INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Transcription

1 INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK TECHNIQUES FOR ENSURING DATA STORAGE SECURITY IN CLOUD COMPUTING GANESH B. CHAVAN 1, DR. RAJENDRA R. SAWANT 2, CHAITANYA NIMODIA 3 1. ME(CSE)Student, Department of Computer Science & Engineering, Khurana Sawant Institute of Engg & Technology, Washim Road, Hingoli, SRTM University, Nanded Maharashtra, India. 2. Professor, Khurana Sawant Institute of Engg & Technology, SRTM University, Nanded, Maharashtra, India. 3. Assistant Professor, Department of Computer Science & Engineering, Khurana Sawant Institute of Engg & Technology, SRTM University, Nanded Maharashtra, India. Accepted Date: 05/03/2015; Published Date: 01/05/2015 Abstract: Cloud Computing has been envisioned as the next generation architecture of IT Enterprise. Cloud computing make it possible to store amounts of data. User an entity whose data to be stores in the cloud and server is an entity which manages by cloud service provider(csp) to provide data storage service and has significant storage space and resources. Third party auditor is an optional (TPA) who has capabilities that users may not have is trusted to assess and expose risk of cloud storage services on behalf of the users upon request. Cloud Computing moves the application software s to the large data centers, where the management of the data and services may not be fully trustworthy. Our proposed work, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of user s data in the cloud, we also propose an effective and flexible distributed scheme. By utilizing the Public key and Private key based homomorphic authenticator on the different techniques with distributed verification of ensure-coded data, our scheme achieves the integration of storage correctness and data error localization.the proposed design further supports secure and efficient dynamic activities including data modification, deletion, append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against malicious data modification attack. Keywords: Cloud computing, Public Key, Private Key, authentication, data security, Cloud S Corresponding Author: MR. GANESH B. CHAVAN Access Online On: How to Cite This Article: PAPER-QR CODE 966

2 INTRODUCTION Several veers are opening on the time of Cloud Computing, which is an Internet based improvement and use of computer knowledge. There are many powerful processors together with the software as a service (SaaS) computing design, are transform data centers into computing service on a massive scale [1]. The increasing network bandwidth and dependable yet flexible network connections make it even possible that users can now support high quality services from data and software. Moving data into the cloud offers great expediency to users since they don t have to care about the complexities of direct hardware managing [2]. The initiate of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2) are both well acknowledged examples.[3] While these internet-based online services do provide large amounts of storage space and resources, this computing platform shift, however, is eliminating the dependability of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. Amazon s S3 is such an example. From the point of view of data security, which has always been an important aspect of quality of service, Cloud Computing predictably poses new demanding security threats for number of reasons. Firstly, conventional cryptographic primitives for the purpose of data security protection cannot be directly assumed due to the user s loss control of data under Cloud Computing. Therefore, authentication of correct data storage in the cloud must be conducted without explicit knowledge of the whole data. Secondly, Cloud Computing is not just a third party data warehouse. The data stored in the cloud may be often updated by the users. Last but not the least, the use of Cloud Computing is powered by data centers running in a concurrent and distributed manner [3]. Individual user s data is unnecessary stored in multiple physical locations to further reduce the data integrity threats. Therefore, distributed protocols for storage correctness declaration will be of most importance in achieving a secure cloud data storage system in the real world [4]. However, such important area remains to be fully explored in the literature [8]-[10]. Recently, the importance of ensuring the remote data integrity has been highlighted by the following research works These techniques, while can be useful to ensure the storage correctness without having users possessing data, cannot address all the security threats in cloud data storage, since they are all focusing on single server scenario and most of them do not consider dynamic data operations [5]. In this paper, we propose an effective and flexible distributed system with explicit dynamic data support to ensure the 967

3 correctness of users data in the cloud. This construction significantly reduces the communication and storage overhead as compared to the traditional replication-based file Expected impact Methods and tools for better understanding and identifying the risks and consequences when moving application software s into the cloud[6] Wider adoption of cloud computing in critical infrastructures through clear specification, design, and implementation guidelines for security goals in highly sensitive cloud computing scenarios[6] Evaluation and adoption of project results in real-world application scenarios[6] Research targets Understanding risk in the created cloud for critical infrastructure IT services [7] Security policy specification for the cloud. Building resilient, high-assurance systems in the cloud Linking technical and legal aspects 2. PROBLEM STATEMENT 2.1 System framework Cloud data storage Module: - Cloud data storage, a user stores his data through a CSP into a set of cloud servers, which are running in a simultaneous, the user interacts with the cloud servers via CSP to access or retrieve his data. Client Module: - In this module, the client sends the query to the server. Based on the query the server sends the corresponding file to the client. Cloud Authentication Server: The Authentication Server (AS) functions as any AS would with a few additional behaviors added to the typical client-authentication protocol. The first addition is the sending of the client authentication information to the masquerading router. 968

