Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud
Attribute-based encryption (ABE) has been widely used in cloud computing where a data provider outsources his/her encrypted data to a cloud service provider, and can share the data with users possessing specific credentials (or attributes). However, the standard ABE system does not support secure de-duplication, which is crucial for eliminating duplicate copies of identical data in order to save storage space and network bandwidth. In this paper, we present an attribute-based storage system with secure de-duplication in a hybrid cloud setting, where a private cloud is responsible for duplicate detection and a public cloud manages the storage. Compared with the prior data de-duplication systems, our system has two advantages. Firstly, it can be used to confidentially share data with users by specifying access policies rather than sharing decryption keys. Secondly, it achieves the standard notion of semantic security for data confidentiality while existing systems only achieve it by defining a weaker security notion. In addition, we put forth a methodology to modify a ciphertext over one access policy into ciphertexts of the same plaintext but under other access policies without revealing the underlying plaintext.
In existing system a data provider Bob intends to upload a file M to the cloud, and share M (file data) with users having certain credentials. In order to do so, Bob encrypts M under an access policy A over a set of attributes, and uploads the corresponding ciphertext to the cloud, such that only users whose sets of attributes satisfying the access policy can decrypt the ciphertext. Later, another data provider Alice, uploads a ciphertext for the same underlying file M but ascribed to a different access policy A0. Since the file is uploaded in an encrypted form, the cloud is not able to discern that the plaintext corresponding to Alice’s ciphertext is the same as that corresponding to Bob’s, and will store M twice. Obviously, such duplicated storage wastes storage space and communication bandwidth.
In this paper, we present an attribute-based storage system which employs ciphertext-policy attribute-based encryption (CP-ABE) and supports secure deduplication. In the proposed attributed-based system, the same file could be encrypted to different ciphertexts associated with different access policies, storing only one ciphertext of the file means that users whose attributes satisfy the access policy of a discarded ciphertext (but not that of the stored ciphertext) will be denied to access the data that they are entitled to. To overcome this problem, we equip the private cloud with another capability named ciphertext regeneration. For a ciphertext c of a plaintext M with access policy A, the private cloud will be provided with a trapdoor key which is generated along with the ciphertext c by a data provider. The private cloud can use the trapdoor key to convert the ciphertext c with access policy A to a new ciphertext C with another access policy A0 without knowing the underlying message M. Thus, if two data providers happen to upload two ciphertexts corresponding to the same file but under different access policies A and A0, the private cloud can regenerate a ciphertext for the same underlying file with an access policy A UA0 using the corresponding trapdoor key and then store the new ciphertext instead of the old one in the public cloud.
A data provider wants to outsource his/her data to the cloud and share it with users possessing certain credentials.
Attribute Authority (AA):
In this system Attribute Authority can generate first Public Key PK and Master Key MK as well The authority executes the algorithm which inputs a set of attributes S(S ⊆ A˜) and creates a Secret Key SK and these keys can be send to authorized User‘s.
The cloud consists of a public cloud which is in charge of data storage and a private cloud which performs certain computation such as tag checking.
At the user side, each user can download an item, and decrypt the ciphertext with the attribute-based private key generated by the AA if this user’s attribute set satisfies the access structure. Each user checks the correctness of the decrypted message using the label, and accepts the message if it is consistent with the label.
SYSTEM REQUIREMENTS HARDWARE REQUIREMENTS:
Hardware : Pentium Speed : 1.1 GHz RAM : 1GB Hard Disk : 20 GB
Development team :