0 penilaian0% menganggap dokumen ini bermanfaat (0 suara)
19 tayangan6 halaman
This Cloud storage service has made the users
to access their data anywhere anytime without any
trouble. Available systems that provide support for the
remote data integrity are useful for quality of service
testing but do not deal with server failure or handling
misbehaving servers. The proposed system ensures storage
integrity in the server where the cloud user’s data is
stored. It achieves strong cloud storage security and fast
data error localization with the results provided by the
auditing mechanism that is carried out by the Third Party
Auditor. Also it further supports secure and efficient
dynamic operations on outsourced data. Third Party
Auditor carries out the public auditing in-order to
maintain the integrity for the data stored in cloud. The
user delegates the integrity checking tasks of the data
stored in the cloud storage to the Third Party Auditor,
who then does the auditing process. Erasure correcting
code is used in the file distribution and dependability
against Byzantine failure. Data integrity in ensured with
the help of verification key along with erasure coded data
which also allows handling of storage correctness and
identification of misbehaving cloud server. The audit
protocol blocker is introduced to monitor the correctness
of the user and Third Party Auditor. It prevents the cloud
users from misusing the privileges that are provided to
them by the cloud server.
This Cloud storage service has made the users
to access their data anywhere anytime without any
trouble. Available systems that provide support for the
remote data integrity are useful for quality of service
testing but do not deal with server failure or handling
misbehaving servers. The proposed system ensures storage
integrity in the server where the cloud user’s data is
stored. It achieves strong cloud storage security and fast
data error localization with the results provided by the
auditing mechanism that is carried out by the Third Party
Auditor. Also it further supports secure and efficient
dynamic operations on outsourced data. Third Party
Auditor carries out the public auditing in-order to
maintain the integrity for the data stored in cloud. The
user delegates the integrity checking tasks of the data
stored in the cloud storage to the Third Party Auditor,
who then does the auditing process. Erasure correcting
code is used in the file distribution and dependability
against Byzantine failure. Data integrity in ensured with
the help of verification key along with erasure coded data
which also allows handling of storage correctness and
identification of misbehaving cloud server. The audit
protocol blocker is introduced to monitor the correctness
of the user and Third Party Auditor. It prevents the cloud
users from misusing the privileges that are provided to
them by the cloud server.
This Cloud storage service has made the users
to access their data anywhere anytime without any
trouble. Available systems that provide support for the
remote data integrity are useful for quality of service
testing but do not deal with server failure or handling
misbehaving servers. The proposed system ensures storage
integrity in the server where the cloud user’s data is
stored. It achieves strong cloud storage security and fast
data error localization with the results provided by the
auditing mechanism that is carried out by the Third Party
Auditor. Also it further supports secure and efficient
dynamic operations on outsourced data. Third Party
Auditor carries out the public auditing in-order to
maintain the integrity for the data stored in cloud. The
user delegates the integrity checking tasks of the data
stored in the cloud storage to the Third Party Auditor,
who then does the auditing process. Erasure correcting
code is used in the file distribution and dependability
against Byzantine failure. Data integrity in ensured with
the help of verification key along with erasure coded data
which also allows handling of storage correctness and
identification of misbehaving cloud server. The audit
protocol blocker is introduced to monitor the correctness
of the user and Third Party Auditor. It prevents the cloud
users from misusing the privileges that are provided to
them by the cloud server.
