International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 12, December 2013)
684
Provenance Based Distributed Cloud System Using Jar
Acessibility
Viknasudha S
1,
Thresphine J. R
21M.TECH, 2Assistant Professor, (Computer Science & Eng), PRIST UNIVERSITY, Pondicherry India Abstract— Cloud computing is one of the most important
service in the internet. The widespread use of cloud computing has opened up new challenges by introducing different types of trust scenario. The lack of confidence in trusting information flow in cloud has become common, as users fear of losing control of their own data (like personal, financial, health). To overcome this type data lose we applying new concept to rectify it. This new concept helps to keep on tracing the real information about users and it is named as CIA (Cloud Information Accountability). The objective center of the framework approaches the logging action for the user’s data or information and also for their policies in the services. Some bars in the logging options we search for another way to get the cloud services in effective manner so we introduce the JAR (Java ARchives) capabilities in this paper. JAR helps the user or consumer to transfer the information from one place to another place. In JAR method don’t have edit option for the user’s data or information. In this paper, we mainly propose the provenance controls technique. This technique helps the user to read or write the information in the user end. Our proposed approach in the cloud service provides the
efficient and effective works shown through the
demonstration and experimental analysis.
Keywords—Accountability, Cloud Computing, JAR file, Privacy, Provenance Control.
I. INTRODUCTION
Cloud computing presents a new way to enhance the current consumption and delivery model for IT services based on the Internet, by indulge for dynamically scalable and often virtualized resources as a service over the internet. To date, there are a number of notable retailing and individual cloud computing relevance, including Amazon, Google, Microsoft, Yahoo, and Sales force. Moreover, users may not know the machines which actually process and host their data. While accessing the convenience brought by this new technology, users also start worrying about exhaust control of their own data. The data processed on clouds are frequently outsourced, leading to a number of issues disclose to accountability, including the handling of subjectively identifiable information. Such fears are becoming an indicative barrier to the wide adoption of cloud services. In order to overpower the above problems, we approach a new technique in this paper as CIA (Cloud Information Accountability).This framework is the actual usage of the user’s information is to keep on tracing in the cloud services.
The CIA framework is designed for the logging action against the user’s data and their policies to the user in the cloud but some problems happen in the logging actions. To overpower the issues in the service, we address the JAR (Java Archives) programming capabilities and this enables the user or consumer to transfer the information from one place to another place. By using the JAR files, the automated logging action happens in the cloud services. By using this, the user can implement any policies in the services. For examples, the data user can access either control policies or logging policies. By using the JAR files the data sharing becomes very strong because it records the error and correcting the errors happen and sends it to the destination correctly and also monitor the loss of any logs. But in the JAR file don’t have the edit option and also has no contact to its central point of data sharing.
II. RELATED WORKS
First review related for works addressing the privacy and security issues in the cloud. Then we briefly discuss works which adopt similar techniques as our approach but server for different purposes.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 12, December 2013)
685
[3] Ms.P.Angaiyarkanni, and Mr.C.Ramesh, Cloud computing has the great prospective to dramatically change the scenery of the current IT industry. Cloud services are provided based on user request. In cloud atmosphere the client information are generally processed remotely in unfamiliar machines that users do not hold or control. The user’s data control is reduced on data sharing under remote machines. Centralized monitoring applications are not apt for highly dynamic data access environment. Data entrée management can be done through the cloud service providers. In this we use Cloud Information Accountability framework, it’s used to keep track of the genuine usage of the users’ information in the cloud. Also combines the access control, usage control and authentication polices. The data are sending along with access control policies and logging policies enclosed in JAR files, to cloud serviceproviders. Current framework does not offer
authentication and integrity. The proposed system mainly focus on the accountability framework to be enhanced to provide authentication idea for JAR files and combines the data and runtime integrity confirmation technique. Log data study is provided with indexing and aggregation functions. The system includes the data and executable access control model.
2.1 Related techniques
Java based techniques for security of our methods are related to self-defending objects. Self-defending objects are an extension of the object oriented programming paradigm, where software objects that offer sensitive functions or hold sensitive data are responsible for protecting those functions or data. We provided a java based approach to prevent privacy leakage from indexing which could be integrated with the CIA framework proposed in this work since they build on related architecture. Another work is by Mont et al. who access control using identifying based encryption. We also leverage IBE techniques but in a very different way. We do not rely on IBE to bind the content with the rules. We use it to provide strong guarantees for the encrypted content and the log files, such as protection against chosen plaintext and cipher text attacks.
III. EXISTING SYSTEM
With respect to user viewpoint, it is essential to provide an effective method for users to observe the usage of their data in the cloud environment.
For example, users need to be able to ensure that their data are handled according to the service level agreements made at the time they sign on for services in the cloud. Predictable access control approaches developed for closed domains such as databases and operating systems, and centralized server in distributed environments, are not suitable in cloud.
