EFFICIENT IOT MANAGEMENT WITH RESILIENCE

TO UNAUTHORIZED ACCESS TO CLOUD STORAGE

ABSTRACT

Cloud-based Internet of Things (IoT) management services are a promising means of ingesting
data from globally dispersed devices. In this setting, it is important to regulate access to data
managed by potentially untrusted cloud servers. Attribute-based encryption (ABE) is a highly
effective tool for access control. However, applying ABE to IoT environments shows limitations
in the following three aspects: First, the demands for storage resources increase in proportion to
the complexity of the access control policies. Second, the computation cost of ABE is onerous
for resource-limited devices. Lastly, ABE alone is intractable to prevent illegal key-sharing
which leads to unauthorized access to data. In this paper, we propose an efficient and secure
cloud-based IoT data management scheme using ABE. First, we remove the storage-side
dependency on the complexity of the access control policies. Second, a substantial part of
computationally intensive operations is securely outsourced to the cloud servers. Lastly,
unauthorized access to data via illegal key-sharing is strictly forbidden. Our security analysis and
experimental results show the security and practicability of the proposed scheme.
CHAPTER 1

INTRODUCTION

A S billions of devices connect to the world, Internet of Things (IoT) management services
outsource the IoT data to cloud services such as Amazon AWS IoT [1] or Google Cloud IoT
Core [2]. In the cloud-based IoT management systems, IoT devices typically belong to different
trust domains with complex, asymmetric trust relationships. Thus, it is challenging to regulate
access to the outsourced IoT data of a specific security domain. Attribute-based encryption
(ABE) is a promising solution because it provides secure and fine-grained access control over
encrypted data according to access policies associated with it [3]. Specifically, in ciphertext-
policy ABE (CP-ABE), an encryptor can specify an access policy for the ciphertext with a set of
descriptive attributes [4]. A decryptor can recover the plaintext if and only if the access privilege
in his secret key satisfies the access policy embedded in the ciphertext. In order to adopt CP-
ABE to the cloud-based IoT management in practice, there are several issues to resolve. First, the
ciphertext size grows in linear to the number of attributes [5], [6], [7]. This can be highly
problematic in IoT systems because IoT applications and services need a multitude of attributes
[8]. Although some CP-ABE schemes which support constant-size ciphertexts exist [9], [10],
[11], [12], this functionality alone cannot suffice to deploy CPABE to IoT systems. Second, CP-
ABE loads heavy computational costs on a decryptor (rather than an encryptor), which could be
battery-powered mobile devices like laptops [13], [14], [15]. Recent studies on outsourced
decryption of ciphertexts showed how to allow an untrusted cloud server to partially decrypt
ciphertexts on behalf of users [5], [6], [7].

However, the increasing volume of ciphertexts could not be solved. To cope with the
aforementioned issues, one may consider merging the existing approaches such as outsourceable
decryption [5] and constant-size ciphertext [11] ABE schemes for each purpose. Although this
may seem plausible, it cannot resolve the problems because of a key blinding technique in the
outsourceable decryption algorithm [5]. Specifically, it enables a user to blind his secret key
using a (secret) blinding factor, say z, in the sense that the cloud can perform partial decryption
using the blinded key and then return the plaintext masked by z, Thus, the user simply unmasks
it using z. Applying this technique to constantsize ciphertext [11], however, results in a plaintext
masked not only by z but also other elements that are needed for final decryption but unknown to
the user. Therefore, the user can by no means recover the plaintext correctly. Li et al. [16]
proposed a method to simultaneously achieve short ciphertext and outsourceable decryption
functionalities. However, their scheme significantly limits the access control capabilities because
a user can decrypt a ciphertext if and only if the attributes assigned to him is the same as the
attributes in the access policy. Third, secret keys could be easily abused by illegal key sharing
among unauthorized users [17], [18]. In this case, authorized but malicious users may collude
with unauthorized users to illegally share their secret keys. Then, the unauthorized users would
freely access IoT data in the cloud. Previous studies tackled the key leakage problem by
proposing traceable ABE [6], [19], [20], [21], [22], [23], [24], [25]. Unfortunately, most of the
traceable ABE schemes focus only on detecting original key owners. That is, once secret keys
are shared by dishonest users, the shared key holders still freely enjoy unauthorized access to
encrypted data in the cloud. Furthermore, traceability alone is of no use to preventing key
leakage due to several practical key recovery attacks such as side channel analysis1 [26], [27].
Similarly, key revocation cannot be a possible solution for the shared (or leaked) key problem
because the shared (or leaked) key holders are still able to use the key to access and recover data
until it is revoked. Overall, designing a secure and efficient access control scheme that resolves
the above problems is a pivotal issue in cloud-based IoT management systems. In this paper, we
propose an efficient and secure cloudbased IoT data management scheme using our novel
CPABE construction. The proposed scheme features efficient storage and bandwidth
management, and capability of tracing traitors if they illegally share their secret keys. The cloud
server can perform a significant part of the computational overhead related to decryption via a
user-specific transformation key. This key is crucial in forbidding unauthorized access by a
shared (or leaked) key holder because the proposed access mechanism of the IoT data works as
follows: the cloud (1) authenticates the identity of the key holder, (2) partially decrypts the
ciphertext using the key holder’s transformation key, and (3) returns the partially decrypted
result. Note that the transformation key is closely associated with the key holder, who can
recover the plaintext from the partially decrypted ciphertext if and only if he is the original
owner of the attribute key. Therefore, the other users who illegally hold the shared (or leaked)
keys are unable to obtain the plaintext.
CHAPTER 2

