Bonfring International Journal of Software Engineering and Soft Computing, Vol. 8, No. 1, March 2018 26 Enhanced Adaptive Multimedia Data Forwarding for Privacy Preservation in Vehicular Ad-Hoc Networks Using Authentication Group Key R.K. Poongodi and T. Sivakumar Abstract--- The vehicular ad-hoc networks (VANETs) are expected to support the diverse infrastructure based commercial services, including internet access, real-time traffic concerns, video streaming and content distribution. It also enables a wide range of promising applications and services. It has brought new security challenges due to their mobile and infrastructure less nature. In particular, confidentiality and location privacy are regarded as the most critical security concerns for securing service-oriented vehicular networks. Forwarded messages in vehicular ad-hoc networks are primarily multimedia data, including structured data, plain text, sound, and video which require access control with efficient privacy preservation. In this project, Ciphertext-policy attribute-based encryption (CP-ABE) delegation scheme is proposed, which allows road side units (RSUs) to perform most of the computation for the purpose of improving the decryption efficiency of the vehicles. In addition to that, proposed a novel Sybil attack detection mechanism, Footprint, using the trajectories of vehicles for identification while still preserving their location privacy. More specifically, when a vehicle approaches a road-side unit (RSU), it actively demands an authorized message from the RSU as the proof of the appearance time at this RSU. A location-hidden authorized message generation scheme is designed for two objectives: first, RSU signatures on messages are signer ambiguous so that the RSU location information is concealed from the resulted authorized message; Second, two authorized messages signed by the same RSU within the same given period of time are recognizable so that they can be used for identification. If the RSU is found to be failure but not updated with Trusted Authority, the current RSU which reads the records from the vehicle, queries the Trusted Authority about all the nearest nodes of missed RSU (second hop) from current RSU, and calculate the two hop timings and suspect the vehicle if the messages are not matched. I. external servers for the distribution of resources. Some of the most challenging issues in such a scenario are the enforcement of authorization policies and the support of policy updates. Since a common approach for protecting the outsourced data consists in encrypting the data themselves, a promising approach for solving these issues is based on the combination of access control with cryptography. This idea is in itself not new, but the problem of applying it in an outsourced architecture introduces several challenges. In this paper, illustrating the basic principles on which architecture for combining access control and cryptography can be built. They then illustrate an approach for enforcing authorization policies and supporting dynamic authorizations, allowing policy changes and data updates at a limited cost in terms of bandwidth and computational power. Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. The study proposes an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. Architecture Diagram INTRODUCTION D ATA outsourcing is becoming today a successful solution that allows users and organizations to exploit R.K. Poongodi, M.Tech Student, Department of Information Technology, K.S.R College of Engineering, Tamil Nadu, India. E-mail: poobtechit@gmail.com T. Sivakumar, Assistant Prof, Department of Information Technology, K.S.R College of Engineering, Tamil Nadu, India. DOI:10.9756/BIJSESC.8385 Fig. 1.1: Attribute Architecture Diagram ISSN 2277-5099 | © 2018 Bonfring Bonfring International Journal of Software Engineering and Soft Computing, Vol. 8, No. 1, March 2018 II. LITERATURE SURVEY In the paper, “Persona: An Online Social Network with User-Defined Privacy” [3] the authors R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin described that, Online social networks (OSNs) have become a de fact oportal for Internet access for millions of users. These net-works help users share information with their friends. However, users entrust the social network provider with such personal information as sexual preferences, political and religious views, phone numbers, occupations, identities of friends, and photographs. Although sites over privacy controls that let users restrict how their data is viewed by other users, sites provide insufficient controls to restrict data sharing with corporate affiants or application developers. Not only are there few controls to limit