INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY

VOLUME 4 ISSUE 2 APRIL 2015 - ISSN: 2349 - 9303

A Secure Cloud Storage System with Data Forwarding

using Proxy Re-encryption Scheme
Dr. S. Sankar Ganesh2

P. Vidhya Lakshmi1

Associate Professor
Department of Information Technology
2
National Engineering College,
ssganesa@yahoo.com

Student II Year M.E

Department of Information Technology
1
National Engineering College,
vidhyapl1992@gmail.com

Abstract Cloud computing provides the facility to access shared resources and common support which contributes
services on demand over the network to perform operations that meet changing business needs. A cloud storage system,
consisting of a collection of storage servers, affords long-term storage services over the internet. Storing the data in a third
party cloud system cause serious concern over data confidentiality, without considering the local infrastructure limitations,
the cloud services allow the user to enjoy the cloud applications. As the different users may be working in the
collaborative relationship, the data sharing becomes significant to achieve productive benefit during the data accessing.
The existing security system only focuses on the authentication; it shows that users private data cannot be accessed by the
fake users. To address the above cloud storage privacy issue shared authority based privacy-preserving authentication
protocol is used. In the SAPA, the shared access authority is achieved by anonymous access request and privacy
consideration, attribute based access control allows the user to access their own data fields. To provide the data sharing
among the multiple users proxy re-encryption scheme is applied by the cloud server. The privacy-preserving data access
authority sharing is attractive for multi-user collaborative cloud applications.
Index Terms Authentication Protocol, Cloud computing, Privacy Preserving, Shared Authority

1 INTRODUCTION
Cloud computing is one of the emerging technologies [10]. The
cloud environment is a large open distributed system. Hence it is
important to preserve the data, as well as, privacy of users, without
considering the local infrastructure limitations; the cloud services
allow the user to enjoy the cloud applications. [3], [4]. The Cloud
is the default symbol of the internet in diagrams. The broader term of
Computing encompasses: computation, co-ordination logic,
storage. Fig. 1 describes that the cloud computing is a term used to
refer a model of computing the network, in which a program or
application runs on a connected servers rather than on a local
computing device such as a system, tablet or Smartphone.
Research in cloud computing is receiving a great deal of attention
from each educational and industrial worlds. In cloud computing,
users will source their compute and storage to servers (also called
clouds) exploitation web. This frees users from the hassles of
maintaining resources on-site. Clouds will give many varieties of
services, infrastructures and platforms assist developers write
applications (e.g., Amazons S3, Windows Azure) [5]. Since services
are outsourced to a foreign server, security and privacy are of huge
concern in cloud computing. In one hand, the user ought to evidence
itself before initiating any dealings, and on the opposite hand, it
should be ensured that the cloud will not tamper with the information
that's outsourced. User privacy is additionally required so the cloud
or different users don't apprehend the identity of the user. The cloud
will hold the user in control of the information it outsources, and
likewise, the cloud is itself in control of the services it provides. It
also verifies validity of the user who stores the information. Except
for the technical solutions to confirm security and privacy, there's
conjointly a necessity for enforcement. Efficient search is
additionally a very important concern in clouds.

Fig. 1 Cloud Computing overview

Cloud Computing is a model for enabling convenient, on-demand
network access for a shared pool of computing resources to be
configured [1] (e.g., networks, servers, memory capacity, applications
and services) that can be provisioned and released with minimal effort
of management or service provider interaction. This Cloud model can
be composed of essential characteristics-5, service models-3 and
deployment models-4.

1.1 Infrastructure as a service (IaaS)

According to basic cloud-service model & the IETF (Internet
Engineering Task Force), providers of IaaS offer computers physical
or (more often) virtual machines and other sources. (Pools of cloud
operational support-system can support large numbers of virtual tools
and the ability to scale the services up and down according to various
consumers choice.) Extra sources provided by IaaS clouds are virtualmachine disk image library and object storage, load balancers, IP
addresses, virtual local area networks (VLANs), software etc. IaaScloud providers supply those resources on on-demand from their large
pools installed in the data point centers. For far distance network

135

INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY

VOLUME 4 ISSUE 2 APRIL 2015 - ISSN: 2349 - 9303
connection, users can use clouds for their network connections .
To deploy their applications, cloud users install operating-system
images and their application software on the cloud computing
structure. Charges on IaaS services provided by Cloud providers are on
the basis of utility computing: that is cost reflects the amount of
resources allocated and used.

