DROPS: Division and Replication of Data in the

Cloud for Optimal Performance and Security

ABSTRACT

Outsourcing data to a third-party administrative control, as is done in cloud computing, gives rise
to security concerns. The data compromise may occur due to attacks by other users and nodes
within the cloud. Therefore, high security measures are required to protect data within the cloud.
However, the employed security strategy must also take into account the optimization of the data
retrieval time. In this paper, we propose Division and Replication of Data in the Cloud for
Optimal Performance and Security (DROPS) that collectively approaches the security and
performance issues. In the DROPS methodology, we divide a file into fragments, and replicate
the fragmented data over the cloud nodes. Each of the nodes stores only a single fragment of a
particular data file that ensures that even in case of a successful attack, no meaningful
information is revealed to the attacker. Moreover, the nodes storing the fragments, are separated
with certain distance by means of graph T-coloring to prohibit an attacker of guessing the
locations of the fragments. Furthermore, the DROPS methodology does not rely on the
traditional cryptographic techniques for the data security; thereby relieving the system of
computationally expensive methodologies. We show that the probability to locate and
compromise all of the nodes storing the fragments of a single file is extremely low. We also
compare the performance of the DROPS methodology with ten other schemes. The higher level
of security with slight performance overhead was observed.

Introduction
Security is one of the most crucial aspects among those prohibiting the wide-spread adoption of
cloud computing. Cloud security issues may stem due to the core technologys implementation
(virtual machine (VM) escape, session riding, etc.), cloud service offerings (structured query
language injection, weak authentication schemes, etc.), and arising from cloud characteristics
(data recovery vulnerability, Internet protocol vulnerability, etc.). For a cloud to be secure, all of
the participating entities must be secure. In any given system with multiple units, the highest
level of the systems security is equal to the security level of the weakest entity. Therefore, in a
cloud, the security of the assets does not solely depend on an individuals security measures. The
neighboring entities may provide an opportunity to an attacker to bypass the users defenses. The
off-site data storage cloud utility requires users to move data in clouds virtualized and shared
environment that may result in various security concerns. Pooling and elasticity of a cloud,
allows the physical resources to be shared among many users. Moreover, the shared resources
may be reassigned to other users at some instance of time that may result in data compromise
through data recovery methodologies. Furthermore, a multi-tenant virtualized environment may
result in a VM to escape the bounds of virtual machine monitor (VMM). The escaped VM can
interfere with other VMs to have access to unauthorized data. Similarly, cross-tenant virtualized
network access may also compromise data privacy and integrity. Improper media sanitization can
also leak customers private data.

Problem Statement
To ensure security and data storage efficiency in cloud, integrity checking is designed effectively.
Enhance the mechanisms work of the integrity checking against the service attacks and threads.
End user can store the data in cloud at anytime and anywhere through internet.

Proposed System

We proposed the methodology with cloud storage security scheme that collectively deals with the
security and performance in terms of retrieval time. The data file was first encrypted and
fragmented. The fragments are dispersed over multiple nodes. The nodes were separated by
means of T-coloring. The fragmentation and dispersal ensured that no significant information
was obtainable by an adversary in case of a successful attack. No node in the cloud, stored more
than a single fragment of the same file. The performance of the methodology was compared with
full-scale replication techniques. The results of the simulations revealed that the simultaneous
focus on the security and performance resulted in increased security level of data accompanied
by a slight performance. Currently with the DROPS methodology, a user has to download the
file, update the contents, and upload it again. It is strategic to develop an automatic update
mechanism that can identify and update the required fragments only. The aforesaid future work
will save the time and resources utilized in downloading, updating, and uploading the file again.
This can be beneficial for user.
Objectives

We develop a scheme for outsourced data that takes into account both the security and
performance. The proposed scheme fragments and replicates the data file over cloud
nodes.
The proposed DROPS scheme ensures that even in the case of a successful attack, no
meaningful information is revealed to the attacker.
We do not rely on traditional cryptographic techniques for data security. The non-
cryptographic nature of the proposed scheme makes it faster to perform the required
operations (placement and retrieval) on the data.
We ensure a controlled replication of the file fragments, where each of the fragments is
replicated only once for the purpose of improved security.

Aim

The main goal of this thesis is to design, implementation, demonstration, and evaluationof a
highly scalable cloud based architectures designed for high performance and rapid evolution for
new businesses.

