Attribute based encryption algorithm assignment
WE WRITE ESSAYS FOR STUDENTS
Tell us about your assignment and we will find the best writer for your project
Write My Essay For Me
Order ID 53563633773 Type Essay Writer Level Masters Style APA Sources/References 4 Perfect Number of Pages to Order 5-10 Pages Description/Paper Instructions
Attribute based encryption algorithm assignment
RESEARCH PAPER
Introduction
Cipher on its own can be defined as an algorithm that is usually used together with a plain text to get a ciphertext. Ciphertext therefore is the unreadable outcome or result of the encryption algorithm. The word cipher is most cases used as a substitute for ciphertext. Cyphertext is usually not understandable to the user until it has been decrypted to a plain text using the decryption key mostly known only to the legal and authorized system users in order to protect the information being passed between the communicating parties. There are different types of ciphers
Attribute based encryption algorithm
Attribute-based encryption algorithm is regarded as a current encryption technique with satisfactory grained access regulation in the virtual storage. Attribute-based encryption algorithm is usually categorized into two categories, which are, key-policy attribute-based encryption and the other is ciphertext-policy attribute-based encryption The key-policy attribute-based encryption scheme denotes that the ciphertext is related to an attribute set, and a user’s decryption or encryption key is linked to an access policy. A user is able to decrypt the cipher if the ciphertext’s quality set gratify the access rule of operator’s secret key. The ciphertext-policy attribute-based encryption scheme denotes to that the cipher is linked to an access policy, and an operator’s secret key, connected to an attribute set. An operator is able to decrypt the ciphertext if his attribute set gratifies the access rule in regard to the ciphertext.
The revocation machinery can be categorized into two categories which precisely are; direct revocation mechanism together with indirect revocation mechanism. In direct revocation, the sending party stipulates a revocation list during the encryption of the data. Indirect revocation on the other hand is where the authorized organizations regularly provide key informs to non-revoked operators. At present-day, numerous schemes with the direct revocation has been proposed. Nonetheless most of the proposed schemes only retracts a single feature of the operator, consequently it possibly will not gratify the actual requirements.
An attribute update is an added significant issue of concern in the attribute-based encryption environment. In real life, an operator’s attribute set might require to be be kept upto date over time when their working title role may be altered. For instance, let’s assume that Robert is a corporation employee, then his attribute set is required to be up to date when his working role is endorsed from a programmer way up to a project manager, therefore his previous attribute set 1 = “male, programmer” ought to be changed to a new attribute set 2 = “male, project manager”. In addition, the attribute authority ought to provide an update key to keep Robert’s secret key up to date. In the meantime, the attribute authority’s duty is to ensure ensure that the member of staff Robert cannot further continue with his usage of the previous key linked to the attribute set “male, programmer” to be able to have an access to the ciphertext. Therefore, the keeping the attribute up to date is not a simple procedure. Relatively, other attribute up to date schemes has been proposed. Nevertheless, most of the proposed schemes have a similar issue, the problem is that suppose there is an attribute update of the operator, and in addition many other operator’s secret key and many of ciphertexts linked with this attribute is required to be updated, it will undoubtedly misuse a lot of computational capitals.
To address this issue, there is a feasible solution given in this research paper. The major idea of the solution is that the undisclosed key of an operator is separated into two parts, the first part that is immaterial to attribute is reserved by the operator, and in addition that, the other part which is mosly applicable to attribute is sent to the virtual server. When a trait of any operator requires to be updated, the attribute authority issues an update key to virtual server. At that time virtual server updates only the secret key of this quality for all legal users, and an additional undisclosed key of all operator together with the ciphertexts linked to this attribute need not to be kept up to date. In the end, this method will significantly decrease the work load of the structure.
Even though attribute-based encryption technology delivers an effective way for information confidentiality, until now it brings an added new issue that the operators might find it problematic to search for stimulating data from a massive number of encrypted information. This problem is referred to as keyword search problem. One of the easiest searching approaches is to download altogether every encrypted data in the vicinity and thereby decrypting it, lastly to execute keyword search in plaintext. However, this method will waste huge computational supply and bring a massive cost for operator to do the decryption work.
Types of Attribute-Based Encryption
Content-Based Access Control
In an attribute-based encryption system for content-based admission control qualities will be linked with a ciphertext during encryption of sensitive data. On the flip side a private key will be associated with a policy over these.
Role-based Access Control
An ABE system for role-based access control “flips” the semantics of content-based access control. In such a system, attributes will be associated with a private key and a policy associated with the ciphertext. In such systems the attributes will often be associated with the credentials of a private key holder.
Multiauthority Role-based Access Control
One issue with role-based access control is that in many applications we would like to write access control policies that span across different administrative boundaries. One difficulty with standard ABE is that it requires one authority to hand out private keys.