1.2 Platform as a service (PaaS)

The most complex among the three is cloud platform services or
Platform as a Service (PaaS) that delivers the computational process
through a cloud. Developers grow due to PaaS. It is a model that they
can build to improve or customize the applications. PaaS avoids the
need of maintaining the hardware and software that makes the
developers to develop an application with faster, simpler, and with low
cost. Test an application with faster, simpler, and with low cost.. With
PaaS, the providers still need to manage the runtime, soft ware,
middleware, O/S, servers, memory, and networking, but stack holders
only need to maintain their applications and their data.
1.3 Software as a service (SaaS)
In the business model using software as a service (SaaS), users are
provided to access application software and databases. Applications
infrastructure and platforms are managed by the Cloud providers. SaaS
is also referred to as "on-demand software" and is usually rated on a
pay/use basis.
In the SaaS model, cloud providers make use of cloud to install and
operate application software. The cloud users access the software from
cloud clients to use the applications. Cloud users need not to manage
the infrastructure and platform of the cloud where the application runs.
This allows the user to eliminate the process of install and run the
application in their own computers, which simplifies maintenance and
support of the software in the computers. Cloud is different from other
in basis of their applications due to their scalabilitywhich can be
attain by cloning tasks onto various virtual machines at run-time to
meet the work demand that changes frequently Load balancers provide
the work over the large set of virtual machines. This process is also
known to the cloud user, who sees only a single access point. To
accommodate a large number of cloud users, cloud applications can
be multitenant, that is, any machine serves more than one cloud user
organization.
A monthly or yearly fee per user is the pricing model for SaaS
applications, so if users are added or removed at any point the price is
scalable and adjustable that is it does not affect the system. IT
operational costs, hardware and software maintenance and support to
the cloud provider will be reduced by the Saas proponents claim. This
enables the business to reallocate IT operations costs away from
hardware/software spending and personnel expenses, towards meeting
other goals. In addition, with applications hosted centrally, updates can
be released without the need for users to install new software. One
drawback of SaaS is that the users' data are stored on the cloud
provider's server. As a result, there could be a possible for
unauthorized access to the data. For this reason, an intelligent thirdparty key management system is increasingly adopting by the user to
help to secure their data.

Service (IaaS), delivers computer infrastructure (such as a platform

virtualization environment etc.,), memory, and networking. In order to
buy the overload of hardware and the networking equipments the user
can only afford the cloud where there is an outsourced service that is
users are billed according to the amount of resource they use.
Basically, in exchange for a rental fee, a third party of the cloud allows
the user to install a virtual server on their IT infrastructure.

PROXY RE-ENCRYPTION SCHEME

Proxy re-encryption schemes [3] are cryptosystems which allow

third parties (proxies) to alter a ciphertext which has been encrypted
for one entity, so that it may be decrypted by another entity. Proxy
re-encryption schemes are similar to traditional symmetric or
asymmetric schemes, with the addition of two functions.

2.1 Delegation
Delegations allow a message recipient (key holder) to generate a reencryption key based on his secret key based and the key of the
delegated user. This re-encryption key is used as input data to the reencryption function, which is finished as ciphertexts to the delegated
key for users. Asymmetric proxy re-encryption schemes come in bidirectional and unidirectional varieties.

In a bi-directional scheme, the re-encryption scheme is

reversible, i.e., the re-encryption key can be used to translate
messages from Jack to Charlie, as well as from Charlie to Jack.
This can have various security issues, depending on the
application. One notable characteristic of bi-directional schemes
is that both the delegate and delegated party (e.g., Charlie and
Jack) must combine their secret keys to produce the reencryption key.

A Unidirectional scheme is effectively one-way; messages can be

re-encrypted from Jack to Charlie, but not the reverse.
Unidirectional schemes can be constructed such that the
delegated party need not reveal its secret key. For example, Jack
could delegate to Charlie by combining his secret key with
Charlie's public key.

2.2 Transitivity
Transitive proxy re-encryption schemes allow for a ciphertext to be
re-encrypted a various number of times. For example, a ciphertext of
the jack might be re-encrypted from Jack to Charlie, and then again
it was re-encrypted from Charlie to Ravi and so on. Non-transitive
schemes allow for only one (or a limited number) of re-encryptions
on a given ciphertext. Currently, there is no known Unidirectional,
transitive proxy re-encryption scheme.

