The document describes a proposed fully anonymous attribute-based encryption system to control access to cloud data while protecting user anonymity. It discusses the motivation for privacy in cloud computing and outlines the design of the proposed AnonyControl-F system using multiple attribute authorities. The system is implemented and tested, demonstrating that authorized users can access encrypted data when their attributes match the access policy, while attribute authorities cannot determine which attributes a user possesses.

1. A Fully Anonymous Attribute-Based Encryption to
Control Cloud Data Access and Anonymity
Submitted by Under the Guidance of
Pavan Boora Santosh Naik
M.Tech (Network & Internet Engineering) Assistant Professor
ISE Department ISE Department
Jain University Bangalore Jain University Bangalore
11/27/2016 1Jain University, ISE Department

2. Contents
1) Problem statement
2) Motivation
3) Introduction
4) Existing system
5) Drawbacks of existing system
6) Literature Survey
7) Proposed system
8) Software requirements
9) System design
10) System implementation
11) Results
12) Testing
13) Conclusion
14) Future enhancements
15) References
11/27/2016 Jain University, ISE Department 2

3. Problem Statement
• To design and implement a multi authority fully anonymous Attribute
Based Encryption control scheme to address the data privacy and
user identity privacy problems in cloud computing environment .
11/27/2016 3Jain University, ISE Department

4. Motivation
• Cloud Computing provides big trends in today’s IT world. Due to the
benefits…. it provides attention on business, industry as well as academia.
• It provides computing resources dynamically via Internet. But has some
challenges related, like data confidentiality, data privacy and security.
• Privacy is related to the data contents and the users identity, so it is need
to protect the identity of users.
11/27/2016 4Jain University, ISE Department

5. Introduction
• Cloud computing provides many advantages in the today’s IT world,
which enables flexible, ubiquitous, on-demand, and low-cost usage of
computing resources.
• But the data is outsourced to some cloud servers, and various privacy
concerns come out from it.
• An anonymous ABE privilege control scheme to address not only the data
privacy, but also the user identity privacy.
11/27/2016 5Jain University, ISE Department

6. • AnonyControl-F decentralizes the central authority and makes multi
authorities to limit the identity leakage and thus we can achieves
anonymity.
Evolution to ABE
• Identity-based encryption (IBE) was first introduced by Shamir, in which
the sender of a message can add an identity to msg and only a receiver
with matching identity can decrypt it.
• Few years later, Fuzzy Identity-Based Encryption is proposed, which is also
known as Attribute-Based Encryption (ABE).
11/27/2016 6Jain University, ISE Department

7. • In ABE an identity is viewed as a set of descriptive attributes, and
decryption is possible if a decrypter’s identity has some overlaps (same
attributes) with the one specified in the Ciphertext.
• Soon after, more general tree-based ABE schemes Key-Policy Attribute-
Based Encryption (KP-ABE) and Ciphertext-Policy Attribute-Based
Encryption (CP-ABE)
11/27/2016 7Jain University, ISE Department

8. CP-ABE
• In the CP-ABE, ciphertexts are created with an access structure e.g. (A or
B) AND ( E AND F), which specifies the encryption policy, and private keys
are generated according to user’s attributes.
• A user can decrypt the ciphertext if and only if his/her attributes private
key(s) satisfy the access structure specified in the ciphertext.
• By doing so, the encrypter holds the ultimate authority about the
encryption policy. Also, the already issued private keys will never be
modified unless the whole system reboots.
11/27/2016 8Jain University, ISE Department

9. Access Control via CP-ABE
PK
MSK
SKSarah:
“manager”
“IT dept.”
SKKevin:
“manager”
“sales”
OR
IT dept. AND
manager marketing







11/27/2016 9Jain University, ISE Department

10. Existing System
• A semi anonymous privilege control scheme called AnonyControl that
addresses the data Confidentiality, and partial user identity privacy
leakage is present in existing access control methods. Partially tolerates
the compromise attacks towards attribute authorities.
• The key point of the identity information leakage we had in existing
scheme is that key generator issues attribute’s private key based on the
reported attribute, and the generator has to know the user’s attribute to
do so.
11/27/2016 10Jain University, ISE Department