3.1 Problems on Existing System
Initially, data handling can be outsourced by the direct cloud service provider (CSP) to other entities in the cloud and these entities can also assign the tasks to others, etc. Second, entities are allowed to join and leave the cloud environment in a flexible manner. So, data handling in the cloud goes through a complex and dynamic hierarchical service chain which does not exist in conventional environments.
IV. PROPOSED WORK
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 12, December 2013)
686
Figure-1 Architecture of the systemFigure-1 shows the architecture of the complete system, in this figure first data owner sends their own information to the JAR generation and same data is send to JAR. In this JAR, all data’s or information of the user are stored for other purposes. The cloud sever is connected to the JAR for the authentication response and request. But in the JAR file don’t have the edit option so to overcome this issue, we propose the new technique called provenance controls to JAR. By using this control the data’s can be read or write by the user. In this JAR, maintains the error correcting and sends the Original data’s to the user. Through our proposed approach the user’s data is in full security and the data or information of the user prevents from various attacks.
Our main contributions of the paper are as follows:
Through our proposal automated logging actions followed in the data sharing service in the cloud.
Our proposal of provenance controls in this paper, the data or information of the user can be easily edit and send it to destination.
Our proposal approach gives efficient and effective data sharing between two places is shown through our experimental analysis.
4.1 Implementation of Logging Mechanism
The data owner specify the rules that is who will going to handle particular data. Outer JAR contains access control policies and Java authentication policies. One Outer JAR contains one or many inner JAR. Inner JARs contain data of data owner. Outer JAR will decide correct inner JAR. Data owner does not know on which server data will placed. Authentication is done according to server’s URL.
4.1.1 Log record generation
Log records are generated by the logger component. Logging occurs at any access to the data in the JAR, and new log entries are placed sequentially, in order of creation
Lr = r1, r2, r3, r4... rk. Each record rk is encrypted individually and placed to the log file. In particular, a log record takes the following form:
rk = ( id, action, T, loc,h((id, action, T, loc)ǀri-1ǀ…r1), sig )
Where,
rk = log record id = user identification
action = action perform on user's data T = Time at location loc
loc = Location
h((id, action, T, loc)ǀri-1ǀ…r1) = checksum component sig = Signature of record by server.
4.2 Push and Pull Mode
To allow users to be timely and accurately informed about their data usage, this distributed logging mechanism is providing auditing mechanism i.e. 1.push mode 2.pull mode
4.2.1 Push Mode
In this mode, the logs are automatically send to the data owner by the Harmonizer, it is important when usage of data is so large. Using this mode owner get knowledge of timely access of his data in CSP. If log records are not send to owner periodically then JAR file become very large in size. This mode is very important for owners who want update of timely access of his data. By this mode size of log file does not exceed and also achieve timely detection and correction of log records. Auditor also detects any wrong entries to log file, using checksum added to each log record. This happen at two times when JAR file exceed by the data of data owner and timer in JAR file over after decided time. As logs are dumped periodically then free space is use for future logs.
4.2.2 Pull Mode
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 12, December 2013)
687
4.3 Evolution of Proposed AlgorithmThe algorithm here used is Log Retrieval Algorithm for Push and Pull modes. The algorithm presents logging and synchronization steps with the harmonizer in case of pure Log. First the algorithm checks whether the size of the JAR has exceeded a stipulated size or the normal time between two consecutive dumps has elapsed. The size and time threshold for a dump are specified by the data owner at the time of development of the JAR. The algorithm also determines whether the data owner has requested a dump of the log files. If none of these events has happened it proceeds to encrypt the record and write the error correction information to the harmonizer. The interaction with the harmonizer begins with a simple handshake. If no response is received the log file records an error. The data owner is then altered via emails, if the JAR is configured to send error notifications. Once the handshake is done, the interaction with the harmonizer proceeds using a TCP/IP protocol. If either of the aforementioned events has happened, JAR simply dumps the log files and resets all the variables, to make a space for a new record. In case of Access Log checks whether the CSP accessing the log satisfies all the conditions specified in the policies pertaining to it. If the conditions are fulfilled, access is granted otherwise, access is declined.
V. MODULES DESCRIPTION
5.1 Data Owner Module
In this module, the data owner uploads their data in the cloud server. The new users can register with the service provider and create a new account and so they can securely upload the files and store it. For the security purpose the data owner encrypts the data file and then store in the cloud. The Data owner can have capable of manipulating the encrypted data file. And the data owner can set the access privilege to the encrypted data file. To allay users’ concerns, it is essential to provide an effective mechanism for users to monitor the usage of their data in the cloud. For example, users need to be able to ensure that their data are handled according to the service level agreements made at the time they sign on for services in the cloud.
