Attribute-based Access to Scalable Media in Cloud-assisted Content Sharing Networks.

Attribute-based Access to Scalable Media in Cloud-assisted Content Sharing Networks.

ABSTRACT

This paper presents a novel Multi-message Cipher text Policy Attribute-Based Encryption (MCP-ABE) technique, and employs the MCP-ABE to design an access control scheme for sharing scalable media based on data consumers’ attributes (e.g., age, nationality, or gender)rather than an explicit list of the consumers’ names. The scheme is efficient and flexible because MCP-ABE allows a content provider to specify an access policy and encrypt multiple messages within one Cipher text such that only the users whose attributes satisfy the access policy can decrypt the Cipher text. Moreover, the paper shows how to support resource-limited mobile devices by offloading computational intensive operations to cloud servers while without compromising data privacy

Existing System:

A promising approach to access control in content sharing services is to empower users to enforce access controls on their data directly, rather than through a central administrator. However, this requires flexible and scalable cryptographic key management to support complex access control policies. A native access control solution is to assign one key for each user attribute, distribute the appropriate keys to users who have the corresponding attributes, and encrypt the media with the attribute keys repeatedly Another method is to classify users into different roles based on their attributes, assign role keys to users, and then encrypt the content using the role keys. However, this approach results in high complexity, i.e., the number of keys for each user and the number of cipher texts for one message are on the order of where is the number of all possible user attributes. Both of these solutions suffer from the rigid and inflexible definition of the underlying access control policies. A remedy to this problem is employing Ciphertext Policy Attribute-Based Encryption (CP-ABE). In CP-ABE, a Ciphertext is embedded with an access control policy, or access policy for short, associated with user attributes. A recipient of the ciphertext is able to decrypt the ciphertext only if her attributes satisfy the access policy in the ciphertext. CP-ABE can be viewed as a one-to-many public key encryption scheme and hence enables a data owner to grant access to an unknown set of users. Nonetheless, existing CP-ABE schemes merely deliver one encrypted message per ciphertext to all authorized users and are not optimal for efficient sharing of scalable media.

Disadvantages of Existing System:

v  In an existing system solution is flexible, but it is vulnerable to collusion attack.

v  The existing method is to classify users into different roles based on their attributes, assign role keys to users, and then encrypt the content using the role keys. However, this approach results in high complexity.

v  Existing CP-ABE schemes merely deliver one encrypted message per ciphertext to all authorized users and are not optimal for efficient sharing of scalable media.

Proposed System:

In this paper we present an access control scheme for scalable media. The scheme has several benefits which make it especially suitable for content delivery. For example, it is extremely scalable by allowing a data owner to grant data access privileges based on the data consumers’ attributes (e.g., age, nationality, gender) rather than an explicit list of user names; and it ensures data privacy and exclusiveness of access of scalable media by employing attribute-based encryption. For this purpose, we introduce a novel Multi-message Ciphertext Policy AttributeBased Encryption (MCP-ABE) technique. MCP-ABE encrypts multiple messages within one ciphertext so as to enforceflexible attribute-based access control on scalable media. Specifically, the scheme constructs a key graph which matches users’ access privileges, encrypts media units with the corresponding keys, and then encrypts the key graph with MCP-ABE; only those data consumers with the required user attributes can decrypt the encryption of the key (sub) graph and then decrypt the encrypted media units. To cater for resource-limited mobile devices, the scheme offloads computational intensive operations to cloud servers while without compromising user data privacy.

Advantages of Proposed System:

v  The present scheme is also secure against user collusion attacks due to use of attribute-based encryption.

v  The experiments demonstrate that the present scheme is applicable on smartphone, especially when a cloud platform is available.

v  We present an access control scheme for scalable media. The scheme has several benefits which make it especially suitable for content delivery

System Architecture:

System Requirement Specification:

Hardware Requirements:

•         System                                   :           Pentium IV 2.4 GHz.

•         Hard Disk                   :           40 GB.

•         Floppy Drive               :           1.44 Mb.

•         Monitor                       :           15 VGA Colour.

•         Mouse                         :           Logitech.

•         Ram                             :           512 Mb.

Software Requirements:

•         Operating system        :           Windows XP.

•         Coding Language       :           ASP.NET, C#.Net.

