IJRIT International Journal of Research in Information Technology, Volume 3, Issue 6, June 2015, Pg.13-17

International Journal of Research in Information Technology (IJRIT) www.ijrit.com

ISSN 2001-5569

Identity-Based Secure Distributed Data Storage with Dual Encryption M Rajendra Babu, M.Tech, RYMEC, Bellary Kavitha Juliet, Asst Prof RYMEC, Bellary

Abstract – Distributed data storage can be Secured and shift the burden of maintaining a huge number of files from the Data owners database to proxy servers. The Proxy servers or external data storage servers can encrypt the original files without knowing the actual contents of the original files. The dual encryption on the original data is done to provide confidentiality and integrity of data which is out sourced to receiver, for this IBSDDSWDE (Identity-Based Secure Distributed Data Storage with Dual Encryption) was proposed. The schemes can capture the following properties for Identity-Based Secure Distributed Data Storage scheme With Dual Encryption : (i) The Data Owner or file owner will decide the access permission for authenticated user independently without the help of the PKG (private key generator) from the receiver side; (ii) Only one file can be accessed at a time , instead of all files of the File owner; (iii) This scheme is secure against the collusion attacks, Even if the receiver is compromised with the proxy servers, receiver cannot obtain the owner’s secret key. The 1st scheme is only secured on the chosen plaintext attacks (CPA), the 2nd scheme is secured on the chosen cipher text attacks (CCA). This is the first IBSDDSWDE schemes where access permissions and authentication are made by the owner to the exact original file in proxy server and collusion attacks can be protected. Index Terms- Distributed Data Storage, Identity Based System, Encryption

I. INTRODUCTION Cloud computing provides small organizations and users with a convenient mechanism and methods to manage their personal data files which is called as DAS (Database-as-a-service). In this scheme, Data owner or file owner can outsource his encrypted data files to un-trusted proxy servers (External Storage). Data Owner Encrypts the file before sending it to proxy servers and Proxy servers performs some encryption functions on the outsourced ciphertexts sent by data owner without knowing anything about the original files. This technique cannot be employed extensively, because the main reason is that the users are especially concerned on the integrity, security and confidentiality. The cloud is managed by an un-trusted party, the outsourced files with in the cloud computing is more complicated than the local systems in which data is stored. Once the data file is outsourced to proxy servers, the user will remove the file from his local Storage. The problem is how to guarantee the outsourced data files which are not accessed by the authenticated users and not modified by proxy servers. The ciphertext sent by data owner is maintained in the proxy server, how to provide guarantee that an authorized user can access the outsourced ciphertext files from proxy servers is another concern. Confidentiality and integrity is proposed to prevent unauthenticated users from accessing the data files as it is subject to unauthenticated disclose and access after being outsourced. The confidentiality of outsourced encrypted text data has been the main focus among the research community after introducing Database-as-a-service (DAS). To provide confidentiality to the outsourced data, encryption schemes like DES (Data Encryption Standard) and RNS (Residue number systems) are deployed. Integrity can prevent outsourced data file from being modified and replaced. This scheme is been proposed to protect the integrity and confidentiality of the outsourced data files. Hashing technique is used to generate message digest key (Token) for checking authorization, Queries in data storage is executed between a proxy server and receiver to receive the original data file. Some functions are performed by proxy server on the outsourced ciphertexts and convert them in to original data file for the receiver. The receiver can obtain the data file which is outsourced by the data owner without the proxy server knowing the actual content of the data in the files.

