Three Level Cloud Storage Scheme for Providing Privacy Preserving using Edge Computing
Vellalachervu Pavani
Assistant Professor, Department of Information Technology, Vignan Nirula Institute of Technology and Science for Women,Peda Palakaluru Road, Guntur, Andhra Pradesh 522009.
Prof. I. Ramesh Babu
Professor, Department of CSE, Acharya Nagarjuna University, NH16, Nagarjuna Nagar, Guntur, Andhra Pradesh 522510
Abstract
With the rapid growth of unstructured data, cloud storage gets more and more attention for the advanced development.Inprimitive cloud storage schema, the entireuser’s data is totally stored into the centralized cloud servers. In other words, users lose their right of control on data and face privacy leakage risk .In this proposed thesis we developed a multi-layerapproach in order to store the sensitive data in a secure manner from the cloud server. Here we have integrated edge computing concept for the current cloud in which the data can be stored on a multiple edges rather than all the data in a centralized server. Here we try to divide the original data into multiple edges or blocks in which each and every block is encrypted by the data owner. We try to apply Hash Message Authentication Code (HMAC) Algorithm for generating hash codes for individual blocks.The data user tries to access the fileby sending request to the all individual edge nodes controlled by cloud server. The cloud server and its associate edges need to giveaccess permissions to the requested users in order to view the file in a decrypted manner. Those who don’t have access permission from multi level cannot be viewed in a plain text manner.
Keywords: Edge Server, Hash Message Authentication Code (HMAC), Multi-Layer Approach, Encryption, Decryption, Sensitive Data.
___________________________________________________________________________________________
1. INTRODUCTION
The proliferation of the IoT [1] and 5G network shape [2] is boosting the advent of new provider fashions and critical packages, collectively with smart transportation, smart town, augmented truth, region offerings or lots of others. With IoT, there can be an explosive growth with a larger form of sensing devices, which encompass clever-telephones, wearable gadgets, and smart home equipment and so on, at the manner to generate large sensing data from the physical worldwide. However, the global information centers IP traffic will exquisite reach 18.3 ZB at that thing [4], [5]. In contrast with IoT, the IoE focuses greater on the clever connection of human beings, techniques, statistics and subjects in place of conversation amongst machines and IoT devices [6]-[8].
With the advertising and marketing of IoE, the gadgets at the edge of the network are changing from facts purchasers to data producers with massive facts processing capability, which includes records acquisition, sample popularity, and statistics mining. at the same time, these factor devices offer a wealthy provider interface, supplying collaborative computing services for customers together with cloud computing centers.
Therefore, the traditional cloud computing cannot effectively maintain the IoE-primarily based software program services [10], and the threshold computing arises on the historical second [11], [12] to conform to the generation of IoE. Combined by current cloud computing, area computing can efficiently manage the edge massive information processing issues.
Fig.1. Represents the Real-time Data Processing on Edge Computing
From the above figure 1, we can clearly identify that many IOT devices are connected one another to an edge computing network for processing their real time tasks. Here the major part of data is processed and stored individually on a separate edge nodes. Here each and every edge node is capable to hold the processed data and in turn the data is stored into the cloud server. The cloud server is one which try to receive the data from various data owners and provide the access to data users who request the data from several IOT clients. All the pre- processing work is mainly processed under the edge computing server and made available for the real time clients.
2. LITERATURE WORK
In this section, we mainly describe the related work that is carried out in order to three level cloud storage schemes for providing privacy preserving using edge computing
Problem Statement
There are mainly four different services available in the cloud storage and each and every one has its own individual preferences. There is a huge demand for DaaS service as this is the only service which can hold all the sensitive data.In current days this service is not guaranteed in providing security for the sensitive data in terms of authentication and authorization. In the current application we try to target security for this DaaS and try to show that data will be stored in an encrypted manner and also have no security issues.
Now let us discuss about each and every service in detail as follows:
A. IaaS (Infrastructure as a Service) B. PaaS(Platform as a Service) C. SaaS(Software as a Service)
D. DaaS (Data /Data Base as a Service)
A. IaaS (Infrastructure as a Service)
This is the foremost service out of various services that are available in the cloud. This service is used to construct the infra-structure for the users. All the applications are built at this stage and these were connected by various clients for processing their tasks. The persons who come under this service is IT Professionals, Software Developers, Code Debuggers and so on.