information disclosure, acceptable use policies require both that users provide accurate information and that users grant the provider the right to sell that information to others. Facebook is a representative example of a social network provider. The Facebook\Statement of Rights and Responsibilities" [31] re-quires that users \not provide any false personal information on Facebook" and \keep [their] contact information accurate and up to date." Further, it states that users\grant [Face-book] a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP [Intellectual Property] content that [they] post on or in connection with Facebook." In the paper,” Fuzzy Identity-Based Encryption” [4] the authors were described about, Identity- Based Encryption [33] (I BE) allows for a sender to encrypt a message to an identity without access s to a public key certificate . T he ability to do public key encryption without certificates has many practical applications. For example, a user can send an encrypted mail to a recipient, without the requiring either the existence of a Public- Key Infrastructure or that the recipient b e on-line at the time of creation. One common feature of all previous Identity- Base d Encryption system s is that they view identities as a string of characters. In the paper,” Attribute-Based Encryption for FineGrained Access Control of Encrypted Data” [5], the authors V. Goyal, O. Pandey, A. Sahai, and B. Waters described that, There is a trend for sensitive user data to b e stored by third parties on the Internet. For example, personal email, data, and personal preferences are stored on web portal sites such as Go ogle and Yahoo. The attack correlation center, dshield.org, presents aggregated views of attacks on the Internet, but stores intrusion rep orts individually submitted by users. Given the variety, amount, and importance of information stored at these sites, there is cause for concern that personal data will b e compromised. III. the stored data. Group manager takes charge of system parameters generation, user registration, and user revocation. In the existing applications, the group manager usually is the leader of the group. Therefore, we assume that the group manager is fully trusted by the other parties. Group members (users) are a set of registered users that will store their own data into the cloud and share them with others. In this scheme, the group membership is dynamically changed, due to the new user registration and user revocation. The existing system includes an attribute-based access control scheme using CP-ABE with efficient attribute and user revocation capability for data outsourcing systems. The proposed scheme has following advantages with regard to the security and scalability compared to the previous revocable CP-ABE schemes. In existing system, first, enabling user access control enhances the backward/forward secrecy of outsourced data on any membership changes in attribute groups compared to the attribute revocation schemes. Second, the user access control can be done on each attribute level rather than on system level, so that more fine-grained user access control can be possible. • The data owner need to take full charge of maintaining all the membership lists for each attribute group to enable the direct user revocation. • Keys are assigned randomly and independently from each other. • All the data is maintained by single service provider. • The single data service manager is in charge of managing the attribute group keys per each attribute group. • All the nodes are treated equally and weak capable nodes also require huge computations. • All the mirror nodes store the file with same encryption mechanism. • Unauthorized data leakage still remains a problem due to the potential exposure of decryption keys. • Only single cloud provider environment is considered. The proposed system implements all the existing system concepts in which the Cipher text-Policy Attribute-Based Encryption with User Revocation is carried out. Like existing system, the proposed scheme also adapts a dual encryption approach to overcome the user access control problem in attribute-based encryption system. In addition, multiple service providers are included and data is distributed among them. User privileges may be varying for data maintained by different service providers. This requires different kind of encryption mechanisms in data maintained by different service providers and so computation overhead is reduced. • METHODOLOGY In this project existing system maintained by the cloud service providers, provides storage space for hosting data files in a pay-asyou-go manner. However, the cloud is untrusted since the cloud service providers are easily