HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING

INTRODUCTION
Cloud computing is a new computing paradigm that is built on virtualization, parallel and distributed computing, utility computing, and service-oriented architecture. We propose a hierarchical attribute-set-based encryption (HASBE) scheme for access control in cloud computing. HASBE extends the cipher text-policy attribute- set-based encryption (CP-ASBE, or ASBE for short) scheme with a hierarchical structure of system users, so as to achieve scalable, flexible and fine-grained access control.

SCOPE OF THE PROJECT

However, most of them suffer from hardness in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing. We propose hierarchical attribute-set-based encryption (HASBE) by extending cipher-text-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability, flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes. The main operations of HASBE: System Setup, Top-Level Domain Authority Grant, New Domain Authority/User Grant, New File Creation, User Revocation, File Access, and File Deletion.

LITERATURE SURVEY High-Performance Cloud Computing: A View of Scientific Applications Author: Christian Vecchiola Suraj Pandey and Rajkumar Buyya Year: 2009
Scientific computing often requires the availability of a massive number of computers for performing large scale experiments. Traditionally, these needs have been addressed by using high-performance computing solutions and installed facilities such as clusters and super computers, which are difficult to setup, maintain, and operate. Cloud computing provides scientists with a completely new model of utilizing the computing infrastructure. Compute resources, storage resources, as well as applications, can be dynamically provisioned (and integrated within the existing infrastructure) on a pay per use basis. These resources can be released when they are no more needed. Such services are often offered within the context of a Service Level Agreement (SLA), which ensure the desired Quality of Service (QoS). Aneka, an enterprise Cloud computing solution, harnesses the power of compute resources by relying on private and public Clouds and delivers to users the desired QoS. Its flexible and service based infrastructure supports multiple programming paradigms that make Aneka address a variety of different scenarios: from finance applications to computational science. As examples of scientific computing in the Cloud, we present a preliminary case study on using Aneka for the classification of gene expression data and the execution of fMRI brain imaging workflow.

Principles of Policy in Secure Groups

Author: H. Harney, A. Colgrove and P. D. McDaniel, Year: 2001
Security policy is increasingly being used as a vehicle for specifying complex entity relationships. When used to define group security, policy must be extended to state the entirety

of the security context. For this reason, the policy requirements of secure groups are more complex than found in traditional peer communication; group policies convey information about associations greater and more abstract than their pair-wise counterparts. This paper identifies and illustrates universal requirements of secure group policy and reasons about the adherence of the Group Security Association Key Management Protocol (GSAKMP) to these principles.

Methods and Limitations of Security Policy Reconciliation Author: P. D. McDaniel and A. Prakash Year: 2002

A security policy is a means by which participant session requirements are specified. However, existing frameworks provide limited facilities for the automated reconciliation of participant policies. This paper considers the limits and methods of reconciliation in a generalpurpose policy model. We identify an algorithm for efficient two-policy reconciliation, and show that, in the worst-case, reconciliation of three or more policies is intractable. Further, we suggest efficient heuristics for the detection and resolution of intractable reconciliation. Based upon the policy model, we describe the design and implementation of the Ismene policy language. The expressiveness of Ismene, and indirectly of our model, is demonstrated through the representation and exposition of policies supported by existing policy languages. We conclude with brief notes on the integration and enforcement of Ismene policy within the Antigone communication system.

A Unified Scheme for Resource Protection in Automated Trust Negotiation Author: T. Yu and M. Winslett Year: 2003.

Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional

trust management systems, the access control policy for a resource is usually unknown to the party requesting access to the resource, when trust negotiation starts. The negotiating parties can rely on policy disclosures to learn each other's access control requirements. However, a policy itself may also contain sensitive information. Disclosing policies' contents unconditionally may leak valuable business information or jeopardize individuals' privacy. In this paper, we propose UniPro, a uni_ed scheme to model protection of resources, including policies, in trust negotiation. UniPro improves on previous work by modeling policies as _rst-class resources, protecting them in the same way as other resources, providing _ne-grained control over policy disclosure, and clearly distinguishing between policy disclosure and policy satisfaction, which gives users more _exibility in expressing their authorization requirements. We also show that UniPro can be used with practical negotiation strategies without jeopardizing autonomy in the choice of strategy, and present criteria under which negotiations using UniPro are guaranteed to succeed in establishing trust.

Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing Author: S. Yu, C. Wang, K. Ren, and W. Lou Year: 2010
Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. As promising as it is, this paradigm also brings forth many new challenges for data security and access control when users outsource sensitive data for sharing on cloud servers, which are not within the same trusted domain as data owners. To keep sensitive user data confidential against untrusted servers, existing solutions usually apply cryptographic methods by disclosing data decryption keys only to authorized users. However, in doing so, these solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when finegrained data access control is desired, and thus do not scale well. The problem of simultaneously achieving fine-grainedness, scalability, and data confidentiality of access control actually still remains unresolved. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand,

allowing the data owner to delegate most of the computation tasks involved in finegrained data access control to untrusted cloud servers without disclosing the underlying data contents. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secure under existing security models.

Ciphertext-Policy Attribute-Based Encryption Author: John Bethencourt, Amit Sahai and Brent Waters Year: 2007
In several distributed systems a user should only be able to access data if a user posses a certain set of cre-dentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous Attribute-Based Encryption systems used attributes to describe the encrypted data and built policies into users keys; while in our system attributes are used to describe a users credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC).In addition, we provide an implementation of our system and give performance measurements.

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data Author: Vipul Goyal, Omkant Pandey, Amit Sahaiz and Brent Waters
Year: 2006

As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for ne-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of auditlog information and broadcast encryption. Our construction supports delegation of private keys which subsumes Hierarchical Identity-Based Encryption (HIBE).

Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption Author: Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran Year: 2009

In distributed systems users need to share sensitive objects with others based on the recipients ability to satisfy a policy. Attribute-Based Encryption (ABE) is a new paradigm where such policies are specified and cryptographically enforced in the encryption algorithm itself. Cipher text-Policy ABE (CP-ABE) is a form of ABE where policies are associated with encrypted data and attributes are associated with keys. In this work we focus on improving the flexibility of representing user attributes in keys. Specifically, we propose Cipher text Policy Attribute Set Based Encryption (CP-ASBE) - a new form of CP-ABE - which, unlike existing CP-ABE schemes that represent user attributes as a monolithic set in keys, organizes user attributes into a recursive set based structure and allows users to impose dynamic constraints on

how those attributes may be combined to satisfy a policy. We show that the proposed scheme is more versatile and supports many practical scenarios more naturally and efficiently. We provide a prototype implementation of our scheme and evaluate its performance overhead.

Fuzzy Identity-Based Encryption Author: Amit Sahai and Brent Waters Year: 2005

We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, !, to decrypt a ciphertext encrypted with an identity, !0, if and only if the identities ! and !0 are close to each other as measured by the set overlap distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term attribute-based encryption. In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services Author: G.Wang, Q. Liu, and J.Wu Year: 2010
Cloud computing, as an emerging computing paradigm, enables users to remotely store their data into a cloud so as to enjoy scalable services on-demand. Especially for small and

medium-sized enterprises with limited budgets, they can achieve cost savings and productivity enhancements by using cloud-based services to manage projects, to make collaborations, and the like. However, allowing cloud service providers (CSPs), which are not in the same trusted domains as enterprise users, to take care of confidential data, may raise potential security and privacy issues. To keep the sensitive user data confidential against untrusted CSPs, a natural way is to apply cryptographic approaches, by disclosing decryption keys only to authorized users. However, when enterprise users outsource confidential data for sharing on cloud servers, the adopted encryption system should not only support fine-grained access control, but also provide high performance, full delegation, and scalability, so as to best serve the needs of accessing data anytime and anywhere, delegating within enterprises, and achieving a dynamic set of users. In this paper, we propose a scheme to help enterprises to efficiently share confidential data on cloud servers. We achieve this goal by first combining the hierarchical identity-based encryption (HIBE) system and the ciphertext-policy attribute-based encryption (CP-ABE) system, and then making a performance-expressivity tradeoff, finally applying proxy re-encryption and lazy reencryption to our scheme.

