HORNS: A Homomorphic encryption Scheme for Cloud Computing using Residue Number
C. Cloud Collusion
In this section, we devise a strategy for allocating a subset of the moduli to each cloud in such a way that it will minimize the impact on security due to collusion. Let P = {p1; p2; : : : ; pn} be the moduli
set and pi > SnP , where SnP is the minimum size of modulus. Let MP be the range of this RNS. Let k be the number of moduli given to a cloud for execution.
Thus, if two clouds collude, the number of moduli they can gather is not 2k, instead, it is less than 2k.
Of course, if all clouds collude, they will have all the moduli required to break the RNS system.
RNS Coding: The protected computation of program P is threaded into k threads. All the key variables to be protected are split into k moduli using the RNS schema of HORNS. Each thread would have identical control flow, but different data. In fact, data-parallel model of NVidia Fermi GPU, CUDA, works well for such a schema. In GPU terminology, each original thread becomes a k-way Warp. The threads within a Warp are forced to sync either for Montgomery reduction, or for HORNS moduli reduction, or for a branch.
Threading: These k threads could be merged into a single thread for a classical computing model. Or they could be assigned to k separate cores. If the OS vulnerabilities are per processor rather than per core then these threads could be scheduled on different nodes for better security.
Threading control: The preceding discussion highlights the fact in a secure cloud environment, some of the thread scheduling flexibility must be given to the client.A client should be able to specify scheduling parameters loosely. How this
specification must be incorporated into Cloud protocols, and what degree of scheduling
specifications cane be entrusted with the client is a
topic for cloud computing research.
Root of trust at cloud: It would be more efficient to have a trusted node at cloud. How would such a node be rooted in trust is still an open question.
Validation: There are many possible validation mechanisms.To name a few, the redundancy schema of Section III-A could deploy multiple moduli sets for each thread. The results from all the k threads can be validated at predetermined validation points by a trusted processor.
Along a similar validation schema, a (k + 1)st hidden modulus could be selected. The corresponding residue can be kept as a secret with the trusted processor. When the k results from the k threads corresponding to the k moduli come back, their consistency with respect to the hidden residue can be validated with ChineseRemainder Theorem (CRT).
IV. CONCLUSIONS
In this paper, we have proposed a novel
homomorphic encryption scheme using RNS for cloud computing .We have identified various research issues involved in HORNS and proposed solutions for some of these issues.
Our future work will expand on these solutions and quantify the security of HORNS.
REFERENCES
[1] Jean-Claude Bajard, Laurent-Stphane Didier, and Peter Kornerup.An rns montgomery modular multiplication algorithm.
IEEE TRANSACTIONS ON COMPUTERS, 47(7):766–776, 1998.
[2] Craig Gentry. Computing arbitrary functions of encrypted data.Commun. ACM, 53(3):97–105, 2010.
[3] R T Gregory and D W Matula. Base conversion in residue number systems. Residue number system arithmetic: modern applications in digital signal processing, pages 22–30, 1986.
[4] Peter L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 44(170):519–521, April1985.
[5] Michael A Soderstrand, W Kenneth Jenkins, Graham A Jullien,and Fred J Taylor, editors. Residue number system arithmetic:modern applications in digital signal processing. IEEE Press,Piscataway, NJ, USA, 1986.
[6] Trusted Computing Group. TPM Main Specification Level 2 Version 1.2, Revision 103
Proceedings of National Conference on Advanced Computer Applications NCACA 2012
46
Data Secure and Dependable Storage Services in Cloud Computing
Ajay Kumara M A, Mr. Sharavana .K
M.Tech, Dept. of CSE (PG) Assistant Professor Dept. of CSE M V J College of Engineering, Bangalore. M V J College of Engineering Bangalore V.T.U Karnataka
[email protected][email protected]
Abstract- Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. User physical possession of their outsourced data, which inevitably poses new security risks towards the correctness of the data in cloud. In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphism token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server. The cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. Analysis shows the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks.
Index Terms—Data integrity, dependable distributed storage, error localization, data dynamics, Cloud Computing
I. INTRODUCTION
Several trends are opening up the era computing, which is an Internet-based development and use of computer technology. The ever cheaper and more powerful processors, together with the software sasa service (SaaS) computing architecture, are transforming data centers into pools of computing service on a huge scale. The increasing network bandwidth and reliable and flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centers. Moving data into the cloud offers great convince users since they don’t have to care about the complexities of of direct hardware management Co mp uti n g vendors, Amazon Simple Storage Service
(S3) and Amazon Elastic Co mp ute Cloud (EC2) [2]
are both well kno wn examp les. Internet-based online services do provide huge amounts of storage space and customizable computing resources. This computing p l a t f o r m shift, however, is eliminating the responsibility of local machines for data maintenance at the same time.
As a result, u s e r s are at the mercy of their cloud s e r v i c e providers for the a v a i l a b i l i t y and integrity of their data O n the one hand, although the cloud infrastructures are much more powerful and reliable than personal computing devices, broad range of both internal and external threats for data integrity still exist.
Examples of outages and data loss incidents of cloud storage services appear from time to time [2]. On the other hand, since users may not retain a local copy of outsourced data, there exist various incentives for cloud service providers (CSP) to behave unfaithfully towards the cloud users regarding the status of their outsourced data. For example, to increase the profit margin by reducing cost, it is possible for CSP to discard rarely accessed data without being detected in a timely fashion [3]. Similarly, CSP may even attempt to hide data loss incidents so as to maintain a reputation Therefore, although outsourcing data into the cloud is economically attractive for the cost and complexity of long-term large-scale data storage, its lacking of offering strong assurance of data integrity and availability may impede its wide adoption by both enterprise and individual cloud users.
In order to achieve the assurances of cloud data integrity and availability and enforce the quality of cloud storage service, efficient methods that enable on-demand data correctness verification on behalf of cloud users have to be designed.
However, the fact that users no longer have physical possession of data in the cloud provides the direct adoption of traditional cryptographic primitives for the purpose of data integrity protection. Hence, the verification of cloud storage correctness must be conducted without explicit knowledge of the whole data files meanwhile; cloud storage is not just a third party data warehouse. The data stored in the cloud may not only be accessed but also be frequently updated by the users [4], include insertion, deletion, modification, appending, etc. the deployment of Cloud Computing is powered by data centers running in a simultaneous, cooperated and distributed manner. It is more advantages for individual users to store their data redundantly across multiple
Proceedings of National Conference on Advanced Computer Applications NCACA 2012
physical servers so as to reduce the data in availability threats. Thus, distributed II.
In this paper, we propose an effective distributed storage verification scheme namic data support to ensure the corre ability of users’ data in the cloud. We correcting code in the file distribution prepa redundancies and guarantee the data dep Byzantine servers [6], where a storage s arbitrary ways. This construction drastic communication and storage overhead as c traditional replication-based file distribution By utilizing the homomorphic token verification of erasure-coded data, our sch storage correctness insurance as we localization: whenever data corruption h during the storage correctness verification almost guarantee the simultaneous loc errors, i.e., the identification of the misbeh order to strike a good balance between er data dynamics, we further explore the alge our token computation and erasure-c demonstrate how to efficiently support dyn data blocks, while maintaining the same correctness assurance. In order to save the re- sources, and even the related online bu we also provide the extension of the scheme to support third-party auditing, safely delegate the integrity checking ta auditors and be worry-free to use the cloud Our work is among the first few ones in th distributed data storage security in Cloud C III. EXISTING SYSTEM Cloud computing has been envisioned as the next
architecture of the IT enterprise due to its long list of unprecedented advantages in IT: on demand self
ubiquitous network access, location-independent resource pooling, rapid resource elasticity, usage-based pricing, and transference of risk]. One fundamental aspect of this new computing model is that data is being centralized or outsourced into the cloud. From the data owners’ perspective, including both individuals and IT enterprises, storing data remotely in a cloud in a flexible on-demand manner brings appealing benefits: relief of the burden of storage management, universal data access with independent geographical locations, and avoidance of capital expenditure on hardware, software, personnel maintenance, and so on.
Our contribution can be summarized as t aspects:
1) Compared to many of its predecess provide binary results about the storage distributed servers, the proposed sche integration of storage correctness insuran localization, i.e., the identification of misbe 2) Unlike most prior works for ensuring remo the new scheme further supports secure and operations on data blocks, including: up append.
3) The experiment results demonstrate the
Proceedings of National Conference on Advanced Computer Applications NCACA 2012
47 rs so as to reduce the data integrity and
proto- cols for
storage correctness assurance will be of most importance in achieving robust and secure cloud storage systems.
PROPOSED SYSTEM
effective and flexible with explicit dy- stically reduces the s compared to the
Cloud computing has been envisioned as the next generation architecture of the IT enterprise due to its long list of unprecedented advantages in IT: on demand self-service, independent resource based pricing, and of risk]. One fundamental aspect of this new computing model is that data is being centralized or outsourced into the cloud. From the data owners’ perspective, including both individuals and IT enterprises, storing data demand manner brings appealing benefits: relief of the burden of storage management, universal data access with independent geographical locations, and avoidance of capital expenditure on hardware, software, personnel maintenance, and so on.
the following three introduces proposed system system. Section IV problem
goals Section VI en suri ng c lo ud d ata sto ra ge the whole paper section VII related work
.
IV. PROBLEM STATEMENT A. System Model
Representative network a service architecture is illustr ferent network entities can be
cloud service provider service and has signif redundancy can be employ
Proceedings of National Conference on Advanced Computer Applications NCACA 2012
storage correctness assurance will be of most importance in achieving robust and secure cloud storage systems.
PROPOSED SYSTEM
sive security analysis shows our Byzantine failure, malicious data
n server col- lading attacks.
organized as follows. Section II proposed system Section III provides Existing statement section V gives design ens uri ng cl oud d at a sto rage concludes section VII related work Finally, conclusion PROBLEM STATEMENT
architecture for cloud storage illustrated in Figure 1. Three dif-
be identified as follows:
o has data to be stored in the
alf of the users upon request.
retrieves the cloud services from CSP having it’s message broadcasts channel to communicate and send request and response between owner and cloud server.
Fig. 1: Cloud data storage architecture
er stores his data through a CSP rvers, which are running in a d and distributed manner. Data yed with technique of erasure-
Proceedings of National Conference on Advanced Computer Applications NCACA 2012
operations we are considering are block update, delete, insert And append..As users no longer possess their data locally, it is of critical importance to ensure users that their data are being correctly stored and maintained. That is, users should be equipped with security means so that they can make continuous correctness assurance (to enforce cloud storage service-level agreement) of their stored data even without the existence of local copies. In case that users do not necessarily have the time, feasibility or resources to monitor their data online, they can delegate the data auditing tasks to an optional trusted TPA of their respective choices. However, to securely introduce such a TPA, any possible leakage of user’s outsourced data towards TPA through the auditing protocol should be prohibited.In our model, we assume that the point-to-point com- mutilation channels between each cloud server and the user is authenticated and reliable, which can be achieved in practice with little overhead. These authentication handshakes are omitted in the following presentation.