Audit Free Cloud Storage via Deniable attribute

based Encryption
1
B.Venkatesan, 2S.Saravanakumar, 3V.Saravanabhavan
1
Assistant Professor, Department of Information Technology ,32Assistant Professor, Department of Information
Technology,
Paavai Engineering College, Namakkal, Tamil Nadu, India.

Abstract
Cloud storage services have grow popularly. For the importance reason of privacy, many cloud storage encryption schemas has been
proposed to secure the data from those who do not have access. All such schemes assumes that cloud storage providers are secure and
cannot be hacked. However in practice, some authorities may compel cloud storage providers to make public user secrets and
confidential data. We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the
service provider is not completely trusted by the customer. In this paper a new cloud storage encryption schema is proposed which
allows cloud storage providers to protect user privacy. Since authorities cannot tell the obtained secrets are true or false, the cloud
storage providers ensure that the user privacy is still securely provided. The proposed schemes believe cloud storage service
providers or trusted third parties handling key management are trusted and cannot be hacked. Some times may intercept the
communication between users and cloud storage providers and then compel storage providers to release user secrets by using
government power or other means. In this case the encrypted data are assumed to be known and storage providers are requested to
release user secrets. The proposed Deniable CP-ABE scheme is to build an Audit free cloud storage service. The deniability feature
makes coercion invalid, and the ABE property ensures secure cloud data sharing with a fine grained access controlledmechanism.

Keywords- cloud storage, service providers, key management, attributes based Encryption, Deniable Encryption
process.

