0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
39 Ansichten7 Seiten
Cloud computing, as a budding computing
hypothesis, which provides users on-demand scalable services
by allowing them to store their data in remote servers. As this
new computing paradigm requires users to delegate their
valuable data to cloud providers, it increases security and
isolation concerns on outsourced data. Conversely, allowing
cloud service providers (CSPs), which are not in the same
trustworthy domains as endeavour users, to take care of
confidential data, may increase latent security and
confidentiality issues. Several schemes employing hierarchical
attribute based encryption (HASBE) have been proposed for
access control of outsourced data in cloud computing;
however, most of them suffer from rigidity in implementing
complex access control policies, To keep the sensitive user data
confidential against un-trusted CSPs and disasters, a natural
way is to apply cryptographic approaches to enhance the
security of cloud database using hybrid encryption scheme and
disaster recovery mechanism. The proposed scheme not only
achieves scalability due to its hierarchical structure, but also
provides flexible multilevel and hybrid security. It uses RSA,
DES and AES algorithms as an encrypting tool. In addition,
enhanced HASBE employs multiple value assignments for
access expiration time to deal with user revocation more
efficiently than existing schemes and also it recovers the data
in case of any natural or manmade disasters. We implement
our scheme and show that it is both efficient and flexible in
dealing with access control for outsourced data in cloud
computing with comprehensive experiments.
Originaltitel
Ensuring Cloud Security Using Hybrid Encryption
Scheme and Disaster Recovery Mechanism
Cloud computing, as a budding computing
hypothesis, which provides users on-demand scalable services
by allowing them to store their data in remote servers. As this
new computing paradigm requires users to delegate their
valuable data to cloud providers, it increases security and
isolation concerns on outsourced data. Conversely, allowing
cloud service providers (CSPs), which are not in the same
trustworthy domains as endeavour users, to take care of
confidential data, may increase latent security and
confidentiality issues. Several schemes employing hierarchical
attribute based encryption (HASBE) have been proposed for
access control of outsourced data in cloud computing;
however, most of them suffer from rigidity in implementing
complex access control policies, To keep the sensitive user data
confidential against un-trusted CSPs and disasters, a natural
way is to apply cryptographic approaches to enhance the
security of cloud database using hybrid encryption scheme and
disaster recovery mechanism. The proposed scheme not only
achieves scalability due to its hierarchical structure, but also
provides flexible multilevel and hybrid security. It uses RSA,
DES and AES algorithms as an encrypting tool. In addition,
enhanced HASBE employs multiple value assignments for
access expiration time to deal with user revocation more
efficiently than existing schemes and also it recovers the data
in case of any natural or manmade disasters. We implement
our scheme and show that it is both efficient and flexible in
dealing with access control for outsourced data in cloud
computing with comprehensive experiments.
Cloud computing, as a budding computing
hypothesis, which provides users on-demand scalable services
by allowing them to store their data in remote servers. As this
new computing paradigm requires users to delegate their
valuable data to cloud providers, it increases security and
isolation concerns on outsourced data. Conversely, allowing
cloud service providers (CSPs), which are not in the same
trustworthy domains as endeavour users, to take care of
confidential data, may increase latent security and
confidentiality issues. Several schemes employing hierarchical
attribute based encryption (HASBE) have been proposed for
access control of outsourced data in cloud computing;
however, most of them suffer from rigidity in implementing
complex access control policies, To keep the sensitive user data
confidential against un-trusted CSPs and disasters, a natural
way is to apply cryptographic approaches to enhance the
security of cloud database using hybrid encryption scheme and
disaster recovery mechanism. The proposed scheme not only
achieves scalability due to its hierarchical structure, but also
provides flexible multilevel and hybrid security. It uses RSA,
DES and AES algorithms as an encrypting tool. In addition,
enhanced HASBE employs multiple value assignments for
access expiration time to deal with user revocation more
efficiently than existing schemes and also it recovers the data
in case of any natural or manmade disasters. We implement
our scheme and show that it is both efficient and flexible in
dealing with access control for outsourced data in cloud
computing with comprehensive experiments.
Ensuring Cloud Security Using Hybrid Encryption Scheme and Disaster Recovery Mechanism R.Sinduja 1 , G.Sumathi 2 1, PG Scholar, 2, Professor, Information Technology Sri Venketeswara College of Engineering Chennai India
Abstract Cloud computing, as a budding computing hypothesis, which provides users on-demand scalable services by allowing them to store their data in remote servers. As this new computing paradigm requires users to delegate their valuable data to cloud providers, it increases security and isolation concerns on outsourced data. Conversely, allowing cloud service providers (CSPs), which are not in the same trustworthy domains as endeavour users, to take care of confidential data, may increase latent security and confidentiality issues. Several schemes employing hierarchical attribute based encryption (HASBE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from rigidity in implementing complex access control policies, To keep the sensitive user data confidential against un-trusted CSPs and disasters, a natural way is to apply cryptographic approaches to enhance the security of cloud database using hybrid encryption scheme and disaster recovery mechanism. The proposed scheme not only achieves scalability due to its hierarchical structure, but also provides flexible multilevel and hybrid security. It uses RSA, DES and AES algorithms as an encrypting tool. In addition, enhanced HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes and also it recovers the data in case of any natural or manmade disasters. We implement our scheme and show that it is both efficient and flexible in dealing with access control for outsourced data in cloud computing with comprehensive experiments.
Keywords Cloud Computing, Data Security, Hybrid Encryption Scheme, Hierarchical attribute based encryption, Access control. I. INTRODUCTION CLOUD computing is the delivery of computing services over the Internet. It is not like other computing models such as utility computing, grid computing or autonomic computing. In fact, it is a very autonomous platform in terms of computing. Google Apps is the greatest example of cloud computing where any application can be accessed using a browser and it can be deployed on thousands of computer through the Internet. Cloud services allow individuals and business people to use software and hardware that are managed by third parties at isolated locations. Examples of cloud services incorporate online data storage, communal networking sites, webmail, and online trade applications. This cloud computing model promotes availability and is composed of essential characteristics, service models, deployment models, Computer processing power, specialized corporate and user applications. The characteristics of cloud computing paradigm consist of on-demand services, broad network access services, resource pooling, measured service and rapid elasticity. On- demand self service means that customers can request their requirements to the cloud service providers and manage their own computing resources. Broad network access allows services are offered over the private networks or Internet in mobiles and laptops using the broad network services. In cloud the shared resources of the customers are drawn from a pool of computing resources, usually placed in remote data centres. Services can be scaled according to the needs of the users and billed accordingly to the usage. The cloud computing service models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In Software as a Service model, sometimes referred to as "on-demand software", in which software and associated data are centrally hosted in cloud. SaaS is usually accessed by users using a thin client via a web browser.In PaaS, customer installs or develops their own software and applications. PaaS provides operating system, hardware, and network. The customer develops their own operating systems or software and applications using IaaS model. Cloud services are usually made available via a community cloud, private cloud, hybrid cloud or public cloud. Generally speaking, services provided by a public cloud are accessible over the Internet and are owned and operated by a cloud service provider. Some examples include services aimed at the general public, such as online data storage services, social networking sites or e-mail. However, services for enterprises can also be accessible in a public cloud. In a private cloud, specific organization solely operates the cloud infrastructure, and is managed by the organization or a third party. In a community cloud, the service provided by the cloud providers is pooled by several organizations and made accessible only to those groups. The International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