M Rajendra Babu, IJRIT-13

IJRIT International Journal of Research in Information Technology, Volume 3, Issue 6, June 2015, Pg.13-17

II. RELATED WORKS Data Storage Systems Data storage systems provide users to store their data to external Storage i.e. proxy servers to enhance the access permission (Authentication), availability and reduce the maintenance cost. The privacy issues of this scheme is outsourcing or expanding from the data confidentiality to data utility, and it points to the main research directions to protect the externally stored data in the proxy servers. The data storage systems are mainly classified into three types which are based on the security services: cryptographic file systems (CFS), storage-based intrusion detection systems (SBIDS) and networked file systems (NFS). Cryptographic File System In Cryptographic File System end-to-end encryption and security services are provided by cryptographic tools and protocols which are executed by the data owner or file owner to prevent unauthorized users and proxy servers from accessing the Original files and modifying the original Data files. Two types of systems are used in this scheme known as shared and non-shared file system. The File owner can share his data files with a group of authenticated users in shared file systems. Cryptographic protocols and techniques are deployed in these systems for sharing the key, agreement and revocation. In order to share a file with different data file users, the owner will compute the access key or permission key for the user using his secret key in non-shared file systems. In Cryptographic File System scheme the reliability of the perceptive file is provided by digital signature methods and the message authentication codes (MAC). Storage-based Intrusion Detection Systems In Storage-based Intrusion Detection Systems, an intrusion detection scheme is attached in proxy servers or the data owner to detect the invader’s behaviors, such as inserting virus like Trojan horses or other virus and tampering with the original data and audit logs. There are two schemes which are classified into two types namely HBS (Host-Based System) and NBS (Network-Based System). An Intrusion Detection scheme is used in NBS (Network-Based System) in the proxy servers to analyze and detect the external invader’s action or intruder’s actions. An Intrusion Detection scheme is used in HBS (Host-Based Systems) in the host to detect the local invaders actions. Advantage of this scheme is that the proxy servers can still detect the invaders actions even if the proxy server and host are compromised as the host and proxy servers are independent.

Networked File Systems In Networked File Systems the proxy servers used by data owners are assumed to be trusted. The receivers are authenticated and access permissions are validated for receivers. The interactions between the receivers and proxy servers are executed in a safe and secure channel. The end-to-end data security cannot be provided for these systems and the confidentiality of the data file stored in the proxy server cannot be assured. A receiver is authenticated himself to the proxy server using his own password. The authentication result passed by the proxy server to the data owner or file owner. The owner will make authenticated access permission for the receiver according to the received data. Identity-based Secure Distributed Data Storage In identity-based secure distributed data storage (IBSDDS) scheme, User’s can exchange the data with every one without checking the public key certificates and user’s congruence identity is an arbitrary string and any two users can communicate with each other. The data owner encrypts his original data files under his identity prior to transfer them to proxy servers and he sends the generated ciphertexts to the proxy servers. Therefore, the proxy servers can transfer the ciphertext which is encrypted under the identity of the data owner to a ciphertext which is encrypted under the identity of the data receiver after obtaining the access permission (reencryption key) from the data owner. To specify confidentiality for the out sourced data, an efficient IBSDDS scheme should provide the following properties. 1. Unidirectional. 2.

Non-interactive.

3. Key optimal. 4. Collusion-safe. 5. Non-transitive. 6. File-based access. Identity-based Proxy Re-encryption M Rajendra Babu, IJRIT-14

IJRIT International Journal of Research in Information Technology, Volume 3, Issue 6, June 2015, Pg.13-17

To authorize the decryption power to a designated decryptor proxy cryptosystem was introduced. The atomic proxy cryptosystem was proposed in which semi-trusted proxy server transfers the ciphertext for the original decoder to a ciphertext for the designated decoder without knowing the actual contents in the plaintext file. Proxy cryptosystem is well organized primitive which has been used in email forwarding, law implementation and data storage. Public key can be any random string in Identity-based cryptosystem and trusted party’s private key generator (PKG) issues the secret key to receiver. Public key infrastructure (PKI) is bit different from other infrastructures; the two parties can communicate directly for accessing the files without verifying their public key certificates in IBS (Identity-Based Systems). Identity-based proxy encryption (IBPE) is the formal security model for communicating in both single and bi-directional. To extract the secret keys for users and split into two parts the main master key is used. Proxy server will receive one key and the other key will be sent to the user. The receiver can decrypt a ciphertext with the help of the proxy server in which the files are stored. Collusion attacks cannot be controlled by this scheme; if the user is compromised with the proxy server the master secret key can be exposed. The encrypted key can be figured by the original decryptor. Random number is selected by original decryptor and re-encryption key is computed by randomizing his secret key. Then, the selected random number is encrypted under the receiver’s identity. Finally, reencryption key is sent to decryptor and the ciphertext is sent to the proxy server. By using the re-encryption key, designated decryptor can receive the ciphertext from the original decryptor with the use of proxy servers. The designated decryptor can now decrypt the ciphertext using his secret key and the random number chosen by the original decryptor is obtained by designated decryptor. Finally designated decryptor can decrypt the re-encrypted ciphertext by using the random number. Our Contribution In this paper, two schemes are proposed for Identity-Based Secure Distributed Data Storage scheme With Dual Encryption (IBSDDSSWDE), the user can only access one of the data owner’s files at a time, instead of all files. Access permission (reencryption key) is bound for both receiver and the file which is accessed. The authenticated access permission can be decided by the data owner or file owner, instead of the trusted third party with. These schemes are secure against the collusion attacks and other attacks like hacking. The first scheme is CPA (Chosen plain text Attacks) is secured, the second scheme achieves Chosen Cipher-Text Attacks (CCA) security. IBSDDSSWDE scheme is the first scheme where access permission is made by the Data owner or file owner for an exact original file and it can be protected from collusion attacks. To achieve a stronger security and to implement file based access control, the Data owner or file Owner must be online to authenticate receivers and also to generate Authorization and access permissions for them. Therefore, in this Scheme the owner has to do more computations than the receiver. Although other schemes can provide the similar functionalities of this scheme when the owner only has one file, the other schemes are not flexible and practical. In this scheme Token is generated using hash function and two Encryption algorithms DES and RNS are used for encrypting data files. The Encryption cannot be done externally. III. PROPOSED SYSTEM A. Identity -Based Secure Distributed Data Storage with Dual Encryption This proposed system consists of four entities in Identity-Based Secure Distributed Data Storage scheme With Dual Encryption: the private key generator (PKG), the data owner, the receiver and the proxy server. The private key Generator (PKG) validates the user’s identity by using Message Digest Key (Token) which is generated by Hashing function and then data Owner provides the secret keys to user, if the user identity is authenticated. The data owner or file owner encrypts the original data and outsources it to the proxy servers. Proxy server stores the cipher text i.e. encrypted data and transfers the data owners ciphertext to the receiver in which receiver obtains the access permission i.e. re-encryption key from data owner. Here the Message digest key and secret key for receiver is sent through e-mail. The receiver authenticates himself to data owner and then re-encrypts the ciphertext with the use of secret key in order to obtain the original text. In this Scheme the Original data is encrypted two times, first while uploading it to proxy server, it is done internally by data owner using RNS algorithm while uploading it to proxy server and secondly the ciphertext is encrypted in the proxy server by using DES algorithm. B. Module: Admin Admin Domain Authority is a super user who creates the Data Owner and maintains the Proxy server’s configurations. He has the rights to Add, Edit or Delete any number of Data owners. Data Owner Data Owner is a person who will outsource the files in to Proxy servers which in turn accessed by the authorized Data users. Data Owners are like high level authorities in organization who will upload the file in to proxy servers. Whenever the file is uploaded it will be encrypted by the system using Data Owners Encryption Key (Two Layer Encryption) and then it is outsourced to proxy servers. M Rajendra Babu, IJRIT-15

IJRIT International Journal of Research in Information Technology, Volume 3, Issue 6, June 2015, Pg.13-17

Data Owner has to specify the Access permission for each and every file. Access policies are set using Domain Attribute and SubDomain Attribute. Data owner can set file access control and file access control details which can be viewed and deleted. Transaction details can be checked by data owner. Data owner can change his password when necessary. Data User Data users are receivers who can request files from data owners. Data user can register by using registration form to request files from data owner and they will receive the Identity Token through e-mail. Data consumer will receive their access key (Attributed based Decryption Key) i.e. secret key from respective data owner through e-mail. With the help of the access key they can download the files for which they have requested, here access control is set by data owner. Suppose the data consumer wants to download any file, first he has to select the file from the list and the system and request for the access key from data owner, After receiving the secret key from data owner it will separate the Attribute Set from the key and check for the access rights, if the user has the access rights then he can download the encrypted file which in turn decrypted using the decryption key and download to the data consumer local system. C. Algorithms Used: A. RNS Algorithm: A residue number system is defined by a set of N integer constants, {m1, m2, m3, ... , mN }, referred to as the moduli. Let M be the least common multiple of all the mi. Any arbitrary integer X smaller than M can be represented in the defined residue number system as a set of N smaller integers {x1, x2, x3, ... , xN} with xi = X moduli mi representing the residue class of X to that modulus. First, we have to select two primary keys (prime numbers) P1 and P2, Data N, Key Generation: M = P1 * P2, A1 = M / P1, A2 = M / P2, T Value is calculated by: T1 = ((A1 * T) mod P1) == 1 and T2 = ((A2 * T) mod P2) == 1 Encryption Process is calculated by: R1 = N % P1 and R2 = N % P2 Decryption Process: E = [(A1 * T1 * R1) + (A2 * T2 * R2)] mod M

C. Data Encryption Standard: The Data Encryption Standard is a block of cipher, meaning a cryptographic key and algorithm are applied to a block of data in the file simultaneously rather than one bit at a time. To encrypt a plaintext message, DES groups it into 64-bit blocks. Encryption is done as C = EK(P) , C- Ciphertext , EK -Encryption Algorithm , P – Plaintext Decryption P = EK-1(C) , EK-1 - Decryption Algorithm The basic process in encrypting a 64-bit data block and a 56-bit key using the DES consists of: • An IP (initial permutation), • Complex key dependent calculation f is done in 16 rounds. • Being the inverse of IP is the final permutation.

IV. CONCLUSION Distributed data storage schemes provide confidentiality and integrity on data for the users with convenience to transfer their files to untrusted proxy servers (local or Cloud server). Identity-based secure distributed data storage schemes with dual encryption is a unique kind of distributed data storage schemes which are used by the users to identified the key generated by data owner using hashing function and can access the data files stored in proxy servers without the need of authenticating the public key M Rajendra Babu, IJRIT-16

IJRIT International Journal of Research in Information Technology, Volume 3, Issue 6, June 2015, Pg.13-17

certificates. We proposed two new IBSDDS schemes with dual encryption in standard model where, the receiver can only access one file at a time, rather than all files in the proxy servers. In addition, the access permission can be made by the data or file owner, instead of the trusted third party. The schemes used in IBSDDS with dual encryption are secure against the collusion attacks. The two schemes which are secured are chosen plaintext attacks and the second one is Chosen Cipher text attacks.

V. FUTURE WORK In this Paper identity-based secure distributed data storage schemes with dual encryption the future enhancements is to allow users to access and upload PDF files and Excel sheets. In the Future research will include improvement like accessing and uploading the pictures, videos and images encrypted format for user convenience.

REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9]

