Documents

An Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment Based on RSA Signature Assumption

Categories
Published
of 7
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Description
Bonfring International Journal of Research in Communication Engineering Volume 2, Issue 3, 2012
Transcript
  Bonfring International Journal of Research in Communication Engineering, Vol. 2, No. 3, September 2012 1 ISSN 2277 - 5080 | © 2012 Bonfring Abstract---   Cloud computing is a technology which allows the users to share the data and the applications over the internet. An efficient sharing of secure cloud storage services (ESC) scheme allows the users to share the messages in hierarchical order. If a receiver wants to retrieve a message when he is using a system with limited bandwidth, CPU and memory, then the ESC scheme may not work well. The computational cost for decryption is too high, because the receiver does not perform any partial decipherment. Based on the RSA signature, a Trapdoor Commitment scheme is  proposed to improve the security level. This scheme allows the receiver to create a short trapdoor and send it to the Cloud Service Provider (CSP) before retrieving files or messages for  finding out part of the cipher text. This scheme allows the  sender to participate in the partial signature, so as to reduce the computational cost. Keywords---   Cloud Computing, Partial Decipherment,  Partial Signature, Trapdoor Commitment I.   I  NTRODUCTION  LOUD computing means provision of services in a timely, on-demand manner, allows scaling up and down of resources. It is nothing but a virtualization of computing  program through an internet connection rather than installing application. The beauty of cloud computing is resource sharing. This concept helps the cloud service providers to attain optimum utilization of resources and it is designed in such a way that it provides the flexibility for sharing the application as well as other network resources. Cloud services can be divided into three stacks as IaaS, PaaS and SaaS. Infrastructure as a Service (IaaS) is the base layer of the cloud stack. It offers visualized computing resources. Platform as a Service (PaaS )offers an environment for developing an application. Software as a Service (SaaS) is the top most layer of the cloud computing stack which directly consumed by the end-users.  D. Palanikkumar, Assistant. Professor, Department of CSE, Anna University of Technology, Coimbatore, India, E-mail:  palani.journals@gmail.com  M. Sowmya varshini, Assistant. Professor, Department of CSE, Shanmuganathan Engineering College, Arasampatti, Pudukkottai, India. E-mail: sowmiya.varshini@gmail.com DOI: 10.9756/BIJRCE.1504 These cloud storage services enable users to access data in a cloud anytime and anywhere, using any devices, in a pay-as-you-go manner. In a user hierarchy, the upper-level user may wish to read all the files stored in the cloud, whereas only the qualified lower-level users can read the files. The upper-level user can store all the important files in the cloud. Although some important files are stored in the cloud, the cloud service  provider has no idea of any information regarding the files. The concept of Attribute Based Encryption (ABE) [2],[6],[7] schemes can enable a sender to encrypt a message to multiple recipients. In this scheme, totally there are two  parties: attribute authorities and users, where the attribute authorities can generate the secret keys for all the users who are all in the same level. The message can be encrypted and decrypted by multiple recipients who are all in the same level. But this ABE scheme cannot support user hierarchy. Based on the above analysis, an efficient sharing of secure cloud storage services (ESC) scheme was proposed by Q. Liu et al.,[15]. The concept of this scheme supports a user hierarchy. To support this concept, a hierarchical identity- based architecture in cloud computing is proposed to embody the user hierarchy in the sharing of secure cloud storage services. In this architecture, the root Private Key Generator (PKG) delegates the upper-level user as the lower-level PKG to generate the secret keys for all the lower-level users. So the authentication and secret key transmission can be carried out locally. Next, the upper-level user can encrypt and store all the important files and messages only once in the cloud. Only the authorized receivers can get the files from the cloud by using their own private keys. Although some important files in the cloud, the cloud service provider has no idea of any information regarding the file. The ESC scheme is collusion resistant. In this scheme, the lower-level user/receiver does not  perform any partial decipherment. Also the lower-level user requires too much computational cost for decrypting the file. If a receiver wants to retrieve a file when he is using a PDA with limited bandwidth, CPU and memory, then this scheme may not work well. To solve this problem, the Trapdoor Commitment scheme is proposed by using RSA signature. The signature can be realized by using RSA algorithm. Using this algorithm, the sender can sign the plaintext by using his private key and the encryption can be performed by using receiver’s public key. The