LITERATURE SURVEY

Shubham Chandugade, Prachi More, Shaikh Mohammad, Shafiq Rafiq “Survey on

lightweight secured data sharing scheme for cloud computing” [1]. To overcome the challenge to
share the data security over the cloud in [1] authors have used combination of attribute-based
encryption and byte-rotation encryption algorithm for encrypting the data before sending it to the
cloud. This will help the user to securely store and share the data in encrypted form. Cloud has been
around for two decades and it consists of the vast amount of data from all over the world. Most of the
people at a personal level and organization level have moved their data to the cloud and share data
across all around the world. The main challenge faced by everyone is to share the data all over the
world or at organizational level securely without giving away the important data to any exploiters.
To overcome the challenge to share the data securely over the cloud, an efficient data encryption
algorithm for encrypting data before sending it to the cloud.

In [1], author have used a combination of Attribute-Based Encryption and Byte Rotation
Encryption Algorithm for encrypting the data before sending it to the cloud. Thi will help the
user to securely store and share the data in encrypted form.

Attribute-based encryption (ABE) i proposed by Sahai and Waters. Attribute-based

encryption (ABE) i a moderately late approach that re-evaluate the idea of public key
cryptography. Attribute-based encryption is also referred to as ABE is a sort of public-key
encryption wherein the secret key of a person and the cipher-text is established upon attributes. In an
ABE, a person’s keys and cipher-texts are labeled with units of descriptive attributes and a
symmetric key can decrypt a selected cipher-text only if there's a match between the attributes of the
cipher-text and the person’s key. It reduces the quantity of key used and hence makes encryption
and decryption technique faster.

Chandini patel, Sameer Singh Chaubhan, Bharesh Patel “A data security framework for
mobile cloud computing “[2]. There are numerou cryptographic technique and algorithm are
available to provide the data security and privacy to mobile user’ data for firmly stored on public
cloud storage servers. Goals of these data security schemes are on the reduction of the
computational complexity of the cryptographic methods and algorithms for providing security,
confidentiality and integrity services. Entire security operations are executed on the mobile device
which helps to provide confidentiality of user’s private data and improve the security of private
data. In the proposed data security framework, Authors used three different cryptographic
implementation techniques for improving the security and privacy of data which are as follows:

 Counter modes of block-based Encryption and Decryption: The CTR mode of operation is
used to provide energy efficient cryptographic functions by using simply XOR operations
on Blocks and keys. This technique also offers - some advantages and security as compared
to other chaining block modes of operations.
 MAC- Message Authentication Code: This cryptographic mechanism is used for validate
the integrity of file or data. Standard hash function is used to generate the integrity key from
Password provided by mobile user.
 Blowfish Symmetric Cryptographic Algorithm: This symmetric cryptographic algorithm is
used to improve the security of data. These algorithms present high execution speed and
throughput. It also consumes less energy for execution as compared to other symmetric
algorithms.