Ontology-based attributes mapping
Environmental data bases cover a wide variety of fields which are increasingly recovered from heterogeneous immobile and mobile sensors. It is considered critical to assimilate computational intelligence, which includes intelligent information analysis and information-driven decision-making, to resolve the difficulties of human and environmental health risks. Considering the approaching big-data age, the operative use of ecological data for nursing and figuring human and environmental health risks under many challenges. Open data or information standards and open software architypes are crucial concepts to propose the best approaches.
Nevertheless, there is an absence of cloud computing architecture to sustain big-data analytics. Knowledge-based schemes are proposed as the answer for big-information analytics, which includes the application of programmed mode mapping to take care of data-oriented heterogeneity, and also semantic cognitive and ontology abstraction used for innovative dispensation. Cloud computing and supplies can be joint into big-info analytics to deliver more real operations. In order to influence the aptitudes of service-oriented choice sustenance systems, big-info and analytics are put into the cloud. Some innovative cloud-based set-ups are projected to model and evaluate environmental health and dangers.
Sensor web environment
- a) Sensor Web Management Framework
The OGC Observations and Measurements standard is used to encode and archive real-time observation results and values by sensors. OGC Sensor Model Language contains the Extensive Makeup Language schema and standard models for describing sensor systems and procedures. It also offers a list of the information that is needed to discover the sensors, the procedure of low-level observations, and the process attributes. OGC SWE Common Data Model Encoding delimits the low-level data models, which are used for exchanging referred data between nodes.
a) Semantic Sensor Web Management
Ontologies and many other semantic skills can become essential sensor web machineries, because they improve the interoperability and incorporation of semantics, and for the reason that they promote the OGC standard. It is significant to create the core ideas and relations of the sensor ontologies to define the sensor knowledge.
- b) Human and Ecological Health Risks Ontology (HERO) Based on SSNO
The HERO comprises of Sensor, Observation, and Spectacle ontology mechanisms. The Observation can be labeled with the Health Risk constituent. The measured Spectacle objects might be any normal element or incident.
c) Human and Ecological Health Risk Management System (Heems)
On top of SWMF homogenous borders and HERO virtual universal elements, HaEHMS entails below main subsystems:
(1) Environmental Sensing Subsystem
Keeping keen eye and monitoring of subsystems supplying in the least sensed observations and their broadcast from local and nationwide backbone platforms.
(2) Environmental Information Databases
These databases are functional in information technology structure and shared ideals and procedures that are in a position of delivering historical data, biological observations and delayed patterns.
(3) Cloud Computing
Information provisioning systems are useful in capturing messages from the substantial world, interrelate with varied apparatus and observation circumstances, own high-speed dispensation abilities, and administrate huge data.
Algebra based policies integration
This policy integration system uses algebra to provide a description, inference and calculate the attribute-based policy in ac diverse environment in order to solve policy integration and conflict. The algebra-based policies integration was proposed by Bonnatti et al. its main concept consists of subject, object and action that is conducted on an authorization item. It uses operations like union, intersection and difference to provide a description of the various access control policy integration methods.
In the case there are two access policies x and y in two different domains x and y with the intersection, union and difference operations represented as ⊗, ⊕ and ⊥ respectively then the algebra formed is as follows with s,r and e representing the subjects;
Policy x (⊗) policy y=((s, r, e|s,r,e) € policy x and (s,r,e) € policy y)
Meaning if (s, r, e) satisfies both Policy x and Policy y, then access is granted otherwise denied.
Policy x intersection (⊕) policy y=((s, r, e|s,r,e) € policy x or (s,r,e) € policy y)
Meaning if (s, r, e) satisfies Policy x or Policy y, then the access is granted otherwise denied.
Policy x (⊥) policy y=((s, r, e|s,r,e) € policy x and (s,r,e) ~€ policy y)
Meaning if (s, r, e) satisfies Policy x but not Policy y, then the access is granted otherwise denied.
For example;
In case there are two cloud applications x and y with access policies where for policy x users that have a credit is higher than 0.7 and are identified as members are able to read the files whose security level are defined to be lower than 2. On the other hand, policy y dictates that users whose credit is higher than 0.8 and are members are able to read files that have s defined security level not greater than 3. The algebra policy intergration formulates the example as
Policy x=([<s1,s2>r,e]|s1>0.7, s2=member<=2,e=read)
Policy y=([<s1,s2>r,e]|s1>0.8, s2=member<=3,e=read)
Which equals;
Policy x(⊗) Policy y=([<s1,s2>r,e]|s1>0.8, s2=member<=2,e=read)
Solutions for identification and access authorization
The technologies that offer solution to identification and access authorization in the cloud computing system are mainly cross domain. The access control in this domain is made up of two main schemes, the attribute-based control and role-based access control. In the role-based authorization, method is static and supports fine grained control therefore making it unsuitable for application to the cloud storage system making the ABAC model a better choice in the cloud storage system.
