HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING

INTRODUCTION
Cloud computing is a new computing paradigm that is built on virtualization, parallel and distributed computing, utility computing, and service-oriented architecture. We propose a hierarchical attributeset-based encryption (HASBE) scheme for access control in cloud computing. HASBE extends the cipher text-policy attribute- set-based encryption (CP-ASBE, or ASBE for short) scheme with a hierarchical structure of system users, so as to achieve scalable, flexible and finegrained access control.

SCOPE OF THE PROJECT

However, most of them suffer from hardness in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing. We propose hierarchical attribute-set-based encryption (HASBE) by extending cipher-text-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability, flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes. The main operations of HASBE: System Setup, Top-Level Domain Authority Grant, New Domain Authority/User Grant, New File Creation, User Revocation, File Access, and File Deletion.

MODULES NAME
Authentication Trusted Authority Domain Authority Data Owner Data Consumer Cloud Service Provider

MODULE DESCRIPTION Authentication:

If you are the new user going to access the make request or process request then they have to register first by providing necessary details. After successful completion of sign up process, the user has to login into the application by providing username and exact password. The user has to provide exact username and password which was provided at the time of registration, if login success means it will take up to main page else it will remain in the login page itself.

Trusted Authority:
Trusted Authority is Main part of this project. It is create one decryption key for the relevant encryption key. After the decryption key provided the domain authority. Domain authority, Data owner, Data consumer and Cloud service provider are controlled in Trusted Authority.

Domain Authority:
Domain Authority is sub head for the trusted authority. Domain authority performs the administrator operation. Data owner will not store the data without domain authority permission and Data consumer will not get the data without Domain authority permission. So the domain authority provides the permission to the Data owner and Data consumer.

Data Owner:
Data Owner is store the data in cloud service provider for secure purpose. Before Data owner get the permission from the domain authority for store the data. After get the permission Data owner first encrypt the file or data and store the data in cloud storage or cloud service provider.

Data Consumer:
First Data Consumer gets the permission from the domain authority for data. Data consumer pays some amount of money to the domain authority and gets the decryption key. Finally Data Consumer retrieves the data from cloud service provider and decrypts the data using the decryption key.

Cloud Service Provider:

Cloud Service Provider is another name for cloud storage. Cloud storage is providing the security for data. Only authorized user (get permission from the domain authority) allows encrypting and storing the data. Authorized user allows retrieving the data and decrypting the data.

Authentication:

No

Login

Check Status

Yes
Next Page

Database

Trusted Authority:

Data Owner

Trusted Authority

Domain Authority

Cloud Storage

Data Consumer

Domain Authority:

Data Owner Domain Authority

Cloud Service Provider

Data Consumer

Data Owner:

Domain Authority

Get Permission

Data Owner

Encrypted Data

Cloud Storage

Data Consumer:

Data Owner

Pay Money

Domain Authority

Get Decryption Key

Cloud Storage

Get & Decrypted Data

Cloud Service Provider:

Data Owner

Encrypt & Store Data

Data Consumer

Cloud Storage

Retrieve &Decrypt Data

COMPONENT DIAGRAM:
The component diagram's main purpose is to show the structural relationships between the components of a system. A component represented implementation items, such as files and executables. Unfortunately, this conflicted with the more common use of the term component," which refers to things such as COM components. Over time and across successive releases of UML, the original UML meaning of components was mostly lost. UML 2 officially changes the essential meaning of the component concept; in UML 2, components are considered autonomous, encapsulated units within a system or subsystem that provide one or more interfaces.

Data Owner

Trusted Authority

Domain Authority

Cloud Storage

Data Consumer

In this component diagram, trusted authority is the head for this project. Domain authority is the subhead for this project. It performs the administrator operation. Data Owner first get the permission from the domain authority and encrypt the data and store the data in cloud storage. At a time trusted authority create one decryption key to relevant data and provide the decryption key to the domain authority. Data Consumer pay some amount of money to the domain authority and get the decryption key. Finally get and decrypt the data from cloud storage.

E-R DIAGRAM:
In software engineering, an entity-relationship model (ERM) is an abstract and conceptual representation of data. Entity-relationship modeling is a database modeling method, used to produce a type of conceptual schema or semantic data model of a system, often a relational database, and its requirements in a topdown fashion. Diagrams created by this process are called entityrelationship diagrams, ER diagrams, or ERDs. An entity-relationship (ER) diagram is a specialized graphic that illustrates the relationships between entities in a database. ER diagrams often use symbols to represent three different types of information. Boxes are commonly used to represent entities. Diamonds are normally used to represent relationships and ovals are used to represent attributes.

Data Owner Name Password Get Per mis sion

Data Encr ypt

Trusted Authority

Domain Authority

Cloud storage

Decrypt Key

Decrypt Key

Pay Mon ey Store Data Data consumer Retrieve & Decrypt Data Get Decrypt Key

In this entity relationship (ER), trusted authority is the head for this project. Domain authority is the subhead for this project. It performs the administrator operation. Data Owner first get the permission from the domain authority and encrypt the data and store the data in cloud storage. At a time trusted authority create one decryption key to relevant data and provide the decryption key to the domain authority. Data Consumer pay some amount of money to the domain authority and get the decryption key. Finally get and decrypt the data from cloud storage.

Future Enhancement Module Diagram & Description File Auditing

The Data Owner first checks the file in cloud storage or cloud service provider. The file is available or not. If the file is not available means the data owner encrypt the file and store the file in cloud storage. File available means Auditing process success.

No

Data Owner

If check File

Yes
Auditing Success

Cloud Storage

GIVEN INPUT EXPECTED OUTPUT File Auditing

Input: Check the file available or not. Output: Available means auditing success and not available means encrypt & store the file in cloud storage.

ADVANTAGES
Recall that our system model consists of a trusted authority, multiple domain authorities, and numerous users corresponding to data owners and data consumers. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key. conducted comprehensive performance analysis and evaluation, which showed its efficiency

APPLICATION Website
In Gmail, The user provides correct username and password means go to the next page. It is provide the secure for data. Only authorized person allow accessing the data. The authorized person receives the data from other and sends data to the other. In Amazon website, the authorized person allows to view data and store some of the data and retrieve the data from this website. Unauthorized person not allow to accessing the data and Viewing the data and storing the data.

CONCLUSION
We achieve this goal by exploiting and individually combining techniques of attribute-based Encryption (ABE), proxy reencryption, and lazy re-encryption. Our proposed scheme also has most important properties of user access privilege condentiality and user secret key accountability. Extensive analysis shows that our proposed schemes is highly efficient and provably secure under existing security models.