Volume 6, Issue 4, April 2016

ISSN: 2277 128X

International Journal of Advanced Research in

Computer Science and Software Engineering
Research Paper
Available online at: www.ijarcsse.com

Secure and Verifiable Policy Update Outsourcing Big Data

in Cloud Computing
K. Seetha
MCA, PG Student, Dept. Computer Applications
Anna University, Trichy (BIT campus) Tamilnadu, India

Dr. A. Valarmathi
Head, Dept. Computer Applications
Anna University, Trichy (BIT campus) Tamilnadu, India

AbstractDue to the high volume and velocity of big data, it is an effective option to store big data in the cloud, as the
cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-Based
Encryption (ABE) is a promising technique to ensure the end-to-end security of big data in the cloud. A trivial
implementation is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it
back to the cloud. This method, however, incurs a high communication overhead and heavy computation burden on
data owners. In this paper we propose a novel scheme that enabling efficient access control with dynamic policy
updating for big data in the cloud. We also focus on developing an outsourced policy updating method for ABE
systems. This method can avoid the transmission of encrypted data and minimize the computation work of data
owners, by making use of the previously encrypted data with old access policies.
Keywords Access control, Attribute Based Encryption (ABE), Policy Updating, Outsourcing, Big Data, Cloud.
I. INTRODUCTION
Policy updating issue has not been considered in existing traditional attribute-based access control Schemes. We
also update the access policy of the encrypted data in the cloud. Heavy communication overhead of the data retrieval can
be eliminated and the computation cost on data owners can also be reduced. Cloud computing provides seemingly
unlimited virtualized resources to users as services across the whole Internet, while hiding platform and
implementation details. Todays cloud service providers offer both highly available storage and massively parallel
computing resource set relatively low costs. As cloud computing becomes prevalent, an increasing amount of data is
being stored in the cloud and shared by users with specified privileges. which define the access rights of the stored

Fig 1 Architecture of cloud computing

Attribute-Based Encryption (ABE) has emerged as a promising technique to ensure the end-to-end data security in
cloud storage system. It allows data owners to define access policies and encrypt the data under the policies, such that
only users whose attributes satisfying these access policies can decrypt the data. When more and more organization and
enterprises outsource their data into the cloud, the policy updating becomes a significant issue as data access policies may
be changed dynamically and frequently by data owners. However, this policy updating issue has not been considered in
existing attribute-based access control schemes. The policy updating is a difficult issue in attribute-based access control
systems, because once the data owner outsourced data into the cloud, it would not keep a copy in local systems.
2016, IJARCSSE All Rights Reserved

Page | 762

Seetha et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(4),
April- 2016, pp. 762-767
When the data owner wants to change the access policy, it has to transfer the data back to the local site from the
cloud, re-encrypt the data under the new access policy, and then move it back to the cloud server. By doing so, it incurs a
high communication overhead and heavy computation burden on data owners. This motivates us to develop a new
method to outsource the task of policy updating to cloud server. The grand challenge of outsourcing policy updating to
the cloud is to guarantee the following requirements:
Correctness: Users who possess sufficient attributes should still be able to decrypt the data encrypted under new
access policy by running the original decryption algorithm.
Completeness: The policy updating method should be able to update any type of access policy.
Security: The policy updating should not break the security of the access control system or introduce any new
security problems. The system model consists of the following entities: authorities (AA), cloud server (server), data
owners (owners) and data consumers (users).
II. RELATED WORKS
A. Expressive, efficient, and revocable data access control for multi-authority cloud storage
Cipher text-Policy Attribute-based Encryption CP-ABE is regarded as one of the most suitable technologies for data
access control in cloud storage, because it gives data owners more direct control on access policies. It is difficult to
directly apply existing CP-ABE schemes to data access control for cloud storage systems because of the attribute
revocation problem. Efficient and revocable data access control scheme for multi-authority cloud storage systems, where
there are multiple authorities co-exist and each authority is able to issue attributes independently. Our attribute revocation
method can efficiently achieve both forward security and backward security.
B. Privacy Preserving Cloud Data Access With Multi- Authorities
To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed due
to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage
systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce
multiple encrypted copies of the same data or require a fully trusted cloud server. Data access control for multi authority
cloud storage (DAC-MACS), an effective and secure data access control scheme with efficient decryption and
revocation.
III. POLICY UPDATING IN METEOROLOGY
The proposed system focuses on solving the policy updating problem in ABE systems, and proposes a secure and
verifiable policy update outsourcing method. Instead of retrieving and re-encrypting the data, data owners only send
policy updating queries to cloud server, and let cloud server update the policies of encrypted data directly, which means
that cloud server does not need to decrypt the data before/during the policy updating. This scheme can not only satisfy all
the above requirements, but also avoid the transfer of encrypted data back and forth and minimize the computation work
of data owners by making full use of the previously encrypted data under old access policies in the cloud.
A. Policy Checking Entity Free:
In ABAC, access policies are defined by data owners but do not require any entity (e.g., the server) to check these
policies. Instead, access policies in ABAC are enforced implicitly by the cryptography. Due to this key feature, ABAC is
widely applied to control big data in cloud environments, where cloud servers are not trusted to enforce access policies.
B. Storage Efficiency:
In traditional Public Key Cryptography, for each data, multiple copies of ciphertexts are produced whose number is
proportional to the number of users. Considering the high volume of big data, it incurs a huge storage overhead even
when only doubling the volume of big data. Fortunately, in ABAC, only one copy of ciphretexts is generated for each
data, which can reduce the storage overhead significantly.
IV.