MODULES NAME Authentication Trusted Authority Domain Authority Data Owner Data Consumer Cloud Service Provider

MODULE DIAGRAM & DESCRIPTION Authentication:

If you are the new user going to access the make request or process request then they have to register first by providing necessary details. After successful completion of sign up process, the user has to login into the application by providing username and exact password. The user has to provide exact username and password which was provided at the time of registration, if login success means it will take up to main page else it will remain in the login page itself. No Yes
Check Login Status Next Page

Database

Trusted Authority:
Trusted Authority is Main part of this project. It is create one decryption key for the relevant encryption key. After the decryption key provided the domain authority. Domain authority, Data owner, Data consumer and Cloud service provider are controlled in Trusted Authority.

Data Owner

Trusted Authority

Domain Authority

Cloud Storage

Data Consumer

Domain Authority:
Domain Authority is sub head for the trusted authority. Domain authority performs the administrator operation. Data owner will not store the data without domain authority permission and Data consumer will not get the data without Domain authority permission. So the domain authority provides the permission to the Data owner and Data consumer.

Data Owner Cloud Domain Authority Service Provider

Data Consumer

Data Owner:
Data Owner is store the data in cloud service provider for secure purpose. Before Data owner get the permission from the domain authority for store the data. After get the permission Data owner first encrypt the file or data and store the data in cloud storage or cloud service provider.

Domain Authority

Public Key

Data Owner

Encrypted Data

Cloud Storage

Data Consumer:
First Data Consumer sends the request to the trusted authority through the domain authority. This request contains the filename and data owner name. Then the trusted authority sends the private key to the data consumer through the domain authority. Finally Data Consumer retrieves the data from cloud service provider and decrypts the data using the decryption key.

Filename, Data Consumer Owner name Domain Authority

Get Private Key

Cloud Storage

Get Encrypted file & Decrypted Data

Cloud Service Provider:

Cloud Service Provider is another name for cloud storage. Cloud storage is providing the security for data. Only authorized user (get permission from the domain authority) allows encrypting and storing the data. Authorized user allows retrieving the data and decrypting the data.

Data Owner

Encrypt & Store Data

Data Consumer

Cloud Storage

Retrieve &Decrypt Data

GIVEN INPUT EXPECTED OUTPUT Authentication:

Input: Provide username and password to get permission for access Output: Become Authenticated person to request and process the request.

Trusted Authority:
Input: Store the data to cloud storage Output: Provide the public and private Key to the domain authority

Domain Authority:
Input: Ask the Permission for store data to cloud storage. Output: Provide the public key to the data owner.

Data Owner:
Input: Encrypt the Data in data owner. Output: Store the Data to the cloud storage.

Data Consumer:
Input: send filename and data owner name to the domain authority. Output: Receive private key and encrypted file then Decrypt the Data.

Cloud Service Provider:

Input: Data owner Store the Data in cloud storage Output: Data consumer Receive the Data from the cloud storage.

TECHNIQUE USED Hierarchical attribute-set-based encryption algorithm (HASBE):

First, we show how HASBE extends the ASBE algorithm with a hierarchical structure to improve scalability and flexibility while at the same time inherits the feature of fine-grained access control of ASBE. Second, we demonstrate how to implement a full-fledged access control scheme for cloud computing based on HASBE. The scheme provides full support for hierarchical user grant, file creation, file deletion, and user revocation in cloud computing. Our system model consists of a trusted authority, multiple domain authorities, and numerous users corresponding to data owners and data consumers. The trusted authority is responsible for generating and distributing system parameters and root master keys as well as authorizing the top-level domain authorities. A domain authority is responsible for delegating keys to subordinate domain authorities at the next level or users in its domain. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key.

We are now ready to describe the main operations of HASBE: System Setup, Top-Level Domain Authority Grant, New Domain Authority/User Grant, New File Creation, and File Access. System Setup: The trusted authority calls the algorithm to create system public parameters PK and master key MK0.PK will be made public to other parties and MK0 will be kept secret.

