Biometric Based Privacy Preserving Public Auditing for Integrity Assurance with well-organized Searching in outsourced cloud data
issue 1

Biometric Based Privacy Preserving Public Auditing for Integrity Assurance with well-organized Searching in outsourced cloud data

Sarita M. Motghare

Research Scholar Deptt, of Computer Science
Medicaps University, Indore

saritamotghare@gmail.com

Dr. Mrs. S. P. Khandait

HOD and Prof., Deptt. Of Information Technology

KDK College of Engineering, Nagpur

spkhandait@gmail.com

Pror. Rroshan.  R. Kolte

Asst. Prof,Deptt. Of Information Technology

KDK College of Engineering, Nagpur

Kolte.roshan@gmail.com

Prof. Y. D. Choudhari

Asst. Prof, Deptt. Of Information Technology

KDK College of Engineering, Nagpur

Yogeshri.c@gmail.com

Prof. P.R.Kakde

Asst. Prof, Deptt. Of Information Technology

KDK College of Engineering, Nagpur

Priti.lucky4@gmail.com

ABSTRACT-

Wireless Sensor Networks Cloud computing is broadly grasped by numerous associations and people in view of its different amaze focal points. Different aspects like colossal size data storage, bulky calculations, low-cost benefit and adaptable approaches to fetch the data are considered. The fundamental idea of cloud computing is virtualization. In cloud computing, virtualization intends to make a virtual variety of a gadget or software or hardware asset. For example, a server, or a storage device, organizer or an operating system, where the structure partitions the asset. Cloud computing is dominating the administration of cloud storage, It enables data owners to store their data from their nearby computing system to the cloud. Numerous clients can store their data on the cloud storage. But, data manipulation and administration additionally presents security risks and productivity issues.

One of the primary concerns is the accuracy and integrity of the data. Once the data is transferred, the data owner would be concerned that data maybe lost in the cloud. In this manner, validating the integrity of information has emerged as an essential issue in storing data on untrusted cloud servers. It arises in peer- to-peer storage systems, network file systems, long-run archives, web-service object stores, and data storage systems. Such systems forestall storage servers from misrepresenting or modifying knowledge by providing authenticity checks once accessing knowledge.

Keywords– Cloud Computing, Integrity in Cloud, Biometric based Security in Cloud,Multicloud Security and Integrity.

 INTRODUCTION

Biometric identification has turned out to be progressively in recent times. With the advancement of cloud computing, data owners are persuaded to redistribute the expansive size of biometric data. Identification errands to the cloud to dispose of the costly storage and calculation costs, which, nevertheless, conveys potential dangers to clients’ privacy.

In this study presented by Liehuang Zhu et al. the author proposes a productive and privacy-saving biometric identification-redistributing plan [1]. In particular, use of biometric to execute a biometric identification. The database owner encodes the data and submits it to the cloud. The cloud performs identification tasks over the database and returns the outcome to the database owner. Here author accept that the biometric data has been handled to such an extent that its portrayal can be utilized to execute biometric coordinate. Without loss of simplification, the system target fingerprints and utilize Finger Codes to speak to the fingerprints. To assess the proficiency and security prerequisites, the author actualizes another encryption calculation and cloud authentication confirmation. The evaluation result and examination indicate it can oppose the potential assaults.

Privacy Preserving Schemes                

We  propose a productive and privacy-saving biometric identification-redistributing plan based on the work done by Liehuang Zhu et al [1]. In particular, use of biometric to execute a biometric identification. The database owner encodes the data and submits it to the cloud. The cloud performs identification tasks over the database and returns the outcome to the database owner. Here author accept that the biometric data has been handled to such an extent that its portrayal can be utilized to execute biometric coordinate. Without loss of simplification, the system target fingerprints and utilize FingerCodes to speak to the fingerprints.

