BCA SYNOPSIS FORMAT

REG No: CONTACT ADDRESS:

#3609/2 7th cross, ThilakNagar , Mysore.
NAME:MADHUSHREE.B
NIKITHA.N.M #35 11/6E, bank colony, parasayyana hundi,
Srirampura, Mysore.
E-mail ID: chinnumadhu94@gmail.com
nikithamohan1997@gmail.com

Phone number: 9590856560

9008756989
Project title : Privacy protection based access control scheme in
cloud-based services

Abstract:
With the rapid development of computer technology, cloud-based services have become a hot topic.
They not only provide users with convenience, but also bring many security issues, such as data
sharing and privacy issue. In this paper, we present an access control system with privilege separation
based on privacy protection (PS-ACS). In the PS-ACS scheme, we divide users into private domain
(PRD) and public domain (PUD) logically. In PRD, to achieve read access permission and write
access permission, we adopt the Key-Aggregate Encryption (KAE) and the Improved Attribute-based
Signature (IABS) respectively. In PUD, we construct a new multi-authority cipher text policy
attribute-based encryption (CP-ABE) scheme with efficient decryption to avoid the issues of single
point of failure and complicated key distribution, and design an efficient attribute revocation method
for it. The analysis and simulation result show that our scheme is feasible and superior to protect users
privacy in cloud-based services.

Introduction:
With the rapid development of cloud computing, big data and public cloud services have been widely
used. The user can store his data in the cloud service. Although cloud computing brings great
convenience to enterprises and users, the cloud computing security has always been a major hazard.
For users, it is necessary to take full advantage of cloud storage service, and also to ensure data

Privacy. Therefore, we need to develop an effective access control solution. Since the traditional
access control strategy cannot effectively solve the security problems that exist in data sharing. Data
security issues brought by data sharing have seriously hindered the development of cloud computing,
various solutions to achieve encryption and decryption of data sharing have been proposed. In 2007,
Bethencourt et al first proposed the cipher text policy attribute-based encryption (CP-ABE). However,
this scheme does not consider the revocation of access permissions. In 2011, Hur et al put forward a
fine-grained revocation scheme but it can easily cause key escrow issue. Lewko et al used multi
authority ABE (MA-ABE) to solve key escrow issue. But the access policy is not flexible. Li et al
presented data sharing scheme based on systemic attribute encryption, which endows different users'
different access rights. But it is not efficient from the complexity and efficiency. In 2014, Chen et al
proposed Key-Aggregate Encryption algorithm, effectively shortening the length of the cipher text
and the key, but only for the situation where the data owner knows the user's identity. These schemes
above only focus on one aspect of the research, and do not have a strict uniform standards either. In
this paper, we present a more systematic, flexible and efficient access control scheme. To this end, we
make the following main contributions

Existing System :

Existing work on access control in cloud are centralized in nature, and these schemes use Attribute
based encryption (ABE). The centralized scheme uses a symmetric key approach and it does not
support authentication. All the approaches take a centralized approach and allow only one KDC,
which is a single point of failure. In a multi-authority ABE, in which there are several KDC
authorities (coordinated by a trusted authority) which distribute attributes and secret keys to users.
Multi authority ABE protocol required no trusted authority in which every user to have attributes from
at all the KDCs.

Proposed system :

We propose a novel access control system called PS-ACS, which is privilege separation based on
privacy protection. The system uses Key-Aggregate Encryption (KAE) scheme and Hierarchy

Attribute-based Encryption (HABE) scheme to implement read access control scheme in the PSD and
PUD respectively. The KAE scheme greatly improves access efficiency and the HABE scheme
largely reduces the task of a single authority and protects the privacy of user data.
Compared with the MAH-ABE scheme which does not refer to the write access control, we exploit an
Improved Attribute-based Signature (IABS) scheme to enforce write access control in the PSD. In this
way, the user can pass the cloud server's signature verification without disclosing the identity, and
successfully modify the file.

We provide a thorough analysis of security and complexity of our proposed PS-ACS scheme. The
functionality and simulation results provide data security in acceptable performance impact, and prove
the feasibility of the scheme.

DFD model:

Functional requirement:

Creator:
Register: user can get registered by entering the user details.
Login: user gets login by entering valid username and password.
Trustee: creator sends a detail of user to trustee.
Profile: user can edit their profile.
Uploaded: user can view the uploaded file.
KDC: user can send token to KDC.
Cloud: user can encrypt the uploaded file, later it sends a file to the cloud.

Trustee:
Login: user gets login by entering valid username and password.
Registered user: user can view and delete the token.
Authentication: new user after authentication sends a token to creator.
Creator: creator can view the tokens.

KDC: KDC validate the user by using validation and sends a key to user (creator/reader/writer).
User Reader
Registration: user can get registered by entering the user details.

Login: user gets login by entering valid username and password.

File: user searches file.

Download decrypted
Files: using input key user can download the file.
Request for a file: after displaying the file. The file is send to the KDC.
KDC: KDC receives a file.

User writer
Registration: user can get registered by entering the user details.
Login: user gets login by entering valid username and password.
File: user search the file after searching the file user can edit the file and sends it to KDC for
updation.
File updated: using input key user can check the updated file.

Non-functional Requirements
Non-functional requirements are constraints that must be adhered to during development. They limit
what resources can be used and set bounds on aspects of the software’s quality. One of the most
important things about non-functional requirements is to make them verifiable. The verification is
normally done by measuring various aspects of the system and seeing if the measurements confirm to
the requirements

Hardware and Software:

Hardware components used:
 Processor : i3 or i5
 RAM : 2GB

Software Requirements:
 Operating System : Microsoft Windows 7 and above
 Database : SQL Server 2008
 Technologies : Visual Studio 2012
 Internet : Google chrome, Mozilla Firefox.

Conclusion:
The Privacy protection based access control with anonymous authentication provides a secure cloud
storage in which the files are associated with file access policies that used to access the files placed on
the cloud. Uploading and downloading of a file to a cloud with standard Encryption or Decryption. It
is a Decentralized access of system in which every system have the access control of data. The Cloud
which is a Secured storage area where the anonymous authentication is used, so that only the
permitted users can be accessed. Decrypting of data can be viewed only by a valid users and can also
store information only by valid users. This Scheme prevents Replay attack which mean Eaves
Dropping can be avoided, Support Creation of data inside storage, Modifying the data by unknown
users and Reading data stored in Cloud. The authentication and accessing the Cloud is Robust, Hence
Overall Communication Storage area been developed by comparing to the data security approaches.
Date of starting the project: 26/12/2017
EXTERNAL GUIDE (IN COMPANY) INTERNAL GUIDE (IN COLLEGE)

NAME: NAME: Priya M.R

DESIGNATION: DESIGNATION: Lecturer

CONTACT ADDRESS:

TELEPHONE NUMBERS:

COMPANY ADDRESS: