IJIRST International Journal for Innovative Research in Science & Technology| Volume 3 | Issue 10 | March 2017

ISSN (online): 2349-6010

A Survey Report on Attribute Based Encryption

Methodologies to Secure Cloud Storage
Sadanand H Bhuse Santosh N Shelke
ME Student Assistant Professor
Department of Computer Engineering Department of Computer Engineering
Sinhgad Academy of Engineering Pune Sinhgad Academy of Engineering Pune

Abstract
Due to reliability, there are millions of the uses of the cloud storages. So clouds are widely developing field for various purposes.
Many cloud hosts are providing services to different clients for their data. Due to disaster management cloud can be used as
trustworthy storage mechanism. For such cloud storages encryption is done many a ways for securing data. The attribute based
encryption is the method to encrypt the contents. This paper discusses the attribute based encryption method for the cloud
storages. The method is also used to hide identity of the user that means the anonymous authentication can be implemented only
by use of attributes.
Keywords: Attributes, Encryption, Anonymity, Authentication
_______________________________________________________________________________________________________

I. INTRODUCTION

Cloud is the storage mechanism for various electronic data such as databases, Software, Platforms, communication services,
Commercial data storages etc. The security is also a big issue for the contents in the storage at cloud. Various encryption
mechanisms are used to protect data from unauthorized access as well as from the losses, attacks etc. There are methods used
such as public key infrastructure, Identity based encryption as well as fuzzy identity based encryption method. The attribute
based encryption is also a method to encrypt the contents by using attributes only. This paper contents few of these methods to
secure cloud storage by using attribute based authentication. Many sensitive data can be secured by using this mechanism. For
the same, we may achieve the anonymous authentication.

II. ACCESS CONTROL AND ENCRYPTION FOR AUTHENTICATION

The Encryption process is required to maintain security of the data, and also to control the access over the storage for specific
users. Generally the access control can be Identity Based Access Control, Role Based Access Control or Attribute Based Access
Control [2]. .

Fig. 1: Identity Based Access Control

All rights reserved by www.ijirst.org 227

 A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage
(IJIRST/ Volume 3 / Issue 10/ 042)

Fig. 2: Role Based Access Control

In User Based Access control, (Shown in fig 1) the system has list of authorized users who can get access after successful
login process (i.e. to enter valid credentials). In case of Role Based (Shown in fig 2) Access Control the users are divided by their
master roles. The certain role is eligible for the specific access. As there are too many users, UBAC is not feasible for the cloud
storage. In second method there are groups and many persons can get same services as per group policy. In case of attribute
based access control, it has extended scope. Each user is provided set of attributes. Only those users are allowed to access who
have valid set of attributes [1]. The attribute based signature is also solution over the ring signature, group signature and mesh
signatures as those are not feasible for cloud security due to various reasons [1] . (Shown in fig 3).

Fig. 3: Attribute Based Access Control

By referring the references [1], [2]&[3] general comparison between above discussed access control methods is shown in
following table fig no.4

Fig. 4: Comparison between Various access controls

All rights reserved by www.ijirst.org 228

 A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage
(IJIRST/ Volume 3 / Issue 10/ 042)

ABE is a technique with public key encryption based on the attributes possessed by the user. Using ABE, the data sets are
encrypted with respect to access policy, after that it is stored it to the cloud. Users have sets of attributes and keys. So, only users
who are matching the set of attributes are able to decrypt the contents on the storage in cloud. ABE has two classes as follows.
1) Key-policy ABE (KP-ABE)
2) Ciphertext-policy ABE (CP-ABE)
The general comparison between these two policies are described in table below.(fig. 5)