Zhibin Zhou, Dijiang Hua “Efficient and secure data storage operation for mobile cloud
computing” [3]. In a mobile cloud computing system, lightweight wireless communication devices
extend cloud services into the sensing domain. A common mobile cloud secure data service is to
inquiry the data from sensing devices. The data can be collected from multiple requesters, which
may drain out the power of sensing devices quickly. Thus, an efficient data access control model is
desired. Author presents a novel Privacy Preserving Cipher Policy Attribute-Based Encryption (PP-
CP-ABE) to protect sensing data. Using PP-CP-ABE, light-weight devices can securely outsource
heavy encryption and decryption operations to cloud service providers, without revealing the data
content. Second, propose an Attribute Based Data Storage (ABDS) system as a cryptographic
group-based access control mechanism. Performance assessments demonstrate the security
strength and efficiency of the presented solution in terms of computation, communication, and
storage. In [3], authors present a secure data inquiry framework for mobile cloud computing that
includes two major components which are as follows:
  A Privacy Preserving CP-ABE (PP-CP-ABE) scheme.
 An Attribute-Based Data Storage (ABDS) scheme that achieves information theoretical
optimality.

Using PP-CP-ABE, users can securely outsource computation intensive CP-ABE

encryption and decryption operations to the cloud without revealing data content and secret keys. In
this way, lightweight and resource constrained devices can access and manage data stored in the
cloud data store. The ABDS system achieves scalable and fine-grained data access control, using
public cloud services. Based on ABDS, user’s attributes are organized in a carefully constructed
hierarchy so that the cost of membership revocation can be minimized. Moreover, ABDS is suitable
for mobile computing to balance communication and storage overhead and thus reduces the cost of
data management operations (such as upload, updates, etc.) for both the mobile cloud nodes and
storage service providers.

Abdul Nasir Khan, M.L.Mat.Miah, Samee.U.Khan, Sajad.A.Madani “Towards secure

mobile cloud computing”[4]. To have an in depth understanding of Mobile Cloud Computing
(MCC), it is necessary to get a complete grasp on cloud computing .Cloud computing provides a
new computing paradigm that delivers IT as a service. The objectives of the new computing
paradigm are to increase capacity and capabilities at runtime without investing in new
infrastructure, licensing new software, and training new recruits. Cloud service provider permits
customers to utilize cloud services on the fly in pay-as-you-go manner through the internet.

The service may be Infrastructure a a Service (IaaS), Data storage a a Service (DaaS),
Communication a a Service (CaaS), Security a a Service (SaaS), Hardware a a Service (HaaS),
Software a a Service (SaaS), Busines a a Service (BaaS), and Platform a a Service (PaaS). There
are variou layered architecture available for cloud computing to provide the aforementioned
service a a utility. Cloud’ backbone layer consist of physical server and switches. The cloud
service provider i responsible to run, manage, and upgrade cloud hardware resource according to
the requirement of users. The backbone layer i also responsible to allocate hardware resource to
user in an efficient, quick, and smooth way. The supervisor software layer contain the system
software to manage the cloud hardware resources.
 The system software permits application software to run and utilize underlying resources in
an efficient way. The various implementations of supervisor software include: (a) operating system,
(b) hypervisor, and (c) middleware. The operating system manages the computer hardware
resources and provides an interface for interaction of user and application software with hardware
resources. The hypervisor is system software that allows users to remotely create virtual machines
on cloud server(s) at runtime. The virtual machine has user defined hardware specifications and a
software stack. The virtualization process improves the availability of the user’s hosted services
even in case of hardware failure. The virtual machine with the entire software stack can be migrated
to another server with negligible unavailability of hosted services. This Survey paper critically
investigate different security frameworks proposed for the mobile cloud computing environment
and most of the discussed security framework overlooked the tradeoff between the energy
consumption on the device and the expense of using cloud resources while designing a security
framework.

