A Design of Lightweight Secure Data Sharing

In this paper, we propose a lightweight data sharing scheme (LDSS) for different cloud platforms. It adopts CP-ABE, an access control technology used in most of the cloud environments; there are certain necessary changes in the structure of access control tree to make it suitable for portable cloud environments. LDSS moves a large portion of the computational intensive access control tree transformation in CP-ABE from different devices to external proxy servers. Furthermore, to reduce the user revocation cost, it introduces attribute description fields to implement lazy-revocation, which is a thorny issue in program based CP-ABE systems. The experimental results show that LDSS can effectively reduce the overhead on large number of devices when users are sharing data through different cloud environments.

INTRODUCTION Cloud computing means storing data and accessing that data from the internet instead of using traditional hardware for most of the operations. More than 50% of IT companies have moved their Business to the cloud. Sharing of data over the cloud is the new trend that is being set on. The amount of data generated on a day to day life is increasing and to store that all of the data in traditional hardware is not possible because of limited storage capacity [1]. Therefore, transferring the data to the cloud is a necessity where the user can get unlimited storage. Security of that data is the next big concern for most of us. After uploading the data to the cloud user loses its control over that data. Since personal data files are sensitive, data owners are allowed to choose whether to make @ IJTSRD | Available Online @ www.ijtsrd.com | Volume -2 | Issue -4 | May-Jun In this paper, we propose a lightweight data sharing scheme (LDSS) for different cloud platforms. It ABE, an access control technology used in most of the cloud environments; there are certain necessary changes in the structure of access control tree to make it suitable for portable cloud environments. LDSS moves a large portion of the tensive access control tree ABE from different devices to external proxy servers. Furthermore, to reduce the user revocation cost, it introduces attribute description revocation, which is a thorny ABE systems. The experimental results show that LDSS can effectively reduce the overhead on large number of devices when users are sharing data through different cloud Lightweight, cloud, portable, tree, Cloud computing means storing data and accessing that data from the internet instead of using traditional hardware for most of the operations. More than 50% of IT companies have moved their Business to the d is the new trend that is being set on. The amount of data generated on a day to day life is increasing and to store that all of the data in traditional hardware is not possible because of limited storage capacity [1]. Therefore, the cloud is a necessity where the user can get unlimited storage. Security of that data is the next big concern for most of us. After uploading the data to the cloud user loses its control over that data. Since personal data files are sensitive, rs are allowed to choose whether to make their data files public or can only be shared with specific data users. Therefore, privacy of the personal sensitive data is a big concern for many data owners.
When any of the people upload the data onto the cloud they are leaving their data in a place where monitoring over that data is out of their control, the cloud service provider can also spy on the personal data of the users. When someone has to share data over the data they have to share the password to and every user for accessing the encrypted data which is cumbersome [4]. Therefore, to solve this problem data should be encrypted before uploading it onto the cloud which can be safe from everyone. Now the data encryption part brings some new proble have to provide an efficient encryption algorithm such that if the data is in encrypted format it cannot be easily to get break or get accessed by any exploiters [1]. The next big concern is time consumption for encryption. Traditional Hardwa configuration can encrypt data in short amount of time but limited resource devices suffer from this problem. They require more amount of time of encryption and decryption. So, an efficient crypto system is to be proposed which can worked equal heterogeneously on all of the devices.
Personal sensitive data should be encrypted before uploaded onto the cloud so that the data is secure against the cloud service providers. However, the data encryption brings new problems. How to provide efficient access control mechanism on cipher text decryption so that only the authorized users can access the plaintext data is challenging [2]. In addition, system must offer data owner's effective user privilege management capability, so they can their data files public or can only be shared with specific data users. Therefore, privacy of the personal sensitive data is a big concern for many data owners.
When any of the people upload the data onto the cloud they are leaving their data in a place where monitoring over that data is out of their control, the cloud service provider can also spy on the personal data of the users. When someone has to share data over the data they have to share the password to each and every user for accessing the encrypted data which is cumbersome [4]. Therefore, to solve this problem data should be encrypted before uploading it onto the cloud which can be safe from everyone. Now the data encryption part brings some new problems such as we have to provide an efficient encryption algorithm such that if the data is in encrypted format it cannot be easily to get break or get accessed by any exploiters [1]. The next big concern is time consumption for encryption. Traditional Hardware with big configuration can encrypt data in short amount of time but limited resource devices suffer from this problem. They require more amount of time of encryption and decryption. So, an efficient crypto system is to be proposed which can worked equally or heterogeneously on all of the devices.
Personal sensitive data should be encrypted before uploaded onto the cloud so that the data is secure against the cloud service providers. However, the data encryption brings new problems. How to provide nt access control mechanism on cipher text decryption so that only the authorized users can access the plaintext data is challenging [2]. In addition, system must offer data owner's effective user privilege management capability, so they can II. EXISTING SYSTEM With the development of cloud computing and digitalization, people are gradually getting accustomed to a new era of data sharing model in which the data is stored on the cloud and different devices are used to store/retrieve the data from the cloud. Typically, most of the devices such as mobile through which most of the transaction occurs have limited storage space and computing power. On the contrary, the cloud has enormous amount of resources [9]. In such a scenario, to achieve the satisfactory performance, it is essential to use the resources provided by the cloud service provider to store and share the data. The development of cloud computing and the popularity of smart portable devices, people are gradually getting accustomed to a new era of data sharing model in which the data is stored on the cloud and the different portable devices are used to store/retrieve the data from the cloud.
Disadvantages:  Data privacy of the personal sensitive data is a big concern for many data owners.  The state-of-the-art privilege management/access control mechanisms provided by the cloud service provider are either not sufficient or not very convenient.  They cannot meet all the requirements of data owners.