Fig. 5: Comparison of Kp-Abe & Cp-Abe

In [7], Chase et.al presented an ABE scheme which is efficient for the case of multiple authorities. In which the sender
specifies a set of attributes for each authority and a threshold number "k". Only if a user possess at least some "k" attributes from
each authority, can decrypt the message. It is noticed that the allowed attributes can be monitored by any number of individual
agencies. In this case the drawback may be the honesty of the administrator.
In [5] , system uses combination of private key of the user with attributes expressed in strings. When a source encodes
content, he requires specification of the access structure of attributes. The owner of the attribute satisfies the access structure
alone, can decode the encrypted text stored by the source. The access structure is monotonic in this case. In the access structure,
intermediate nodes contain gates and leaves contain attributes. The collusion-resistance is mandatory thing in this ref.: If
multiple users combine their attributes, the stored ciphertext can be decrypted only if at least one of the users could decrypt it on
their own[28]. The scheme is free from the collisions The limitation of this algorithm is attribute affects the length of the cipher
text and the pairs.
Lewko et.al discussed about a Multi-Authority ABE system [16], which is secure with respect to collusions of the number of
users. In this system, any user can create keys and issue them to the particular user, without any public coordination.
Using recent dual system encryption, the system has been established as secure system. This scheme considers the users
privacy.
In [1] Ruj et. al explained the distributed attribute based encryption method to keep user hidden i.e. users identity is kept
hidden. Though there is curious administrator, is not capable to watch the users detail. In [17] , Lewko et.al presented
Hierarchical Identity-Based Encryption (HIBE) and ABE schemes. With the increase in attribute space, the public parameters are
also increased

III. ANNONYMOUS AUTHENTICATION USING ABE

In case of sensitive information storage, it is supposed to keep user unknown for the system and system administrator to avoid
the conflictions and many more problems. In case of curious administrator, the contents will be visible but user will be hidden.
Cao et.al proposed an anonymous authentication system [6]. The scheme express interaction between service provider and user
here mobile user"s privacy is protected with Location Based Services (LBS).
Privacy Protection is the major issue for Location Based Services. This is because; the mobile users will not disclose any
details but service providers needs to authenticate valid users. In Cao et.al protocol, blind signature has been used by service
providers to generate the users anonymous identity and ring signature has been used by users to shuffle the anonymous identity
with other set of users[28].
In [24], Hua et.al proposed algorithm which is based on Diffie-Hellman problem, This scheme does not require CA. The key
feature of the scheme is that the key escape and key revocation problems. The limitation is that it less efficient and less secure
too, when using Identity based authentication in case of providing anonymous authentication.
In [23], efficient and secure password based two-factor mutual authentication scheme using Schnorr digital signature and feature
extraction from user"s finger-print was implemented by Yassin et.al.

All rights reserved by www.ijirst.org 229

 A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage
(IJIRST/ Volume 3 / Issue 10/ 042)

The system works without additional setup such as Software or devices are not required. This scheme has also additional
feature such as anonymity, freely chosen password, mutual authentication, and session key agreement between user and service
provider.
The beneficial thing is that this system is resisting from off-line attack, dictionary attack, parallel session attack, MITM attack,
insider attack, and replay attack etc. It works very better in case of password authentication system. It also allows users to to
authenticate Service Provider to avoid active adversary attacks.
Due to use of biometric it is more complex as far as the computations are concerned.
Khan et.al proposed an Anonymous Cloud framework [15]. The framework covers the data provenance from nodes where data
computation actually occurs and identities of the recipients by ownership labels and IP addresses. Using Tor anonymity circuit,
the users have received and replied the private data / jobs to achieve the Anonymity. The data ownership metadata has been
separated from labeled private data by utilizing public-key cryptography-based anonymous authentication. Separate node has
been used to bill the customers by ownership metadata without having access to private data, while computation nodes carry out
the anonymous job having access to private data. The advantage of Anonymous Cloud scheme is providing a high success rate
against a large percentage of attackers in the system and data ownership privacy. The drawback is High Computational overhead
in the construction of Tor circuits.[28]
[1] This scheme is proposed for: A user is creating a file and storing to cloud. Two protocols are used in this scheme i.e ABE
and ABS. as per fig 1 there are three users such as creator, reader, and writer. Here trustee provides token to creator, assuming
that trustee in honest. Multiple KDCs are there which can be scattered. On presenting the token a creator or more KDCs receive
keys for encryption or decryption and signing. As per fig SKs are secret keys given for decryption and Kx are keys for signing
in. MSG is the encrypted message under access policy X. Access for the particular user is decided by access policy e.g. who can
access data from the cloud storage. The claim policy is decided by creator to prove his authenticity and signs the message under
the claim. The cipher-text C with signature is c and it is sent to cloud. The signature is verified by cloud. And cipher-text C is
stores by cloud. If any user (reader) wants to read the contents, he must have same attributes for decrypting the data.
The principle of creating file is used for write proceeds. The time required for individual users for verifying themselves is
reduced due to the attribute based verification system designed. If it has enough attributes matching with the access policy, then
it decrypts the information stored in the cloud.
Storage mechanism in Cloud
The registration of the user is done with one or more trustees. Then user gets tokens, private/public keys, and A .
For an attribute x belonging to KDC Ai is calculated as Kx = K1/(a+bx) base , where (a, b) ASK[i].
The encrypted message can be explained as C = ABE . Encrypt (MSG,X) = ABS . Sign (Public key of trustee, Public key of
KDCs, token, signing key, message, access claim)
c = (C, , , Y). This is the final information stored to the cloud.
Retrieval from cloud
If some user makes request to the cloud for accessing data, the cipher-text C is sent by cloud with SSH protocol. Decryption is
committed using ABE .decrypt (C{skiu })
Writing to the clouds
Using claim policy user requests for access to the cloud for writing something to the cloud. The claim policies are verified by the
cloud and only those are permitted who are authentic.