4 Unauthorized data modification and corruption module:- One of the key issue is to effectively detect any unauthorized data modification and corruption, possibly due to server compromise and/or random Byzantine failures. 2.2 Adversary framework We consider two types of adversary framework with different levels of capacity in this paper: Week framework The adversary is involved in corrupting the user s data files stored on individual servers. Once a server is comprised a challenger can corrupt the original data files by modifying its own fallacious data to prevent the original data from being retrieved by the user Effective framework This is the low rest case situation, in which we assume that the challenger can cooperation all the storage servers so that he can deliberately modify the data files as long as they are internally dependable. In fact, this is equivalent to the case where all servers are colluding together to hide a data loss. Project justification 2.3 Design Goals Figure 1. Network for cloud storage To guarantee the security for cloud data storage under the afore named adversary model, we aim to design effective mechanisms for data verification and operation and achieve the following goals: 969

5 Effective correctness using different technique (SaaS, HaaS, IaaS Fast localization of data error using different technique (SaaS, HaaS, IaaS Dynamic data support using different technique (SaaS, HaaS, IaaS Dependability using different technique (SaaS, HaaS, IaaS Lightweight using different technique (SaaS, HaaS, IaaS) 2.4 Notation & Preliminaries F-The data file to be stored. We assume F that can be denoted as a matrix M of equal-sized data vectors each consisting of l blocks. Data blocks are all well represented as elements in Galois Field for w= 4, 6, 8. R- The dispersal matrix used for Reed-Solomon coding. D-Data matrix constructed over data vectors. C- The encoded file matrix, which includes a set of vectors, n=m+k each consisting of l blocks. PRF - Pseudorandom function. PRP- Pseudorandom permutation. 3. CLOUD DATA STORAGE 3.1 Algorithm 1 Token Pre-computation 1. Start 2. Choose file to upload 3. Generate n*m Vector Matrix D on file F. 4. Create Reed Solomon Matrix P over Galois Field where w=4. 5. Generate Matrix C=D*P. 970

6 6. Compute Token over Matrix C. ComputeToken (C, l, t, r) where l- block size t - no. of token r- indices per verification. Compute the tokens by pseudorandom function PRF & pseudorandom permutation function PRP 7. Store these precomputed tokens on the main cloud server. 8. Disperse the file over the Cloud. i.e. Matrix D 9. End. 3.2 Correctness confirmation and Error Localization To eliminate the errors in storage systems key prerequisite is to locate the errors. However, many previous schemes do not explicitly consider the problem of data error localization, thus only provide binary results for the storage verification. In our scheme we integrate the correctness verification and error localization in our challenge-response protocol.[11]-[12] The newly computed tokens from servers for each challenge are compared with pre-computed tokens to determine the correctness of the distributed storage. This also gives information to locate potential data errors. Algorithm Correctness verification 1 Begin Challenge i, for i=(i=1 to n ), where n total number of cloud servers. 2. Get Token A( ) // Getting precomputed tokens from main cloud server. 3. handlec() // Reading file blocks from all cloud servers for calculating new tokens. 4. Generate Vector Matrix D on all file blocks that are read in step Create Reed Solomon Matrix P 6. Generate Matrix C= D*P. On this matrix, new tokens will be computed. 7. Compute token on Matrix C. Compute Token (C, l, t, r) 8. If (Precomputed token == newly computed token) then, Data is intact Else Data is Corrupt. For that i, initiate the recovery. 9. End 971

7 Algorithm: Error Recovery 1. Start Assume that the data corruptions have been detected & s <= k servers have been identified misbehaving. 2. Download data blocks from backup server. 3. Generate data vectors as per number of cloud storage servers. 4. Distribute the data blocks to corresponding servers & recover the data. 5. End. 4. Data Operation Support In cloud data storage, there are many potential scenarios where data stored in the cloud is dynamic, like electronic documents, photos, or log files etc. Therefore, it is crucial to consider the dynamic case, where a user may wish to perform various operations of update, delete and append to modify the data file while maintaining the storage correctness assurance. The straightforward and trivial way to support these operations is for user to download all the data from the cloud servers. In cloud data storage, sometimes the user may need to modify some data stored in the cloud, from its current value to a new one. We refer this operation as data update. To perform update operation on particular data block client need to recalculate the verification token on updated data. Also client need to update this value of newly calculated token to all the replicas of file in storage cloud [4,5]. When user want to perform update operation, the splitted file from all storage servers is merged and given to the user to perform data updates. Once user has finished with the updating the data, new tokens are calculated on whole file and they are stored on main cloud server Sometimes, after being stored in the cloud, certain data may need to be deleted [7,8]. The delete operation we are considering is a general one. When user wants to delete some file, he can simply delete it. In delete operation, file blocks that are distributed among cloud storage servers are all deleted [13]. In case of insert operation, we are treating as a part of update operation and we are relaying on update operation for insert operation. 4. SECURITY ANALYSIS AND PERFORMANC EEVALUATION In this section, we analyze our proposed scheme in terms of security and efficiency [9]. Our security analysis focuses on the adversary model defined in We also evaluate the efficiency of 972