Figure 1 System Model for Biometric Identification

Scheme in Cloud Computing [1] To assess the proficiency and security prerequisites, the author actualizes another encryption calculation and cloud authentication confirmation. The evaluation result and examination indicate it can oppose the potential assaults

Figure 2 System architecture for Private Key Generator System [6]

Identity-Based Encryption (IBE), which rearranges the public key and endorsement administration at Public Key Infrastructure (PKI), is a critical option in contrast to public key encryption. In any case, one of the primary productivity downsides of IBE is the overhead calculation at Private Key Generator (PKG) amid client disavowal.

Figure 3 System Model for Attribute based Data Sharing System [3]

The system by Jin Li et al. going for handling the basic issue of identity denial, the author brings re-appropriating calculation into IBE and presents a revocable IBE conspire in the server-supported setting [6]. This plan offloads the vast majority of the key age related activities amid key-issuing and key-refresh procedures to a Key Update Cloud Service Provider, leaving just a consistent number of basic tasks for PKG and clients to perform locally. To accomplished this objective use of a novel plot safe procedure is utilized i.e. utilizing a mixture private key for every client, in which an AND door is included to associate and bound the identity part and the time segment. According to the evaluation results, the system accomplishes consistent effectiveness for both calculation at PKG and private key size at the client. Additionally, User needs not to contact with PKG amid the key refresh, as it were, PKG is permitted to be disconnected in the wake of sending the disavowal rundown to KU-CSP. In addition, finally, no protected channel or client authentication is required amid key-refresh between client and KU-CSP.

The paper presented by Yuzhe Tang et al. addresses the understudied issue for the PPI methods i.e how to give separated privacy protection within the sight of multi-keyword report look [16]. The separation is vital as terms and expressions bear natural contrasts in their semantic implications. In this paper, we present e-MPPI, the principal work to furnish the conveyed report look with quantitatively separated privacy safeguarding. In the plan of e-MPPI, we recognized a suite of difficult issues and proposed novel arrangements. For one, we figured quantitative privacy calculation as an enhancement issue that strikes a harmony between privacy safeguarding and seeks productivity. We likewise tended to the testing issue of secure e-MPPI development in the multi-space data organize which needs common trusts between areas. Towards a safe e-MPPI development with satisfactory execution, we proposed to upgrade the execution of secure multi-party calculations by making a novel utilization of mystery sharing. We executed the e-MPPI development convention with a working model.

Figure 3.4 Efficiency of a search with respect to time.

The study shows that the efficiency of the search gets affected with the data encrypted. We propose to improve the efficiency of the searching with encrypted dynamic search method. Figure 2.4 shows the expected searching efficiency of the system. some features are as follows,

  • Collusion-Resistance.Malicious users colluding with CSP should not succeed in decrypting the cipher-text by combining their attributes if each of them cannot decrypt the cipher-text alone.

Also, the performance-related issue should be taken into consideration.

  • Online/Offline Encryption.The scheme allows a resource-constrained mobile user to quickly transform a message into an ABE ciphertext. Specifically, a lot of preparation workcan be performed by other entities and the mobile user while accessing a powersupply.
  • Public Ciphertext Test. Anyone can verify whether a ciphertext is legitimate without requiring secret keys. Invalid ciphertexts are thrown away without performing the decryption phase.

Based on the proposed system architecture, we define the attribute-based data sharing system suitable for resource-constrained users in cloud computing. The system involves five phases as below.

  • Initialization. AA generates system public parameters and master keys for the system. All users can obtain the system public parameters, where immediate ciphertexts are calculated by AA and used in the subsequent online data creation phase by MO.
  • User Registration. A user can join the attribute-based data sharing system by committing an access structure to AA, who issues a secret key to the user based on the access structure.
  • Offline Data Creation. MO generates offline ciphertexts, which are used inthe subsequent online data creation phase by MO.
  • Online Data Creation. MO encrypts a file based on an attribute set and outsources the final ciphertext to CSP forsharing.
  • Data Access. DU downloads a ciphertext from CSP. If the ciphertext is legitimate, then MU decrypts it based on his/her secretkeys.