Fig. 6: Claim Policy Structure

All rights reserved by www.ijirst.org 230

 A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage
(IJIRST/ Volume 3 / Issue 10/ 042)

IV. COMPARISON AMONG EXISTING SYSTEMS

The comparison between various systems is shown in following table.

Access Control
System Approach W/R Access Type of Encryption Privacy Preserving User Revocation?
(Fine Grained?)
[2] Yes Centralized OWMR Symmetric Key No authentication No
[29] Yes Centralized OWMR AB Encryption No authentication No
[3] Yes Centralized OWMR AB Encryption No authentication No
[21] Yes Decentralized OWMR AB Encryption No authentication Yes
[5] Yes Centralized OWMR AB Encryption No authentication No
[19] Yes Decentralized OWMR AB Encryption No privacy preserving Yes
[14] Yes Centralized MWMR AB Encryption authentication No
[2] Yes Decentralized MWMR AB Encryption authentication Yes

V. CONCLUSION

The attribute based access control, authentication, signature are the best methods to provide secure access control for various
storages (especially cloud storages). In case of sensitive information, we can keep identity of the user hidden i.e. anonymous
authentication can be achieved using attribute based access control. Though there is curious administrator, we can keep details of
the users secret. In such cases only the content are visible but user is known only with its attribute not by its identity or role.

ACKNOWLEDGEMENT

Our heartfelt thanks goes to Sinhgad academy of engineering, kondhwa pune for providing strong platform to develop our skills
and capabilities I would like to thank HOD Mr. Gite B.B, my guide Mr. Shelke S.N. and all the teachers for their valuable
guidance. I would also like to thank everybody who directly or indirectly helped for processing the paper.