cloud infrastructure may be owned and operated by the organizations or by a cloud service provider. A hybrid cloud is a combination of public and community clouds or different methods of resource pooling. However, a CP-ABE system may not work well when enterprise users outsource their data for sharing on cloud servers, due to the following reasons: First, one of the biggest merits of cloud computing is that users can access data stored in the cloud anytime and anywhere using any device, such as thin clients with limited bandwidth, CPU, and memory capabilities. Therefore, the encryption system should provide high performance. Second, in the case of a large-scale industry, a delegation mechanism in the generation of keys inside an enterprise is needed. Although some CP-ABE schemes support delegation between users, which enables a user to generate attribute secret keys containing a subset of his own attribute secret keys for other users, we hope to achieve a full delegation, that is, a delegation mechanism between attribute authorities (AAs), which independently make decisions on the structure and semantics of their attributes. Third, in case of a large-scale industry with a high turnover rate, a scalable revocation mechanism is a must. The existing CP-ABE schemes usually demand users to heavily depend on AAs and maintain a large amount of secret keys storage, which lacks flexibility and scalability [12]. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive. A hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem. Motivation: Our main design goal is to help the enterprise users to efficiently share confidential data on cloud servers. Specifically, we want to make our scheme more applicable in cloud computing by simultaneously achieving fine- grained access control, high performance, confidentiality, integrity and security. Our Contribution: In this paper, we first propose a hierarchical hybrid encryption scheme (HHES) model by combining a hierarchical attribute based system and multiple encryption system(AES,DES and RSA) to provide enhanced security for the data stored in cloud and efficient user revocation. Based on the HES model, we construct a hybrid encryption scheme by making a performance- expressivity trade-off, to achieve high performance. Finally, we propose a scalable revocation scheme by delegating to the CSP most of the computing tasks in revocation, to achieve a dynamic set of users efficiently. The contribution of the paper is multifold. First, we show how Enhanced HASBE extends the ASBE algorithm with a hierarchical structure to improve scalability and flexibility while at the same time inherits the feature of fine-grained access control of ASBE. Second, we demonstrate how to implement a full-fledged access control scheme for cloud computing based on HHES. The scheme provides full support for hierarchical user grant, file creation and user revocation in cloud computing. Third, we formally prove the security of the existing scheme based on the security of the hybrid encryption scheme. [HASBE] and analyze its performance in terms of computational overhead. Lastly, we implement enhanced HASBE and conduct comprehensive experiments for performance evaluation, and our experiments demonstrate that Enhanced HASBE has satisfactory performance. The rest of the paper is organized as follows. Section II provides essential characteristics of cloud computing and Section III provides an overview on related work. Then we present the existing scheme in Section IV. In Section V, we describe the proposed scheme and prove the security of Enhanced HASBE and analyze its security by comparing with Yu et al.s scheme and describes the construction of enhanced HASBE and show how it is used in access control of outsourced data in cloud computing. In Section VI, operational steps for the algorithm are defined. In Section VII, disaster recovery mechanisms in cloud are analyzed. Section VIII deals with analysis schemes in cloud. Lastly, we conclude the paper in Section IX. II. ESSENTIAL CHARACTERISTICS OF CLOUD COMPUTING
On demand self services: computer services such as email, applications, network or server service can be provided without requiring human interaction with each service provider. Cloud service providers providing on demand self services include Amazon Web Services (AWS), Microsoft, Google, IBM and Salesforce.com. New York Times and NASDAQ are examples of companies using AWS (NIST) [9]. Broad network access: Cloud Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms such as mobile phones, laptops and PDAs. Resource pooling: The providers computing resources are pooled together to serve multiple consumers using multiple- tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The resources include among others storage, processing, memory, network bandwidth, virtual machines and email services. The pooling together of the resource builds economies of scale (Gartner). Rapid elasticity: Cloud services can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. Measured service: Cloud computing resource usage can be measured, controlled, and reported providing transparency for both the provider and consumer of the utilised service. Cloud computing services use a metering capability which enables to control and optimise resource use. This implies International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
that just like air time, electricity or municipality water IT services are charged per usage metrics pay per use. Multi Tenacity: is the 6th characteristics of cloud computing advocated by the Cloud Security Alliance. It refers to the need for policy-driven enforcement, segmentation, isolation, governance, service levels, and chargeback/billing models for different consumer constituencies. Consumers might utilize a public cloud providers service offerings or actually be from the same organization, such as different business units rather than distinct organizational entities, but would still share infrastructure [9].
