issued to the CLs’ real identities. Therefore, the CL employs some blinding techniques to transform the ticket 2.Trust Domain Initialization: We apply the domain to be unlinkable to any specific execution of the ticket initialization of the hierarchical IBC. Specifically, the root generation algorithm, while maintaining the verifiability of PKG (public key generator) at level 0 in the HT performs the the ticket. The ticket generation algorithm, which can be following domain initialization algorithm when the network is any restrictive partially blind signature scheme in the bootstrapped, where P0 is a generator of G1. literature, takes input parameters including the CL’s and  Input security parameter ξ ∈ Z+ into domain para-meter TA’s secret numbers, the common agreement c, and some generator PG and output the parameter tuple (q, G1, G2, e, public parameters, and generates a valid ticket ticket = {TN , P0, H1). W, c, (U _, V _, X_, ρ, σ1_, σ2_)} at the output, where TN is the  Randomly select a domain master secret s0∈Zq and unique serial number of the ticket which can be represented calculate the domain public key Ppub = s0P0. by the CL’s account number the ticket deposit protocol. Partially blind signatures alone allow the blind signature to The root PKG (e.g., the SDE or SDH) publishes the domain carry explicit information on commonly agreed terms (i.e., parameters (q, G1, G2, e, P0, H1, Ppub) and maintains s0 conticket value, expiry date, mis-behavior, etc.) which remains International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

