International Journal of Scientific Research in Engineering and Management (IJSREM)

Volume: 07 Issue: 04 | April - 2023 Impact Factor: 8.176 ISSN: 2582-3930

DUAL ACCESS CONTROL FOR CLOUD BASED DATA

STORAGE AND SHARING

Dr. R. PREMA1, GOSTU SIVA KUMAR2, GOWRISETTI SAI PRAVEEN3

1Assisstant professor, Department of Computer Science and Engineering, SCSVMV, Kanchipuram
2 B.E graduate (IV year), Department of Computer Science and Engineering, SCSVMV, Kanchipuram
3 B.E graduate (IV year), Department of Computer Science and Engineering, SCSVMV, Kanchipuram

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
potential contenders for securing data in cloud-based
storage services. In specifically, Ciphertext-Policy
ABSTRACT ABE (CP-ABE) offers a reliable method of data
encryption that enables the specification of access
Due to its effective and affordable administration, policies, which specify the rights of possible data
cloud-based data storage has recently attracted receivers, over encrypted data. Please take note that
growing interest from academia and business. As in this research, we examine the usage of CP-ABE in
services are delivered via an open network, it is our method. Nevertheless, using the CP-ABE
critical for service providers to adopt secure data approach alone is insufficient to create a
storage and sharing mechanisms to protect user sophisticated system that ensures the control of both
privacy and the confidentiality of data. The most data access and download requests.
popular technique for preventing the compromise of
sensitive data is encryption. The practical necessity Objective:
for data management, however, cannot be
adequately addressed by just encrypting data. The primary goal of this project is to offer uploaded
Moreover, a strong access control over download data. Data owners alone will be in charge of dual
requests should be taken into account to prevent access control; no outside parties are involved. They
Economic Denial of Sustainability attacks from will obtain the data that was uploaded to the cloud at
being conducted to prevent users from using the the request of data users with the assistance of data
service. Each of the two dual access control systems owners. The cloud service encrypts the data and
is intended for a different planned context.We create distributes the key to the data consumers.
a technique for controlling download requests
without sacrificing security or effectiveness. There is Scope of the Project:
also a presentation of the systems' experimental and
security analyses. The project's primary objective is to provide a
privacy-enabled and secure cloud project that will be
used by AMAZON WEB SERVICES (AWS).
Keywords: Cloud-based data sharing, Access Services include preventing Denial of Sustainability
Control, Cloud Storage Service, Attribute Based assaults and providing privacy, encryption, and
Encryption. encryption.

Introduction: 1. Key management and encryption

2. Portability and interoperability
The Cloud-based storage has received a lot of
attention in recent years, and businesses now choose 3. Management of Identity, Entitlement, and Access
to outsource their data to remote clouds in order to
avoid having to upgrade their local data management 4. The architectural framework for cloud computing.
infrastructure and/or equipment.
5. Security as a service
We suggest a brand-new system called dual access
control to address the two issues outlined above.
Attribute-based encryption (ABE), which permits
the secrecy of outsourced data as well as finegrained
control over the outsourced data, is one of the

