ABSTRACT
Outsourcing data to a third-party administrative control, as is done in cloud computing, gives rise
to security concerns. The data compromise may occur due to attacks by other users and nodes
within the cloud. Therefore, high security measures are required to protect data within the cloud.
However, the employed security strategy must also take into account the optimization of the data
retrieval time. In this paper, we propose Division and Replication of Data in the Cloud for
Optimal Performance and Security (DROPS) that collectively approaches the security and
performance issues. In the DROPS methodology, we divide a file into fragments, and replicate
the fragmented data over the cloud nodes. Each of the nodes stores only a single fragment of a
particular data file that ensures that even in case of a successful attack, no meaningful
information is revealed to the attacker. Moreover, the nodes storing the fragments, are separated
with certain distance by means of graph T-coloring to prohibit an attacker of guessing the
locations of the fragments. Furthermore, the DROPS methodology does not rely on the
traditional cryptographic techniques for the data security; thereby relieving the system of
computationally expensive methodologies. We show that the probability to locate and
compromise all of the nodes storing the fragments of a single file is extremely low. We also
compare the performance of the DROPS methodology with ten other schemes. The higher level
of security with slight performance overhead was observed.
Introduction
Security is one of the most crucial aspects among those prohibiting the wide-spread adoption of
cloud computing. Cloud security issues may stem due to the core technologys implementation
(virtual machine (VM) escape, session riding, etc.), cloud service offerings (structured query
language injection, weak authentication schemes, etc.), and arising from cloud characteristics
(data recovery vulnerability, Internet protocol vulnerability, etc.). For a cloud to be secure, all of
the participating entities must be secure. In any given system with multiple units, the highest
level of the systems security is equal to the security level of the weakest entity. Therefore, in a
cloud, the security of the assets does not solely depend on an individuals security measures. The
neighboring entities may provide an opportunity to an attacker to bypass the users defenses. The
off-site data storage cloud utility requires users to move data in clouds virtualized and shared
environment that may result in various security concerns. Pooling and elasticity of a cloud,
allows the physical resources to be shared among many users. Moreover, the shared resources
may be reassigned to other users at some instance of time that may result in data compromise
through data recovery methodologies. Furthermore, a multi-tenant virtualized environment may
result in a VM to escape the bounds of virtual machine monitor (VMM). The escaped VM can
interfere with other VMs to have access to unauthorized data. Similarly, cross-tenant virtualized
network access may also compromise data privacy and integrity. Improper media sanitization can
also leak customers private data.
Problem Statement
To ensure security and data storage efficiency in cloud, integrity checking is designed effectively.
Enhance the mechanisms work of the integrity checking against the service attacks and threads.
End user can store the data in cloud at anytime and anywhere through internet.
Proposed System
We proposed the methodology with cloud storage security scheme that collectively deals with the
security and performance in terms of retrieval time. The data file was first encrypted and
fragmented. The fragments are dispersed over multiple nodes. The nodes were separated by
means of T-coloring. The fragmentation and dispersal ensured that no significant information
was obtainable by an adversary in case of a successful attack. No node in the cloud, stored more
than a single fragment of the same file. The performance of the methodology was compared with
full-scale replication techniques. The results of the simulations revealed that the simultaneous
focus on the security and performance resulted in increased security level of data accompanied
by a slight performance. Currently with the DROPS methodology, a user has to download the
file, update the contents, and upload it again. It is strategic to develop an automatic update
mechanism that can identify and update the required fragments only. The aforesaid future work
will save the time and resources utilized in downloading, updating, and uploading the file again.
This can be beneficial for user.
Objectives
We develop a scheme for outsourced data that takes into account both the security and
performance. The proposed scheme fragments and replicates the data file over cloud
nodes.
The proposed DROPS scheme ensures that even in the case of a successful attack, no
meaningful information is revealed to the attacker.
We do not rely on traditional cryptographic techniques for data security. The non-
cryptographic nature of the proposed scheme makes it faster to perform the required
operations (placement and retrieval) on the data.
We ensure a controlled replication of the file fragments, where each of the fragments is
replicated only once for the purpose of improved security.
Aim
The main goal of this thesis is to design, implementation, demonstration, and evaluationof a
highly scalable cloud based architectures designed for high performance and rapid evolution for
new businesses.
Literature Survey:
Servlet JSP
Encryption
Fragmentation
Browser
MATHEMATICAL MODEL
S={s, e, X, Y, }
Where,
s = Start of the program.
1. Log in with System.
2. Load File on Cloud Server.
e = End of the program.
Retrieve the useful file from cloud storage.
X = Input of the program.
Input of this system is any file that contains textual or image information.
Y = Output of the program.
First select the file to upload and then send the file to cloud server and Third Party Auditor. After
selecting file it runs fragmentation algorithm and makes fragments of file. After fragmentation
we are encrypting that fragments. After encryption we assign that blocks to the cloud server
nodes. As user requests for downloading if it is valid user he will get file as output.
