A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography

Cloud computing is an eminent technology for providing a data storage facility with efficient storage, maintenance, management and remote backups. Hence, user data are shifted from customary storage to cloud storage. In this transfer, the sensitive attributes are also shifted to cloud storage with high-end security. Current security techniques are processed with high encryption time and provide identical security of entire data with single key dependent. These processes are taking high computational time and leaks entire information if the key is hacked. The proposed Group Key Based Attribute Encryption using Modified Random Fibonacci Cryptographic (MRFC) technique rectifies these issues. Instead of machine learning technique, data owner preference-based attributes segregation is used to divide an input dataset into sensitive and non-sensitive attribute groups. Based on inter-organization usage and data owner’s willingness, sensitive attribute is divided into ‘n + 1′ subgroups and each subgroup is encrypted by ‘n + 1’ group keys. The encrypted sensitive subgroups are merged with non-sensitive attributes and uploaded into a private cloud. The novelties of this paper are, (1) data owner preferred sensitive attribute classification instead of machine learning algorithms, (2) sensitive attribute encryption instead of entire attributes, (3) To reduce encryption time without compromising data owner privacy, (4) To decrypt and access the required subgroup instead of the entire attribute. Our experimental results show that, the proposed method takes minimal processing time, better classification accuracy and minimal memory space with high security to selected attributes as compared to existing classification and security techniques. Hence, sensitive data security and privacy is achieved with minimal processing cost.


Introduction
In cloud computing, Infrastructure as a Service (IaaS) offers reliable and scale effective storage services for storing a massive volume of data via the internet.IaaS reduces infrastructure costs and provides efficient management [1].Nowadays, user data transactions are performed over the internet.These processes handle wide-ranging data with different genres and sensitivity.Traditionally user information was maintained on their personalized storage devices with their premises.This on-premise storage technique provided more protection than the third-party storage location-based cloud storage system.These cloud storage locations are controlled by third-party cloud service providers (CSP).Hence, cloud storage-based data falling under high-security issues.Ensuring security of cloud-based data is a crucial and critical process when it is used in financial and healthcare organizations.Because, these organizations are handling a large amount of sensitive information like the personal identification number (PIN), salary, disease, etc.Additionally, a large quantity of data is transferred into the online and storage of sensitive attributes in third party locations is increasing the probability of unauthorized access in the cloud storage system [2].Nowadays, user information is retrieved by variety of people for refining their business, doing research work, and provides improved services to users.Thus, data usability is to be provided to inter-organization members and outside authorized users, without compromising data owner privacy is an essential task also.To achieve this requirement, sensitive attributes (S A ) are segregated from nonsensitive attribute (N SA ) with a knowledge of the data owner (D O ) is proposed in this work.
Generally, data classification techniques are used for data classification and symmetric or asymmetric key encryption algorithms are being used for data protection.These techniques are not suitable for a cloud-based storage system because the classification technique's accuracy depends on the training set and the attribute identification count is common all users.Similarly, conventionally symmetric/asymmetric encryption techniques are suitable to on-premises storage locations not for the cloud storage system.Hence, attribute-based encryption (ABE) techniques are preferred in cloud-based secure data storage.To provide efficient access control and protection to user information, different kind of ABE encryption techniques are used in cloud-based data.Those are key-policy attribute-based encryption, ciphertext policy attribute-based encryption technique, role-based attribute encryption technique etc.But, the security strength of the ABE depends on the number of attributes, key values or roles are involved in an encryption process [3].Hence, the vertical and horizontal partition-based selective attribute encryption techniques are used for providing better security to selected attributes instead of entire attributes.Similarly, D O 's are willing to share their data with, authorized users for utilizing better services from them.This willingness is differing from user to user.Hence, alternate classification and security technique are required instead of machine learning and traditional security techniques for providing D O -based security preferences to their data [4].
The main intention of encryption technique is to afford a proficient data access control, confidentiality, and integrity to S A .However, few issues caused in current security techniques, such as higher encryption time, identical level security of entire attributes, single key-dependent encryption/decryption, non-involvement of D O , and inter-organization members.These issues lead to critical problems and leak entire information if the key is hacked.The current security techniques like, Rivest-Shamir-dleman (RSA) has taken exponential encryption time for processing a smaller volume of data [5].Message-Digest_5 (MD5) increases an encryption time and processed by the advanced encryption standard (AES) encryption technique.The AES encryption technique security strength depends on key secrecy.In the two-factor data security mechanism, data can be encrypted by a sender with knowledge of user identity and a secret key is used for accessing data.The foremost issues of the cloud-based data storage system are data security, management, and monitoring.Because, in cloud-based data storage, user information is maintained by cloud service providers.
Hence, cloud service providers are having a complete control over user data.Thus, the data are not in D O control and their data is accessed by all without their knowledge [6].Hence, D O control-based data storage and security are proposed in this manuscript.
The drawbacks of existing classification and security techniques are: • The ABE technique provides lesser data confidentiality, monitoring, and access control to S A in cloud storage.• Higher computational cost and process overhead based on entire attributes encryption and decryption process.• Non-involvement of D O and inter-organization members.
• Possible to access S A by inside adversaries.
Nowadays, partition-based security is an emerging technique for providing perfect protection to attributes with the level of sensitivity and secrecy.Similarly, some attributes do not require protection.If security techniques are applied to the entire attribute leads to processing overhead of an authorized user.Hence, user attributes need to be partitioned as S A and N SA and different kinds of security technique are applied to S A is an essential task.Hence, data classification techniques are applied to user data.The existing data classification technique's accuracy depends on the training set.Thus, the D O preference-based S A segregation technique had proposed my previous research work [7].The proposed MRFC algorithm is used to overcome this problem.
The major contributions and novelties of this paper are, • To generate group key using a MRFC-ECC technique for providing higher security to sensitive attribute groups.• The D O and Group Admin (G A ) preference-based attribute encryption.• To reduce encryption time with reduced key management and inside adversaries' harms.
The remaining portion of this manuscript is organized as follows: The existing works related to S A classification and protection techniques in cloud-based data is discussed in "Related works".The detailed description of the Proposed MRFC key generation, data encryption, and decryption process with its algorithm is discussed in "Proposed MRFCbased secure sensitive attribute storage system"."Result and discussions" presents an experimental result with a comparison of previous methods and proposed techniques.In "Security analysis", the mathematical and security analysis of MRFC is discussed.Finally, the manuscript is concluded with future work is discussed in "Conclusion".

