Collaborative Key Management Protocol in Ciphertext Policy

Attribute-Based Encryption for Cloud Data Sharing

Shilpa S. Patode Prof. P.P.Kalyankar
ME (CSE) student, computer department, Assistant professor, computer department
Terna public charitable trust’s college of engineering, Terna public charitable trust’s college of engineering,
Osmanabad, India. Osmanabad, India.
shilpapatode@yahoo.com Kalyankarpravin@rediffmail.com

Abstract-Ciphertext policy attribute based encryption (CP-ABE) is a promising cryptographic technique for fine-grained access
control of outsourced data in the cloud. One drawback in urgent need of solution is the key escrow problem. In this work, we
propose a collaborative key management protocol in CP-ABE (CKM-CP-ABE). Our construction realizes distributed generation,
issue and storage of private keys .A fine-grained and immediate attribute revocation is provided for key update. The proposed
collaborative mechanism effectively solves not only key escrow problem but also key exposure. Meanwhile, it helps markedly
reduce client decryption overhead. A comparison with other representative CP-ABE schemes demonstrates that our scheme has
some what better performance in terms of cloud-based outsourced data sharing on mobile devices.

Keywords- Cloud data sharing, CP-ABE,attribute,key management, security.

I.Introduction first CP-ABE construction. The construction [2] is only

Attribute-based encryption (ABE) is a cryptographic proved secure under the generic group model. To
technique that make a fine-grained data access control. overcomethis weakness, Cheung and Newport [3] presented
[3]. It provides a facility of access policies to the requester another construction that is proved to be secure under the
which is based on different attriute.CP-ABE an encryptor standard model. To achieve receiver-anonymity, Boneh and
define data with attributes set and if match the attribute Waters [10] proposed a predicate encryption scheme based
then decryptor can decrypt the ciphertext [5]. Each user on the primitive called Hidden Vector Encryption. Inthis
with a different set of attributes is allowed to decrypt proposed scheme data owners need not be concerned about
different pieces of data per the security policy. This defining any access policy for users, but just need to define
effectively eliminates unauthorized data access [1]. only the access policy for attributes as in the previous ABE
schemes.
II. Relatedwork
To ensure the data in storage servers, previously the
III. System Description
simplest Proof of retrievability (POR) scheme[6] can be
made using a key hash function hk(F).In this scheme the 1.key authority: It is a key authority that generates public
verifier,before archiving the data file F in the cloud and secret parameters for CP-ABE. It is used in issuing,
storage, pre-computes the cryptographic hash of Fusing revoking, and updating attribute keys for users. Based on the
hk(F) and store is hash as well as the secret key K.To attribute it grant different access rights to individual users.
check if the integrity of the file F is lost the verifier
releases the secret key K to the cloud archive and asks it to 2.cloud server : it is responsible for storing data and
compute and return the value of hk(F). Though this providing corresponding content services.
scheme is very simple and easily implementable them
drawback of this scheme are the high resource costs it 3.client : A client is a user who access data in cloud storage
requires for the implementation discussed in [7]. At the via front end devices If CL have a set of attribute and these
verifier side this involves storing as many keys as the set is satisfy with ciphertext access policy then they allowed
number of checks it want to perform as well as the hash to get the palaintext
value of the data file.
Since the introduction of ABE in implementing fine- 4.Decrytpion server : Decyption server have a capability of
grained access control systems, a lot of works have been decrypt data by using key.
proposed to design flexible ABE schemes. There are two
method realize the fine-grained access control based on 5.Data owner : it is an authorized user ,they can upload data
ABE : KP-ABE and CP-ABE. They were both mentioned with their access policy.
in[4] by Goyal et al. In KP-ABE, each attribute private key is
associated with an access structure that specifies which type IV . ABE Algorithm Model
of ciphertexts the key is able to decrypt,and ciphertext is
labeled with sets of attributes. In a CP-ABE system, a user’s The aim of ABE is the security of data and access control.A key
key is associated with a set of attributes and an encrypted can decrypt the cipher text to get access to the data only if it has a
ciphertext will specify an access policy over attributes. The certain combination of attributes present on both cipher text and
first KP-ABE construction [4] realized the monotonic access the secret key of user. ABE basically has four algorithms. They are
structures for key policies. Bethencourt et al. [2] proposed the Setup, Encryption, Decryptionand Key generation which consists
of sender to send, authority to validate the data and receivers with text for decryption. All private keys are associated with attribute
participants. sets and the encryption has an access structure or policy which will
 Setup: (K1,U1)->(PP1,MSK1): This algorithm uses the parameter help to decrypt the data by identifying which key will be required
K1 as input and returns Public Key PP1 and master Secret Key to decrypt.
MSK1 as output. The senders use PP1 to encrypt the data. The CP-ABE has a set of attributes and a private key. The attributes
authority alone knows the MSK1 which is used to create secret are associated to users and the keys are generated based on
keys. attribute set. During encryption of a message M, an access
 Key Generation (K1,PP1,MSK,S) -> SK1 : Key generation structure is defined by an encryptor. This access structure is
algorithm uses the inputs as public parameter PP 1, master secret defined in attribute sets for Message. The rules are specified for
key MSK1, attribute set S and it generates a key to decrypt SK1, encrypting the data, which is only those specified attributes which
this key helps the user to decrypt the data using an access tree abides by the access structure, can be granted access to decrypt the
structure T only if Tmatches message. Unauthorised users even if they collude they cannot
 Encryption: (K1, PP1, M1, T1)->CT1 : In the Encryption decrypt the cipher text because the access policy allows the
algorithm, the sender would encrypt a message M1, using a public encryption to choose the key which has the associated attribute set.
parameter PP1, an access structure T1 and an attribute set S. The This concept is built upon basic access control schemes.
output of this algorithm is a ciphertext CT 1.
 Decryption: (K1, PP1, SK1,CT1)->M1: In this algorithm, public C.Attribute-Based Encryption Scheme With Non- Monotonic
parameter PP1 and ciphertext CT1 are taken as input with a secret Access Structures:
Earlier ABE schemes were restricted to expressing only
key SK1 for an attribute set SK1. The output of this algorithm is a
monotonic access structures and there is no acceptable method to
message only if the associated ciphertext matches the access
represent negative limitations in a key’s access formula. Ostrovsky
structure.
et al. proposed an ABE with non-monotonic access structure in
A.Key-Policy Attribute Based Encryption(KP-ABE) 2007. Non- monotonic access structure can be use the adverse
KP-ABE is a new refined type of ABE scheme. Goyal el al. in word to describe every attributes in the message, but the monotonic
2006 introduced the First key-policy scheme. Through KP- ABE access structurecannot.
encrypted data can be shared with great attention to detail and this
also allows one to many relationships. In this attribute each cipher D.Hierarchical Attribute-BasedEncryption:
The scheme Hierarchical attribute-based encryption (HABE) is
text has an attribute set and user’s secret key which is generated by
derived over Wang et al The HABE model ( Fig 2) holds of a root
authority. An access structure also policy is used to associate the
master (RM) that corresponds to the third trusted party (TTP) and
secret key to decrypt the data. The access structure provides details
many domain masters (DMs) in which the top-level DMs relate to
of the list of cipher texts the user can decrypt. In other words, the
many enterprise users, and several users that correspond to totally
decryption can be done only if the cipher text attributes matches
personnel in an enterprise. The HABE scheme used the property of
the access structure associated with the private key. This KP-ABE
the hierarchical generation of keys in Hierarchical attribute-based
scheme will be best suited for professional and structural
encryption (HIBE) scheme to generate keys.
organisations and institutions which creates rules to create access
and restrictions for a particular document. This scheme prevents
unauthorised user to decrypt the data even if data resides in an
insecure server.

B.Ciphertext-Policy Attribute Based Encryption(CP-ABE)

CP-ABE scheme is the other type of ABE scheme. We use
remote servers to store our files for various reasons. The files may
be intended to be scalable to other users using resources from
elsewhere. Reliability can be achieved in case of network failures
where the data can be recreated again as it is in a remote server.
Figure 2: HABEmodel
This scheme has its primary focus on security which has a tension
with other properties. As our files get replicated there are more
V. ABE Security Analysis
chances for hackers and attackers to get control of the system. This ABE scheme has great security features and functionalities which
tension makes the CP- ABE scheme very useful. When there is a are specified below.
requirement for which user can access what files should be done 1. Data Confidentiality:Access to the raw data is prevented from
securely using CP-ABE. unauthorised users. The information is encrypted from
CP-ABE can also be categorised as an extension of identity- unauthorized users, as they do not have required attribute set to
based encryption.In identity based encryption, it has a master match the criteria of access structure policy. Hence, the
private key which used to generate many more private keys and unauthorised access from KGC and data-storing centers to the
one public key. But CP-ABE is not just an identity based plain text data is prevented from theattackers.
encryption as it is extended with more flexibility. This allows 2. Collusion Resistance:Collusion resistance is an important
complex rules to specify explicitly to pair a private key to a cipher functionality in ABE scheme. If the users become dishonest and try

2
 to decrypt the data, it is not possible because the users can only
have a part of attribute set and it cannot match the attribute set
criteria. Even if multiple users combine their attribute set, it will
not match the criteria of the access structure policy.
3. User/attribute revocation:When an user leaves the system the
policy revokes the access of the user to thesystem.
4. Scalability:The scheme doesn’t not have adverse effects when
more users enter the policy. It has the functionality to maintain the
same performance throughout system for allusers. Even if the users
authorised are increased dynamically the system will provide
goodperformance.

VI.Conclusion
Proposed system, we reformed an attribute-based data sharing
scheme in cloud computing. The key escrow problem was resolved
by enhanced key issuing protocol . It enhances data confidentiality
and privacy in cloud system against the managers of Key
Distribution Center (KDC) and Cloud Server Providers as well as
malicious system outsiders, where Key Distribution Center (KDC)
and Cloud Server Providers are semi-trusted. In addition, the
weighted attribute was proposed to improve the expression of
attribute, which can not only describe arbitrary state attributes, but
also reduce the complexity of access policy, so that the storage cost
of ciphertext and time cost in encryption can be saved.
Conclusively, in the proposed system it has been proved that
performance and security analyses, in which the results express
highest efficiency and security of our scheme.

References
[1] [SW05] Sahai, A., Waters, B.: Fuzzy identity-based
encryption. EUROCRYPT 2005.
[2] [GPSW06] Goyal, V., Pandey, O., Sahai, A., Waters, B.:
Attribute-based encryption for finegrained access control of
encrypted data. ACM CCS2006.
[3] [BSW07] Bethencourt, J., Sahai, A., Waters, B.:
Ciphertext- policy attribute-based encryption. IEEE Symposium
on Security and Privacy,2007
[4] [CN07] Cheung, L., Newport, C.C.: Provably secure
ciphertext policy abe. ACM CCS2007
[5] [GJPS08]Goyal,V.,Jain,A.,Pandey,O.,Sahai,A.:
Bounded Ciphertext Policy Attribute Based Encryption.
ICALP 2008, PartII.
[6] [Waters08/11] Waters, B.: Ciphertext-policy
attribute-based encryption: An expressive, efficient, and
provably secure realization. PKC2011
[7] [LOSTW10] Lewko,A.B.,Okamoto, T., Sahai,A.,
Takashima,K.,Water B.: Fully secure functional encryption:
Attribute- based encryption and (Hierarchical) inner product
encryption. EUROCRYPT2010.
[8] [OT10] Okamoto, T., Takashima, K. : Fully secure
functional encryption with general relations from the decisional
linear assumption. CRYPTO2010.
[9] [MKE09] Muller, S., Katzenbeisser, S., Eckert, C.:
Onmulti- authority ciphetext-policy attribute-based
encryption. Bulletin of theKoreanMathematicalSociety2009.
[10] [LW11] Lewko, A., Waters, B.: Decentralizing
attribute- based encryption. EUROCRYPT2011.

3
4