secure storage services in cloud computing

6

Click here to load reader

Upload: seventhsensegroup

Post on 22-Apr-2017

216 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Secure Storage Services In Cloud  Computing

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 6–June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1676

Secure Storage Services In Cloud

Computing S. Muthakshi #1, Dr. T.Meyyappan M.Sc., MBA. M.Phil., Ph.d., *2

# Department of Computer Science and Engineering, Alagappa University, Karaikudi, Tamilnadu,India.

Abstract— This Cloud storage service has made the users to access their data anywhere anytime without any trouble. Available systems that provide support for the remote data integrity are useful for quality of service testing but do not deal with server failure or handling misbehaving servers. The proposed system ensures storage integrity in the server where the cloud user’s data is stored. It achieves strong cloud storage security and fast data error localization with the results provided by the auditing mechanism that is carried out by the Third Party Auditor. Also it further supports secure and efficient dynamic operations on outsourced data. Third Party Auditor carries out the public auditing in-order to maintain the integrity for the data stored in cloud. The user delegates the integrity checking tasks of the data stored in the cloud storage to the Third Party Auditor, who then does the auditing process. Erasure correcting code is used in the file distribution and dependability against Byzantine failure. Data integrity in ensured with the help of verification key along with erasure coded data which also allows handling of storage correctness and identification of misbehaving cloud server. The audit protocol blocker is introduced to monitor the correctness of the user and Third Party Auditor. It prevents the cloud users from misusing the privileges that are provided to them by the cloud server. Keywords— Data storage, Cloud Service Provider, TPA.

I. INTRODUCTION This Several trends are opening up the era of Cloud

Computing, which is an Internet-based development and use

of computer technology. The ever cheaper and more powerful

processors, together with the software as a service (SaaS)

computing architecture, are transforming data centers into

pools of computing service on a huge scale. The increasing

network bandwidth and reliable yet flexible network

connections make it even possible that users can now

subscribe high quality services from data and software that

reside solely on remote data centers.

ARCHITECTURE OF CLOUD STORAGE SYSTEM:

Fig:1 CLOUD STORAGE SYSTEM

This architecture represents the job of the third party auditor.

Moving data into the cloud offers great convenience to

users since they don’t have to care about the complexities of

direct hardware management. The pioneer of Cloud

Computing vendors, Amazon Simple Storage Service (S3) and

Amazon Elastic Compute Cloud EC2) are both well known

examples. While these internet-based online services do

provide huge amounts of storage space and customizable

computing resources, this computing platform shift, however,

is eliminating the responsibility of local machines for data

maintenance at the same time. As a result, users are at the

mercy of their cloud service providers for the availability and

integrity of their data. On the one hand, although the cloud

infrastructures are much more powerful and reliable than

personal computing devices, broad range of both internal and

external threats for data integrity still exist. Examples of

Page 2: Secure Storage Services In Cloud  Computing

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 6–June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1677

outages and data loss incidents of noteworthy cloud storage

services appear from time to time. On the other hand, since

users may not retain a local copy of outsourced data, there

exist various incentives for cloud service providers (CSP) to

behave unfaithfully towards the cloud users regarding the

status of their outsourced data.

In order to achieve the assurances of cloud data integrity

and availability and enforce the quality of cloud storage

service, efficient methods that enable on-demand data

correctness verification on behalf of cloud users have to be

designed. However, the fact that users no longer have physical

possession of data in the cloud prohibits the direct adoption of

traditional cryptographic primitives for the purpose of data

integrity protection. Hence, the verification of cloud storage

correctness must be conducted without explicit knowledge of

the whole data files. Meanwhile, cloud storage is not just a

third party data warehouse. The data stored in the cloud may

not only be accessed but also be frequently updated by the

users, including insertion, deletion, modification, appending,

etc. Thus, it is also imperative to support the integration of

this dynamic feature into the cloud storage correctness

assurance, which makes the system design even more

challenging. Last but not the least, the deployment of Cloud

Computing is powered by data centers running in a

simultaneous, cooperated and distributed manner. These

techniques, while can be useful to ensure the storage

correctness without having users possessing local data, are all

focusing on single server scenario. They may be useful for

quality-of-service testing, but does not guarantee the data

availability in case of server failures.

Although direct applying these techniques to distributed

storage (multiple servers) could be straightforward, the

resulted storage verification overhead would be linear to the

number of servers. As a complementary approach, researchers

have also proposed distributed protocols for ensuring storage

correctness across multiple servers or peers. However, while

providing efficient cross server storage verification data

availability insurance; these schemes are all focusing on static

or archival data. As a result, their capabilities of handling

dynamic data remains unclear, which inevitably limits their

full applicability in cloud storage scenarios.

A simple approach like message authentication codes

(MACs) can be used to protect the data integrity.Data owners

will initially locally maintain a small amount of MACs for the

data files which are to be outsourced. The data owner can

verify the integrity by recalculating the MAC of the received

data file when he/she wants to retrieve data and will compare

it to the local precomputed value. Even though this method

allows data owners to verify the correctness of the received

data from the cloud, but if the data file is large, MACs cannot

be employed. A hash tree can be employed for large data files,

in which leaves contains hashes of data blocks and internal

contains hashes of their children of the tree.

To authenticate his received data the data owner has to

store the root hash of the tree. But it does not give any

assurance about the correctness of other outsourced data. So to

perform this thing for data owner TPA can be used. Various

mechanisms are proposed on how to use the TPA so that it can

relieve the burden of data owner for local data storage and

maintenance, it also eliminates their physical control of

storage dependability and security, which traditionally has

been expected by both individuals and enterprises with high

service-level requirements. This kind of audit service not only

helps save data owners„computation resources but also

provides a transparent yet cost- effective method for data

owners to gain trust in the cloud.

The presence of TPA eliminates the involvement of the

client by auditing whether his data stored in the cloud are

indeed intact, which can be important in achieving economies

of scale for Cloud Computing. Though this method states how

to save the computational resource and cost of storage of

owner‟s data buthow to trust on TPA that is not calculated. If

TPA modifies data or deletes some dataand if it becomes

intrusive and pass information of data owner to unauthorized

user than how owner know about this problem is not solved.

Page 3: Secure Storage Services In Cloud  Computing

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 6–June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1678

Thus, new approaches are required to solve the above

problem. The author Abhishek Mohta and R. Sahu have given

algorithm which ensures data integrity and dynamic data

operations. They have used encryption and message digest to

ensure data integrity. Although encryption ensures that data is

not leaked while transfer and message digest gives identity of

client who has send data. They have designed algorithm for

data manipulation, insertion of record and record deletion.

Insertion and manipulation algorithms inserts and manipulate

data efficiently but in data deletion we can’t identify the

person who have deleted record, how and when means if any

one deletes record then this algorithm can no longer work. In

that case we can use indexing scheme i.e. if we trace every

record by index, that when and which user is accessing record

then if user tries to delete record then we can identify him as

we have traced him by index.

The author Ateniese et al. are the first who have considered

the public adaptability in their defined―provable data

possession‖ (PDP) method which ensures possession of data

files on untrusted storages. For auditing outsourced data their

technique utilizes the RSA-based homomorphic authenticators

and suggests to randomly sample a few blocks of the file.

However,in their scheme the public auditability demands the

linear combination of sampled blocks which exposed to the

external auditor. When used directly, their protocol is not

provably privacy preserving, and thus may leak user data

information to the auditor. The author Cong Wang et al. used

the public key based homomorphic authenticator and to

achieve a privacy-preserving public auditing system for cloud

data storage security while keeping all above requirements in

mind, it uniquely integrate it with random mask technique.

For efficiently handling multiple auditing tasks,the

technique of bilinear aggregate signature can be explored to

extend the main result into a multi-user setting, where TPA

can perform multiple auditing tasks simultaneously. A keyed

hash function hk(F) is used in Proof of retrievability (POR)

scheme. The verifier, pre-computes the cryptographic hash of

F using hk(F) before archiving the data file F in the cloud

storage, and stores this hash as well as the secret key K. The

verifier releases the secret key K to the cloud archive to check

the integrity of the file F and asks it to compute and return the

value of hk(F). The verifier can check for the integrity of the

file F for multiple times by storing multiple hash values for

different keys, each one being an independent proof. Although

this scheme is very simple and easily implementable the main

drawback of this scheme is that it requires higher resource

costs for the implementation. Verifier has to store as many

keys as the number of checks it wants to perform as well as

the hash value of the data file F with each hash key.

Computation of the hash value for even a moderately large

data files can be computationally burdensome for some clients

(PDAs, mobile phones, etc.).

Each invocation of the protocol at archive requires the

archive to process the entire file F. This processing can be

computationally burdensome for the archive even for a

lightweight operation like hashing. Furthermore, it requires

the prover to read the entire file F - a significant overhead for

an archive whose intended load is only an occasional read per

file, where every file to be tested frequently . The author Ari

Juels and Burton S. Kaliski Jr proposed a scheme “Proof of

retrievability” for large files using “sentinels”. In this scheme,

only a single key can be used irrespective of the size of the

file or the number of files unlike in the key-hash approach

scheme in which many number of keys are used. III PROPOSED METHOD

If any of a cloud gets affected means with the help of

the third party auditor (TPA), we easily recover the data’s

from cloud. We measure cloud correctness based on integrity

auditing mechanism it helps to secure and efficient dynamic

operations on outsourced data, including block modification,

deletion, and append. We ensure our data’s always going to be

a right one if any mismatch occurs means we easily find out

where ever corruption are made based on that we recover the

from cloud as much as possible. The user does not have the

time to perform the storage correctness verification. He can

optionally delegate this task to an independent third party

Page 4: Secure Storage Services In Cloud  Computing

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 6–June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1679

auditor, making the cloud storage publicly verifiable. To

achieve the assurances of cloud data integrity and availability

and enforce the quality of dependable cloud storage service

for users, we propose an effective and flexible distributed

scheme with explicit dynamic data support, including block

update, delete, and append. Append Operation means the user

may want to increase the size of his stored data by adding

blocks at the end of the data file, which we refer as data

append. Sometimes, after being stored in the cloud, certain

data blocks may need to be deleted. The delete operation we

are considering is a general one, in which user replaces the

data block with zero or some special reserved data symbol.

PROPOSED ALGORITHM:

A) Challenge Token Precomputation

In order to achieve assurance of data storage correctness and

data error localization simultaneously, our scheme entirely

relies on the precomputed verification tokens. The main idea

is as follows: before file distribution the user precomputes a

certain number of short verification tokens on individual

vector GðjÞ ðj 2 f1; . . . ; ngÞ, each token covering a random

subset of data blocks. Later, when the user wants to make sure

the storage correctness for the data in the cloud, he challenges

the cloud servers with a set of randomly generated block

indices. Upon receiving challenge, each cloud server

computes a short “signature” over the specified blocks and

returns them to the user. The values of these signatures should

match the corresponding tokens precomputed by the user.

Meanwhile, as all servers operate over the same subset of the

indices, the requested response values for integrity check must

also be a valid codeword determined by the secret matrix P.

B) Correctness Verification and Error Localization

Error localization is a key prerequisite for

eliminating errors in storage systems. It is also of critical

importance to identify potential threats from external attacks.

However, many previous schemes do not explicitly consider

the problem of data error localization, thus only providing

binary results for the storage verification. Our scheme

outperforms those by integrating the correctness verification

and error localization (misbehaving server identification) in

our challenge-response protocol: the response values from

servers for each challenge not only determine the correctness

of the distributed storage, but also contain information to

locate potential data error(s).

C) File Retrieval and Error Recovery

Since our layout of file matrix is systematic, the user can

reconstruct the original file by downloading the data vectors

from the first m servers, assuming that they return the correct

response values. Notice that our verification scheme is based

on random spot-checking, so the storage correctness assurance

is a probabilistic one. However, by choosing system

parameters ðe:g:; r; l; tÞ appropriately and conducting enough

times of verification, we can guarantee the successful file

retrieval with high probability. On the other hand, whenever

the data corruption is detected, the comparison of

precomputed tokens and received response values can

guarantee the identification of misbehaving server(s) (again

with high probability), which will be discussed shortly.

Therefore, the user can always ask servers to send back blocks

of the r rows specified in the challenge and regenerate the

correct blocks by erasure correction, shown in Algorithm 3, as

long as the number of identified misbehaving servers is less

than k. (otherwise, there is no way to recover the corrupted

blocks due to lack of redundancy, even if we know the

position of misbehaving servers.) The newly recovered blocks

can then be redistributed to the misbehaving servers to

maintain the correctness of storage.

Page 5: Secure Storage Services In Cloud  Computing

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 6–June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1680

ADVANTAGES:

By using these algorithms Storage correctness is to

ensure the users data are indeed stored appropriately and kept

intact all the time in the cloud.

The main advantage of this proposed design allows the user to

audit the cloud storage with light- weight communication and

computation cost.

Here we are using third party auditor to ensure the security.

IV THE STEPS OF ALGORITHM

Algorithm for Storage Correctness and Error Localization

1. while CHALLENGE (i)

2. Re compute αi= fkchal(i) and kprp(i) from KPRP

3. Send {αi , kprp } to all cloud server

4. Receive from servers

{Ri (j) = 1=ݍݎߙI * G (j) [økprp (q)]| {1 ≤j ≤n}

5. for j=m+1 to n do,

6. Ri(j) =Ri(j)- ݂݇1=ݍݎj(SI q,j ) .αiq where I q=ø

kprp (q)

7. end for

If( (Ri(1),…..,Ri(m)).P==(Ri(m+1),…., Ri(n)) then

8. Accept and ready for the next challenge

9. else

10. For j=1 to n do

11. if Ri(j) not equal to vi(j) then

12. Return server j is misbehaving

13. end if

14. end for

15. end if

16. end while

Algorithm for Error Recovery

1. Procedure

% Assume the block corruption have been detected

among

% the specified r rows;

% assume s ≤k servers have been identified

misbehaving

2. Download r rows of blocks from servers;

3. Treat s servers as erasures and recover the blocks.

4. Resend the recovered blocks to corresponding

servers

5. End procedure.

V CONCLUSION

In this paper, we investigate the problem of data

security in cloud data storage, which is essentially a

distributed storage system. To achieve the assurances of cloud

data integrity and availability and enforce the quality of

dependable cloud storage service for users, we propose an

effective and flexible distributed scheme with explicit

dynamic data support, including block update, delete, and

append. By utilizing the homomorphic token with distributed

verification of erasure-coded data, our scheme achieves the

integration of storage correctness insurance and data error

localization, i.e., whenever data corruption has been detected

during the storage correctness verification across the

distributed servers, we can almost guarantee the simultaneous

identification of the misbehaving servers. We show that our

scheme is highly efficient and resilient to Byzantine failure,

malicious data modification attack, and even server colluding

attacks. Considering the time, computation resources, and

even the related online burden of users, we also provide the

extension of the proposed main scheme to support third-party

auditing, where users can safely delegate the integrity

checking tasks to third-party auditors and be worry-free to use

the cloud storage services.

REFERENCES 1] C. Wang, Q. Wang, K. Ren, and W. Lou, "Ensuring Data

Storage Security in Cloud Computing," Proc. 17th Int'l

Workshop Quality of Service (IWQoS '09), pp. 1-9, July 2009.

[2] Amazon.com, "Amazon Web Services (AWS)," http:/aws.

amazon.com,2009.

Page 6: Secure Storage Services In Cloud  Computing

International Journal of Computer Trends and Technology (IJCTT) – volume 4 Issue 6–June 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 1681

[3] Sun Microsystems, Inc., "Building Customer Trust in

Cloud Computing with Transparent Security,"

https://www.sun.com/offers/detailssun_transparency.xml ,

Nov.2009.

[4] K. Ren, C. Wang, and Q. Wang, "Security Challenges for

the Public Cloud," IEEE Internet Computing, vol. 16, no. 1,

pp.69-73,2012.

[5] M. Arrington, "Gmail Disaster: Reports of Mass Email

Deletions," http://www.techcrunch.com/2006/12/28gmail-

disasterreports-of-mass-email-deletions ,Dec.2006.

[7] Amazon.com, "Amazon S3 Availability Event: July 20,

2008," http://status.aws.amazon.coms3-20080720.html , July

2008.

[8] S. Wilson, "Appengine Outage," http://www.cio-

weblog.com/50226711appengine_outage.php , June 2008.

[9] B. Krebs, "Payment Processor Breach May Be Largest

Ever," http://voices.washingtonpost.com/securityfix/ 2009/01

payment_processor_breach_may_b.html ,Jan.2009.

[10] A. Juels and B.S. KaliskiJr., "PORs: Proofs of

Retrievability for Large Files," Proc. 14th ACM Conf.

Computer and Comm. Security (CCS '07), pp. 584-597, Oct.

2007.

[11] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L.

Kissner, Z. Peterson, and D. Song, "Provable Data Possession

at Untrusted Stores," Proc. 14th ACM Conf. Computer and

Comm. Security (CCS '07), pp. 598-609, Oct. 2007.

[12] M.A. Shah, M. Baker, J.C. Mogul, and R. Swaminathan,

"Auditing to Keep Online Storage Services Honest," Proc.

11th USENIX Workshop Hot Topics in Operating Systems

(HotOS '07), pp. 1-6, 2007.

[13] M.A. Shah, R. Swaminathan, and M. Baker, "Privacy-

Preserving Audit and Extraction of Digital Contents,"

Cryptology ePrint Archive, Report 2008/186,

http:/eprint.iacr.org, 2008.

[14] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik,

"Scalable and Efficient Provable Data Possession," Proc.

Fourth Int'l Conf. Security and Privacy in Comm. Netowrks

(SecureComm '08), pp. 1-10, 2008.

[15] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, "Enabling

Public Verifiability and Data Dynamics for Storage Security

in Cloud Computing," Proc. 14th European Conf. Research in

Computer Security (ESORICS '09), pp. 355-370, 2009.A.

Juels and J. Burton S. Kaliski, “Pors: Proofs of retrievability

for large files,” in Proc. of CCS’07, Alexandria, VA, October

2007, pp. 584–597.