ppt
TRANSCRIPT
Auditing to Keep Online Storage Services Honest
Mehul A. Shah, Mary Baker, Jeffrey C. Mogul, Ram Swaminathan
BYVISHAL VERMA1ST08CS116
SEMINAR GUIDESREEJA E.M.
INDEX MEANING CLOUD COMPUTING ARCHITECTURE INTRODUCTION AN EXAMPLE THIRD PARTY AUDITOR (TPA) SYSTEM AND THREAT MODEL A NOTE ON AUDITING INTERNAL VS. EXTERNAL AUDITING THREATS FOR AUDITS DESIRABLE PROPERTIES IMPLEMENTATION CONCLUSION
What the title actually means?
AUDITING TO KEEP ONLINE STORAGE SERVICES HONEST
AUDITING-:The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. Ex-TAX AUDITS,
ONLINE STORAGE SERVICES-:It allows users
to store data online.Ex- dropbox,skydrive,Google
docs, adrive..
CLOUD COMPUTING• What is a Cloud computing?
Cloud computing is Internet ("CLOUD-") based development and use of computer technology ("COMPUTING")
Cloud computing is a general term for anything that involves delivering hosted services over the Internet.
The term "cloud" is used as a metaphor for the Internet
Architecture
INTRODUCTION• With cloud computing, users can remotely
store their data into the cloud and use on-demand high-quality applications
• When users put their data on the cloud, the data integrity protection is challenging
• Enabling public audit for cloud data storage security is important
• Users can ask an external audit party to check the integrity of their outsourced data
AN EXAMPLE
PHOTOBUCKETOSP
Alice
MiniFile Inc.Bangalore, India
BobLiverpool, UK
Peer-to-peernetwork
My
Wedding
Photos!
One day, Alice’s machine crashes, so she contacts PHOTOBUCKET
THIS IS WHAT SHE SEE’S
• Cloud computing gives flexibility to users• Users pay as much as they use• Users don’t need to set up the large computers• Operation is managed by the Cloud Service
Provider (CSP)• The user give their data to CSP,CSP has control
on the data• The user needs to make sure the data is correct
on the cloud• Internal (some employee at CSP) and external
(hackers) threats for data integrity
• How to efficiently verify the correctness of outsourced data?–Simply downloading the data by the
user is not practical• TPA can do it and provide an audit
report• TPA should not read the data content• TPA should not disclose Customers
info..
OBJECTIVES
System and Threat Model• USER: Cloud user has a large amount of data files to
store in the cloud• CLOUD SERVER: Cloud server which is managed by
the CSP has significant data storage and computing power.
• TPA: Third party auditor has expertise and capabilities that User and CSP don’t have. TPA is trusted to assess the CSP’s storage security upon request from USER.
A note on auditingWhat is auditing?
• The general definition of an audit is an evaluation of a
person, organization, system, process, enterprise, project
or product.
• Third-party auditing is an accepted method for
establishing trust between business and its data.
• Auditors assess and expose risk, enabling customers to
choose rationally between competing services.
Internal vs. external auditing• Internal audits evaluate the
structure and processes within a service to ensure that the service can continue to meet its objectives (SLAs)
• External audits evaluate the quality of service through externally available interfaces
• We need both internal and external audits of OSPs.
Threats for audits
• Latent faults: Many potential sources of data corruption are not immediately visible.
• Correlated faults: Correlated failures increase the risk of data loss.
• Recovery faults: Data is often more insecure to corruption and loss during recovery procedures.
Desirable properties for both internal and external audits
• Establish standards for comparison.
• Minimize auditing cost.
• Protect customer data privacy.
• Audit results must be trustworthy.
IMPLEMENTATION
EXTRACTION
For extraction, the auditor assists in returning the encrypted data and key to the customer
VERIFICATIONDuring verification, the auditor must check that (a) the encrypted data is unchanged and (b) the encryption key is unchanged.
INITIALIZATIONDuring initialization, the storage service commits to storing the key, and encrypted data, after receiving these items from the
customer.
Conclusion
• Our protocols detect data loss and are not vulnerable to a cheating storage service.
• In this paper, we motivate the need for auditing to support an online service-oriented economy. We highlight issues around both internal and external auditing and detail ways of auditing online storage services.
ADVANTAGE & DISADVANTAGE
Scalability, Flexibility, Security, Reduction of hardware costs.
Auditing of OSPs is not feasible yet. First, customers are not yet sophisticated enough to demand risk assessment. Second, OSPs do not yet provide support for third-party audits.