Literature Survey:

PAPER NAME AUTHOR NAME EXISTING PROPOSED

1) Quanlu Zhang, Based on comprehensive We are going to use
CHARM: A Cost- Shenglong Li, analysis of various state-of- concept of cost
efficient Multi-cloud Zhenhua Li, Yuanjian the-art cloud vendors, this efficient cloud
Data Hosting Scheme Xing, Zhi Yang, and paper proposes a novel data selection from this
with High Yafei Dai hosting scheme (named paper. We are also
Availability Peking University CHARM) which integrates referring Heuristic
Tsinghua University two key functions desired. Data placement
Nanjing Research The first is selecting several algorithm for cloud
Institute of suitable clouds and an selection.
 Electronics appropriate redundancy
Technology, China strategy to store data with
minimized monetary cost and
guaranteed availability. The
second is triggering a
transition process to re-
distribute data according to
the variations of data access
pattern and pricing of clouds.
We evaluate the performance
of CHARM using both trace-
driven simulations and
prototype experiments. The
results show that compared
with the major existing
schemes, CHARM not only
saves around 20% of
monetary cost but also
exhibits sound adaptability to
data and price adjustments.
2) Jun Feng, Yu Chen, Migrating from server- The concept of
D-DOG: Securing Wei-Shinn Ku, Zhou attached storage to distributed fragmentation and
Sensitive Data in Su storage brings new encryption at user
Distributed Storage vulnerabilities in creating a side is referred from
Space by Data secure data storage and access this paper. This
Division and Out-of- facility. Particularly it is a technique provides
order keystream challenge on top of insecure security at host
Generation networks or unreliable storage level, at network
service providers. For level and at cloud
example, in applications such server.
as cloud computing where
 data storage is transparent to
the owner. It is even harder to
protect the data stored in
unreliable hosts. More robust
security scheme is desired to
prevent adversaries from
obtaining sensitive
information when the data is
in their hands. Meanwhile, the
performance gap between the
execution speed of security
software and the amount of
data to be processed is ever
widening.This paper proposes
D-DOG (Data Division and
Out-of-order Keystream
Generation), a novel
encryption method to protect
data in the distributed storage
environments.

3) Mazhar Ali, Student In the DROPS methodology, Concept of T-

DROPS: Division Member, IEEE, we divide a file into coloring graph for
and Replication of Kashif Bilal, Student fragments, and replicate the fragment placement
Data in Cloud for Member, IEEE, fragmented data over the as well as algorithm
Optimal Performance Samee U. Khan, cloud nodes. Each of the for fragment
and Security Senior Member, nodes stores only a single placement has been
IEEE, Bharadwaj fragment of a particular data referred from this
Veeravalli, Senior file that ensures that even in paper.
Member, IEEE, case of a successful attack, no
Keqin Li, Senior meaningful information is
 Member, IEEE, revealed to the attacker.
andAlbert Y. Moreover, the nodes storing
Zomaya, Fellow, the fragments, are separated
IEEE with certain distance by
means of graph T-coloring to
prohibit an attacker of
guessing the locations of the
fragments. Furthermore, the
DROPS methodology does
not rely on the traditional
cryptographic techniques for
the data security; thereby
relieving the system of
computationally expensive
methodologies. We show that
the probability to locate and
compromise all of the nodes
storing the fragments of a
single file is extremely low.
Wealso compare the
performance of the DROPS
methodology with ten other
schemes. The higher level of
security with slight
performance overhead was
observed.
4) Jian Liu, Kun Huang, We propose a public auditing The concept of
Privacy-Preserving Hong Rong, Huimei scheme for the regenerating- public auditing and
Public Auditing for Wang, and Ming code-based cloud storage. To code regeneration
Regenerating-Code- Xian solve the regeneration has been referred
Based Cloud Storage problem of failed from this paper. We
 authenticators in the absence are also referring
of data owners, we introduce algorithms for
a proxy, which is privileged to auditing from this
regenerate the authenticators, paper.
into the traditional public
auditing system model.
Moreover, we design a novel
public verifiable
authenticator, which is
generated by a couple of keys
and can be regenerated using
partial keys. Thus, our scheme
can completely release data
owners from online burden. In
addition, we randomize the
encode coefficients with a
pseudorandom function to
preserve data privacy.
Extensive security analysis
shows that our scheme is
provable secure under random
oracle model and
experimental evaluation
indicates that our scheme is
highly efficient and can be
feasibly integrated into the
regenerating-code-based
cloud storage.
5) Shristi Sharma File Splitter is a program From this paper we
An Approach For File Shreya Jaiswal which does not require are referring file
Splitting And Priyanka Sharma installation and can be used to fragmentation and
Merging Prof. Deepshikha split files to multiple chunks defragmentation
Patel as well as to merge multiple technique with
Prof. Sweta Gupta chunks into a single file. File algorithms.
Splitter is software which is
used to split the user
specifying file according to
the user specifying size. It is
very difficult to transfer one
big file from one end to
another through any media
like internet or small storage
like Floppy, Pen drive, CD
etc. This software helps to
overcome this problem. The
split portions of file may carry
some temporary information
to denote the number of split
part and total number of parts
etc. This idea is used to split
big files to small pieces for
transferring purpose,
uploading etc. In the
destination side, these parts of
file can be jointed to form the
original source file. Splitting
process is mainly aiming in
the area of file transferring
from one end to another.
SYSTEM ARCHITECTURE
 Fragmentation and allocation
Process
(T-Coloring graph)