11. Drawbacks of Existing System
• Privacy risks would rise drastically because the servers may illegally
inspect user's data and access sensitive information.
• Personal data is at risk because one's identity is authenticated based on
his/her data. Scope of collude(come to a secret understanding) with
malicious Data Consumers or Data Owners to harvest others’ file contents
to gain illegal profits.
11/27/2016 11Jain University, ISE Department

12. Literature Survey
Author Name of the paper Existing Solution Drawbacks
V. Božovi´ c, D.
Socek, R.
Steinwandt, and V.
I. Villányi,
Multi-authority
attribute-based
encryption with
honest-but-curious
central authority
scheme is secure in
the selective ID
model and can
tolerate an honest-
but-curious central
authority.
Cant not tolerates
the compromise
attacks towards
attribute
authorities.
Violating the intent
of the encrypting
party
11/27/2016 Jain University, ISE Department 12

13. Literature Survey (continued..)
Author Name of the paper Existing system Drawbacks
M. Chase and S. S.
M. Chow
Improving privacy
and security in
multi-authority
attribute-based
encryption
Multi-authority
attribute-based
encryption enables
a more realistic
deployment of
attribute-based
access control, such
that different
authorities are
responsible for
issuing different
sets of attributes
Data contents
confidentiality and
privacy has been
achieved but
identity privacy
neglected
11/27/2016 Jain University, ISE Department 13

14. Literature Survey (continued..)
Author Name of the paper Existing system Drawback
A. Sahai and B.
Waters
Fuzzy identity-
based encryption
Fuzzy-IBE can be
used for a type of
application that we
term “attribute-
based encryption”.
Open problem is to
build other Fuzzy-
IBE schemes that
use different
distance metrics
between identities.
J. Bethencourt, A.
Sahai, and B.
Waters
Ciphertext-policy
attributebased
encryption
techniques
encrypted data can
be kept confidential
even if the storage
server is untrusted
User identity
privacy and
anonymity
neglected
11/27/2016 Jain University, ISE Department 14

15. Proposed System
• We propose AnonyControl-F to allow cloud servers to control user’s access
privileges without knowing their identity information.
• The proposed schemes are able to protect user’s privacy against each
single authority. No information is disclosed in AnonyControl-F.
• Proposed method implements the multiauthority Attribute Based
Encryption Control Scheme AnonyControl-F.
11/27/2016 15Jain University, ISE Department

16. Software Requirements
• Operating System Windows
• Web Application Server Tomcat Web Server
• Front End Design HTML, Java, JavaScript
• Server Side Script Java Server Pages
• Database Connectivity JDBC
• Database Mysql
11/27/2016 16Jain University, ISE Department

17. System Design
11/27/2016 17Jain University, ISE Department

18. System Design(Continued)
Cloud Server:
• The Cloud Server, who is assumed to have adequate storage capacity, does
nothing but store them.
N Attribute Authorities:
• Authorities are assumed to have powerful computation abilities, and they
are supervised by government offices.
• The whole attribute set is divided into N disjoint sets and controlled by
each authority, therefore each authority is aware of only part of attributes.
11/27/2016 18Jain University, ISE Department

19. Data Owner:
• A Data Owner is the entity who wishes to outsource encrypted data file to
the Cloud Servers. A user can be a Data owner and a Data consumer
simultaneously
Data Consumers:
• Newly joined Data Consumers request private keys from all of the
authorities, and they do not know which attributes are controlled by
which authorities.
11/27/2016 19Jain University, ISE Department
System Design(Continued)

20. System Design(Continued)
• When the Data Consumers request their private keys from the authorities,
authorities will jointly create corresponding private key and send it to
them.
• All Data Consumers are able to download any of the encrypted data files,
but only those whose private keys satisfy the Encryption Policy can
execute the operation.
11/27/2016 Jain University, ISE Department 20

21. Owner_
+username
+password
+file Upload()
+Profile()
+Logout()
User Registration
+name
+username
+password
+gender
+email
+contact NO
+Location
+Experiance
+Specialiazation
+Medical Degree
+registration()
Class Login
+username
+password
+login()
File Upload
+fileid
+fname
+file data
+Get SecreteKey()
+Select Attribute()
+Set Operations()
+Upload()
Profile_
+View Profile()
Cloud Server_
+username
+password
+Strrage Files()
+Requests()
+Logout()
AA_
+username
+password
+Sign Up()
+Login()
+Generate Keys()
User_
+username
+password
+sighn up()
+Login()
+Profile()
+File Download()
+Logout()
File Download
+File ID
+File name
+Secrete Key
+Decrypt()
+Download()
CA_
+username
+password
+Login()
+User's()
+AA's()
+Logout()
Class Diagram
11/27/2016 21Jain University, ISE Department