Sensitive attribute classification and protection
This section analyses the existing classification and protection techniques related to S A .Identifying S A through machine learning techniques are not suitable for all domains.Fast distributed mining (FDM) is used to identify private subsets from the entire data.The K-nearest neighbour (KNN) classification technique is used for classifying S A from N SA and S A was encrypted with the RSA algorithm.RSA algorithm takes exponential encryption time and security strength depends on prime factor values.Additionally, S A accuracy depends on the training set of the KNN algorithm [8].Furthermore, the fuzzy logic classifier is used for classifying organization data into top-secret, secret, confidential, and public data.The level of encryption is determined as high, medium, and low.The data security and classification accuracy depend on organization and time specifications [9].The existing S A classification accuracy depends on the type of classifier and training set, not a D O .Protection to S A by partitioning attributes into several chunks with semantic meaning and places an encrypted chunk into the separate cloud.It reduces data usage to the authorized user and increases the computational complexity of merging into original information [10].The S A is classified from the N SA by applying user-defined classification rules and S A are encrypted with the AES algorithm.The S A security depends on key transformation, key-size, and the number of rounds in an encryption process and classification rules [3].This analysis clearly shows that the classification accuracy depends on a training set and the number of rules is involved in a classification process.Similarly, D O is not involved in a classification process.Hence, the D O preference-based SA classification technique is required in a current system.

