Survey of Public Auditing of Shared Data with Multiple Third Party

Auditor with Efficient user Revocation in the Cloud

G.Shreedevi1, K.G.Arunkumar2 1PG Scholar, 2Assistant Professor, Department of Computer Science and Engineering,

Excel Engineering College, Komarapalyam, Nammakal, India.

Abstract

In cloud computing, users remotely store their

data into the cloud and use on-demand high-quality

applications by using a shared pool of configurable

computing resource. When users put their data of

large size on the cloud, the data integrity

protection is challenging. With information storage

and sharing services within the cloud, users will

simply modify and share information as a bunch.

Enabling public audit for cloud data storage

security is important. To make sure shared data

integrity is verified publically, users within the

cluster got to figure signatures on all the blocks in

shared information. Different blocks in shared

information are usually signed by totally different

users owing to information modifications

performed by different users. For security reasons,

once a user is revoked from the cluster, the blocks

that were signed by this revoked user should be re-

signed by existing user. The proposed systems have

a tendency to propose a completely unique public

auditing mechanism for the integrity of shared

information with economical user revocation in

mind. By utilizing the thought of proxy re-

signatures, we can have a first third party auditor

to create initial verification key and creating

revocation list. Additionally, another third party to

re-sign blocks on behalf of existing users

throughout user revocation, in order that existing

users don't have to transfer and re-sign blocks by

themselves is often ready to audit the integrity of

shared information while not retrieving the

complete information from the cloud. Moreover,

this mechanism is in a position to support secured

multiple auditing tasks at the same time.

1. Introduction

The cloud computing is a model for enabling

convenient, on demand network access to shared

pool of configurable resources such a networks,

servers, files storage, applications and services.

The cloud computing field is growing day by day

with an increasing number of businesses and

government

establishments going for cloud computing based

services. [1]

The cloud computing incorporate combination of:-

1. IaaS (Infrastructure as a Service)

2. PaaS (Platform as a Service)

3. SaaS (Software as a Service)

These are collectively called as *aaS (Everything

as a Service) which means a service oriented

architecture. Cloud computing is mainly used for

resource sharing and with very low-maintenance.

The cloud service providers (CSPs), such as

Amazon, are able to provide a various services to

cloud users with the help of powerful various

datacenters. Cloud Providers provides a

fundamental service is data storage (Storage as-a

service). An organisation allows its group members

in the same group or department to store and share

files in the cloud. By utilizing the cloud, the group

members can be completely released

from its local data storage and maintenance. A

significant risk arises in confidentiality of those

stored files. So, the users are not fully trusted the

cloud servers operated by cloud provider while

sensitive data stored in the cloud.

1.1 Data security issues in the cloud:

Securing data is always of vital importance and

because of the critical nature of cloud computing

and large amounts of complex data it carries, the

need is even important. Therefore, data privacy and

security are issues that need to be resolved as they

are acting as a major obstacle in the adoption of

cloud computing services. The major security

issues with cloud are:-

• Privacy and Confidentiality: Once the

clients outsource data to the cloud there must be

some assurance that data is accessible to only

authorized users. The cloud user should be assured

that data stored on the cloud will be confidential.

• Security and Data Integrity: Data

security can be provided using various encryption

and decryption techniques. With providing the

G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243

IJCTA | Mar-Apr 2015 Available online@www.ijcta.com

240

ISSN:2229-6093

security of the data, cloud service provider should

also implement mechanism to monitor integrity of

the data at the cloud. [2]

1.2. Risk Factors in the Cloud:

When a person or a company wants to get into

the cloud computing environment they have to care

about the following things like privacy, security,

reliability, performance and portability. In this

security is the major threat to the cloud computing

because of the multi tenancy architecture. So the

service providers are also give the comfort of “trust

us” to the users who are willing to move into the

cloud environment. The service providers have to

take the responsibility of the security issues at the

following levels. SQL Injection attacks: This technology

is used to attack the database through website.

It is a code injection method that exploits a

security in a website.

Cross site Scripting attacks: It can be

called as XSS; it is also a type of security

vulnerability found in web applications.

Man in middle attacks: In this kind of

attack the attacker makes an independent

connection between the persons and watching

the happenings without the knowledge of them.

Denial of Service attacks: In this kind of

attack the server or the system will not be

available when the request from the intended

users.

Sniffer attacks: In this attack, if the

packet is not encrypted a sniffer can read all the

content of the packet. Sniffer can be an

application or a device.

Security concern with the virtual

machine Manager: The service provider must

be very care, on the service given to their users

because they are running on the VM

technology.Hyperviser or Virtual Machine

Manager plays an important role in the cloud

environment. That allows multiple operating

systems to run on the system at a same time.

1.3 Public Verifier and Public Auditing:

Public verifier is able to verify the integrity of

shared data without retrieving the entire data while

the identity of the signer on each block in shared

data is kept private from the public verifier.

Existing system allow not only a data owner itself

but also a public verifier to efficiently perform

integrity checking without downloading the entire

data from the cloud, which is referred to as public

auditing [9].Data is divided into many small

blocks, where each block is independently signed

by the owner; and a random combination of all the

blocks instead of the whole data is retrieved during

integrity checking. A public verifier could be a data

user who would like to utilize the owner’s data via

the cloud or a third-party auditor (TPA) who can

provide expert integrity checking services. During

public auditing on cloud data, the content of private

data belonging to a personal user is not disclosed to

any public verifier’s. It is necessary to ensure the

integrity of shared data in the cloud is correct.

Public auditing mechanisms can actually be

extended to verify shared data integrity.

2. Existing Work

A. Panda: Public auditing for Shared Data with

Efficient User Revocation in the Cloud [3].

In this paper with data storage and sharing services

in the cloud, users can easily modify and share data

as a group. To ensure shared data integrity can be

verified publicly, users in the group need to

compute signatures on all the blocks in shared data.

Different blocks in shared data are generally signed

by different users due to data modifications

performed by different users. For security reasons,

once a user is revoked from the group, the blocks

which were previously signed by this revoked user

must be re-signed by an existing user.

B. A View of Cloud Computing [4].

Cloud computing, the long-held dream of

computing as a utility, has the potential to

transform a large part of the IT industry, making

software even more attractive as a service and

shaping the way IT hardware is designed and

purchased. Developers with innovative ideas for

new Internet services no longer require the large

capital outlays in hardware to deploy their service

or the human expense to operate it. They need not

be concerned about over provisioning for a service

whose popularity does not meet their predictions,

thus wasting costly resources, or under

provisioning for one that becomes wildly popular,

thus missing potential customers and revenue.

C. Provable Data Possession at Untrusted Store

[5].

In this paper author introduce a model for provable

data possession (PDP) that allows a client that has

stored data at an untrusted server to verify that the

server possesses the original data without retrieving

it.The model generates probabilistic proofs of

possession by sampling random sets of blocks from

the server, which drastically reduces I/O costs. The

client maintains a constant amount of metadata to

verify the proof. The challenge/response protocol

transmits a small, constant amount of data, which

minimizes network communication.

D. Compact Proofs of Retrievability [6].

In this paper, first scheme was built from BLS

signatures and secure in the random oracle model,

features a proof-of-retrievability protocol in which

G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243

IJCTA | Mar-Apr 2015 Available online@www.ijcta.com

241

ISSN:2229-6093

the client’s query and server’s response are both

extremely short. This scheme allows public

verifiability: anyone can act as a verifier, not just

the file owner.Second scheme, which builds on

pseudorandom functions and is secure in the

standard model, allows only private verification. It

features a proof-of-retrievability protocol with an

even shorter server’s response than our first

scheme, but the client’s query is long.

E. Privacy-Preserving Public Auditing for Data

Storage Security in Cloud Computing [7].

This work studies the problem of ensuring the

integrity of data storage in Cloud Computing. In

particular, the task of allowing a third party auditor

(TPA), on behalf of the cloud client, to verify the

integrity of the dynamic data stored in the cloud.

The introduction of TPA eliminates the

involvement of client through the auditing of

whether his data stored in the cloud is indeed

intact, which can be important in achieving

economies of scale for Cloud Computing. In

particular, to achieve efficient data dynamics, we

improve the Proof of Retrievability model by

manipulating the classic Merkle Hash Tree (MHT)

construction for block tag authentication. Extensive

security and performance analysis show that the

proposed scheme is highly efficient and provably

secure.

F. Ensuring Data Storage Security in Cloud

Computing [8].

In this Paper, author focus on cloud data storage

security, which has always been an important

aspect of quality of service. To ensure the

correctness of users' data in the cloud, we propose

an effective and flexible distributed scheme with

two salient features, opposing to its predecessors.

By utilizing the homomorphic token with

distributed verification of erasure-coded data, our

scheme achieves the integration of storage

correctness insurance and data error localization,

i.e., the identification of misbehaving server (s).

Unlike most prior works, the new scheme further

supports secure and efficient dynamic operations

on data blocks, including: data update, delete and

append. Extensive security and performance

analysis shows that the proposed scheme is highly

efficient and resilient against Byzantine failure,

malicious data modification attack, and even server

colluding attacks.

3. Proposed Architecture

In this model, we are going to introduce the

Multiple Trusted Third Party. Because the biggest

problem faced by the computer technology is data

security, due to the users works with very sensitive

information. For that we are going to make a new

model called Trusted Computing Technology using

TTP. In the cloud environment various numbers of

users want to join, it means join into the cloud

computing environment, due to the elastic nature of

the architecture. The proposed system provides

Enhanced Security. Here we try to introduce a

Trusted Third Party like a ticket granting server

(Resource Broker). If a user wants to access the

data stored in a cloud server the user must get

authentication key from the TTP then, the

authentication key will be verified then only the

user will be allowed to access the data which is

stored in the cloud server. The user must get the

authentication key for each and every time. By this

we can avoid the misbehaved nodes. If a user wants

to join into the cloud, first step the user have to

prove their identity. In this system the user first

communicates with the TTP and reveals their

identity. Then the TTP check with the identity

provided by the user and verify for the trust worthy

of the user. If found trustworthy then it will give a

secure key Then the user has to enter into the cloud

with the secret key which was given by the TTP. If

the key match with the key given by TTP, then the

user will be allowed to access the Data. The one

TTP is used to do generate initial keys, generate

revocation list and maintain user detail. The other

TTP does check integrity of the data in the cloud

and does the key regeneration during revocation

process.

Figure 1: System Architecture

G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243

IJCTA | Mar-Apr 2015 Available online@www.ijcta.com

242

ISSN:2229-6093

3.1. Proposed Scheme

3.1.1. User Registration. User registered with their

details such as identity (user name, password and

email-id).For registered users they will obtain

private key, that private key is used for group

signature and file decryption. The Resource Broker

adds the user identity (ID) to the group user list that

will be used in traceability phase.

3.1.2. File Generation. Group members will store

their data in real cloud. The groups members will

request with group id and based on the revocation

list the TTP allow the data owner to upload the data

in the cloud, if their signature is true. If it’s a

revoked user, he is not allowing for generating the

data and signature verification status false. When

generating the data, hash id will be generated that

will be used for deleting the data.

3.1.3. File Access. To access the data that are

stored in the cloud, group member will give request

as group id, data id. Resource Broker will verify

their signature, if the group member in the same

group then allow to access file. Group member

have rights to access data, but not having rights to

delete or modify the data that are stored in the

cloud. If any request from revoked user, cloud

server won’t allow accessing the data.

3.1.4. File Deletion. File that are stored in the

cloud can be deleted by either group member (i.e.,

the member who uploaded the file into the server)

or by Resource broker. It allows data owners to

delete their own files that are stored in the cloud. If

any delete request from the group member, cloud

server will verify the signature and delete the data

file that are stored in the cloud.

3.1.5. Traceability. Resource Broker will reveal

their real identity in case of any dispute occurs. If

any malpractice happened inside the organization it

can be easily traceable. If any group members are

modify or delete the data file of other groups, it can

easily identify which member doing such activities.

3.1.6. User Revocation. User Revocation is

performed by the TTP (General

Manager).Revocation List is generated by Resource

Broker, group members are allowed to encrypt the

data and make that data confident against revoked

users. Revocation list is bounded by signature to

declare its validity.

4. Conclusion

In this paper, analyses of proposed work is done

and have a tendency to propose a completely

unique public auditing mechanism for the integrity

of shared knowledge with economical user

revocation in mind. By utilizing the thought of

proxy re-signatures, give tendency to enable third

party to re-sign blocks on behalf of existing users

throughout user revocation and other third party

auditor is often able to audit the integrity of shared

knowledge while not retrieving the complete

knowledge from the cloud. Additionally, a resource

broker (third party) creates revocation list and

initial user key. Moreover, this mechanism is in a

position to support batch auditing by verifying

multiple auditing tasks at the same time. We

proposed a new public auditing mechanism for

shared data with efficient user revocation in the

cloud with multiple trusted third party auditors.

When a user in the group is revoked, this allow

third party to re-sign blocks that were signed by the

revoked user with proxy re-signatures done by TTP

along with checking integrity of shared data.

5. References [1] Roberts, Book Title, Publisher, Location, References

Prashant Rewagad, Yogita Pawar, “Use of Digital

Signature and Rijndael encryption Algorithm to

Enhanced Security of data in Cloud computing Services”, proceeding published in International.

[2]Parsi Kalpana, Sudha Singaraju, “Data Security in

Cloud Computing using RSA Algorithm”, International

Journal of Research in Computer and Communication Technology (IJRCCT), Vol. 1, Issue 4, September 2012.

[3]Boyang Wang, Baochun Li, Panda: Public auditing for

Shared Data with Efficient User Revocation in the Cloud,

2014. [4]M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H.

Katz, A. Konwinski, G. Lee,A. Patterson, A. Rabkin, I.

Stoica, and M. Zaharia, “A View of Cloud Computing,

“Communications of the ACM, vol. 53, no. 4, pp. 50–58, April 2010.

[5]G. Ateniese, R. Burns, R. Curtmola, J. Herring, L.

Kissner, Z. Peterson, and D. Song, Provable Data

Possession at Untrusted Stores, in the Proceedings of ACM CCS 2007, 2007, pp. 598–610.

[6]H. Shacham and B. Waters, Compact Proofs of

Retrievability, in the Proceedings of ASIACRYPT 2008.

Springer-Verlag, 2008, pp. 90–107. [7]C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-

Preserving Public Auditing for Data Storage Security in

Cloud Computing, in the Proceedings of IEEE

INFOCOM 2010, 2010, pp. 525–533. [8]C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring

Data Storage Security in Cloud Computing,” in the

Proceedings of ACM/IEEE IWQoS 2009, 2009, pp. 1–9.

[9]B.Wang, B. Li, and H. Li, “Oruta: Privacy-Preserving

Public Auditing for Shared Data in the Cloud,” in the Proceedings of IEEE Cloud 2012, 2012, pp. 295–302.

G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243

IJCTA | Mar-Apr 2015 Available online@www.ijcta.com

243

ISSN:2229-6093