An Improved Integrated Hash and Attributed based Encryption Model on High Dimensional Data in Cloud Environment

ABSTRACT


INTRODUCTION
Cloud refers to storing and accessing the user's private or public data in a remote server space instead of storing it in the local database of their personal computer. Cloud computing is a distributed architecture that provides on-demand, convenient network access to store high dimensional data with configuranle computing resources such as servers, storage and applications. Cloud servers share their computing resources as a service in a distributed manner to the connected clients by means of network connection. These shared resources are offered on demand or customers pay for their usage level [1].
Information security in distributed cloud computing deals with data protection using different encryption and decryption models. Data security involves securing data from being destroyed, lost or modified or corrupted. So, availability and correctness of cloud data must be assured using various encryption and decryption models. Also, data encryption with integrity verification mechanism are familiar models to solve security issue [2]. Various security frameworks with protecting data both from cloud side and client side are implemented in the literature for data security. But computational requirements and processing speed play a vital role in deployment of these cloud security models in cloud computing environment. Encryption-based access control has several advantages over classical cloud access control. In a classical setup, as depicted in Figure 1, data is stored unencrypted on the server and the user needs to authenticate each time she wants to retrieve data from the server. The server is required to authorize the user's request before it sends the plaintext data to the user. Letting the server authorize the user's requests allows for exible and fine-grained access control. However, the server needs to be trusted and well-protected. Instead of storing the data in plaintext format on the server, one could encrypt the data and store this on the server. This has the advantage that the server is not burdened with the authorization and authentication of users. Moreover, the data can be stored on many|even untrusted|servers, as it is encrypted anyway [3].

ABE Basic Steps
Setup This algorithm is run before all other algorithms and determines the public parameters (PK) and a master key (MK) for the KGA. The PK determines the set of all possible attributes and all user keys will be derived from the MK [1].
Key Generation: The KGA can create new decryption keys for users using its MK. A user's private key (SK) is derived from the MK by randomizing the MK in such a way that the user cannot convert the SK back to the MK. To decide which construction is preferred, we need to estimate how many attributes will be used by a key generation authority (KGA). If each KGA uses a small set of attributes, the small universe seems more desirable, as it is in general less computationally intensive. The ciphertext consists of multiple parts. One of these parts is a randomly chosen secret number operating on the plaintext. The other parts are needed to reconstruct this secret number. Using a secret sharing scheme that splits the secret number into various parts, the access structure is enforced by using these in parts of the ciphertext [4]. To prevent user collusion, each SK is randomized by a unique, user-speci_c number, or, the key is bound to a fixed global identifier (GID) of the user.
Access structures are used to define which users have access to which resources. In the case of attribute-based authentication, attributes determine the authorization level of the user. An access structure can be regarded as a collection of sets of attributes. Each single set describes which attributes are needed to be granted access. As long as the user's attributes satisfy at least one set in the collection, the user is granted access. There are two kinds of access structures: monotonic and non-monotonic. Monotonic access structures ensure that whenever a user would be granted access based on a subset of his attributes, he will be granted access based on all his attributes. This means that no negations of attributes are possible. Nonmonotonic access structures do allow such negation of attributes. Here, the possession of an extra attribute may deny you access. Fuzzy Identity based encryption scheme in which a descriptive attributes set are considered as identity for encryption and decryption process. For the privacy or secret key AS k corresponds to the attribute set S. We can decrypt the data using ' AS k corresponds to the attribute set ' s and satisfies the condition where d is the minimum number of attributes.

LITERATURE SURVEY
Integrity and authentication of data in cloud environment are essential issues to ensure that data confidentiality and privacy preserving to the customer's data or queries. Problem of dealing with user's queries and encrypted data over cloud environment were discussed widely in research literature [2][3][4][5] try to memory integrity checking to address integrity issues by applying Hash tree over memory content. An integrity verification approach [7] in hybrid clouds is applied to support the data migration and scalability service is implemented on limited data. Table 1  CP-ABE [9] Attributes, Policies, Key Generators As the number of attributes size or storage space increases, computational time also increases. 4 KP-ABE [10] Key policies, Attributes, Key generation Fail to construct the access policy patterns for multiple cloud storage services.
Require a number of exponential generators for private key computation which is a significant computation ovehead.Also it requires Random oracle model which is less secure than other standard models. Both the cipher texts and private keys are labeled with an policy set and attribute set , the decryption will succeed only if there exist at least k common attributes between the cipher text and a private key.
The traditional models ensure data security by using encryption is not optimal in the cloud virtual machines of cloud providers. Although the trusted third party authorities are aware of the malicious insider, they assume that they have limited solutions to overcome these issues. A secured, cost-effective multi-cloud storage method is implemented in cloud environment which controls an economical distribution of information among the available cloud instances to provide the customers with secure storage and data availability. A high performance cloud computing service is implemented that integrates the parallel processing framework and checkpoint infrastructure such as Message passing interface for virtual machines.
In the cloud server attacks, the length of the overlapping runtime of the cloud instances and malicious virtual machines is important to find the network bandwidth. Since limiting the overlapping execution times may degrade the network performance and increase the error rate. Jung et. al. [8] proposed a model that encrypts cloud data with user's attributes and send it to the remote cloud server for long term access. The cloud providers not only generate access rights to users, but also compute a secret key using attributes and policies. In this case, KDC is not required. The major issue with this approach is that users can get different keys from different owners for the same attribute, which increases the total number of secret keys to the users along with storage and communication overhead.

PROPOSED METHOD
In this proposed model, each cloud uploads high dimentional documents as input to our encoded process as shown in Figure 2. In this framework, user's each document is hashed using the proposed cloud hardware based hash algorithm. Computed hash value along with the user's document data are encrypted using the proposed ABE encryption model. Our proposed encryption model initializes cloud server parameters for key generation, encryption and decryption process. Encrypted hash and user's data are uploaded to the cloud storage with integrity value in encoded format. Similarly, each user decrypts the encoded hash and data from the cloud storage using the decoding process as shown in Figure 3. In the decoding process, each user's encoded data from the cloud is decrypted using the proposed ABE decryption model. Integrity verification of the decrypted plain text is checked against the decrypted hash value for data modification verification. If the data is not modified then it is accessed to the user's system through the internet. Figure 4. Shows the overview of the multi-data partition using available cloud servers. In this process, cloud user's multiple documents are partitioned and assigned to the nearest cloud servers using the data block size.   In this phase, transformed sub-partition data is taken as source data. User access policy data is represented as state matrix. For each dynamic user access policy, random dynamic S-Box is generated to each authorized cloud user.

Phase 3
In this phase, input data are shifted from left to right in column wise using authorized cloud user parameters. Depends on the user access in the policy structure, three parameters are calculated. These three parameters are used to transform columns left to right and then similarly shift row wise in the reverse order.

Procedure:
Step 1: Construct 1024 bits state matrix using Total User Access Policies.
Step 2: Select 1024 bits randomly from 1024 bits using pattern / permutation matrix.
Step 3: Select 1024 bits is assigned to each round function of hash algorithm.

Key Generation
Key Generation algorithm will take set of attributes, Policy pattern hash values as input and returns Secret key as output. Each user is associated with secret key and it will be generated using three pattern keys as Secret key = {Tp, Hash (pat1), Hash (pat2), Hash (pat3), 1,i 1, j 1,k ,, K K K };

Encryption Process
Encryption algorithm encrypts the message using policy pattern structures. Algorithm uses three patterns with homomorphic encryption and decryption process. Additive and Multiplicative homomorphism takes two inputs and generate secure encrypted values as output. Homomorphic encryption and decryption uses 0  From the Table 2, it is clear that proposed parallel ABE based encryption and decryption model has less computational time compared to traditional models in cloud environment. From the Figure 5, it is clear that proposed parallel multi-doc hash model has less computational time compared to traditional models in cloud environment. From the figure 6, it is clear that proposed parallel ABE based encryption and decryption model has less computational time compared to traditional models in cloud environment. From the Table 3, it is clear that proposed parallel hash based ABE encryption and decryption model has less cloud storage computation compared to traditional models ABE on cloud environment. From the Figure 7, it is clear that proposed parallel hash based ABE encryption and decryption model has less cloud storage computation compared to traditional models ABE on cloud environment.

CONCLUSION
Cloud data outsourcing through un-authorized clients and distributed systems are exponentially increasing cloud hardware and software resources. Cloud environment provides on demand resource allocation from a shared pool of hardware and software resources. With more and more cloud based applications are being available and stored on various cloud servers, a novel multi-user based privacy protection mechanism need to design and develop to improve the privacy protection on high dimensional data. In this paper, a novel integrity algorithm with attribute based encryption model was implemented to ensure confidentiality for high dimensional data security on cloud storage.The main objective of this model is to store, transmit and retrieve the high dimensional cloud data with low computational time and high security.Experimental results show that the proposed model has high data scalability, less computational time and low memory usage compared to traditional cloud based privacy protection models.