Attribute-based encryption
This subsection furnishes the outline of existing ABE techniques.Cipher-text policy attribute-based encryption (CP-ABE) uses for the cooperative key management protocol to share data in the cloud.The storage of private and distributed key generation was added for immediate attribute revocation and fine-grained access was utilized to construct the private key update algorithm.This system was providing more security with high cipher-text size, inefficient access structure, and encryption/decryption cost [11,12].Weighted attributebased encryption (WABE) method provides a fine-grained access control and was providing better performance than other schemes.The attribute weight was assigned by admin, not a D O [13].The dynamic search method for secure and efficient data access provides enhanced efficiency compared to a linear search with reduced access time and searching cost.The secure KNN algorithm was used to protect two threat models.Here, D O was in-charge to create the updated data and a data was stored in a cloud storage location.The disadvantages were security challenges were occurred in the multi-user scheme and user revocation [14].
The decentralized access control technique is used for maintaining the data securely in the cloud.The CSP was verified the legitimacy of a server without the knowledge of user identity before storing data.This method was preventing replay attacks and supports the establishment, adjustment, and interpretation of data that was kept in a cloud storage location.An authentication and access control method were decentralized.The limitations were, access policy of each datum was kept in the cloud and was not concealing the attributes and access plan of the user.ABE was excellently permitted the users who were having access rights, is able to use a data security in the cloud.The D O assist in key generation and management process.This method was taking the less computational time and reduced traffic burden with improved scalability.But the requirement of enough client infrastructures was uneconomical [15][16][17].
The sensitive, revocable, and proficient access control method for a multi-authority cloud storage technique achieved both forward and backward secrecy.Without D O knowledge, the key generation and encryption processes are completed by organization members.The multi-authority storage technique was used in the remote storage system, online networks, etc. [18,19].Dual server public key encryption with keyword search (DS-PEKS) avoids inner keyword predicting attack which was an intrinsic weakness of the conventional PEKS framework.The smooth projective hash function (SPHF) was denoted as linear and homomorphic SPHF (LH-SPHF).The stronger security was achieved by the decision of Diffie-Hellman-based LH-SPHF [20].The security protection is to be protecting the deployed data user privacy and providing data integrity, access control, and confidentiality of cloud data.The cloud security was improved their efficiency, reduced computational complexity, cost of bandwidth, and overhead in storage.However, it had drawbacks like difficult to maintain accountability, privacy protection, data integrity, and availability with low cost [21].Role-based encryption (RBE) was integrated into the security technique by role-based access control (RBAC).The single key used for the decryption process and it operated efficiently irrespective of the role hierarchy and user membership complexity in the system [22].Fully homomorphic encryption (FHE) technique was used for protecting a data and computation analysis.The data and computational analysis is divided into a number of subset and are encrypted by FHE technique which is maintained in separate cloud for providing an improved security to user data.The hard clustering and fuzzy clustering algorithms were used for forming of data group.Each subgroup was encrypted separately by FHE technique [23].

Fibonacci cryptography
Quantum key distribution (QKD) protocol, used for the Fibonacci valued OAM entangled states.The Fibonacci matrix representation was well-defined to enhance the original protocol.It has not only enhanced the efficiency of encoding, but also verifiability.QKD protocol is used to attain the verifiability and this protocol is used for better implementation using recent technology [24].The multiple variable factors and recovery of the original data were very difficult.The size of the circular queue had a tenable factor.The keyword letter and the numbers are denoted in the Fibonacci format.Using shift and logical operations, all letters are converted into ASCII binary format by security algorithm.This is mainly used for text messages.The results of the proposed algorithm had given a 50% lower complexity when compared to Multiple Circular Queue Algorithm (MCQA) [25].
Secure communication is established through the group key-based encryption task.The better encryption QKD was utilized with Lucas, Fibonacci, and Fibonacci-Lucas that gives the quantum signature verifications.This proposed technique improved the verification of signing and verified the information that is received from the participants for an authentication.This proposed final outcomes the protection by minimal delay when compared to a normal QKD technique [26,27].

Proposed MRFC-based secure sensitive attribute storage system
Group-key-based sensitive attribute protection using Modified Random Fibonacci Cryptography (MRFC) in cloud storage system provides better security to D O preferred S A in a private cloud.The S A and N SA partition depends on privacy score values of individual attributes, where security preferences are given by D O .Table 1 indicates the roles of each participant are involved in a proposed system.
D O assign a Likert scale value (L SV ) to all attributes and the L SV is converted to Dichotomous scale value (D SV ) for constructing response matrix R D (i, j) by general admin (G NA ).Sensitivity (β) and visibility (V(i, j)) values are calculated from R D (i, j).The threshold (T) is calculated from an average value of the privacy score value (P SV ).If P SV of an attribute is lesser than the average privacy score value (threshold value), the specific attribute is partitioned as S A otherwise attribute is partitioned as N SA [7].Now S A is encrypted by the proposed technique and N SA are stored as in a plain-text form in the cloud.Table 2  Here, the G K is generated by D O is used for encryption of their G(S A ).The major benefit of this technique is, without D O approval, none of their data are shared with others and D O will get the log records of the requester for every transaction from CSP.Hence, the D O having complete access control and monitoring over their data.Now, the G A can access the D O data, depending on the decision provided by a G NA .Figure 1 shows the proposed system architecture.

Modified Random Fibonacci Cryptographic Technique
The

Group key-based sensitive attribute protection
MRFC is established by an Elliptic Curve Cryptography technique that is used to generate keys over the properties of the Elliptic Curve equation " y 2 = x 3 + ax + b modp ".In MRFC, the key generation is combined with a Diffie-Hellman Key exchange technique for transfer a key between the parties.