III.
PROPOSED SYSTEM In this paper, we propose a Lightweight Data Sharing Scheme (LDSS) for different cloud computing environment [2] [7]. We design an algorithm called LDSS-CP-ABE based on Attribute Based Encryption (ABE) method to offer efficient access control over cipher text. We use proxy servers for encryption and decryption operations. In our approach, computational intensive operations in ABE are conducted on proxy servers, which greatly reduce the computational overhead on client side devices Advantages:  We are providing methods for efficient access of the data.  Performance has been increased with the reduced cost.  Such an approach is beneficial to implement a realistic data sharing security scheme on devices.  The results also show that LDSS has better performance compared to the existing ABE based access control schemes over cipher text. IV. DESIGN METHODOLOGY We describe LDSS Framework in " Fig. 1" as shown above [8]. The main contributions of LDSS are as follows:

1)
We design an algorithm called LDSS-CP-ABE based on Attribute-Based Encryption (ABE) method to offer efficient access control over cipher text.

2)
We use proxy servers for encryption and decryption operations. In our approach, computational intensive operations in ABE are conducted on proxy servers, which greatly reduce the computational overhead on client side mobile devices. Meanwhile, in LDSS-CP-ABE, in order to maintain data privacy, a version attribute is also added to the access structure. The decryption key format is modified so that it can be sent to the proxy servers in a secure way.

3)
We introduce lazy re-encryption and description field of attributes to reduce the revocation overhead when dealing with the user revocation problem.

4)
Finally, we implement a data sharing prototype framework based on LDSS. The experiments show that LDSS can greatly reduce the overhead on the client side, which only introduces a minimal additional cost on the server side. Such an approach is beneficial to implement a realistic data sharing security scheme on mobile devices. The results also show that LDSS has better performance compared to the existing ABE based access control schemes over cipher text. In " Fig. 2 "we represent the use case diagram which describe both admin and user side operations. The various actions of LDSS Framework are described below in detail [5].

1) Text Encryption and Decryption:
In this module user encrypted the plain text to encrypted format and uploaded to the cloud. The encryption is done by using a password. 2) Image Encryption and decryption: Like the same as the image encryption is also done. And the encrypted images and password will also be uploaded to the cloud. LDSS scheme is designed for data sharing in cloud [4]. The whole process of LDSS includes system initialization, file sharing, user authorization, and file access operations. It also has to support attribute revocation and file update operations [7].