8 our scheme via implementation of both file distribution preparation and verification token precomputation. 1. Performance Evaluation a) File Distribution Preparation: We implemented the generation of parity vectors for our scheme under field our experiment is conducted using C on a system with an Intel Core 2 processor running at 2.06 GHz, 2500 MB of RAM, and a 8200 RPM Western Digital 350 GB Serial ATA drive with an 10 MB buffer. TABLE I: The cost of parity generation in seconds for an 10 GB data file. For set I, set II the number of parity server s k is fixed.. 5. RELATED WORK Juels et al. described a formal proof of retrievability (POR) model for ensuring the remote data integrity. Their scheme combines spot-cheking and error-correcting code to ensure both possession and retrievability of files on archive service systems. Shacham et al. built on this model and constructed a random linear function based homomorphic authenticator Bowers et al. proposed an improved framework for POR protocols that generalizes both Juels and Shacham s work. Later in their subsequent work, Bowers et al. extended POR model to distributed systems [4]. However, all these schemes are focusing on static data.. Ateniese et al.defined the provable data possession (PDP) model for ensuring possession of file on untrusted storages [5]. Their scheme utilized public key based homomorphic tags for auditing the data file. After that Ateniese et al.described a PDP scheme that uses only symmetric key cryptography [5]. This method has lower-overhead than their previous scheme and allows for block updates, deletions and appends to the stored file, which has also been supported in our work. However, their scheme focuses on single server scenario and does not address small data corruptions, leaving both the distributed scenario and data error recovery issue unexplored. 973

9 6. CONCLUSION In this paper, we investigated the problem of data security in cloud data storage, which is essentially a distributed storage system. To ensure the correctness of users' data in cloud data storage, we proposed an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append We rely on erasure-correcting code in the file distribution preparation to provide redundancy parity vectors and guarantee the data dependability. By utilizing the homomorphic token with distributed verification of erasure coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., whenever data corruption has been detected during the storage correctness verification across the distributed servers, we can almost guarantee the simultaneous identification of the misbehaving server. Through detailed security and performance analysis, we show that our scheme is highly efficient and resilient to Byzantine failure, malicious data modification attack, and even server colluding attacks. We believe that data storage security in Cloud Computing, an area full of challenges and of paramount importance, is still in its infancy now, and many research problems are yet to be identified. We envision several possible directions for future research on this area. The most promising one we believe is a model in which public verifiability is enforced. Public verifiability, supported in, allows TPA to audit the cloud data storage without demanding users time, feasibility or resources. An interesting question in this model is if we can construct a scheme to achieve both public verifiability and storage correctness assurance of dynamic data. Besides, along with our research on dynamic cloud data storage, we also plan to investigate the problem of fine-grained data error localization. REFERENCES: 1. Amazon.com, "Amazon Web Services (AWS)," 2. N. Gohring, "Amazon's S3 down for several hours," 3. A. Juels and J. Burton S. Kaliski, "PORs: Proofs of Retrievability for Large Files," 4. H. Shacham and B. Waters, "Compact Proofs of Retrievability," 5. K. D. Bowers, A. Juels, and A. Oprea, "Proofs of Retrievability: Theory and Implementation," 6. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson and D. Song, "Provable Data Possession at Untrusted Stores," 974

10 7. G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, "Scalable and E_-cient Provable Data Possession," 8. T. S. J. Schwarz and E. L. Miller, "Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage," 9. J. S. Plank and Y. Ding, Note: Correction to the 1997 Tutorial on Reed-Solomon Coding, Yang, K. and X. Jia, Data storage auditing service in cloud computing: challenges, methods and opportunities. 12. Cong Wang,Qian Wang,Kui Ren, and Wenjing Lou, Ensuring Data Storage Security in Cloud Computing. 13. Raluca Ada Popa, Jacob R. Lorch, David Molnar, Helen J. Wang, and Li Zhuang, Enabling Security in Cloud Storage SLAs with CloudProof. 975