Third party auditor Proxy agent

Servlet JSP

Encryption

Fragmentation

Cloud selection Download File

enter no.of O/P File

File I/P fragments and
Upload File

Browser

Figure: - 3 tired cloud architecture

MATHEMATICAL MODEL

S={s, e, X, Y, }
Where,
s = Start of the program.
1. Log in with System.
2. Load File on Cloud Server.
e = End of the program.
Retrieve the useful file from cloud storage.
X = Input of the program.
Input of this system is any file that contains textual or image information.
Y = Output of the program.
First select the file to upload and then send the file to cloud server and Third Party Auditor. After
selecting file it runs fragmentation algorithm and makes fragments of file. After fragmentation
we are encrypting that fragments. After encryption we assign that blocks to the cloud server
nodes. As user requests for downloading if it is valid user he will get file as output.

X, Y U

Let U be the Set of System.

U= {Client, F, TP, A, T}
Where Client, F, R, A, are the elements of the set.
Client=Data Owner, User
F= Fragmentation of file.
TP=Third Party Auditor.
A= Allocating blocks to different nodes on cloud server.
T=T coloring graph concept to allocate fragments.
So this problem is NP Complete.

Space Complexity:
The space complexity depends on Presentation and visualization of discovered patterns. More
the storage of data more is the space complexity.

Time Complexity:
Check No. of patterns available in the datasets= n
If (n>1) then retrieving of information can be time consuming. So the time complexity of this
n
algorithm is O ( n ) .

= Failures and Success conditions.

Failures:
1. Huge database can lead to more time consumption to get the information.
2. Hardware failure.
3. Software failure.

Success:
1. Search the required information from available in Datasets.
2. User gets result very fast according to their needs.

Application:
1) Automatic update mechanism in fragments.
2) Store data in multicloud by fragmenting. (Multicloud)

Algorithms:-

1) Heuristic algorithm of data placement:-

This algorithm is useful for selecting cost efficient cloud server for storing data on cloud.

Input: - File with certain size and read frequency.

Output: -Set of cost efficient cloud server.

2) Fragmentation:-

This algorithm makes the fragments of file with fixed size or variable size.
 Input: - File.

Output: - Fragments of file.

3) Fragment replication:-

After the file is divided into fragments for the security purpose at cloud server we are
making replicas of fragments. This algorithm makes only one replica of every fragment
to store the space and bandwidth.

Input: -File Fragments.

Output: -Replicas of fragments.

4) Fragment Allocation:-

All the fragments of file and its replica we have to store at database and to provide
security we are allocating these fragments and replicas using T-Coloring Graph concept.

Input: -File fragments and its replicas

Output: -Fragments allocated at different nodes.

5) Key Gen: -

This polynomial-time algorithm is run by the data owner to initialize its public and secret
parameters by taking a security parameter as input.

6) Delegation: -
This algorithm represents the interaction between the data owner and proxy. The data
owner delivers partial secret key x to the proxy through a secure approach.

