South Asian Journal of Engineering and Technology Vol.2, No.29 (2016) 1–3

1

ISSN Number (online): 2454-9614

Efficient Data Utilization and Content Privacy in

Hybrid Cloud Priyanka. T

#1, Madhavi. K

*2

Dept of CSE, JNTUA, AP, India 1priyankasobati@gmail.com

2kasamadhavi@yahoo.com

****selected paper from International Conference On Computing (NECICC-2K16)

Abstract— As the world moves to digital storage for archival

purpose, a hybrid cloud architecture can be used for storing the

data in the cloud. Secure Deduplication is a compression

technique for eliminating duplicate copies of stored data to

reduce storage space and save bandwidth. A novel encryption

scheme has been used to encrypt the data before storing it to the

cloud. To better protect data confidentiality, this paper makes an

attempt to assign differential permissions to the authorized users.

Our proposed design allows data files deduplication and

authorized access rights. The result shows that proposed

authorized access control scheme incurs minimal effort

compared to previous operations.

I. INTRODUCTION

Cloud storage service is gaining popularity in the recent

years and becomes prevalent, so an increasing amount of data

is stored in the cloud. To reduce storage space and make data

management scalable in cloud, many cloud storage services

employs secure deduplication. That is when a user wants to

upload a data file to cloud server, the server checks whether

this particular file already exists in the cloud (uploaded by

some user previously). If it exists the server won’t allow to upload the same file to the cloud. In this way, every single file

will have only one copy in the cloud (i.e, Single Instance

Storage).

Data DE duplication technique keeps only one physical

copy without maintaining multiple copies with the same

content and refers other redundant data to that copy. It takes

place at both File level and Block level. Deduplication has

many benefits, but still security concerns arise because user’s

data is affected by insider and outsider attacks.

Convergent Encryption has been proposed to

encrypt/decrypt a data copy with a convergent key. After

encrypting a data copy user retains the key and transfers the cipher text to the cloud server. Proof of Ownerships avoids

unauthorized user to access the data. Earlier deduplication

systems doesn’t support differential authorized access control.

In the proposed scheme, each registered user is assigned with

different permissions during the setup of the system.

Each authorized user is allowed to perform duplicate check

for the files by using the file token based on their permissions.

For example, a user is assigned with some specified

permissions to realize the access control. Traditional system although providing confidentiality to some extent, do

not support differential permissions to users.

In this paper, aiming to solve the problem of deduplication

with authorized access permissions. We consider public cloud

to store the data and the private cloud to manage the data

operations. We introduce an advanced scheme to support

security by encrypting the data with different permissions.

Security analysis shows that proposed system is good in terms

of authorized differential access permissions.

II. RELATED WORK

In this section, we define some methods used in the paper.

A. Secure Duplication

With the approach of cloud computing, secure data

deduplication has pulled in much consideration from the

research group. Yuan and Yu proposed a deduplication

framework in the cloud storage to decrease the capacity size

of the tags for integrity check. Stanek et al. exhibited a new

encryption technique that gives differential security for

popular information and unpopular information. Li et al.

tended to the key-management issue in block-level

deduplication by dispersing these keys over various servers

after encrypting the files.

B. Convergent Encryption

Convergent encryption guarantees information security in

deduplication. Bellare et al. addressed this primitive as

message-locked encryption, and examined its application in

effective secure outsourced stockpiling. Xu et al. additionally

tended to the issue and demonstrated a secure convergent

encryption for effective encryption, without taking into

account the issues of the key-management list and block level

South Asian Journal of Engineering and Technology Vol.2, No.29 (2016) 1–3

2

deduplication. There are additionally a few executions of

convergent executions of various convergent encryption

variations for secure deduplication.

C. Proof Of Proprietorship

Halevi et al. proposed the notion of "proofs of

proprietorship" for deduplication frameworks, such that a user

can proficiently demonstrate to the cloud storage server that

he/she claims a file without transferring the file itself. Pietro

and Sorniotti proposed another proficient POP scheme by

picking the projection of a file onto some arbitrarily chosen bit positions as the file proof. Note that all the above schemes try

not to consider data security. As of late, Bugiel et al. gave an

engineering comprising of twin clouds for secure outsourcing

of information and subjective calculations to an untrusted item

cloud.

D. Adversaries

Here we noticed two types of adversaries,

1. Outside adversary: Any hacker plays the role of a

cloud user to interact with cloud server

2. Inside adversary: The server will maintain user

files but will be curious about user’s sensitive files

III. PROPOSED WORK

In this section, we propose a hybrid cloud architecture for

secure deduplication and authorized access control.

There are three entities defined in our architecture -.

1. Users: They outsource data to cloud and uses

whenever they are needed. Each authorized user is

assigned with a set of permissions.

2. S-CSP: The cloud server is always online and stores

data on behalf of users, it resides in the public cloud.

3. PRIVATE CLOUD: The data operations of files are

managed in the private cloud. The keys for specified

permissions are managed here.