A.Jyothi, Dr.B.Indira “Secure storage distribution and processing of IoT based data through
mobile cloud computing”[5]. The Internet of Things (IOT) is an interconnection of various devices
embedded with sensors, software and electronics, which connects to the internet through one of the
communication channels -A mobile application. Although through mobile, data can be stored,
distributed and processed but, due to the high volumes of data generated by IOT devices, a resource
poor device like mobile would not able to handle the large data and should resort to the cloud for
data storage, distribution, processing. Cloud has huge resources and provides many services for
data. With aforementioned features of the cloud some security challenges are also inherited.
Security and privacy of the data from the IOT devices plays a vital role as it would be stored on the
cloud and a vast number of data storage and data security techniques have been proposed.

In [5], a survey is made on the various methods used for secured storage of data using
Mobile Cloud Computing (MCC). The main interface of interaction between IOT and the user are
the mobile devices such as smart phones, multiple connectivity options including Wi-Fi, Bluetooth,
cellular and NFC that enable them to communicate to other devices or sensors. It is these default
qualities of mobile devices that put them at the core of the IOT. Mobile apps can interact with the
IOT by functioning as a remote to IOT devices. The data required to operate the IOT devices can be
enabled by communicating through the mobile application.
 In [5], authors present some of data security, storage and distribution mechanisms, such as it
explains that the encryption alone is not the solution for data security because traditional data
encryption scheme limits the data access by only allowing the user with corresponding decryption
key to read the data. so, to have an efficient data sharing with access control over the private data in
the cloud, advanced cryptographic encryption schemes such as broadcast encryption (BE),
Attribute-based encryption (ABE), Proxy encryption (PRE) have been employed in the design of
cloud storage system.

Abdul Nasir khan,M.L.Mat Kiah, Mazha Ali, Shahaboddin Shamshiband, Atta-ur-Rehman

Khan “A cloud-manager based re-encrypted scheme for mobile user in cloud environment a hybrid
approach”[6]. Cloud computing is an emerging computing paradigm that offers on-demand,
flexible, and elastic computational and storage services for the end-users. The small and medium-
sized business organization having limited budget can enjoy the scalable services of the cloud.
However, the migration of the organizational data on the cloud raises security and privacy issues.
To keep the data confidential, the data should be encrypted using such cryptography method that
provides fine-grained and efficient access for uploaded data without affecting the scalability of the
system. In mobile cloud computing environment, the selected scheme should be computationally
secure and must have capability for offloading computationally intensive security operations on the
cloud in a trusted mode due to the resource constraint mobile devices. The existing manager-based
re-encryption and cloud-based re-encryption schemes are computationally secured and capable to
offload the computationally intensive data access operations on the trusted entity/cloud. Despite the
offloading of the data access operations in manager-based re-encryption and cloud-based re-
encryption schemes, the mobile user still performs computationally intensive paring-based
encryption and decryption operations using limited capabilities of mobile device.

In [6], authors have proposed Cloud-Manager-based Re-encryption Scheme (CMReS) that

combines the characteristics of manager-based re-encryption and cloud-based re-encryption for
providing the better security services with minimum processing burden on the mobile device. The
experimental results indicate that the proposed cloud-manager-based re-encryption scheme shows
significant improvement in turnaround time, energy consumption, and resources utilization on the
mobile device as compared to existing re-encryption schemes. In this paper authors have proposed
cloud-manager-based re-encryption scheme (CMROS) that combines the characteristics of
manager based re-encryption and for cloud-based re-encryption for providing the better security
services with minimum processing burden on the mobile device .The experimental results indicate
that the proposed cloud-manager-based re-encryption scheme shows significant improvement in
turnaround time, energy consumption and resources utilization on the mobile device as compared to
existing re-encryption scheme.

Atefeh Mohseni Eiyeh, Maede Ashouri Talouki, Mojtaba Mahadavi “An incentive aware
lightweight scheme secure data sharing scheme for D2D communication in 5G cellular network”
[7]. The fifth generations of cellular networks are called 5G. Mobile data traffic is growing at an
extraordinary rate, especially video, which is predicted to comprise 75% of data traffic by arriving
the 5G. Video data is transmitted among many services and applications from social networks and
video games to public safety services. Given the anticipated growth of mobile traffic in cellular
networks by the arrival of 5G, the demand for traffic offloading approaches becomes an inevitable
problem for mobile operators. Among the several approaches proposed to address this problem,
Device-to-Device (D2D) communication appears to be a satisfactory solution.D2D communication
refers to direct communication between devices in cellular networks, established either under the
control of operators or directly by the users the operator has zero involvement at the user plane side
1. Inherently, allowing devices to directly connect to one another is associated with certain security
and privacy vulnerabilities. Despite the advantages of D2D communication for services such as live
video streaming or data sharing, only a few efforts have been made to address the related security
and availability challenges.