22. Central Authority Collaboration Diagram
11/27/2016 22Jain University, ISE Department

23. Attribute Authority Collaboration Diagram
11/27/2016 23Jain University, ISE Department

24. Owner Collaboration Diagram
11/27/2016 24Jain University, ISE Department

25. User Collaboration Diagram
11/27/2016 25Jain University, ISE Department

26. System Implementation
Fully Anonymity Achieved
• The key point of the identity information leakage we had in our previous
scheme as well as every existing attribute based encryption schemes is
that key generator (or attribute authorities in our scheme) issues private
key based on the reported attribute, and the generator has to know the
user’s attribute (identities) to do so.
• We need to introduce a new technique to let key generators issue the
correct attribute key without knowing what attributes the users have.
11/27/2016 26Jain University, ISE Department

27. • The solution is to give all the private keys of all the attributes to the key
requester and let him pick whatever he wants.
• In this way, the key generator does not know which private keys the key
requester picked, but we have to fully trust the key requester.
• To solve this, we leverage the following to Oblivious Transfer (OT).
11/27/2016 27Jain University, ISE Department
System Implementation ( Continued)

28. System Implementation ( Continued)
1-out-of-n oblivious transfer
• In cryptography, an oblivious transfer protocol (OT) is a type of protocol.........
in which a sender transfers one of many pieces of information to a receiver,
but sender remains oblivious(unware) as what piece of information has been
transferred to receiver.
• In an 1-out-of-n OT, the sender Bob has n messages M1, . . . , Mn , and the
receiver Alice wants to pick one Mi from those M1, . . . , Mn . Alice successfully
achieves Mi, and Bob does not know which Mi is picked by Alice.
11/27/2016 28Jain University, ISE Department

29. • By introducing the 1-out-of-k Oblivious Transfer in our KeyGenerate
algorithm, the key-requester achieves the correct private key that he
wants but the attribute authority does not have any useful information
about what attribute is achieved by the requester.
• The key requester achieves the full anonymity(user identity privacy) in our
scheme and no matter how many attribute authorities collude (come to
secret understanding) his identity information is kept secret
11/27/2016 29Jain University, ISE Department
System Implementation ( Continued)

30. Results
Home Page
11/27/2016 30Jain University, ISE Department

31. • Central Authority approves the attribute authorities and users then after
approval users can request attribute authorities for unique private keys.
• In this project there are two attribute authorities which can provide
private keys against user profile attributes and these authorities can
distribute the keys without looking into the user identity information
hence anonymity has achieved
11/27/2016 31Jain University, ISE Department
Results (continued..)

32. User 1 Registration Page
11/27/2016 32Jain University, ISE Department

33. Attribute Authority Page
11/27/2016 33Jain University, ISE Department

34. • Attribute authorities generate private keys against attributes of users here
for user1 attributes are considered as Location, Experience, Specialty, &
MedicalDegree. We can create multiple authorities and each authority can
select attributes randomly & generate private keys.
• For example if we create two Attribute authorities, one authority will
generate private keys for 2 attributes out of 4 attributes and second one
will generate for rest of 2 attributes.
11/27/2016 34Jain University, ISE Department
Results (continued..)

35. Owner File Upload by applying Access policy
11/27/2016 35Jain University, ISE Department

36. • Owner uploads a file with encryption by using public key generated by
authority and owner adds an access policy structure such as
(India&&Cardiology)&&(MD||exp>4) and encryption hence attribute
based encryption achieved.
11/27/2016 36Jain University, ISE Department
Results (continued..)

37. User 1 trying to access(Decrypt) uploaded file
11/27/2016 37Jain University, ISE Department
Results (continued..)

38. • User will decrypt the file only attributes can match the access structure
policy, in the above case user1 can not able to access & decrypt the file
and because user1 will get the popup window such as "Sorry the file
cannot Access by you", but user 2 can access & decrypt the file as user2
can satisfy the attributes which are part of access policy. Just for
verification see the user2 profile below.
11/27/2016 38Jain University, ISE Department
Results (continued..)

