Journal Publication of International Research for Engineering and Management (JOIREM)

Volume: 10 Issue: 01 | Jan-2025

Analysis of an attribute-based encryption system for cloud data access

1Bhavuk Sharma,2Dr. Bhupendra Verma, 3Dr. Vivek Sharma
1M.Tech Scholar
2,3Professor, Department of Computer Science Engineering, Technocrats Institute of Technology, Bhopal, M.P, India

---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract -There is a way to lower the Internet's common symmetric key approach, in which all users receive their
overhead and offer a fine-grained access control whenever attributes and secret keys from a single key distribution center
cloud access control is being considered. These problems can (KDC). A single KDC is exceedingly challenging to manage in
be resolved with attribute-based encryption. A centralized a cloud environment where many users are supported. The new
feature in this study is that it allows the message to be
attribute-based encryption scheme is suggested for the current
legitimate and genuine without disclosing the name of the
system, in which users get secret keys and attributes from a
person who placed the data on the cloud. This approach may
single key distribution center.This paper suggests a also be extended to user revocation. This work uses the
decentralized attribute-based encryption system where any Attribute Based Signature (ABS) technique to ensure privacy
party can function as the authority by generating a public key and authenticity. Additionally, this approach is immune to
and providing various users with private keys. Additionally replay attacks, in which users may substitute outdated data for
supported by the suggested system are user revocation and the new data. The fact that a revoked user cannot write to the
anonymous authentication. The performance of decentralized cloud makes this method a crucial feature. The right
Cipher-text attribute-based encryption and attribute-based cryptography technology is used to achieve safe data
encryption can also be compared. transactions on clouds. The owner of the data should store it in
the cloud after encrypting it. In the event that a third party
Key Words: Cloud Computing, Access control, Key downloads the record, the user may see it if they possess the
Distribution Center (KDC), Authentication, Revocation, key used to rewrite the encrypted data. This might sometimes
Attribute Based Encryption(ABE) be a failure due to the programmers and advancements in
technology. There are several methods and strategies to create
safe transactions and storage in order to solve the issue
suggested an anonymous authentication system for cloud data
preservation. Anonymous authentication is the process of
1.INTRODUCTION admitting a user without knowing their personal information.
As a result, the user may hide their information from other
Currently, cloud computing is a potential computing cloud users since the cloud servers are unaware of their
paradigm that is being widely considered across many personal information.
domains. A lot of cloud service providers now allow
businesses to buy the necessary computer resources rather than
setting up and managing their own computing 1.1 Motivation
environment.Cloud storage houses a large amount of very There are currently well-known security solutions that
sensitive data. The two most crucial concerns in cloud primarily rely on authentication to ensure that a user's private
computing are privacy and security. The user should be data is not illegally accessed, but they overlook a minor
verified before starting a transaction, but they should also be privacy concern when a user challenges the cloud server to
guaranteed that the cloud won't alter the data they have seek data sharing with other users. The disputed access request
outsourced. To prevent other users or the cloud from knowing itself may disclose the user's privacy. Existing systems
who they are, individuals must maintain their privacy. describe a shared authority-based privacy-preserving
The importance of limiting access to legitimate services to authentication methodology that ensures security and privacy
authorized users has led to an increase in interest in cloud in cloud storage. The shared access authority is obtained using
access control. Clouds hold a vast quantity of data and an anonymous access request matching process that takes
information, much of which contains sensitive data. In general, security and privacy into account. Attribute-based access
there are three forms of access control: Attribute-based access control is used to ensure that the user can only access its own
control (ABAC), Role-based access control (RBAC) and User- data fields; the cloud server uses proxy re-encryption to enable
based access control (UBAC). Users are categorized according data sharing across numerous users.
to their respective responsibilities in role-based access control.
The list of approved users with data access is part of the access 2. Need of the Study
control list in user-based access control. Access policy is There are already well-known existing security solutions that
associated to the data in ABAC, and users who meet the access specialize in authentication to appreciate that a user's private
policy and possess a valid set of characteristics are granted
information cannot be unauthorized accessed, but neglect a
access to the data.Access controls on cloud systems, such as
refined privacy issue throughout a user difficult the cloud
Fine-Grained Data Access Contro, Attribute Based Data
Sharing, Hierarchical Attribute Based Encryption and server to request different users for information sharing.
Distributed Access Control are centralized and employ a 3. Litrature Review