1. INTRODUCTION applications that utilize the API, such as cloud

Cloud storage is a form of data storage where the desktop storage, a gateway or Web- based content
digital data is stored in logical pools, the physical management systems. In the cloud storage
storage span multiple servers (and often locations), environment customers can store their data on the
and the physical environment is typically owned cloud and access their data from anywhere at any
and handled by a hosting organization. These cloud time by connecting to a network. Because of user
storage providers are answerable for keeping the privacy, the data stored on the cloud is normally
data available and accessible, and the physical encrypted and safe guarded from access by other
environment protected and running. Different users. Considering the collaborative property of the
organizations buy or lease storage capacity from the cloud data, attribute-based encryption (ABE) is
providers to store customer application data. Cloud regarded as one of the most suitable encryption
storage services may be accessed through a co- schemes for cloud storage. Attribute-based
located cloud computer service, a web service encryption is a kind of public-key encryptionin
application programming interface (API)[4] or by
which the secret keyof a user and the cipher text
are reliant upon attributes. In such a structure, the
decryption of a cipher The applicability of this kind of users can access is nothing but it also
text is achievable only construction is to share their encrypted data. similar to common
if the set of attributes of the audit-log Users who convince the encryption schemes,
the user key equals the information and conditions are able to deniable encryption
attributes of the cipher broadcast encryption decrypt the encrypted can be separated into a
text.[5]. A central and also supports data. The scheme of deniable shared key
security feature of delegation of private deniable encryption scheme and a public
Attribute-Based keys which includes the key scheme. Allowing
Encryption is Hierarchical Identity- the cloud storage
collusion-resistance: Based Encryption. These scenario, we focus our
An challenger that Encryption schemes efforts on the deniable
grasps multiple keys be assuring that cloud public key encryption
supposed to only be storage service scheme. The
capable to access data providers or trusted simulatable public key
if at least one third parties handling system provides an
individual key grants key management are unaware key
access. The aim trusted and cannot generation function
choosing this attribute- behacked. and an oblivious cipher
based encryption is text function. When
that as more 2. RELATED WORK transferring an
responsive, data is encrypted bit, the
shared and stored by The concept of sender will send a set
third-party sites on the ABE(Attribute-Based of encrypted data
Internet, there will be a Encryption) in which which may be usually
need to encrypt data data owners can insert encrypted or
stored at these sites. how they want to insensible. Therefore,
One disadvantage of distribute data in terms the dispatcher can
encrypting data is that of encryption. That is, claim some sent
it can be selectively only those who match messages are oblivious
shared only at a coarse- the owner’s conditions while actually they are
grained level (i.e., can successfully decrypt not. The scheme can be
giving another party stored data. We can say applied to the receiver
your private key). To here that ABE is side such that the
overcome this encryption for scheme is a bi-
disadvantage we used privileges, not for users. deniable scheme. While
a new cryptosystem for This makes ABE a very performing this scheme
fine- grained sharing of helpful tool for cloud there are some
encrypted data that we storage services since disadvantages may
call Key- Policy data sharing is a arise. Those are
Attribute-Based significant feature for Computational
Encryption (KP-ABE). such services. Cloud overhead. I.e.
In this cryptosystem, storage users are not Encryption parameters
cipher text are labeled practical for data should be totally
with sets of attributes owners to encrypt their different for each
and private keys are data by pair wise keys. encryption operation.
associated with access Furthermore, it is also So each coercion will
structures that control impractical to encrypt reduce flexibility. We
which cipher text by data many times for can also face Decrypted
this the user can easily many people. With ABE, data with missing of
able to decrypt the data data owners make a contents at such blocks.
which was encrypted. decision only which Entities of the cloud
environment may storage providers will
stop communications not have revealed any
between users and real secrets. So, user
cloud storage privacy is still
providers andthen confined in cloud
require storage computing
providers to release environment[7].
user secrets by using In order to overcome
power or other all these
means. In this disadvantages Cipher
situation, encrypted text policy attribute-
data are assumed to based encryption (CP-
be known and ABE) scheme is being
storage providers are implemented. The
requested to implementation of a
discharge user deniable CP-ABE
secrets here another scheme that can make
disadvantage is Data cloud storage
redundancy is Occur services secure and
at each block of data. audit free. In these
The non interactive
and fully receiver
deniable schemes
cannot be achieved
simultaneously. It is
also impossible to
encrypt unbounded
messages, using one
short key in non
committingschemes.
The future
performance scheme
with Cipher Text
Policy Attribute
Based encryption
presents a cloud
storage provider
which means to
make fake user
secrets. Specified
such fake user
secrets, outside
coercers can only
obtained fake data
from a user’s stored
cipher text. The
coercers think the
received secrets are
real, they will be
content and more
prominently cloud
circumstances, cloud This scheme extends a occurs. The identical time of the agreement
storage service pairing ABE, which has error occurs in all or totally move the files
providers will just a deterministic transparent set- based starting with one cloud
watch as receivers in decryption algorithm. deniable encryption then onto the next
other deniable schemes. Scope the cloud nature's domain.
schemes. Unlike most 3. SCHEMEDESCRI policy of a file might be The position when any
previous deniable PTION unused to under the of the above criteria
encryption schemes, request by the customer, exists the policy will be
we do not use Most deniable public concludingthe rejecting and the key
transparent sets or key schemes are director will totally
simulatable public key bitwise, which means withdraw from the
systems to apply these schemes be able to public key of the
deniability. Deniable process one bit a time. associated file. So no
Cipher Text Policy Hence, bitwise deniable one can pick up the
Attribute Based encryption schemes are control key of a
Encryption scheme incompetent for real repudiated file in
make with two use, especially in the future. Due to this
encryption cloud storage service reason we can say the
environments at the case. To resolve this file is certainly erased.
same time, much like problem, considered a To get well the file, the
the idea planned in this hybrid encryption user must ask for the
scheme with many scheme that key controller to
sizes while claiming concurrently uses fabricate the public
there is only one size. symmetric and key. For that the user
This approach removes asymmetric encryption. must be verified. The
clear redundant parts. They use a deniably key policy attribute
The base ABE scheme encrypted plan- ahead based encryption
can encrypt one block symmetric data standard is utilized for
each time; our deniable encryption key, while file access which is
CPABE is definitely a real data are encrypted confirmed by means of
block wise deniable by a symmetric key an attribute connected
encryption scheme. encryption mechanism. with thefile.
The bilinear operation Mainly deniable
for the Composite encryption schemes Deniable Encryption
order group is slower have decryption error process
than the prime order problems. These errors
come from the Deniable encryption
group, there are some
considered decryption involves senders and
methods that can
mechanisms. Uses the receivers creating
change an encryption
subset decision believable fake proof of
scheme from
mechanism for fake data in cipher
Composite order
decryption. The receiver texts such that outside
groups to prime order
decides the decrypted coercers are pleased.
groups for improved
message according to Note that deniability
computational
the subset decision comes from the truth
performance. Deniable
result. If the sender that coercers cannot
Cipher Text Policy
desires an element from confirm the proposed
Attribute Based
the universal set but facts is incorrect and as
Encryption offers a
unluckily the element is a result no reason to
reliable environment
located in the specific decline the given
for our deniable
subset, then an error evidence. This
encryptionscheme[8].
approach tries to contain two attractive
overall block properties, namely
coercion efforts since projecting and
coercers know that cancelling. We make
their efforts will be use of the cancelling
useless. We make use property for building
of this idea such that a consistent
cloud storage environment; on the
providers can give other hand,
audit-free storage Freeman also
services. In the cloud pointed out the
storage situation,
data owners who
store their data on
the cloud are just like
senders in the
deniable encryption
scheme. Those who
can access the
encrypted data play
the role of receiver in
the deniable
encryption scheme,
including the cloud
storage providers
themselves, who
have system wide
secrets and must be
able to decrypt all
encrypted data. We
make use of ABE
characteristics for
securing stored data
with a fine-grained
access control
mechanism and
deniable encryption
to prevent
outsideauditing.