to become untrusted. Therefore, the cloud will try to learn the content of 27 • Any service provider may revocate users if unauthorized user tries to access the data above a given count. Data servicing is maintained by more than one service provider. ISSN 2277-5099 | © 2018 Bonfring Bonfring International Journal of Software Engineering and Soft Computing, Vol. 8, No. 1, March 2018 • • • • • • All data service manager take charge of managing the attribute group keys per each attribute group. Keys are assigned based on a condition and unique among all users. Partial data of files are taken from multiple mirror locations and send to selected client. Suitable for very large size files. Irrelevant size blocks of data are handled among the multiple cloud service providers based on their computational capabilities. Different trust level is set to different cloud providers and encryption or decryption is varied based on the clouds computational capability. IV. MULTIMEDIA CONTENT SHARING SYSTEM The data outsourcing scenario challenges the approaches of traditional access control architectures such as reference monitor, where a trusted server is in charge of defining and enforcing access control policies. This assumption no longer holds in modern data outsourcing systems, because users want to be able to share private contents with a group of people they selected and to define some access policy and enforce it on the contents. Thus, it is desirable to put the access policy decisions in the hands of the data owners. Recently proposed access control models, such as attribute-based access control, define access control policies based on different attributes of the requester, environment, for the data object. In addition, the current trend of storage outsourcing requires increased protection of data including access control methods that are cryptographically enforced. The concept of attribute-based encryption is a promising approach that fulfills these requirements. ABE features a mechanism that enables an access control over encrypted data using access policies and ascribed attributes among private keys and ciphertexts. Especially, ciphertext-policy ABE (CP-ABE) provides a scalable way of encrypting data such that the encryptor defines the attribute set that the decryptor needs to possess in order to decrypt the ciphertext. Thus, different users are allowed to decrypt different pieces of data per the security policy. This effectively eliminates the need to rely on the storage server for preventing unauthorized data access. However, the problem of applying the ABE to the data outsourcing architecture introduces several challenges with regard to the attribute and user revocation. The revocation issue is even more difficult especially in ABE systems, since each attribute is conceivably shared by multiple users (henceforth, it is referred to such a collection of users as an attribute group). This implies that revocation of any attribute or any single user in an attribute group would affect the other users in the group. It may result in bottleneck during rekeying procedure or security degradation in the system. This research attempts to solve these problems in attributebased data access control using CP-ABE for data outsourcing systems. Recently, several attribute revocable ABE schemes have been proposed. They realize revocation by revoking attribute itself using timed rekeying mechanism, which is implemented by setting expiration time on each attribute. A 28 coarse-grained revocation is called because the immediate rekeying on any member change could not be possible. In particular, Dekey remains secure even the adversary controls a limited number of key servers. They implement Dekey using the Ramp secret sharing scheme that enables the key management to adapt to different reliability and confidentiality levels. The evaluation demonstrates that Dekey incurs limited overhead in normal upload/download operations in realistic cloud environments. This thesis study makes new construction Dekey to provide efficient and reliable convergent key management through convergent key deduplication and secret sharing. Dekey supports both file-level and block-level deduplications. Security analysis is demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. Symmetric encryption uses a common secret key to encrypt and decrypt information. Since the key used for this experimental work are very weak, the existing system is less secure. User revocation management is not implemented. The key can be management only within the group members. Authentication Model A hashing function can be used to return a unique key for a block of data, based only on the contents of the data; if two people have the same data, the hashing function will return the same key. If this key is used as the index for storing the data block, then any attempt to store multiple copies of the same block will be detected immediately. In some circumstances, it may be necessary store additional metadata, or a reference count to keep track of the multiple “owners”, but it is not necessary to store multiple copies of the data itself. Encrypting data invalidates the de-duplication; two identical data blocks, encrypted with different keys, will yield different encrypted data blocks which can no longer be shared. Typical implementations involve complex schemes for storing and managing these keys as part of the block meta-data. This can be a reasonable approach when the de-duplication is part of a local file system. But there is considerable overhead in interrogating and maintaining this meta-data, which can be significant when the de-duplication and encryption is being performed remotely and this is necessary in this case to preserve the privacy of the data. Securing outsourced data for multi-user accesses can be achieved through encrypted file systems. De-duplication systems decrease storage consumption by identifying distinct chunks of data with identical content. They then store a single copy of the chunk along with metadata about how to reconstruct the original files from the chunks. The proposed methodology is used to provide a provably secure design of a cryptographic le system along with rigorous security definition. Cipher Text-Policy Attribute-based Encryption with User Revocation Step 1: The setup algorithm is executed which is a randomized algorithm that takes no input other than the implicit security parameter. It outputs the public key PK and a master key MK. ISSN 2277-5099 | © 2018 Bonfring Bonfring International Journal of Software Engineering and Soft Computing, Vol. 8, No. 1, March 2018 Step 2: The attribute key generation algorithm is executed which takes input the master key MK, a set of attributes Λ ⊆ L,, and a set of user indices U ⊆ u as parameters. It outputs a set of private attribute keys SK for each user in U that identifies with the attributes set. Step 3: The key encrypting key (KEK) generation algorithm is executed in this module, which takes a set of user indices U ⊆ u as input, and outputs KEKs for each user in U, which will be used to encrypt attribute group keys K λi for each Gi ∈ G. Step 4: An encryption algorithm (which is a randomized algorithm) that takes as input the public parameter PK, a message M, and an access structure ‘A’ over the universe of attributes. It outputs a cipher text CT such that only a user who possesses a set of attributes that satisfies the access structure will be able to decrypt the message. Step 5: The re-encryption algorithm is a randomized algorithm that takes as input the cipher text CT including an access structure ‘A’, and a set of attribute groups G. If the attribute groups appear in ‘A’, it re-encrypts CT for the attributes; else, returns Λ. Specifically, it outputs a reencrypted cipher text CT’ such that only a user who possesses a set of attributes that satisfies the access structure and has a valid membership for each of them at the same time will be able to decrypt the message. Step 6: The decryption algorithm is executed which takes as input the cipher text CT’ which contains an access structure ‘A’, a private key SK, and a set of attribute group keys K Λ for a set of attributes Λ. The decryption can be done if Λ satisfies ‘A’ and K Λ is not revoked for any λ ∈ Λ. Step 7: If the data contains most important information and in order to protect the data security, more privileged service providers view most of the data and less privileged service providers view limited data. Proposed Algorithm KeyGen CE (M): K is the key generation algorithm that maps a data copy M to a convergent key K; Encrypt CE (K, M): C is the symmetric encryption algorithm that takes both the convergent key K and the data copy M as inputs and then outputs a ciphertext C; Algorithm Steps Ciphertext = E K3 (D K2 (E K1 (plaintext))) Create 16 subkeys, each of which is 48-bits long. Encode each 64-bit block of data. C[0]D[0] = PC1(key) for 1 <= i <= 16 C[i] = LS[i](C[i-1]) D[i] = LS[i](D[i-1]) K[i] = PC2(C[i]D[i]) Encipherment: L[0]R[0] = IP(plain block) for 1 <= i <= 16 L[i] = R[i-1] R[i] = L[i-1] xor f(R[i-1], K[i]) Cipher block = FP(R[16]L[16]) 29 Decipherment: R[16]L[16] = IP(cipher block) For 1 <= i <= 16 R[i-1] = L[i] L[i-1] = R[i] xor f(L[i], K[i]) Plain block = FP(L[0]R[0]) Decrypt CE (K,C): M is the decryption algorithm that takes both the ciphertext C and the convergent key K as inputs and then outputs the original data copy M