39. User 2 Profile Page
11/27/2016 39Jain University, ISE Department

40. Testing
Test
Id
Test case Title Description Expected
outcome
Status
1 Successful
user
verification
The login to the
system should be
tried by the admin
with correct
password
Login should
be successful
and user
should enter
into the
system
Success
2 Unsuccessful
verification
due to wrong
password
Login to the system
with a wrong
password
Login should
fail with an
error “invalid
Password”
success
3 Unsuccessful
verification
due to invalid
login id
Login to the system
with a invalid login
id
Login should
fail with an
error “invalid
user id”
Success
11/27/2016 40Jain University, ISE Department

41. Acceptance Testing
Test Id Description of
coverage
Expected Results Covered by script
1 Verification of a
particular record
If a particular record
already exists it
displays a message
This type of test in
{verify} procedure in
every Jsp file where a
record is inserted via an
interface
2 Updating of a
particular record
All the details should
not be updated
This type of test is
covered in all the Asp files
where updations are
made.
3 Validity of login Only the authorized
persons must access
system.
This is covered in the
login procedure for the
validity of a user
11/27/2016 Jain University, ISE Department 41

42. Conclusion
• A semi-anonymous attribute-based privilege control scheme AnonyControl
and a fully-anonymous attribute-based privilege control scheme
AnonyControl-F to address the user privacy problem in a cloud storage
server.
• Using multiple authorities in the cloud computing system, our proposed
schemes achieve not only fine-grained privilege control but also identity
anonymity while conducting privilege control based on users’ identity
information.
11/27/2016 42Jain University, ISE Department

43. • More importantly, our system can tolerate up to N − 2 authority
compromise, which is highly preferable especially in Internet-based cloud
computing environment.
11/27/2016 43Jain University, ISE Department

44. Future enhancements
• One of the future works is to introduce the efficient user revocation
mechanism on top of anonymous Attribute Based Encryption. Supporting
user revocation is an important issue in the real application.
11/27/2016 Jain University, ISE Department 44

45. References
• [1] A. Shamir, “Identity-based cryptosystems and signature schemes,” in
Advances in Cryptology. Berlin, Germany: Springer-Verlag, 1985, pp. 47–
53.
• [2] A. Sahai and B. Waters, “Fuzzy identity-based encryption,” in Advances
in Cryptology. Berlin, Germany: Springer-Verlag, 2005, pp. 457–473.
• [3] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based
encryption for fine-grained access control of encrypted data,” in Proc. 13th
CCS, 2006, pp. 89–98.
• [4] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy
attributebased encryption,” in Proc. IEEE SP, May 2007, pp. 321–334.
11/27/2016 Jain University, ISE Department 45

46. References
• [5] M. Chase, “Multi-authority attribute based encryption,” in Theory of
Cryptography. Berlin, Germany: Springer-Verlag, 2007, pp. 515–534.
• [6] M. Chase and S. S. M. Chow, “Improving privacy and security in multi-
authority attribute-based encryption,” in Proc. 16th CCS, 2009, pp. 121–
130.
• [7] H. Lin, Z. Cao, X. Liang, and J. Shao, “Secure threshold multi authority
attribute based encryption without a central authority,” Inf. Sci., vol. 180,
no. 13, pp. 2618–2632, 2010.
•
• [8] V. Božovi´ c, D. Socek, R. Steinwandt, and V. I. Villányi, “Multi-authority
attribute-based encryption with honest-but-curious central authority,” Int.
J. Comput.Math., vol. 89, no. 3, pp. 268–283, 2012.
11/27/2016 Jain University, ISE Department 46

47. References
• [9] F. Li, Y. Rahulamathavan, M. Rajarajan, and R. C.-W. Phan, “Low
complexity multi-authority attribute based encryption scheme for mobile
cloud computing,” in Proc. IEEE 7th SOSE, Mar. 2013, pp. 573–577.
• [10] K. Yang, X. Jia, K. Ren, and B. Zhang, “DAC-MACS: Effective data access
control for multi-authority cloud storage systems,” in Proc. IEEE INFOCOM,
Apr. 2013, pp. 2895–2903.
• [11] http://www.sourcefordgde.com
• [12] http://www.networkcomputing.com/
• [13] http://www.roseindia.com/
11/27/2016 Jain University, ISE Department 47

48. Thank You
11/27/2016 48Jain University, ISE Department