B. PaaS (Platform as a Service)
The next important service in the cloud server is Platform as a Service, where this is basically used for customization of cloud server. Here the users have the right to choose their interested platform and then use for development. Here the cloud server customizes which type of platforms is needed for their company usage is seen in this service. Based on the companies requirement the platform is customized by the cloud service department.
C. SaaS (Software as a Service)
This service is mainly used by the majority of persons for allocating the software’s which are required for their development. Generally business end-users come under this service where all the software’s that are required for running the cloud are processed in this service[11].
Fig.2. Shows theTypes of Services in the Real Time Cloud D. DaaS (Database as a Service)
One of the best service and most demand service in the current real time environment is DaaS. This DaaS service is used mainly for storing the data in the form of centralized manner [15]. Although it is having many advantages than other services, it has a minor limitation like the data which is stored in this DaaS is not stored in the encrypted manner. So this is the main issue in current clouds where data is not securely stored and accessed. So in this proposed thesis we try to encrypt the data before it is uploaded into the cloud using DaaS service.
Also as an extended security we try to integrate Edge Nodes in the current cloud so that all the data will be stored in multiple edge nodes rather than all the data in a centralizedmanner. This edge computing is a new era in real time environment which is used for processing all real time tasks. In our current application we try to divide the data into multiple blocks and convert each and every block in an encrypted manner with unique hash keys generated by HMAC algorithm. Once the hash codes are generated, the data blocks are stored in individual edge nodes and finally these edge nodes are controlled under cloud server.
3. OVER VIEW OF EDGE COMPUTING
In this section we mainly try to demonstrate the overview of edge computing and its importance. Now let us discuss about this proposed approach in detail as follows:
Preliminary Information
With the short improvement and incredible software of the IoT, huge records and 5G community shapes, the big statistics generated with the resource of manner of the edge system of the community and the actual- time company necessities are far past the potential of the conventional cloud computing model. A lot of sensitive records like micro records [19], [20], mobile cloud computing [13], [14], fog computing [15], [16], cloudlet [22] were brought to reduce the garage and computation load in cloud computing. As we know that, the mobile computing [17], [18] has been furnished as a uniquepart to assist the computation of loading method which extends the cloud computing services to the edge of the network. In this segment, we in brief present a pinnacle level view of thing computing. First of all, we offer a reason behind why we need component computing so urgent with the useful resource of list the forming elements. Then we offer a definition and a four- layer shape of edgecomputing. We additionally introduce some packages which havereceived massive increase with the aid of using academic and industrial regions, which include cloud of loading, video analytics, smart grid, internet of vehicles and soforth. The Pacific Northwest country wide Laboratory (PNNL) introduces the edge computing [26] as an method to push the frontier of computing applications, information, and services a long way from centralized nodes to the logical extremes of a community, and it allows analytics and technology to rise up at the supply of the statistics. The Edge Computing Consortium (ECC) defines the edge computing [27] as an open platform deployed on the threshold of the network this is close to the supply of the facts, and offers sensible services to meet the necessities of actual-time processing, statistics optimization, protection and privateness by way of the usage of cellular detail community infrastructure [28]. Shi et al. [11] say in their article, the edge computing refers to the permitting generation permitting computation to be completed at the threshold of the network, wherein the downstream data on behalf of cloud offerings and upstream statistics on behalf of IoT provider.
In precise, we will say, aspect computing is a very specific computing model that allowing storing and processing facts at the edge of the community, and supplying clever offerings close to the source of the records thru participating with cloud computing.
Fig.3. shows the architecture of edge computing.
Figure. 3illustrate the overall architecture of region computing, which includes a four-layer realistic structure: center infrastructure, aspect servers, and location community fact devices. Firstly, middle infrastructure provides the center network get right of entry to (e.g. internet, mobile center network) and centralized cloud computing offerings and control skills for cellular region devices. Secondly, component servers, which may be owned and deployed thru the infrastructure issuer and organized with multi-tenant virtualization infrastructure, are accountable for providing virtualized and a couple of control services. except, the edge can set up more than one part statistics centers which cooperate with every other and will now not disconnect from the conventional cloud. In addition, facet computing infrastructure realizes the relationship between factor devices, facet servers and the center infra-structurewith wireless community, facts middle
community and the internet. Finally, location devices encompass all kinds of devices connected to the edge network (e.g. cell terminals, IoT devices) which are not best play position as records clients, but also statistics manufacturers to participate in the disbursed infrastructure for all 4 layers.
