PRIVACY PRESERVING DELEGATED ACCESS CONTROL IN PUBLIC

CLOUDS

.OBJECTIVE:

The main objective of this project is constructing a secure data storage system that

supports multiple functions is challenging when the storage system is distributed and has no

central authority.

DOMAIN:

Cloud computing

SYNOPSIS:

Current approaches to enforce fine-grained access control on confidential data hosted in

the cloud are based on fine-grained encryption of the data. Under such approaches, data owners

are in charge of encrypting the data before uploading them on the cloud and re-encrypting the

data whenever user credentials change. Data owners thus incur high communication and

computation costs. A better approach should delegate the enforcement of fine-grained access

control to the cloud, so to minimize the overhead at the data owners, while assuring data

confidentiality from the cloud. We propose an approach, based on two layers of encryption, that

addresses such requirement. Under our approach, the data owner performs a coarse-grained

encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted

data. A challenging issue is how to decompose access control policies (ACPs) such that the two

layer encryption can be performed. We show that this problem is NP-complete and propose

novel optimization algorithms. We utilize an efficient group key management scheme that

supports expressive ACPs. Our system assures the confidentiality of the data and preserves the

privacy of users from the cloud while delegating most of the access control enforcement to the

cloud

EXISTING SYSTEM:

As data generation is far outpacing data storage it proves costly for small

firms to frequently update their hardware whenever additional data is created. Also

maintaining the storages can be a difficult task. It transmitting the file across the

network to the client can consume heavy bandwidths. The problem is further

complicated by the fact that the owner of the data may be a small device, like a

PDA (personal digital assist) or a mobile phone, which have limited CPU power,

battery power and communication bandwidth.Cloud computing enables highly

scalable services to be easily consumed over the Internet on an as-needed basis. A

major feature of the cloud services is that users’ data are usually processed

remotely in unknown machines that users do not own or operate. While enjoying

the convenience brought by this new emerging technology, users’ fears of losing

control of their own data (particularly, financial and health data) can become a

significant barrier to the wide adoption of cloud services.

LIMITATIONS:

The main drawback of this scheme is the high resource costs it requires for

the implementation.

Also computing hash value for even a moderately large data files can be

computationally burdensome for some clients (PDAs, mobile phones, etc).

Data encryption is large so the disadvantage is small users with limited

computational power (PDAs, mobile phones etc.).

PROPOSED SYSTEM:

Data owner to enforce access control through encryption performed at the data owner.

However, unlike previous approaches, SLE assures the privacy of the users and supports fine-

grained ACPs. All these encryption activities have to be performed at the owner that thus incurs

high communication and computation cost.

ADVANTAGES:

Privacy

Security

Integrity

SYSTEM ARCHITECTURE:

SYSTEM SPECIFICATIONS:

HARDWARE:

Intel Pentium IV

256/512 MB RAM

1 GB Free disk space or greater

1 GB on Boot Drive

17” XVGA display monitor

SOFTWARE:

MS Windows XP/7

MS DotNet Framework 4.0

MS Visual Studio.Net 2010

Internet Information Server (IIS)

Front End: ASP.Net With C#

Back End: SQL SERVER 2008