Composite order
Bilinear Group

Design a deniable
CP-ABE scheme with
Composite order
bilinear groups for
building audit-free
cloud storage
services. Composite
order bilinear groups
important problem of the Composite Cloud storage services
computational cost in ordergroup. Cloud Storage have grown popularly.
regard to the For the reason of the
Composite order Attribute-Based importance of privacy,
Encryption
bilinear group. The many cloud storage
bilinear map operation encryption schemes
Cloud storage services
of a Composite order have been projected to
have rapidly become
bilinear group is much protect data from those
increasingly popular.
slower than the who do not have
Users can store their
operation of a prime access. All such
data on the cloud and
order bilinear group schemes assumed that
access their data
with the same security cloud storage
anywhere at any time.
level. That is, in this providers are safe and
For the reason of user
scheme, a user will pay cannot be hacked. Still,
privacy, the data stored
out too much time in in practice, some
on the cloud is typically
decryption when authorities (i.e.,
encrypted and protected
accessing files from the coercers) may force
from access by other
cloud. To make cloud storage
users. Considering the
Composite order providers to expose
mutual property of the
bilinear group schemes user secrets or
cloud data, attribute-
more realistic, into confidential data on the
based encryption (ABE)
prime order schemes. cloud, thus in total
is regarded as one of the
Both projecting and circumventing storage
most suitable
cancelling cannot be encryption schemes.
encryption schemes for
simultaneously Here wepresent a
cloudstorage. There are
achieved in prime design for a new cloud
several ABE schemes
order groups in. For storage encryption
that have been
the same reason, we scheme that enables
proposed, including.
use a simulating tool cloud storage
Most of the proposed
projected to convert providers to generate
schemes assume cloud
our Composite order realistic fake user
storage service
bilinear group scheme secrets to protect user
providers or trusted
to a prime order privacy. As coercers
third parties managing
bilinear group scheme. cannot tell if obtained
key management are
This tool is based on secrets are correct or
trusted and cannot be
dual Orthonormal not, the cloud storage
hacked; yet, in practice,
bases and the subspace providers make sure
some entities may cut
assumption. Unlike that user privacy is still
off communications
subgroups are firmly protected. Most
between users and
simulated as different of the projected
cloud storage providers
Orthonormal bases and schemes guess cloud
and then compel storage
therefore, by the storage service
providers to release user
orthogonal property, providers or trusted
secrets by using
the bilinear operation third parties managing
government power or
will be cancelled key management are
other means. In this
between different trusted and cannot
case, encrypted data are
subgroups. Our formal behacked.
understood to be known
deniable CP-ABE
and storage providers Distributed Key
construction method
are requested to release Policy Attribute
uses only the
user secrets[6]. Based Encryption
cancelling property of
KP-ABE is a public Given set of attributes S
key cryptography and MSK. This
primitive for one-to- algorithm outputs
many private key SK.
correspondences. In Enc(PP,M,A) →C :This
KP-ABE, information encryption algorithm
is associated with takes as input public
attributes for each of parameter PP, message
which a public key M and LSSS
part is described. The
encryption
acquaintances set of
attributes to the
message by
scrambling it with
the comparing public
key parts. Each client
is assigned an access
arrangement which
is normally
characterized as an
access tree over
information
attributes. Client
secret key is
characterized to
reproduce the access
structure so the client
has the skill to
decipher a cipher-
text if and just if the
information
attributes fulfill his
accessstructure.