X, Y U
Space Complexity:
The space complexity depends on Presentation and visualization of discovered patterns. More
the storage of data more is the space complexity.
Time Complexity:
Check No. of patterns available in the datasets= n
If (n>1) then retrieving of information can be time consuming. So the time complexity of this
n
algorithm is O ( n ) .
Failures:
1. Huge database can lead to more time consumption to get the information.
2. Hardware failure.
3. Software failure.
Success:
1. Search the required information from available in Datasets.
2. User gets result very fast according to their needs.
Application:
1) Automatic update mechanism in fragments.
2) Store data in multicloud by fragmenting. (Multicloud)
Algorithms:-
This algorithm is useful for selecting cost efficient cloud server for storing data on cloud.
2) Fragmentation:-
This algorithm makes the fragments of file with fixed size or variable size.
Input: - File.
3) Fragment replication:-
After the file is divided into fragments for the security purpose at cloud server we are
making replicas of fragments. This algorithm makes only one replica of every fragment
to store the space and bandwidth.
4) Fragment Allocation:-
All the fragments of file and its replica we have to store at database and to provide
security we are allocating these fragments and replicas using T-Coloring Graph concept.
5) Key Gen: -
This polynomial-time algorithm is run by the data owner to initialize its public and secret
parameters by taking a security parameter as input.
6) Delegation: -
This algorithm represents the interaction between the data owner and proxy. The data
owner delivers partial secret key x to the proxy through a secure approach.
9) Challenge:-
This algorithm is performed by the TPA with the information of the file as input and a
challenge as output.
11) Verify: -
This algorithm is run by TPA immediately after a proof is received. Taking the proof,
public parameter and the corresponding challenge C as input, it outputs 1 if the
verification passed and 0 otherwise.
12) Repair: -
In the absence of the data owner, the proxy interacts with the cloud servers during this
procedure to repair the wrong server detected by the auditing process.
Modules:-
1) Cloud Client:-
Cloud client should be Data owner or Data user.
Data Owner:-
Data owner is responsible for uploading file on cloud as well as view files
uploaded by him or others. Data owner has information about the placed fragment
and its replicas with their node numbers in cloud.
Data User:-
Data user is the one who is responsible for downloading files or view files
uploaded by others. To download file from cloud he has to be authenticated user
otherwise he will be considered as attacker.
2) Cloud Server:-
Fragmentation:-
This module is used for fragmenting the file for security purpose at sever side.
This module runs the Fragmentation algorithm. It has file as input and produces
the file fragments as output.
Replication:-
This module creates replicas (duplicate copy) of fragments. These replicas are
useful when one of fragment is corrupted by attacker then to provide file for user
admin replaces its replica at that place and combine all fragments and send file to
authenticated user or data owner. To make replicas of file fragments this module
runs replication algorithm which takes input as fragments and produces its
replicas as output.
Allocation:-
After the file is spitted and replicas are generated then we have to allocate that
fragments at cloud server for storing data. While storing or allocating that
fragments we have consider security issues. So we are using T-Coloring Graph
concept for placing fragments at different nodes on cloud server. This module
runs Fragment allocation algorithm which takes input as fragments and produces
the output as fragments allocated with node numbers.
3) TPA: -
TPA stands for Third Party Auditor. Who has expertise and capabilities to conduct public
audits on the coded data in the cloud, the TPA is trusted and its audit result is unbiased for
both data owners and cloud servers. Audit, Challenge and Verify these are the algorithms run
by this module.
4) PA:-
PA stands for Proxy Agent. Who is semi-trusted and acts on behalf of the data owner to
regenerate authenticators and data blocks on the failed servers during the repair procedure.
The data owner is restricted in computational and storage resources compared to other
entities and may becomes off-line even after the data upload procedure. The proxy, who
would always be online, is supposed to be much more powerful than the data owner but less
than the cloud servers in terms of computation and memory capacity. To save resources as
well as the online burden potentially brought by the periodic auditing and accidental
repairing, the data owners resort to the TPA for integrity verification and delegate the
reparation to the proxy.
Advantages:
Disadvantage:
1) Some time more than two nodes not working that time user will not get data accurately.
Contribution:
CONCLUSION
We proposed the DROPS methodology, a cloud storage security scheme that collectively deals
with the security and performance in terms of retrieval time. The data file was fragmented and
the fragments are dispersed over multiple nodes. The nodes were separated by means of T-
coloring. The fragmentation and dispersal ensured that no significant information was obtainable
by an adversary in case of a successful attack. No node in the cloud, stored more than a single
fragment of the same file. The performance of the DROPS methodology was compared with full-
scale replication techniques. The results of the simulations revealed that the simultaneous focus
on the security and performance resulted in increased security level of data accompanied by a
slight performance drop.