PROPOSED SYSTEM ARCHITECTURE

Figure 2 proposed System Architecture

2016, IJARCSSE All Rights Reserved

Page | 763

Seetha et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(4),
April- 2016, pp. 762-767
STEPS FOR PROPOSED SYSTEM
A. Data Owner
Data Owner achieves public key from any one of the authorities, and he uses the public key to encrypt the data file
before outsourcing with third party it to the Cloud Servers.
B. Policy updates Authority
The authority generates the key so that owner can encrypt the data and user can decrypt the data. It checks the data is
safe also provide protection to the data. Each user data is assigned with a global user identity and can freely get the cipher
texts from the Authority.
C. Key Generation
Here Keys are generating for every unique files. At the time of user retrieving any file key is essential for access the
file. In a linear scheme, the secret is viewed as an element of a finite field, and the shares are obtained by applying a
linear mapping to the secret and several independent random elements.
D. Cloud User
This module is used to help the user to search the file using the multiple key words concept and get the accurate
result list based on the user query. The user is going to select the required file and register the user details. After entering
the key User can download the file which is an encrypted data.
V. RESULTS AND DISCUSSION
In this paper, we focus on solving the policy updating problem in ABE systems, and propose a secure and verifiable
policy updating outsourcing method. Instead of retrieving and re-encrypting the data, data owners only send policy
updating queries to cloud server, and let cloud server update the policies of encrypted data directly, which means that
cloud server does not need to decrypt the data before/during the policy updating. Our scheme can not only satisfy all the
above requirements, but also avoid the transfer of encrypted data back and forth and minimize the computation work of
data owners by making full use of the previously encrypted data under old access policies in the cloud. The contributions
of this paper include: Formulate the policy updating problem in ABE systems and develop a new method to outsource
the policy updating to the server. Propose an expressive and efficient data access control scheme for big data, which
enables efficient dynamic policy updating.
VI. OUTPUT SCREENSHOTS

Figure 3 Admin page

Figure 3 shows that home page then register the details of owner and admin activate that and enter the login page
2016, IJARCSSE All Rights Reserved

Page | 764

Seetha et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(4),
April- 2016, pp. 762-767

Figure 4 Registration page

Fig 4 state that data owner register the details

Figure 5 Login Data owner Details

Fig 5 State that data owner login mail-id and password then click submit button

Figure 6 upload data

Fig 6 State that data owner successfully viewing ciphertexts form for the encrypted data
2016, IJARCSSE All Rights Reserved

Page | 765

Seetha et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(4),
April- 2016, pp. 762-767

Figure 7 data user login

Fig 7 state that data user login and enter the email-id and password

Figure 8 download file

Figure 8 state that data user downloading for searching file

Figure 9 Enter secret key

2016, IJARCSSE All Rights Reserved

Page | 766

Seetha et al., International Journal of Advanced Research in Computer Science and Software Engineering 6(4),
April- 2016, pp. 762-767
Figure 9 shows that data user put the secret key from mail-id after click submit button.

Figure 10 download file

Fig 10 shows that data user enter the secret key then click submit button then download the file under the bottom of
system.
VII. CONCLUSION
The proposed scheme guarantees that the actual data owner could pass the cloud servers authentication and legally
update the cipher text corresponding to the owners data, authentication and performance .A dynamic policy access
control scheme is secure in the generic bilinear group model. Public key encryption also called as asymmetric encryption
involves a pair of keys, public key and private key associates with an entity. Ensure the data confidentiality in the cloud.
Paper analyzed about the policy updating problem in big data access control systems and formulated the challenging
requirements like data overload and time consumption of this problem
REFERENCES
[1]
V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-based encryption for fine grained access control of
encrypted data, in CCS06. ACM, 2006, pp. 8998.
[2]
J. Bethencourt, A. Sahai, and B. Waters, Ciphertext-policy attribute based encryption, in S&P07. IEEE,
2007, pp. 321334.
[3]
B. Waters, Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure
realization, in PKC11. Springer, 2011,pp. 5370.
[4]
A. B. Lewko, T. Okamoto, A. Sahai, K. Takashima, and B. Waters, Fully secure functional encryption:
Attribute-based encryption and (hierarchical) inner product encryption, in EUROCRYPT10. Springer, 2010,
pp. 6291534542.
[5]
E. Damiani et al. 2010.New Paradigm for Access Control in Open Environment. Proceeding of 5th IEEE
International Symposium on Signal Processing and Information.
[6]
P. Bonatti and P. Samarati. 2012. A unified framework for regulating access and information release on the web.
Journal of computer Security. 10(3): 241-272.
[7]
L. Wang, D. Wijesekera and S. Jajodia. 2014. A logic based framework for attribute based access control.
Proceeding of ACM workshop on formal methods in Security Engineering. pp. 45-55, ACM press.

2016, IJARCSSE All Rights Reserved

Page | 767