4. ALGORITHMS
USED

The planned scheme

consists of four
algorithms which is
defined as follows:
Setup (1) ->
(PP,MSK):This
algorithm takes
security parameter as
input and returns
public parameter as
PP and system
master key MSK.
KeyGen(MSK,S) →SK :
access structure A=(M,) over the universe of 6. CONCLUSION
attributes, This algorithm encrypts M and outputs a A deniable CP-ABE scheme is an audit-free cloud
cipher text C, which can be decrypted by those who storage service. The deniability feature makes force
possess an attribute set that satisfies access structure invalid, and the Attribute Based Encryption
A. Note A is contained inC. belongings guarantee secure cloud data sharing
Verify(PP,C,M, PE, PD) →{T, F}: This algorithm is with a fine-grained access control method. This
used to verify the correctness of PE and scheme presents a likely way to struggle next to
PDOpenEnc(PP,C,M) →PE: This algorithm is for dissipated intervention with the right of privacy.
the sender to release encryption proof PE for Not only the above can this scheme be formed to
(M,C).OpenDec(PP, SK,C,M) →PD: This algorithm is guard cloud user privacy with high computational
for the receiver to release decryption proof PD for performance.
(M,C).
Dec(PP, SK,C) →{M,⊥}: This decryption algorithm REFERENCES
takes as input public parameter PP, private key SK
with its attribute set S, and ciphertext C with its [1] A. Sahai and B. Waters, “Fuzzy identity-based
access structure A. If S satisfies A, then this encryption,” in Eurocrypt, 2005, pp. 457–473.
algorithm returns M. [2] V. Goyal, O. Pandey, A. Sahai, and B. Waters,
“Attribute-based encryption for fine-grained access
5. ACHIEVEMENTS BY CIPHER TEXT control of encrypted data,” in ACM Conference on
POLICY ATTRIBUTE-BASED Computer and Communications Security, 2006, pp.
ENCRYPTIONSCHEME 89–98.
[3] J. Bethencourt, A. Sahai, and B. Waters,
We can achieve high Computational performance. “Ciphertext-policy attribute-based encryption,” in
While using this scheme no security violence will IEEE Symposium on Security and Privacy, 2007, pp.
occur. Deniable Cipher Text Policy Attribute Based 321–334.
Encryption construct at reliable environment. [4] B. Waters, “Ciphertext-policy attribute-based
Reliable environment which means that one encryption: An expressive, efficient, and provably
encryption environment can be worn for multiple secure realization,” in Public Key Cryptography,
encryption times exclusive of system updates. No 2011, pp. 53–70.
error occurrences will face in decryption level. [5] A. Sahai, H. Seyalioglu, and B. Waters,
There is no data redundancy. The opened receiver “Dynamic credentials and ciphertext delegation for
verification should look believable for all cipher attribute-based encryption,” in Crypto, 2012, pp.
texts under this situation, apart from of whether a 199–217.
cipher text is usually encrypted or deniably [6] S. Hohenberger and B. Waters, “Attribute-based
encrypted. The deniability of this scheme comes encryption with fast decryption,” in Public Key
from the secret of the subgroup task, which is Cryptography, 2013, pp. 162–179.
resolute only once in the scheme setup phase. With [7] P. K. Tysowski and M. A. Hasan, “Hybrid
this canceling property and the proper subgroup attribute- and reencryption-based key management
assignment, we can construct the released false key for secure and scalable mobile applications in
to decrypt normal cipher texts correctly Deniable clouds.” IEEE T. Cloud Computing, pp. 172–186,
Ciphertext Policy Attribute Based Encryption 2013.
Extends a pairing ABE, which has a deterministic [8] Wired. (2014) Spam suspect uses google docs; fbi
decryption algorithm, from the prime order group happy. [Online]. Available:
to the Composite order group. The decryption http://www.wired.com/2010/04/cloud-warrant/
algorithm in this scheme is still deterministic; hence, [9] Wikipedia. (2014) Global surveillance disclosures
there is no decryption errors using thisscheme. (2013present). [Online]. Available:
http://en.wikipedia.org/wiki/Global surveillance
disclosures(2013-present)