III. RELATED WORK
The Public Key Cryptography (PKC) was proposed by Rivest et al. principally to overcome the limitation in ensuring secure group communications in the Symmetric Key Cryptography based cryptosystems [4]. However, the PKC based cryptosystems involve costly and complex public key authentication framework known as the public key infrastructure. In 1984, Shamir in [5] proposed Identity Based Encryption (IBE) to reduce the complexity associated with the pure PKC based systems. The IBE emphasizes using a users identifier such as an e-mail address or an IP address as his Public key instead of using digital certificates for the public key authentication. However, in PKC as well as in IBE based cryptosystems, if one requires to multicast a message, then it has to be encrypted using different public keys and this unnecessarily increases the associated computational overhead. In [6], Sahai et al. pro-posed a fuzzy identity based encryption approach, which aimed overcoming this limitation. In fuzzy identity based encryption, only the recipient whose attributes match defined on a set overlap distance metric can decrypt a message encrypted with the same identity. Sahais work is further extended in the form of Key Policy Attribute Based Encryption (KP-ABE), in which attributes are attached to the ciphertext and a monotonic formula is attached with the secret key of user [10]. The KP-ABE was complemented with the Ciphertext-Policy Attribute Based Encryption (CP-ABE) in [5] that aimed to give more power to the sender as compared to KP-ABE. CP-ABE uses the approach of threshold secret sharing [8]. However, all these approaches support only the static attributes. It is emphasized that in a typical CP-ABE implementation, attributes play an important role because they essentially determine a users secret key. Now, in the real world, the attributes of any entity often undergo periodic updates. However, as per our observations, these approaches either entail significant overhead or violate the mandatory requirements for the support of the dynamic attributes or lack the flexibility required in periodic updates to the attributes [12]. Motivated by these limitations, we propose in this paper an improved approach for supporting the dynamic attributes in a CP-ABE that overcomes the limitations, mentioned above. To the best of our knowledge, this is a simple yet unique approach for handling the dynamic attributes. Our contribution: As we observed that the approaches till now has some kind of limitation so that they are not trustworthy as well as not applicable in real life. To deal with this problem we proposed a new approach in which CA(Certificate Authority) extract the old values from the secret key and change the value of required attribute and replace the new value with the old value and give secret key to user.
IV. EXISTING SYSTEM
With the emergence of sharing confidential corporate data on cloud servers, it is imperative to adopt an efficient encryption system with a fine-grained access control to encrypt outsourced data. Cipher text-policy attribute-based encryption (CP-ABE), as one of the most promising encryption systems in this field, allows the encryption of data by specifying an access control policy over attributes, so that only users with a set of attributes satisfying this policy can decrypt the corresponding data. However, a CP-ABE system may not work well when enterprise users outsource their data for sharing on cloud servers, due to the following reasons: First, one of the biggest merits of cloud computing is that users can access data stored in the cloud anytime and anywhere using any device, such as thin clients with limited bandwidth, CPU, and memory capabilities.
Figure 1: A three-level Enhanced HASBE model
Although some CP-ABE schemes support delegation between users, which enables a user to generate attribute secret keys containing a subset of his own attribute secret keys for other users, we hope to achieve a full delegation, that is, a delegation mechanism between attribute authorities (AAs), which independently make decisions on the structure and semantics of their attributes. Third, in case of a large- scale industry with a high turnover rate, a scalable International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
revocation mechanism is a must. The existing CP-ABE schemes usually demand users to heavily depend on AAs and maintain a large amount of secret keys storage, which lacks flexibility and scalability [12]. V. SYSTEM MODEL AND PROPOSED SCHEME The cloud service provider manages a cloud to provide data Storage service. Data owners encrypt their data files and store them in the cloud for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them. Data owners, data consumers, domain authorities, and the trusted authority are organized in a hierarchical manner as shown in Fig. 1.The trusted authority is the root authority and responsible for managing top-level domain authorities. Each top-level domain Authority corresponds to a top-level organization, such as a federated enterprise, while each lower-level domain authority corresponds to a lower-level organization, such as an affiliated company in a federated enterprise. Data owners/consumers may correspond to employees in an organization. Each domain authority is responsible for managing the domain authorities at the next level or the data owners/consumers in its domain. In our system, neither data owners nor data consumers will be always online. They come online only when necessary, while the cloud service provider, the trusted authority, and domain authorities are always online. The cloud is assumed to have abundant storage capacity and computation power. In addition, we assume that data consumers can access data files for reading only. But still there are some security concerns that are to be redressed. Especially cloud users have no choice but to rely on the service provider. Amongst the possible solutions one can keep a local copy of its data which is not feasible as we are taking the benefit of the services of the CSP (cloud service provider) [1].
Fig.2. System model
As depicted in Fig. 2, the cloud computing system under consideration consists of five types of parties: a cloud service Provider, data owners, data consumers, a number of domain Authorities and trusted authority [2]. After the failure, clients must be redirected to the disaster cloud database. In cryptography, public-key cryptosystems are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely (among other useful properties). However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be prohibitive. A hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric- key cryptosystem [3]. A hybrid cryptosystem can be constructed using any two separate cryptosystems: A key encapsulation scheme, which is a public- key cryptosystem, and A data encapsulation scheme, which is a symmetric-key cryptosystem. The hybrid cryptosystem is itself a public-key system, whos public and private keys are the same as in the key encapsulation scheme. Another factor of concern is that the cloud is still under development process and there are no set standards for the data storage and application communication. So one couldnt move his data by changing service provider though some organizations are working towards this direction and will soon come out with a solution but till that time, we must have some mechanism to provide security to the critical and private data stored in the cloud like credit card information and passwords. Keeping in view this fact, some application must be developed that will implement multi-level hybrid encryption mechanism by using some strong cryptographic algorithms viz. RSA, AES and DES. Cloud database information is usually added to mass storage devices to enable recovery of corrupted data. The redundancy allows the receiver to detect a limited number of errors that may occur anywhere in the message, and often to correct these errors without retransmission.
A. RSA
RSA is a commonly adopted public key cryptography algorithm was developed by Rivest, Shamir, and Adleman. Hundreds of software products and can be used for key exchange, digital signatures, or encryption of small blocks of data. RSA uses a variable size encryption block and a variable size key. The key pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules. Since it was introduced in 1977, RSA has been widely used for establishing secure communication channels and for authentication the identity of service provider over insecure communication medium. In the authentication scheme, the server implements public key authentication with client by signing a unique message from the client with its private key, thus creating what is called a International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
digital signature. [4] The signature is then returned to the client, which verifies it using the servers known public key. The most commonly used asymmetric algorithm is Rivest Shamir-Adleman (RSA). It was introduced by its three inventors, Ronald Rivest, Adi Shamir and Leonard Adleman in 1977. It is mostly used in key distribution and digital signature processes. RSA is based on a one-way function in number theory, called integer factorisation. A one-way function is a function, which is easy to compute one way, but hard to compute the inverse of it. Here easy and hard should be understood with regard to computational complexity, especially in terms of polynomial time problems. For instance, it is easy to compute the function f(x) =y, but it is hard or unfeasible to compute the inverse of f, which is f 1(y) =x. The RSA algorithm contains three steps, namely key generation, encryption and decryption. The key generation process is done by first choosing two random prime numbers, p and q. Then the number n should be computed: n =pq. Thereafter a function (n) is computed: (n) =(p 1)(q 1). Moreover an integer e is chosen such that 1 <e <(n). that: de mod (n) =1, and e and (n) are co-prime. As a result (n,e) is the public key, and (n,d) is the private key. Encrypting a message m is done by computing: c =me mod n, and decrypting the message is done by computing: m =cd mod n. The two keys, private key and public key, can be used interchangeably. It means that a user can decrypt, what has been encrypted with the corresponding public key, and the inverse of that: He can use the private key to encrypt a message, which can only be decrypted by the corresponding public key. B. DES
Data Encryption Standard is a widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key .The DES has a 64-bit block size and uses a 56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). DES is a symmetric cryptosystem, specifically a 16-round Feistel cipher. When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a Message Authentication Code (MAC). The DES can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. DES makes use of substitutions and transpositions on top of each other in 16 cycles in a very complex way. The key length for this algorithm is fixed to 56 bits, which appeared to be too small as the computing recourses became more and more powerful. The main reason for this algorithm to be breakable is its key size However it is worth mentioning that 3DES, also called triple DES, is an approach to make DES more difficult to break. 3DES uses DES three times on each block of data, and in this way the length of the key is increased. It actually uses a key bunch containing three DES keys, K1, K2 and K3, which are 56 bits each. The encryption algorithm works in the following way: ciphertext =EK3(DK2(EK1(plaintext))), i.e. encrypt with K1, then decrypt with K2, and finally encrypt with K3. The decryption process is the reverse of encryption: plaintext = DK1(EK2(DK3(ciphertext))), i.e. decrypt with K3, then encrypt with K2, and finally decrypt with K1. In this way the algorithm would have a good strength, but the drawback of this approach is decrease in performance. C.AES After the weaknesses of DES were accepted, in January 1997 NIST (National Institute of Standards and Technology) announced that they wanted to replace DES, and the new approach would be known as AES (Advanced Encryption Standard). It led to a competition among the open cryptographic community, and during nine months, NIST received fifteen different algorithms from several countries. AES is a block cipher with a block size of 128 bits. The key length for AES is not fixed, so it can be 128, 192, 256 and possibly more bits. The encryption techniques such as substitutions and transpositions are mainly used in AES. The same as DES, AES makes use of repeated cycles, which are 10, 12 or 14 cycles (called rounds in AES). In order to achieve perfect confusion and diffusion, every round contains four steps. These steps consist of, transpositions; shift the bits and applying exclusive OR to the bits. The Advanced Encryption Standard (AES) is a symmetric-key encryption standard. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of cipher text. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds are applied to transform cipher text back into the original plaintext using the same encryption key.
VI. ALGORITHM FOR OPERATIONAL STEPS
There are mainly three active components in the system: International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
(i) Data Owner (DO), who stores data on Cloud can allow accessing of its data to other Cloud users. (ii) Data requesters (DR), who use the data based on credentials received from the cloud owner. (iii) Cloud server (CS) is a central component that provides storage as a service and works as a bridge between Data Owner and Data requester. We wish to achieve following goals. First, Cloud server neither should learn any information from Cloud users data nor should misuse the same. Second, we also wish to offer an option to Cloud user for selecting encryption option for their data. Third, aim to achieve light weight integrity verification process for checking unauthorized change in original data, without requiring local copy of the data. During Phase 1 the DO/DR generate a key pair using a public key encryption scheme in single Step which is used for encrypt the data during transmission. Aim of Phase2 is to get ID from Cloud server and send Registration detail on Cloud server. VII. DISASTER RECOVERY MECHANISM Disaster Recovery is primarily a form of long distance state replication combined with the ability to start up applications at the backup site after a failure is detected. Replication at the application layer can be the most optimized, only transferring the crucial state of a specific application. For example, some high-end database systems replicate state by transferring only the database transaction logs, which can be more efficient than sending the full state modified by each query. [13] In general, DR services fall under one of the following categories: Hot Backup Site: A hot backup site typically provides a set of mirrored stand-by servers that are always available to run the application once a disaster occurs, providing minimal RTO and RPO. Hot standbys typically use synchronous replication to prevent any data loss due to a disaster. Warm Backup Site: A warm backup site may keep state up to date with either synchronous or asynchronous replication schemes depending on the necessary RPO. Standby servers to run the application after failure are available, but are only kept in a warm state where it may take minutes to bring them online. Cold Backup Site: In a cold backup site, data is often only replicated on a periodic basis, leading to an RPO of hours or days. In addition, servers to run the application after failure are not readily available, and there may be a delay of hours or days as hardware is brought out of storage or repurposed from test and development systems, resulting in a high RTO. VIII. ANALYSIS OF SCHEME Following paragraph illustrates the security and general analysis of the system and how we achieve the goals mentioned earlier [13]. 1) Data Confidentiality: As we store the data in encrypted form on cloud, and keep the keys and the algorithm itself, unknown from Cloud server, it is next to impossible for the server to either learn the data or to misuse them. 2) Efficient User Revocation: To deal with user revocation in cloud computing, we add an attribute to each users key and employ multiple value assignments for this attribute. So we can update users key by simply adding a new expiration value to the existing key. We just require a domain authority to maintain some state information of the user keys and avoid the need to generate and distribute new keys on a frequent basis, which makes our scheme more efficient than existing schemes. 3) No data duplication: Without asking local copy of data, correctness can be measured even data is in encrypted form. The decryption is also done offline at the site of DO/DR. Here data are not moving from one position to another in unencrypted format. IX. CONCLUSION In this paper, we introduced the Enhanced HASBE scheme for attaining data confidentiality, data integrity and data recovery for outsourced data in cloud computing. The Enhanced HASBE scheme flawlessly incorporates a hierarchical structure of system users by applying a hybrid encryption algorithm to ASBE and it is highly efficient in recovering the singleton data losses almost immediately and recovers from bursty data losses. Enhanced HASBE not only supports multiple attributes due to flexible attribute set combinations, but also achieves efficient user revocation because of manifold value assignments. We planned to envisage several possible directions for future research on this area. REFERENCES [1] V. Goyal, O. Pandey, A. Sahai, and B.Waters, Attibute-based encryption for fine-grained access control of encrypted data, in Proc. ACM Conf. Computer and Communications Security (ACM CCS), Alexandria, VA, 2006. [2] Zhiguo Wan, J une Liu, and Robert H. Deng, HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing, IEEE Transactions on Information Forensics and Security, VOL. 7, NO. 2, APRIL 2012. [3] http://en.wikipedia.org/wiki/Hybrid_cryptosystem [4] Rivest, R., Shamir, A., and Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Comm. A CM 21, 2 (Feb. 1978), 120-126. [5] Shamir. Identity Based Cryptosystems and Signature Schemes. In Advances in Cryptology CCRYPTO, volume 196 of LNCS, pages 47- 53.Springer, 1984. [6] Sahai A,Waters B. Fuzzy identity-based encryption. Proceeding of EUROCRYPT 2005. Berlin : Springer 2005,LNCS 3494:457-473. [7] Goyal V,Pandey O,Sahai A, et al. attribute based encryption for fine- grained access control of encrypted data. Proceedings of the 13 th ACM International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
conference on Computer and communications security. New York: ACM, 2006:89-98. [8] Shamir. How to share a secret. Communications of ACM, 22(11):612C613, 1979. [9]Amazon Elastic Compute Cloud (Amazon EC2) [online]Available http://aws.amazon.com/ec2/ [10] J .Li,N.Li, and W.H. Winsborough, Automated trust negotiation using cryptographicb credentials,in Proc. ACM Conf.Computer and communications security (CCS), Alexandria,VA,2005. [11] A.Sahai and B.Waters,Fuzzy identity based encryption,Proc. Acvances in Cryptography Eurocrypt 2005,vol.3494,LINCS,pp 457-473. [12] G.Wang,Q.Liu, and J .Wu,Hierarchical attribute based encryption for fine grained access control in cloud storage devices, in Proc.ACM Conf.Computer and communications security (ACM CCS) , Chicago,IL,2010. [13] Krunal Suthar, Parmalik Kumar and Hitesh Gupta , SMDS: Secure Model for Cloud Data Storage, International Journal of Computer Applications (0975 8887) Volume 56 No.3, October 2012.
ChatGPT Side Hustles 2024 - Unlock the Digital Goldmine and Get AI Working for You Fast with More Than 85 Side Hustle Ideas to Boost Passive Income, Create New Cash Flow, and Get Ahead of the Curve
ChatGPT Millionaire 2024 - Bot-Driven Side Hustles, Prompt Engineering Shortcut Secrets, and Automated Income Streams that Print Money While You Sleep. The Ultimate Beginner’s Guide for AI Business
Excel 2023: A Comprehensive Quick Reference Guide to Master All You Need to Know about Excel Fundamentals, Formulas, Functions, & Charts with Real-World Examples