System Initialization:
The specific process is described as follows. I. When the data owner (DO) registers on TA, TA runs the algorithm Setup() to generate a public key PK and a master key MK. PK is sent to DO while MK is kept on TA itself. II. DO define its own attribute set and assigns attributes to its contacts. All these information will be sent to TA and the cloud. III. TA and the cloud receive the information and store it.

File Sharing:
The specific process is described as follows.
I. DO select a file M which is to be uploaded and encrypts it using a symmetric cryptographic mechanism (such as AES, 3DES algorithm) with a symmetric key K, generating cipher text C.
II. DO assign access control policy for M and encrypts K with the assistance of ESP using Function 3, generating the cipher text of K (CT). III. DO upload C, CT and access control policy to the cloud.

User Authorization:
The specific process is described as follows.
I. DU logins onto the system and sends, an authorization request to TA. The authorization request includes attribute keys (SK) which DU already has. II. TA accepts the authorization request and checks whether DU has logged on before. If the user hasn't logged on before, go to step (3), otherwise go to step (4). III. TA calls Function 2 to generate attribute keys (SK) for DU. IV. TA compares the attribute description field in the attribute key with the attribute description field stored in database. If they are not match, go to step (5), otherwise go to step (6). V. For each inconsistent bit in description field, if it is 1 on data user's side and 0 on TA's side, it indicates that DU's attribute has been revoked, and then TA does nothing on this bit. If it is reversed scenario, it indicates that DU has been assigned with a new attribute, and then TA generates the corresponding attribute key for DU. VI. TA checks the version of every attribute key of DU. If it's not the same with the current version, then TA updates the corresponding attribute key for DU. In the stage of user authorization, TA updates attribute keys for DU according to the attribute description field, which is stored with SK. It describes which attributes DU has and their corresponding versions. TA also keeps attribute description field of DU in database. When DO changes the attribute of DU, the attribute description field on the TA side is also updated. Thus, when DU logins on the system, the attribute description field on itself may be different from that of TA. TA has to update the attribute keys for DU according to the attribute description field just as described above.

Access Files:
The specific process is described as follows: I. DU sends a request for data to the cloud.

Privilege Revoked:
DO can revoke attributes from a DU. the process is as follows. I. DO inform TA and the cloud that one attribute has been revoked from a specific DU. II. TA and the cloud update the information of DU in database. III. DO mark the corresponding bit of the attribute description field of data files.

Documentation Updates:
The specific process is as follows. I. DO checks if there is any bit in the description field of data files has been set to '#'. II. DO inform TA which attributes should be updated. All the attributes that should be updated form a set is called Anew. III. TA chooses a new value in G0 for every attribute in Anew to replace the original one, and updates the description field of DO in DO-PK/MK table, changing the corresponding attribute description bit to the new value. IV. TA sends a new PK to DO, and DO uses the new PK to encrypt data files.

VI. RESULT
In our paper we describe result analysis from below screenshots of our project. " Fig. 3" states the server login page. In " Fig. 4" we show encryption request and response by ESP, in " Fig. 5" we show data owner uploading file by encryption, in " Fig. 6" we show downloading of file using secret key. In " Fig. 7" we show updating of file only when authorized by trusted authority. In " Fig. 8" we show graphical representation of number of files downloaded by data owner.

VII. CONCLUSION AND FUTURE WORK
In recent years, many studies on access control in cloud are based on attribute-based encryption algorithm (ABE). However, traditional ABE is not suitable for several cloud platforms because it is computationally intensive and few devices only have limited resources. In this paper, we propose LDSS to address this issue. It introduces a novel LDSS-CP-ABE algorithm to migrate major computation overhead from devices onto proxy servers, thus it can solve the secure data sharing problem in cloud. The experimental results show that LDSS can ensure data privacy in cloud and reduce the overhead on users' side in cloud. In the future work, we will design new approaches to ensure data integrity. To further tap the potential of different cloud platforms, we will also study how to do cipher text retrieval over existing data sharing schemes.