Secure Storage Services In Cloud Computing S. Muthakshi #1 , Dr. T.Meyyappan M.Sc., MBA. M.Phil., Ph.d., *2
# Department of Computer Science and Engineering, Alagappa University, Karaikudi, Tamilnadu,India.
Abstract This Cloud storage service has made the users to access their data anywhere anytime without any trouble. Available systems that provide support for the remote data integrity are useful for quality of service testing but do not deal with server failure or handling misbehaving servers. The proposed system ensures storage integrity in the server where the cloud users data is stored. It achieves strong cloud storage security and fast data error localization with the results provided by the auditing mechanism that is carried out by the Third Party Auditor. Also it further supports secure and efficient dynamic operations on outsourced data. Third Party Auditor carries out the public auditing in-order to maintain the integrity for the data stored in cloud. The user delegates the integrity checking tasks of the data stored in the cloud storage to the Third Party Auditor, who then does the auditing process. Erasure correcting code is used in the file distribution and dependability against Byzantine failure. Data integrity in ensured with the help of verification key along with erasure coded data which also allows handling of storage correctness and identification of misbehaving cloud server. The audit protocol blocker is introduced to monitor the correctness of the user and Third Party Auditor. It prevents the cloud users from misusing the privileges that are provided to them by the cloud server.
Keywords Data storage, Cloud Service Provider, TPA. I. INTRODUCTION This Several trends are opening up the era of Cloud Computing, which is an Internet-based development and use of computer technology. The ever cheaper and more powerful processors, together with the software as a service (SaaS) computing architecture, are transforming data centers into pools of computing service on a huge scale. The increasing network bandwidth and reliable yet flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centers.
ARCHITECTURE OF CLOUD STORAGE SYSTEM:
Fig:1 CLOUD STORAGE SYSTEM This architecture represents the job of the third party auditor.
Moving data into the cloud offers great convenience to users since they dont have to care about the complexities of direct hardware management. The pioneer of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud EC2) are both well known examples. While these internet-based online services do provide huge amounts of storage space and customizable computing resources, this computing platform shift, however, is eliminating the responsibility of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. On the one hand, although the cloud infrastructures are much more powerful and reliable than personal computing devices, broad range of both internal and external threats for data integrity still exist. Examples of International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
outages and data loss incidents of noteworthy cloud storage services appear from time to time. On the other hand, since users may not retain a local copy of outsourced data, there exist various incentives for cloud service providers (CSP) to behave unfaithfully towards the cloud users regarding the status of their outsourced data. In order to achieve the assurances of cloud data integrity and availability and enforce the quality of cloud storage service, efficient methods that enable on-demand data correctness verification on behalf of cloud users have to be designed. However, the fact that users no longer have physical possession of data in the cloud prohibits the direct adoption of traditional cryptographic primitives for the purpose of data integrity protection. Hence, the verification of cloud storage correctness must be conducted without explicit knowledge of the whole data files. Meanwhile, cloud storage is not just a third party data warehouse. The data stored in the cloud may not only be accessed but also be frequently updated by the users, including insertion, deletion, modification, appending, etc. Thus, it is also imperative to support the integration of this dynamic feature into the cloud storage correctness assurance, which makes the system design even more challenging. Last but not the least, the deployment of Cloud Computing is powered by data centers running in a simultaneous, cooperated and distributed manner. These techniques, while can be useful to ensure the storage correctness without having users possessing local data, are all focusing on single server scenario. They may be useful for quality-of-service testing, but does not guarantee the data availability in case of server failures. Although direct applying these techniques to distributed storage (multiple servers) could be straightforward, the resulted storage verification overhead would be linear to the number of servers. As a complementary approach, researchers have also proposed distributed protocols for ensuring storage correctness across multiple servers or peers. However, while providing efficient cross server storage verification data availability insurance; these schemes are all focusing on static or archival data. As a result, their capabilities of handling dynamic data remains unclear, which inevitably limits their full applicability in cloud storage scenarios.
