Ensuring Privacy for Users Files in cloud with geometry partition method

Hare Ram Singh

, IJRIT 316

IJRIT International Journal of Research in Information Technology, Volume 1, Issue 10, October, 2013, Pg. 316-322

International Journal of Research in Information Technology (IJRIT)

www.ijrit.com

ISSN 2001-5569

Ensuring Privacy for Users Files in cloud with geometry partition method

1Hare Ram Singh, ²Theja N

1 2 Assistant Professors, Department of Information Science and Engineering Rajiv Gandhi Institute of Technology, Bangalore, India

1[email protected], ²[email protected]

Abstract

Recent advances have given rise to the popularityand success of cloud computing.However,the boom in cloud computing has brought lots of security challenges for the consumers and service providers. Outsourcing thedata and business application to a third party causes the securityand privacy issues to become a critical concern.The rapid growth in field of “cloud computing” also increases severe security concerns. Privacy is a critical concern with regards to cloud computing due to the fact that customers’

data and business logic reside among distrusted cloud servers, which are owned and maintained by the cloud provider. Therefore, there are potential risks that the confidential data (e.g., financial data, health record) or personal information (e.g., personal profile) is disclosed to public or business competitors. Current solutions are based on encryption methods which are quite complex & may increase the file size. Due to this more resources will be used at cloud. We propose a simple & a powerful method using geometry partition for data privacy in cloud.

Keywords: cloud computing; cloud computing security; cloud computing security management

1. Introduction

Enterprises and other organizations often have to store and operate on a huge amount of data. Cloud computing [1][2][3]offers infrastructure and services on demand for various customers on shared resources. Services that are offered range from infrastructure services such as Amazon EC2 (computation) or S3 (storage), over platform services such as Google App Engine or Microsoft database services SQL Azure, to software services such as outsourced customer relationship management applications by salesforce.com.CLOUD computing has begun to emerge as a hotspot in both industry and academia; It represents a new business model and computing paradigm, which enables on demand provisioning of computational and storage resources. Economic benefits consist of the

Hare Ram Singh

, IJRIT 317

main drive for cloud computing due to the fact that cloud computing offers an effective way to reduce capital expenditure (CapEx) and operational expenditure (OpEx). The definition of cloud computing has been given in many literatures [1], [2], [3], [10], but nothing has gained wide recognition. Throughout this working text, we cite [1], which defines cloud computing as:”A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet.”

Throughout this text, we regard privacy-preservability as the core attribute of privacy. A few security attributes directly or indirectly influence privacy-preservability, including confidentiality, integrity, accountability, etc.

Evidently, in order to keep private data from being disclosed, confidentiality becomes indispensable, and integrity ensures that datacomputation is not corrupted, which somehow preserves privacy. Accountability, on the contrary, may undermine privacy due to the fact that the methods of achieving the two attributes usually conflict.

In some sense, privacy-preservability is a stricter form of confidentiality, due to the notion that they both prevent information leakage. Therefore, if cloud confidentiality is ever violated, privacy-preservability will also be violated.

Similar to other security services, the meaning of cloud privacy is twofold: data privacy and computation privacy.

The enthusiasm for cloud infrastructures is not only present in the business world, but also extends to government agencies. Federal Chief Information Officer(CIO) Vivek Kundra of United States recently released Federal Cloud Computing Strategy (February 8, 2011) document [9] calling for about a quarter of federal IT spending committed to cloud systems.

In this paper we focus on the data privacy issue. The current solutions proposed for data privacy is based on complex encryption methods which require lot of space & computation power. In this paper we propose a simple geometry partitioning method to split the file to partitions. The partitions are then distributed in the cloud, during the read, the reverse operation happens to assemble the file.

The remainder of the paper is organized as follows. In the section II we have explained the literature review on various papers related to the problem. The proposed method is explained with architecture in detail in the sections III and IV. We have concluded in the section V.

2. Literature Survey

La‘Quata Sumter et al. [1] says: The rise in the scope of ―cloud computingǁ has brought fear about the ―Internet Securityǁ and the threat of security in ―cloud computingǁ is continuously increasing. Consumers of the cloud computing services have serious concerns about the availability of their data when required. Users have server concern about the security and access mechanism in cloud computing environment. To assure users that there information is secure, safe not accessible to unauthorized people, they have proposed the design of a system that will capture the movement and processing of the information kept on the cloud. They have identified there is need of security capture device on the cloud, Chow et al. [21] have classified the privacy-preserving approaches into three categories, which are shown in Table I.

Table 1: Privacy preserving approaches

Hare Ram Singh

, IJRIT 318

Approach Description Example

Information centric security

Data objects have access- control policies with them

A data outsourcing architecture combining cryptography and access control

Trusted computing

The system will consistently behave in expected ways with hardware or software

enforcement

Trusted cloud computing platform; Hardware Token; Privacy -AAS

Cryptographic protocols

Cryptographic technique and tools are employed to preserve privacy.

