Privacy Preserving Policy Based Content Sharing in Public Clouds

Privacy Preserving Policy Based Content Sharing in Public Clouds

Technology Used: Java/J2EE

Also Available in DOT NET

An important problem in public clouds is how to selectively share documents based on fine-grained attribute based access control policies. An approach is to encrypt documents satisfying different policies with different keys using a public key crytosystem such as attribute based encryption (ABE), and/or proxy re-encryption (PRE). However, such an approach has some weaknesses. A direct application of a symmetric key cryptosystem also has similar weaknesses. We observe that, without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the above weaknesses. Based on this idea, we formalize a new key management scheme called broadcast group key management (BGKM) and then give a secure construction of a BGKM scheme called ACV-BGKM. The idea is to give some secrets to users based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets and some public information. A key advantage of the BGKM scheme is that adding users/revoking users or updating access control policies can be performed efficiently by updating only some public information. Using our BGKM construct, we propose an efficient approach for fine-grained encryption based access control for documents stored in an untrusted cloud file storage.

PROPOSED SYSTEM
Without utilizing public key cryptography and by allowing users to dynamically derive the symmetric keys at the time of decryption, one can address the group key management issues. Based on this idea, a new GKM scheme called broadcast GKM(BGKM) and then give a secure construction of BGKM scheme and formally prove its security.
The idea is to give secrets to users based on the identity attributes they have and later allow them to derive actual symmetric keys based on their secrets and some public information.
Develop an attribute-based access control mechanism whereby a user is able to decrypt the contents if and only if its identity attributes satisfy the content provider’s policies, whereas the content provider and the cloud learn nothing about user’s identity attributes.

Advantages
 A key advantage of the BGKM scheme is that adding users/revoking users or updating access control policies can be performed efficiently and only requires updating the public information.
 Maximum trust
 Key indistinguishability
 Key independence
 Forward secrecy
 Backward secrecy and
 Minimal computational, space and communication cost.

Leave a Reply