A simple approach like message authentication codes (MACs) can be used to protect the data integrity.Data owners will initially locally maintain a small amount of MACs for the data files which are to be outsourced. The data owner can verify the integrity by recalculating the MAC of the received data file when he/she wants to retrieve data and will compare it to the local precomputed value. Even though this method allows data owners to verify the correctness of the received data from the cloud, but if the data file is large, MACs cannot be employed. A hash tree can be employed for large data files, in which leaves contains hashes of data blocks and internal contains hashes of their children of the tree. To authenticate his received data the data owner has to store the root hash of the tree. But it does not give any assurance about the correctness of other outsourced data. So to perform this thing for data owner TPA can be used. Various mechanisms are proposed on how to use the TPA so that it can relieve the burden of data owner for local data storage and maintenance, it also eliminates their physical control of storage dependability and security, which traditionally has been expected by both individuals and enterprises with high service-level requirements. This kind of audit service not only helps save data ownerscomputation resources but also provides a transparent yet cost- effective method for data owners to gain trust in the cloud. The presence of TPA eliminates the involvement of the client by auditing whether his data stored in the cloud are indeed intact, which can be important in achieving economies of scale for Cloud Computing. Though this method states how to save the computational resource and cost of storage of owners data buthow to trust on TPA that is not calculated. If TPA modifies data or deletes some dataand if it becomes intrusive and pass information of data owner to unauthorized user than how owner know about this problem is not solved. International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
Thus, new approaches are required to solve the above problem. The author Abhishek Mohta and R. Sahu have given algorithm which ensures data integrity and dynamic data operations. They have used encryption and message digest to ensure data integrity. Although encryption ensures that data is not leaked while transfer and message digest gives identity of client who has send data. They have designed algorithm for data manipulation, insertion of record and record deletion. Insertion and manipulation algorithms inserts and manipulate data efficiently but in data deletion we cant identify the person who have deleted record, how and when means if any one deletes record then this algorithm can no longer work. In that case we can use indexing scheme i.e. if we trace every record by index, that when and which user is accessing record then if user tries to delete record then we can identify him as we have traced him by index. The author Ateniese et al. are the first who have considered the public adaptability in their definedprovable data possession (PDP) method which ensures possession of data files on untrusted storages. For auditing outsourced data their technique utilizes the RSA-based homomorphic authenticators and suggests to randomly sample a few blocks of the file. However,in their scheme the public auditability demands the linear combination of sampled blocks which exposed to the external auditor. When used directly, their protocol is not provably privacy preserving, and thus may leak user data information to the auditor. The author Cong Wang et al. used the public key based homomorphic authenticator and to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind, it uniquely integrate it with random mask technique. For efficiently handling multiple auditing tasks,the technique of bilinear aggregate signature can be explored to extend the main result into a multi-user setting, where TPA can perform multiple auditing tasks simultaneously. A keyed hash function hk(F) is used in Proof of retrievability (POR) scheme. The verifier, pre-computes the cryptographic hash of F using hk(F) before archiving the data file F in the cloud storage, and stores this hash as well as the secret key K. The verifier releases the secret key K to the cloud archive to check the integrity of the file F and asks it to compute and return the value of hk(F). The verifier can check for the integrity of the file F for multiple times by storing multiple hash values for different keys, each one being an independent proof. Although this scheme is very simple and easily implementable the main drawback of this scheme is that it requires higher resource costs for the implementation. Verifier has to store as many keys as the number of checks it wants to perform as well as the hash value of the data file F with each hash key. Computation of the hash value for even a moderately large data files can be computationally burdensome for some clients (PDAs, mobile phones, etc.). Each invocation of the protocol at archive requires the archive to process the entire file F. This processing can be computationally burdensome for the archive even for a lightweight operation like hashing. Furthermore, it requires the prover to read the entire file F - a significant overhead for an archive whose intended load is only an occasional read per file, where every file to be tested frequently . The author Ari Juels and Burton S. Kaliski Jr proposed a scheme Proof of retrievability for large files using sentinels. In this scheme, only a single key can be used irrespective of the size of the file or the number of files unlike in the key-hash approach scheme in which many number of keys are used. III PROPOSED METHOD If any of a cloud gets affected means with the help of the third party auditor (TPA), we easily recover the datas from cloud. We measure cloud correctness based on integrity auditing mechanism it helps to secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append. We ensure our datas always going to be a right one if any mismatch occurs means we easily find out where ever corruption are made based on that we recover the from cloud as much as possible. The user does not have the time to perform the storage correctness verification. He can optionally delegate this task to an independent third party International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
auditor, making the cloud storage publicly verifiable. To achieve the assurances of cloud data integrity and availability and enforce the quality of dependable cloud storage service for users, we propose an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append. Append Operation means the user may want to increase the size of his stored data by adding blocks at the end of the data file, which we refer as data append. Sometimes, after being stored in the cloud, certain data blocks may need to be deleted. The delete operation we are considering is a general one, in which user replaces the data block with zero or some special reserved data symbol.