decryption can be performed by the receiver using his  private key and the public key of the sender to verify the signature. The main purpose of digital signature is guarantees An Enhanced Security Enabled Sharing of Protected Cloud Storage Services by Trapdoor Commitment Based on RSA Signature Assumption D. Palanikkumar and M. Sowmya varshini  Bonfring International Journal of Research in Communication Engineering, Vol. 2, No. 3, September 2012 2 ISSN 2277 - 5080 | © 2012 Bonfring the confidentiality, authentication of the information that transformed in insecurity and unreliable network. The Trapdoor Commitment helps the users to construct a secure signature scheme. This scheme allows the sender to first hide a value by computing a commitment, and then reveals the hidden value together with some related information to open the commitment so that the receiver can check whether the commitment is de-committed correctly. By this way, the security of the system can be improved. This will largely reduce the computational cost for decryption. II.   R  ELATED W ORK   An Identity based encryption from the weil pairing concept was introduced by D. Boneh et al., [4]. The IBE system defines about the chosen ciphertext security for identity-based encryption. This system is based on bilinear maps between groups. The primary drawback of IBE system is that, the attacker may intrude while decrypting the ciphertext. The main drawback of IBE system is distribution of public keys for each user in the system. To defeat D. Boneh et al., [4] concept, a new construction for hierarchical identity-based encryption (HIBE) system is  proposed by Genry et al., [13] which has chosen ciphertext security in the random oracle model under the Bilinear Diffie- Hellman (BDH) assumption. In this, the public key generator (PKG) must verify the identity proofs of the user. If it is valid, then only establish secure channels for transmitting private keys. So the hierarchical identity- based encryption scheme (HIBE) allows root PKG to distribute the workload by delegating private key generation and identity authentication to lower-level PKG. The construction by Boneh et al., [5] provides a HIBE system with constant size ciphertext. In their scheme, the length of the ciphertext and private key as well as time needed for decryption grows linearly in the depth of the hierarchy. This scheme provides selective ID secure in the standard model and also in the random oracle model. It provides secure encryption system with short ciphertext. The system supports limited delegation where users can be given restricted private keys that allow delegation to bounded depth. In the first recent work, Gentry et al., [12] proposed hierarchical identity based encryption (HIBE) system that has full security for more than a constant number of levels by using identity based broadcast encryption with key randomization. In all prior HIBE systems, the security reductions suffered from exponential degradation in the depth of the hierarchy, so these systems were only proven fully secure for identity hierarchies of constant depth. Hence this system is secure for polynomially many levels because it offers tight proof of security. Liu et al., [15] described about an efficient privacy  preserving keyword search scheme in cloud computing. When the user needs to encrypt and decrypt files containing certain keywords, which depletes too much CPU capability and memory power. In order to protect the user data privacy and user queries privacy, this scheme enables the service provider for searching the certain keyword on encrypted files. This scheme will largely reduce the clients computational overhead and enables the cloud service providers to search the keywords on encrypted files to preserve the user data privacy and user queries privacy efficiently. A new type of encrypted access control is introduced in a system for Ciphertext-Policy Attribute Based Encryption by Bethencourt et al., [2]. Here a set of attributes which specifies the user’s private keys and a party encrypting data can specify a policy over these attributes specifying which users are able to decrypt. Any monotonic tree access structure is needed to represent the policies and it is resistant to collusion attacks in which an attacker might obtain multiple private keys. Multi-authority attribute based encryption scheme  proposed by Chase [6]. This scheme allows any polynomial number of independent authorities to monitor attributes and distribute secret keys. The sender can choose a number and a set of attributes for each authority; he can then encrypt a message such that a user can only decrypt if he has at least that specified number of the given attributes from each authority. This scheme can tolerate an arbitrary number of corrupt authorities. For better performance, Chase et al., [7] has proposed Improving privacy and security in multi-authority attribute- based encryption. This system allows the authorities to combine their information with all of the user attributes, which unnecessarily compromises the privacy of the user. Multi-authority attribute-based encryption enables a more realistic deployment of attribute-based access control, such that different authorities are responsible for issuing different sets of attributes. For more security, a trapdoor commitment is introduced by M. Fischlin [8] in Trapdoor Commitment Schemes and Their Applications. The trapdoor commitment scheme has both commitment phase and de commitment phase for improving security. The message can be encrypted in commitment phase and the receiver has to decrypt the message by using private key in de commitment phase. The trapdoors turn out to be very useful for the design of secure cryptographic protocols involving commitment schemes. The security of practical two-party RSA signature scheme was introduced by M. Bellare et al., [1]. In a two-party RSA signature scheme, a client and server, each holds a share of RSA decryption exponent. Then, compute an RSA signature under public keys. This concept is applicable to password- based security, where client's part of decryption is based on  password. This scheme provides a security based on the assumptions about RSA and the hash functions used on it. A digital signature scheme secure against adaptive chosen-message attacks was given by S. Goldwasser et al., [12]. This scheme is based on the property of being robust against an adaptive chosen-message attack. This concept deals with that no one can able to forge the signature when he receives for message .This scheme is potentially practical because signing and verifying signatures are fast and signatures are compact too.  Bonfring International Journal of Research in Communication Engineering, Vol. 2, No. 3, September 2012 3 ISSN 2277 - 5080 | © 2012 Bonfring III.   P ROBLEM D EFINITION    A.    Hierarchical Identity-Based Architecture The hierarchical identity-based architecture is to symbolize the user hierarchy in the sharing of the secure cloud storage services (see Fig.1). This architecture consists of a root Public Key Generator (PKG) and multiple domains. At the top level, the root PKG is a Trusted Third Party (TTP). The upper-level users and the lower-level users constitute a domain. The root PKG will generate the system parameters for encryption and the secret keys for the upper-level users, which in turn generates the system parameters and the secret keys for the lower-level users. Hence authentication and secret key transmission can be carried out locally in a domain. In a domain, a sender can specify multiple recipients for an encrypted file by taking the number and the public keys of those recipients as inputs of a hierarchical identity-based encryption, so that the sender and all authenticated recipients can decrypt the file by using their private keys. This can be done by encrypting the file only once and store the copy of that file in the cloud. The intended recipients can decrypt the file from the cloud using their private keys. Therefore, the sender can efficiently share the secure cloud storage services with all the receivers in a domain.  B.    Definition of the ESC Scheme Let Bob and all the users in Company A constitute a domain, denoted Dom A. Suppose there are N users U1 ,…,U  N in Dom A, whose public keys are denoted as ID-tuplei = (IDBob, IDi) for 1 ≤ i ≤ N . In DomA, when the sender S wants to encrypt a file to R uesrs U1, . . . , UR (1 ≤ R ≤ N ), he sends the following message to the CSP: MSGS2CSP = One2ManyEnc (params, R, ID-tuple1,. . . , ID-tupleR, f) where params are the system parameters, R is the number of the intended recipients, ID-tuple1, . . . , ID-tupleR are the ID-tuples of U1, . . . , UR, respectively, and f is the file. One2ManyEnc is a hierarchical identity-based encryption algorithm. C.   Construction of the ESC Scheme The existing Efficient sharing of Secure Cloud storage services (ESC) scheme allows the sender to encrypt the file by using his/her public key, and store the copy of the encrypted file only once in the cloud. The sender as well as all the intended recipients can decrypt the file by using his/her own  private keys. This scheme has four contributions: TTP Figure 1: Hierarchical Identity-Based Architecture in Cloud The problem with efficient sharing of the secure cloud storage services scheme is that the user will enjoy a more scalable, and secure service. A hierarchical identity-based architecture in cloud computing is proposed to embody the user hierarchy in the sharing of the secure cloud storage services. The ESC scheme allows the user to encrypt the file/message only once and stores the copy in the cloud. But the sender and all the intended recipients can decrypt the message by using their private keys. The ESC scheme is collision resistant. The ESC scheme consists of five polynomial time algorithms are as follows: RootSetup: The root PKG takes large security  parameter as input to generate the system  parameters and a root master key. The master key will be only known by the root PKG. DomSetup: The root PKG generates the secret keys for the lower-level PKGs, which, in turn generate the secret keys for the entities in their domains at the  bottom level. One2ManyEnc: The sender takes system parameters, finite plaintext space, number of users and the ID-tuples of the recipients as inputs, and outputs a cipher text. UserDec: Bob takes system parameters, a private key, and the cipher text as inputs to recover the plaintext. RecipientsDec: The