ISSN Vol.08,Issue.16, October-2016, Pages:

Transcription

1 ISSN Vol.08,Issue.16, October-2016, Pages: Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation VEDIRE AJAYANI 1, K. TULASI 2, DR P. SUNITHA 3 1 PG Scholar, Dept of CSE, Siddhartha Institute of Engineering and Technology, Ibrahimpatnam, Hyderabad, Telangana, India. 2 Assistant Professor, Dept of CSE, Institute of Engineering and Technology, Ibrahimpatnam, Hyderabad, Telangana, India. 3 Professor & HOD, Dept of CSE, Institute of Engineering and Technology, Ibrahimpatnam, Hyderabad, Telangana, India. Abstract: In past years, the rapid development of cloud storage services makes it easier than ever for cloud users to share data with each other. To ensure users confidence of the integrity of their shared data on cloud, a number of techniques have been proposed for data integrity auditing with focuses on various practical features, e.g., the support of dynamic data, public integrity auditing, low communication/computational audit cost, low storage overhead. However, most of these techniques consider that only the original data owner can modify the shared data, which limits these techniques to client read-only applications. Recently, a few attempts started considering more realistic scenarios by allowing multiple cloud users to modify data with integrity assurance. Nevertheless, these attempts are still far from practical due to the tremendous computational cost on cloud users, especially when high error detection probability is required by the system. In this paper, we propose a novel integrity auditing scheme for cloud data sharing services characterized by multi-user modification, public auditing, high error detection probability, efficient user revocation as well as practical computational/communication auditing performance. Our scheme can resist user impersonation attack, which is not considered in existing techniques that support multi-user modification. Batch auditing of multiple tasks is also efficiently supported in our scheme. Extensive experiments on Amazon EC2 cloud and different client devices (contemporary and mobile devices) show that our design allows the client to audit the integrity of a shared file with a constant computational cost of 340ms on PC (4.6s on mobile device) and a bounded communication cost of 77KB for 99% error detection probability with data corruption rate of 1%. Keywords: Public integrity auditing, dynamic data, victor commitment, group signature, cloud computing. I. INTRODUCTION A. Cloud Computing Cloud computing is nothing but internet based computing which made revolution in today's world. It is the biggest innovation which uses advanced computational power and improves data sharing and data storing capabilities. Cloud is a large group of interconnected computers, which is a major 2016 IJATIR. All rights reserved. change in how we store information and run application. Cloud computing is a shared pool of configurable computing resources, on demand network access and provisioned by the service provider. The advantage of cloud is cost savings. The prime disadvantage is security. The cloud computing security contains to a set of policies, technology & controls deployed to protect data, application & the associated infrastructure of cloud computing. Some security and privacy issues that need to be considered the only thing was the cloud computing lacks regarding the issues of data integrity, data privacy, and data accessed by unauthorized members. B. Data integrity Integrity is nothing but consistency. It is a major factor that affects on the performance of the cloud. Data integrity contains protocols for writing of the data in a reliable manner to the persistent data storages which can be retrieved in the same format without any changes later. Maintaining integrity of shared data is quite difficult task. Numbers of mechanisms have been proposed to protect integrity of data. Concept of attaching Signature to each block of data is used in these mechanisms. Data Integrity is most important of all the security issues in cloud data storages as it ensures completeness of data as well as that the data is correct, accessible, consistent and of high quality. Data model consist of three types of integrity constraints: Entity integrity Referential integrity Domain integrity C. Public Data Auditing in Cloud On cloud we can able to store data as a group and share it or modify it within a group. In cloud data storage contains two entities as cloud user (group members) and cloud service provider/ cloud server. Cloud user is a person who stores large amount of data on cloud server which is managed by the cloud service provider. User can upload their data on cloud and share it within a group. A cloud service provider will provide services to cloud user. The major issue in cloud data storage is to obtain correctness and integrity of data stored on the cloud. Cloud Service Provider (CSP) has to provide some form of mechanism through which user will

2 get the confirmation that cloud data is secure or is stored as it is. No data loss or modification is done by unauthenticated member. To achieve security data auditing concept is come into picture. This can be achieved in 2 ways as Without trusted third party With trusted third party based on who does the verification. In cloud computing architecture data is stored centrally and managing this centralized data and providing security to it is very difficult task. TPA is used in this situation. The reliability is increased as data is handled by TPA but data integrity is not achieved. TPA uses encryption to encrypt the contents of the file. It checks data integrity but there is threat of TPA itself leaks user's data. Researchers of specify way to achieve storage correctness without Trusted Third Party (TTP). They achieve this by using secure key management, Flexible access right managements and light weight integrity verification process for checking the unauthorized change in the original data without requesting a local copy of the data. II. EXISTING AND PROPOSED SYSTEMS A. Existing System In existing techniques that support multi-user modification batch auditing of multiple tasks only the data owner holds secret keys can modify the data and all other users who share data with the data owner only have read permission. If these solutions are trivially extended to support multiple writers with data integrity assurance, the data owner has to stay online, collecting modified data from other users and regenerating authentication tags for them. Obviously, this kind of trivial extension will introduce a tremendous workload this kind of situation occurs many times, being it internationally or not, with existing cloud storage platforms. As our design efficiently supports batch auditing, we can audit all development files at the same time to save cost. Thus, our scheme can be easily applied to existing VCSs to efficient support integrity assurance without changing their original design. B. Proposed System Wish to have a way of auditing the cloud server to ensure that the server stores all their latest data without any corruption. To offer such a service, a series of schemes have been proposed. However, for most of these existing schemes, only the data owner in cloud have both read and write privileges, Wang proposed a public integrity auditing scheme using ring signature-based homomorphic authenticators. Nevertheless, the scalability of ref last but not least, our proposed scheme allows aggregation of integrity auditing operations for multiple tasks (files) through our batch integrity auditing technique, which promote our scheme in terms of auditing efficiency and data corruption detection probability. The TPA refers to any party that checks the integrity of data being stored on the cloud. As our proposed scheme allows public integrity auditing, the TPA can actually be any cloud user as long as he/she has access to the public keys. VEDIRE AJAYANI, K. TULASI, DR P. SUNITHA C. Modules 1. Data Owner 2. Third Party Auditor 3. Data Sharing 1. Data Owner Data Owner Registration: In this module an owner has to upload its files in a cloud server, he/she should register first. Then only he/she can be able to do it. For that he needs to fill the details in the registration form. These details are maintained in a database. Owner Login: In this module, any of the above mentioned person have to login, they should login by giving their id and password. User Registration: In this module if a user wants to access the data which is stored in a cloud, he/she should register their details first. These details are maintained in a Database. User Login: If the user is an authorized user, he/she can download the file by using file id which has been stored by data owner when it was uploading. 2. Third Party Auditor Third Party Auditor Registration: In this module, if a third party auditor TPA (maintainer of clouds) wants to do some cloud offer, they should register first. Here we are doing like, this system allows only three cloud service providers. Third Party Auditor Login: After third party auditor gets logged in, He/ She can see how many data owners have uploaded their files into the cloud. Here we are providing three TPA for maintaining three different clouds. 3. Data Sharing We only consider how to audit the integrity of shared data in the cloud with static groups. It means the group is predefined before shared data is created in the cloud and the membership of users in the group is not changed during data sharing. The original user is responsible for deciding who is able to share her data before outsourcing data to the cloud. Another interesting problem is how to audit the integrity of shared data in the cloud with dynamic groups a new user can be added into the group and an existing group member can be revoked during data sharing while still preserving identity privacy. III. ARCHITECTURE DIAGRAM File Upload: File owner allowed uploading data on the cloud either for their private or public use. They act as a Group Manager for the file they upload in cloud. Both the original user and group users are able to access, download and modify shared data. Shared data is divided into a number of blocks. A user in the group can modify a block in shared data by performing an insert, delete or update operation on the block.

3 Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation File Auditing: If a user edited a data then the auditor will monitor the user and report to the owner about the edited data. The group manager will monitor the changes in the file and if he founds any discrepancy auditor has full rights to relocate from his particular group. The public verifier can audit the integrity of shared data without retrieving the entire data from the cloud, even if some blocks in shared data have been re-signed by the cloud. Fig.1. System Architecture. Re-assigning: On one hand, once a user is revoked from the group, the blocks signed by the revoked user can be efficiently resigned. More specifically, the proxy is able to convert a signature of Alice into a signature of Bob on the same block. Mean while, the proxy is not able to learn any private keys of the two users, which means it cannot sign any block on behalf of either Alice or Bob. Group Sharing: Data owner will store their data in the cloud and share the data among the group members. Who upload the data have rights to modify and download their data in the cloud. He can also set rights to other users in his group to edit or download data. Access control: Cloud Server allows only the authorized group member to store their data in the cloud offered by cloud service providers as Sass and it won t allow unauthorized group member to store their data in the cloud. User Revocation: If a user wishes to revoke from a group their request regarding revocation will be forwarded to the auditor where auditor will check to it and revoke the user from group. The user revocation is secure because only existing users are able to sign the blocks in shared data even with a re-signing key, the cloud cannot generate a valid signature for an arbitrary block on behalf of an existing user. In addition, after being revoked from the group, a revoked user is no longer in the user list, and can no longer generate valid signatures on shared data. IV. PERFORMANCE EVALUATION In this section, we provide both the numerical and the experimental analysis of our scheme and conduct the computation time cost comparison. A. Numerical Analysis In this section, we conduct the numerical analysis of our scheme and compare the scheme. First of all, all of the three schemes require one-time expensive computational effort in the Setup phase. Then, our scheme is secure against the collusion attack of the cloud storage server and the revoked users in the efficient scheme, and it is also efficient, since the computational resources invested by the client is independent on the size of the database. The reason is that, most of the expensive computation overhead is outsourced to the cloud storage server. Finally, the cloud storage server stores the entire database and its relevant materials. Thus, except some private key materials, the group users do not require to store any data locally. We provide the time cost simulation for our scheme in different phases and the Table 1 presents the numerical analysis of computation of our scheme and two other schemes related. For the convenience of analysis, we denote by Mul a multiplication in G (G 1, G 2 and G T ), Exp an exponentiation in G, Pair a computation of the pairing, and Hash a regular hashing operation. We omit other operations such as addition in G for all the schemes. As shown in Table 1, in the Query algorithm of our scheme, the computation overhead increases with the database item q. However, we need to remark that the server does not need to compute the proof each time. The reason is that the proof is identical for the same data item and the server only needs to compute once for the first query on each index. Thus, the server could adopt some storage overhead to reduce the computational cost in the Query algorithm. Table 1. Performance evaluation and comparison Compare with scheme, the Verify algorithm of our scheme bring much more computation overhead. The reason is that scheme adopts the delegation technology for data updating. In our scheme, to prevent the attack against the collusion of the malicious and revoked group users, we adopt the group signature scheme with secure group user revocation. Although the Verify algorithm bring much more computational overhead than scheme, it is important that it is a constant part of our scheme. In the Update and Proof Update algorithms, the computation cost of our scheme and the scheme grow with the increase of data elements (data items in our scheme). For the User Revocation algorithm, all the computation time cost grows with the increase of the

4 VEDIRE AJAYANI, K. TULASI, DR P. SUNITHA challenge blocks (items) number. The different is that, scheme is efficient because the computation time cost will not grow with the increase of the group users. Thus, their scheme provides constant computation overhead with different group size. The computation time cost of our scheme grows with the revoked users number z, which is different from the scheme growing with the increase of the group user s number. Since it is reasonable that the revoked users number z is small than the group users d, we use 2z = d in our simulation. Fig.5. Proof Update Time Cost Fig.2. Query Time Cost. Fig.3. Verify Time Cost. Fig.4. Update Time Cost. Fig.6. User Revocation Time Cost. B. Experimental evaluation In this section, we evaluate the thorough experimental evaluation of our scheme. Our experiments are simulated with the pairing-based cryptography library (PBC) on Linux Machine with Intel r CoreTM2 Duo Processor T9500 running at 2.60GHz and 3G memory. To precisely evaluate the computation complexity at different entities, we simulate all the entity on this machine. As shown in Fig.2, the Query time cost of our scheme is linear with the data items number q, which will take approximately 4 seconds to query about 1000 data items. However, we need to emphasize that the computation cost is at the cloud storage server side, which is very powerful compare with the Linux system running on our laptop. Moreover, the server does not need to run the whole Query algorithm every time as analyzed in the previous section. Actually, in the Verify algorithm, the

5 Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation computation overhead mostly comes from the group signature scheme. More precisely, to verify the validity of this phase, we need firstly to verify the integrity of the signature, which means that our scheme need to generate the time casted parameters such as R 1, R 2, and R 3. Actually, the computation time cost of our scheme a constant number. Also, it is around 5 times that of the most efficient scheme. In the Fig.4, we show the data update computation comparison with scheme, and both their computation overheads grow with the increase of the element number in each block. In the Poof Update algorithm, as shown in Fig.5, the computation time cost grows with the increase of the elements number of each block and the number of selected challenging data blocks. Actually, the data blocks contain data elements in scheme while not in our scheme. It is interesting that, if we do not consider the data elements in the scheme, the computation overhead of the two schemes in with the same challenging number are almost the same. The User Revocation algorithm simulation in Fig.6 shows that scheme is the most efficient one. Compare with scheme whose computation overhead grows rapidly with the increase of group users number and the selected challenging blocks number, scheme and our scheme have a flatting growth. The reason is that, scheme has to consider the whole group users number, while the computation time cost in our scheme is related to the revoked group users. It means that we need to verify e (T 2 /A, ˆu)? = e (T 1, ˆv) for each user in the revocation list. The best scheme is whose computation overhead is irrelevant to the group user s number. They achieve this by allowing the cloud storage server to re-compute the authentication tag of blocks last modified by a revoked group user. We analyze this tag update delegation way in the previous section and point out that it is not secure against the cloud storage server and revoked group users collusion attack. V. RESULT Fig8. The above fig shows the design for generate the public and private keys for upload and download files on cloud. Fig9. The above fig shows the design for sending the files to the verifier for auditing. Fig7. The above fig shows the design for Employee login form if existing employee can login. Fig10. The above fig shows the design for verify the group signature if signature is correct and gets the private key and Encrypted Files.

6 VEDIRE AJAYANI, K. TULASI, DR P. SUNITHA Fig11. The above fig shows the design for upload the encrypted files and private key to get decrypt the file. Fig12. The above fig shows the design for metadata verification on the cloud file. Fig12. The above fig shows the design for send the revocation request to the cloud. If the username and password is correct member can be revoked from the cloud. Fig13. The above fig shows the design for viewing the request sent by Manager. Fig13. The above fig shows the design for two layer verification for Group Member before sent file request to Group Manger. V. CONCLUSION Cloud computing is world's biggest innovation which uses advanced computational power and improves data sharing and data storing capabilities. It increases the ease of usage by giving access through any kind of internet connection. As every coin has two sides it also has some drawbacks. Privacy security is a main issue for cloud storage. To ensure that the risks of privacy have been mitigated a variety of techniques that may be used in order to achieve privacy. This paper showcases some privacy techniques and different methods for overcoming the issues in privacy on UN trusted data stores in cloud computing. There are still some approaches which are not covered in this paper. This paper categories the methodologies in the literature as encryption based methods, access control based mechanisms, query integrity/keyword search schemes, and audit ability schemes. Even though there are many techniques in the literature for considering the concerns in privacy, no approach is highly developed to give a privacypreserving storage that overcomes all the other privacy concerns. Thus to handle all these privacy concerns, we need to develop privacy preserving framework which handle all the worries in privacy security and strengthen cloud storage services.

7 Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation VI. REFERENCES [1] Tao Jiang, Xiaofeng Chen, and Jianfeng Ma, Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation, IEEE Transactions on Computers. [2] Amazon. (2007) Amazon simple storage service (amazon s3).amazon. [Online]. Available: [3] Google. (2005) Google drive. Google. [Online]. Available: [4] Dropbox. (2007) A file-storage and sharing service. Dropbox. [Online]. Available: [5] Mozy. (2007) An online, data, and computer backup software.emc.[online].available: [6] Bitcasa. (2011) Inifinite storage. Bitcasa. [Online]. Available: [7] Memopal. (2007) Online backup. Memopal. [Online]. Available: [8] M. A. et al., Above the clouds: A berkeley view of cloud computing, Tech. Rep. UCBEECS, vol. 28, pp. 1 3, Feb [9] M. Rabin, Efficient dispersal of information for security, Journal of the ACM (JACM), vol. 36(2), pp , Apr [10] J. G. et al. (2006) The expanding digital universe: A forecast of worldwide information growth through IDC. [Online]. Available: Whitepaper [11] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, Provable data possession at untrusted stores, in Proc. of ACM CCS, Virginia, USA, Oct. 2007, pp [12] A. Juels and B. S. Kaliski, Pors: Proofs of retrievability for large files, in Proc. of ACM CCS, Virginia, USA, Oct. 2007, pp