A Simple Secure Auditing for Cloud Storage

Transcription

1 A Simple Secure Auditing for Cloud Storage Lee-Hur Shing Institute of Information Science Academia Sinica Marn-Ling Shing University of Taipei Yu-Hsuan Yeh, Yan-Zhi Hu and Shih-Ci Dong Computer Science and Information Engineering Tamkang University Chen-Chi Shing Information Technology Radford University 1. INTRODUCTION ABSTRACT Cloud storage is a common service for users to store their important data in the cloud. It provides a dynamic, scalable storage place for any sort of user on-demand. From small businesses to corporations, the cloud is convenient as well as cost efficient so businesses won t need to pay for their own hardware. Hardware for storage is updating so rapidly that it is difficult for companies to keep up with the maintenance and cost. The cloud can store vast amounts of data which becomes a target for people who want sensitive data. Some cloud service providers have been known to manipulate data that has been stored into their servers. This paper searches an efficient way to test audits for data integrity. A SOA model is introduced, including owners of data, the cloud server, and a TPA to test audits. The proposed method specially uses public cryptography in its framework. A signature is added to the method to increase validity and security of the communicating parties. This method not only solves the problem of the traditional method of checking for data integrities, but also improves current proposed methods. KEYWORDS Data storage, privacy preserving, public auditability, cloud computing, delegation. Cloud computing provides businesses three types of services: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). IaaS only allows businesses to use the cloud on (mostly virtual) machines and networks. PaaS gives developers a software operating system environment to access database and web servers. SaaS provides users all necessary application software in the cloud [1]. Cloud computing uses virtualized storage and computing combined with modern Web technologies to provide reliable and scalable services on-demand. Service-oriented architectures (SOA) are architectures whose components are implemented as independent services. While virtualization creates efficiency through its simulation strategy of creating virtual computer systems, SOA are services that can not only be used by customers, but also by other services and applications. Cloud storage is an important cloud service in cloud computing, it not only lets users store their data in cloud storage but cloud storage also reduces the burden of storing in local computers. Businesses can reduce computing equipment investment overhead and future update cost using cloud computing. An increasing number of companies use the SaaS service, however companies using the service have no control of the infrastructure and its ISBN: SDIWC 234

2 platform. Companies face more security challenges as explained below [2]: (1) Although cloud computing has more computations than personal computers, it is still subject to internal and external threats. These threats may weaken the user's data integrity [3] [4]. For example, cloud storage servers sometimes break down or have system security vulnerabilities. (2) Cloud storage service providers may have dishonest motivations [5], e.g. Cloud storage servers may omit data users barely use, delete data users don t use, and claim data that is stored in the cloud to maintain their reputation. The traditional method to solve the problems above are: (1) Download all the data and check data integrities one by one. (2) To raise efficiency, we need to allow users to make sure their data is completely stored in the cloud storage. (3) The owner and the third party must sign a contract if the owner decides to hire someone to check the data integrities. The traditional method is not efficient for several reasons: i. Time consuming. The traditional method would require patience to compare data integrities one at a time. Owners don t have time for this sort of tedious work. ii. Not private. If anyone besides the owner of the data checks the integrity of the data, they would need access to the original data. iii. Costly. The longer it takes to check for data, the longer the owner will need to employ a third party. iv. Not secure. Without any method of security, unexpected parties may have access to sensitive data intentionally or unintentionally. A Third-party Auditor (TPA) who audits is the traditional method for guaranteeing the storage of data in the cloud, however using a public auditing service that audits the user s data my expose the data to the public. This is where the issue of privacy arises [6] [7] [8]. To solve the privacy preserving issue, it is important to design a method to ensure when a TPA is auditing a user s data in the cloud, the TPA won t be able to find the content or data type of the user s data. In this paper, we propose a new protocol to automate the traditional method: when the TPA is auditing a single user s data in a multiple cloud, it will have less computational overhead. It is important when the TPA finds out the data verification has failed, then the TPA can find out the dishonest server as quickly as possible. 2. LITERATURE REVIEW Dynamic data has attracted attention in recent literature on efficiently guaranteeing the integrity for remotely stored data. Ateniese et al. was the first to propose a partially dynamic version of the provable data possession (PDP) protocol scheme using only symmetric key cryptography but with a limited number of audits. PDP is a technique in storage outsourcing used for ensuring the integrity of data. Two drawbacks with this version is that each update operation required recreating all the remaining metadata and blocks could not be inserted [9]. In Wang et al. considered a similar support for partially dynamic data storage in a distributed scenario with an additional feature of data error localization [10]. In a subsequent work, Wang et al. proposes to combine BLS-based High- Level Architecture (HLA) with Merkle hash tree (MHT) to support fully data dynamics. BLS is a basic signature scheme. It consists of three steps including key generation, signing, and verification. MHT is an authentication structure intended to efficiently and securely prove that a set of elements are undamaged and unaltered [5]. Concurrently, Erway et al. developed a skip list based scheme to also enable provable data possession with full dynamics support [11]. However, the verification in both protocols requires the linear combination of sampled blocks as an input, like the designs in [6], [8], and thus does not support privacy-preserving auditing. We will first establish a simple model for ISBN: SDIWC 235

3 a cloud system and then propose a simple secure solution for auditing. 3. SYSTEM MODEL Cloud users who have large amounts of data files to be stored in the cloud; the Cloud server is managed by the cloud service provider to provide data storage service with significant storage space and computational resources. Third-party auditors such as lawyers have the expertise and capabilities that cloud users do not have and are trusted to assess the reliability of cloud storage service upon request (See Figure 1). Assume cloud users suspect data loss due to the cloud provider s actions and request to hire a TPA to audit. The TPA obtains response from the cloud service provider and has a temporary account that contains enough privilege to access the cloud server to conduct the audit for the employer s claim. 4. PROPOSED SCHEME In order to protect the privacy of the owner s data, the TPA should never be allowed to see the actual data. The general method for the scheme will be for the TPA to only access the hashed data rather than looking at the actual data. In Figure 2 is a graphical version of the proposed cryptographic scheme. Here, the Owner is the user. The Server is the owner's cloud provider's server that has his/her data. The Auditor represents the TPA. The scheme is described in the following steps: (1) First, with public key cryptography such as RSA, the owner generates a secret key (sk) and a public key (pk ), KeyGen(sk, pk). These two keys are for the TPA auditing only. Now the TPA and the owner share both secret and public keys and can later audit for multiple requests from the owner. (2) The owner creates an auditing information by hashing the data with the secret key sk and encrypts the data with the public key pk : E pk (H sk (Data)) or T. He/she then signs the auditing information using his/her private key skowner, called the complete package: TA, or E skowner (E pk (H sk (Data))). TA can be interpreted as a request for auditing to the cloud server. (3) The owner sends the request TA to the cloud server. The server receives the request and opens the package with owner s public key pkowner. The server at this time knows that the request was sent by the owner because of the owner s signature. The cloud server stores the encrypted hashed request T and waits for the TPA to send an auditing request for the package. Since the cloud server does not have the owner s auditing secret key sk, the server cannot modify the auditing information T. Now the owner needs to send a request for auditing to the TPA. (4) Now the owner first encrypts both secret and public keys generated from step (1) and the package TA using TPA s public key pktpa, i.e. (E pktpa (TA, sk, pk)) or TB. The owner then sends the encrypted package to the TPA as a request for auditing. Note that the hashed data within T in TA and TB are the same. (5) The TPA receives the request created by the owner in step (4). He/she decrypts it using his/her private key sktpa to get TA, sk and pk. The TPA uses the owner s public key pkowner to open up the request package TA. TPA now guarantees the auditing contract from the owner. After he/she using sk to further decrypt T, the hashed data H sk (Data) is available for auditing. (6) The TPA sends an auditing request to the cloud server to ask for auditing the owner s data. The cloud server performs challenge/response for the auditor for his/her identity. For example, the TPA sends a challenge C and the server responds with a proof P to confirm the transaction was in fact, from the cloud server. Finally, the TPA sends 0/1 to verify the response. ISBN: SDIWC 236

4 (7) After successfully identifying the TPA, the cloud server signs T with the server s private key skserver to guarantee that the information is from the server. Then the server encrypts the information with the TPA s public key pktpa and sends the encrypted data E pktpa ( E skserver (T)) to the TPA. (8) The TPA receives the signed, encrypted data from the server and uses his/her own private key sktpa to decrypt the information from the cloud server first and then use the server s public key pkserver decrypt it to get T. Furthermore, the TPA uses the auditing secret key sk to get the hashed data H sk (Data). (9) Now the TPA compares H sk (Data) that is obtained from step (5) and step (8) and looks for any differences in the hashes. If their values are the same, then he/she can trusts the cloud server s storage. Otherwise, the cloud server has not stored data correctly for the owner or has even deleted the data. 5. ASSUMPTIONS There are conditional factors that must be made for this system to work. (1) The owner must send the encrypted package to the cloud server before the TPA. If the owner sends the request to the TPA first and the TPA sends a request to the server, the cloud cannot verify that it was a request from the owner. (2) The owner must hash his/her data after every modification made to the data. If the owner does not hash the data every time a modification is made, the hashes may not match when the TPA compares the two hashes of the data. (3) TPA will never see the owner s actual data. The TPA should agree to never see the owner s actual data to protect the owner s privacy. (4) This proposal uses public cryptography in its framework. 6. FIGURES Figure 1. Figure 2 7. CONCLUSION The purpose of using hash for auditing information is that hashing is a technique for checking data integrity. If the data is manipulated, the hash of the data is also changed, therefore we can immediately find out that the data is not original, and that the Cloud Storage provider is not honest. When an owner suspects that their data is not being stored correctly, he/she can hire a TPA to audit his/her data. In a practical sense, the TPA can be considered as the owner s lawyer. The owner gives permission to the lawyer to check the server. The owner sends the server a notification to tell the server that someone will be checking on his/her behalf. The lawyer can gather enough evidence to accuse the server if the server is not storing the data correctly as promised as a cloud storage service. The lawyer does not see any sensitive data in this proposed scheme; the owner s privacy is secured. The cloud server cannot access the hashed data because the secret key wraps the data. The server ISBN: SDIWC 237

5 never knows what is actually inside the package. The unique part about this proposed method is that the owner generates two extra keys mentioned in step (1) that protects the data from ever being seen by anyone except the TPA. The signatures are also unique that the receiver of a request will know who the official sender was. This not only provides clarity for each party, but also prevents outside parties from copying or sending out multiple, unauthorized requests. REFERENCES [1] K. Chen, H. Lee, C. Shing, M. Shing, The Security Role and Task Assignments in Enterprise Systems and Cloud Computing, Proceedings of 2012 ACME conference, Rosemead, CA, July 13- July 14, [9] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, Scalable and Efficient Provable Data Possession, Proc. Int l Conf. Security and Privacy in Comm. Networks (SecureComm 08), pp. 1-10, [10] C. Wang, Q. Wang, K. Ren, and W. Lou, Towards Secure and Dependable Storage Services in Cloud Computing, IEEE Trans. Service Computing, vol. 5, no. 2, , Apr.-June [11] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, Dynamic Provable Data Possession, Proc. ACM Conf. Computer and Comm. Security (CCS 09), pp , [2] C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy- Preserving Public Auditing for Storage Security in Cloud Computing, Proc. IEEE INFOCOM 10, Mar [3] P. Mell and T. Grance, Draft NIST Working Definition of Cloud Computing, ml, June [4] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, Above the Clouds: A Berkeley View of Cloud Computing, Technical Report UCB- EECS , Univ. of California, Berkeley, Feb [5] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing, IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 5, pp , May [6] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, Provable Data Possession at Untrusted Stores, Proc. 14th ACM Conf. Computer and Comm. Security (CCS 07), pp , [7] M.A. Shah, R. Swaminathan, and M. Baker, Privacy- Preserving Audit and Extraction of Digital Contents, Cryptology eprint Archive, Report 2008/186, [8] H. Shacham and B. Waters, Compact Proofs of Retrievability, Proc. Int l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (Asiacrypt), vol. 5350, pp , Dec ISBN: SDIWC 238