3 PROPOSED WORK
Fig. 2 illustrates a system model for the cloud storage architecture.
The owner uploads the file in the server and it was in encrypted
format. If any user what the owner file, then user send the request to
the server for download. Then the server checks the file attributes
and policy. If the requested file attribute and stored files attributes
are matched, it will allow accessing the file. Otherwise, doesnt
allow accessing the file
3.1 Admin Login

Cloud infrastructure services, is also known as Infrastructure as a

The admin is an administrator who administrates the system. The

136

INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY

VOLUME 4 ISSUE 2 APRIL 2015 - ISSN: 2349 - 9303
admin login page was meant to provide the security of the
unauthorized access. Without the knowledge of the admin no one can
access the system. Here the admin was used to maintain the users
and doctors details. It also forwards the user details in the cloud.

3.2 User Login

Users are having authentication and security to access the details
which are present in the cloud. Before accessing or searching the
details user should have the account in that otherwise they should
register first. After entering into the cloud, he/she can access the
required file by entering the field. This field is being stored by the
admin while uploading the file in the cloud.
3.3 Access Control
Access control is generally a policy or procedures that allow, denies
or reduce the access to a system. It may, as well, guide and report all
attempts made to access a system. Access Control may also analyze

file. A personal health record, or PHR, is a health account where

health data and information related to the care of a user is maintained
by the user. The intention of a PHR is to provide a complete and
accurate summary of an individual's medical history which is
accessible online. The user can view us description from start date to
now a day. But user cannot change any detail in PHR monitoring.
The admin only has permission for adding records, deleted records.
3.4 Trust Level Assignment
The trust level determines the permissions that are granted by the
admin. There are three trust categories; they are high, medium and
low. An application that has high trust permission can access all the
resource type and perform privileged operations. Medium trust
permission has less access than the higher trust level. Low trust
permission has much less access when compared to, high and
medium levels.
For example, in hospital management, external users like a
pharmacist, part-time doctors, and advisory people may be in a need
to view user details for carryover of their work. In this case their
trust level has to assign as low, medium or high based on their
relationship with the hospital manager. Thereby, through their
relationship status, find a trust level assigned to them and based on
the assigned trust level, find necessary PHR details forwarded to
them. The assignment of trust levels to the non- patient to access the
user health record. Depending on the trust level the data is encrypted
and show to the non-users. This trust level assignment is given by
admin only. The admin has only rights to assign the trust level of the
non-users. In this three levels are there which is discusses in
beginning of this chapter. If a high level is given to the Doctor of the
hospital that is doctor can see the 100% result of the user record. If a
medium level is given to the nurse of the hospital that is nurse can
see only little information about 50% to 60% result of the user
record. If a low is given to the Third party result is much lesser than
the medium and high level so here only about 30% result of the user
record.

Fig. 2 The cloud storage system model

users attempting to access a system unauthorized. In all these access

controls, user (subjects) and resources (objects) are identified by the
name given to them uniquely names. Identification may be done
directly or through roles assigned to the subjects. These access
control methods are efficient in the unchangeable distributed system,
where there is only a set of Users with a known set of services.

Access control is a method to specify to ensure only authorized user

access the data and the system. Very large distributed open systems
are developing very rapidly. These systems are like virtual
organizations with various autonomous domains. The relationship
between users and resources is dynamic and more ad-hoc in cloud
and inter cloud systems. In these systems, users and resource
providers are not in the same security domain. Users are normally
identified by their attributes or characteristics and not by predefined
identities.

The admin has a wider control over the data, since it is being shared
in the cloud. In order to provide security, access control is used. If
the admin allows the user to access the data, then he/she can access
it. If the access control is denied, then the user cannot download the

3.5 Encryption and Decryption

Encryption is the process of transforming information so it is
insignificant to anyone but the predetermined recipient. Decryption
is the process of reconstruct encrypted information so that it is valid
again. A cryptographic algorithm, also called a cipher, is an
analytical function used for both encryption and decryption. In many
cases, two related works are employed, one for encryption process
and the other for decryption process. In the modern cryptography, the
ability to keep encrypted data secretly is based not only on the
cryptographic algorithm but also on a number which is called as a
key that must be used within the algorithm to provide an encrypted
result or to decrypt the encrypted information. Decrypting the data
with the correct key is simple process. But decrypting the data
without the correct key is very difficult process, and in some cases it
is impossible for all practical purposes. When the user uploads any
file in the cloud, he/she has to encrypt and send. In this module,
proxy re-encryption scheme [7] is used. This scheme supports
encoding operations over encrypted messages as well as forwarding
operations over encoded and encrypted messages [4]. Thus the data
is totally secured. The decryption is the reverse process of the
encryption that is one need to perform decode and decryption
operation to view the original data.