V. Kher and Y. Kim, “Securing distributed storage: Challenges, techniques, and systems,” in Proc. ACM Workshop On Storage Security And Survivability StorageSS’05 (V. Atluri, P. Samarati, W. Yurcik, L. Brumbaugh, and Y. Zhou, eds.), (Fairfax, VA, USA), pp. 9–25, ACM, Nov. 2005. Di Vimercati .S. D. C. and Samarati. P, “Data protection in outsourcing scenarios Direction and Issues,” in Proc. ACM Symposium on Communications Security, Information Security and Computer Security - ASIACCS’10 (D. Feng, D. A. Basin, and P. Liu, eds.), (Beijing, China), pp. 1–14, ACM, Apr. 2010. How to build a trusted database system on untrusted storage, by U. Maheshwari, R. Vingralek, and W. Shapiro. Symposium on Operating System Design and Implementation - OSDI’00, (San Diego, California, USA), pp. 135–150, USENIX, Oct. 2000. A. G. Pennington, Griffin J. L, J. D. Strunk, and J. S. Bucy, G. R. Ganger, “Storage-based intrusion detection,”, vol. 13, no. 4, pp. 30:1–30:27, ACM Transactions on Information and System Security, 2010. Automatic formal analysis of a protocol for safe file sharing on untrusted storage , by A. Chaudhuri and B. Blanchet, Symposium on Security and Privacy - S & P’08), (Oakland, California, USA), pp. 417–431, IEEE, May 2008. W.G. Tzeng and C.K. Chu, “Identity-based proxy re-encryption without random oracles,” in Proc. Information Security Conference - ISC’07 (J. A. Garay, A. K. Lenstra, M. Mambo, and R. Peralta, eds.), Lecture Notes in Computer Science vol. 4779, (Valparaso, Chile), pp. 189–202, Springer, Oct. 2007. M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Proc. Applied Cryptography and Network Security, 07’ACNS (J. Katz and M. Yung, eds.), Lecture Notes in Computer Science vol. 4521 , (Zhuhai) , China , pp. 288–306, Springer, Jun. 2007. Q. Tang, P. Hartel, , and W. Jonker, “Inter-domain identity-based proxy re-encryption,” in Proc. Information Security and Cryptology - Inscrypt’2008 (M. Yung, P. Liu, and D. Lin, eds.), vol. 5487 of Lecture Notes in Computer Science, (Beijing) , China , pp. 332–347, Springer 2008 Dec. A. Ivan and Y. Dodis, “Proxy cryptography revisited,” in Proc. Network and Distributed System Security Symposium - NDSS’03, (San Diego, California, USA), pp. 1–20, The Internet Society, Feb. 2003.

AUTHORS M Rajendra Babu, M.Tech, Rao Bahadur Y.Mahabaleswarappa Engineering College, Bellary, India, [email protected]. Asst Prof Kavitha Juliet, Rao Bahadur Y.Mahabaleswarappa Engineering College, Bellary, India, [email protected]

M Rajendra Babu, IJRIT-17

Identity-Based Secure Distributed Data Storage with Dual ... - IJRIT

In Cryptographic. File System scheme the reliability of the perceptive file is provided by digital signature methods and the message authentication codes. (MAC).

81KB Sizes 2 Downloads 318 Views

Recommend Documents

Identity-Based Secure Distributed Data Storage with Dual ... - IJRIT
In Cryptographic. File System scheme the reliability of the perceptive file is provided by digital signature methods and the message authentication codes. (MAC).

A Novel Scheme for Remote Data Storage - Dual Encryption - IJRIT
Abstract:- In recent years, cloud computing has become a major part of IT industry. It is envisioned as a next generation in It. every organizations and industries ...

A Novel Scheme for Remote Data Storage - Dual Encryption - IJRIT
stored in the cloud. By using the corresponding private key, the embedded data and the key can be extracted successfully from the cloud. This scheme ensures ...

Yobicash: a cryptocurrency for secure sharing and storage of data
The World Wide Web is built on top of technologies for sharing, storing and retrieving data. A few decades after its inception, the web has become the backbone of the information economy, and thanks to innovations as the Internet of Things, Virtual R

Dynamic Auditing Protocol for Data Storage and ... - IJRIT
(TPA) to verify the correctness of the dynamic data stored in cloud. Here the .... analyze the audits (verification) performed by the verifier (TPA) and get a better ...

Improved Mining of Outliers in Distributed Large Data Sets ... - IJRIT
achieve a large time savings and it meets two basic requirements: the reduction of the ... of real data sets and in the prevalence of distributed data sources [11].