4.1 Proposed System

This system consist three different entities: cloud server, data owner and data user. Data Owner has a list of files to be encrypted and stored over the cloud. User is allowed to search over this encrypted information. In this system, owner of data first generates the secure searchable index tree and after that creates encrypted file. This index tree and encrypted files are stored over the cloud server. Data owner has responsibility of key distribution to the authorized users that is needed for file decryption. On the basis of query request for specific document from user, cloud server executes searching over the index tree and the list of encrypted top k ranked outcomes is given to user. At the end, user can decrypt the obtained files through utilizing secret key provided by owner of data.

Figure 4  System Architecture

Figure 4 shows the detailed architecture of the system. Cloud server allows users to store their encrypted blocks of files and respected hash. For this encryption of file blocks, there is a distributed KDC. System uses distributed KDC, because if one KDC is busy another will be used. Because of this, the load on KDC is distributed and performance in improved. By using key, user can encrypt the blocks of file. Before storing the block files on cloud storage, user generates the hash of block files and stores it on server.

User can request to TPA for file block integrity checking, store at cloud server. TPA stores the hash of blocks. It requests hash of particular file requests by user for integrity checking. It compares the received hash of file block with hash store in its database. If the hash is matches, it sends the message to user, which indicates that the files store on server is not corrupted. If the file is corrupted, TPA requesting proxy to correct it. Proxy having regeneration code. By using this regeneration code, proxy recovers the files corrupted on server. And then TPA again verifies that, whether that file is recover or not. Finally TPA notifies the user that the file is recovered. Figure 4.2 and 4.3 shows the flow of the proposed system.

User registration is doing using Biometric, Here Attribute Based system is use for registration. This Biometric Registration is use for verification then checking for credentials then we allowed for Browsing file or for searching keywords.

The system flowchart-1 and flowchart-2 in Figures 5 and 6 respectively, show the detail flow of our proposed system. Initially user register themselves with their biometric identity in to the system. According to their attribute policy structure (ABE) they are registered in system as data user and data owner.  . At Login time the ABE credentials are check based on these both user and owner have different access to the system.

  • Login user as data Owner: If login user is data owner then he performs various operations on file such as get encryption keys, browse file, encrypt file, upload files at cloud server, etc. Initially data owner browse set of file and then he performs pre-processing operation to remove unnecessary text from file such as removal of stop words. After preprocessing the data owner gets dictionary keyword by using these important dictionary keyword he generate index tree and then he performs erasure code on files for data backup. At the end he encrypts all files including index tree and uploads at cloud server. Before uploading the file he generates metadata which includes encrypted file hash, file name, etc. and these metadata is send to TPA.

Login user as data User: If login user is data user then he performs various operation such as search over encrypted data, TPA verification, downloading of files, decryption of file, etc. Initially data user get decryption keys by verifying its ABE and biometric credentials then he search keyword by generating trapdoor, depending on search keywords the list of file is retrieve from cloud server at that time data user can perform TPA verification on file to check the integrity of file. If file is correct then data user can download the file and decrypt it using decryption key to get original file. And if file is corrupt or modified then TPA send request on behalf of user to cloud server for erasure codes to get original file. Then file is regenerated. The system flowchart-1 and flowchart-2 in Figures 3 and 4 respectively shows the detail flow of our proposed system. Initially user register themselves with their biometric identity in to the system. According to their attribute policy structure (ABE) they are registered in system as data user and data owner.  At Login time the ABE credentials are check based on these both user and owner have different access to the system.