Fig 1: System design for authorized Access

To solve the problems of the existing system, we propose

advanced deduplication system supporting authorized access

permissions. In the new system, a set of permissions is issued to each user by the private cloud. For a user with a set of

permissions, he will be assigned with the set of private keys.

The private keys with permission set will be kept and

managed in the private cloud. To support authorized access

permissions, a token is generated to each authorized user

based on their data copy. To perform a duplicate check for

file, the user needs a file token which is issued by the private

cloud. Based on the results of the duplicate check, the user

uploads the file or runs PoW. In order to provide

confidentiality to the user’s sensitive files, each user is given

only some certain permissions to access the data. If they have all privileges to the data they can delete/modify the data. Data

owners (who owns the file) are given all the access

permissions.

Suppose a user wants to upload a file to the cloud, he/she

has to prove his ownership by providing the token to the

server. After that, he is allowed to perform the duplicate check

for the file. If a duplicate is found he is assigned a pointer to

access the file. Otherwise allows a user to upload by

encrypting the file with the convergent key. The encrypted file

is stored in S-CSP.

For suppose a user wants to download a file, he requests the S-CSP with a file name. The S-CSP will check the user’s

eligibility to download the file. If failed, it won’t allow to

retrieve the file. Otherwise, issues a key to recover the cipher-

text.

The security analysis for inside and outside adversaries are

provided with specific permission keys stored in the private

cloud. The data is encrypted with symmetric key encryption

technique. The symmetric key is chosen randomly, and it is

encrypted with a convergent key. Therefore the adversaries do

not conspire with the private cloud and S-CSP, the

confidentiality of our system is secure.

IV. SYSTEM EVALUATION

We implemented an authorized deduplication architecture

supporting authorized access permissions. The

implementation of user supports to perform deduplication and

token generation along with file upload process. The user

requests private cloud for file token generation by taking

UserId as input and sends token to S-CSP. The user encrypts a

file using AES algorithm by convergent key and uploads a

unique file by taking the file, fileId and token as inputs.

The implementation of cloud storage server supports

performing deduplication to the data files and maintains a

chart for the files and their related tokens. It performs duplicate check and stores the data.

South Asian Journal of Engineering and Technology Vol.2, No.29 (2016) 1–3

3

The implementation of private cloud/admin involves

handling the data associated operations and maintaining keys

and tokens of related data files. And then issues each user with a set of permissions to access the data in the cloud storage.

Our evaluation focuses on comparing the overhead induced

by authorizations steps, including token generation, duplicate

check and convergent encryption. For each step, we record the

start time and end time of it and therefore obtain the

breakdown of the total time spent.

Fig 2: Time breakdown for different no. of stored files

Fig. 3 shows the number of intrusions occurred in the

proposed system compared to the previous system. The no. of

attacks occurred in proposed system are less compared to the

existing attacks.

Fig 3: Comparison of occurred intrusions

V. CONCLUSION

In this paper, we identified a security concern in the

cloud storage: deduplication system supporting authorized

duplicate check by using the token stored in the private cloud.

Each user is issued with a set of permissions during the setup

of the system. We noticed that this project provides

confidentiality to the user’s sensitive data files.

REFERENCES

[1] J.Li, Yan Kit Li, X.Chen, P.Lee, W.Lou, “A Hybrid cloud approach for

secure authorized deduplication” in Proc.IEEE Trans on Parallel

Distributed syst.

[2] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role based

access control models,” IEEE Comput., vol. 29, no. 2, pp. 38-47, Feb.

1996.

[3] J. Stanek, A. Sorniotti, E. Androulaki, and L. Kencl, “A secure data

deduplication scheme for cloud storage,” Tech. Rep. IBM Research,

Zurich, ZUR 1308-022, 2013.

[4] J.Yuan and S.Yu, “Secure and constant cost public cloud storage

auditing with deduplication,” IACR cryptography ePrint Archive,

2013:149, 2013.

[5] D. Ferraiolo and R. Kuhn, “Role based access controls,” in Proc. 15th

NIST-NCSC, 1992, pp. 554-563.

[6] S. Halevi, D. Harnik, B. Pinkas, and A. Shulman, “Proofs of ownership

in remote storage systems,” in Proc. ACM conf. 2011,pp.491-500.

[7] W.K. Ng, Y. Wen, and H. ZHU, “Private data deduplication protocols in

cloud storage,” in Proc. 27th Annu.ACM Symp. Appl. Comput., 2012.

[8] M.W. Storer, K. Greenan, D. E. Long and E.L. Miller, “Secure data

deduplication,” in Proc. 4th ACM Int. 2008, pp.21-26.

[9] S. Bugiel, S. Nurnberger, T. Schneider, “Twin cloud: An architecture

for secure cloud computing,” in Proc. Workshop Cryptography Security

Clouds, 2011, pp. 32-44.

[10] J.Li, X.Chen, M.Li, J.Li, P.Lee, and W.Lou, “Secure deduplication with

efficient and reliable convergent key management,” in Proc. IEEE

Trans. Parallel Distrib. Syst.2013.