In [7], authors have proposed a secure data sharing scheme to securely share the intended
multimedia content in D2D communication.D2D communication relies strongly on user
cooperation, so a good incentive scheme can prevent free riding behaviors that harm user’s
motivation for cooperation. Besides, adopting D2D communication in applications such as data
sharing, could turn out to be a win-win situation for both users and operators if a pricing mechanism
is considered for users who get involved in data sharing. In this paper authors have proposed an
incentive-aware lightweight secure data sharing scheme for D2D communication. With the
explosion of smart devices, data traffic over cellular networks has seen an exponential rise in recent
years so device to device communication is a promising solution to boost the capacity of cellular
networks and alleviate the heavy burden on backhaul links.
 However, direct wireless connections between devices in D2D communication are
vulnerable to certain security threats so authors have considered the major security challenges of the
data sharing scheme including data confidentiality, integrity, detecting message modification, and
preventing the propagation of malformed data authors have also applied the concept of “virtual
check” as an incentive mechanism to motivate user’s involvement in the process of data sharing.

Pratika Singh, Dr Harshdev “A security access control mechanism for outsourced data in
mobile cloud computing environment” [8]. Growth of Mobile devices and then the fast
development of mobile application has directed to the development of technology such as Mobile
Cloud Computing. The MCC is a blend of mobile and cloud computing. Different researchers have
defined this new technology differently. Mobile Cloud computing forum defines Mobile cloud
computing as "Mobile cloud computing refers to an infrastructure where both the data storage and
data processing happing outside of the mobile devices". Altogether, MCC utilizes the capabilities of
Cloud computing, Mobile computing and the wireless infrastructure, and provides vast storage for a
mobile user plus “always-on” connectivity for their personal and corporate data. As far as MCC
architecture is concern there are two servers in the cloud, the first gateway cloud servers that take
requests from the mobile clients and depending upon the services demanded use the second back-
end servers to serve the request.

The traditional boundaries of Mobile computing are stunned by the virtualization and
scalability of the cloud resources. Merging the two environments that is cloud computing and
mobile computing. As the mobile cloud computing opens the door for the threat of data security and
present solutions has their drawbacks such as flexibility, scalability and overloaded key distribution
computation and also some solutions are not applicable in mobile cloud environment. In this paper
authors have proposed an “Access control mechanism” which is not only lightweight with
minimum computation overhead but also less expensive in nature and gives access right for data
sharing. Authors have used out of band mobile authentication for data sharing which enables
dynamic scalability, client-side encryption and decryption and lessen overhead as compared to
existing solutions.
 Maheshwari U, Vingrablek R, Shaprio W “Attribute –based fine-grained access control
with efficient revocation in cloud storage system” [9]. Authors frameworks a door control structure
for conveyed capacity frameworks that accomplished fine-grained get with control perspective
about a balance cipher text policy attribute-based encryption methodology in the recommend
conspire, a proficient characteristic refused techno babble may be suggested on adjusting of the
changing transforms for client’s door reductions to immense scale frameworks. The examinations
show that suggested get should control plot is probably secure in the discretionary prophet model
and proficient should make associated with preparing.

Kan Yang, Xiao hua Jia, Kul Ren “Achieving usable and privacy achieved similarity search
over outsourced cloud data” [10]. Authors have examined the issue for secure what is more
compelling similarly search again outsourced cloud data. Likeness search is the vital further more
extra ordinary instrument flying arrangement initial endeavors a smothering strategy with fabricate
stockpiling profitable likeness catchphrase set from a provided for record accumulation, for
adjusting uproots as that similarity metric. The perspective of that, authors toward that purpose
amass a private tri-navigate gazing document what’s more hint at it viably accomplishes those
described similarity look convenience steady chase duration of the time multifaceted nature.