© 2025, JOIREM |www.joirem.com| Page 1

 Journal Publication of International Research for Engineering and Management (JOIREM)
Volume: 10 Issue: 01 | Jan-2025

Hong Liu et al. Cloud services provide consumers the ease of while other users could just view it. Users other than the
enjoying on-demand cloud apps without regard for local creator did not have write access.
infrastructure limits. Existing security solutions mostly rely on
authentication to ensure that a user's private data cannot be 4. Methodology
viewed without authorization, but they ignore a minor privacy Cloud-stored data is protected by a distributed access control
problem that arises when a user challenges the cloud server to system, which allows access to the data only by authorized
seek data sharing from other users. Regardless of whether the users with legitimate credentials. User authentication is used
contested access request is granted data access rights, it may for cloud data storage and modification. During the
disclose the user's privacy. In this research, we propose a authentication process, the cloud protects the user's identity.
shared authority-based privacy-preserving authentication Because of the cloud's decentralized nature, many KDCs may
protocol (SAPA) to solve the aforementioned privacy handle key management. Collusion resistance is a feature of
concerns for cloud storage. Within the SAPA, both authentication and access control systems. Because of the
JingiLi, Jinet al. presents a design to handle the challenge of collusion-resistant attack, even if two users are not
integrity audits and safe deduplication on cloud data. individually allowed, they cannot band together to
Specifically, two secure systems, Sec Cloud and Sec Cloud+, authenticate themselves or access data. Once their account has
are proposed with the goal of ensuring both data integrity and been canceled, users are no longer able to access data. Replay
deduplication in the cloud.Sec Cloud offers an auditing entity attacks may be accommodated by the suggested protocol. The
with the maintenance of a Map Reduce cloud, which assists data saved in the cloud may also be accessed and written to
customers in generating data tags prior to uploading as well as several times using this suggested protocol. Decentralized
evaluating the integrity of data kept in the cloud. techniques ought to be less expensive than the current
Prof. Rucha R. Galgali investigated the problem related to the centralized ones.
data privacy variousschemes are proposed based on the
attribute based encryption techniques, still more attention is
on privacy of the data content and the access control of the Figure 1: Architecture of Cloud
data and less attention is on the privilege control and the
privacy of user’s identity. These offer the Anony Control
system, which addresses both data privacy and user identity
privacy. They also provide Anony Control-F, which totally
prevents identity difficulties. In the proposed concept, user
revocation is included to allow for the activation and
deactivation of users, increasing system efficiency and
practicality.
F. Zhao et al. presented privacy-preserving authenticated
access control in the cloud. Here, the researcher analyzes a
centralized system in which a single key distribution center
(KDC) distributes characteristics and secret keys to all users.
However, a single key distribution center is not a single point
of failure, and it is very difficult to sustain a large number of
users on clouds.
H.K. Maji et al. established the ABS technique to enable
anonymous user authentication, however it was a centralized
approach.
K. Maji et al. offered a decentralized way to authentication
that does not reveal the user's identity, although it is
vulnerable to replay attacks.
A. Sahai and B. Waters introduced Fuzzy Identity-Based
Encryption, which comprises of a single completely trusted Fig. 1 show the suggested system's architecture. A writer, a
centralized authority (CA) and many attribute authorities. reader, and a maker are the three users. The trustee gives a
Each user is assigned a unique global identifier, and the keys token to creator Alice, who is presumed to be honest. A trustee
from different authorities are bound together by this identifier. may be the federal government, which is in charge of social
To counteract a collusion attack, multiple users can pool their insurance numbers and other records. The trustee provides her
secret keys obtained from different authorities in order to a token once she shows her identification, social insurance
decrypt ciphertext to which they are not individually entitled. number, health information, etc. There are many KDCs that
Kan Yang et al. suggested A decentralized architecture and may be dispersed. These KDCs may be servers located all over
strategy do not provide assurance to consumers that need the globe. When a creator presents the token that was obtained
anonymity while utilizing the cloud. However, the technique from the trustee to one or more KDCs, they are given keys for
failed to offer user verification. encryption, decryption, and signature. Secret keys (SK) for
S. Ruj et al. presented a distributed access control module for decryption are provided in Figure 1; the keys are Kx for
clouds. In this strategy, user verification was not available. signature. The MSG message is encrypted under access policy
The second flaw was that users may create and keep a record X. Who has access to the data kept in the clouds is determined

