Bonfring International Journal of Data Mining, Vol. 6, No.

3, June 2016

24

Multiple Attribute Authority based Access Control

and Anonymous Authentication in Decentralized
Cloud
S. Usha and P. Sangeetha
Abstract--- Cloud computing is emerging as a powerful
architecture to perform large-scale and complex computing. It
widens the information technology (IT) capability by giving
on-demand admittance to work out resources for dedicated
use. The security information and privacy are the main
concerns over the cloud from user viewpoint. In cloud
computing cloud users and cloud severs are not present in the
same domain. Due to this problem of data security and
privacy, access control is required. Generally access control
in clouds is centralized in environment. In centralized cloud
system is given only with single key distribution Centre and
makes use of symmetric key approach algorithm. But in
decentralized cloud system multiple key distribution centres
are available. So it is used to avoid the leakage of keys for
malicious users. The proposed scheme is to hide the users
attributes using Attribute Based Encryption algorithm for
providing Anony control. In this system the cloud confirm the
authenticity of the user with no knowing the users identity
before storing the data. This method contains an added
feature of access control in which only the valid users are able
to decrypt the stored information from cloud sever.
Keywords--- Access Control, Anony Control, Attribute
based Encryption, Data Security, Multi-authority
I.

INTRODUCTION

LOUD Computing is a new computing paradigm that is

built on virtualization, parallel and distributed computing,
utility computing and service-oriented architecture. In the last
years, cloud computing has emerged as one of the most
influential paradigms in the IT industry, and has attracted
extensive attention from both academia and industry. Cloud
storage is an important service of cloud computing. It allows
data owner to host their data in the cloud that provides data
access to the users. The benefits of cloud computing include
reduce costs and capital expenditures, increased operational
efficiencies, scalability, flexibility, immediate time to market,
and so on. Different service-oriented cloud computing models
have been proposed, including Infrastructure as a service
(IaaS), Platform as a service (PaaS), and Software as service
(SaaS). Cloud storage is an important of cloud computing. It

S. Usha, Assistant Professor, Department of CSE, University

College
of
Engineering,
BIT
Campus,
Tiruchirappalli.
E-mail: anbuselvamusha2000@yahoo.co.in
P. Sangeetha, PG Scholar, Department of CSE, University
College
of
Engineering,
BIT
Campus,
Tiruchirappalli.
E-mail:Sangeethaams43@gmail.com
DOI: 10.9756/BIJDM.7019

allows data owner to host their data in the cloud that provide
data access to the users. Data access control is an effective
way to ensure the data security in the cloud. However, cloud
storage service separates the roles of the data owner from the
data service provider, and the data owner does not interact
with the user directly for providing data access service, which
makes the data access control a challenging issue in cloud
computing. Indeed cloud storage is more adaptable, how the
security and protection are accessible for the outsourced data
turns into a genuine concern. The security issues are
confidentiality, integrity, and availability. To overcome the
issues there is lot of policies and techniques to make secure
transaction and storage. Recently experts Anonymous
Authentication for data archiving to clouds. Anonymous
authentication [1] is the procedure or accepting the user
without the details of the user. So the cloud server doesnt
know the details of the user, which gives security to the user to
conceal their details from other user of that cloud. Access
control in clouds is gaining attention because it is important
that only authorized users have access to valid service. A huge
amount of information is being stored in the cloud, and much
of this is sensitive. Care should be taken to ensure access
control of this sensitive which can often related to health,
military, government legitimate, important documents or even
Personal information is at risk because ones identity is
authenticated based on his information for the purpose of
access control. As people becoming more concerned about
their identity privacy these days, the identity privacy also
needs protected before the cloud enters our life. So various
techniques have proposed to protect the data contents privacy
via access control. Existing methods works on access control
in cloud are centralized in nature and use single key
distribution center for uploading and downloading. The
techniques are Attribute Based Encryption techniques [2].
Attribute based encryption is public key based encryption that
enables access control over encrypted data using access
policies and described attributes. Attribute based Encryption is
an effective for implementing flexible and fine-grained access
control of encrypted data. In the ABE systems, each user
viewed as a set of attributes, and the trusted authority issues
the private key for each user and assigns access privileges of
encrypted data to him. Ciphertexts are associated with the set
of attributes specified by the senders. A user can decrypt
ciphertexts only if the users attributes satisfy the access
control policy about the ciphertexts. The basic ABE only
support threshold access policies. To express more flexible
access control policies. So ABE firstly proposed key-policy
ABE (KP-ABE) [3], where the access policies are embedded

ISSN 2277 - 5048 | 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016

in users private keys, and ciphertext are annotated by the sets

of attributes. Then secondly proposed the ciphertext-policy
ABE (CP-ABE) [4], where users private keys is related to his
attributes, and ciphertexts are associated with access policies
specified by senders. In the KP-ABE, a ciphertext is
associated with a set of attributes and private key is associated
with a monotonic access structure like a tree, which describes
this users identity. A user can decrypt the ciphertext if and
only if the access tree in his private key is satisfied by the
attributes in the ciphertext. However, the encryption policy is
described in the keys, so the encryptor does not have entire
control over the encryption policy. To overcome this problem
ABE proposed ciphertext policy (CP-ABE) In the CP-ABE,
ciphertexts are created with an access structure, which
specifies the encryption policy, and private keys are generated
according to users attributes. A user can decrypt the
ciphertexts if and only if his attributes in the private key
satisfy the access tree specified in the ciphertext. By doing so,
the encryptor holds the ultimate authority about the encryption
policy. Also the already issued private keys will never be
modified unless the whole system reboots. Attributes may
come from different authorities in the real world and it is not
practical to assume that a central authority can issues private
keys for all users. To address this problem the ABE scheme
proposed multi-authority KP-ABE [5] with central authority.
Subsequently chase proposed multi-authority KP-ABE
without central authority.
II.

RELATED WORK

This paper is mostly related to works in cryptographically

enforced access control for outsourced data and attribute based
encryption. For protecting the data content privacy in cloud
computing various techniques have been proposed as Identity
Based Encryption (IBE) was first introduced by Shamir [6],
and then next proposed Fuzzy Identity Based Encryption [7]
and Attribute Based Encryption in which the encryption and
decryption is based on identity. The message sender can
specify an identity and message is only decrypted when the
receiver with matching identity. It is based on a public key
cryptosystem. In which not generating random pair of keys,
the user chooses his name and address as his public key, or
any combination of name, address, telephone number etc.
A. Attribute based Encryption
A.Sahai and B.Waters et al [7]. ABE is a public key based
one to many encryption that allows users to encrypt and
decrypt data based on user attributes. In which the secret key
of a user and the ciphertext are dependent upon attributes. In
such a system the decryption of a ciphertext is possible if the
set of attributes of the user key matches the attribute of the
ciphertext. Advantages of attribute based encryption is provide
security and access control. And also provide fine-grained
access control
B. Decentralized Attribute based Encryption
A. Lewko and B.Waters et al [7].Decentralized access
scheme for secure data storage in clouds that support
anonymous authentication. Decentralized system use multiple
key distribution Centre and use asymmetric key approach
algorithm. In this system cloud verify the authenticity of the

25

sever without knowing users identity before storing data and

also valid users are able to decrypt the stored information.
Merits: Prevents the replay attacks
modification, creation, reading and writing.

and

support

Issues: Cloud knows access policy for each record in the

cloud
C. Fully Secure Multi-authority ABE Traitor and Tracing
G.Zeng, Z.Wang et al [8]. In multi-authority ABE setting
is that malicious user leak their private keys to construct pirate
decryption devices and distribute them to illegal user. To deal
with key abuse problem proposed MABTT. The MABTT
scheme is proved to be fully secure by using dual system
encryption method.
Merits: Flexible method to alleviate the key leakage
problem.
Issues: MABTT is not practical due do infeasible large
sizes of public key and ciphertext.
D. A Hierarchical Attribute based Solution for Flexible and
Scalable Access Control in Cloud Computing
Z. Wan, Z.Liu et al [9]. HBSBE is driven by the CP-ABE
with hierarchical structure or cloud server. This approach not
only achieves scalability it achieves both flexibility and finegrained access control of data in cloud. The work for storing
the data in encrypted form is a common method of
information privacy protection. Cloud system is responsible
for both tasks on storage and encryption or decryption of data
Merits
1. Achieve flexibility and scalability.
2. It is also support compound attributes of Attribute
based encryption.
Issues: HASBE not only support compound attributes due
do flexible attribute set but also achieves efficient user
revocation because of multiple assignments of attributes
E. Attribute based Secure Data Sharing with Hidden
Policies in Smart Grid
J. Hur and X. Chenet al [10]. In smart grid as well as data,
policies for sharing the data may be sensitive because they
directly contain sensitive information, and reveal information
about underlying data protected by the policy, or about the
data owner or recipients. So Hur proposed attribute based
sharing scheme in smart grid. Not only the data but also the
access policies are obfuscated in grid operators point of view
during the data sharing process. Thus, the data privacy and
policy privacy preserved in the proposed scheme.
Merits
1. Ciphertext is obfuscated while supporting any
arbitrary access formula.
2. The expressiveness of the access policy is enhanced
and privacy is preserved.
Issues: Key escrow problem.

ISSN 2277 - 5048 | 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016

26

F. Scalable and Secure Sharing or Personal Health Records

in Cloud Computing Using ABE
Y. Zheng, K.Ren et al [11]. Personal health record is an
emerging patient-centric model of health information
exchange, which is often outsourced to be stored at a third
party such as cloud providers. However, there have been wide
concerns as personal health information to be stored at a third
party servers and to unauthorized parties. Yet issue such as
risks of privacy exposure, scalability in key management,
flexible access, and efficient user revocation, have remained
the most challenges toward achieving fine-grained,
cryptographically enforced data access control. So Zheng
proposed novel patient centric framework and a suite of
mechanism for data access control to PHRs semi trusted. To
achieve fine grained and scalable data access control for PHRs
use ABE to encrypt each patients PHRs file.
Merits
1. Reduce the complexity of key management problem.
2. This scheme enables dynamic modification of access
policies or file attributes.
Issues
1. Key management complexity.
2. It is not support dynamic policy updates.

Fig. 1: Architecture of System Model

G. Effective Data Access Control for Multi Authority Cloud

Storage System
K.Yang, B.Zhang et al [11]. Ciphertext policy attribute
based encryption is a promising technique for access control
of encrypted data. It requires a trusted authority manages all
the attributes and distributes key in the system. In cloud
storage system, there are multiple authorities co-exist and each
authority is able to issue attributes independently. This cause
inefficiency of decryption and revocation. To overcome this
problem DAC-MACS was proposed. It is an effective and
secure data access control scheme with efficient decryption
and revocation
Merits: DAC-MACS is provably secure in the random
oracle model and incurs less cost and computation cost
Issues: Key escrow problem
III.

PROBLEM FORMULATION

A. System Model
System model consists of four entities. These are Data
Owner, N-attribute authorities, Data Consumer and server.
Data Owner: Data Owner is the entity who wishes to
outsource encrypted data file to the cloud servers.
Cloud Server: The Cloud sever who is assumed to have
adequate storage capacity, does nothing but store them.
Attribute Authority: Authorities are assumed to have
powerful computation abilities, and they are supervised by
government offices because some attributes partially contain
users personally identifiable information. Therefore each
authority is aware of only part of attribute. The whole attribute
set divided into N-disjoint set and controlled by each
authority.

System Working Steps

1. Request public key
2. Upload outsource encrypted file
3. Request attribute secret private key
4. Downloaded the encrypted file
Data Consumer: Data Consumers are request private keys
from all of the attribute authorities, and they do not know
which attributes are controlled by which authorities .When the
Data Consumers request their private keys from authorities,
authorities jointly create corresponding private key and sent it
to them. All data Consumers are able to download any of the
encrypted data files, but only those whose private keys satisfy
the privilege tree Tp can execute the operation associated with
privilege p.
System model consists of five modules. They are follows
1. Register
2. Appeal for public key
3. Upload the file
4. Moderately decrypting and sending private key
5. Fully decrypting and downloading the file
Register: In this module, the Data Owner, Data Consumer
and Authority are register their personal details with
corresponding role. For example User Name, role, password,
email address.
Appeal for public key: The Data Owner appeal for public
key to the authority for uploading the information to the cloud
that are going to be accessed by the user. Then, the authority
check the data owner and send the public key access key to the
data owner.

ISSN 2277 - 5048 | 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016

27

Upload File: Data owner upload the file to the server using
public key from authority and the owner send the private key
to the user for downloading the file. And it will send to
authority for confidential

3.

Moderately decrypted and sending the private key:

Authority partially decrypt the file using private key and allow
permission to user for downloading file through key. The user
private key sent to the user email and user get the private key
downloading the file and viewed the file.

5.

Fully decrypting and downloading the file: User fully

decrypts the file using private key from mail and downloading
the necessary files for further access
B. Anony Control Construction
Attribute Based Encryption algorithm steps:
Public Key: the public key is a random generated binary
key, generated and maintained by key manager itself.
Particularly used for encryption and decryption.
Private Key: Private Key is the combination of the user
name, password. The private key is maintained by client itself.
Used for decrypt the file.
ABE Key: It is associated with a policy. The access key is
built on attribute based encryption. File access is of read and
write. It also include user role based on the policy.
1.

2.

3.

4.