New Method of Monitoring Data Access Franchise and the Anonymous User Based Encryption in Cloud publicly visible regardless of the blinding process. Restrictive can also be termed CL coalition, which is beneficial when blind signatures place re-strictions on the CL’s selection of the coalescing CLs are unauthorized users or CLs with messages being signed which contain encoded identity non-conformed behavior that have difficulty in acquiring information (in TN ) instead of completely random numbers, tickets from the TA. Note however that, since a CL is able allowing the TA to recover the CL’s identity by computing A to obtain multiple tickets in one ticket issuance protocol if and only if misbehavior is detected. As a result, the and self-generate multiple pseudonyms (cf. IV B), it can anonymity of an honest CL is unconditionally ensured. distribute these pseudonym/ticket pairs to other CLs Exemplary restrictive partially blind signature schemes can be without being traced as long as each ticket is deposited adopted as the ticket generation algorithm in our ticket only once. One possible solution to this flaw is to specify issuance protocol.The TA publishes the domain parameters to the non-overlapping active period of a ticket instead of be used within its trust domain as (q, G1, G2, e, P, P1, P2, H1, merely the expiry date/time, such that each time only one H2, H3, Ppub). ticket can be valid. This approach in general requires synchronization. Another solution is to adopt the tamperSince the scheme of is selected for demonstration, G1 here proof secure module (SM) so that a CL cannot disclose its should be a Gap Diffie-Hellman (GDH) group where the secrets to other CLs since the content of the SM is assumed computational Diffie-Hellman problem (CDHP) is as-sumed to be expensive and impractical to access or manipulate. to be intractable. In addition, the TA chooses r ∈R Zq and Q ∈R This approach will eliminate the committing of the G1, and the CL chooses α, β, γ, τ, λ, µ, ρ ∈R Zq . Note that if the multiple-deposit fraud but requires the deployment of the scheme of is adopted, the TA pub-lishes (q, G1, G2, e, g, g1, SMs. In the following discussion, we will still consider g2, H, H0, H1), where G1 should be a GDH in which the multiple-deposit as a possible type of fraud (e.g., in case RCDHP (reversion CDHP) is assumed to be intractable (refer SMs are unavailable). These two types of fraud share a to for detailed definitions). For simplicity, we will only common feature, that is, a same ticket (depleted or valid) is demonstrate the following protocols based on the scheme of deposited more than once which violates our one-time the application of the scheme to our protocols is deposit rule. This is where the restrictiveness of the blind straightforward following a similar procedure. The ticket signature algorithm takes effect on revealing the real issuance protocol is demonstrated as the two TAs in Fig. 1 identity of the misbehaving CL. Specifically, when the TA can be the domain administrators of neighboring campuses or detects duplicate deposits using the ticket records reported hospitals directly managed by the state department of by GWs, the TA will have the view of at least two different education (SDE), or the state department of health (SDH), etc. challenges from GWs and two corresponding sets of the two TAs in Fig. 1 can be the domain administrators of responses from the same CL. By solving the equation sets neighboring campuses or hospitals directly managed by the below based on these challenges and responses, the TA is state department of education (SDE), or the state department able to obtain the identity information encoded in the of health (SDH), etc. For simplicity, we use the basic HIDS message and hence the real identity of the misbehaving CL. for demonstrating the inter-domain authentication in this The fraud detection protocol is shown as: paper. Let the SDE (or SDH) be the root at level 0 in the HT of the campus (or hospital) WMN. All the TAs in the SDE’s GW → T A: I DGW , m_, W , c, σ = (U _, V _, X_, ρ, σ1_, σ2_), domain are at level 1 and all GWs, MRs and CLs in each TA’s r1, r2, T , t9, HMACκ (m_ _ W _ c _ σ _ r1 _ r2 _ T _ t9), domain are at level 2. Note that in reality, the campus (or hospital) WMN may be part of the HT of a larger WMN (i.e., where κ__ is the pre-shared symmetric key between the GW the SDE or SDH is a child at level n below the root from the and the TA, which we have assumed for the WMN misbehavior which solely refers to ticket-reuse and multiplebackbone. At the end, the TA performs VER(σ). If the deposit. The ticket record will be deleted from the DGW’s signature can be successfully verified, the TA checks if m_ database once the ticket expires (by checking c) and the most (or the ticket serial number TN) has been stored. If m_ is not recent record (excluding rem) has been reported to the TA. stored, the TA will store the following information: m_, c, Note that the DGW will maintain the record for the depleted T , r1, r2 for future fraud detection, and log for updating the tickets that have not expired in order to prevent the CL from CL’s non-conformed behavior data. If m_ has been stored, re-depositing such tickets at this DGW. For CLs with the TA will first compute the challenge d = H3(R _ WI DGW satisfactory misb values, the ticket record is sent to the TA T ) and will accuse the GW if d is the same as the stored periodically, while it is sent to the TA before any network one.By far, we have presented the techniques in our access service can be offered for CLs with inferior misb anonymity scheme to resolve the conflicts between values, as mentioned before. These values are obtained and anonymity and trace-ability. As long as the CL is a wellupdated by fraud detection to be discussed shortly. behaved user in this net-work, its anonymity can be fully guaranteed. 2. Fraud Detection: Fraud is used interchangeably with misbehavior in this paper, which is essentially an insider This is achieved by the blinding process of the ticket attack. Ticket-reuse generally results from the CL’s inability issuance protocol which breaks the linkage between the to obtain tickets from the TA when network access is desired, ticket and the identity, i.e., the TA knows the CL’s real ID primarily due to the CL’s non-conformed behavior which but does not know which ticket/pseudonym pairs belong to causes the TA to constrain its ticket requests. Multiple-deposit International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