© 2025, JOIREM |www.joirem.com| Page 2

 Journal Publication of International Research for Engineering and Management (JOIREM)
Volume: 10 Issue: 01 | Jan-2025

by the access rules. The author chooses to demonstrate her keys that reflects a set LID of attributes, that we call an
signature and the message's legitimacy on a claim policy Y. attribute set of the user with identity ID. Let UAjϵAU j, where
The signed ciphertext C is sent to the cloud. The encrypted text Uj1∩Uj2=ϕ, for j1≠j2 be the attribute universe of the system.
(C) is stored in the cloud by confirming the signature.The As a result of lack of global coordination between authorities,
cloud transmits ciphertext C to the reader if they choose to read different authorities might hold identical attribute string. To
the data. If the user has a set of characteristics that fit the overcome this, we can treat every attribute as a tuple consisting
access policy, the cipher text C may be decoded and the of the attribute string and also the controlling authority
original message can be recovered. identifier. The decentralized CP- ABE consists of five
algorithms
5. Analysis & Result
System Initialization(k): Initially, according to the security
5.1 Attribute-Based Encryption parameter k a trusted initializer choses global public parameter
The attributebased encryption concept was first proposed GP. Any user or any authority in the system can make use of
by A. Sahai and B. Waters[14]. ABE is a type of public-key these GP in order to perform their executions. Authority
encryptionis in which the ciphertext andsecret key of a user are Setup(GP, Uj): Once during initialization every authority Aj ϵ
dependent upon attributes. A crucial security feature of ABE is A runs this algorithm. It accepts global public parameter GP
collusion resistance, an opponent holds multiple keys should and a set of attributes U j as input and outputs public key
alone be able to access data and information if at least single PubAj and master secret key MkAj of the authority Aj.
individual key grants access.In ABE the ciphertext decryption Authority KeyGen(GP,ID,a,MkAj):On receiving a secret
is possible only if the valid set attributes of the user key attribute key request from the user every authority executes
matching the attributes of the ciphertext.The ABE consists of this algorithm. It takes global public parameter GP, global ID
four algorithms as follows of a user, attribute a hold by authority and the master secret
 System Initialization key of the corresponding authority as input and it returns a
secret attribute key SKa,ID for the identity ID.
Select a prime q, generator g of G0, groups G0 and GT of Encrypt(GP,M,A,{PubAj}):An encryptor runs
order q, a map e : G0X G0→ GT , and a hash function H : this algorithm and takes global public parameter GP, an
{0,1}*→G0 that maps the identities of users to G0. The access structure, message M to be encrypted and public key of
hash function used here is SHA-1. Each KDC Aj ϵ A has aset relevant authorities corresponding to all attributes as input.
of attributes Lj. Each KDC also chooses two random Then it encrypts message M under access structure and returns
exponents. the CT ciphertext.
Decrypt(GP,CT,{SKa,ID|aϵLID}):Decryptor with identity
Key Generation and Distribution
ID runs this algorithm on receiving ciphertext CT by inputting
User Uu receives a set of attributes I[j,u] from KDC Aj, GP, CT and {SKa,ID|aϵLID}. Then it outputs the message if
and corresponding secret key SKi,u for each iϵI[j,u]. Where the user attribute set LID satisfies the access structure, if not
αi,yiϵSK[j]. Note that all keys are delivered to the user satisfies decryption fails.
securely using the user’s public key, such that only that user
can decrypt it using its secret key. 6. Conclusion
This work introduces a mechanism known as decentralized
 Encryption
access control technique with anonymous authentication,
In the encryption function by using the method ABE the which prevents replay attacks and user revocation. The identity
message MSG is encrypted with the access policy X and the of the user storing data and information is unknown to the
encrypted message which isciphertext C is sent. cloud; only user credentials are checked. The distribution of
keys is decentralized, concealing the user's access policy and
 Decryption attributes. Furthermore, the performance of attribute-based
In the decryption function the ciphertext C is decrypted by encryption and decentralized attribute-based encryption can be
using the secret key SK to obtain the original message MSG. contrasted.
5.2 CP-ABE System References
A decentralized CP-ABE system is composed primarily of 1. Amol D Shelkar, Prof.Rucha R. Galgali, “ Data Access
a set of A authorities, a trusted initializer and users. The only Privilege With Attribute Based Encryption and User
responsibility of trusted initializer is generation of system Revocation”, International Research Journal of Engineering
global public parameters that are system wide public and Technology (IRJET), Nov 2016.
parameters available to each entity in the system. During 2. Praveen N.R and Renju Samuel,” Enhanced Efficient User
system initialization, every authority Aj ϵ A controls a different Revocation Mechanism on Top of Anonymous Attribute Based
set U j of attributes and issues corresponding secret attribute Encryption” , International Journal of Emerging Technology in
keys to users. It has been observed that each authorities can Computer Science Electronics, AUGUST 2016.
work independent. As such, each authority is totally unaware
of the existence of the other authorities in the system. In the 3. M. Satishkumar,B. dayKumar,Ch.ArunKumar,”Attribute
system every user is identified with a unique global identity ID Based Data Sharing with At tribute Revocation to Control
ϵ {0,1} and allowed to request secret attribute keys from the Cloud Data Access”, International Journal of Computational
various authorities. In the system at any point of time, every Science, Mathematics and Engineering, February-2016.
user with global identity ID possesses a set of secret attribute