137

INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY

VOLUME 4 ISSUE 2 APRIL 2015 - ISSN: 2349 - 9303
Multilevel encryption over PHR is enabled through this phase. In
this phase possibly the health record information is subjected to
additive perturbation through inclusion of Gaussian noise and further
made ready to be submitted to various trust level of outsiders On the
other side, the user has to perform decode and decryption operation.

3.6 File Upload and Download

In this module admin uploads the file (along with Meta data) into
database, with the help of existing metadata and its contents, the end
user can download the file. The downloaded file was in encrypted
form, only registered and allowed user can decrypt the file.
The user can download the required file from the cloud database.
This system also suggests suitable parameters for the number of
copies of a message dispatched to the storage servers and the number
of storage servers queried by a key server. The parameters mentioned
above allow more flexible adjustment between the number of storage
servers and robustness. Each individual doctor is given a clear and
secured platform for viewing the record details and prescription
information.

[7]

[8]

[9]

[10]

4 CONCLUSION
In this paper, to achieve a privacy preserving access authority
sharing in cloud computing. We identify a new privacy challenge
during data accessing. Data confidentiality and data integrity is
guaranteed by authentication. During the transmission the wrapped
values are exchanged hence data anonymity is achieved. Anonymous
access requests enhances the user privacy that privately inform the
cloud server about the user access desires. To prevent the session
correlation, the session identifiers realizes the forward security. This
shows that the proposed scheme can applied for enhanced privacy
preservation in cloud applications.

REFERENCES
[1]

[2]

[3]

[4]

[5]

[6]

Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak,

Ronnie Chaiken, John R. Douceur, Jon Howell, Jacob R. Lorch,
Marvin Theimer, and Roger P. Wattenhofer, Farsite: Federated,
Available, and Reliable Storage for an Incompletely Trusted
Environment, Proc. Fifth Symp. Operating System Design and
Implementation (OSDI), pp. 1-14, 2002.
A. Haeberlen, A. Mislove, and P. Druschel, Glacier: Highly
Durable, Decentralized Storage Despite Massive Correlated
Failures, Proc. Second Symp. Networked Systems Design and
Implementation (NSDI), pp. 143-158, 2005.
Hsiao-Ying Lin and Wen-Guey Tzeng, A Secure Erasure CodeBased Cloud Storage System with Secure Data Forwarding, IEEE
Transactions on Parallel and Distributed Systems, vol. 23, no. 6, pp.
995-1003, 2012.
Hong Liu, Student Member, IEEE, Huansheng Ning, Senior
Member, IEEE, Qingxu Xiong, Member, IEEE, and Laurence T.
Yang, Member, IEEE Shared Authority Based Privacy-preserving
Authentication Protocol in Cloud Computing IEEE Transactions
on Parallel and Distributed Systems.
J. Chen, Y. Wang, and X. Wang, On-Demand Security
Architecture for Cloud Computing, Computer, vol. 45, no. 7, pp.
73-78, 2012.
John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski,
Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea,
Hakim Weatherspoon, Westiey Weimer, Chris Wells, and Ben
Zhao, Oceanstore: An Architecture for Global-Scale Persistent

138

Storage, Proc. Ninth Intl Conf. Architectural Support for

Programming Languages and Operating Systems (ASPLOS), pp.
190- 201, 2000.
Jun Shao and Zhenfu Cao, CCA-Secure Proxy Re-Encryption
without Pairings, Proc. 12th Intl Conf. Practice and Theory in
Public Key Cryptography (PKC), pp. 357-376, 2009.
L. A. Dunning and R. Kresman, Privacy Preserving Data Sharing
With Anonymous ID Assignment, IEEE Transactions on
Information Forensics and Security, vol. 8, no. 2, pp. 402-413,
2013.
Qiang Tang, Type-Based Proxy Re-Encryption and Its
Construction, Proc. Ninth Intl Conf. Cryptology in India: Progress
in Cryptology (INDOCRYPT), pp. 130-144, 2008.
R. Moreno-Vozmediano, R. S. Montero, and I. M. Llorente, Key
Challenges in Cloud Computing to Enable the Future Internet of
Services, IEEE Internet Computing, [online] ieeexplore.
ieee.org/stamp/stamp.jsp?tp=&arnumber=6203493, 2012.