Improved Mining of Outliers in Distributed Large Data Sets ... - IJRIT
Abstract- In Data Mining, a distributed approach for detecting distance-based ... of all the data sets is widely adopted solution requires to a single storage and .... This implementation is portable on a large number of parallel architectures and it

Dynamic Auditing Protocol for Data Storage and ... - IJRIT
Authentication Forwarding Mechanisms to scale the usability of the servers by ... the broad range of both internal and external threats for data integrity [11].

Secure overlay cloud storage with access control and ...
We design and implement FADE, a secure overlay cloud storage system that achieves ... a more fine-grained approach called policy based file assured deletion, ...

CStorage: Distributed Data Storage in Wireless Sensor ...
ments) of the signal employing compressive sensing (CS) tech- niques [6, 7]. On the ..... Networks,” Technical. Report, University of Southern California,, 2009.

Secure the Cloud Storage and Recovery of Security Risks and ... - IJRIT
of multi-clouds due to its ability to reduce security risks that affect the cloud computing user. ... In order to define cloud computing, it is first necessary to explain what is ... Software as a Service provides software or application which can be

Secure the Cloud Storage and Recovery of Security Risks and ... - IJRIT
Now a day‟s rapidly increased use of cloud computing in the many organization and IT industries and provides new software with low cost . Ensuring the ...

Secure and Distributed Knowledge Management in Pervasive ...
2 Department of Information and Communication Systems Engineering University of the. Aegean ... solutions observed in the past few years and the high rates of ..... of the Education and Initial Vocational Training. Program – Archimedes. 7.

Fault Tolerance in Distributed System - IJRIT
Fault-tolerant describes a computer system or component designed so that, in the event that a component fails, a backup component or procedure can immediately ... millions of computing devices are working altogether and these millions of ...

Fault Tolerance in Distributed System - IJRIT
Fault Tolerance is an important issue in Distributed Computing. ... The partial failure is the key problem of the distributed system, .... architecture and design.

Availability in Globally Distributed Storage Systems - USENIX
Abstract. Highly available cloud storage is often implemented with complex, multi-tiered distributed systems built on top of clusters of commodity servers and disk drives. So- phisticated management, load balancing and recovery techniques are needed

Availability in Globally Distributed Storage Systems - Usenix
layered systems for user goals such as data availability relies on accurate ... live operation at Google and describe how our analysis influenced the design of our ..... statistical behavior of correlated failures to understand data availability. In

Availability in Globally Distributed Storage Systems - USENIX
*Now at Dept. of Industrial Engineering and Operations Research. Columbia University the datacenter environment. We present models we derived from ...

Availability in Globally Distributed Storage Systems - Usenix
(Sections 5 and 6). • Formulate a Markov ..... Figure 6: Effect of the window size on the fraction of individual .... burst score, plus half the probability that the two scores are equal ... for recovery operations versus serving client read/write

Data Security Proofs in the Cloud Storage Data ... - IJRIT
Company, who desires to store their data in the cloud, buy or lease storage capacity from them ... Blob store, cloud by Apple. ... It's further complicated for the owner of the data whose devices like Personnel Digital Assist and mobile phones.

Data Security Proofs in the Cloud Storage Data ... - IJRIT
In cloud computing, data is moved to a remotely located cloud server. Cloud ... Data Integrity is very important among the other cloud storage issues. .... The next generation of cloud storage provides a new architecture to address the storage, ...

Secure Adhoc Routing Protocol for Privacy Preservation - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 1, Issue 9, .... Communication anonymity in data management has been discussed ..... “Rumor riding: anonymizing unstructured peer-to-peer systems,” IEEE Trans.

Scrambled Number Generator For Secure Image ... - IJRIT
Scrambled Number Generator For Secure Image. Transfer. Y.Chaitanya ... and decryption. Full text: https://sites.google.com/a/ijrit.com/papers/home/V1I1150.pdf.

Scrambled Number Generator For Secure Image ... - IJRIT
The present way of image scrambling technique for a secure data image ... space analysis, statistical analysis, correlation analysis, differential analysis, key ...