© 2025, JOIREM |www.joirem.com| Page 3

 Journal Publication of International Research for Engineering and Management (JOIREM)
Volume: 10 Issue: 01 | Jan-2025

4. Muhammad YasirShabir, AsifIqbal, ZahidMahammad, and

AtaullahGhafoor, “ Analysis of Classical Encryption
Techniques in Cloud Computing” , ISSN 1007-0214 09/10
pp102-119 Vol. 21, Number1, February 2019.
5. E.J. Coyne, D.R. Kuhn and T.R. Weil, “Adding Attributes
to Role-Based Access Control” IEEE Computer, vol. 43, no. 6,
pp. 79-81,June 2010.
6. M. Li, S. Yu, K. Ren, and W. Lou, “Securing Personal
Health Records in Cloud Computing: Patient-Centric and Fine-
Grained Data Access Control in Multi-Owner Settings” Proc.
Sixth International ICST Conference Security and Privacy in
Comm. Networks (SecureComm), pp. 89-106, 2010.
7. S. Yu, C. Wang, K. Ren, and W. Lou, “Attribute Based Data
Sharing with Attribute Revocation” Proc. ACM Symp.
Information, Computer and Comm. Security (ASIACCS), pp.
261-270, 2010.
8. G. Wang, Q. Liu, and J. Wu, “Hierarchical Attribute-Based
Encryption for Fine-Grained Access Control in Cloud Storage
Services” Proc. 17th ACM Conf. Computer and Comm.
Security (CCS), pp. 735-737, 2010.
9. F. Zhao, T. Nishide, and K. Sakurai, “Realizing Fine-
Grained and Flexible Access Control to Outsourced Data with
Attribute-Based Cryptosystems” Proc. Seventh International
Conference Information Security Practice and Experience
(ISPEC), pp. 83-97, 2011.
10. S. Ruj, A. Nayak, and I. Stojmenovic, “DACC:
Distributed Access Control in Clouds,” Proc. IEEE 10th
International ICST Conference Trust, Security and Privacy in
Computing and Communications (TrustCom), 2011

© 2025, JOIREM |www.joirem.com| Page 4