Fully homomorphic encryption and its application

Gentry proposed Fully Homomorphic Encryption (FHE) to preserve privacy in cloud computing [15][16].

FHE enables computation on encrypted data, which is stored in the distrusted servers of the cloud provider. Data may be processed without decryption. The cloud servers have little to no knowledge concerning the input data, the processing function, the result, and any intermediate result values. Therefore, the outsourced computation occurs under the covers in a fully privacy-preserving way. FHE has become a powerful tool to enforce privacy preserving in cloud computing. However, all known FHE schemes are too inefficient for use in practice. While researchers are trying to reduce the complexity of FHE, it is worthwhile to consider alleviating the power of FHE to regain efficiency. Naehrig et al.has proposed somewhat homomorphic encryption [16], which only supports a number of homomorphic operations, which may be much faster and more compact than FHE.

Pearson et al. ([17] and [18]) propose privacy manager that relies on obfuscation techniques. The privacy manager can provide obfuscation and de-obfuscation service to reduce the amount of sensitive information stored in the cloud. The main idea is to only store the encrypted form of clients’ private data in the cloud end. The data process is directly performed on the encrypted data. One limitation is that cloud vendors may not be willing to implement additional services for privacy protection. Without provider’s cooperation, this scheme will not work.

Another line of works tries to solve these problems by establishing trusted execution environments where the cloud client can verify the integrity of the software and the configuration of the cloud provider’s hardware platform. This requires, however, secure software such as secure hypervisors for policy enforcement and attestation mechanisms for integrity verification. The use of trusted computing based remote attestation in the cloud scenario was recently discussed in [19].

Squicciarini et al. [19] explores a novel privacy issue that is caused by data indexing. In order to tackle data indexing and to prevent information leakage, the researchers present three-tier data protection architecture to offer different levelsof privacy to cloud customers.

Hare Ram Singh

, IJRIT 319

Itani et al. [20] presents a Privacy-as-a-Service so it may enable secure storage and computation of private data by leveraging the tamper-proof capabilities of cryptographic coprocessors, which, in turn, protect customer data from unauthorized access.

Sadeghi et al. [14] argue that pure cryptographic solutionsbased on fully homomorphic and verifiable encryption sufferhigh latency for offering practical secure outsourcing ofcomputationto a distrusted cloud service provider.

They propose tocombine a trusted hardware token with Secure FunctionEvaluation (SFE) in order to compute arbitrary functionson data when it is still in encrypted form. The computationleaks no information and is verifiable.

The focus of this workis to minimize the computation latency to enable efficient,secure outsourcing in cloud computing. A hardware token istamper-proof against physical attacks. If the token is underthe assumption of being trusty, the clients’ dataprocessingmay be performed in the token that is attached to a distrustedcloud server. The property of a token can guarantee that thedata computation is confidential as well as being verifiable.The solution presented in [18] only needs to deploy a tamperprooftoken in the setup pre-processing phase. In the follow up online phase, only symmetric cryptographic operations are performed in the cloud, without requiring further interaction with the token.

3. Overview of Proposed Solution

Our proposed solution consists of two stages.

I. Data storage II. Data retrieval

In the data storage part, we treat the File as an image fitting into a frame & split the File into partitions. The split partitions are then saved as separate files in the cloud. In the date retrieval part, the partitions are assembled to form the file.

4. Details of Proposed Mechanism

4.1 Data Storage

In cloud there is a data storage agent responsible for data storage with privacy. User gives the file to store in cloud to the data storage agent. The File is treated like an image & split into multiple non-intersecting partitions.

The partitions starting (X, Y) position, length & breadth is stored in a metadata file. The file content is split along the partitions & stored as separate files. The split file names are also written to the metadata file. The metadata file is then encrypted with the key& sent to the users registered email id. The key is delivered to user mobile number. The key & the metadata is delivered to different targets (mobile number & email id) to ensure double protection. Without both the information it will be difficult to retrieve the file.

Hare Ram Singh

, IJRIT 320

Figure 1: Storage of data in the cloud

From the partitions, inference attack can be launched to find the file contents. To protect from the inference attack, the file contents can be stegnograped to an image & partition applied to that image. The kind of partitions to apply to the file can be a random pattern or one of pattern chosen randomly from a set of patterns.

4.2 Data retrieval

To retrieve the file from the cloud, the user has to provide both the key & the encrypted metadata file to the data retrieval agent. The data retrieval agent takes the partition files by using the embedded information in the metadata file by decrypting it. Partitions are placed in order to retrieve the file contents.

Figure 2: Retrieval of data from the cloud

4.3 Optimization in our proposed Scheme

The partitions can be further split to sub-partitions in the same pattern as followed for the file. This will look like fractals. Applying fractal geometry to partition the file would make the data retrieval a very difficult job for the attackers without the meta data file.

