PRIVACY PRESERVING DELEGATED ACCESS CONTROL IN PUBLIC

CLOUDS
.OBJECTIVE:
The main objective of this project is constructing a secure data storage system that
supports multiple functions is challenging when the storage system is distributed and has no
central authority.

DOMAIN:
Cloud computing

SYNOPSIS:
Current approaches to enforce fine-grained access control on confidential data hosted in
the cloud are based on fine-grained encryption of the data. Under such approaches, data owners
are in charge of encrypting the data before uploading them on the cloud and re-encrypting the
data whenever user credentials change. Data owners thus incur high communication and
computation costs. A better approach should delegate the enforcement of fine-grained access
control to the cloud, so to minimize the overhead at the data owners, while assuring data
confidentiality from the cloud. We propose an approach, based on two layers of encryption, that
addresses such requirement. Under our approach, the data owner performs a coarse-grained
encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted
data. A challenging issue is how to decompose access control policies (ACPs) such that the two
layer encryption can be performed. We show that this problem is NP-complete and propose
novel optimization algorithms. We utilize an efficient group key management scheme that
supports expressive ACPs. Our system assures the confidentiality of the data and preserves the
privacy of users from the cloud while delegating most of the access control enforcement to the
cloud

EXISTING SYSTEM:
As data generation is far outpacing data storage it proves costly for small
firms to frequently update their hardware whenever additional data is created. Also
maintaining the storages can be a difficult task. It transmitting the file across the
network to the client can consume heavy bandwidths. The problem is further
complicated by the fact that the owner of the data may be a small device, like a
PDA (personal digital assist) or a mobile phone, which have limited CPU power,
battery power and communication bandwidth.Cloud computing enables highly
scalable services to be easily consumed over the Internet on an as-needed basis. A
major feature of the cloud services is that users data are usually processed
remotely in unknown machines that users do not own or operate. While enjoying
the convenience brought by this new emerging technology, users fears of losing
control of their own data (particularly, financial and health data) can become a
significant barrier to the wide adoption of cloud services.

LIMITATIONS:

The main drawback of this scheme is the high resource costs it requires for
the implementation.

Also computing hash value for even a moderately large data files can be
computationally burdensome for some clients (PDAs, mobile phones, etc).

Data encryption is large so the disadvantage is small users with limited

computational power (PDAs, mobile phones etc.).

PROPOSED SYSTEM:
Data owner to enforce access control through encryption performed at the data owner.
However, unlike previous approaches, SLE assures the privacy of the users and supports fine-

grained ACPs. All these encryption activities have to be performed at the owner that thus incurs
high communication and computation cost.

ADVANTAGES:
Privacy

Security

Integrity

SYSTEM ARCHITECTURE:

SYSTEM SPECIFICATIONS:
HARDWARE:

Intel Pentium IV

256/512 MB RAM

1 GB Free disk space or greater

1 GB on Boot Drive

17 XVGA display monitor

SOFTWARE:

MS Windows XP/7

MS DotNet Framework 4.0

MS Visual Studio.Net 2010

Internet Information Server (IIS)

Front End: ASP.Net With C#

Back End: SQL SERVER 2008