Single Sign on Mechanism Using Attribute Based Encryption in Distributed Computer Networks Academic research paper on "Computer and information sciences"

CrossMark

Available online at www.sciencedirect.com

ScienceDirect

Procedia Computer Science 47 (2015) 441-451

Single Sign On Mechanism Using Attribute Based Encryption In Distributed Computer Networks

M.Surya1 N.Anithadevi

a PG Student, Computer Science and Engineering, Coimbatore Institute of Technology, Coimbatore- 641014, India b Assistant Professor, Computer Science and Engineering, Coimbatore Institute of Technology,

Coimbatore- 641014

Abstract

Single Sign On (SSO) is an authentication mechanism that enables legal user with a single credential to be authenticated by multiple service providers in a distributed computer networks. SSO obtains credential from trusted authorities i.e., Smart Card Producing Center (SCPC) and Trusted Credential Privacy (TCP) which is used for mutual authentication and authorization of legal users. Chang-Lee coined a new SSO scheme which makes use of SCPC for mutual authentication and session key establishment whereas Schnorr signature makes use of TCP which generates and verifies the signature for user's authentication. RSA algorithm and Attribute Based Encryption (ABE) is used for encryption and decryption of messages in which ABE tends to be more efficient than RSA based algorithm. ABE is a new public key based on one-to-many encryption that allows users to decrypt the message based on set of attributes and access policies. Decryption is an expensive process and this ABE system eliminates the decryption overhead using outsourced decryption. Integrity of data is maintained by verification of the cipher text which guarantees that the encrypted and decrypted files are same and original message is recovered using hash technique in case of any modifications in the file.

© 2015 The Authors. PublishedbyElsevierB.V.This is an open access article under the CC BY-NC-ND license (http://creativecommons.Org/licenses/by-nc-nd/4.0/).

Peer-reviewunderresponsibility of organizing committee of the Graph Algorithms, High Performance Implementations and Applications (ICGHIA2014)

Keywords: Encryption; Decryption; Ciphertext; Trusted Authority; Credential.

1. Introduction

This section provides introduction about Single Sign On and Attribute Based Encryption

1.1 Single Sign On

Distributed computer networks 5 has become common to allow users to access various network

1877-0509 © 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Peer-review under responsibility of organizing committee of the Graph Algorithms, High Performance Implementations and Applications (ICGHIA2014) doi: 10.1016/j.procs.2015.03.228

services offered by distributed service providers. Consequently, user authentication (also called user identification) plays a crucial role in distributed computer networks to verify, if a user is legal and can therefore be granted access to the services requested. To avoid counterfeit servers, users usually need to authenticate service providers. After mutual authentication, session keys 4 may be negotiated to keep the confidentiality of the data exchanged between a user and a service provider. In many scenarios, the anonymity of legal users must be protected as well. However, practice shows that it is a big challenge to design efficient and secure authentication protocols 4 with these security properties in complex computer network environments.

It is not practical to ask one user to maintain distinct pairs of identity and password for different service providers, since this increases the workload of users, service providers, and communication overhead of networks. To tackle the problem, the SSO mechanism has been introduced which is an authentication mechanism that enables a legal user with a single credential 1 to be authenticated by multiple service providers in a distributed computer networks. SSO is the ability for a user to enter the same identity and password 3 to login to multiple applications. As passwords are the least secure authentication mechanism, single sign on is now known as Reduced Sign On (RSO) 1, since more than one type of authentication mechanism 3 is used according to enterprise risk models.

SSO scheme 1 should meet three essential security requirements, (unforgeability, credential privacy, and soundness). Unforgeability implies that, except the trusted authority 1, even a colluded user and service provider are not able to forge a valid credential for a new user. Credential privacy 1 guarantees that even colluded dishonest service providers should not be able to fully recover a user's credential and then impersonate the user to logon to other service providers. Soundness 2 infers that an unregistered user without a credential should not be able to access the services offered by service providers. SSO has the ability to enforce uniform enterprise authentication and authorization policies across the enterprise.

1.2 Attribute Based Encryption

It is a public-key encryption 1 in which the secret key of a user and the ciphertext 6 are dependent upon attributes. In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext. Attribute Based Encryption(ABE) 7 has significant advantage over the traditional Public Key Cryptography (PKC) 2 primitives as it achieves flexible many-to-many encryption instead of many-to-one 6. ABE is envisioned as an important tool for addressing the problem of secure and fine-grained data sharing and access control. In an ABE system, a user is identified by a set of attributes.