PROPOSED ALGORITHM:
A) Challenge Token Precomputation
In order to achieve assurance of data storage correctness and data error localization simultaneously, our scheme entirely relies on the precomputed verification tokens. The main idea is as follows: before file distribution the user precomputes a certain number of short verification tokens on individual vector Gj j 2 f1; . . . ; ng, each token covering a random subset of data blocks. Later, when the user wants to make sure the storage correctness for the data in the cloud, he challenges the cloud servers with a set of randomly generated block indices. Upon receiving challenge, each cloud server computes a short signature over the specified blocks and returns them to the user. The values of these signatures should match the corresponding tokens precomputed by the user. Meanwhile, as all servers operate over the same subset of the indices, the requested response values for integrity check must also be a valid codeword determined by the secret matrix P.
B) Correctness Verification and Error Localization
Error localization is a key prerequisite for eliminating errors in storage systems. It is also of critical importance to identify potential threats from external attacks. However, many previous schemes do not explicitly consider the problem of data error localization, thus only providing binary results for the storage verification. Our scheme outperforms those by integrating the correctness verification and error localization (misbehaving server identification) in our challenge-response protocol: the response values from servers for each challenge not only determine the correctness of the distributed storage, but also contain information to locate potential data error(s).
C) File Retrieval and Error Recovery
Since our layout of file matrix is systematic, the user can reconstruct the original file by downloading the data vectors from the first m servers, assuming that they return the correct response values. Notice that our verification scheme is based on random spot-checking, so the storage correctness assurance is a probabilistic one. However, by choosing system parameters e:g:; r; l; t appropriately and conducting enough times of verification, we can guarantee the successful file retrieval with high probability. On the other hand, whenever the data corruption is detected, the comparison of precomputed tokens and received response values can guarantee the identification of misbehaving server(s) (again with high probability), which will be discussed shortly. Therefore, the user can always ask servers to send back blocks of the r rows specified in the challenge and regenerate the correct blocks by erasure correction, shown in Algorithm 3, as long as the number of identified misbehaving servers is less than k. (otherwise, there is no way to recover the corrupted blocks due to lack of redundancy, even if we know the position of misbehaving servers.) The newly recovered blocks can then be redistributed to the misbehaving servers to maintain the correctness of storage.
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
ADVANTAGES: By using these algorithms Storage correctness is to ensure the users data are indeed stored appropriately and kept intact all the time in the cloud. The main advantage of this proposed design allows the user to audit the cloud storage with light- weight communication and computation cost. Here we are using third party auditor to ensure the security.
IV THE STEPS OF ALGORITHM
Algorithm for Storage Correctness and Error Localization 1. while CHALLENGE (i) 2. Re compute i= fkchal(i) and kprp(i) from KPRP 3. Send {i , kprp } to all cloud server 4. Receive from servers {Ri (j) ==1I * G (j) [kprp (q)]| {1 j n} 5. for j=m+1 to n do, 6. Ri(j) =Ri(j)- =1j(SI q,j ) .iq where I q= kprp (q) 7. end for If( (Ri(1),..,Ri(m)).P==(Ri(m+1),., Ri(n)) then 8. Accept and ready for the next challenge 9. else 10. For j=1 to n do 11. if Ri(j) not equal to vi(j) then 12. Return server j is misbehaving 13. end if 14. end for 15. end if 16. end while
Algorithm for Error Recovery 1. Procedure % Assume the block corruption have been detected among % the specified r rows; % assume s k servers have been identified misbehaving 2. Download r rows of blocks from servers; 3. Treat s servers as erasures and recover the blocks. 4. Resend the recovered blocks to corresponding servers 5. End procedure.