•         Data Base                    :           SQL Server 2005

http://www.trainingindians.com

Network Assisted Mobile Computing with Optimal Uplink Query Processing

Network Assisted Mobile Computing with Optimal Uplink Query Processing

ABSTRACT

                Many mobile applications retrieve content from remote servers via user generated queries. Processing these queries is often needed before the desired content can be identified. Processing the request on the mobile devices can quickly sap the limited battery resources. Conversely, processing user-queries at remote servers can have slow response times due communication latency incurred during transmission of the potentially large query. We evaluate a network-assisted mobile computing scenario where midnetwork nodes with “leasing” capabilities are deployed by a service provider. Leasing computation power can reduce battery usage on the mobile devices and improve response times. However, borrowing processing power from mid-network nodes comes at a leasing cost which must be accounted for when making the decision of where processing should occur. We study the tradeoff between battery usage, processing and transmission latency, and mid-network leasing. We use the dynamic programming framework to solve for the optimal processing policies that suggest the amount of processing to be done at each mid-network node in order to minimize the processing and communication latency and processing costs. Through numerical studies, we examine the properties of the optimal processing policy and the core tradeoffs in such systems.

Architecture:

Existing System:

In the previous section we identified special properties of the optimal processing policy under various scenarios. We now examine some of these properties through numerical studies with example cost functions and systems. Latency, battery usage, and leasing costs have a tightly woven relationship.

Disadvantages:

                                                              i.      Increasing battery usage will decrease latency and leasing costs, but also limits the lifetime of the mobile device.

                                                            ii.      Conversely, the lifetime of the device can be extended by increasing leasing costs which will decrease latency and battery usage.

Proposed System:

A user request originates at the Mobile Station (MS). In order to be completed, the request must be transmitted upstream to a remote Application Server (AS) via a Base Station (BS) and a series of relay nodes. We refer to the node at the first hop as the base station, but emphasize that the links between the BS, relay nodes, and AS may be wired or wireless. Similarly running a text to speech conversion application for usage scenarios.

Advantages:

                                                              i.      If the request processing is entirely done at the MS, the limited battery power can be drained.

                                                            ii.      If the processing is done at the AS, communication latency can be high due to limited bandwidth of the wireless access link and large query size.

Modules:

1. Leasing Model
2. Relaying Strategies
3. Multi-hop Transmission

Leasing Model:

                        Utilizing the processing power of intermediary nodes is the main idea behind Network-Assisted Mobile Computing. Leasing processing power from mid-network nodes can be extremely beneficial to reduce latency and to extend the battery life of a mobile device. However, it comes with a cost. These costs can capture the fee required to lease CPU power from the mid-network nodes. Additionally, these costs may capture potential security risks by giving access of client data to these nodes. Some operations, such as transcoding, can be done on

Encrypted data, while other would require decrypting the data. The mobile station send one sentence for ex: (how are you), in the application server receive the sentence into audio.

Relaying Strategies:

                         • Amplify-and-forward

 • Decode-and-forward

In amplify-and-forward, the relay nodes simply boost the energy of the signal received from the sender and retransmit it to the receiver. In decode-and-forward, the relay nodes will perform physical-layer decoding and then forward the decoding result to the destinations. If multiple nodes are available for cooperation, their antennas can employ a space-time code in transmitting the relay signals. It is shown that cooperation at the physical layer can achieve full levels of diversity similar to a system, and hence can reduce the interference and increase the connectivity of wireless networks.

Multi-hop Transmission:

             Multi-hop transmission can be illustrated using two-hop transmission. When two-hop transmission is used, two time slots are consumed. In the first slot, messages are transmitted from the mobile station to the relay, and the messages will be forwarded to the Application Server in the second slot. The outage capacity of this two-hop transmission can be derived considering the outage of each hop transmission.

System Requirement Specification:

 Hardware Requirements: 

·         System                       :           Pentium IV 2.4 GHz.

·         Hard Disk                  :           40 GB.

·         Floppy Drive :           1.44 Mb.

·         Monitor                      :           15 VGA Color.

·         Mouse                        :           Logitech.

·         Ram                           :           512 MB.

  Software Requirements: 

·      Operating system        :           Windows XP Professional.

·      Coding Language       :           C#.NET

 

Optimal Source Based Filtering of Malicious Traffic

Optimal Source Based Filtering of Malicious Traffic

ABSTRACT

In this paper, we consider the problem of blocking malicious traffic on the Internet via source-based filtering. In particular, we consider filtering via access control lists (ACLs): These are already available at the routers today, but are a scarce resource because they are stored in the expensive ternary content addressable memory (TCAM). Aggregation (by filtering source prefixes instead of individual IP addresses) helps reduce the number of filters, but comes also at the cost of blocking legitimate traffic originating from the filtered prefixes. We show how to optimally choose which source prefixes to filter for a variety of realistic attack scenarios and operators’ policies. In each scenario, we design optimal, yet computationally efficient, algorithms. Using logs from Dshield.org, we evaluate the algorithms and demonstrate that they bring significant benefit in practice.