5.2 Jar Creation Module
In this module we create the jar file for every file upload. The user should have the same jar file to download the file. This way the data is going to be secured. The logging should be decentralized in order to adapt to the dynamic nature of the cloud. More specifically, log files should be tightly bounded with the corresponding data being controlled, and require minimal infrastructural support from any server. Every access to the user’s data should be correctly and automatically logged.
This requires integrated techniques to authenticate the entity who accesses the data, verify, and record the actual operations on the data as well as the time that the data have been accessed. Log files should be reliable and tamper proof to avoid illegal insertion, deletion, and modification by malicious parties. Recovery mechanisms are also desirable to restore damaged log files caused by technical problems. The proposed technique should not intrusively monitor data recipients’ systems, nor it should introduce heavy communication and computation overhead, which otherwise will hinder its feasibility and adoption in practice.
5.3 Cloud Service Provider
The cloud service provider manages a cloud to provide data storage service. Data owners encrypt their data files and store them in the cloud with the jar file created for each file for sharing with data consumers. To access the shared data files, data consumers download encrypted data files of their interest from the cloud and then decrypt them.
5.4 Disassembling Attack
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 12, December 2013)
688
If the attacker wants to infer access control policies, the only possible way is through analyzing the log file. This is, however, very hard to accomplish since, as mentioned earlier, log records are encrypted and breaking the encryption is computationally hard. Also, the attacker cannot modify the log files extracted from a disassembled JAR. Would the attacker erase or tamper a record, the integrity checks added to each record of the log will not match at the time of verification, revealing the error. Similarly, attackers will not be able to write fake records to log files without going undetected, since they will need to sign with a valid key and the chain of hashes will not match.5.5 Man-in-the-Middle Attack
In this module, an attacker may intercept messages during the authentication of a service provider with the certificate authority, and reply the messages in order to masquerade as a legitimate service provider. There are two points in time that the attacker can replay the messages. One is after the actual service provider has completely disconnected and ended a session with the certificate authority. The other is when the actual service provider is disconnected but the session is not over, so the attacker may try to renegotiate the connection. The first type of attack will not succeed since the certificate typically has a time stamp which will become obsolete at the time point of reuse. The second type of attack will also fail since renegotiation is banned in the latest version of OpenSSL and cryptographic checks have been added.
5.6 Provenance Control Module
The cloud sever is connected to the JAR for the authentication response and request. But in the JAR file don’t have the edit option so to overcome this issue, we propose the new technique called provenance controls to JAR. By using this control the data’s can be read or write by the user. In this JAR, maintains the error correcting and sends the original data’s to the user.
VI. CONCLUSION AND FUTURE WORKS
To preserve the user’s data or information on the internet is very important. The user data’s known by the unauthorized person means leads to misbehaviors.
Before proposing this paper, there is no solution for this kind of misbehaviors from the third persons or unknown person. So first proposing against the improper activities is automated logging access by using the auditing mechanisms and then CIA. In CIA framework also leads to some obstacles in the data sharing service in the cloud. To overcome those problems we approach the new technique as JAR files. In the JAR programming capabilities the data sharing between the two people is carried out in effective manner. But edit options in not found in the JAR. So we implement new idea for that, we introduced the provenance controls technique in this paper. Our proposed technique works in efficient manner as showed through simulation and experimental analysis of our work.
REFERENCES
[1] Shraddha B. Toney and Sandeep U.Kadam,” Cloud Information Accountability Frameworks for Data Sharing in Cloud - A Review” International Journal of Computer Trends and Technology- volume4Issue3- 2013
[2] SmithaSundareswaran, Anna C. Squicciarini and Dan Lin, "Ensuring Distributed Accountability for Data Sharing in the Cloud," IEEE Transaction on dependable a secure computing, VOL. 9, NO. 4, pg 556-568, 2012 .
[3] Ms.P.Angaiyarkanni, and Mr.C.Ramesh “A Decentralized Data Distribution Assessment for Virtual Storage System”- International Journal of Computer Science and Management Research Vol 2 Issue 2 February 2013
[4] Hui Wang “Privacy-Preserving Data Sharing in Cloud Computing”- Journal of Computer Science and TechnologyMay 2010, Volume 25, Issue 3, pp 401-414
[5] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing,” Proc. EuropeanConf. Research in Computer Security (ESORICS), pp. 355-370, 2009.
[6] Marco Casassa Mont, Ilaria Matteucci, Marinella Petrocchi, and MarcoLucaSbodio([email protected],ilaria.matteucci @iit.cnr.it, [email protected])-“Enabling Data Sharing in [email protected], in the cloud.
[7] A. Squicciarini, S. Sundareswaran, and D. Lin, “Preventing Information Leakage from Indexing in the Cloud,” Proc. IEEE Int‟l Conf. Cloud Computing, 2010.