Setup: A randomized algorithm setup (k) takes in as

input a security parameter and provides a set of public
parameters (PK) and the master key values (MK)
2.Key
Generation:
The
KeyGen(MK,PK,A)
algorithms takes the master key values (MK) the
public parameters (PK) and the attributes set of the
user (A) and outputs for the user and set of decryption
key SK which conform the users possession of all the
attributes in A and no other external attributes.
Encryption: The algorithm encryption (M, T, PK) is a
randomized algorithm that takes as input the message
to be encrypted (M), the access structure T which
needs to be satisfied and the public parameters (PK),
to the output ciphertext CT
Decryption: The decryption algorithm Dec (CK, SK,
PK) take as input the ciphertext CT, the user secret
key SK and the public key parameters PK and it
outputs the encryption message (M) if and only if
attribute A embedded in SK satisfy the access
structure T which was used while encrypting
ciphertext CT. If T (A) =1 them message M is outputs
else, it outputs 0

4.

Choose an integer e, 1 < e < phi, such that gcd (e, phi)
= 1.
Compute the secret exponent d, 1 < d < phi, such that
ed 1 (mod phi).
The public key is (n, e) and the private key (d, p, q).
Keep all the values d, p, q and phi secret. Where
n is known as the modulus.
e is known as the public exponent or encryption
exponent or just the exponent.
d is known as the secret exponent or decryption
exponent.

Encryption
Sender A does the following:
1. Obtains the recipient B's public key (n, e).
2. Represents the plaintext message as a positive integer
m, 1 < m < n
3. Computes the cipher text c = me mod n.
4. Sends the cipher text c to B.
Decryption
The plaintext message can be quickly recovered when the
decryption key d, an inverse of e modulo (p-1) (q-1) Is known.
(Such an inverse exists since gcd (e, (p-1) (q-1)) =1). To see
this, note that if d e *1 (mod (p-1) (q-1)), there is an integer k
such that d e = 1 + k (p-1) (q-1). It follows that.Cd = (Me) d =
M de = M1+k (p-1) (q-1)
By Fermat's theorem (assuming that gcd (M, p) = gcd (M,
q) = 1, which holds except in rare cases, it follows that Mp-1
*1 (mod p) and Mq-1 *1 (mod q), consequently.
Cd = M (Mp-1) k (q-1) *M 1 *M (mod p) andCd = M
(Mq-1) k (p-1) *M 1 *M (mod q) since gcd (p, q) = 1, it
follows that-Cd *M (mod pp.)
D. Requirement Specification
Hardware Specifications
Processor: Pentium IV Processor
RAM: 512 MB
Hard Drive: 40GB
Monitor

: 14 VGA COLOR MONITOR

Disk Space: 1 GB
Software Specifications
Operating System: Windows Xp / 7
Front End: JSP
Backend: My SQL

C. Security Model
RSA key generation algorithm steps.
The steps are follows:
Key Generation
1. Generate two large random primes, p and q, of
approximately equal size such that their product n =
pq, is of the required bit length, e.g. 1024 bits.
2. Compute n = pp. and (phi) = (p-1) (q-1)

ISSN 2277 - 5048 | 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016

IV.

28

RESULTS AND DISCUSSION

A. Screen Shots

Screenshot 1: Homepage of the System

Screenshot 4: Authority Send Request

Screenshot 2: Register Page

Screenshot 5: Public Key Request

Screenshot 3: Login Page

Screenshot 6: Upload the File

ISSN 2277 - 5048 | 2016 Bonfring

Bonfring International Journal of Data Mining, Vol. 6, No. 3, June 2016

29

[8]

[9]

[10]

[11]

[12]

[13]
[14]

Screenshot 7: Download the File

V.

CONCLUSION

[15]

This paper proposes two Anonymous Attribute Based

Encryption scheme such as Anonycontrol and Anonycontrol-F
to protect the user privacy the cloud computing system, these
schemes are achieve not only the data content but also user
identity anonymity while conducting privilege control based
on users identity information. More significantly, this system
can tolerate up to N-2 authority compromise, which is highly
superior particularly in internet based cloud computing
environment. So Anonycontrol and Anonycontrol-F are both
secure and efficient for cloud storage system
VI.