© 2023, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM18918 | Page 1

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 07 Issue: 04 | April - 2023
Existing System:
The current method compromises security and
privacy by utilizing standard servers to store and
share data. There is a danger that our data will be
stolen. This is the primary flaw in the current
method, thus to get around it, we may use the
suggested solution.
Drawbacks :
• It makes extensive use of arithmetic.
• Reduced security.
• Analysis of the saved document is
challenging.
• The length of time it takes to search through
the database of saved documents is linear.
Literature Review:
For flexible data exchange, attribute-based
encryption and searchable encryption are combined.
Safe cloud storage is regarded as one of the most
critical problems that both enterprises and end users
must address before transferring their sensitive data
to the cloud. Recently, we've seen several intriguing
techniques based on either the promising notion of
Symmetric Searchable Encryption (SSE) or the well-
studied topic of Attribute-Based Encryption (ABE).
In the first scenario, researchers are attempting to
build protocols that would safeguard users' data from
both internal and external threats while ignoring the
issue of user revocation. In the second scenario,
however, current alternatives handle the issue of
revocation.
The overall efficiency of these systems is
jeopardized, however, because the suggested
protocols are purely based on ABE schemes, and the
quantity of the created ciphertexts and the time
required to decrypt rises in direct proportion to the
complexity of the access formula. In this research,
we present a protocol that combines SSE and ABE
while using the fundamental benefits of each
approach. The proposed protocol allows users to
search directly over encrypted data using an SSE
method, while the matching symmetric key required
for decryption is safeguarded using a Ciphertext-
Policy Attribute-Based Encryption scheme. and
searchable encryption to allow for more flexible data
exchange.
© 2023, IJSREM | www.ijsrem.com
Impact Factor: 8.176 ISSN: 2582-3930
Problem Statement:
As the key management server only contains the
document metadata in encrypted format and the
application server will have encrypted documents, a
cloud administrator won't be able to decrypt any
documents. The papers will remain secure as a
consequence. For dual access control, we proposed
an identity key verification technique.
The goal of this project is to provide a Secured and
Privacy-Enabled The privacy, encryption, and
decryption services provided by cloud projects
prevent Deny of Sustainability assaults.
Proposed System:
In the proposed system, we suggest a novel method
in the proposed system called dual access control.
One of the potential options for securing data in
cloud-based storage services is attribute-based
encryption, which allows for both fine-grained
management and the secrecy of outsourced data.
Process:
STEP-1: Install the necessary applications
STEP-2: Defining the links to the databases.
STEP-3: Establish all of the database tables needed for
this project.
STEP-4: Redesign the HTML and CSS pages.
STEP-5: Construct the project using the modules.
STEP-6: Launch the Python program (app.py), copy
the link, paste it in any browser, and then proceed as
directed.
Architecture:
Our dual access control system topologies for cloud
data sharing are displayed. The systems specifically
include the following entities.
DOI: 10.55041/IJSREM18918 | Page 2
 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 07 Issue: 04 | April - 2023 Impact Factor: 8.176 ISSN: 2582-3930

• Initializing system parameters and data user 3.Cloud Provider:

registration are the responsibility of the authority. Login
Also, the initial suggested construction deals with the Cloud provider can login with his/her credentials.
cloud call request. View Files:
Cloud can view all uploaded files.
View Users:
• Data owner wants to outsource his data to the cloud Cloud can view all the users details to give
and currently retains the data. Particularly, data
permission for login the website.
owners only like to disclose their data with those who
View Data Providers:
meet specific requirements (e.g., professors or
Cloud can view all the data providers details to
associate professors). After their data has been
give permission for login the website.
transferred to the cloud, they will be offline. Send Key request to Authority:
Cloud gets a key from authority and send to the
• A user of data wishes to download and decode authority.
encrypted data that has been shared in the cloud. The
encrypted file may be downloaded by those with 4. Authority:
permission, who can then decode it to view the Login:
plaintext. Authority login and view users and give
authorization to users.
Generate key to users:
• Both data owners and consumers may save their data Authority generate key to users.
easily in the cloud. In particular, it manages the
download requests made by data users and maintains
the data users' outsourced data. Methodology:

• The cloud's call request is handled by Enclave. • Collecting and analysis of needs – at this stage,
all potential system requirements are gathered
and recorded in a requirement specification
document.
Module Description: • System Design – In this step, the required
specifications from the previous phase are
1. Data Owner : examined, and the system design is created. In
Register: addition to describing the overall system
Data owner can Register and login with valid architecture, this system design aids in
credentials identifying the hardware and system
Upload File: requirements.
Data provider can upload the file.
View File: • Implementation: Using feedback from the
Data Owner can view uploaded file once means system design, the system is initially created as
whether the file is correctly uploaded or not. a series of compact programmes known as units.
These units are then merged in the next step.
2. Data User : Unit testing is the process of developing and
Register: evaluating each unit for functionality.
Data user can do registration with his details. • Integration and Testing – Following the testing
Login: of each unit created during the implementation
The user needs to register and the data stored in phase, the entire system is integrated. The
MySQL database. entire system is tested for errors and failures
Search a File: after integration.
Data user can search a file based on the keyword ,if
• System deployment – After functional and non-
file is available then user can view file and send
request to cloud to download the file. functional testing, the product is either provided
Get Key & Download to customers or deployed in their environments.
Once User Request can accept get the key to cloud • Maintenance – The client environment
provider user can download the file. occasionally experiences problems. Patches are
published to address certain problems.
Moreover, various improved versions of the

© 2023, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM18918 | Page 3

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 07 Issue: 04 | April - 2023 Impact Factor: 8.176 ISSN: 2582-3930

product have been launched. To bring about Result :

these changes in the surroundings of the
consumer, maintenance is performed.

