Upload
bharath-nair
View
298
Download
5
Embed Size (px)
Citation preview
PUBLIC AUDITING
FOR SECURE CLOUD STORAGE
Anand K Menon[MTALECS004 ]Bharath Chandran Nair[MTALECS015]
Godwin C Antony[MTALECS025]Eighth semester B.Tech CSE, Department of Computer Science,
Met’s School of Engineering,Mala,
Under the Guidance ofMiss.Asha S
Assistant Professor, Dept. of CSE, Met’s School of Engineering,Mala
OUTLINE OF THE PRESENTATION
o OBJECTIVE
o INTRODUCTION
o LITERATURE SURVEY
o EXISTING METHODo PROBLEM DESCRIPTION
o BLOCK DIAGRAM
o PROPOSED METHOD
o APPLICATIONSo RESULT AND DISCUSSION OF BASE PAPER
o EXECUTION TOOLS
o CONCLUSION
o REFERENCES
OBJECTIVE The objective of the system is to develop a
system that would enable the cloud users to have control over their data so that they can ensure that their data is secured and not corrupted.
It provides security to the users data by encrypting the data and splitting up the file into small blocks for storage.
Auditing the cloud storage without demanding a local copy of data enables more efficiency.
INTRODUCTION Cloud computing customers do not own a physical
infrastructure; rather they rent the usage from a third party provider.
They consume resources as a service and pay only for resources that they use.
Cloud computing comes in three forms: public clouds, private clouds, and hybrids clouds.
Public clouds offer the greatest level of efficiency in shared resources but are more vulnerable.
Private clouds offer the greatest level of security and control, but they require the company to still purchase and maintain all the software and infrastructure.
Hybrid cloud includes both public and private options.The downside is that we have to keep track of multiple different security platforms.
Cloud computing provides on demand self services,location independent resource pooling,rapid resource elasticity,usage based pricing etc..
Challenge faced is security threats towards users outsourced data.
Here the correctness of user data in the cloud is put at risk.
CSP might reclaim storage for monetary reasons by discarding rarely accesed data or even hiding data corruption due to server hacks over byzantine failures.
LITERATURE REVIEWSL .NO
AUTHOR YEAR TITLE DESCRIPTION
1 P. Mell and T. Grance
June 2009 DraftNISTworking definitionofcloud computing
Subscribers should identify the specific resources that are suitable for migrating data into and out of clouds. Resources could be services such as: (1) email, (2) data repositories such as shared documents, or (3) systems that run in virtualized environments.
2 M. Arrington December 2006
Gmail disaster: Reports of mass emaildeletions
Cloud Computing provides convenient on demand network access to a shared pool of configurable computing resources that can be rapidly deployed with the great efficiency and minimal management overhead.
3 J. Kincaid December 2006.
MediaMax/TheLinkup Closes Its Doors
To achieve the assurances of cloud data integrity and availability and enforce the quality of dependable cloud storage service for users, To propose an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append.
LITERATURE REVIEWSL .NO
AUTHOR YEAR TITLE DESCRIPTION
4 M.A.Shah,R.Swaminathan, and M. Baker
Oct. 2008
Privacy-preserving audit and extraction of digital contents
A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to charge users for their storage. Customers often use these services to store valuable data such as email, family photos and videos, and disk backups. Today, a customer must entirely trust such external services to maintain the integrity of hosted data and return it intact.
5 Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou
Sep. 2009
Enabling publicverifiability and data dynamics for storage security in cloud computing
Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy.
6 G. Ateniese, S. Kamara, and J. Katz
2009 Proofs of storage fromhomomorphic identification protocols
Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where `tags' on multiple messages can be homomorphically combined to yield a `tag' on any linear combination of these messages.
8
BASIC SCHEME 1
MAC
key
File block
code
Message Authentication Code (MAC)
Block 1 Block nBlock 2 …
File is divided into blocks
Cloud
user
TPA
Block 1 Block n…Block 2
code 1 code n…code 2
-User computes the MAC of every file block-Transfers the file blocks & codes to cloud-Shares the key with TPA
Audit-TPA demands a random number of blocks and their code from CSP-TPA uses the key to verify the correctness of the file blocks
Drawbacks: -The audit demands retrieval of user’s data; this is not privacy-preserving-Communication and computation complexity are linear with the sample size
EXISTING METHOD
9
BASIC SCHEME 2
Block 1 Block n…Block 2
code 1 code n…code 2
code 1 code n…code 2
code 1 code n…code 2
Key 1
Key 2
Key s…
user
CloudTPA
Block 1 Block m…Block 2
Setup-User uses s keys and computes the MAC for blocks-User shares the keys and MACs with TPA
Audit-TPA gives a key (one of the s keys) to CSP and requests MACs for the blocks-TPA compares with the MACs at the TPA-Improvement from Scheme 1: TPA doesn’t see the data, preserves privacy-Drawback: a key can be used once.-The TPA has to keep a state; remembering which key has been used-Schemes 1 & 2 are good for static data (data doesn’t change at the cloud)
PROBLEM DESCRIPTION Audit cloud storage demanding local copy of
data. Violates the privacy-preserving guarantee. Large communication overhead and time delay. Band-width available between the TPA and the
cloud server is limited. Auditor can modify user data. Copy of user data on auditing side. No data control on user side. The number of times a particular data file can
be audited is limited by the number of secret key.
BLOCK DIAGRAMU: cloud user has a large amount of data files to store in the cloudCS: cloud server which is managed by the CSP and has significant data storage and computing power (CS and CSP are the same in this paper)TPA: third party auditor has expertise and capabilities that U and CSP don’t have. TPA is trusted to assess the CSP’s storage security upon request from U
Setup & audit phases of public auditing scheme.
Consists of four algorithms (KeyGen, SigGen, GenProof, VerifyProof)
KeyGen: key generation algorithm that is run by the user
SigGen: used by the user to generate verification metadata, which may consist of MAC, signatures or other information used for auditing
GenProof: run by the cloud server to generate a proof of data storage correctness
VerifyProof: run by the TPA to audit the proof from the cloud server
14
user KeyGen
Public key (sk)&Secret key (pk)
Setup
SigGenuserskBlock 1 Block 2 Block n…
σ1 …σ2 σn
Block 1 Block n…Block 2
σ1 … σnσ2
1- User generates public and secret
parameters
2- A code is generated for each file block
3- The file blocks and their codes are transmitted to the
cloudAudit
-TPA sends a challenge message to CSP-It contains the position of the blocks that will be checked in this audit
GenProofCSP
Selected blocks in challenge
Aggregate authenticator
-CSP also makes a linear combination of selected blocks and applies a mask. Separate PRF key for each auditing.-CSP send aggregate authenticator & masked combination of blocks to TPA
VerifyProofTPA
Masked linear combination of requested blocks
Aggregate authenticator
Compare the obtained Aggregate authenticator to the one received from CSP
PROPOSED METHOD Public auditing scheme which provides a
complete outsourcing solution of data– not only the data itself, but also its integrity checking
System consist of client and server side application and website.
Effectively audit cloud storage without demanding local copy of data.
Extensive security and performance analysis shows provably secure and highly efficient.
Data conrtol in the hands of users only.
APPLICATIONS
Used in applications that require public auditing. Can be used for batch auditing. Application that ensures storage correctness.
SEQUENCE DIAGRAMSLogin Process
Uploading a file
Viewing File
Checking the Security Status
DFDCLIENT MODULE:
TPA MODULE (THIRD PARTY AUDITOR):
CSP MODULE (CLOUD SERVICE PROVIDER):
DISCUSSION OF BASE PAPERObjective of the Project The objective of the system is to develop a
system that would enable the cloud users to have control over their data so that they can ensure that their data is secured and not corrupted.
Scope of the Project “ Trusted Cloud Services” provides a security
solution to the cloud users. It ensures that the data of the users that have been stored in a remote server is secured and controlled.
Constraints Only the registered users will be authorized to
use the service. A trustworthy TPA is required to audit the
storage.Assumptions and dependencies The project will not change in scope The resources identified will be available upon
request Approved funding will be available upon request Only the registered users can access the Website Roles and tasks are predefined.
EXECUTION TOOLS
Hardware Requirements Intel Pentium dual core processor or above 1 GB RAM 200 GB HDD Other standard peripherals
Software Requirements Operating system : windows XP Tool: Netbeans IDE 6.1 Programming Package : Jdk.5.0 Database :MySQL Server :Glassfish v2
CONCLUSION The aim of the project is to develop a system
that would enable the cloud users to have control over their data so that they can ensure that their data is secured .
They can know whether there is any data loss or corruption by logging into the website.
TPA would not learn any knowledge about thedata content stored on the cloud server during the efficient auditing process.
TPA can perform multiple auditing tasks in a batch manner for better efficiency.
Schemes are provably secure and highly efficient.
REFERENCE P. Mell and T. Grance, “Draft NIST working definition of cloud
computing,” Referenced on June. 3rd, 2009 Online at http://csrc.nist.gov/groups/SNS/cloud-computing/index.
html, 2009. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz,
A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud
computing,” University of California, Berkeley, Tech. M. Arrington, “Gmail disaster: Reports of mass email
deletions,” Online at http://www.techcrunch.com/2006/12/28/gmail-disasterreports-of-mass-email-deletions/,December 2006.
J. Kincaid, “MediaMax/TheLinkup Closes Its Doors,” Online at http://www.techcrunch.com/2008/07/10/ mediamaxthelinkup-closes-its-doors/, July 2008.
Amazon.com, “Amazon s3 availability event: July 20, 2008,” Online at http://status.aws.amazon.com/s3-20080720.html,2008.
S. Wilson, “Appengine outage,” Online at http://www.cio-weblog.com/50226711/appengine outage.php, June 2008.
B. Krebs, “Payment Processor Breach May Be Largest Ever,”, Jan. 2009.
G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proc. of CCS’07, Alexandria, VA, October 2007, pp. 598–609.
M. A. Shah, R. Swaminathan, and M. Baker, “Privacypreservingaudit and extraction of digital contents,” Cryptology Print Archive, Report 2008/186, 2008.
Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public verifiability and data dynamics for storage security in cloud computing,” in Proc. of ESORICS’09, volume 5789 of LNCS. Springer-Verlag, Sep. 2009, pp. 355–370.