A Methodology for Assigning Access Control to Public Clouds

With the emergence of cloud computing technology and its ability to provide various services at affordable prices has become an important catalyst for many organizations to outsource their data to public cloud. The data owners might allow other users to gain access to their data. In this context, it is important to provide end to end data security to data. In this paper, our focus was on building an architecture that supports perfect communication between data owners, cloud servers and users. The users gain access to data as per the policies presented by the data owners. The data owners encrypt data and send it to cloud. The data owners also delegate access control policies to public cloud where re-encryption of data is taken place. Thus the users of the data can access data in perfectly secure environment. The experiments reveal that the proposed approach is very useful in securing outsourced data and still give access to various users based on the deleted access control policies to public cloud. ___________________________________________________________________________________________ I.INTRODUCTION Cloud computing is an emerging technology that paved way for potential commoditization of computing resources. This technology is on top of virtualization that makes the cloud offerings affordable. With the advent of mobile and hand held devices and innovations with underlying mobile technologies and the ubiquitous nature of mobiles, cloud computing expands to mobile devices as well. This led to mobile cloud computing where mobile devices are associated with cloud computing and leverage benefits of cloud. As people of all walks of life are using mobile devices, the mobility feature of the devices can have tremendous impact on usage of cloud computing. There is steady growth rate projected with respect to mobile cloud computing in future. As mobile devices are energy and Prince Kumar Piyush et al, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.12, December2014, pg. 126-132 © 2014, IJCSMC All Rights Reserved 127 resource constrained, they are vulnerable to various security threats. Unless these threats are addressed, mobile cloud computing cannot be adapted easily. This paper throws light into the mobile cloud computing, its architecture, issues involved and solutions. The insights obtained through review of important papers can help in making well informed decisions with respect to mobile cloud computing and its applications in the real world. Cloud computing is the technology that realizes the dream of commoditizing computing resources in similar fashion to electricity and water. In fact cloud computing enables users to access huge computing resources. This new model of computing helps people and organizations to access computing resources in pay as you use fashion. Thus the model avoids the need for capital investment. It has got service models like Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Its deployment models include private cloud, public cloud, community cloud and hybrid cloud. Mobile Cloud Computing (MCC) is the cloud computing where mobile devices are involved. In this paper our focus in on delegating access control to public cloud. Towards this end we built a prototype application that demonstrates the proof of concept. The delegated access control makes it a suitable model in public cloud where data owners can give access to their data to multiple users. The remainder of this paper is structured as follows. Section II reviews literature on prior works. Section III presents the proposed approach. Section IV presents the prototype application and various user activities. Section V presents experimental results while section VI concludes the paper. II.RELATED WORKS From the review of literature many insights were ascertained. The insights obtained from the review of literature [1]-[10] are as follows. Cryptography is one of the techniques that are widely used in the real world for securing applications. However, cryptography when applied to cloud data dynamics yield to performance issues. Policy based content dissemination [9] is another approach that came into existence in 2010. Later access control policies came into existence. In this paper also we tried access control which is deleted to public cloud. Delegated access control is also studied in [10]. Securing dissemination of XML documents was explored in [8]. While publishing data security of data using cryptography is the focus in [7]. Access control in cloud is also explored in [6] and similar kind of research was carried out in [5]. Broadcast encryption mechanism was explored in [4] where encryption is applied to broadcasting. Oblivious attribute certificates concept was used in [3] for securing data. In similar fashion attribute based security is provided in [2] in terms of group key management. Stateful anonymous credentials were explored in [1]. In this paper our focus in on delegating access control to public cloud. Towards this end we built a prototype application that demonstrates the proof of concept. The delegated access control makes it a suitable model in public cloud where data owners can give access to their data to multiple users. III.PROPOSED ACCESS CONTROL METHODOLOGY The proposed approach towards building a system that helps in delegating access control to public cloud is described in this section. Identity provider gives identity tokens to users. With these users register with owner using identity tokens. Users also register with cloud and get secrets from both cloud and owner. Using the secrets, users can perform download and decrypt operations. Prince Kumar Piyush et al, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.12, December2014, pg. 126-132 © 2014, IJCSMC All Rights Reserved 128 Figure 1 – Overview of the proposed methodology The data owner is able to decompose files and encrypt them before sending to cloud. The data owner also provides delegation policies to cloud that will help in making best access control policies. The cloud encrypts the content in order to enforce policies. IV.PROTOTYPE APPLICATION A prototype application is implemented in order to demonstrate the proof of concept. The application facilitates three kinds of users namely data owner, admin and user. They have specific functionalities as presented in Figure 2. Prince Kumar Piyush et al, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.12, December2014, pg. 126-132 © 2014, IJCSMC All Rights Reserved 129 Login