  • Login user as data Owner: If login user is data owner then he performs various operations on file such as get encryption keys, browse file, encrypt file, upload files at cloud server, etc. Initially data owner browse set of file and then he performs pre-processing operation to remove unnecessary text from file such as removal of stop words. After preprocessing the data owner gets dictionary keyword by using these important dictionary keyword he generate index tree and then he performs erasure code on files for data backup. At the end he encrypts all files including index tree and uploads at cloud server. Before uploading the file he generates metadata which includes encrypted file hash, file name, etc. and these metadata is send to TPA.
  • Login user as data User: If login user is data user then he performs various operation such as search over encrypted data, TPA verification, downloading of files, decryption of file, etc. Initially data user get decryption keys by verifying its ABE and biometric credentials then he search keyword by generating trapdoor, depending on search keywords the list of file is retrieve from cloud server at that time data user can perform TPA verification on file to check the integrity of file.
Figure 5 System Flowchart-1
Figure 6 System Flowchart-2

4.2 Implementation Methodology

4.2.1 Elliptical Curve Cryptography

Elliptical curve cryptography by Mauro Barni et al. and by Yan Huang et al. uses a public key encryption technique which is based on the theory of elliptical curves [3][4]. This encryption technique uses the properties of elliptic curve in order to generate keys instead of using the traditional methodology of generation of keys using the product of two very large prime numbers. Initially the elliptic curves for cryptography were used in H.W. Lenstra’s elliptical curve factoring algorithm. Inspired by this unpredictable use of elliptic curves, the elliptical curve cryptography was proposed by N.Kobiltz and V.Miller independently in 1985. The most important advantage of elliptical curve cryptography is the use of smaller keys providing the same level of security. ECC can provide the same security with 164-bit key that other systems provide with 1024- bit key. It is mostly useful for mobile applications as it has the capability to provide high level security with low computing power and battery resource. ECC is a public key cryptosystem which is used to generate the public key and the private key in order to encrypt and decrypt the data. It is based on the mathematical complexity of solving the elliptic curve discrete logarithm problem which deals with the problem of calculating the number of steps or hops it takes to move from one point to another point on the elliptic curve.

Elliptic curves are the binary curves and are symmetrical over x- axis. These are defined by the function: 

Where x and y are the standard variables that define the function while as a and b are the constant coefficients that define the curve .As the values of a and b change, elliptical curve also alters. For elliptical curves, the discriminant is non-zero. The operations used on elliptical curves in cryptography are point addition, point multiplication and point doubling. The important characteristic of elliptic curve is the finite field concept. This means that there is a way to limit the values on the curve. This “max” value established on the x-axis is represented by “p”. It is also called “modulo value” for any ECC cryptosystem. This point depicts the finite length upon which the operations can be performed on the curve. In ECC, the modular value depicts the key size for the system. Thus the parameters that fully define the ECC cryptosystem are:

P: – Specification of the finite field

a, b :- Coefficients for defining curve

G: – Generator point on the curve where the operation starts

n: – Order of G

h: – Division of the total points on the curve and he order of G.

Steps Involved In Proposed System:-

Here we are generating algorithm using ECC algorithm .ECC is a public key cryptosystem. Here every user possesses two keys: public key and private key. Public key is used for encryption and signature verification while as private key is used for decryption and signature generation.

Key Generation

It is the most important step in which an algorithm is used to generate both public and private keys. Sender encrypts the message data with the help of receiver’s public key and receiver decrypts the data using its private key.

Step 1. The sender selects a random number dA between the range [1, n-1].This is the private key of the sender.

Step 2. Then the sender generates the public key using the formula PA = dA*G

Step 3. Similarly receiver selects a private key dB and generates its public key PB =dB*G.

Step 4. The sender generates the security key “K= dA*PB” and the receiver also generates the security key

“K= dB*PA”

Signature Generation

To sign a message m by the sender, it performs the following steps:-

Step 1. It calculates a cryptographic hash function

Step 2. The sender then selects a random integer k from [1,n-1]

Step 3. The it computes a pair (r,s)

Step 4. r= x1 (mod n) where (x1, y1) =k*G

Step 5. s= k-1(e+ dA*r)

Step 6. This pair (r, s) defines the signature

Step 7. This signature is sent to the receiver.

