In today’s world, the data confidentiality is broken by the powerful attackers by obtaining cryptographic keys by means of compulsion in cryptographic software. As soon as the encryption key is exposed, the only way to preserve data confidentiality is to limit the attacker’s access to ciphertext. For example by spreading the ciphertext blocks across multiple servers and thus came to the conclusion that the adversary cannot compromise all. In the existing scheme bastion is an efficient scheme that provides data confidentiality even the encryption key is leaked.
To this end we propose identity-based encryption which typically involves Private Key Generator (PKG) and user were the encryption is run by the sender and then the decryption is based on two components identity component and time component which is provided by the admin to the user. With the help of the PKG performance and data confidentiality can be achieved in the cloud.
Index terms Data confidentiality, Identity Based Encryption, Private Key Generator.
Cloud computing is the way of storing and accessing the data through the internet rather than depending on computers hard drive[1]. The cloud computing means internet based computing which provides different services including storage, application and servers. cloud computing may increase users’ flexibility by storing data on physical or virtual servers. They are controlled and maintained by cloud service providers such as Amazon, Microsoft azure. User can access the stored data on cloud through internet connectivity. The main aspect of developing in the cloud is to enable user to get their applications to market quickly.
Productivity may be increased when multiple users can work on the same data simultaneously, rather than waiting for it to be saved and emailed. Hardware failures will not result in data loss because of network backups.
In this paper, bastion a novel and efficient scheme which provides data confidentiality even when the adversary who knows the encryption key and can access all cipher text blocks[2]. The security of bastion is analyzed and evaluated its performance by means of prototype implementation[3]. In addition to that we also discuss the awareness with bastion integration in dispersed storage system. Thus the evaluation results for bastion is comfort for integration in developed systems since it provides less than 5% overhead to existing secure encryption modes.
Identity-Based Encryption (IBE) which simplifies the public key and certificate management at Public Key Infrastructure (PKI) is an important alternative to public-key encryption. However, one of the main efficiency drawbacks of IBE is the overhead computation at Private Key Generator (PKG) during user revocation. Efficient revocation has been well studied in traditional PKI setting, but the cumbersome management of certificates is precisely the burden that IBE strives to alleviate In this paper, aiming at tackling the critical issue of identity revocation, we introduce outsourcing computation into IBE for the first time and propose a revocable IBE scheme in the server-aided setting. Our scheme offloads most of the key generation related operations during key-issuing and key-update processes to a Key Update Cloud Service Provider, leaving only a constant number of simple operations for PKG and users to perform locally. This goal is achieved by utilizing a novel collusion-resistant technique: we employ a hybrid private key for each user, in which an AND gate is involved to connect and bound the identity component and the time component. Furthermore, we propose another construction which is provable secure under the recently formulized Refereed Delegation of Computation model. Finally, we provide extensive experimental results to demonstrate the efficiency of our proposed construction.SYSTEM ARCHITECTURE
This system consists of four main modules
1. Identity-based on Encryption
2. Efficient IBE with outsourced revocation
3. Key Service Procedures
4. Advanced Construction
1. IDENTITY BASED ON ENCRYPTION:
An IBE scheme which typically involves two entities, PKG and users (including sender and receiver) is consisted of the following four algorithms. Setup: The setup algorithm takes as input a security parameter and outputs the public key and the master Key. Note that the master key is kept secret at PKG[4]. Key Gen: The private key generation algorithm is run by PKG, which takes as input the master key and user’s identity. It returns a private key corresponding to the identity. Encrypt: The encryption algorithm is run by sender, which takes as input the receiver’s identity and a message to be encrypted. It outputs the cipher text. Decrypt: The decryption algorithm is run by receiver, which takes as input the cipher text and his private Key. It returns a message or an error. An IBE scheme must satisfy the definition of consistency. Specifically, when the private key generated by algorithm Key Gen when it is given as the input, then Decrypt where Encrypt[5]. The motivation of IBE is to simplify certificate management. For example, when Alice sends an email to Bob at bob@company.com, she simply encrypts her message using Bob’s email address “bob@company.com”, but does not need to obtain Bob’s public key certificate. When Bob receives the encrypted email he authenticate himself at PKG to obtain his private key, and read his email with such a private key.
2. EFFICIENT IBE WITH OUTSOURCED REVOCATION:
Intuition In order to achieve efficient revocation, we introduce the idea of “partial private key update” into the proposed construction, which operates on two sides: 1) Utilize a “hybrid private key” for each user in our system, which employs an AND gate connecting two sub-components namely the identity component and the time component respectively. is generated by PKG in key-issuing but is updated by the newly introduced KU-CSP in key update; 2) In encryption, we take as input user’s identity as well as the time period to restrict decryption, more precisely, a user is allowed to perform successful decryption if and only if the identity and time period embedded in his/her private key are identical to that associated with the cipher text. Using such skill, we are able to revoke user decrypt through updating the time component for private key by KU-CSP[6]. Moreover, we remark that it cannot trivially utilize an identical updated time component for all users because revoked user is able to re-construct his/her ability through colluding with unrevoked users. To eliminate such collusion, we randomly generate an outsourcing key for each identity, which essentially decides a “matching relationship” for the two sub-components. Furthermore, we let KU-CSP maintain a list to record user’s identity and its corresponding outsourcing key. In key-update, we can use to update the time component for identity[7]. Suppose a user with identity is revoked at. Even if he/she is able to obtain for identity, the revoked user still cannot decrypt cipher text encrypted under.
3. KEY SERVICE PROCEDURES: Based on our algorithm construction, the key service procedures includes key issuing, revocation and key update in our proposed identity based encryption. PKG maintains a time list and revocation list. When user request a private key , PKG runs Key Gen to get the private key and outsourcing key. KU-CSP should add the entry from PKG into a user list for Key update. When a user revoked at the same time, the unrevoked user need to request KU-CSP to send key update request for maintaining decrypt ability. On receiving the identity request the CSP initiate key update then the time component is send to the user.
4. ADVANCED CONSTRUCTION:
RDOC model originates from refereed games, and is later formalized. In RDOC model, the client can interact with multiple server and can obtain the correct output until one server follows the proposed ideology. The most advantages of RDOC over traditional model is that the security risk on one server is less when compared to multiple servers. In order to apply RDOC to our setting, we introduce alter independent KU-CSPs also. The three requirements are: 1) At least one KU-CSPs should be honest. 2) Computational complexity at the honest CSP is not much more than the other required for revocation. 3) PKG’s running time would be much smaller.
In this paper the problem of securing the outsourced data to the cloud against the attacker who access the encryption key. The bastion is a efficient technique suitable for this problem which requires a multiple cloud storage system and hence compromising all the servers is the drawback. And we proposed identity-based encryption which simplifies the public key and certificate management at Public Key Infrastructure(PKI). Furthermore, we propose another construction that is provable secure under the recently formulized refereed delegation of computational model.
Remember! This is just a sample.
You can get a custom paper by one of our expert writers.
Get your custom essay
Helping students since 2015
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download