A Flexible Auditing Mechanism for Storages in Cloud Computing

Transcription

1 ISSN (Onlne : ISSN (Prnt : Internatonal Journal of Innovatve Research n Scence, Engneerng and Technology Volume 3, Specal Issue 3, March Internatonal Conference on Innovatons n Engneerng and Technology (ICIET 14 On 21 st & 22 nd March Organzed by K.L.N. College of Engneerng, Madura, Taml Nadu, Inda A Flexble Audtng Mechansm for Storages n Cloud Computng Saranya C, Vnoth P PG Scholar, Dept of Computer Scence Engneerng, Mepco Schlenk Engneerng, College Svakas, Inda. Assstant Professor, Dept of Computer Scence Engneerng, Mepco Schlenk Engneerng, College Svakas, Inda. Abstract-In recent years, Cloud Computng has acheved greater heghts. Cloud storage s more preferable than normal local storage, as when we use global nternet based storage, t s easy to use wherever we go. But these cloud nfrastructures are prone to threats lke Cloud Servce Provder may behave unfathful towards the users data and also users may faulty perform mproper operatons that leads to loss of data. The soluton for the above problem s that a Flexble Audtng Mechansm was proposed whch allows a Thrd Party Audtor (TPA to verfy the ntegrty of data stored n the cloud.it uses the fragment structure and secure tag generaton method for perodc samplng audt process.it also supports audt for dynamc operatons. Ths audt servce can provde publc audtablty wthout downloadng raw data and protect prvacy of the data. Therefore, through ths audt system the dynamc data operatons and tmely anomaly detecton can be supported at low storage and communcaton cost. The next ssue s that the cloud servce provder would behave unfathful towards the cloud data. They may dscard the data that are rarely accessed or not accessed to save storage space and clam that the owner s data are correctly stored n the cloud. The other ssue s that users may perform mproper operatons that s they may accdently delete the data and clam the cloud servce provder s responsble for the data loss. So, t s necessary for the servce provder to have a flexble audtng servce to check the correctness of the data stored n the cloud. Audt nvolves the trackng of all actvtes that ncludes data accesses, securty volatons, and attacks and so on. However, tradtonal cryptographc schemes lack to support ntegrty verfcaton wthout the local copy of the data. If the audt servces are desgned to download the whole data whch ncurs storage and communcaton cost. Ths stuaton should be managed so, the man obectves of the flexble audtng servces are: Keywords-Storage Audtng, data ntegrty, cloud storage systems. I.INTRODUCTION Effcent Audtablty. To have a thrd party audtor (TPA to verfy the correctness of the data wthout downloadng the whole data. Dynamc Audtablty. To support audtng for dynamc operatons done by the user. Perodc detecton of errors and losses. To perform a perodc samplng audt on the data stored n the cloud. Forensc Evdences. To provde forensc evdences for the anomales those occur n the cloud. Lghtweght Audt Tasks. Cloud computng s an upcomng technology where the computng resources are shared across nternet for usage, that s we can pay as we use. There s no need for any local storage.the storage n clouds has become a popular way of storng and mantanng the data. The ntegrty of stored data should be preserved. But cloud nfrastructures are prone to threats. These threats can be nternal threat, caused by vrtual machne falure or external threat, caused by system holes. Ths damages the ntegrty of data. M.R. Thansekhar and N. Bala (Eds.: ICIET

2 To ncur the less cost computaton audt tasks. A Flexble Audtng Mechansm for Storages n Cloud Computng To acheve these obectves, a flexble audtng servce was ntroduced to provde effcent ntegrty verfcaton. Ths audt system supports dynamc data operatons and tmely anomaly detecton. The technques used are fragment structure, random samplng and ndex-hash table. The rest of the paper s organzed as follows: Secton 2 descrbes the research background and related work. Secton 3 descrbes the audt system archtecture and the technques used. Secton 4 descrbes the defnton and the algorthms. Secton 5, we present the performance of the expermental results. Fnally, we conclude the paper n Secton 6. II.BACKGROUND AND RELATED WORK Tradtonal schemes based on the hash functons and sgnature methods can t work wthout downloadng the whole data. That results n expensve communcaton especally for large-sze fles. As the work of audtng the cloud data are really expensve and complex. Ths audtng work of verfyng the correctness of the data s moved from cloud servce provder (CSP to the thrd party audtor (TPA.TPA has the capablty for perodcally audtng the data.ths servce gves data assurance and acts as a dgtal forenscs. Many researchers proposed new notatons for publc audtablty lke the notons of proof of retrevablty (POR[2] and PDP[5]. Anyone can use these schemes to prove the correctness of the data and offer a publcly accessble remote nterface to check large amount of data. Some audt servces solutons are there. Xe et al. [10] proposed a content comparablty method but t s not sutable for rregular data. Wang et al. [11] proposed a prvacy preservng property for outsourced data. In ths scheme, a fle s drectly splt nto n blocks and a verfcaton tag s generated for each block. Here, the sze of the block s equal to the cryptosystem.for,160 bts whch s 20 bytes. That s,1m bytes fle s splt nto 50,000 blocks and generates 50,000 tags, ths storage of tags s 1M bytes. So, t s neffcent to construct a system usng ths scheme. To overcome ths problem, a fragment structure technque s used to reduce the extra storage. Usng ths scheme, the data can be dynamcally updated by the clents. The block operatons lke modfcaton, deleton and nserton. Fg. 1.Archtecture of Cloud Audt Servce. In the exstng schemes, securty ssues arse a lot. Hence, to develop a secure mechansm for dynamc audt servces, a flexble scheme s requred. III.ARCHITECTURE AND TECHNIQUES Audt system archtecture for outsourced data n clouds s shown n Fg. 1.Ths archtecture the audt archtecture conssts of fve enttes. Cloud Servce Provder(CSP CSP provdes data storage servce and has enough storage space and computaton resources. Authentcated Applcatons(AA AA has the rght to access and manpulate the stored data Data Owner (DO DO have a large amount of data to be stored n the cloud. Thrd Party Audtor(TPA TPA has capabltes to manage or montor the outsourced data under the delegaton of DO. Applcaton User s Cloud User s enoy varous cloud applcaton servces va the AA s. TPA s relable and ndepent through the followng audt functons: TPA should be able to make regular checks on the ntegrty and avalablty of the delegated data at approprate ntervals. TPA should be able to organze, manage, and mantan the outsourced data nstead of DO TPA support dynamc data operatons for AAs. TPA should be able to take the evdences for dsputes about the nconsstency of M.R. Thansekhar and N. Bala (Eds.: ICIET

3 data n terms of authentc records for all data operatons. A Flexble Audtng Mechansm for Storages n Cloud Computng To acheve these functons, our audt servces has 3 processes: Tag Generaton And User s Verfcaton: The clent (DO uses a secret key s k to preprocess a fle, whch conssts of a collecton of n blocks, generates a set of publc verfcaton parameters (PVP s and IHT that are stored n TPA, transmts the fle and some verfcaton tags to CSP, and may delete ts local copy(see Fg.2a; Perodc Samplng Audt: By usng an nteractve proof protocol of retrevablty, TPA ssues a random samplng challenge to audt the ntegrty and avalablty of the outsourced data n terms of verfcaton nformaton (nvolvng PVP and IHT stored n TPA(see Fg. 2b;and Audt For Dynamc Data Operatons: An AA, who holds a DO s secret key λ, can manpulate the outsourced data and update the assocated IHT stored n TPA. The prvacy of λ and the checkng algorthm ensure that the storage server cannot cheat the AAs and forge the vald audt records(see Fg. 2c; The Authorzed Applcaton s provdes the cloud applcaton servces, must be authorzed by the DOs. Therefore, any AAs must gve TPA the authorzed nformaton to perform the dynamc operatons on the data. If any unauthorzed applcatons occur then the audtng servce should detect t. So, ths s a strong authentcaton-verfcaton mechansm. (a Tag Generaton and User Verfcaton Workflow (b Perodc Samplng Audt Workflow (c Dynamc operatons Audt Workflow Fg. 2. Three processes of the audt system. The entre goal of ths audt structure s to provde the credtablty n cloud. So, the burden of the DO and CSP are greatly reduced. The entre audtng servce s handled by a Trusted Thrd Party Audtor (TTPA.There s no addtonal cost for usng ths mechansm. Ths process nvolves the followng algorthms: KeyGen, TagGen, Update, and Delete, Insert algorthms. The followng technques are requred to construct a ths algorthms. The technques are Fragment structure, Blnear Mappng and Index table (ITable. 3.1 Fragment Structure and Secure Tags To maxmze the performance the audt system, a general fragment structure s used.a fle F s splt nto n data components {m 1,.,m n }.Each data block m s further splt nto s sectors. 1. Select the maxmum no. of sectors s max among all the sector numbers s. 2. m has s max sectors Set m =0 for s < < _ s max 3. Sze of each sector s constant and equal to securty parameter p. 4. Calculate the number of data blocks. 5. Encrypted data component s M { m} [1, n], [1, s] where s = number of sectors n each data block. p= securty parameter. M.R. Thansekhar and N. Bala (Eds.: ICIET

4 3.2 Blnear Mappng Let G 1,G 2 and G T be multplcatve groups wth same prme order p. Blnear map s gven by Let g 1 and g 2 be the generators of G 1 and G 2.. Keyed secure hash functon 1.3 Index table (ITable ITable s used to record the abstract nformaton of the data.it conssts of 4 components Index -Current block number of data block m.. B -Orgnal block number of data block m. V -Current verson number of data block m. T -Tmestamp used for generatng the data tag. TABLE 3ITable of the Abstract Informaton of Data M Index B V T T T2 IV.ALGORITHMS FOR AUDIT SYSTEM The algorthms for tag generaton process: 1. Key Generaton Algorthm - KeyGen(λ Algorthm KeyGen (λ //Input: λ securty parameter //Output: sk h secret hash key // sk t secret publc tag key // pk t publc tag key begn Choose 2 random numbers sk t, sk h Є Z p skt Compute pkt g2 G2 2. Tag Generaton Algorthm -TagGen(M, sk t, sk h Algorthm TagGen (M, sk t, sk h //Input: M encrypted fle // sk h secret hash key // sk t secret publc tag key //Output: T set of tags begn Choose s random values x 1, x 2, x s. Є Z p Compute x u for each data block m Compute for e: G1G2 h :{0,1} G GT g1 G1 [1, s] s t ( h( skh, W. u 1 1 A Flexble Audtng Mechansm for Storages n Cloud Computng m skt W = FID. FID = dentfer of data. = block number of m. 3. Challenge Algorthm - Chall (M nfo Algorthm Chall (M nfo // Input: M nfo Abstract nformaton of data // Output: C Challenge begn Select some data blocks and construct challenge set Q for each chosen block m Generate random numbers v Є Z p Compute challenge stamp for return C=({,v } ЄQ,R where r = randomly chosen number 4. Proof Algorthm - Prove (M,T,C Algorthm Prove (M,T,C //Input: M Fle // T Tag from audtor // C Challenge //Output: P= (TP,DP Proof // TP Tag Proof // DP Data Proof begn Generate tag proof v Compute sector lnear combnaton Generate data proof where r DP. e( H chal, pkt e( TP, g2 M.R. Thansekhar and N. Bala (Eds.: ICIET End R ( pkt 5. Verfcaton Algorthm - Verfy (C,P, sk h, pk t,m nfo The output of ths algorthm s 0 means then, the ntegrty of the cloud data s compromsed. Algorthm Verfy (C,P, sk h, pk t, M nfo // Input: T tag from audtor // C challenge // sk h secret hash key // pk t publc tag key // M nfo abstract nformaton of data // Output: 0 or 1 begn Compute dentfer hash values h=(sk h,w. Compute challenge hash r TP DP Q r Z p Verfes the proof by verfcaton equaton t MP v. m Q s 1 Q e( u, R H h( skh, W chal MP rv

5 A Flexble Audtng Mechansm for Storages n Cloud Computng f both the values are equal then return 1 else return 0 f V.CONSTRUCTION OF THE AUDIT SCHEME Ths scheme ncludes a 2-move nteractve proof protocol, whch also provdes prvacy protecton property to ensure the confdentalty of secret data. 5.1 Notatons Let be a keyed hash famly of functons H k : The collson resstance hash functon SHA1 s used, where the probablty s over random choce s made. Ths hash functon can be obtaned from n {0,1} {0,1} H { H k } hash functon of BLS sgnatures.blnear parngs proposed by Boneh and Frankln [11] s used. Let G and G T be two multplcatve groups usng ellptc curve conventons wth a large prme order p. The functon e be a computable blnear map e : G x G-> G T. wth the followng propertes: 1 Blnearty2 Nondegeneracy and 3 Computablty. The fle s encrypted usng collson resstance algorthm by usng the blnear mappng and then the tags are generated for ths fle whch s fragmented. 5.2 Constructon for Dynamc Audtng Data update. There are three types of data update operatons that can be used by the owner: modfcaton, nserton, and deleton. For each update operaton, there s a correspondng algorthm n the dynamc audtng to process the operaton and facltate the future audtng, defned as follows: Data update. There are three types of data update Operatons that can be used by the owner: modfcaton, nserton, and deleton. For each update operaton, there s a correspondng algorthm n the dynamc audtng to process the operaton and facltate the future audtng, defned as follows: Modfy( m, sk t, sk ( Msg h modfy The modfcaton algorthm takes as nputs the new verson of data block m,the secret tag key sk t, and the secret hash key sk h. Itgenerates a new verson number V, new tme stamp T,and calls the TagGen to generate a new data tag t for data. Insert ( m, sk, sk t h ( Msg, t nsert The nserton algorthm takes as nputs the new data block m, the secret tag key sk t, and the secret hash key sk h. It nserts a new data block m before the th, t poston. It generates an orgnal number B, a new verson number V, and a new tme stamp T. Then, t calls the TagGen to generate a new data tag t for the new data block m. It outputs the new tag t and the update message Then, t nserts the new par of data block and tag (m,t on the server and ss the update message Msg nsert to the audtor. Msg (, B, V, T nsert Delete( m Msg delete The deleton algorthm takes as nput the data block m. It outputs the update message Msg delete (, B, V, T. It then deletes the par of data block and ts tag (m, t from the server and ss the update message Msg delete to the audtor. VI CONCLUSION In ths paper, a flexble audtng mechansm was proposed by usng Blnearty property of blnear parng and also supports audt for dynamc operatons. Ths enhances the performance of TPAs. REFERENCES [1] Yan Zhu, Gal-Joon Ahn, Hongxn Hu, Stephen S. Yau, Ho G. An, and Chang-Jun Hu, Dynamc Audt Servces for Outsourced Storages n Clouds, IEEE Transactons on Servces Computng, Vol. 6, No. 2, Aprl-June [2] A. Juels and B.S. Kalsk Jr., PORs: Proofs of Retrevablty for Large Fles, Proc. ACM Conf. Computer and Communcatons Securty (CCS 07, pp , [3] M. Mowbray, The Fog over the Grmpen Mre: Cloud Computng and the Law, Techncal Report HPL , HP Lab., [4] A.A. Yavuz and P. Nng, BAF: An Effcent Publcly Verfable Secure Audt Loggng Scheme for Dstrbuted Systems, Proc. Ann. Computer Securty Applcatons Conf. (ACSAC, pp , [5] G. Atenese, R.C. Burns, R. Curtmola, J. Herrng, L. Kssner, Z.N.J. Peterson, and D.X. Song, Provable Data Possesson at Untrusted Stores, Proc. 14th ACM Conf. Computer and Comm.Securty, pp , [6] G. Atenese, R.D. Petro, L.V. Mancn, and G. Tsudk, Scalable and Effcent Provable Data Possesson, Proc. Fourth Int l Conf. Securty and Prvacy n Comm. Netowrks (SecureComm, pp. 1-10,2008. [7] C.C. Erway, A. Ku pc u, C. Papamanthou, and R. Tamassa, Dynamc Provable Data Possesson, Proc. 16th ACM Conf. Computer and Comm. Securty, pp , [8] H. Shacham and B. Waters, Compact Proofs of Retrevablty, Proc. 14th Int l Conf. Theory and Applcaton of Cryptology and Informaton Securty: Advances n Cryptology Advances n Cryptology,(ASIACRYPT 08, J. Peprzyk, ed., pp , [9] A.R. Yumeref and J.S. Chase, Strong Accountablty for Network Storage, Proc. Sxth USENIX Conf. Fle and Storage Technologes (FAST, pp , [10] M. Xe, H. Wang, J. Yn, and X. Meng, Integrty Audtng of Outsourced Data, Proc. 33rd Int l Conf. Very Large Databases (VLDB, pp , [11] C. Wang, Q. Wang, K. Ren, and W. Lou, Prvacy-Preservng Publc Audtng for Data Storage Securty n Cloud Computng, Proc. IEEE INFOCOM, pp. 1-9, M.R. Thansekhar and N. Bala (Eds.: ICIET