Encryption Algorithm

Suppose sender wants to send a message m to the receiver

Step 1. Let m has any point M on the elliptic curve

Step 2. The sender selects a random number k from [1,n-1]

Step 3. The cipher texts generated will be the pair of points (B1,B2) where

B1= k*G

B2= M + (k*G)

Decryption Algorithm

To decrypt the cipher text, following steps are performed:-

Step 1. The receiver computes the product of B1 and its private key

Step 2. Then the receiver subtracts this product from the second point B2

M = B2- (dB * B1)

M is the original data sent by the sender

Signature Verification

To authenticate the sender’s signature, the receiver must have the knowledge about sender’s public key PA

Step 1. For authentication the receiver needs to verify the pair (r,s) are in the range of [1,n-1]

Step 2. The receiver again then calculates the hash function e as in signature generation

Step 3. Then the receiver calculates w =s-1 mod(n)

Step 4. Then calculate u1= e*w (mod n) and u2 = r*w (mod n)

Step 5. Calculate (x1,y1)= u1*G + u2*PA

Step 6. If x1 = r (mod n), then the signature is valid.

Conclusion and Future Scope

In this Research we wish to study different systems for providing a reliable and scalable  cloud storage. But every system has few issues which need to be addressed. We find that no one system has the capacity to address all the aspects of the cloud storage. There isn’t a single system which addresses an issue related to the security and integrity of the cloud data and Privacy of the user data and user profile, while maintaining the efficiency of the data searching.

In this research we propose a completely reliable system which not only addresses the issue of data security and user privacy with efficient data access, but also for maintaining the integrity. We propose a public auditing scheme based on semi-trusted third-party auditor(TPA). This TPA is accompanied with a regenerating code based proxy server which can reconstruct the original data on the basis of hash values of the original data. For maintaining the security of the user data we encrypt the data and generate the encrypted index tree before uploading the data on to cloud. When the user will try to access the data the multi keyword search query will search the data through this encrypted tree using trapdoors. This mechanism will help in assuring the privacy of the data during searching while maintaining the efficiency of the search. User Privacy is also addressed as we are using unique identity for generating key for encryption. In this case we are using biometric of the user as identity attribute. After the extensive study we confident that the proposed system will be reliable and efficient which will address all the aspects of user-cloud interaction.

References.