The ABAC model defines three attributes in relation to access control. These include subject, resource and environment attributes. Subject defines an entity that has the ability to operate a resource i.e. a user or application. Each subject has an attribute to describe it including name, age etc. Resource on the other hand refers to the entity that is being operated by the subject and finally, environment describes the various environments that a subject is found when trying to access a resource i.e. technical, situational etc.
OAuth Cross-Domain Identification
This is a technology that was introduced as a solution to identification in the cloud storage system. It has the ability to share private data to users in other cloud without exposing users’ authentication information. Users can employ the use of their parties to access resources without providing their identities i.e. names and passwords to the application. The technology also allows application access in another domain. Some of the roles that are defined in this technology include
Resource server which accepts or denies requests from applications through analysis of request token and stores the protected resources.
The resource owner refers to the users who have the mandate to give authorization to either access or store resources.
The client who are the applications who store or access the protected resources on behalf of the owners.
The authorization server who issuer of access token to a client after making a verification on the permission.
server after authorizing the resource owner and verifying the permission. OAuth use an authorization layer to part client from resource owner. After the client getting the user’s authorization, it can obtain an access token instead of username and password from authorization server. The client can use access token to store or access the protected resources, which assign the information like range and time.
XACML Based Access Authorization
The extensible Access control markup language is a model that is used to curb the existing problem where most of the authorization models that are currently being used have failed in. that is, in ability to descript in cases of multiple access authorizations. This standard not only has a policy language model but a management and access property that is suitable for situations with multiple applications and domains for instance cloud technology.
Some of the components include;
Policy decision point which evaluates policy that is applicable and issues an authorization decision.
Policy enforcement point which ensures access control through making decision requests and ordering decision pertaining to authorization.
Policy information point which is a system entity that acts as the origin of attribute values.
Policy administration point which is responsible for the creation of the policy and the policy set.
Access control research in cloud storage system
Cloud computing is one of the technologies that is emerging in the technological world. The environment of cloud computing is a distributed system which is quite large. This poses the concern of the need for data preservation and ensure the privacy of users is maintained. The access control mechanisms are used to ensure restrictions in the data access in the sense that personnel are able to access the only the personnel are able to access the data in the cloud.
One of the simplest manners of ensuring access control problem in cloud storage is by a user having their own key which is used to encrypt and upload data to the servers. in this manner the user encrypts and decrypts their own data which they can finally transmit to other users in case of shared data. This mechanism has some downfalls and therefore most cloud users have resolved into using cryptology methods to implement cipher text. cipher mechanisms enable data encryption and authorized users to decrypt the data. The data owner encrypts the data before storage and ensures access control by controlling access to keys. Some of the technologies used in this access control mechanism which include hierarchical key generation and distribution policy enforcement-based attribute access control policy. Cipher text policy attribute-based encryption and attribute-based encryption algorithm.
Cipher-Policy ABE
In this type three parties are associated, the sender, receiver and the authority. The authority generates a public key and a main key, runs keygen algorithm to generate a secret key, he then distributes the secret key via secure channel to the cloud users. the sender runs an encryption algorithm to encrypt the message into a cipher text. Finally, the receiver decrypts the message using a decryption algorithm to get the message contents which is only possible if their attributes match the access policy. By using the CP-ABE algorithm, a suitable technology is achieved that can be used in cipher text access control in the storage system. This is because the owner if the data is bale to construct access policy to ensure access control in the network.
References
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Ramgovind, S., Eloff, M. M., & Smith, E. (2010, August). The management of security in cloud computing. In 2010 Information Security for South Africa (pp. 1-7). IEEE.
Salehi, M. A., & Buyya, R. (2010, May). Adapting market-oriented scheduling policies for cloud computing. In International Conference on Algorithms and Architectures for Parallel Processing (pp. 351-362). Springer, Berlin, Heidelberg.
Takabi, H., Joshi, J. B., & Ahn, G. J. (2010). Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 8(6), 24-31.
The post Attribute based encryption algorithm assignment appeared first on Terms Broker.
DO MY HOMEWORK NOW!Write my Essay. Premium essay writing services is the ideal place for homework help or essay writing service. if you are looking for affordable, high quality & non-plagiarized papers, click on the button below to place your order. Provide us with the instructions and one of our writers will deliver a unique, no plagiarism, and professional paper.
Get help with your toughest assignments and get them solved by a Reliable Custom Papers Writing Company. Save time, money and get quality papers. Buying an excellent plagiarism-free paper is a piece of cake!
All our papers are written from scratch. We can cover any assignment/essay in your field of study.