EXISTING SYSTEM:

Protecting a victim (host or network) from malicious traffic is a hard problem that requires the coordination of several complementary components, including nontechnical (e.g., business and legal) and technical solutions (at the application and/or network level). Filtering support from the network is a fundamental building block in this effort. For example, an Internet service provider (ISP) may use filtering in response to an ongoing DDoS attack to block the DDoS traffic before it reaches its clients. Another ISP may want to proactively identify and block traffic carrying malicious code before it reaches and compromises vulnerable hosts in the first place. In either case, filtering is a necessary operation that must be performed within the network.

Filtering capabilities are already available at routers today via access control lists (ACLs). ACLs enable a router to match a packet header against predefined rules and take predefined actions on the matching packets [1], and they are currently used for enforcing a variety of policies, including infrastructure protection [2]. For the purpose of blocking malicious traffic, a filter is a simple ACL rule that denies access to a source IP address or prefix. To keep up with the high forwarding rates of modern routers, filtering is implemented in hardware: ACLs are typically stored in ternary content addressable memory (TCAM), which allows for parallel access and reduces the number of lookups per forwarded packet.

DISADVANTAGES OF EXISTING SYSTEM:

TCAM is more expensive and consumes more space and power than conventional memory. The size and cost of TCAM puts a limit on the number of filters, and this is not expected to change in the near future.1 With thousands or tens of thousands of filters per path, an ISP alone cannot hope to block the currently witnessed attacks, not to mention attacks from multimillion-node botnets expected in the near future.

PROPOSED SYSTEM:

In this paper, we formulate a general framework for studying source prefix filtering as a resource allocation problem. To the best of our knowledge, optimal filter selection has not been explored so far, as most related work on filtering has focused on protocol and architectural aspects. Within this framework, we formulate and solve five practical source-address filtering problems, depending on the attack scenario and the operator’s policy and constraints. Our contributions are twofold. On the theoretical side, filter selection optimization leads to novel variations of the multidimensional knapsack problem.We exploit the special structure of each problem and design optimal and computationally efficient algorithms. On the practical side, we provide a set of cost-efficient algorithms that can be used both by operators to block undesired traffic and by router manufacturers to optimize the use of TCAM and eventually the cost of routers.

ADVANTAGES OF PROPOSED SYSTEM:

The proposed system can be used to protect all network infra-structure from malicious traffic, such as scanning, malicious code propagation, spam, and distributed denial-of-service (DDoS) attacks.

MODULES:

Network Creation Module

Optimal Source based filtering module

Filter Selection Module

Evaluation module

MODULE DESCRIPTIONS:

Network Creation Module

In this module we construct a network using socket programming, as shown in our Architecture. Where the users can send data to other nodes/network by using the options given. The user node will be listing all the nodes which are connected to the network. The sender can able to select the node name and then send the data.

Optimal Source based filtering module

In this module we design Framework for optimal filter selection

– defined various filtering problems

– designed efficient algorithms to solve them

-  Lead to significant improvements on real datasets

– Compared to non-optimized filter selection , to generic Clustering, or to uncoordinated routers

– Because of clustering of malicious sources

Filter Selection Module

In this module we implement the following filter algorithms:

BLOCK-ALL

BLOCK-SOME

TIME-VARYING BLOCK-ALL/SOME

Evaluation module

In evaluation module, the evaluation nodes list the details of the malicious node and the good nodes. This node is designed as such it will be refreshed for a few seconds of period to update the information on each and every second. This node acts as a evaluation node as since it evaluates the nodes from malicious ones.

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

•         System                                   : Pentium IV 2.4 GHz.

•         Hard Disk                   : 40 GB.

•         Floppy Drive               : 1.44 Mb.

•         Monitor                       : 15 VGA Colour.

•         Mouse                         : Logitech.

•         Ram                             : 512 Mb.

SOFTWARE REQUIREMENTS:

•         Operating system        : Windows XP.

•         Coding Language       :  C#.Net.

•         Data Base                    :  SQL Server 2005

REFERENCE:

Fabio Soldo, Katerina Argyraki and Athina Markopoulou, “Optimal Source-Based Filtering of Malicious Traffic”, IEEE/ACM Transactions on Networking, Vol. 20, No.20, April 2012.