Data protectión &malicious insiders detection in cloud

abstract

• Cloud Storage Enables Users To Store Their Data Offering strong data

protection to cloud users while enabling rich applications is a

challenging task. We explore a new cloud platform architecture called

Data Protection as a Service, which dramatically reduces the per-

application development effort required to offer data protection, while

still allowing rapid development and maintenance.

Existing system

• a key challenge is how to ensure and build confidence that the cloud

can handle user data securely. A recent Microsoft survey found that

“58 percent of the public and 86 percent of business leaders are

excited about the possibilities of cloud computing. But more than 90

percent of them are worried about security, availability, and privacy of

their data as it rests in the cloud. It’s impossible to develop a single

data-protection solution for the cloud

disadvantages

• 1)Integrity problem

• 2)privacy problem

• 3)verification problem

• 4)rich computation problem

• 5)development and maintenance problem

Proposed system

• We propose a new cloud computing paradigm, data protection as a

service (DPaaS) is a suite of security primitives offered by a cloud

platform, which enforces data security and privacy and offers evidence

of privacy to data owners, even in the presence of potentially

compromised or malicious applications. Such as secure data using

encryption, logging, key management.

advantages

1)it must be able to perform user authentication, or at least have a trusted way to know who’s logged in and accessing the service; and

2) it must rely on encryption and authenticated data store techniques to remove the need to trust the storage service.

3) administrative access for maintenance operations such as debugging

System architecture

modules

• Cloud Computing• Trusted Platform Module • Third Party Auditor• User Module

Cloud Computing

Cloud computing promises

• lower costs

• rapid scaling

• easier maintenance

• service availability

Trusted Platform Module

) A trusted platform module (TPM) to provide secure and verifiable boot and dynamic root of trust.

• Two techniques

Full disk Encryption

Computing on Encrypted data

Third Party Auditor

• In this module, Auditor views the all user data and verifying data and also changed data. Auditor directly views all user data without key. Admin provided the permission to Auditor. After auditing data, store to the cloud.

User Module

• User store large amount of data to clouds and access data using secure key. Secure key provided admin after encrypting data. Encrypt the data using TPM. User store data after auditor, view and verifying data and also changed data. User again views data at that time admin provided the message to user only changes data.

Use -case diagram

View all user data

changing data

AUDITOR

store

allows user data

view all dataADMIN

view auditing details

view data

change data with alert

USER

User data

Sequence diagram

user auditor cloud admin

data upload with encrypt

view all user data

change or unchanging store dataview user data

view auditing details

allow new data

view data or change data with alert message

collaboration diagram

user

auditor

cloud

admin

1: data upload with encrypt 5: view auditing details7: view data or change data with alert message

2: view all user data

3: change or unchanging store data

4: view user data

6: allow new data

Class diagram

User

string upload data;string view data;string change data

user process()

Auditor

string view all users data;string changing data;unchanging data;

auditor process()

Admin

string view all data;string allow new data;string view auding data details

Admin process()

login

string username;string password;

check valid()unvalid()

screens

screens

screens

enhancement

• We propose a different approach for securing data in the cloud using offensive decoy technology. We monitor data access in the cloud and detect abnormal data access patterns. When unauthorized access is suspected and then verified using challenge questions, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against

the misuse of the user’s real data.

Conclusion

• The cloud platform not only provides the hardware and software stack as in today’s cloud computing, but also dynamic data protection that protects users’ data while enabling rich computation over them.

• Data is protected at the platform level.

Queries