The patterns to split the file to partition can be formed based on the content of the file. This will make the inference attacks very difficult. Though we have proposed only rectangular partitions, partitions based on more complex shapes can make the attack practically impossible.

To make the inference attacks even more difficult, the data can be encrypted using simple algorithm or stegnographed to an image & then partioning is applied

Hare Ram Singh

, IJRIT 321

5. Conclusion and Enhancements

In this paper, we have detailed our proposed method for ensuring data privacy. Our mechanism has the advantage that the space occupied for the data stored in cloud is same as the original file. Even for bigger files, the time taken to split to partition & then reassemble is lower.

6. References

[1] R. La‘Quata Sumter, ―Cloud Computing: Security Risk Classificationǁ, ACMSE 2010, Oxford, USA

[2] I. Foster, Y. Zhao, I. Raicu, and S. Lu, “Cloud computing and grid computing 360-degree compared,” Grid Computing Environments Workshop, 2008. GCE’08, 2009, pp. 1-10.

[3] J. Geelan. “Twenty one experts define cloud computing,” Virtualization, August 2008. Electronic Mag., article available at http:// virtualization.sys-con.com/node/612375.

[4] R. Buyya, C. S. Yeo, and S. Venugopal. “Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities,” CoRR, (abs/0808.3558), 2008.

[5] Luis M. Vaquero, Luis Rodero-Merino and Daniel Mor´an, “Locking the sky: a survey on IaaS cloud security,”

Computing, 2010, DOI:10.1007/s00607-010-0140-x.

[6] Google Docs experienced data breach during March 2009.

[7] Cloud Security Alliance (CSA). “Security Guidance for Critical Areas of Focus in Cloud Computing V2.1,”

(Released December 17, 2009).

[8] http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf

[9] Cloud Security Alliance (CSA). “Top Threats to Cloud Computing V 1.0,” released March 2010.

[10] Federal Cloud Computing Strategy, February 8, 2011. <http://www.cio.gov/documents/Federal-Cloud- Computing-Strategy.pdf>

[11] The security-as-a-service model. http://cloudsecurity.trendmicro.com /the-security-as-a-service-model/

[12] S.D. Di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “A data outsourcing architecture combining cryptography and access control,” Proc. 2007 ACM workshop on Computer security architecture, 2007, pp. 63-69.

[13] P. Mell and T. Grance. The NIST Definition of Cloud Computing (Draft). [Online] Available:

www.nist.gov/itl/cloud/upload/cloud-defv15.pdf., Jan. 2011.

[14] A.R. Sadeghi, T. Schneider, and M. Winandy, “Token-Based Cloud Computing,” Trust and Trustworthy Computing, 2010, pp. 417-429

[15] C. Gentry, “Fully homomorphic encryption using ideal lattices,” In STOC, pages 169-178, 2009.

[16] M. Naehrig, K. Lauter, and V. Vaikuntanathan, “Can homomorphicencryption be practical?” in Proc. 3rd ACM workshop on Cloud computing security workshop, New York, NY, USA, 2011, pp. 113-124.

[17] S. Pearson, Y. Shen, and M. Mowbray, “A privacy manager for cloud computing,” Cloud Computing, 2009, pp. 90-106.

[18] M. Mowbray and S. Pearson, “A client-based privacy manager for cloud computing,” Proc. Fourth International ICST Conference on communication System softWAre and middlewaRE, 2009, pp. 1-8.

[19] Squicciarini, S. Sundareswaran, and D. Lin, “Preventing Information Leakage from Indexing in the Cloud,”

2010 IEEE 3rd International Conference on Cloud Computing, 2010, pp. 188-195.

[20] W. Itani, A. Kayssi, and A. Chehab, “Privacy as a Service: Privacy- Aware Data Storage and Processing in Cloud Computing Architectures,” IEEE International Conference on Dependable, Autonomic and Secure Computing, 2009, pp. 711-716.

[21] Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: ACM Workshop on Cloud Computing Security (CCSW 2009), pp. 85–90. ACM, New York (2009)

Hare Ram Singh

, IJRIT 322

10. Bibliography

Hare Ram Singh has received his BE degree in Computer Science & Engineering in 2008 from JSSATE, Bangalore and M.Tech in Computer Science & Engineering from BTLIT, Bangalore.

Currently, he is working as Assistant Professor in the Information

Science & Engineering department at RGIT, Bangalore. He is interested in Computer Networks, Cloud Computing, Image Processing and Data Mining research fields etc.

Theja N has received his BE degree in Computer Science & Engineering in 2009 from SJCE, Mysore and M.Tech in Computer Science & Engineering from BTLIT, Bangalore. Currently, he is working as Assistant Professor in the Information Science & Engineering

department at RGIT, Bangalore. He is interested in at RGIT, Bangalore. He is interested in Computer Networks, Image Processing and Algorithms research fields etc.