intended recipients takes system  parameters, a private key, a master key, ID-tuple, and the cipher text as inputs to recover the plaintext. The main drawback of this existing system is that we do not want TTP for generating a private key. The main reason is that the private key should not be revealed to any party including a partially trusted party. With that the computational overhead is high because receiver does not perform any partial decipherment. Also the lower-level user requires too much computational power for decrypting the file. If a lower-level user wants to retrieve the files/messages when he is using a PDA with limited bandwidth, CPU, and memory, this ESC scheme may not work well. The computational cost for Root PKG Upper-level Users Lower-level Users  Bonfring International Journal of Research in Communication Engineering, Vol. 2, No. 3, September 2012 4 ISSN 2277 - 5080 | © 2012 Bonfring decrypting the file depends on the number of users in the hierarchy. IV.   I MPLEMENTATION    A.   Trapdoor Commitment (TC) Scheme The Commitment scheme allows the sender to first hide a value by computing a commitment, and then reveals the hidden value along with some information to open the commitment so that the receiver can check that the commitment is de committed correctly. So a secure commitment scheme should satisfy both the hiding property and the binding property. Once the commitment has been made, the sender cannot able to cheat the receiver by telling different value. At the same time the receiver is unable to know what value is committed actually. In a Trapdoor Commitment (TC) scheme, there is one trapdoor that would allow the owner of the trapdoor to open the commitment. This scheme does not support binding  property. It helps the users for the construction of secure signature scheme. There will a valid answer for de commitment that can be specified by the owner of the trapdoor usually the commitment receiver. The reason is that once getting such a valid answer to a commitment, the outsider cannot distinguish whether this answer is revealed by the sender. This is why trapdoor commitment scheme helps the users to improve the security. The trapdoor commitment scheme consists of four algorithms, i.e., TCgen, TCcom, TCver, TCsim. The receiver runs the key generation algorithm TCgen to get a commitment  public key and corresponding trapdoor. Given a value and the commitment public key, commitment algorithm TCcom generates a pair (com, dec), where com is the commitment to a value and dec is the related information used for de commitment. Next one is commitment verification algorithm TCver, it checks whether the value is valid to the commitment with respect to public key. Finally the simulation algorithm TCsim, allows the receiver to simulate a new answer for a commitment by using the trapdoor. The Trapdoor Commitment scheme consists of four algorithms as follows: TCgen: The receiver runs the key generation algorithm TCgen to get a commitment public key pk and the corresponding trapdoor td. TCcom: Given a value r and the commitment public key pk, Commitment algorithm TCcom outputs a pair (com, dec), where com is the commitment to a value r and dec is the related information used to de TCver: A commitment verification algorithm TCver is used to check whether an answer (r, dec) is valid to a given commitment com with respect to public key  pk. TCsim: A simulation algorithm allows the receiver, using the trapdoor td, to simulate a new answer (r’, dec’) for a commitment com when one answer (r, dec) is given. Figure 2: Construction of Trapdoor Commitment Scheme Commit The above Trapdoor Commitment scheme is formally  proved to be secure under the strong RSA assumption.  B.   Construction of the RSA-based Trapdoor Commitment Scheme Our proposed work is that, in ESC scheme the sender can encrypt the file/message only once and store it in a cloud.  Now the receivers can decrypt the files from the cloud. This exchange should be securely carried out in a hierarchy. For that, the receiver should send a short trapdoor to the Cloud Service Provider (CSP) for finding part of the cipher text without leaking any information about the plain text (see Fig.2). To reduce the cost, RSA-based partial signature concept helps the sender to send the message securely within a stipulated time. The work is that, both the sender and the receiver have to register with TTP to send their signatures on message m. The registration is made with the help of their partial private keys. Based on the RSA signature in which first splits the sender S  private key d into d1 and d2 so that d= d1 + d2 mod (n). Then, d2 is delivered to the TTP while keeps (d, d1, d2) as secrets. If the sender wants to send their signatu re σS = h(m)d mod n to receiver R where h(.) is a cryptographically secure hash function. Now the sender sends partial signature σ1 = mod n to receiver and proves that σ1 prepared correctly in an interactive zero-knowledge way, enhanced by a trapdoor commitment scheme which depends on receiver’s signature  public key. Sender Upper-level User Receiver Lower-level User CSP ESC Scheme Trapdoor Commitment Scheme CSP
Search
Similar documents
View more...
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks