ENFORCED ENCRYPTION AND REVOKING DYNAMIC ACCESS

[ 30 Sept 2020 | vol. 14 | no. 3 | pp. 29-42]

About Authors:

Mukku Harisree1, Debnath Bhattacharyya2, B. Dinesh Reddy1 and N. Thirupathi Rao1
-1Department of Computer Science and Engineering, Vignan’s Institute of Information Technology, Visakhapatnam-530049, India
-Department of Computer Science and Engineering,Koneru Lakshmaiah Education Foundation, Guntur-522502, India

Abstract:

Even though the data is encrypted, an attacker can try to decrypt the message/data by attaining the key through the brute force attack. If a same key is used for encryption of different files, an attacker can guess the key by using brute force attack. Another way is admin can use a static list of keys for encryption of data. But if the attacker gets access to the file of keys then accessing data gets quite easy. So, to solve these problems, we generate keys dynamically, by using a pseudo random number generator function. And these dynamic keys are generated, whenever a file is uploaded, updated and deleted to encrypt the file in cloud. And if the requested user is authenticated and authorized then he/she will receive a mail, which consists of a key, for decryption. Not only that, it is not necessary that the attacker is always an outsider, sometimes the attacker can be an employee within the organization. In such cases, an authorized user can try to get access to data that he/she has no privilege. In this paper, we are going to propose a solution to the problems mentioned above. To avoid/prevent the attacker from cracking the key, we need to re-encrypt the text by using a new key. Moreover, re-encryption has to be done whenever a malicious activity is recorded. Whenever an authenticated user tries to get access to data that he/she has no privilege, the administrator can block that user.

Keywords:

Dynamic Access, Data owner, Data User, revoking, Cloud

 

About this Article: