Aug 4, 2016 - Abstractâ Cloud providers ensure that applications available as a service via the cloud are secure by implementing testing and acceptance ...
International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: 0976-1353 Volume 23 Issue 4 –AUGUST 2016.
Enhanced Focus on User Revocation in Secure Dynamic Auditing For Data Storage in Cloud A. Anusha Priya #1 and Lavanya.C*2 #
Associate Professor, Department of Computer Science, Muthayammal College of Arts and Science,Rasipuram, India * Research Scholar, Department of Computer Science, Muthayammal College of Arts and Science,Rasipuram, India and online business applications. The Cloud Computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud Computing provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications. Sometimes, cloud service providers might be dishonest. They could discard the data that have not been accessed or rarely accessed to save the storage space and claim that the data are still correctly stored in the cloud. Therefore, owners need to be convinced that the data are correctly stored in the cloud. Traditionally, owners can check the data integrity based on two-party storage auditing protocols. In cloud storage system, however, it is inappropriate to let either side of cloud service providers or owners conduct such auditing, because none of them could be guaranteed to provide unbiased auditing result. In this situation, third-party auditing is a natural choice for the storage auditing in Cloud Computing. A Third Party Auditor (auditor) that has expertise and capabilities can do a more efficient work and convince both cloud service providers and owners. For the third-party auditing in cloud storage systems, when it comes to Cloud Computing, the security and privacy of personal information is extremely important. Given that personal information is being turned over to another organization, often in another country, it is vital to ensure that the information is safe and that only the people who need to access it are able to do so. There is the risk that personal information sent to a cloud provider might be kept indefinitely or used for other purposes. Such information could also be accessed by government agencies, domestic or foreign. For businesses that are considering using a cloud service, it is important to understand the security and privacy policies and practices of the provider.
Abstract— Cloud providers ensure that applications available as a service via the cloud are secure by implementing testing and acceptance procedures for outsourced or packaged application code. It also requires application security measures are in place in the production environment. Due to the data outsourcing, however, this new paradigm of data hosting service also introduces new security challenges, which requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity checking methods can only serve for static archive data and, thus, cannot be applied to the auditing service since the data in the cloud can be dynamically updated. In this paper, we propose the construction of a powerful Thrice key Auditing Algorithm for support efficient handling of multiple auditing tasks, where TPA can perform multiple auditing tasks by using this algorithm very fast and safe. The proposed system is going to find out the check fill attack vulnerabilities and it can be solved efficiently. Our further proposed system is going to reduce the cost, increase the time efficiency and security efficiency by using triple key technique. Our experiments show that our solution introduces lower computation and communication overheads in comparison with non-cooperative approaches. Index Terms— Thrice key Auditing Algorithm, TPA, Triple key.
I. INTRODUCTION Cloud Computing is an expression used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. In science, Cloud Computing is a synonym for distributed Computing over a network, and means the ability to run a program or application on many connected computers at the same time. The phrase also more commonly refers to network-based services, which appear to be provided by real server hardware, and are in fact served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user - arguably, rather like a cloud. Cloud storage is an important service of Cloud Computing. Cloud Computing is the delivery of Computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail,
A. DEFINITIONS WITH PRELIMINARIES In this section, we first describe the system model and give the definition of storage auditing protocol. Then, we define the threat model and security model for a storage auditing system. 1) System Model We consider an auditing system for cloud storage as shown in Fig. 1, which involves data owners (owner), the cloud server (server), and the third-party auditor (auditor). The owners create the data and host their data in the cloud. The cloud server stores the owners’ data and provides the data access to
51
International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: 0976-1353 Volume 23 Issue 4 –AUGUST 2016. users (data consumers). The auditor is a trusted third-party that has expertise and capabilities to provide data storage auditing service for both the owners and servers. The auditor can be a trusted organization managed by the government, which can provide unbiased auditing result for both data owners and cloud servers.
2) Security Model We assume the auditor is honest. It performs honestly during the overall auditing procedure, but it is curious about the received data. But the sever could be dishonest and may launch the following attacks: i. Modify attack: The server may choose another valid and uncorrupted pair of data block and data tag to alter the challenged pair of data block and data tag,when it already discarded. ii. Forge attack: The server may forge the data tag of data block and deceive the auditor; if the owner’s secret tag keys are reused for the different versions of data. iii. Check fill attack: when the data storing in to the server it won’t check before store in to the server.
AUDITO R
B. SYSTEM OVERVIEW The security and reliability of our project is fundamental to our process, as is the trust and faith that our customers place in us. We have completed a rigorous audit conducted by a leading security firm. There were three important findings that lead us to believe the situation has been contained. The method utilized by the suspect to gain access has been identified and remediated.
Fig.1 System model
SYMBOL
MEANING
skt
Key for secret tag
Pkt
Key for public tag
skh
Key for secret hash
M
Data component
T
Collection of data tags
N
Number of blocks
S
Sectors
Minfo
Abstract information
P
Proof
It appears that the suspect’s sole motive was to acquire free services from us. We have no evidence suggesting that the suspect was targeting customer infrastructure or payment cards. We have no indication that any customer information was shared with any other unauthorized parties or that there has been unauthorized use of any cardholder’s data. In addition, we are instituting a series of new measures designed to further enhance security. Client privacy, confidentiality and security are central to us. We greatly value your business and apologize for any inconvenience this causes. 1) Storing In Multi Cloud Distributed Computing is used to refer to any large combined in which many individual personal computer owners allow some of their computer's processing time to be put at the service of a large problem. In our system the each cloud admin consist of data blocks. The cloud user uploads the data into multi cloud. Cloud Computing environment is constructed based on open components and interfaces, it has the capability to incorporate multiple internal and/or external cloud services together to provide high interoperability. We call such a distributed cloud environment as a multi-cloud. A multi-cloud allows clients to easily access his/her resources remotely through interfaces.
TABLE1. SYMBOLS AND THEIR MEANING
A storage auditing protocol consists of the following five algorithms: i. KeyGen(£)→(skh,skt , pkt). This key generation algorithm takes no input other than security parameter £. ii. TagGen(M,skt,skh) →T. the tag generation algorithm takes as input an encrypted file M. iii. Chall(Minfo) →C. the challenge algorithm takes as input the information of the data. iv. Prove(M,T,C) →P. the prove algorithm takes as input the file M, tages T, and the challenge from the auditor C.
2) Dynamic Auditing By TPA Trusted Third Party (TTP) who is trusted to store verification parameters and offer public query services for these parameters. In our system the Trusted Third Party, view the user data blocks and uploaded to the distributed cloud. In distributed cloud environment each cloud has user data blocks. If any modification done by cloud owner a alert is send to the Trusted Third Party.
52
International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: 0976-1353 Volume 23 Issue 4 –AUGUST 2016. 3) Checking Data Integrity And Cooperative Provable Data Possession (CPDP) Cooperative PDP (CPDP) schemes adopting zero-knowledge property and three-layered index hierarchy, respectively. In particular efficient method for selecting the optimal number of sectors in each block to minimize the computation costs of clients and storage service providers. Cooperative PDP (CPDP) scheme without compromising data privacy based on modern cryptographic techniques. Data Integrity is very important in database operations in particular and Data warehousing and Business intelligence in general. Because Data Integrity ensured that data is of high quality, correct, consistent and accessible.
auditing tasks from different users can be performed simultaneously by the TPA.Relief of the burden for storage management. A. Thrice Key Auditing Algorithm In this paper, three members are interfere-they are Data Owner, TPA (Third Party Auditor) and the User. The Data Owner save their all information into the TPA but TPA can able to view only the original information and it can’t able to view the sensitive data format in formations. For overcoming this problem all the information are encrypted with the help of our proposed algorithm. So we using “Triple Key Algorithm” for secure the information. Normally, user can’t get the information from TPA. So, here they are using three keys for the Data Owner, TPA and for the user. Thus the user send the requests to TPA as (for ex-userid) then it convert into key. The user generates the key and sends the request towards the TPA. So that, the TPA checks their key matches with the Data owner. If it matches only the TPA can send the information to user into decryption. Thus the information can able to view with the help of triple key algorithm. B. MANUAL TRACING OF ALGORITHMS WITH TEST CASES a. Test case for Mobile Number
Fig. 2 System Architecture
4) Computation Cost The Cloud User who has a large amount of data to be stored in multiple clouds and have the permissions to access and manipulate stored data. The User’s Data is converted into data blocks. The data blocks are uploaded to the cloud. The TPA views the data blocks and Uploaded in multi cloud. The user can update the uploaded data. If the user wants to download their files, the data’s in multi cloud is integrated and downloaded.
TABLE 2.TEST CASE FOR MOBILE NUMBER
II. PROPOSED WORK Private audit ability and public audit ability can be done in high efficiency. Clients are able to delegate the evaluation of the service performance to an independent Third Party Auditor (TPA), without devotion of their computation resources. Modification, deletion and insertion can be done with the help of Provable Data Possession (PDP) or Proof of Retrievability (PoR).Protocol supporting for fully dynamic data operations batch auditing where multiple delegated
53
International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: 0976-1353 Volume 23 Issue 4 –AUGUST 2016. III. CONCLUSION The conclusion is, TPA can perform the storage auditing without demanding the local copy of data. We utilize the tripe key cryptography to guarantee that TPA would not learn any knowledge about the data content stored on the cloud server during the efficient auditing process, which not only eliminates the burden of cloud user from the tedious and possibly expensive auditing task, but also alleviates the users’ fear of their outsourced data leakage. A powerful Thrice key Auditing Algorithm for support efficient handling of multiple auditing tasks, where TPA can perform multiple auditing tasks by using this algorithm very fast and safe. It is going to find out the check fill attack vulnerabilities and it can be solved efficiently and this system is going to reduce the cost, increase the time efficiency and security efficiency by using triple key technique. TABLE 3. TEST CASE FOR E-MAIL ID
IV. FUTURE ENHANCEMENT The state-of-the-art Cloud technologies have limited support for market-oriented resource management and they need to be extended to support: negotiation of QoS between users and providers to establish SLAs; mechanisms and algorithms for allocation of VM resources to meet SLAs; and manage risks associated with the violation of SLAs. Furthermore, interaction protocols needs to be extended to support interoperability between different Cloud service providers. In addition, we need programming environments and tools that allow rapid creation of Cloud applications. Data Centers are known to be expensive to operate and they consume huge amounts of electric power. As Clouds are emerging as next-generation data centers and aim to support ubiquitous service-oriented applications, it is important that they are designed to be energy efficient to reduce both their power bill and carbon footprint on the environment. To achieve this at software systems level, we need to investigate new techniques for allocation of resources to applications depending on quality of service expectations of users and service contracts established between consumers and providers. REFERENCES
C. PERFORMANCE ANALYSIS Storage auditing is a very resource demanding service in terms of computational resource, communication cost, and memory space. D. Cost for Communication The communication cost during the initialization is almost the same in these three auditing protocols, we only compare the communication cost between the auditor and the server, which consists of the challenge and the proof. E. Complex in Computation We calculate the computation of the owner, the server, and the auditor on a Linux system with an Intel Core 2 Duo CPU at 4.16 GHz and 5.00-GB RAM. The code uses the pairing-based cryptography library version 0.6.11 to simulate our auditing scheme and Zhu’s IPDP scheme. The elliptic curve we used is a MNT d169 curve, where the base field size is 169 bit and the embedding degree is 7. The d169 curve has a 125-bit group order, which means p is a 125-bit length prime. All the simulation results are the mean of 15 trials.
[1] [2]
F. Auditing Cost The computation time of the auditor versus the number of challenged data blocks in the single cloud and single owner case. In this figure, the number of data blocks goes to 500 but it can illustrate the linear relationship between the computation costs of the auditor versus the challenged data size. The sample size and the frequency are determined by the service-level agreement. From the simulation results, we can estimate that it requires 800 seconds to audit for 1-GByte data. However, the Computing abilities of the cloud server and the auditor are much more powerful than our simulation PC, so the computation time can be relatively small. Therefore, our auditing scheme is practical in large-scale cloud storage systems.
[3]
[4]
[5]
[6]
[7]
54
M. Naor and G.N. Rothblum, “The Complexity of Online Memory Checking,” J. ACM, vol. 56, no. 1, article 2, 2009. A. Juels and B.S. Kaliski Jr., “Pors: Proofs of Retrievability for Large Files,” Proc. ACM Conf. Computer and Comm. Security, P. Ning, S.D.C. di Vimercati, and P.F. Syverson, eds., pp. 584-597, 2007. T.J.E. Schwarz and E.L. Miller, “Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage,” Proc. 26th IEEE Int’l Conf. Distributed Computing Systems, p. 12, 2006. D.L.G. Filho and P.S.L.M. Barreto, “Demonstrating Data Possession and Uncheatable Data Transfer,” IACR Cryptology ePrint Archive, vol. 2006, p. 150, 2006. F. Sebe´, J. Domingo-Ferrer, A. Martı´nez-Balleste´, Y. Deswarte, and J.-J. Quisquater, “Efficient Remote Data Possession Checking in Critical Information Infrastructures,” IEEE Trans. Knowledge Data Eng., vol. 20, no. 8, pp. 1034-1038, Aug. 2008. G. Yamamoto, S. Oda, and K. Aoki, “Fast Integrity for Large Data,” Proc. ECRYPT Workshop Software Performance Enhancement for Encryption and Decryption, pp. 21-32, June 2007. M.A. Shah, M. Baker, J.C. Mogul, and R. Swaminathan, “Auditing to Keep Online Storage Services Honest,” Proc. 11th USENIX Workshop Hot Topics in Operating Systems (HOTOS), G.C. Hunt, ed., 2007.
International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) ISSN: 0976-1353 Volume 23 Issue 4 –AUGUST 2016. [8]
C. Wang, K. Ren, W. Lou, and J. Li, “Toward Publicly Auditable Secure Cloud Data Storage Services,” IEEE Network, vol. 24, no. 4, pp. 19-24, July/Aug. 2010. [9] K. Yang and X. Jia, “Data Storage Auditing Service in Cloud Computing: Challenges, Methods and Opportunities,” World Wide Web, vol. 15, no. 4, pp. 409-428, 2012. [10] G. Ateniese, R.C. Burns, R. Curtmola, J. Herring, L. Kissner, Z.N.J. Peterson, and D.X. Song, “Provable Data Possession at Untrusted Stores,” Proc. ACM Conf. Computer and Comm. Security, P. Ning, S.D.C. di Vimercati, and P.F. Syverson, eds., pp. 598-609, 2007. Mrs. A. Anusha Priya MCA., M.phil.,[Ph.D]
She has received her B.Sc (CS) from Vysya College of Arts and Science and MCA from Vysya College of Arts and Science and M.Phil from Periyar University, Salem. She is pursuing Ph.D from Karpagam University, Coimbatore. She is having 10 Years Experience in Collegiate teaching and She is the Associate professor in department of Computer Science in Muthayammal College of Arts and Science, Rasipuram, Affiliated by Periyar University, Salem, Tamilnadu, India. Her main research interested includes Cloud Computing in Computer Network. Mrs. Lavanya.C
Mrs. Lavanya.C received her B.C.A., degree in Dhanalakshmi Srinivasan College of Arts and Science for Women from Bharathidasan University, Tiruchirapalli (2002 - 2005) Tamil Nadu (India). Then finished MCA, degree in Cauvery College for Women from Bharathidasan University, Tiruchirapalli (2005 - 2008) Tamil Nadu (India). She is the M.Phil Research Scholar of Muthayammal College of Arts and Science, Rasipuram, Periyar University, Salem. Her area of interest is Computer Network.
55