REFERENCES
[1] Sushmita Ruj, Milos Stojmenovic, Amiya Nayak Decentralized Access Control with AnonymousAuthentication of Data Stored in Clouds IEEE
Transactions On Parallel And Distributed Systems Vol:25 No:2 Year 2014.
[2] C. Wang, Q. Wang, K. Ren, N. Cao and W. Lou, Toward Secure and Dependable Storage Services in Cloud Computing, IEEE T. ServicesComputing,
vol. 5, no. 2, pp. 220232, 2012
[3] Kartik, Chandrasekhar B N, Lakshmi H.Fully Anonymous Attribute-Based Encryption with Privacy and Access Privilege. International Conference on
Computational Systems and Information Systems for Sustainable Solutions 2016.
[4] Allison Lewko,Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption
[5] Bethencourt J., Sahai A. and Waters B., "Ciphertext-Policy Attribute Based Encryption, " in IEEE Symposium on Security and Privacy, 2007.
[6] Cao Y., Li Y., Li H. and Wang x., "An Anonymous Authentication Protocol for Privacy Protection in Location Based Services, " in WiCOM, 2008.
[7] Chase M., "Multi-Authority Attribute-Based Encryption, " in TCC,2007.
[8] Faiza Fakhar and Muhammad Awais Shibli., "Management of Symmetric Cryptographic Keys in Cloud Based Environment " - International Conference on
Advanced Communications Technology,20l3.
[9] Guojun Wang. and Qin Liu., "Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services, " in Proc. ACM Conf.
Computer and Communications Security (ACM CCS), Chicago,IL, 2010.
[10] Han 1., Susilo W. and Mu Y.," Privacy-Preserving Decentralized Attribute-Based Encryption, " in IEEE Transactions on Parallel and Distributed Systems
vo1.23, 2012.
[11] Hur J. and Noh D K., "Attribute-based access control with efficient revocation in data outsourcing systems, " in IEEE Transactions on Parallel and
Distributed Systems, 20 II.
[12] Jaccard 1., Manraj A. and Nepal S., "Portable Key Management Service for Cloud Storage, " - 8th International Conference on Collaborative Computing,
2012.
[13] Jahid, Mittal P. and Borisov N., "EASiER: Encryption-based access control in social networks with efficient revocations, " in ACM ASIACCS, 20 II.
[14] Jyun-Yao Huang., I-En Liao. and Chen-Kang Chiang, "Efficient Identity-Based Key Management for Configurable Hierarchical Cloud Computing
Environment, " -IEEE Transactions on Parallel and Distributed Systems, 2011.
[15] Khan S M. and Hamlen K M., "AnonymousCloud: A Data Ownership Privacy Provider Framework in Cloud Computing, " - IEEE II th International
Conference on Trust, Security and Privacy in Computing and Communications, 2012.
[16] Lewko A., and Waters B., "Decentralizing Attribute Based Encryption, " in EUROCRYPT,2011.
[17] Lewko A. and Waters B., "Unbounded HTBE and Attribute-Based Encryption, " in EUROCRYPT, 2011.
[18] Liang x., Lu R., Lin X. and Shen X. "Cipher text Policy Attribute Based Encryption with Efficient Revocation, " Technical report, Univ. of Waterloo, 2011.
[19] Kan Yang, Xiaohua Jia and Kui Ren, DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems, IACR Cryptology ePrint
Archive, 419, 2012.
[20] ShuchengYu., Cong Wang., KuiRen. and Wenjing Lou., "Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing, " in
Proc. IEEE TNFOCOM , pp. 534-542, 2010.
[21] Yan Zhu., Hongxin Hu., Gail-JoonAhn., Dijiang Huang. And Shanbiao Wang., Towards Temporal Access Control in Cloud Computing, " in INFOCOM,
2010.
[22] Yassin A., Jin H., Ibrahim A., Qiang W. and Zou D., "A Practical Privacy-Preserving Password Authentication Scheme for Cloud Computing, " - IEEE
26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum, 2012.
[23] Yu S., Wang C., Ren K. and Lou W., "Attribute based data sharing with attribute revocation, " in ACM Symposium on Information, Computer and
Communications Security, pp. 261 - 270, 2010. 349
[24] Zhang zhi-hua., Li jian-jun., Jiang Wei., Zhao Yong. and Gong Bei, "An New Anonymous Authentication scheme for Cloud Computing, " - International
Conference on Computer Science and Education (ICCSE), 2012.

All rights reserved by www.ijirst.org 231

 A Survey Report on Attribute Based Encryption Methodologies to Secure Cloud Storage
(IJIRST/ Volume 3 / Issue 10/ 042)

[25] Tysowski P.K., Hasan M.A., "Cloud-hosted key sharing towards secure and scalable mobile applications in clouds, " International Conference on
Computing, Networking and Communications (ICNC), 2013.
[26] Sumathi, R. ; Kirubakaran, E. ; Thangavel, M., "A secure data transfer mechanism using single-handed re-encryption technique ", International Conference
on Emerging Trends in Science, Engineering and Technology (INCOSET), Page(s): I - 9 2012
[27] Varalakshmi, P. ; Thangavel, M. ; Nithya, K. ; Priya, T. ; Sakthya, D. , EDSRPPC: An efficient data storage and retrieval through personalization and
prediction in cloud, Fifth International Conference on Advanced Computing (ICoAC), Page(s): 413 418 2013.
[28] M. Thangavel et al A Survey On Security Over Data Outsourcing, Sixth International Conference on Advanced Computing (ICoAC),2014
[29] M. Li, S. Yu, K. Ren, and W. Lou, Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in
multiowner settings, in SecureComm, pp. 89106, 2010.

All rights reserved by www.ijirst.org 232