  1. Sarita Motghare, Dr. C. S. Satsangi “Biometric based Privacy Preservation and Dynamic Searching Scheme in Cloud Storage “ Jour of Adv Research in Dynamical & Control Systems, Vol. 12, Issue-02, 2020
  2. Liehuang Zhu, Chuan Zhang, Chang Xu, Ximeng Liu, And Cheng Huang, “An Efficient and Privacy-Preserving Biometric Identification Scheme in Cloud Computing”, Volume 6, IEEE Access March 2018.
  3. XialiHei, Xiaojiang Du, “Biometric-based two-level secure access control for Implantable Medical Devices during emergencies”, in 2011 Proceedings IEEE INFOCOM.
  4. Mauro Barni, Tiziano Bianchi, Dario Catalano, Mario Di Raimondo, RuggeroDonidaLabati, PierluigiFailla, “Privacy-Preserving FingerCodes Authentication”, in Proceedings of the 12th ACM workshop on Multimedia and security, Pages 231-240 , September 2010.
  5. Yan Huang, LiorMalka, David Evans, Jonathan Katz, “Efficient Privacy-Preserving Biometric Identification”,18th Network and Distributed System Security Conference (NDSS 2011), 6-9 February 2011.
  6. Jin Li, Yinghui Zhang, Xiaofeng Chen, Yang Xiang, “Secure attribute-based data sharing for resource-limited users in cloud computing”, in computers & security, Volume 72,p 1–12, Elsevier 2017
  7. Jin Li, Jingwei Li, Xiaofeng Chen, ChunfuJia, and WenjingLou,”Identity-Based Encryption with Outsourced Revocation in Cloud Computing”, IEEE Transactions On Computers, Vol. 64, NO. 2, FEBRUARY 2015.
  8. Jin Li, Xiaofeng Chen, Mingqiang Li, Jingwei Li, Patrick P.C. Lee, and Wenjing Lou, “Secure Deduplication with Efficient and Reliable Convergent Key Management”,IEEE Transactions On Parallel And Distributed Systems, Vol. 25, NO. 6, JUNE 2014.
  9. Jin Li, Xinyi Huang, Jingwei Li, Xiaofeng Chen, and Yang Xiang, “Securely Outsourcing Attribute-Based Encryption with Checkability”, IEEE Transactions On Parallel And Distributed Systems, VOL. 25, NO. 8, AUGUST 2014.
  10. Yinghui Zhang , Xiaofeng Chen, Jin Li, Duncan S. Wong, Hui Li, Ilsun You, “Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing”,in computers & security, Elsevier 2016.
  11. John Bethencourt, Amit Sahai, Brent Waters, “Ciphertext-Policy Attribute-Based Encryption”, IEEE Symposium on Security and Privacy (SP ’07), IEEE 2007.
  12. Taek-Young Youn, Ku-Young Chang, Kyung Hyune Rhee, And Sang Uk Shin, “Efficient Client-Side Deduplication of Encrypted Data with Public Auditing in Cloud Storage”, IEEE Access 2018.
  13. Jian Liu, Kun Huang, Hong Rong, Huimei Wang and Ming Xian, “Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage”, IEEE Transactions On Information And Security, Vol. 1 No 2015.
  14. Boyang Wang, Baochun Li, Hui Li, “Panda: Public Auditing for Shared Datawith Efficient User Revocation in the Cloud”, IEEE Transactions On Services Computing, Vol. 8, No. 1, January/February 2015.
  15. Cong Wang, Qian Wang, KuiRen, Ning Cao, and Wenjing Lou, “Toward Secure and Dependable Storage Services in Cloud Computing”, IEEE Transactions On Services Computing, Vol. 5, No. 2, April-June 2012.
  16. Na Wang, Junsong Fu, Bharat K. Bhargava, Jiwen Zeng, “Efficient Retrieval over Documents Encrypted by Attributes in Cloud Computing”, IEEE Transactions on Information Forensics and Security, Vol13, Issue 10, Oct 2018.
  17. Yuzhe Tang, Ling Liu, “Privacy-Preserving Multi-Keyword Searching Information Networks”, IEEE Transactions on Knowledge and Data Engineering, VOL. 27, NO. 9, SEPTEMBER 2015.
  18. S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Financial Cryptography and Data Security. Springer, 2010, pp. 136- 149.
  19. D. Boneh, G. Di Crescenzo, R. Ostrovsky, and G. Persiano, “Public key encryption with keyword search,” in Advances in Cryptology- Eurocrypt 2004. Springer, 2004, pp. 506-522.
  20. D. Boneh, E. Kushilevitz, R. Ostrovsky, andW. E. Skeith III, “Public key encryption that allows pir queries,” in Advances in Cryptology-CRYPTO 2007. Springer, 2007, pp. 50-67.
  21. D. X. Song, D. Wagner, and A. Perrig, “Practical techniques for searches on encrypted data,” in Security and Privacy, 2000. S and P 2000. Proceedings. 2000 IEEE Symposium on. IEEE, 2000, pp. 44-55.
  22. Y.-C. Chang and M. Mitzenmacher, “Privacy preserving keyword searches on remote encrypted data,” in Proceedings of the Third international conference on Applied Cryptography and Network Security. Springer-Verlag, 2005, pp. 442-455.
  23. R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, “Searchable symmetric encryption: improved definitions and efficient constructions,” in Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006, pp. 79-88.

Related posts

Face Recognition Using Eigen Face

admin

Automatic Billing System for Water Management

admin

HOME SECURITY SYSTEM USING ARDUINO

admin

Leave a Comment