[16]
[17]
[18]

[19]

[20]

FUTURE ENHANCEMENT

In Anonymous Attribute Based Encryption scheme

produce truthfulness of user in this case of using attribute
based encryption key and it is also needs to trust the key
requester for he picks correct attribute keys corresponding to
his identity and extra communication overhead incurred. In
future to overcome this problem it is efficient to introduce user
revocation mechanism on Anonymous Attribute Based
Encryption scheme. This is the one of the great challenge in
the application of ABE

[21]

H. Ma, G. Zeng, Z. Wang and J. Xu, Fully secure multi-authority

attribute-based traitor tracing, J. Comput. Inf. Syst., Vol. 9, No. 7,
Pp. 27932800, 2013.
Z. Wan, J. Liu, and R. H. Deng, HASBE: A hierarchical attribute based
solution for flexible and scalable access control in cloud computing,
IEEE Trans. Inf. Forensics Security, Vol. 7, No. 2, Pp. 743754,
Apr. 2012.
J. Hur, Attribute-based secure data sharing with hidden policies in
smart Grid, IEEE Trans. Parallel Distrib. Syst., Vol. 24, No. 11,
Pp. 21712180, Nov. 2013.
M. Li, S. Yu, Y. Zheng, K. Ren and W. Lou, Scalable and secure
sharing of personal health records in cloud computing using attribute
based encryption, IEEE Trans. Parallel Distrib. Syst., Vol. 24, No. 1,
Pp. 131143, Jan. 2013.
K. Yang, X. Jia, K. Ren and B. Zhang, DAC-MACS: Effective data
access control for multi-authority cloud storage systems, Proc.
IEEEINFOCOM, Pp. 28952903, Apr. 2013.
Tor: Anonymized Network. [Online]. Available: https://www.
torproject.org/, accessed 2014.
J. Liu, Z. Wan and M.Gu, Hierarchical attribute-set based encryption
for scalable, flexible and fine-grained access control in cloud
computing, Information Security Practice and Experience. Berlin,
Germany: Springer-Verlag, Pp. 98107, 2014.
L. Zhang, X.-Y. Li, Y. Liu, and T. Jung, Verifiable private multiparty
computation: Ranging and ranking, in Proc. IEEE INFOCOM,
Pp. 605609, Apr. 2013.
Ciphertext-Policy Attribute-Based Encryption Toolkit. [Online].
Available: http://acsc.csl.sri.com/cpabe/, accessed 2014.
S. Yu, C. Wang, K. Ren and W. Lou, Attribute based data sharing with
Attribute revocation, Proc. 5th ASIACCS, Pp. 261270, 2010.
S. Yu, K. Ren, and W. Lou, Attribute-based content distribution with
hidden policy, in Proc. 4th Workshop Secure Network. Protocols, Pp.
3944, 2008.
A. Kapadia, P.P. Tsang and S.W. Smith, Attribute-based publishing
with hidden credentials and hidden policies, Proc. NDSS, Pp. 179192,
2007.
T. Jung, X. Mao, X.-Y. Li, S.-J. Tang, W. Gong and L. Zhang, Privacy
preserving Data aggregation without secure channel: Multivariate
polynomial evaluation, Proc. IEEE INFOCOM, Pp. 26342642, Apr.
2013.
C. Wang, N. Cao, J. Li, K. Ren and W. Lou, Secure ranked keyword
search over encrypted cloud data, Proc. IEEE 30th ICDCS, Pp. 253
262, Jun 2010.

REFERENCES
[1]
[2]

[3]
[4]

[5]

[6]

[7]

Y. Zhang, X. Chen, J. Li, D. S. Wong and H. Li, Anonymous attribute

based Encryption, Proc. 8thASIACCS, Pp. 511516, 2013.
V. Goyal, O. Pandey, A. Sahai and B. Waters, Attribute-based
encryption for FINE-grained access control of encrypted data, Proc.
13th CCS, Pp. 8998, 2006.
J. Bethencourt, A. Sahai and B. Waters, Key-policy attribute based
encryption, Proc. IEEE SP, Pp. 321334, May 2007.
J. Li, Q. Huang, X. Chen, S.S. Chow, D.S. Wong and Xie, Multi
authority
ciphertext-policy
attribute-based
encryption
with
accountability, Proc. 6th ASIACCS, Pp. 386390, 2011.
V. Boovic, D. Socek, R. Steinwandt and V. I. Villnyi, Multiauthority attribute-based encryption with honest-but-curious central
authority, Int.J. Comput. Math., Vol. 89, No. 3, Pp. 268283, 2012.
S. Hohenberger and B. Waters, Attribute-based encryption with fast
decryption, Public-Key Cryptography. Berlin, Germany: SpringerVerlag, Pp. 162179, 2013.
A. Lewko and B. Waters, Decentralizing attribute-based encryption,
Advances in Cryptology. Berlin, Germany: Springer-Verlag, Pp. 568
588, 2011.

ISSN 2277 - 5048 | 2016 Bonfring