Available Online at www.ijpret.com 966
INTERNATIONAL JOURNAL OF PURE AND
APPLIED RESEARCH IN ENGINEERING AND
TECHNOLOGY
A PATH FOR HORIZING YOUR INNOVATIVE WORK
TECHNIQUES FOR ENSURING DATA STORAGE SECURITY IN CLOUD COMPUTING
GANESH B. CHAVAN1, DR. RAJENDRA R. SAWANT2, CHAITANYA NIMODIA31.ME(CSE)Student, Department of Computer Science & Engineering, Khurana Sawant Institute of Engg & Technology, Washim Road, Hingoli, SRTM University, Nanded Maharashtra, India .
2.Professor, Khurana Sawant Institute of Engg & Technology, SRTM University, Nanded, Maharashtra, India.
3.Assistant Professor, Department of Computer Science & Engineering, Khurana Sawant Institute of Engg & Technology, SRTM University, Nanded Maharashtra, India.
Accepted Date: 05/03/2015; Published Date: 01/05/2015
Abstract: Cloud Computing has been envisioned as the next generation architecture of IT Enterprise. Cloud computing make it possible to store amounts of data. User an entity whose data to be stores in the cloud and server is an entity which manages by cloud service provider(CSP) to provide data storage service and has significant storage space and resources. Third party auditor is an optional (TPA) who has capabilities that users may not have is trusted to assess and expose risk of cloud storage services on behalf of the users upon request. Cloud Computing moves the application software’s to the large data centers, where the management of the data and services may not be fully trustworthy. Our proposed work, we focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of user’s data in the cloud, we also propose an effective and flexible distributed scheme. By utilizing the Public key and Private key based homomorphic authenticator on the different techniques with distributed verification of ensure-coded data, our scheme achieves the integration of storage correctness and data error localization .The proposed design further supports secure and efficient dynamic activities including data modification, deletion, append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against malicious data modification attack.
Keywords:Cloud computing, Public Key, Private Key, authentication, data security, Cloud S
Corresponding Author: MR. GANESH B. CHAVAN
Access Online On:
www.ijpret.com
How to Cite This Article:
Ganesh B. Chavan, IJPRET, 2015; Volume 3 (9): 966-975
Available Online at www.ijpret.com 967 INTRODUCTION
Several veers are opening on the time of Cloud Computing, which is an Internet based improvement and use of computer knowledge. There are many powerful processors together with the software as a service (SaaS) computing design, are transform data centers into computing service on a massive scale [1]. The increasing network bandwidth and dependable yet flexible network connections make it even possible that users can now support high quality services from data and software.
Moving data into the cloud offers great expediency to users since they don’t have to care about the complexities of direct hardware managing [2]. The initiate of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2) are both well acknowledged examples.[3] While these internet-based online services do provide large amounts of storage space and resources, this computing platform shift, however, is eliminating the dependability of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. Amazon’s S3 is such an example.
Available Online at www.ijpret.com 968 correctness of users’ data in the cloud. This construction significantly reduces the communication and storage overhead as compared to the traditional replication-based file
Expected impact
Methods and tools for better understanding and identifying the risks and consequences when moving application software’s into the cloud[6]
Wider adoption of cloud computing in critical infrastructures through clear specification, design, and implementation guidelines for security goals in highly sensitive cloud computing scenarios[6]
Evaluation and adoption of project results in real-world application scenarios[6]
Research targets
Understanding risk in the created cloud for critical infrastructure IT services [7]
Security policy specification for the cloud.
Building resilient, high-assurance systems in the cloud
Linking technical and legal aspects
2. PROBLEM STATEMENT
2.1System framework
Cloud data storage Module: - Cloud data storage, a user stores his data through a CSP into a set of cloud servers, which are running in a simultaneous, the user interacts with the cloud servers via CSP to access or retrieve his data.
Client Module: - In this module, the client sends the query to the server. Based on the query the server sends the corresponding file to the client.
Available Online at www.ijpret.com 969
Unauthorized data modification and corruption module:- One of the key issue is to effectively detect any unauthorized data modification and corruption, possibly due to server compromise and/or random Byzantine failures.
2.2Adversary framework
We consider two types of adversary framework with different levels of capacity in this paper:
2.2.1 Week framework
The adversary is involved in corrupting the user’s data files stored on individual servers. Once a server is comprised a challenger can corrupt the original data files by modifying its own fallacious data to prevent the original data from being retrieved by the user.
2.2.2 Effective framework
This is the low rest case situation, in which we assume that the challenger can cooperation all the storage servers so that he can deliberately modify the data files as long as they are internally dependable. In fact, this is equivalent to the case where all servers are colluding together to hide a data loss.
Project justification
Figure 1. Network for cloud storage
2.3 Design Goals
Available Online at www.ijpret.com 970
Effective correctness using different technique (SaaS, HaaS, IaaS
Fast localization of data error using different technique (SaaS, HaaS, IaaS
Dynamic data support using different technique (SaaS, HaaS, IaaS
Dependability using different technique (SaaS, HaaS, IaaS
Lightweight using different technique (SaaS, HaaS, IaaS)
2.4 Notation & Preliminaries
F-The data file to be stored. We assume F that can be denoted as a matrix M of equal-sized data vectors each consisting of l blocks. Data blocks are all well represented as elements in Galois Field
for w= 4, 6, 8.
R- The dispersal matrix used for Reed-Solomon coding.
D-Data matrix constructed over data vectors.
C- The encoded file matrix, which includes a set of vectors, n=m+k each consisting of l blocks.
PRF - Pseudorandom function.
PRP- Pseudorandom permutation.
3. CLOUD DATA STORAGE
3.1 Algorithm 1 Token Pre-computation
1. Start
2. Choose file to upload
3. Generate n*m Vector Matrix D on file F.
4. Create Reed Solomon Matrix P over Galois Field where w=4.
Available Online at www.ijpret.com 971 6. Compute Token over Matrix C. ComputeToken (C, l, t, r) where l- block size t - no. of token r- indices per verification. Compute the tokens by pseudorandom function PRF & pseudorandom permutation function PRP
7. Store these precomputed tokens on the main cloud server.
8. Disperse the file over the Cloud. i.e. Matrix D
9. End.
3.2 Correctness confirmation and Error Localization
To eliminate the errors in storage systems key prerequisite is to locate the errors. However, many previous schemes do not explicitly consider the problem of data error localization, thus only provide binary results for the storage verification. In our scheme we integrate the correctness verification and error localization in our challenge-response protocol.[11]-[12] The newly computed tokens from servers for each challenge are compared with pre-computed tokens to determine the correctness of the distributed storage. This also gives information to locate potential data errors.
Algorithm Correctness verification
1 Begin Challenge i, for i=(i=1 to n ), where n total number of cloud servers.
2. Get Token A( ) // Getting precomputed tokens from main cloud server.
3. handlec() // Reading file blocks from all cloud servers for calculating new tokens.
4. Generate Vector Matrix D on all file blocks that are read in step 3.
5. Create Reed Solomon Matrix P
6. Generate Matrix C= D*P. On this matrix, new tokens will be computed.
7. Compute token on Matrix C. Compute Token (C, l, t, r)
8. If (Precomputed token == newly computed token) then, Data is intact Else Data is Corrupt. For that i, initiate the recovery.
Available Online at www.ijpret.com 972 Algorithm: Error Recovery
1. Start
Assume that the data corruptions have been detected & s <= k servers have been identified misbehaving.
2. Download data blocks from backup server.
3. Generate data vectors as per number of cloud storage servers.
4. Distribute the data blocks to corresponding servers & recover the data.
5. End.
4. Data Operation Support
In cloud data storage, there are many potential scenarios where data stored in the cloud is dynamic, like electronic documents, photos, or log files etc. Therefore, it is crucial to consider the dynamic case, where a user may wish to perform various operations of update, delete and append to modify the data file while maintaining the storage correctness assurance. The straightforward and trivial way to support these operations is for user to download all the data from the cloud servers. In cloud data storage, sometimes the user may need to modify some data stored in the cloud, from its current value to a new one. We refer this operation as data update. To perform update operation on particular data block client need to recalculate the verification token on updated data. Also client need to update this value of newly calculated token to all the replicas of file in storage cloud [4,5]. When user want to perform update operation, the splitted file from all storage servers is merged and given to the user to perform data updates. Once user has finished with the updating the data, new tokens are calculated on whole file and they are stored on main cloud server Sometimes, after being stored in the cloud, certain data may need to be deleted [7,8]. The delete operation we are considering is a general one. When user wants to delete some file, he can simply delete it. In delete operation, file blocks that are distributed among cloud storage servers are all deleted [13]. In case of insert operation, we are treating as a part of update operation and we are relaying on update operation for insert operation.
4. SECURITY ANALYSIS AND PERFORMANC EEVALUATION
Available Online at www.ijpret.com 973 our scheme via implementation of both file distribution preparation and verification token pre-computation.
1. Performance Evaluation
a) File Distribution Preparation: We implemented the generation of parity vectors for our scheme under field our experiment is conducted using C on a system with an Intel Core 2 processor running at 2.06 GHz, 2500 MB of RAM, and a 8200 RPM Western Digital 350 GB Serial ATA drive with an 10 MB buffer.
TABLE I: The cost of parity generation in seconds for an 10 GB data file. For set I, set II the number of parity server’s k is fixed..
5. RELATED WORK
Juels et al. described a formal “proof of retrievability” (POR) model for ensuring the remote data integrity. Their scheme combines spot-cheking and error-correcting code to ensure both possession and retrievability of files on archive service systems. Shacham et al. built on this model and constructed a random linear function based homomorphic authenticator Bowers et al. proposed an improved framework for POR protocols that generalizes both Juels and Shacham’s work. Later in their subsequent work, Bowers et al. extended POR model to distributed systems [4]. However, all these schemes are focusing on static data.. Ateniese et al.defined the “provable data possession” (PDP) model for ensuring possession of file on untrusted storages [5]. Their scheme utilized public key based homomorphic tags for auditing the data file. After that Ateniese et al.described a PDP scheme that uses only symmetric key cryptography [5]. This method has lower-overhead than their previous scheme and allows for block updates, deletions and appends to the stored file, which has also been supported in our work. However, their scheme focuses on single server scenario and does not address small data corruptions, leaving both the distributed scenario and data error recovery issue unexplored.
Available Online at www.ijpret.com 974 6. CONCLUSION
In this paper, we investigated the problem of data security in cloud data storage, which is essentially a distributed storage system. To ensure the correctness of users' data in cloud data storage, we proposed an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append We rely on erasure-correcting code in the file distribution preparation to provide redundancy parity vectors and guarantee the data dependability. By utilizing the homomorphic token with distributed verification of erasure coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., whenever data corruption has been detected during the storage correctness verification across the distributed servers, we can almost guarantee the simultaneous identification of the misbehaving server. Through detailed security and performance analysis, we show that our scheme is highly efficient and resilient to Byzantine failure, malicious data modification attack, and even server colluding attacks.
We believe that data storage security in Cloud Computing, an area full of challenges and of paramount importance, is still in its infancy now, and many research problems are yet to be identified. We envision several possible directions for future research on this area. The most promising one we believe is a model in which public verifiability is enforced. Public verifiability, supported in, allows TPA to audit the cloud data storage without demanding users’ time, feasibility or resources. An interesting question in this model is if we can construct a scheme to achieve both public verifiability and storage correctness assurance of dynamic data. Besides, along with our research on dynamic cloud data storage, we also plan to investigate the problem of fine-grained data error localization.
REFERENCES:
1. Amazon.com, "Amazon Web Services (AWS),"
2. N. Gohring, "Amazon's S3 down for several hours,"
3. A. Juels and J. Burton S. Kaliski, "PORs: Proofs of Retrievability for Large Files,"
4. H. Shacham and B. Waters, "Compact Proofs of Retrievability,"
5. K. D. Bowers, A. Juels, and A. Oprea, "Proofs of Retrievability: Theory and Implementation,"
Available Online at www.ijpret.com 975 7. G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, "Scalable and E_-cient Provable Data Possession,"
8. T. S. J. Schwarz and E. L. Miller, "Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage,"
9. J. S. Plank and Y. Ding, “Note: Correction to the 1997 Tutorial on Reed-Solomon Coding,”.
10.http://en.wikipedia.org/wiki/Cloud_computing
11.Yang, K. and X. Jia, “Data storage auditing service in cloud computing: challenges, methods and opportunities”.
12.Cong Wang,Qian Wang,Kui Ren, and Wenjing Lou, “Ensuring Data Storage Security in Cloud Computing”.