4. THE HASH BASEDMESSAGE AUTHENTICATION CODE (HMAC) ALGORITHM
Here in this section we try to discuss about the HMAC algorithm for generating hash signatures for the individual blocks and try to generate hash codes for the individual blocks.
Preliminary Information
HMAC Algorithm stands for Hashed or Hash based Message Authentication Code. It is a MAC derived from cryptographic hash functions. It is a great resistant towards cryptanalysis attacks as it uses the hashing concept twice. This contains twin benefits included like Hashing and MACgeneration. This is the reason why it is more secure than primitive authentication codes. RFC 2104 has issued HMAC algorithm, and this is made compulsory to implement in terms of IP security.
OBJECTIVES OF HMAC ALGORITHM
The following are the main objectives of HMAC algorithm like:
1. HMAC is aimed to be one way to generate output from input.
2. It is very less affected by collisions than the hash functions.
3. This algorithm mainly reuse the two primitive hash algorithms like MD5 and SHA-1 and try to generate much more hash functions.
4. This will try to create hash keys in very simple way.
WORKING OF HMAC ALGORITHM
The working of HMAC starts with taking a sensitive message M containing blocks of length b bits. An input signature is mainly padded to the left most of the input message and the resultant is given as input to a hash function. This will be generating initially a temporary message digest MD. This message digest MD is appended to an output signature and the whole is applied as a hash function again, the result is our final message digest MD.
PRELIMINARY NOTATIONS
H is assumed as Hashing function,
M is treated as original or sensitive message,
Si and So are assumed as input and output signatures, Yi is the ith block in original message M,
Where i range from [1, L]
L = Assumed as the block count in M
K is assumed to be the secret key used for hashing IV is treated as initial vector (some constant)
FLOW CHART OF HMAC
Fig.4. Shows the Working Flow of HMAC Algorithm
To a normal hash function HMAC adds a compression instance to the processing. This structural implementation holds efficiency for shorter MAC values.
5. IMPLEMENTATION
In this section we try to implement the proposed concept on JAVA Platform Using JEE as design environment. The front end of the application is designed with JSP,HTML and CSS .The back end of the application we use My-SQL database server for maintaining the updated information. We tested the application on various types of sensitive data and finally came to a conclusion that this proposed three level cloud storage gives utmost security for the data using edge computing. Theapplication ismainly divided into four parts and it is shown in below figure 5, they are as follows:
1. Data Owner Module 2. Data User Module 3. Cloud Server Module 4. Edge Server Module
Now let us discuss about each and every module in detail as follows:
1. DATA OWNER MODULE
This is the first module in which the data owner needs to register first into the application. Once he gets registered he/she need to get activated by the cloud server and in turn the cloud server gives access permission for uploading the sensitive files into the cloud server.The data owner will upload all the sensitive information into the cloud server by dividing the data into multiple blocks. Each and every data block is encrypted and mac code is generated for every individual block by HMAC algorithm. Once the data blocks are encrypted then they are sending to the multi-level cloud storage areas like Cloud Serve, Edge Server and Local Machine.
2. DATA USER MODULE
This is the second module in which the data user needs to register first into the application. Once he gets registered he/she need to get activated by the cloud server and in turn the cloud server gives access permission for accessing the sensitive files from the cloud server. The data user will initially request search permissions from the cloud server and after getting the approval from the cloud server. He can able to do other operations like Request Search Permission, Download Request, View All Files, Download File.
3 EDGE SERVER MODULE
In this module, the edge server is one which has the facility to login into the account. Once the edge server is login it can do following operations such as View all Files Blocks, View All edge user details and process the end user operations to send data block.The edge server can see the block information in an encrypted manner.
Fig.5. Represent the Architecture of Three Level Cloud Storage Scheme.
4. CLOUD SERVER MODULE
The Cloud server is the last module in which the cloud server can try to login into the account. Once the cloud server login into the account it has the following operations like: View End Users and Authorize them, View Data Owners and try to Authorize,View all stored data, View the Transactions ,View Attacker details, Receive the Search Request, Give response for the Search request,Receive Download_Request,View Response for the Download_Request,View all files in a rank manner, View Time Delay In bar graph, View Throughput In bar graph.
6. EXPERIMENTAL RESULTS
We have conducted experiment on several sensitive data using Java Platform Using JEE as design environment. The front end of the application is designed with JSP,HTML and CSS .The back end of the application we use My-SQL database server for maintaining the updated information. We tested the application on various types of sensitive data and finally came to a conclusion that this proposed three level cloud storage gives utmost security for the data using edge computing
1) USER NEED TO GET PERMISSION FOR DOWNLOADING THE FILE FROM GRID NODES In the below window we can clearly see that user need to request multi key access from the cloud server and once the cloud server gives permission then only the data can be downloaded by the end user.
In the abovewindow we can see the attributes like file name, owner name and hash Solomon code 1 to 4.There is also a feature to enter secret key by the end user. Those who enter the correct secret key can only download the file in a decrypted manner and those who don’t havethe secret key cant able to download the file in a plain text manner.
2) USER CAN VIEW THE RANK OF EACH AND EVERY INDIVIDUAL FILE
In the below window the user will get the files in a ranked manner based on the number of users. Here we can see the files mapped in x-axis and count of file access in y-axis.
7. CONCLUSION
In this paper, we for the first time have proposed three layer approaches in order to access the data in a secure manner from the cloud server. Here we have integrated edge server concept for the current cloud in which the data can be stored on a multiple edges rather than all the data in a centralized storage medium. Initially the data is divided into multiple fragments; eachand every fragment is encrypted and generated hash key by the HMAC algorithm. The cloud
server will try to partition the file blocks into multiple area’s like edge nodes, cloud server, and local machine. If the data user tries to access the file, he/she need to request the file access permission from the cloud server. The cloud server will then verify the identities of requested user and then sends key permissions for the valid users. Those who got the valid keys can able to download the file in a plain text manner and un-authorized users cant able to access the file in plain text manner. By conducting various experiments on our proposed protocol, our comparison results clearly tell that this proposed approach is best in providing security for the sensitive data which is stored inside the remote location.
REFERENCES
[1] L. Atzori, A. Iera, and G. Morabito, ``The Internet of Things: A survey,'' Comput. Netw., vol. 54, no. 15, pp.
2787_2805, Oct. 2010.
[2] P. K. Agyapong, M. Iwamura, D. Staehle, W. Kiess, and A. Benjebbour,``Design considerations for a 5G network architecture,'' IEEE Commun.Mag., vol. 52, no. 11, pp. 65_75, Nov. 2014.
[3] GC Idex, ``Cisco global cloud index: Forecast and methodology,2016_2021,'' Cisco, San Jose, CA, USA, White Paper C11-738085-02,Feb. 2018.
[4] T. Snyder and G. Byrd, ``The Internet of everything,'' Computer, vol. 50,no. 5, pp. 8_9, Jun. 2017.
[5] H. Sundmaeker, P. Guillemin, P. Friess, and S. Woelf_é, ``Vision andchallenges for realising the Internet of Things,'' Cluster Eur. Res. ProjectsInternet Things, Eur. Commision, vol. 3, no. 3, pp. 34_36, Mar. 2010.
[6] D. E. Culler, ``The once and future Internet of everything,'' GetMobile:MobileComput. Commun., vol. 20, no. 3, pp.
5_11, Jul. 2016.
[7] P. G. Lopez et al., ``Edge-centric computing: Vision and challenges,''ACM SIGCOMM Comput. Commun.Rev., vol.
45, no. 5, pp. 37_42, 2015.
[8] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, ``Internet ofThings (IoT): A vision, architectural elements, and future directions,''FutureGenerat. Comput.Syst., vol. 29, no. 7, pp. 1645_1660, 2013.
[9] V. Turner, J .F. Gantz, D. Reinsel, and S. Minton, ``The digital universeof opportunities: Rich data and the increasing value of the Internetof Things,'' IDC, Framingham, MA, USA, White Paper IDC-1678,Apr. 2014.
[10] Y. Mao, C. You, J. Zhang, K. Huang, and K. B. Letaief, ``A survey onmobile edge computing: The communication perspective,'' IEEE Com-mun. Surveys Tuts., vol. 19, no. 4, pp. 2322_2358, 4th Quart., 2017.
[11] W. Shi, J. Cao, Q. Zhang, Y. Li, and L. Xu, ``Edge computing: Visionand challenges,'' IEEE Internet Things J., vol.
3, no. 5, pp. 637_646,Oct. 2016.
[12] W. Shi and S. Dustdar, ``The promise of edge computing,'' Computer,vol. 49, no. 5, pp. 78_81, 2016.
[13] N. Fernando, S. W. Loke, and W. Rahayu, ``Mobile cloud computing:A survey,'' Future Generat. Comput. Syst., vol.
29, no. 1, pp. 84_106,2013.
[14] A. R. Khan, M. Othman, S. A. Madani, and S. U. Khan, ``A survey ofmobile cloud computing application models,'' IEEE Commun. SurveysTuts., vol. 16, no. 1, pp. 393_413, 1st Quart., 2014.
[15] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, ``Fog computingand its role in the Internet of Things,'' presented at the 1st Ed.MCC Workshop Mobile Cloud Comput., Helsinki, Finland, Aug. 2012,pp. 13_16.
[16] S. Yi, C. Li, and Q. Li, ``A survey of fog computing: Concepts, applicationsand issues,'' in Proc. Workshop Mobile Big Data (Mobidata),Hangzhou, China, Jun. 2015, pp. 37_42.
[17] Y. C. Hu, M. Patel, D. Sabella, N. Sprecher, and V. Young, ``Mobile edgecomputing_A key technology towards 5G,'' ETSI, Sophia Antipolis,France, White Paper 11, Sep. 2015, pp. 1_16.
[18] N. Abbas, Y. Zhang, A. Taherkordi, and T. Skeie, ``Mobile edge computing:A survey,'' IEEE Internet Things J., vol.
5, no. 1, pp. 450_465,Feb. 2018.
[19] A. Greenberg, J. Hamilton, D. A. Maltz, and P. Patel, ``The cost of a cloud:Research problems in data center networks,'' ACM SIGCOMM Comput.Commun. Rev., vol. 39, no. 1, pp. 68_73, 2009.
[20] M. Armbrustet al., ``A view of cloud computing,'' Commun.ACM, vol. 53, no. 4, pp. 50_58, 2010.
[21] K. Gai, M. Qiu, H. Zhao, L. Tao, and Z. Zong, ``Dynamic energy-aware cloudlet-based mobile cloud computing model for green computing,''J. Netw.Comput. Appl., vol. 59, pp. 46_54, Jan. 2016.
[22] Z.-W. Xu, ``Cloud-sea computing systems: Towards thousand-fold improvement in performance per watt for the coming zettabyteera,''J. Comput. Sci. Technol., vol. 29, no. 2, pp. 177_181, Jan. 2014.
[23] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, ``Cloudcomputing and emerging IT platforms:
Vision, hype, and reality fordelivering computing as the 5th utility,'' Future Generat. Comput.Syst., vol. 25, no. 6, pp.
599_616, 2009.
[24] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M.Ayyash,``Internet of Things: A survey on enabling technologies, protocols, andapplications,'' IEEE Commun. Surveys Tuts., vol. 17, no. 4,pp. 2347_2376, Jun. 2015.
[25] M. B. Mollah, M. A. K. Azad, and A. Vasilakos, ``Security and privacychallenges in mobile cloud computing:
Survey and way ahead,'' J. Netw.Comput. Appl., vol. 84, pp. 38_54, Apr. 2017.
[26] ``Edge computing,'' Paci_c Northwest Nat. Lab, Richland, WA, USA,White Paper, Jan. 2013.
[27] ECC, ``White paper of edge computing consortium,'' ECC, Beijing,China, White Paper, Nov. 2016.
[28] S. Wang, X. Zhang, Y. Zhang, L. Wang, J. Yang, and W. Wang, ``A surveyon mobile edge networks: Convergence of computing, caching andcommunications,'' IEEE Access, vol. 5, pp. 6757_6779, 2017.
[29] A. Vakali and G. Pallis, ``Content delivery networks: Status and trends,''IEEE Internet Comput., vol. 7, no. 6, pp.
68_74, Nov. 2003.
[30] Y. Mao, J. Zhang, Z. Chen, and K. B. Letaief, ``Dynamic computationof loading for mobile-edge computing with energy harvesting devices,''IEEE J. Sel. Areas Commun., vol. 34, no. 12, pp. 3590_3605, Dec. 2016.
ABOUT THE AUTHORS
Vellalachervu Pavaniis currently working as Assistant Professor in Information Technology at Vignan Nirula institute of technology and science for women, Peda Palakaluru Road, Guntur, Andhra Pradesh 522009. She has more than 7 years of teaching experience. Her research interest includes Data Mining and Network Security.
Prof. I. Ramesh Babuis currently working as Professor in Department of CSE, Acharya Nagarjuna University, NH16, Nagarjuna Nagar, Guntur, Andhra Pradesh 522510.He has more than 32 years of teaching experience. His research interest includesImage Processing, Computer Graphics and Data Sciences