Grouping of sensitive attributes
The groups are divided into three different categories listed as follows: • S A is the attributes are unknown to others/attribute required privacy.• G A i is the attributes are accessed by ith GA.
• C(G(S A )) is the G(S A ) common to more than one G A .
Algorithm 1 shows the S A grouping process depends on the number of inter-organizations are going to access user information.The inter-organization requirement is gathered from the G A which is, R eq (G . A similar process is repeated for the remaining G A requirement-based S A grouping.Here, some attributes are common for all.The common attributes C(G(S A )) are identified as the intersection of all G A requirements.The attributes which are subtracted from the C(G(S A )) is identified as G A i (G(S A )) or G A i+1 (G(S A )). Based on this process, two different groups of attributes are generated such as organization required attributes and D O private attribute group.Now, the identified G A i (G(S A )) is passed to the encryption process.

Group key generation
The key generation is a process of producing G K s for the purpose of encryption.The key generation is the combination of Fibonacci values and Elliptic Curve Cryptography.Algorithm 3 shows the G K generation using MRFC, taking an basic elliptic curve equation y 2 = x 3 + ax + b modp is for getting the initial and final values of random number generation.Based on these values, the initial parameters 'P' (initial value), 'Q' (Final values), and 'n' (number of values) is declared in the G K generation task.

Cryptographic preliminaries Bilinear Map
Consider a pair of cyclic groups (G, +) and (G,.) of a prime order P, and P 0 is a initiator of G.In a bilinear mapping process e(GXG) → G 1 is true, and then it fulfils the given properties: 1. Non-degeneracy: e P 0 , P 0 ≠ 1 is satisfied.2. Bilinear: e(P x , P y ) = e(P y , P x ) = e(P, P) xy is true, for any x, y ∈ F P and P ∈ G.
Hardness assumption of Decision Bilinear Diffie-Hellman Problem: Consider Ǣ be a polynomial time algorithm and it yields 'n' outputs (q, G, G 1 , e).Here, 'q' is a prime number chosen based on 'n', G, G 1 and e.The decision bilinear Diffie-Hellman problem is hard (Ҥ) for any protection variables 'n', any probabilistic polynomial-time(PPT), distinguisher D, and any (q, G, G 1 , e) generated by Ǣ(1 n ), there is a negligible function neg is defined as where P 0 is a random generator of G, and x, y, z and w are four identical components of F P .The proposed system consists of the list of functions such as Setup, Group KeyGen, Encryption, Decryption and Adduser()/Revokeuser().The security strength of the cryptographic algorithm is dependent on the random numbers.In a proposed technique, the modified Fibonacci cryptography is used for random number selection process.To solve the basic elliptic curve equation for the selection of initial and final positions of Fibonacci series.The generated Fibonacci values are taken as an input for the random number generation.Using Rand(), the random values are chosen from the Fibonacci values and are considered as a private key for each user instead of conventional elliptic curve-based private key selection process.This private key selection process increases the hardness of private key identification by an adversary.Because, an adversary unable to guess, which Fibonacci value is chosen as a private key for a particular group of sensitive attribute encryption.Using this technique, each D O generates 'n + 1' private keys for their 'n + 1' group key generation.Thus, the proposed system provides high randomness than the conventional elliptic curve-based private key generation.In a proposed technique, each user chosen number of values for generating a group keys.Algorithm 2 shows the G K generation process.
|Pr(D G, G 1 , q, e, P x , P y , P Z,e P 0 , P 0 xyz = 1 − Pr D G, G 1 , q, e, P x , P y , P Z,e P 0 , P 0 1 3 In a proposed MRFC, the Fibonacci series The generated 'P r ' values are stored into an array K[n].The 'P u ' is calculated by multiplying 'P r ' with the base point Similarly, the required number of G K i is generated and is used for encryption of G(S A ).The key generation algorithm checks whether the G A ∈ O i or not.If not, returns, G A ≠ O i else returns the G K which consists of the tuples: G K ∈ (P, Q, A[i], F[i], P r , P u , B).

Sensitive attribute encryption algorithm
The G(S A ) is encrypted with an appropriate G K .A unique encryption scheme is adopted to encrypt a G(S A ). Algorithm 3 shows the G(S A ) encryption process.According to the number of organizations are available in a process the number of ciphertext (C) are generated. (1) .
In an encryption process, if a G S A ∈ G A i (G S A ) , G K i is used for encryption.A similar process applies to the other G(S A ) with different G K .Now, the encrypted G(S A ) is merged with NS A and uploaded into cloud storage.

Sharing of group key
When a specific G(S A ) is required, the P u of D O is used for finding the G K i .The 'P u ' is shared between D O and G A .Algorithm 4. shows the identification of G K process.When a G A required for accessing a specific G(S A ), their P r is multiplied with the D O (P u ) for obtaining the G K .The calculated G K is used for decryption of the required G(S A ).

Sensitive and non-sensitive attribute merging and transfer
The G A sends a request to CSP, then the CSP verifies an authentication of G A .If the verification is successful, the CSP sends encrypted G(S A ) to G A .The G A decrypts the G(S A ) using the corresponding G K .The G(S A ) and N SA merging and transferring procedure is described in Algorithm 5. A )) is completely secured in cloud-based sharing process.Afterwards, the approved G A of the process are able to access E(G K i ).In a proposed system, requested customer detail is sent to G A instead of entire customers.This process takes lesser transfer time, decryption time, reduce unnecessary data with higher security.

Sensitive attribute decryption
The S A decryption process is an inverse function of the S A encryption process.If a G A wants to decrypt and access the G(S A ), the User ID is verified whether the G A is a nonrevoked G A or not.If the G A is a non-revoked G A , then CSP forward a request to D O and D O verifies their authenticity and send the requested E(G(S A )). Algorithm 6 specifies the decryption process of the subgroup based on G A request.
The specific requirement/application dependent attributes are decrypted from the data instead of complete data.The decryption task required a particular G K 's from the specified, G A and D O .If G A revoked from an organization, they are unable to find the G K .Since, the G A related G K is deleted from list during a revocation process.That is the revoked G A 's are unable to access G(S A ) from a decryption process.
In decryption process, the G A needs to calculate the G K i from their P r i : If a requester is a revoked user then P r i and P u i not belongs to Fp.Thus, the revoked G A 's are unable to access the G(S A ).

User revocation
When a G A is revoked or added to process, user update, the ciphertext update, and G K update are required in cloud storage for providing perfect security to S A .Whenever the G A revoked, the new G K generates and perform encryption based on new G K for the specific G(S A ).The revocation system consists of the following process: 1. Delete the User ID of the G A from the CSP and D O in a dynamic manner.2. Include the revoked G A user ID in the revoked user list.3. Choose a new random number (R 1 ) ∈ Fibonacci Series.4. Compute new (P r , P u ) key pair for the generation of G K . 5. Now, new ciphertext is generated for the G(S A ) ∈ revoked user and upload into the cloud.

Result and discussions
The results of the proposed MRFC algorithm are discussed in this segment.The created synthetic structured data for banking is used in the proposed method contains more sensitive information about the D O .The data consists of 1000 records with 25 attributes are used in this process.From these 25 attributes, 15 attributes are S A and 10 attributes are NS A .This S A and NS A count are varied according to the user preference like user_1 S A = 15, user_1 S A = 12, user_3 S A = 8, etc.The S A is encrypted instead of complete attributes for reducing encryption time and computational complexity with high security.The proposed system is tested, and validation is done by JDK 1.7 in NetBeans 7.1.CloudMe is a private cloud that is used for data storage.

Sensitive attribute identification analysis
In a proposed system, the S A is identified with the preferences of the D O .

Execution time analysis
In a proposed system the execution speed depends on the number of records is to be encrypted and decrypted.Instead of encrypting the entire attribute only S A is to be encrypted and a specific group of attributes is to be decrypted instead of the entire attribute.This process takes lesser execution time than entire attribute encryption and decryption time.
Table 3 shows the execution speed of the proposed system.

Encryption time analysis
An encryption time consumed by a proposed system with the various numbers of attribute group is shown in Fig. 3.The encryption time varies with the number of attributes.If the attributes count is less, the encryption and decryption time is less.When an attribute count is increased, encryption time is also increased.It clearly shows that the entire attribute encryption takes higher encryption and decryption time than the minimal sized attribute group.The MRFC encryption technique is more reliable than the conventional schemes and works well for larger volumes of data size.Because instead of entire data the partitioned group of attributes with the varies size is encrypted.Hence, the proposed technique takes lesser encryption time is proved.The encryption time is measured in milliseconds (ms).The time complexity to be increased linearly when several are increasing.In a proposed G(S A ) storage technique, the G A requirement is very less.Such as, each G A required lesser than five S A 's.Each G(S A )s are encrypted by separated G K .Hence, the encryption time depends on the number of organizations are involved in a process.If 'n' organizations are involved in a encryption, then encryption time for entire G(S A ) is defined as follows: Similarly, before encryption, the NS A 's are separated from S A .These NS A 's are not involved in an encryption process.Hence, this proposed system encryption time is lesser than the entire attributes encryption time.

Decryption time analysis
Due to ECC-based key generation, the proposed MRFC technique is working faster than RSA-based encryption and decryption process.In the proposed technique, both the encryption and decryption depends on the G K which is shared between D O and G A .Instead of decrypting entire attributes, the specific G(S A ) is decrypted by a G A .This decryption process requires minimal time than the complete data decryption process.Figure 4 provides the decryption time analysis of the proposed scheme.This Fig. 4 clearly shows that the proposed technique takes lesser decryption time than the entire attribute decryption.This encryption and decryption time reduction process reduced the authorized user processing overhead.
Encryption time G S A = n × number of groups.

Memory space utilization analysis
Table 4 and Fig. 5 shows the memory space consumption of the proposed work in an encryption process.The memory space utilization is represented in the y-axis and the file size, that are used for experiments are represented on the x-axis.The amount of storage space is required to execute the algorithm with an input amount of data is known as encryption storage space.Here the proposed method occupied lesser storage space as compared to existing techniques.The memory space consumption is computed using the given formula: Consumed memory space = total memory space − amount of free space Less memory space utilization requires minimal storage cost in the cloud.Cloud computing is a pay per usage model, based on these characteristics the memory cost of S A encryption takes minimal cost than entire data encryption.

Key generation time analysis
The key generation shows the number of keys used and compared to an author Rui Ruo work [28].The proposed system has a lesser time.The key generation time for the proposed system is shown in Table 5.The key generation process is a one time process, hence, key updating overhead is not in a proposed system.The proposed MRFC system has taken minimal time than the RUIGUO technique for different numbers of key generation.The number of key generation depends on the number of organizations are involved in a process.E.g.If four organizations are involved in a process, four G K 's are generated for encryption.A similar process is continued for other cases.
Through these experimental results the proposed D O preference-based S A identification technique satisfied the D O requirement is proven.Similarly, the proposed MRFC-based S A protection technique takes lesser encryption/decryption time, memory space consumption, key generation time than the entire attribute processing time is proven.The major role of the cryptographic technique is to provide secure data storage and communication.Hence, the security strength of the proposed system needs to be proved is a necessary task.The following section discussed the security strength of the proposed system.

Security analysis
The components that are used for a secure and efficient storage representatin is, the keyspace, security of data against attacks, computational speed, information entropy and correlation coefficient [29].

Keyspace analysis
The complete keys that are used in the cryptographic technique is known as keyspace.The strength of the technique is depending on the length of the key.If the keyspace is longer, the more resistant the algorithm is to a successful brute force attack.The key length is indicated by a number of bits.A N-bits (key length) has the keyspace 2 N possibilities.The size must be greater than 2 100 to give high-level security from the cryptographic point of view [30].The G K length of the proposed encryption algorithm is 256-bits, hence the single G K space is 2 256 bits.In a proposed system 'n' number of organizations are involved in a process.Thus, '2 256*(n+1) ' keyspace is used.This space is sufficient for reliable, practical usage and avoids brute force attacks.

Attack analysis
The well-known attacks are examined with the number of analyis steps and time requirement for a successful attack.Due to discrete logarithmic approach, the adversaries are unable to access the key or data in a polynomial time period.This is proven in the forthcoming points.
• Inside attack In a proposed system, the S A is grouped by 'n + 1′ groups and every individual group is encrypted by an individual G K by a D O .After the encryption process, the encrypted G(S A ) is uploaded into CSP.Each group is to be encrypted by a separate G K ; hence, no one can predict the G K 's which is used in the encryption of a specific group.Thus, the inside attacks are avoided in the proposed MRFC technique.• Outside attack In a G K -based access system, the S A, which is accessed by G A is also possible by accessing other members involved in a specific organization.To overcome this drawback, the G A (P r ) is used for G K generation.Hence, the P r of G A is required for the decryption of specific G(S A ). Hence, no one can access group information.
• Brute force attack In a brute force attack, an adversary tries to identify the G K 's and plaintext messages in two different ways such as guessing and forging of G K .In both cases, the adversary (Ã) tries to identify the key within a polynomial time.In a brute force attack, Ã tries all possibilities within a polynomial time period.But, in a proposed system the key length is 2 {256*(n+1)} , to identify such larger key size in a specific time period is a complicated task.If an adversary identifies anyone G K , the remaining G A 's are unable to predict.Because, each G K is independent of the others and depends on D O and G A .E.g.Three G A 's are involved in a proposed system.Therefore, 2 [256+256+256+256] = 2 1024 is the actual key size.Generally, 2 256 -bit key size provides higher-level security in ECC than the 2 1024 -bit RSA.In a proposed system, 2 1024 -bit key is used.Hence, it is unbreakable in a polynomial-time period.
) .The security of the G K depends on the randomness of P r .If an Ã used the compromised G K , to find other accessing of other G(S A ) is not possible due to ECDLP and Fibonacci series-based random function, the hardness of the proposed system is high.That is, • That is, due to random function R, the A[i] values are differing for each P r and G K ≠ G 1 K .Similarly, the R ∈ {P, Q} values.If the ECC prime value is high, the hardness of the P r identification is high.Thus, the proposed MRFC-ECC resists the known G K attack.Proof If an Ã knows the D O (P r ) and tries to access another P r of the same D O .The proposed MRFC-ECC algorithm resists this attack.Suppose, Ã knows G A 's P u and send G ID , P u B to D O. Now, D O compute D ID , P u A to Ã.However, in order to derive other G K , Ã must obtain the corresponding P r for that G K .Due to the difficulty of the ECDLP and MRFC-ECC-based P r , the Ã is unable to derive new Pr.Thus, the proposed MRFC-ECC resists the key-compromise impersonate attack.
• Chosen plaintext attack The proposed G K technique is against the chosen-plaintext attack and it is discussed with a security game between an Ã and the challenger (Ĉ).In a chosen plain-text attack, the 'Ã' gets a ciphertext for an arbitrary plain-text and tries to reveal all or part of the message from the ciphertext.
Theorem 2 Within a polynomial-time period 'Ã' unable to crack the specific G(S A ) against the G K with a challenge access structure in the security game of Elliptic Curve Diffie-Hellman (ECDH) holds its assumption.This game is discussed as follows: Proof: Game Initialization and Query for phase 1 The 'Ã' chooses the defy access rights (Ŕ) and sends it to the Challenger (Ĉ).In a setup phase, the 'Ĉ' executes an algorithm for generating a G K and sends a G K to 'Ã'.
Challenge Now, 'Ã' selects two attribute groups G 1 (S A ) and G 2 (S A ) and sends it to the 'Ĉ'.The number of attributes and size of these two groups is the same.The 'Ĉ' receives these groups and generates random bit value ∂ ∈ {0,1}.Now, the ∂ value is used for encryption of groups by 'Ĉ'.The 'Ĉ' returns the (∂ = Enc (G(S A ), Ŝ, P r ) to the 'Ã'.
Query Phase-2 The 'Ã' sends another request message to 'Ĉ' for finding a further G K .Based on this request, the 'Ĉ' does the same job in phase-1.
Guess The 'Ã' should submit the guess ∂ 1 ∈ {0,1} for ∂.The 'Ã' wins the game when ∂ 1 = ∂.The 'Ã' wins the game is defined as (P r ∂ 1 = ∂] -1/2).The proposed G K scheme is said to be more secure against the chosen plain-text attack if no probabilistic polynomialtime adversaries have a non-negligible advantage in the above game.
• Forward and backward revocation When a new G A is added to a group, the new G K is generated for that G A .Now, the new G K is used for the encryption process.
Similarly, if any G A is revoked from their role, the G K based on that G A is also revoked.In this process, only the specific group of attributes is re-encrypted instead of all groups.Thus, the forward and backward revocation takes lesser complexity than the existing forward and backward revocation process.
Forward secrecy If any G A joining to the process and try to access the E(G(S A )), the proposed MRFC-ECC provides forward secrecy to the new G A .

Proof
The forward secrecy of a MRFC-ECC algorithmbased G K is to all new G A 's to join in a process and tries to access D O information; a new G K is generated without modifying an existing group G A K .For generating a new G K to a new G A , the D O check G A ∈ O i , if none of the existing G A is not belongs O i , and then new G K is generated for G A .
Backward Secrecy In cloud-based storage system, the user revocation and adding is a regular process.If the G(S A ) is encrypted by a specific G K , is needed to be updated.Proof In a revocation process, a new random number R 1 is chosen for P r generation: In this analysis the ciphertext with G K ≠ G 1 K .Hence, the revoked G A is unable to access the new G K -based E(G(S A )).

Mathematical proof
This section discussed the various comparative analyses in terms of security and storage overhead is discussed in Tables 6 and 7 respectively.Table 6 lists the various mathematical descriptions used for analysis.Due to different G K usage, the difficulty in the identification of each key is high.Hence, the proposed system is a collusion resistance (Co-Res) free, supports both backward and forward revocation process (B-F), provides confidentiality against CSP (Ag-Cloud), and user (Ag-User).Similarly, the proposed system, provides provable security, integrity, and access control system.
Table 7 shows the comparative security analysis for various existing techniques such as distributed access control scheme in cloud (DACC), Data access control-multiauthority cloud storage system (DAC-MACS), extensive data access control-multi-authority cloud storage system (EDAC-MACS) and proposed MRFC technique.These techniques can be compared in terms of collusion resistance, revocation security, data confidentiality, provable security, integrity and access control against the static corruption of authorities.Our proposed techniques obtained security additionally in integrity and access control compared to the other existing techniques.E.g.Each group of S A is accessed by an individual organization through separate G K .This G K is generated by a D O and the D O having complete control over their data.Through this process, the access and integrity of the proposed system are maintained.Hence it is observed that our proposed technique has better security.
Table 8 shows the comparative analysis of the storage overhead for the existing DACC, DAC-MACS, NEDAC-MACS, and proposed approach.The existing techniques may have multiple attributes that need more storage.But our proposed MRFC technique does not contain multiple attributes.Only the minimal sized S A is to be processed and stored, which reduces the storage overhead.As a result, our proposed technique improves performance with reduced storage overhead.
proposed MRFC technique describes the G K generation process, S A encryption/decryption, G K sharing, and the encrypted G(S A ) transfer.The flow depicts the files are uploaded with sensitivity preference given by D O and the G NA receives the sensitivity preferences.The G NA analysed the security preference and splits(π) the data as S A and N SA such as attribute ∈ π(S A , NS A ).The identified S A is grouped into 'n + 1' groups by G NA .Similarly, G K is generated by D O using the MRFC technique.The generated G K is used for encrypting the S A and merged with N SA for uploading into the cloud.The G A sends a data request to CSP and the request is verified by CSP.If the G A request is valid, the requested data are transferred to G A by D O .

1.
Setup: The G NA generates a list of global parameters for the generation of (P u , P r ) for each D O and G A .Elliptic Curve base point(G), rand(), EC points (P, Q) is taken as an input for G K generation.Algorithm 3 describes this setup().The user setup process, describes the list G A and D O are involved in a process.The G A ID and D O ID are assigned in this user setup process based on F P .These ID's are stored in the cloud for D O and G A verification process by the cloud.2. Group KeyGen(): Each D O compute their (P u , P r ) using MRFC technique.The Fibonacci values ∈ {P, Q} is used for generating the P r .Each D O generate 'n + 1' G K for encryption, if )): Encryption algorithm run by the D O to encrypt the group of S A . 4. Decrypt: D(G A i (G(S A )))-Decryption algorithm is executed by a G A .E(G A i (G(S A ))) and G K are taken as an input and D(G A i (G(S A ))) is produced as an output.5. Adduser()/Revokeuser(): The adduser() and revokeuser() is executed by a D O .
D o use rand() to pick any one of the value and stored into A[].Using this A[] value, the P r is generated for each D O .Equation 1 is used for finding the P r of a D O :

Fig. 3
Fig. 3 Encryption time analysis shows a list of symbols are used in the proposed MRFC technique.The current security techniques are depending on D O preferences.Hence, data security fully depends on D O not data handling organizations.Nowadays, D O perform their task through online and data transactions are performed between multiple organizations.When data is moved to inter-organizations, high security is required, to protect a S A .The proposed method provides one such technique involves D O , G NA , Group Admin (G A ) [e.g.Insurance Admin (G A_1 ), Marketing Admin (G A_2 ), Loan Admin (G A_3 )], and Cloud Service Provider (CSP).The D O encrypts their Group of S A (G(S A ))'s by a Group Key (G K ) before uploading into cloud storage.The G A sends a request message to CSP for acquiring information about D O for their process.The request is verified by CSP for authorization and sends the key request to D O .Then, the request is analysed by D O and send the encrypted G(S A ) to the requested G A .

Table 1
A and non-encrypted N SA

Table 2
Symbols used in proposed method The existing KNN classification techniquebased S A identification count depends on the training set.P u i ← P r i * G, clearly expresses the S A identification comparison of the proposed technique and the existing KNN classification technique.
[7] attribute count given to the training set is 15.When an algorithm executed multiple times, the identified attribute count is same.But in a proposed system the identified attribute count varies depends on D O preferences[7].Figure2

Table 3
Execution speed

Table 5
Key generation time analysis

•
Key compromise impersonateTheorem If an Ã revels the D O (P r ), only that G(S A ) are accessed by them.It's impossible to compute the remaining P r of the same D O .

Table 6
Mathematical description