7) Sig And Block Gen: -

This polynomial time algorithm is run by the data owner and takes the secret parameter
and the original file as input, and then outputs a coded block set, an authenticator set and
a file tag.
 8) Audit: -
The cloud servers and TPA interact with one another to take a random sample on the
blocks and check the data intactness in this procedure.

9) Challenge:-
This algorithm is performed by the TPA with the information of the file as input and a
challenge as output.

10) Proof gen: -

This algorithm is run by each cloud server with input challenge, coded block set and
authenticator set then it outputs a proof.

11) Verify: -
This algorithm is run by TPA immediately after a proof is received. Taking the proof,
public parameter and the corresponding challenge C as input, it outputs 1 if the
verification passed and 0 otherwise.

12) Repair: -
In the absence of the data owner, the proxy interacts with the cloud servers during this
procedure to repair the wrong server detected by the auditing process.

13) Claim for Rep:-

This algorithm is similar with the Challenge algorithm in the Audit phase, but outputs a
claim for repair.

14) Gen for Rep:-

The cloud servers run this algorithm upon receiving the and finally output the block and
authenticators set with another two inputs.

15) Block and Sig Re-Gen:-

 The proxy implements this algorithm with the claim and responses from each server as
input, and outputs a new coded block set and authenticator set.

Modules:-
1) Cloud Client:-
Cloud client should be Data owner or Data user.

Data Owner:-

Data owner is responsible for uploading file on cloud as well as view files
uploaded by him or others. Data owner has information about the placed fragment
and its replicas with their node numbers in cloud.

Data User:-

Data user is the one who is responsible for downloading files or view files
uploaded by others. To download file from cloud he has to be authenticated user
otherwise he will be considered as attacker.

2) Cloud Server:-

Fragmentation:-

This module is used for fragmenting the file for security purpose at sever side.
This module runs the Fragmentation algorithm. It has file as input and produces
the file fragments as output.

Replication:-
This module creates replicas (duplicate copy) of fragments. These replicas are
useful when one of fragment is corrupted by attacker then to provide file for user
admin replaces its replica at that place and combine all fragments and send file to
authenticated user or data owner. To make replicas of file fragments this module
 runs replication algorithm which takes input as fragments and produces its
replicas as output.

Allocation:-
After the file is spitted and replicas are generated then we have to allocate that
fragments at cloud server for storing data. While storing or allocating that
fragments we have consider security issues. So we are using T-Coloring Graph
concept for placing fragments at different nodes on cloud server. This module
runs Fragment allocation algorithm which takes input as fragments and produces
the output as fragments allocated with node numbers.

3) TPA: -
TPA stands for Third Party Auditor. Who has expertise and capabilities to conduct public
audits on the coded data in the cloud, the TPA is trusted and its audit result is unbiased for
both data owners and cloud servers. Audit, Challenge and Verify these are the algorithms run
by this module.

4) PA:-
PA stands for Proxy Agent. Who is semi-trusted and acts on behalf of the data owner to
regenerate authenticators and data blocks on the failed servers during the repair procedure.
The data owner is restricted in computational and storage resources compared to other
entities and may becomes off-line even after the data upload procedure. The proxy, who
would always be online, is supposed to be much more powerful than the data owner but less
than the cloud servers in terms of computation and memory capacity. To save resources as
well as the online burden potentially brought by the periodic auditing and accidental
repairing, the data owners resort to the TPA for integrity verification and delegate the
reparation to the proxy.

Advantages:

1) Information is revealed to the attacker

2) No load on single node.
3) No. Of fragments are insert according to user choice.
4) Concept of file fragmentation at user side.

Disadvantage:
1) Some time more than two nodes not working that time user will not get data accurately.

Contribution:

File uploading time add geo location, date and time.

CONCLUSION
We proposed the DROPS methodology, a cloud storage security scheme that collectively deals
with the security and performance in terms of retrieval time. The data file was fragmented and
the fragments are dispersed over multiple nodes. The nodes were separated by means of T-
coloring. The fragmentation and dispersal ensured that no significant information was obtainable
by an adversary in case of a successful attack. No node in the cloud, stored more than a single
fragment of the same file. The performance of the DROPS methodology was compared with full-
scale replication techniques. The results of the simulations revealed that the simultaneous focus
on the security and performance resulted in increased security level of data accompanied by a
slight performance drop.