ADVANCES in NATURAL and APPLIED SCIENCES

Transcription

1 ADVANCES in NATURAL and APPLIED SCIENCES ISSN: Published BY AENSI Publication EISSN: May 10(5): pages Open Access Journal An Efficient Proxy Re-Signature Technique for Preserving Data Integrity in Cloud 1 M.Nithya, 2 S.R.Thahamina, 3 M.Sandhiya 1 Assistant Professor, 2 UG Scholar, 3 UG scholar Department of Computer Science and Engineering, SNS College of Technology Address Received February 2016; Accepted 18 April 2016; Available 25 April 2016 Address For Correspondence: M.Nithya, Assistant Professor, UG Scholar, UG scholar Department of Computer Science and Engineering, SNS College of Technology Address mail2nithyacse@gmail.com Copyright 2016 by authors and American-Eurasian Network for Scientific Information (AENSI Publication). This work is licensed under the Creative Commons Attribution International License (CC BY). ABSTRACT A man s dream is to go cloud. But, nowadays this is achieved by using a new technology called cloud computing. Security is the major concern in cloud computing. In cloud storage, datas are easily modified by the attackers. To overcome this data modification problem in cloud storage, in this paper a novel Proxy Re-signature technique called Homomorphic Authenticable Proxy Resignature is used for enhancing data security by using public verifier. Public Verifier will verify the integrity of shared data without accessing the entire data from the cloud storage and also digital signature is attached to each block of message. With this digital signature, individual users can access the data in the cloud storage. Whenever the attacker modifies the block of data in the cloud means signature is provided to user for modifying the particular block. KEYWORDS: Digital signature, Public verifier, Data integrity, Homomorphic Authenticable Proxy Re-signature, Group manager INTRODUCTION Today, Cloud Computing is a new borned technology for sharing resources via internet. The main aim of cloud computing is to protect the data that has been stored in one centralized location called cloud storage and also to prevent the data access from the attackers an efficient encryption mechanism is needed for preserving the security of data in the cloud storage for both cloud providers and cloud users[1], [5]. The following Fig. 1 represents the security in cloud computing. This encryption scheme assures the information security and integrity by attaching signature to each block of message. Security is needed while transmitting data and data storage Cloud data Transmit Storage Security y Processing Fig. 1: Cloud Computing Security To Cite This Article: M.Nithya, S.R.Thahamina, M.Sandhiya., An Efficient Proxy Re-Signature Technique for Preserving Data Integrity in Cloud. Advances in Natural and Applied Sciences. 10(5); Pages:

2 224 M.Nithya et al., 2016/ Advances in Natural and Applied Sciences. 10(5) May 2016, Pages: In cloud computing, data s are stored in the encrypted form that is called cipher text and cloud user can access the data in the decrypted form called plain text. Since the data s are encrypted only by using keys and the type of key varies based on various encryption methods. Therefore there is a chance for the attacker to guess the keys. If the attacker guesses the key means the data are lost that has been stored in cloud storage. Therefore, by using normal encryption algorithms only less security is achieved in cloud computing. So, for enhancing security and data integrity, proxy Re-signature schemes [3], [4] are used. In proxy Re-signature the individual users can access the data in the cloud storage by using digital signature [6]. Digital signature is one of the public key techniques and is used for data authentication. In digital signature, signer and verifier plays a major role. Signer uses a secret key for signing and the key that is used for signing is called signature key. Verifier uses a public key for verifying and the key that is used for verifying is called verification key. Whenever the attacker modifies the information in cloud storage, signature is provided to the user for modifying particular data. If the data s are altered by the attacker means the data owner can access their stored data in the cloud storage by resigning the data that has been already signed by the attacker. For resigning, the existing user must download the whole information and sign the data and in these schemes blockless verifiability and non-malleability is not achieved. Therefore data integrity is not preserved in cloud and also data integrity is affected by considering the following three important things. Cloud provider sometimes exposes their shared data to external users due to failures in hardware and software. Attackers can access and modify the shared data in cloud storage. So the original users can access the incorrect data. Revoked user does not have the right of existing users to modify the data stored in cloud but revoked uses can access the modified data illegally. With these considerations, cloud users don t have trust in cloud storage without preserving the data integrity. To overcome these problems, a novel proxy Re-signature technique called Homomorphic Authenticable Proxy Re-signature (HAPS) is used for preserving the enhanced data integrity. In this method, data is splitted into different number of blocks and for each block, a signature is attached. If the data is shared by data owner means the shared data is splitted into blocks and for each block data owner assigns the signature and also data owner will compute the signature for other group users. Once a user from group misbehaves means data owner can revoke a user and that revoked user become an invalid user to the group and after that data owner can resign the block that was already signed by the revoked user. By doing this, data integrity is achieved while sharing the data between different users in the group. Related Work: To assure security in cloud computing, various encryption schemes are used. Homomorphism encryption is a form of encryption that allows mathematical calculations to be carried out on cipher text thus generating an encrypted result and when decrypted the result matches the operations performed on the plaintext. Homomorphic encryption would allow the chaining together of different services without exposing data to each of those services [10]. Homomorphic encryption performs addition and multiplication operations as mathematical operations on the encrypted data and for decrypting the data, first mathematical operations is performed and after that secret key is used to decrypt the data. There are two types of homomorphic encryption schemes: Somewhat Homomorphic Encryption (SHE) and Fully Homomorphic Encryption (FHE)[8],[11]. These two encryption schemes are used to perform the limited number of mathematical operations over the encrypted and decrypted data. Security is breached due to the limited number of operations. Our Contributions: To overcome the above problems, a novel Proxy Re-signature technique called Homomorphic Authenticable Proxy Re-signature (HAPS) is used for guaranteeing the data integrity and also verifies many auditing tasks at a time by using batch auditing technique. A. Homomorphic Authenticable Proxy Re-signature(HAPS): HAPS is a special type of proxy re-signature technique that uses public verifier for enhancing data security. Public verifier will verify the integrity of shared data without accessing the entire data from the cloud storage. HAPS satisfy the two important properties. They are blockless verifiability and non-malleability. Blockless verifiability ensures that the public verifier checks the data integrity without retrieving the entire data from cloud storage. Non-malleability guarantees that valid signatures are not generated by the attacker by combining the existing user signature of the same block. The following Fig.2 represents the overall system architecture of HAPS.HAPS system architecture contains three entities. They are group user, the group creator and public verifier. Group creator is an entity used to add user in a group and also maintains id for each user in the list.the id list of group user is maintained by the group creator called User List (UL).Group creator is also referred as group manager or data owner. The main role of group creator is to create and share the data in the cloud storage. In cloud storage, the data that is

3 225 M.Nithya et al., 2016/ Advances in Natural and Applied Sciences. 10(5) May 2016, Pages: shared by the group creator is organized in the form of blocks and a signature is attached to each block of data. Other group users can compute signature for each block of data. Once a user in the group modifies the block means, this user also resign the modified data block by using his/her own secret key. While sharing the data, different users in a group are signed in different blocks to prevent the modifications of data from different users in a group. Once a user from a group misbehaves means data owner can revoke a user and that revoked user become an invalid user to the group and after that data owner can resign the block that was already signed by the revoked user. By doing this, data integrity is achieved while sharing the data between different users in a group and data owner. Next entity is public verifier. The job of public verifier is to ensure the correctness of data and the correctness of the data depends on the signatures between group user and group creator. Public verifier is also called as proxy or cloud or Third Party Auditor (TPA). Proxy acts as a medium for converting the signatures between the two different users. Fig. 2: System Architecture of HAPS Operational Description: HAPS technique consists of five modules: KeyGen, Sign, Resign, Rekey and Verify. A. KeyGen: Key Generation (KeyGen) module is used to create public key and private key for all the users in the group by using Decisional Bilinear Diffie Hellman (DBDH) assumption. Algorithm for KeyGen: For every user in the group u A, sk A = x A pk A = g x A where sk A is the secret key of group creator, pk A is the public key of group creator and u A is the group user. B. Sign: Whenever the data owner shares the data in the cloud, he/she divides the data into number of blocks and attach the signatures to them. If one user in a group alters a block of data means for that block signature is recomputed. Algorithm for Sign: α = (Hash(ug id )w m )ab G where α is the signature, ug id is the id of each user in group,

4 226 M.Nithya et al., 2016/ Advances in Natural and Applied Sciences. 10(5) May 2016, Pages: G is the bilinear group, m is the block of data and ab is the original data. C. Resign: Resign module is used by the Proxy for converting the revoked user signature into original user signature. This conversion is necessary because in this original user is an group manager and he/she secures the shared data. Priority List (PL) is maintained for resigning the key whenever revoked user misbehaves from the group. Algorithm for ReSign: α == (Hash(id l )w ml ) xb ) Where α is the resigning block with new signature id l is the block identifier and ml is the message block. D. ReKey: In Rekey module, resigning key is assigned by the public verifier for each user in a group. Once a user from a group misbehaves means the data owner can revoke a user and that revoked user become an invalid user to the group and after that data owner can resign the block that was already signed by the revoked user. Algorithm for ReKey: Group manager u A sends R/x A to group user u B, where sk A = x A Group manager ua sends R x B / x A to the public verifier where sk B = x B The public verifier ensures the integrity RkA B = x B / x A Z Where sk A is the secret key of group manager A, x A is the signature of group manager A, sk B is the secret key of group user B, x B is the signature of group user B, R is the signature of group manager and Rk is the resigning key. E. Verify: In Verify module, the Public verifier is to ensure the correctness of data and the correctness of the data depends on the signatures between group user and group creator.if the both the signatures of group user and group creator matches then the public verifier produce the output as 1 otherwise it produce the output as 0. Algorithm for Verify: p(α,g) = p(hash(id l )w ml, pk A ) where p is the public verifier, id l is the block identifier, ml is the message block, α is the signature and pk A is the public key of group manager A. Performance Evaluation: The performance of the proposed HAPS method is compared with the existing HME method by using a parameter called data integrity. In the existing Homomorphic Encryption (HME) method, attackers can easily access the data directly from the cloud storage and there is no intermediate medium in-between such as proxy. But in our proposed HAPS method, correctness of the data is achieved by using intermediator. While sharing the data, different users in a group are signed in different blocks to prevent the modifications of data from different users in a group. In this way, data integrity is achieved in HAPS. The performance of both existing and proposed work is shown in Fig.3

5 227 M.Nithya et al., 2016/ Advances in Natural and Applied Sciences. 10(5) May 2016, Pages: Data integrity in % HME Methods HAPS Fig. 3: Data integrity Conclusion: Securing the data is the main concern in cloud computing. In our proposed work, proxy is used as a public auditor for ensuring the correctness of data and the data loss can be easily predicted by comparing the signature of both external users and data owner. In the future work, lazy re-encryption is used for achieving better data integrity. REFERENCES 1. Armbrust, S.M., A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I. Stoica and M. Zaharia 2010,A View of Cloud Computing, Communications of the ACM, 53(4): Wang, Q., C. Wang, J. Li, K. Ren and W. Lou, Enabling Public Verifiability and Data Dynamic for Storage Security in Cloud Computing, in the Proceedings of ESORICS Springer-Verlag, pp: Ateniese and S. Hohen berger, Proxy Re-signatures: New Definitions, Algorithms and Applications, in the Proceedings of ACM CCS, pp: Wang, B. Li, and H. Li, Public Auditing for Shared Data with Efficient User Revocation in thecloud, in the Proceedings of IEEE INFOCOM pp: Wang, S.S. Chow, M. Li and H. Li, Storing Shared Data on the Cloud via Security-Mediator, in Proceedings of IEEE ICDCS. 6. Wong, R.C., J.Y. Li, A.W. Fu, (a, k)-anonymity: An Enhanced k- Anonymity Model for Privacy- Preserving Data Publishing, In Proceedings of the 12th ACM SIGKDD, International Conference on Knowledge Discovery and Data Mining, pp: Yao, C. Andrew, How to Generate and Exchange Secrets, In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pp: Pascal Paillier, Public-key cryptosystems based on composite degree residuosity classes, In 18th Annual Eurocrypt Conference (EUROCRYPT'99), Prague, Czech Republic, pp: Vidya Banu, R., N. Nagaveni, Evaluation of a perturbation-based Technique for privacy preservation in a multiparty clustering scenario, Information Sciences, 232: Weijia Yang, Sanzheng Qiao, A novel anonymization algorithm: Privacy protection and knowledge preservation, Expert Systems with Applications, 37: MahaTEBAA, Saïd EL HAJJI, Abdellatif GHAZI, Homomorphic Encryption Applied to the Cloud Computing Security, Proceedings of the World Congress on Engineering, I(4-6), London, U.K.