Algorithm Steps Input: CC: 64 bits of cipher text k16, k15, ..., k1: 16 round keys IP: Initial Permutation FP: Final Permutation f (): Round Function Output: TT: 64 bits of clear text Process: CC' = IP(CC), applying initial permutation (LL0, RR0) = CC', dividing CC' into two 32-bit parts (LL1, RR1) = (RR0, LL0 ^ f(RR0, k16)) (LL2, RR2) = (RR1, LL1 ^ f(RR1, k15)) ...... TT' = (RR16, LL16), swapping the two parts TT = FP(TT'), applying final permutation TagGen CE (M): T(M) is the tag generation algorithm that maps the original data copy M and outputs a tag T(M). To allow TagGenCE to generate a tag from the corresponding where ciphertext, by using T(M)=TagGen CE (C), C=Encrypt CE (K,M). V. CONCLUSION Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. This project proposes a cryptographic approach to enforce a fine-grained access control on the outsourced data that is dual encryption protocol exploiting the combined features of the ciphertext-policy attribute-based encryption and group key management algorithm. The proposed scheme allows a data owner to define the access control policy and enforce it on his outsourced data. It also features a mechanism that enables more fine-grained access control with efficient attribute and user revocation capability. It is sent that the proposed scheme is efficient and scalable to securely manage the outsourced data. VI. FUTURE ENHANCEMENT The following enhancements are should be in future. • • • The application if developed as web services, then many applications can make use of the records. The data integrity in multiple copies of same database is not considered. The error situation can be recovered if there is any mismatch. The web site and database can be hosted in real environment during the implementation. ISSN 2277-5099 | © 2018 Bonfring Bonfring International Journal of Software Engineering and Soft Computing, Vol. 8, No. 1, March 2018 REFERENCES [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi and P. Samarati, “A Data Outsourcing Architecture Combining Cryptography and Access Control”, Proc. ACM Workshop Computer Security Architecture, 2007. L. Ibraimi, M. Petkovic, S. Nikova, P. Hartel and W. Jonker, “Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application”, Proc. Int’l Workshop Information Security Applications, Pp. 309-323, 2009. R. Baden, A. Bender, N. Spring, B. Bhattacharjee and D. Starin, “Persona: An Online Social Network with User-Defined Privacy”, Proc. ACM SIGCOMM , 2009. A. Sahai and B. Waters, “Fuzzy Identity-Based Encryption”, Proc.Eurocrypt, Pp. 457-473, 2005. V. Goyal, O. Pandey, A. Sahai and B. Waters, “Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data”, Proc. ACM Conf. Computer and Comm. Security, Pp. 89-98, 2006. J. Anderson, Computer security planning study, Technical Report 73-51, Air Force Electronic System Division, 1972. J. Saltzer and M. Schro eder, „The protection of information in computer systems”, Communications of the ACM , Vol. 17, No.7, 1974. N. Provos, “Encrypting virtual memory”, Proc. of the 9th USENIX Security Symposium, 2000. A. Harrington and C. Jensen, “Cryptographic access control in a distributed tle system”, Proc. of the 8th SACMAT, 2003. S. Akl and P. Taylor, “Cryptographic solution to a problem of access control in a hierarchy”, ACM TOCS, Vol. 1, No.3, Pp. 239-248, 1983. J. Crampton, K. Martin and P. Wild, “On key assignment for hierarchical access control”, Proc. of the 19th IEEE CSFW , 2006. G. Miklau and D. Suciu, “Controlling access to published data using cryptography”, Proc. of the 29th VLDB Conference, 2003. H. Hacig Äum Äus, B. Iyer and S. Mehrotra, “Providing database as a service”, Proc. of 18th ICDE, 2002. R. Agrawal, J. Kierman, R. Srikant and Y. Xu, „Order preserving encryption for numeric data”, Proc. of ACM SIGMOD, 2004. E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Ja jo dia, S. Parab oschi and P. Samarati, “An experimental evaluation of multi-key strategies for data outsourcing”, Proc. of the 22nd IFIP TC-11 International Information Security Conference, 2007. A. Sahai and B. Waters, “Fuzzy identity-based encryption”, Advances in Cryptology Eurocrypt, Vol. 3494, Pp. 457 -473, 2005. J. Bethencourt, A. Sahai and B. Waters, “Ciphertext-Policy AttributeBased Encryption”, Proceedings of the IEEE Symposium on Security and Privacy, Pp. 321-334, 2007. L. Cheung and C. Newport, “Provably secure ciphertext policy ABE”, Proceedings of the 14th ACM Conference on Computer and Communications Security , Pp. 456-465, 2007. M. Pirretti, P. Traynor, P. McDaniel and B. Waters, “Secure attributebased systems”, Proceedings of the 13th ACM Conference on Computer and Communications Security, Pp. 99-112, 2006. ISSN 2277-5099 | © 2018 Bonfring 30