Top-Level Domain Authority Grant: The trusted authority will first verify whether it is a valid domain authority. If so, the trusted authority calls to Create DA (PK, MK0,A) generate the master key for DAi. After getting the master key, DAi can authorize the next level domain authorities or users in its domain.

New Domain Authority/User Grant: When a new user, denoted as u , or a new subordinate domain authority, denoted as DAi+1 , wants to join the system, the administrating domain authority, denoted as DAi , will first verify whether the new entity is valid. If true, DAi assigns the new entity a key structure Acorresponding to its role and a unique ID. Note that A- is a subset of A, where A is the key structure of DAi . New File Creation: To protect data stored on the cloud, a data owner first encrypts data files and then stores the encrypted data files on the cloud. Each file is encrypted with a symmetric data encryption key DEK, which is in turn encrypted with HASBE. Finally, the encrypted data file is stored on the cloud.

File Access: When a user sends request for data files stored on the cloud, the cloud sends the corresponding cipher texts to the user. The user decrypts them by first calling Decrypt (CT, SKu ) to obtain DEK and then decrypt data files using DEK.

HARDWARE & SOFTWARE REQUIREMENTS: SOFTWARE REQUIREMENTS:

Operating system IDE Front End Coding Language Backend :- Windows7 :- Microsoft Visual Studio .Net 2010 :- WPF :- C# :- SQL Server 2005

HARDWARE REQUIREMENTS:
System Hard disk Mouse RAM Keyboard : Pentium IV 2.4 GHZ : 40 GB : Logitech. : 2GB(minimum) : 110 keys enhanced.

SYSTEM DESIGN

USE CASE DIAGRAM:

A use case diagram is a type of behavioral diagram created from a Use-case analysis. The purpose of use case is to present overview of the functionality provided by the system in terms of actors, their goals and any dependencies between those use cases.

Get Permission

Data Owner Cloud Service Provider

Domain Authority

Encrypt & Store Data Trusted Authority Get Decryption Key Provide Public & Private Key

Retrieve & Decrypt Data Filename & Ownername Data Consumer

In this use case diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

CLASS DIAGRAM
A class diagram in the UML is a type of static structure diagram that describes the structure of a system by showing the systems classes, their attributes, and the relationships between the classes.

Private visibility hides information from anything outside the class partition. Public visibility allows all other classes to view the marked information. Protected visibility allows child classes to access information they inherited from a parent class.

In this class diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

OBJECT DIAGRAM:
An object diagram in the Unified Modeling Language (UML) is a diagram that shows a complete or partial view of the structure of a modeled system at a specific time. An Object diagram focuses on some particular set of object instances and attributes, and the links between the instances. A correlated set of object diagrams provides insight into how an arbitrary view of a system is expected to evolve over time.

Object diagrams are more concrete than class diagrams, and are often used to provide examples, or act as test cases for the class diagrams. Only those aspects of a model that are of current interest need be shown on an object diagram.
Domain Authority Trusted Authority Public Key=pub.pk Private Key=pri.pke Username=domain Password=****** Key name=abc.pk

Data Owner Encrypt abc.txt

Data Consumer Owner name= hari File name=abc.txt Retrieve pri.pke Decrypt abc.txt

Cloud Storage Store abc.txt

In this object diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

STATE DIAGRAM
A state diagram is a type of diagram used in computer science and related fields to describe the behavior of systems. State diagrams require that the system described is composed of a finite number of states; sometimes, this is indeed the case, while at other times this is a reasonable abstraction. There are many forms of state diagrams, which differ slightly and have different semantics.

Trusted Authority

Domain Authority

Data Consumer

Data Owner

Cloud storage

In this state diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

ACTIVITY DIAGRAM:
Activity diagram are a loosely defined diagram to show workflows of stepwise activities and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be used to describe the business and operational step-by-step workflows of components in a system. UML activity diagrams could potentially model the internal logic of a complex operation. In many ways UML activity diagrams are the object-oriented equivalent of flow charts and data flow diagrams (DFDs) from structural development.

Login No is valid user?

Trusted

Key Generation

Domain

Get Permission

File & Ownername

Owner

Consumer

Storage

In this activity diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

SEQUENCE DIAGRAM:
A sequence diagram in UML is a kind of interaction diagram that shows how the processes operate with one another and in what order. It is a construct of a message sequence chart. Sequence diagrams are sometimes called Event-trace diagrams, event scenarios, and timing diagrams. The below diagram shows the sequence flow shows how the process occurs in this project.

Trusted Authority

Domain Authority Get Permission

Data Owner

Data Consumer

Cloud Storage

Provide PublicKey

Provide PublicKey

Encrypt and Store data

Filename & Owner name

Provide PrivateKey

Provide PrivateKey

Get Encryptedfile & Decrypt Data

In this sequence diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

COLLABORATION DIAGRAM:
A collaboration diagram show the objects and relationships involved in an interaction, and the sequence of messages exchanged among the objects during the interaction.

The collaboration diagram can be a decomposition of a class, class diagram, or part of a class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case diagram. The collaboration diagram shows messages being sent between classes and object (instances). A diagram is created for each system operation that relates to the current development cycle (iteration).

3: Provide PublicKey 2: Provide PublicKey 6: Provide PrivateKey Trusted Authority Domain Authority 1: Get Permission

Data Owner 4: Encrypt and Store data

Cloud Storage 5: Filename & Owner name 7: Provide PrivateKey

Data Consumer

8: Get Encryptedfile & Decrypt Data

In this collaboration diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

COMPONENT DIAGRAM:
The component diagram's main purpose is to show the structural relationships between the components of a system. A component represented implementation items, such as files and executables. Unfortunately, this conflicted with the more common use of the term component," which refers to things such as COM components. Over time and across successive releases of UML, the original UML meaning of components was mostly lost. UML 2 officially changes the

essential meaning of the component concept; in UML 2, components are considered autonomous, encapsulated units within a system or subsystem that provide one or more interfaces.

Data Owner

Trusted Authority

Domain Authority

Cloud Storage

Data Consumer

In this component diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

DATA FLOW DIAGRAM:

A data flow diagram (DFD) is a graphical representation of the flow of data through an information system. It differs from the flowchart as it shows the data flow instead of the control flow of the program. A data flow diagram can also be used for the visualization of data processing. The DFD is designed to show how a system is divided into smaller portions and to highlight the flow of data between those parts.

LEVEL 0
1 User Authentication Login D0 Database

LEVEL 1
1 1 Trusted Authority User Public Key 1 Domain Authority Public Key Administrator Get Permission Encrypt Data by public key Data Owner

Cloud Storage Store Data

LEVEL 2
2 Trusted Authority Private Key 2 Domain Authority

D1 2 Private Key Administrator

Database Data Consumer

Get Private Key Retrieve & Decrypt Data

2 D2 Database

Cloud Storage Store Data

ALL Levels:

1 User

Authentication Login D0 Database

1 Trusted Authority Public &Private Key

1 Domain Authority Public & Private Key Administrator

Data Owner Get Public Key Encrypt Data

Data Consumer Get Private Key

1 Cloud Storage Store Data

Retrieve & Decrypt Data D1 Database

In this data flow diagram (DFD), trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

E-R DIAGRAM:
In software engineering, an entity-relationship model (ERM) is an abstract and conceptual representation of data. Entity-relationship modeling is a database modeling method, used to produce a type of conceptual schema or semantic data model of a system, often a relational database, and its requirements in a top-down fashion. Diagrams created by this process are called entity-relationship diagrams, ER diagrams, or ERDs.

Data Owner Password Name Get Permis sion Data Encrypt

Trusted Authority

Domain Authority

Cloud storage

File name, Public & Private Key owner name Store Data Data consumer

Public & Private Key

Retrieve & Decrypt Data

Get Private Key

In this entity relationship (ER) diagram, trusted authority is the head for this project. It is generate the public and private key. Domain authority is the subhead for this project. Data Owner first gets the permission from the domain authority and encrypts the data using encryption key and store the data in cloud storage. Data Consumer send filename and owner name to the domain authority then get the decryption key. Finally Consumer gets the encrypted file from the cloud storage and decrypts the data.