Sandip Roy, Santanu Chatterjee, Ashok kumar Das “Secure and efficient lightweight user
authentication protocol for mobile cloud computing” [11]. Secure and efficient lightweight user
authentication protocol for mobile cloud computing becomes a paramount concern due to the data
sharing using Internet among the end users and mobile devices. Mutual authentication of a mobile
users and cloud service provider is necessary for accessing of any cloud services. However,
resource constraint nature of mobile devices makes this task more challenging. Propose a new
secure and lightweight mobile user authentication scheme for mobile cloud computing, based on
cryptographic hash, bitwise XOR and fuzzy extractor functions. Through informal security analysis
and rigorous formal security analysis using random oracle model, it has been demonstrated that the
proposed scheme is secure against possible well-known passive and active attacks and also provides
user anonymity. Moreover, provides formal security verification through simulation for the
proposed scheme. Also, have done authentication proof of proposed scheme using the Burrows-
Abadi-Needham (BAN) logic.
 Since the proposed scheme does not exploit any resource constrained cryptosystem, it has
the lowest computation cost in compare to existing related schemes. Furthermore, the proposed
scheme does not involve registration center in the authentication process, for which it is having
lowest communication cost in compare to existing related schemes. Provides the formal security
proof through the ROR model and also the formal security verification through the ProVerif 1.93
simulation tool overall, high security and low communication and computation costs make the
proposed scheme very suitable for the practical applications in the mobile cloud computing domain.
Maria Almulhim, Noor Zaman” Proposing secure and lightweight authentication scheme
for IoT based E-health applications Advanced Communication Technology” [12].
The Internet of Things (IoT) is the collection of connected smart devices\objects through internet
network. The rapid development of IoT and vast expansion of wireless technologies unfold the new
chances of growth in several domains such as, Education, Transportation, Agriculture, and
especially in the Healthcare sector. Introducing the IoT through healthcare applications fetch
several benefits, including cost savings through lowered hospital visiting costs, health care provider
costs, transportation costs, human resource costs and the insurance costs. It leads to an added
advantage of improved quality care in health care.

However, increasing use of the IoT services in E-health applications has led to increase the
concerns of security and privacy, especially in healthcare domain. In fact, healthcare applications
are prone to data breaches and widening issues in security aspects owing to increasing number of
access points to sensitive data through electronic medical records, as well as the rising popularity of
wearable technology. For example, of these issues, authentication of the different connected
entities, energy efficiency and exchanged data confidentiality form the major concerns for users.
Therefore, the successful deployment of IoT-based E-health application rely on overcome the
major security concerns for the users which needs to be addressed in energy efficient way. Though a
number of researches have conducted for lightweight secure authentication, there is still a great
room for further research to address security challenges as well as its energy efficiency for those
security authentication schemes in IoT. There is a great need to design and develop a lightweight
secure authentication model, which offers significant security level against multiple attacks such as
mainly: Impersonation attacks, man in the middle attack and unknown key sharing attacks for IoT
base E-health domain.
 In [12], authors have proposed a secure group-based lightweight authentication scheme for
IoT based E-health applications, the proposed model will provide mutual authentication and energy
efficient, and computation for healthcare IoT based applications. Which will use elliptic curve
cryptography (ECC) principles that provide mentioned featured of suggested model.

Vingralek R, Maheshwari U, Shaprio W “How to fabricate a trusted database framework on

un-trusted capacity” [13]. It can recognize the issue of guaranteed dependability of data an un-
trusted server within the sight of value-based updates that run specially on the database, and build
up the principal answers for this issue.

Shuyu Li, Jerry Gao “Moving from mobile databases to mobile cloud data” [14]. Recently,
mobile cloud computing has been named as the top one emerging technology in 2014 by IEEE
Computer Society. This brings a strong demand on new emergent mobile data service solutions and
technologies in the wireless world and implies that more innovative mobile data service solutions
are needed to support on-demand elastic and large-scale mobile data service requests. In this paper
authors focuses on mobile data service topic. It first analyzes the existing research results on mobile
data services. Then, it discusses cloud-based mobile data service solutions. Finally, the paper
examines the issues and challenges on mobile data service in mobile cloud computing. There are a
number of research issues, challenges, and needs for mobile data services in mobile cloud
computing. Authors discuss them in three different areas: privacy and
security in mobile data service, multi-tenancy and customization in mobile data service, mobile
data transaction management.
Nitin Naik, Paul Jenkins A Secure mobile cloud Identity: Criteria for effective identity and
access management standards [15]. Managing digital identities and access control for cloud users
and applications remains one of the greatest challenges facing cloud computing today. This led to a
new cloud security service paradigm called identity and access management (IAM) service,
Identity-as-a-Service (IDaaS). Many IAM standards have been proposed in the last two decades:
Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS), OZ
Protocol, Security Assertion Markup Language (SAML), CoSign Protocol, Open Authentication
(OAuth), and OpenID Connect (OIDC).
 However, Mobile Cloud Computing (MCC) IAM requirements are somewhat different due
to its resource limitations and mobile communication. It may not be necessary that the same IAM
standards are equally effective for MCC. To determine the appropriateness of these IAM standards
for MCC requires some IAM performance evaluation criteria. Therefore, this paper proposes
several evaluation criteria for an effective IAM standard for MCC.
 SYSTEM SPECIFICATION
HARDWARE REQUIREMENTS:

 System : Intel(R) Core (TM) i5-7200U CPU @2.50GHz 2.70GHz

 Hard Disk : 1 TB.

 Monitor : 14’ Colour Monitor.

 Mouse : Optical Mouse.

 Ram : 8.0 GB.

SOFTWARE REQUIREMENTS:

 Operating system : Windows 7 Ultimate.

 Coding Language : Java.

 Front-End : Eclipse.

 Data Base : MySQL.

CHAPTER 6

SYSTEM DESIGN AND METHODOLOGY

Retrieve Attribute details

Request Attribute details

Share key
Data details Key Data
owner request user

Trust
authority

Encrypt Decrypt
Upload Download
Data files Data files

Cloud
server DSP
ESP

Fig 6.1 Lightweight Data Sharing Scheme Framework

The Fig 6.1 demonstrate the method of file storage in the cloud in encrypted format
(encryption using AE or Idea algorithm). If data owner want to upload a file then that file ha to
encrypted before uploading it to the cloud. The proposed method include proxy server’ ESP and
DSP for file encryption and decryption respectively. And trusted authority (TA) i responsible for
generating the keys. The flow of thi work i a shown in fig 6.2.
 FLOW DIAGRAM

Send attribute key Cipher Data

Data files
Owner Data
User
Attribute key
No request
No
Login
Login
Yes
Yes

Encrypted Upload Attribute

Data Files Key Attribute Decrypted
Key Data
Share key
details
Encryption Cloud
Server Trusted authority Decryption
Server
Provider Server
Provider

Download data files

Fig 6.2 System Flow Diagram

Thi proposed method i comprised of different module which are a follows:

 Data Owner

 Encryption Server Provider

 Trust Authority

 Cloud Server

 Data User
  Decryption Server Provider

MODULE DESCRIPTION

1. Data Owner
 First of all, Data owner must register details.

 After the successful login, Data owner can do the further processing.

 In registration process, Data owner fill the following details, Name, User name, Password
and the confirm password.

 Data Owner handle the following process.

 Key Generation – Generate the public key based on attribute value. And get a
permission from Trust Authority.

 Encryption – Using public key and attribute value data file will be encrypted.

 Upload – Encrypted file are uploaded to the cloud server.

2. Encryption Server Provider

 Before encrypting the file, Data owner get permission from Trust Authority.

 Then the Data owner can encrypt data files.

 Based on attribute and public key value, the data file are successfully encrypted.

3. Trust Authority
 Trust Authority grant permission to acces and generate public key value to the Data
owner and Data user.

 Data owner pas a request to acces public key for encryption process.

 After getting permission, data user send a request to data owner.

 Data owner can view the current user id and name.

 Data owner ha two option, these are Accept and Reject.

 If data owner choose accept then only data user can retrieve the key and attribute value.
4. Cloud Server
 Cloud server act a an intermediate between the Data owner and Data user.

 Before upload/ download proces we start a cloud server.

 Data owner upload encrypted file to cloud server.

 Data user can get the file from the cloud server if it ha a valid attribute key value.

5. Data User
 First of all, Data user must register details.

 After the successful login, Data user can do the further processing.

 In registration process, Data owner fill the following details, Name, User name, Password
and the Confirm password.

 Data user handle the following process.

 Key Request – Get the permission from Trust Authority to acces the public key
based on attribute value.

 Download– Download the encrypted file from the Cloud server.

 Decryption – Decrypt cipher file.

6. Decryption Server Provider

 It i a main part of data user side.

 Data user first give a decryption request to DSP.

 After get a permission, data file are decrypted using attribute-based encryption algorithm.
REFERENCE

[1] Shubham Chandugade, Prachi More ,Shaikh Mohammad, Shafiq Rafiiq: Survey on lightweight
secured data sharing scheme for cloud computing.IRJET 2017 p-ISSN:2395-0072

[2] Chandinipatel , Sameer Singh Chaubhan, Bharesh Patel:A data security framework for mobile
cloud computing. IJARCCE vol 4,issue 2,2015 p-ISSN:2319-5940

[3] Zhibin Zhou, Dijiang Hua:Efficient and secure data storage operation for mobile cloud
computing.2012 8th International Conference on Network and Service Management.

[4] Abdul Nasir Khan, M.L.Mat.Miah, Samee.U.Khan, Sajad.A.Madani: Towards secure mobile
cloud computing www.elsevier.com/locate/fgcs

[5] A.Jyothi, Dr.B.Indira: Secure storage distribution and processing of IoT based data through
mobile cloud computing. 2017 IJARSE volume 6 special issue(01) ISSN 2319-8354

6] Abdul Nasir kkhan, M.L.MatKiah, Mazha Ali, Shahaboddin Shamshiband, Atta-ur-Rehman

Khan. A cloud-manager based e-encrypted scheme for mobile user in cloud environment a hybrid
approach- Grid Computing DOI 10.1007/s10723-015-9352-9 Springer Science+ Business Media
Dordrecht 2015

7] Atefeh Mohseni Eiyeh , Maede Ashouri Talouki, Mojtaba Mahadavi- An incentive aware
lightweight scheme secure data sharing scheme for D2D communication in 5G cellular network –
The ISC International Journal of Information Security(pp.15-27)

8] Pratika Singh, Dr Harshdev- A security access control mechanism for outsourced data in mobile
cloud computing environment-International Journal of Innovative Research in Advanced
Engineering (IJIRAE) ISSN;2349-2763

9] Maheshwari U, Vingralek R, Shapiro W. How to build a trusted database system on untrusted

storage.in: Proceedings of the 4th conference on Symposium on Operating System Design &
Implementation-Volume 4. USENIX Association, pp. 10-12, 2000

10] Kan Yang, Xiao hua Jia, Kui Ren: Attribute-based fine-grained access control with efficient
revocation in cloud storage systems. ASIACCS 2013, pp. 523-528,2013.

11] Sandip Roy, Santanu Chatterjee, Ashok kumar Das on the design of provably secure lightweight
remote user authentication scheme for mobile cloud computing services’ in IEEE Access,2017
(2016 SCI impact factor:3.224)
12] Maria Almulhim, Noor Zaman proposing secure and lighthweight authentication scheme for
IoT based E-health applications advanced communication technology (ICAVCT0, 2018 20th
international conference on 11-14 Feb.2018

13] Maheshwari U, Vingralek R, Shapiro W. "How to build a trusted database system on untrusted
storage. in: Proceedings of the 4th conference on Symposium on Operating System Design &
Implementation-Volume 4". USENIX Association, pp. 10-12, 2000.

14] Shuyu Li, Jerry Gao Moving from mobile databases to mobile cloud data services 2015 3rd IEEE
international conference on mobile cloud computing services and engineering

15] Nitin Naik, Paul Jenkins A Secure mobile cloud Identity: Criteria for effective identity and
access management standards 2016 4th IEEE international conference on mobile cloud computing
services and engineering (mobile cloud).

16] Shamir A. How to share a secret. Communications of the ACM,1979, 22 (11): 612-613

17] Sahai A, Waters B. Fuzzy identity based encryption. in: Proceedings of the Advances in
Cryptology. Aarhus, Denmark: Springer-Verlag, pp.457-473, 2005.