V CONCLUSION
In this paper, we investigate the problem of data security in cloud data storage, which is essentially a distributed storage system. To achieve the assurances of cloud data integrity and availability and enforce the quality of dependable cloud storage service for users, we propose an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., whenever data corruption has been detected during the storage correctness verification across the distributed servers, we can almost guarantee the simultaneous identification of the misbehaving servers. We show that our scheme is highly efficient and resilient to Byzantine failure, malicious data modification attack, and even server colluding attacks. Considering the time, computation resources, and even the related online burden of users, we also provide the extension of the proposed main scheme to support third-party auditing, where users can safely delegate the integrity checking tasks to third-party auditors and be worry-free to use the cloud storage services. REFERENCES 1] C. Wang, Q. Wang, K. Ren, and W. Lou, "Ensuring Data Storage Security in Cloud Computing," Proc. 17th Int'l Workshop Quality of Service (IWQoS '09), pp. 1-9, July 2009. [2] Amazon.com, "Amazon Web Services (AWS)," http:/aws. amazon.com,2009. International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
[3] Sun Microsystems, Inc., "Building Customer Trust in Cloud Computing with Transparent Security," https://www.sun.com/offers/detailssun_transparency.xml , Nov.2009. [4] K. Ren, C. Wang, and Q. Wang, "Security Challenges for the Public Cloud," IEEE Internet Computing, vol. 16, no. 1, pp.69-73,2012. [5] M. Arrington, "Gmail Disaster: Reports of Mass Email Deletions," http://www.techcrunch.com/2006/12/28gmail- disasterreports-of-mass-email-deletions ,Dec.2006. [7] Amazon.com, "Amazon S3 Availability Event: July 20, 2008," http://status.aws.amazon.coms3-20080720.html , July 2008. [8] S. Wilson, "Appengine Outage," http://www.cio- weblog.com/50226711appengine_outage.php , June 2008. [9] B. Krebs, "Payment Processor Breach May Be Largest Ever," http://voices.washingtonpost.com/securityfix/ 2009/01 payment_processor_breach_may_b.html ,Jan.2009. [10] A. Juels and B.S. KaliskiJr., "PORs: Proofs of Retrievability for Large Files," Proc. 14th ACM Conf. Computer and Comm. Security (CCS '07), pp. 584-597, Oct. 2007. [11] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, "Provable Data Possession at Untrusted Stores," Proc. 14th ACM Conf. Computer and Comm. Security (CCS '07), pp. 598-609, Oct. 2007. [12] M.A. Shah, M. Baker, J.C. Mogul, and R. Swaminathan, "Auditing to Keep Online Storage Services Honest," Proc. 11th USENIX Workshop Hot Topics in Operating Systems (HotOS '07), pp. 1-6, 2007. [13] M.A. Shah, R. Swaminathan, and M. Baker, "Privacy- Preserving Audit and Extraction of Digital Contents," Cryptology ePrint Archive, Report 2008/186, http:/eprint.iacr.org, 2008. [14] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, "Scalable and Efficient Provable Data Possession," Proc. Fourth Int'l Conf. Security and Privacy in Comm. Netowrks (SecureComm '08), pp. 1-10, 2008. [15] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, "Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing," Proc. 14th European Conf. Research in Computer Security (ESORICS '09), pp. 355-370, 2009.A. Juels and J. Burton S. Kaliski, Pors: Proofs of retrievability for large files, in Proc. of CCS07, Alexandria, VA, October 2007, pp. 584597.