MUSTAFA ALI HASAN, M. YESURATHNAM this CL, while the GW knows the linkage between the ticket administrators of neighboring campuses or hospitals and the pseudonym but learns no information on the real directly managed by the state department of education identity of the owner of these pairs. On the other hand, if the (SDE), or the state department of health (SDH), etc. CL misbehaves (i.e., fraud occurs), the CL’s anonymity can no longer be guaranteed since the TA may tend to identify and VII. PERFORMANCE EVALUATION punish this CL possi-bly by revoking the CL’s network access In this section, we present the performance evaluation privilege, utilizing the traceability property offered by the based on our measurement on the implemented prototype proposed anonymity scheme. In addition, our system enables system of AnonyControl-F. To the best of our knowledge, authentication at the APs and conforms to the access control this is the first implementation of a multi-authority attribute security requirement that is not satisfied in where no based encryption scheme. Our prototype system provides authentication of the CL is performed at the AP in the five command line tools. controlled connection protocol. Note that the real ID of a CL anonycontrol-setup: Jointly generates a public key and N is learned by the home TA and the AP only during ticket master keys. issuance. Since a batch of tickets can be issued each time and anonycontrol-keygen: Generates a part of private key for the CL may still hold unused tickets, the deposit procedure of the attribute set it is responsible for. a specific ticket cannot be deduced by estimating the timing anonycontrol-enc: Encrypts a file under r privilege trees. relationship between the issuance and the deposit. Although anonycontrol-dec: Decrypts a file if possible. the CL’s ID cannot be hidden from the home TA due to the anonycontrol-rec: Decrypts a file and re-encrypts it under requirement for issuing tickets, it can be hidden from the AP different privilege trees. by additional mechanisms. the two TAs in Fig. 1 can be the domain administrators of neighboring campuses or hospitals This toolkit is based on the CP-ABE toolkit [4] which is directly managed by the state department of education (SDE), available online, and the whole system is implemented on a or the state department of health (SDH), etc. For simplicity, linux system with Intel i7 2nd Gen @ 2.7GHz and 2GB we use the basic HIDS for demonstrating the inter-domain RAM. authentication in this paper. Let the SDE (or SDH) be the root Fig2 shows the computation overhead incurred in the core at level 0 in the HT of the campus (or hospital) WMN. All the algorithms Setup, KeyGenerate, Encrypt, and Decrypt TAs in the SDE’s domain are at level 1 and all GWs, MRs under various conditions. We additionally implemented and CLs in each TA’s domain are at level 2. Note that in three similar works, Chase under the same condition (same reality, the campus (or hospital) WMN may be part of the HT security level and same environment) for the comparison of a larger WMN (i.e., the SDE or SDH is a child at level n purpose. below the root). the two TAs in Fig1 can be the domain

International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

New Method of Monitoring Data Access Franchise and the Anonymous User Based Encryption in Cloud Particularly, in Fig. 2(e), we set only one privilege for the file [5]M. Chase, “Multi-authority attribute based encryption,” access, and we measured the time to create one privilege tree in Theory of Cryptography. Berlin, Germany: Springerand calculate its verification parameter in Fig. 2(f). In general, Verlag, 2007, pp. 515–534. the computation overhead of Li is much higher than others [6]M. Chase and S. S. M. Chow, “Improving privacy and because their scheme involves many more exponentiations security in multi-authority attribute-based encryption,” in and bilinear mappings due to the accountability. The Proc. 16th CCS, 2009, pp. 121–130. encryption/decryption under different file sizes did not show [7]H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold big differences when file sizes are large (≥20MB), because the multi authority attribute based encryption without a central run times are dominated by the symmetric encryption (AESauthority,” Inf. Sci., vol. 180, no. 13, pp. 2618–2632, 2010. 256). Finally, only our run times are plotted in Fig. 2(f) [8]V. Božovi´c, D. Socek, R. Steinwandt, and V. I. because the privilege creation is the unique process in our Villányi, “Multi-authority attribute-based encryption with scheme. honest-but-curious central authority,” Int.J. Comput. Math., vol. 89, no. 3, pp. 268–283, 2012. [9]F. Li, Y. Rahulamathavan, M. Rajarajan, and R. C.-W. VIII. CONCLUSION AND POSSIBLE EXTENSIONS This paper proposes a semi-mysterious property based Phan, “Lowcomplexity multi-authority attribute based benefit control plan AnonyControl and a completely unknown encryption scheme for mobile cloud computing,” in Proc. characteristic based benefit control plan AnonyControl-F to IEEE 7th SOSE, Mar. 2013, pp. 573–577. address the client security issue in a distributed storage server. [10]K. Yang, X. Jia, K. Ren, and B. Zhang, “DAC-MACS: Utilizing various powers as a part of the distributed computing Effective data access control for multi-authority cloud framework, our proposed plans accomplish fine-grained storage systems,” in Proc. IEEE INFOCOM, Apr. 2013, benefit control as well as character namelessness while pp. 2895–2903. directing benefit control taking into account clients' [11]A. Lewko and B. Waters, “Decentralizing attributepersonality data. All the more significantly, our framework based encryption,” in Advances in Cryptology. Berlin, can endure up to N − 2 power trade off, which is profoundly Germany: Springer-Verlag, 2011, pp. 568–588. ideal particularly in Internet-based distributed computing [12]S. Müller, S. Katzenbeisser, and C. Eckert, “On multienvironment. We additionally led definite security and authority ciphertext-policy attribute-based encryption,” execution examination which demonstrates that AnonyBull. Korean Math. Soc., vol. 46, no. 4, pp. 803–819, 2009. Control both secure and productive for distributed storage [13]J. Li, Q. Huang, X. Chen, S. S. Chow, D. S. Wong, and framework. The AnonyControl-F specifically acquires the D. Xie, “Multiauthority ciphertext-policy attribute-based security of the AnonyControl and along these lines is encryption with accountability,” in Proc. 6th ASIACCS, comparably secure as it, however additional correspondence 2011, pp. 386–390. overhead is caused amid the 1-out-of-n unaware exchange [14]H. Ma, G. Zeng, Z. Wang, and J. Xu, “Fully secure One of the promising future works is to present the effective multi-authority attribute-based traitor tracing,” J. Comput. client repudiation component on top of our unknown ABE. Inf. Syst., vol. 9, no. 7,pp. 2793–2800, 2013. Supporting client repudiation is a critical issue in the genuine [15]S. Hohenberger and B. Waters, “Attribute-based application, and this is an awesome test in the utilization of encryption with fast decryption,” in Public-Key ABE plans. Making our plans good with existing ABE plans Cryptography. Berlin, Germany: Springer-Verlag, 2013, who support productive client disavowal is one of our future pp. 162–179. works. [16]J. Hur, “Attribute-based secure data sharing with hidden policies in smart grid,” IEEE Trans. Parallel IX. ACKNOWLEDGEMENTS I owe my profound gratitude to my project guide Mr. T. Distrib. Syst., vol. 24, no. 11, pp. 2171–2180, Nov. 2013. Ramdas Naik, Asst. Professor and other teachers who took [17]Y. Zhang, X. Chen, J. Li, D. S. Wong, and H. Li, keen interest on our project work and guided us all along, till “Anonymous attributebased encryption supporting efficient the completion of our project work by providing all the decryption test,” in Proc. 8th ASIACCS, 2013, pp.511–516. necessary information for developing a good system. [18]D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Advances in Cryptology. Berlin, Germany: Springer-Verlag, 2001, pp. 213–229. X. REFERENCES [1]A. Shamir, “Identity-based cryptosystems and signature [19]A. Sahai and B. Waters, “Fuzzy identity-based schemes,” in Advances in Cryptology. Berlin, Germany: encryption,” Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 47–53. Springer-Verlag, 2005. [2]A. Sahai and B. Waters, “Fuzzy identity-based encryption,” [20]J. Liu, Z. Wan, and M. Gu, “Hierarchical attribute-set in Advances in Cryptology. Berlin, Germany: Springerbased encryption for scalable, flexible and fine-grained Verlag, 2005, pp. 457–473. access control in cloud computing,” in Information [3]V. Goyal, O. Pandey, A. Sahai, and B. Waters, “AttributeSecurity Practice and Experience. Berlin, Germany: based encryption for fine-grained access control of encrypted Springer-Verlag, 2011, pp. 98–107. data,” in Proc. 13th CCS, 2006, pp. 89–98. [21]A. Kapadia, P. P. Tsang, and S. W. Smith, “Attribute[4]J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy based publishing with hidden credentials and hidden attributebased encryption,” in Proc. IEEE SP, May 2007, pp. policies,” in Proc. NDSS, 2007, pp. 179–192o. 321–334. International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307

MUSTAFA ALI HASAN, M. YESURATHNAM [22]S. Yu, K. Ren, and W. Lou, “Attribute-based content distribution with hidden policy,” in Proc. 4th Workshop Secure Netw. Protocols, Oct. 2008, pp. 39–44. Author’s Profile Mustafa Ali Hasan, Master of Science (Information System), Nizam college (Autonomous), O.U., Basheer Bagh, Hyderabad, India.

M. Yesurathnam, Assistant Professor, Computer Science Nizam College (Autonomous), O.U., Basheer Bagh, Hyderabad, India.

International Journal of Advanced Technology and Innovative Research Volume.08, IssueNo.06, June-2016, Pages: 1298-1307