SYSTEM ARCHITECTURE

The cloud computing system under consideration consists of five types of parties: a cloud service Provider, data owners, data consumers, a number of domain authorities, and a trusted authority. The cloud service provider manages a cloud to provide data storage service. Data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Each data owner/consumer is administrated by a domain authority. A domain authority is managed by its parent domain authority or the trusted authority. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner. The trusted authority is the root authority and responsible for managing toplevel domain authorities.

Data Owner
Get Permission

Encrypted Data

Trusted Authority Public & Private Key

Domain Authority
Administrator

Cloud Storage

Stored Data
Public & Private Key

Data Consumer File & Owner name Database Retrieve & Decrypt Data

Future Enhancement Module Diagram & Description Image File

General analysis shows that our proposed schemes is highly efficient and provably secure under existing security models. This proposed scheme only supports the text files. As a future work we can implement the image files.

Encrypt & Store Image file Data Owner

Data Consumer

Cloud Storage

Retrieve Encrypted file &Decrypt Data

GIVEN INPUT EXPECTED OUTPUT Image File

Input: Get the image file and encrypted using public key. Output: get the encrypted file and private key then decrypted.

ADVANTAGES:
Recall that our system model consists of a trusted authority, domain authorities, and numerous users corresponding to data owners and data consumers. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key. conducted comprehensive performance analysis and evaluation, which showed its efficiency

APPLICATION: Website
In Gmail, The user provides correct username and password means go to the next page. It is provide the secure for data. Only authorized person allow accessing the data. The authorized person receives the data from other and sends data to the other. In Amazon website, the authorized person allows to view data and store some of the data and retrieve the data from this website. Unauthorized person not allow to accessing the data and Viewing the data and storing the data.

CONCLUSION:
We achieve this goal by exploiting and individually combining techniques of attributebased Encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has most important properties of user access privilege condentiality and user secret key accountability. Extensive analysis shows that our proposed schemes is highly efficient and provably secure under existing security models.

BIBILOGRAPHY:
1. R. Buyya, C. ShinYeo, J. Broberg, and I. Brandic, Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Comput. Syst., vol. 25, pp.599616, 2009.

2. S. Yu, C. Wang, K. Ren, and W. Lou, Achiving secure, scalable, and fine-grained data access control in cloud computing, in Proc. IEEE INFOCOM 2010, 2010, pp. 534542. 3. R. Bobba, H. Khurana, and M. Prabhakaran, Attribute-sets: A practically motivated enhancement to attribute-based encryption, in Proc. ESORICS, Saint Malo, France, 2009. 4. J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attributebased encryption, in Proc. IEEE Symp. Security and Privacy, Oakland, CA, 2007. 5. A. Sahai and B. Waters, Fuzzy identity based encryption, in Proc. Acvances in Cryptology Eurocrypt, 2005, vol. 3494, LNCS, pp. 457473. 6. G.Wang, Q. Liu, and J.Wu, Hierachical attibute-based encryption for fine-grained access control in cloud storage services, in Proc. ACM Conf. Computer and Communications Security (ACM CCS), Chicago, IL, 2010. 7. V. Goyal, O. Pandey, A. Sahai, and B.Waters, Attibute-based encryption for fine-grained access control of encrypted data, in Proc. ACM Conf. Computer and Communications Security (ACM CCS), Alexandria, VA, 2006. 8. H. Harney, A. Colgrove, and P. D. McDaniel, Principles of policy in secure groups, in Proc. NDSS, San Diego, CA, 2001. 9. P. D. McDaniel and A. Prakash, Methods and limitations of security policy reconciliation, in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2002. 10. T. Yu and M. Winslett, A unified scheme for resource protection in automated trust negotiation, in Proc. IEEE Symp. Security and Privacy, Berkeley, CA, 2003.