There are two variants of ABE6: Key-Policy based ABE (KP-ABE) and Ciphertext-Policy based ABE (CP-ABE). In KP-ABE, the ciphertext is associated with a set of attributes and the secret key is associated with the access policy. The encryptor defines the set of descriptive attributes necessary to decrypt the ciphertext. The trusted authority 1, generates user's secret key and defines the combination of attributes for which the secret key can be used. In CP-ABE, the idea is reversed: the ciphertext is associated with the access policy 7 and the encrypting party determines the policy under which the data can be decrypted, meanwhile the secret key is associated with specific set of attributes.

2. Related Work

2.1 Security Analysis of Single Sign On Mechanism

Single Sign On (SSO) scheme 1 should meet at least two basic security requirements(soundness and credential privacy). Chang-Lee proposed a new SSO scheme and claimed its security by providing well organized security arguments. Chang-Lee's SSO scheme 1 is a remote user authentication scheme, supporting session key establishment and user anonymity. RSA cryptographic systems are used to initialize a trusted authority, called an SCPC (smart card producing center).

Chang-Lee scheme is insecure by presenting two impersonation attacks 1 credential recovering attack and impersonation attack without credentials. In the first attack, malicious service provider who communicates with a registered user twice can successfully recover the user's credential. Later, the malicious service provider can impersonate user to access resources and services provided by other service providers. The other attack enables an outside attacker without any valid credential to impersonate a registered user or even a nonexistent user to enjoy services freely. Unfortunately this SSO scheme is not secure.

To overcome the flaws in the Chang-Lee scheme RSA-based verifiable encryption of signatures (RSA-VES) 1, which is

an efficient primitive used for realizing fair exchange of RSA signatures. VES comprises of three parties: a trusted party and two users. Signature hiding 1 means that an attacker cannot extract a signature from VES without help from the user who encrypted the signature or the trusted authority who can decrypt a VES. So, if this improved SSO scheme 1 fails to meet credential privacy, it implies that RSA-VES fails to satisfy signature hiding, which is contrary to the analysis. In fact, soundness and signature hiding are the two core security properties to guarantee the fairness of digital signature exchange using VES.

2.2 Provably secure single sign on scheme

Distributed systems and networks 1 have been adopted by telecommunication, remote education, business, armies and governments. Widely applied technique for distributed systems and networks is the SSO scheme which enables the user to use a unitary secure credential 1 (or token) to access multiple computers and systems, where the user has access permissions. However, existing SSO schemes have not been formally proved to satisfy credential privacy and soundness.

The Schnorr signature 2 can provide soundness and credential privacy 2. As a provably unforgeable signature scheme, Schnorr signature allows a signer to authenticate user by signing a message without releasing any other useful information about his/her private signing key. Trusted Credential Privacy (TCP), a trusted authority, first issues the credential for each user by signing the user's identity according to Schnorr signature. Then, by treating the users credential as another public/private key pair, the user can authenticate them by signing a Schnorr signature on a temporal message generated in the protocol. In contrast, service provider maintains its own public/private key pair in any secure signature scheme, so that it can authenticate itself to users by simply issuing a normal signature. Finally, the session key is established by running a variant of Diffie-Hellman key exchange protocol 2, and the user anonymity is guaranteed by symmetric key encryption.

To preserve credential generation privacy, TCP signs a Schnorr signature on user identity, and to protect credential privacy and soundness, the user exploits the users credential as a signing key to sign a Schnorr signature on the hashed session key. In fact, Schnorr signature mechanism is more efficient than RSA mechanism which has been employed by Chang-Lee scheme. This scheme reduces the computation cost, enhances the confidentiality, and preserves soundness and credential privacy.

2.3 Attribute based encryption with verifiable outsourced decryption

A promising application of ABE is flexible access control of encrypted data, using access polices and ascribed attributes associated with private keys and ciphertexts. One of the main drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grow with the complexity of the access policy.

ABE system with outsourced decryption largely eliminates the decryption overhead 6 for users. In this system, a user provides an untrusted server (malicious service provider) with a transformation key 6 that allows the provider to translate any ABE ciphertext satisfied by that user's attributes or access policy into a simple ciphertext, and it incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext. Security of the ABE system with outsourced decryption ensures that an adversary (malicious service provider) will not be able to learn anything about the encrypted message. Correctness of the transformation is done by verifiable outsourced decryption. Informally, verifiability guarantees that a user can efficiently check, if the transformation is done correctly.

After retrieving the data verification operation is performed. If the verification results of the data is modified, then to identify the modified block and to recover the remaining content, random hash function is applied to the retrieved data. The results are compared with the stored values and the modified blocks can be identified. A hash function 9 H is a transformation that takes a variable size input m and returns a fixed size string, that is termed the hash value.

2.4 Provably Secure Ciphertext Policy Attribute Based Encryption

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) 7 allow users to encrypt data under an access policy, specified as logical combination of set of attributes. Such ciphertexts can be decrypted by anyone with a set of attributes that satisfy the access policy. ABE has significant advantage over the traditional Public Key Cryptography (PKC) primitives as it achieves flexible many-to-many encryption instead of many-to-one. ABE is envisioned as an important tool for addressing the problem of secure and fine-grained data sharing and access control. In an ABE system, a user is identified by a set of attributes.

A secret key based on a set of attributes x, can decrypt a ciphertext encrypted with a public key based on a set of attributes x0, only if the sets x and x0 overlap sufficiently as determined by a threshold value T. Any party could encrypt a document to all users who have a certain set of attributes drawn from a pre-defined attributes. For example, one can encrypt a recruitment related document to all recruitment committee members in the Computer Science

Department. In this case, the document would be encrypted to the attribute subset "Faculty", "CS Dept.'', "Recruitment Committee'', and only users with all of these three attributes in the University can hold the corresponding private keys and thus decrypt the document, while others cannot. CP-ABE is based on a recent secret sharing method called Linear Integer Secret Sharing Scheme (LISS) 7.

3. System Design

This section gives details about the system design and the underlying modules.

3.1 Introduction

Single Sign On (SSO) mechanism has been introduced so that, after obtaining credential from a trusted authority for a short period, each legal user's authentication agent can use this single credential to complete authentication on behalf of the user and then access multiple service providers. Intuitively, an SSO scheme should meet three essential security requirements, i.e., unforgeability, credential privacy, and soundness.

New User can register user profile information to enter into the SSO system. User profile information is based on the set of attributes which is specific to the individual user. SSO mechanism has to identify and authorize the user based on the attributes and access policy. User with specific set of attributes are allowed to encrypt and decrypt files. Initially, RSA algorithm is used for encryption and decryption which determines the public key and private key. RSA algorithm makes use of Smart Card Producing Center (SCPC), which is a trusted authority used for authentication of users. To guarantee soundness Schnorr mechanism use Trusted credential privacy(TCP), a trusted authority, which ensures mutual authentication of users with SCPC. RSA and Schnorr mechanism increases decryption overhead and does not provide high wall of security. To overcome this problem verifiable outsourced decryption is used which eliminates the decryption overhead.

The decryption overhead can be reduced by using transformation key. Instead of converting from plaintext to complex ciphertext, transformation key is used to convert from plaintext to simple ciphertext which reduces the decryption complexity. In case of any data loss or modifications in file, the original messages can be recovered using hash techniques. The user performs hash chains for the original data. Hash chains are applied using SHA1 algorithm. The hash chains are stored in the client side, along with the keys. When user decrypts and retrieves the original data, hash chains are applied. The existing and generated hash chains are matched. The verified hash block data are recovered and the remaining are neglected.

3.2 Chang-Lee SSO Scheme

Chang-Lee SSO scheme is based on RSA algorithm. It is mostly used in key distribution and digital signature processes. RSA is based on one way function in number theory, called "Integer Factorization". One way function is a function, which is "Easy" to compute one way, but "Hard" to compute the inverse of it.

SCPC is a trusted authority which is used to authenticate and authorize users. Once the user is identified, SCPC is responsible for authorizing users and determines public key and private key.

3.2.1 System Initialization Phase

Smart Card Producer(SCPC) does the following

> Selects two large primes p, q and computes p*q.

> Determines the key pair (e,d) such that e*d = 1mod 9(N),where 9(N)=(p - 1)*(q - 1).

> Chooses a generator g over the finite field Z*n, where n is a large odd prime number.

> SCPC protects the secrecy of d and publishes (e,g,n,N).

SCPC acts as a service provider which is used for user authentication. SCPC determines the RSA keys i.e Public key and Private key.

3.2.2 Registration Phase

> Each user chooses a unique identity ID with a fixed bit length and sends it to SCPC.

> Obtain a secret token with the help of cryptographic one way hash function.

New user is registered in the single sign on login page. All the details of users are stored in registration database. Once the user has been registered, he/she can use SSO scheme to access image drive and mail inbox.

3.2.3 User Identification Phase

y User sends service request message m1 to the provider. Provider generates and returns user message to the user which is made up primarily by its RSA signature. Once the signature is validated, it means that the user has been authenticated by the service provider successfully.

> User correspondingly generates exchange material and issues proof.

> The proof is used to convince provider that the user does hold valid credential.

> The message is employed to show that the provider has obtained message correctly, which implies the success of mutual authentication and session key establishment.

The user is identified from the Smart Card Producing Center (SCPC) database. Mail is sent from the sender and is received by the receiver. The mail content i.e. messages are encrypted and decrypted with the help of SCPC database. SCPC database creates nonce which are random in nature and are dynamically created. Nonce is a random number generated for each specific users for the purpose of session authentication. It prevents from different kinds of attacks and ensures that no nonce is ever reused. SCPC contains public key which is used for encryption of messages and decryption is done with the private key. When any unauthenticated person tries to tamper message, only encrypted message can be obtained and original message cannot be viewed.

3.2.4 Encryption and Decryption Phase

Encryption and Decryption between user and provider is ensured using AES algorithm which is secure more than DES. Data is sent from each service provider to the user is encrypted and later sent to the user, then the user decrypts the original data. Encryption and decryption are done using the more secure Advanced Encryption Algorithm (AES).

SCPC acts as a service provider and contains two asymmetric keys i.e. public key and private key. Messages are encrypted at the sender using public key and decrypted at the receiver using private key. Encryption and decryption of messages is done using RSA algorithm.

Encryption and decryption process makes use of one way hash function (MD5). It verifies the integrity of messages through the creation of message digest that claims to be unique for specific messages.

Figure 1. Encryption and Decryption Mechanism 3.3 Attacks Against Chang-Lee Scheme

Chang-Lee SSO scheme achieves secure mutual authentication, since server authentication is done by using RSA signature issued by service provider. Without valid credential, it looks impossible for an attacker to impersonate a legal user by going through the user authentication procedure. However, Chang-Lee scheme is actually not a secure SSO scheme because there are two potential effective and concrete impersonation attacks.

3.3.1 Credential Recovering Attack

Intuitively, Chang-Lee SSO scheme seems to satisfy the requirement of credential privacy since receiving credential proof. The details of the attack which share some features of common-modules attacks against RSA are given as follows.

> Successfully running the Chang-Lee SSO scheme twice with the same user, malicious service provider stores all messages exchanged in the two instances.

> By denoting the public key and private key, the provider first checks if the public key and private key are co-prime i.e GCD(public key and private key)=1. Finally malicious provider can recover the user's credential by mathematical computation.

> If GCD(public key and private key) ^ 1 then provider needs to run more instances with user, so that it can get two instances such that GCD(public key and private key)= 1.

Service provider SCPC is not a trusted party and it they could be malicious service provider. Moreover, if SCPC is assumed to be trusted and user can simply encrypt their credential under the RSA public key of SCPC. Then, attacker can easily decrypt the ciphertext to get the credential and verify its validity by checking if it is a correct signature issued by SCPC.

3.3.2 Impersonation Attack without Credentials

The soundness of the Chang-Lee SSO scheme, seems to satisfy this security requirements. An attacker should not be able to login to any service provider if it does not have the knowledge of either SCPC's RSA private key or user's credential. The attacks is explained as follows

> To impersonate legal user with identity for accessing service provider, an attacker first sends request message m1 normally, as user does.

> Upon receiving message m2 from provider, attacker e then checks the provider's signature and chooses a random integer to compute x (x is a nonce function which dynamically generates random number) Before moving to the next step, e needs to check whether x is divisible by e. If not, e has to choose the parameter, another t or start a new session to satisfy the condition.

> As x is divisible by e, let x = e.b for some integers.

> Finally e can impersonate user to pass the authentication by sending message m3 to provider.

Finally, impersonation attacks without valid credentials seriously violate the security of SSO schemes, as it allows attackers to be successfully authenticated without first obtaining a valid credential from the SCPC after registration. In other words, it means that an SSO scheme suffering these attacks are alternatives which enable passing through authentication without credentials.

3.4 RSA based Verifiable Encryption of Signature(RSA-VES)

RSA based Verifiable Encryption of Signatures (RSA-VES), which is an efficient primitive for fair exchange of RSA signatures. VES comprises of three parties: a trusted party (SCPC) and two users. The basic idea of VES is that sender who has pair of signature scheme signs a given message and encrypts the resulting signature under SCPC's public key, and uses a Non Interactive zero-knowledge (NIZK) proof to convince receiver that the message has been signed and SCPC can recover the signature from the ciphertext. After validating the proof, receiver can send the signature for the same message to sender. For the purpose of fair exchange, sender should send signature in plaintext back to the receiver after accepting receiver's signature. If sender refuses to do so, however, receiver can get signature from SCPC by providing sender's encrypted signature and receiver's own signature, so that the trusted party can recover

sender's signature and can send it to receiver, mean while, forwards receiver's signature to sender. Thus, fair exchange is achieved.

3.5 Schnorr Signature

As one of the simplest, shortest, and frequently used signature schemes, Schnorr signature scheme is provably secure in a random oracle model under the assumption that discrete logarithm problem is intractable. Schnorr signature is similar to that of digital signature with some variations.

Signing

uuLMllùlùl

LfVI iFH Mil piniJ + Li-i

IftJ i

L LLLÙ LWL LW

frrtiluLid 'Hn._____

■à'ii.H.ui'j

Verification

bglBÉlly iii/iiu dill

I L LLLU LLUL LLU

jioiHurf

LÙL LÙÙL LÙ LÙ L

III lLùù llùlùl

I^URI ILTIInyiIU WJUJ UpjiiiiJ.ijyii-.JpJ

Figure 2 Digital Signature Schnorr signature overcome's the drawbacks in Chang-Lee scheme as their user proof cannot provide soundness and credential privacy. As a provably unforgeable signature scheme, Schnorr signature allows a signer to authenticate him/herself by signing a message without releasing any other useful information about the user private signing key. Schnorr signature uses Trusted Credential privacy (TCP) for authentication of users. Schnorr signature tends to be more secure than RSA algorithm because it guarantees soundness which is the basic requirement for SSO mechanism.

3.5.1 Choosing parameters

All users of the signature scheme agrees on a group G with generator g of prime order q in which the discrete log problem is hard.

3.5.2 Key generation

y Choose a private signing key x.

> The public verification key is y = gx. 3.5.3 Signing

To sign a message M:

> Choose a random k.

> Let r = gk

y Let e = H(M | | r), where || denotes concatenation, r is represented as a bit string and H is a cryptographic hash function.

> Let s = (k - xe). The signature is the pair (s,e). 3.5.4 Verifying

> Let rv = gsye

> Let ev = H(M | | rv)

If ev = e then the signature is verified.

Trusted Credential privacy (TCP) is used when any mail is sent or received by the user. TCP generates a signature and verifies the signature each and every time, when a mail is sent or received. Signature generation creates a hash value, this hash value should be equal to the hash value generated during signature verification. If both the hash values are equal then the user is authenticated by the TCP. TCP along with SCPC holds good for mutual authentication of the service providers. User's with credential privacy can have access to sending mail and receiving mail.

When any user sends mail to another user then the signature is generated and stored in TCP database. The generated signature is verified and is also stored in the TCP database. When both the signature values are same then the user is identified and authenticated. Initially, user is identified and authenticated, the message content which is sent from user is verified by SCPC and later by TCP.

3.6 Attribute Based Encryption

RSA algorithm in SSO scheme achieves credential privacy and unforgeability but soundness (unregistered user without any credential should not be able to access the service provider) is not guaranteed. RSA encryption technique has problems related to the generation of keys and the computational power is high. To overcome these problems ABE scheme came into existence. Ciphertext Attribute Based Encryption (CP-ABE) reduces the decryption overhead using outsourced decryption. Security is provided such that even colluded service provider trying to tamper messages can view only the ciphertext documents. To maintain integrity of data, encrypted and decrypted files can be verified and recovered using Hash algorithm. CP-ABE reduces the decryption overhead and establishes higher wall of security than RSA algorithm.

3.6.1 Setup

y The input limits are the security parameter k and the universe of attribute U.

> Creates a Master Key MK along with the domain parameters PK.

3.6.2 Encryption

"y Set of domain parameters PK, message M and the access policy A specified as a Boolean formula whose operands are a subset of the universe of attributes are the input.

> The Ciphertext CT is encrypted as M in such a way that only those user who has the set of attributes required to satisfy the access policy A, can decrypt the message.

> Assume that the ciphertext and the access policy A must be transmitted together as a pair.

3.6.3 Key generation

y Inputs are the Master Key MK along with a set of attributes S.

> Private key SK is generated with the prescribed set of attributes. Generally, this primitive is executed by a "Trusted Third Party" that has the vital role of generating private key for each one of the participants with a specific access privileges.

3.6.4 Decryption

"y Domain parameters PK along with the Ciphertext CT and the corresponding access policy A, the

private key SK, which contains the set of attributes S. > Set of attributes S satisfies the policy A, message M can be recovered from the ciphertext CT

4. Experimental Analysis

4.1 Security Analysis

Security of the improved SSO scheme is analyzed by focusing on the security of the user authentication, specifically soundness and credential privacy. Unforgeability of the credential is guaranteed by unforgeability of RSA signature, and the security of service provider authentication is ensured by unforgeability of the secure signature scheme chosen by service provider. Other security properties such as user anonymity and session key privacy are preserved.

Credential privacy or credential irrecoverableness requires that there be a negligible probability of an attacker recovering a valid credential from the interaction with a user. Again this property can be deduced from the signature hiding of RSA-VES(Verifiable Encryption of Signatures) algorithm. Signature hiding infers that an attacker cannot extract a signature from VES without help from the user who encrypted the signature or the trusted authority who can decrypt a VES. So, the improved SSO scheme fails to meet credential privacy, it implies that RSA-VES fails to satisfy the signature hiding. In fact, soundness and signature hiding are the two core security properties to guarantee the fairness of digital signature exchange using VES.

4.2 Experimental Setup

In a CP-ABE scheme, the complexity of ciphertext policy impacts both the decryption time and the ciphertext size. To illustrate this, Ciphertext policies is generated in the form of (A1 and A2 and A3 and ) (i.e., the worst situation over the policy), where each Ai is an attribute. This approach ensures that all the ciphertext components are involved in the decryption computation. Generates 100 distinct policies in this form with N increasing from 1 to 100. In each case, a corresponding standard decryption key that contains exact N attributes is constructed.

Experiments do not consider the effect of symmetric encryption. Thus, all the datum on decryption time and ciphertext size presented in Figure 3 are only associated with the key encapsulation variant of ABE scheme. For each ciphertext policy, the experiment is repeated 100 times on the PC and 30 times on the ARM device and take the average values as the experimental results. Figure 3 shows the size of standard ABE ciphertext and partially-decrypted data, the standard ABE decryption time on the Intel and the ARM platforms, time of generating outsourcing key, time of transforming the ABE ciphertext, and further more time of decrypting the transformed ciphertext on the Intel and the ARM platforms.

4.3 Performance Analysis

In order to evaluate the performance of CP-ABE scheme with verifiable outsourced decryption scheme is implemented in software based on the libfenc library and using a 224-bit MNT elliptic curve from the Stanford Pairing-Based Crypto library . Although MNT curve implies the use of asymmetric pairing, only a small change

need to be made on the scheme of symmetric setting in the implementation. Suppose that an asymmetric pairing takes elements from G1 and G2 as inputs. Then, according to the description of the scheme two g's, are generated G1 and G2, and compute two corresponding g"s. Primitive u,v,d,T are set as group elements in G1. As a consequence, among the ciphertext and private key components,C',C1',C2',C1,i,C2,i,k are group elements in G1 while D1,i,D2,i,K,k' are group elements in G2. Symmetric pairings, asymmetric pairings are much faster and more compact to implement. Code is compiled on two dedicated hardware platforms: a 2.53 GHz Intel Core CPU with 4 GB of RAM running 32-bit Linux Kernel version 2.6.32, and a 800 MHz ARM-based Samsung GT-S5830 with 278 MB of RAM running Android OS.

Implementation adopts the key encapsulation mechanism, where the ABE ciphertext is the encryption of a symmetric key k and the message is encrypted separately using a symmetric encryption scheme under this k . The symmetric key is computed as k=e(g,g) " , and omit the components C1=M.e(g,g)"and C2=M' e(g,g) "and in the ABE ciphertext. The verification step involves M and M' , while in our implementation, we use the two hash values of e(g,g) " and e(g,g) " , instead. These modifications reduce the sizes of the ABE ciphertext and the partially-decrypted ciphertext by two elements in GT , respectively, without sacrificing security and verifiability.

Decryption overhead is an expensive process using RSA algorithm. Schnorr mechanism still produces some considerable decryption computational power. Decryption overhead is reduced by using outsourced decryption. Verification and recovery of files use SHA-1 hash technique.

Secure Hash Algorithm(SHA-1) is a 160 bit cryptographic hash technique. The random hashed blocks of original message is compared with the random hashed blocks of retrieved message, if any change in the block the remaining data has been conformed as original message and it is recovered.

ABE Ciphertext Size

■ ¿0 30 Aù SO 60 7f> 80 00 1

Number of ooIIcy attributes IN i Outsourcing Keygen Time

----AHLM

3 Î0 flo So 60 70 Ю Nu mbcr of key attributes j N)

Partially-decrypted Ciphertext Size

10 20 ЭО 40 50 60 70 30 90 100

Number of policy ¿trHbute; (N1 Transformation Time

- 2.5 .1 2

10 20 Э0 40 50 60 70

Number of policy attributes (N)

Figure 3 Performance of CP-ABE system

5. Conclusions

ABE Decryption Time

----ARM

-Intel

Number of policy attributes (N)

Final Decryption Time

0.2 0.13 0.16 0.14 0.12 0.1 0.03 0.06 0.04 0.02

10 20 30 40 50 60 70 80 90 Number of policy attributes (N)

Single Sign On (SSO) mechanism enables a legal user with a single credential to be authenticated and authorized by multiple service providers which make use of trusted authorities, Smart Card Producing Center (SCPC) and Trusted Credential Privacy (TCP). Improved SSO scheme focuses on the security of the user authentication and therefore Attribute Based Encryption (ABE) is used for strict security policy. Provably secure SSO scheme focuses on ABE with verifiable outsourced decryption.

Ciphertext Policy ABE (CP-ABE) system reduces the decryption overhead using outsourced decryption. Outsourced decryption uses transformation key that convert's plain text to simple ciphertext

which reduces the decryption overhead. Encrypted and decrypted data's can be verified and recovered using Hash technique. Verification and recovery mechanism use 160 bit SHA-1 hash technique. When the user decrypts and retrieves the original data, hash chains are applied to it. Later, existing and generated hash chains are matched. The verified hash block data are recovered and the remaining are neglected. CP-ABE system provides more security and less computation than RSA encryption technique. References

1. Guilin Wang,Jiangshan Yu, and Qi,"Security analysis of a single sign-on mechanism for distributed computer networks,"IEEE Trans. Industrial Informatics.,vol. 9,no. 1,Feb 2013.

2. J. Yu, GWang, and Y.Mu, "Provably secure single sign-on scheme in distributed systems and networks," in Proc. 11th

IEEE TrustCom, Jun.2012, pp. 271-278.

3. W. Juang, S. Chen, and H. Liaw, "Robust and efficient password authenticated key agreement using smart cards," IEEE Trans. Ind. Electron.,vol. 15, no. 6, pp. 2551-2556, Jun. 2008.

4. Y. Yang, S. Wang, F. Bao, J. Wang, and R. H. Deng, "New efficient user identification and key distribution scheme providing enhanced security,"Comput. Security, vol. 23, no. 8, pp. 697-704, 2004.

5. W. B. Lee and C. C. Chang, "User identification and key distribution maintaining anonymity for distributed computer networks," Comput.Syst. Sci. Eng., vol. 15, no. 4, pp. 113-116, 2000.

6. Junzuo lai, Robert h. Deng, Chaowen Guan, and Jian Weng, "Attribute-Based Encryption With Verifiable Outsourced Decryption" IEEE Transactions on Information Forensics And Security, vol. 8, no.8, Aug 2013.

7. A. Balu , K.Kuppusamy, " An expressive and provably secure Ciphertext-policy Attribute-Based Encryption", ELSEVIER .information sciences,pp. 354-362,2014.

8. V.Goyal,O.Pandey,A.Sahai,andB.Waters, "Attribute based encryption for fine-grained access control of encrypted data," in Proc. ACM Conf. Computer and Communications Security ,, pp. 89-98,2006.

9. L. Cheung and C. C. Newport, "Provably secure cipher text policy ABE," in Proc. ACM Conf. Computer and Communications Security, pp. 456-465,2007.