Implementation :
This explains how the system functions. When we
have loaded all the libraries, the data owners will
upload and store the data to the cloud. Afterwards,
people who require the data will submit requests to
the data owners. The data owners will then see the
request.

Requirement specifications:
● Operating System : Windows 7/8/9
● IDE : Pycharm
● Server side scripts : HTML, CSS, JS
● Libraries Used : Numpy, IO, OS, sklearn,
Flask
● Technology : Python

© 2023, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM18918 | Page 4

 International Journal of Scientific Research in Engineering and Management (IJSREM)
Volume: 07 Issue: 04 | April - 2023 Impact Factor: 8.176 ISSN: 2582-3930

control in cloudcomputing ", IEEE

Conclusion: Trans. Inf. Forensics Security, vol. 13,
no. 1, pp. 94-105, Jan. 2021.
We showed two dual access control systems and 5. F. Tramer, F. Zhang, H. Lin, J.-P. Hubaux,
addressed an intriguing and pervasive issue with A. Juels and E. Shi, "Sealed-glass proofs:
cloud-based data sharing. DDoS/EDoS assaults Using transparent enclaves to prove and sell
cannot be used against the suggested systems. We knowledge", Proc. IEEE Eur. Symp.
claim that different CP-ABE constructions can Security Privacy, pp. 19-34, 2020.
"transplant" the method utilised to accomplish the 6. J. Han, W. Susilo, Y. Mu, J. Zhou and M. H.
feature of control on download request. The proposed A. Au, "Improving privacy and security in
solutions don't incur a large computational or decentralized ciphertext-policy attribute-
communication overhead, according to the findings based encryption", IEEE Trans. Inf.
of our experiments (compared to its underlying CP- Forensics Security, vol. 10, no. 3, pp. 665-
ABE building block). 678, Mar. 2015.
7. J. Ning, Z. Cao, X. Dong and L. Wei,
"White-box traceable CP-ABE for cloud
We take use of the fact that the secret information
storage service: How to catch people leaking
entered into the enclave cannot be recovered in our
their access credentials effectively", IEEE
improved system. The memory access patterns or
Trans. Dependable Secure Comput., vol. 15,
other relevant side-channel assaults, however,
no. 5, pp. 883-897, Sep./Oct. 2019.
suggest that the enclave may leak part of its secrets to
8. V. Costan and S. Devadas, "Intel SGX
a malevolent host. Hence, the transparent enclave
explained", IACR Cryptol. ePrint Archive,
execution paradigm is shown in. An intriguing
vol. 2016, no. 086, pp. 1-118, 2016.
challenge is creating a dual access control scheme for
9. K. Xue, W. Chen, W. Li, J. Hong and P.
cloud data sharing from a transparent enclave. We'll
Hong, "Combining data owner-side and
take into account the relevant problem-solving
cloud-side access control for encrypted
approach in our next work.
cloud storage", IEEE Trans. Inf. Forensics
Security, vol. 13, no. 8, pp. 2062-2074, Aug.
Future Scope: 2019.
10. W. Susilo, P. Jiang, F. Guo, G. Yang, Y. Yu
The Future scope of this project is to increase the
and Y. Mu, "EACSIP: Extendable access
security and get the data easily by email
control system with integrity protection for
authentication.
enhancing collaboration in the cloud", IEEE
Trans. Inf. Forensics Security, vol. 12, no.
References:
12, pp. 3110-3122, Dec. 2020.
1. A. Bakas and A. Michalas, "Modern family: A
revocable hybrid encryption scheme based on
attribute-based encryption symmetric
searchable encryption and SGX", Proc. Int.
Conf. Secur. Privacy Commun. Syst., pp. 472-
486, 2019.
2. J. Li, Y. Wang, Y. Zhang and J. Han, "Full
verifiability for outsourced decryption in
attribute based encryption", IEEE Trans.
Services Comput., vol. 13, no. 3, pp. 478-487,
May/Jun. 2020.
3. A. Michalas, "The lord of the shares: Combining
attribute-based encryption and searchable
encryption for flexible data sharing", Proc. 34th
ACM/SIGAPP Symp. Appl. Comput., pp. 146-
155, 2019.
4. J. Ning, Z. Cao, X. Dong, K. Liang, H. Ma and
L. Wei, " Auditable \$sigma\$ σ -time
outsourced attribute-based encryption for access

© 2023, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM18918 | Page 5