public auditing for secure cloud storage

42
PUBLIC AUDITING FOR SECURE CLOUD STORAGE Anand K Menon[MTALECS004 ] Bharath Chandran Nair[MTALECS015] Godwin C Antony[MTALECS025] Eighth semester B.Tech CSE, Department of Computer Science, Met’s School of Engineering,Mala, Under the Guidance of Miss.Asha S Assistant Professor, Dept. of CSE, Met’s School of Engineering,Mala

Upload: bharath-nair

Post on 15-Apr-2017

298 views

Category:

Engineering


5 download

TRANSCRIPT

Page 1: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

PUBLIC AUDITING

FOR SECURE CLOUD STORAGE

Anand K Menon[MTALECS004 ]Bharath Chandran Nair[MTALECS015]

Godwin C Antony[MTALECS025]Eighth semester B.Tech CSE, Department of Computer Science,

Met’s School of Engineering,Mala,

Under the Guidance ofMiss.Asha S

Assistant Professor, Dept. of CSE, Met’s School of Engineering,Mala

Page 2: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

OUTLINE OF THE PRESENTATION

o OBJECTIVE

o INTRODUCTION

o LITERATURE SURVEY

o EXISTING METHODo PROBLEM DESCRIPTION

o BLOCK DIAGRAM

o PROPOSED METHOD

o APPLICATIONSo RESULT AND DISCUSSION OF BASE PAPER

o EXECUTION TOOLS

o CONCLUSION

o REFERENCES

Page 3: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

OBJECTIVE The objective of the system is to develop a

system that would enable the cloud users to have control over their data so that they can ensure that their data is secured and not corrupted.

It provides security to the users data by encrypting the data and splitting up the file into small blocks for storage.

Auditing the cloud storage without demanding a local copy of data enables more efficiency.

Page 4: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

INTRODUCTION Cloud computing customers do not own a physical

infrastructure; rather they rent the usage from a third party provider.

They consume resources as a service and pay only for resources that they use.

Cloud computing comes in three forms: public clouds, private clouds, and hybrids clouds.

Public clouds offer the greatest level of efficiency in shared resources but are more vulnerable.

Private clouds offer the greatest level of security and control, but they require the company to still purchase and maintain all the software and infrastructure.

Hybrid cloud includes both public and private options.The downside is that we have to keep track of multiple different security platforms.

Page 5: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Cloud computing provides on demand self services,location independent resource pooling,rapid resource elasticity,usage based pricing etc..

Challenge faced is security threats towards users outsourced data.

Here the correctness of user data in the cloud is put at risk.

CSP might reclaim storage for monetary reasons by discarding rarely accesed data or even hiding data corruption due to server hacks over byzantine failures.

Page 6: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

LITERATURE REVIEWSL .NO

AUTHOR YEAR TITLE DESCRIPTION

1 P. Mell and T. Grance

June 2009 DraftNISTworking definitionofcloud computing

Subscribers should identify the specific resources that are suitable for migrating data into and out of clouds. Resources could be services such as: (1) email, (2) data repositories such as shared documents, or (3) systems that run in virtualized environments.

2 M. Arrington December 2006

Gmail disaster: Reports of mass emaildeletions

Cloud Computing provides convenient on demand network access to a shared pool of configurable computing resources that can be rapidly deployed with the great efficiency and minimal management overhead.

3 J. Kincaid December 2006.

MediaMax/TheLinkup Closes Its Doors

To achieve the assurances of cloud data integrity and availability and enforce the quality of dependable cloud storage service for users, To propose an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append.

Page 7: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

LITERATURE REVIEWSL .NO

AUTHOR YEAR TITLE DESCRIPTION

4 M.A.Shah,R.Swaminathan, and M. Baker

Oct. 2008

Privacy-preserving audit and extraction of digital contents

A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to charge users for their storage. Customers often use these services to store valuable data such as email, family photos and videos, and disk backups. Today, a customer must entirely trust such external services to maintain the integrity of hosted data and return it intact.

5 Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou

Sep. 2009

Enabling publicverifiability and data dynamics for storage security in cloud computing

Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy.

6 G. Ateniese, S. Kamara, and J. Katz

2009 Proofs of storage fromhomomorphic identification protocols

Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where `tags' on multiple messages can be homomorphically combined to yield a `tag' on any linear combination of these messages.

Page 8: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

8

BASIC SCHEME 1

MAC

key

File block

code

Message Authentication Code (MAC)

Block 1 Block nBlock 2 …

File is divided into blocks

Cloud

user

TPA

Block 1 Block n…Block 2

code 1 code n…code 2

-User computes the MAC of every file block-Transfers the file blocks & codes to cloud-Shares the key with TPA

Audit-TPA demands a random number of blocks and their code from CSP-TPA uses the key to verify the correctness of the file blocks

Drawbacks: -The audit demands retrieval of user’s data; this is not privacy-preserving-Communication and computation complexity are linear with the sample size

EXISTING METHOD

Page 9: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

9

BASIC SCHEME 2

Block 1 Block n…Block 2

code 1 code n…code 2

code 1 code n…code 2

code 1 code n…code 2

Key 1

Key 2

Key s…

user

CloudTPA

Block 1 Block m…Block 2

Setup-User uses s keys and computes the MAC for blocks-User shares the keys and MACs with TPA

Audit-TPA gives a key (one of the s keys) to CSP and requests MACs for the blocks-TPA compares with the MACs at the TPA-Improvement from Scheme 1: TPA doesn’t see the data, preserves privacy-Drawback: a key can be used once.-The TPA has to keep a state; remembering which key has been used-Schemes 1 & 2 are good for static data (data doesn’t change at the cloud)

Page 10: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

PROBLEM DESCRIPTION Audit cloud storage demanding local copy of

data. Violates the privacy-preserving guarantee. Large communication overhead and time delay. Band-width available between the TPA and the

cloud server is limited. Auditor can modify user data. Copy of user data on auditing side. No data control on user side. The number of times a particular data file can

be audited is limited by the number of secret key.

Page 11: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

BLOCK DIAGRAMU: cloud user has a large amount of data files to store in the cloudCS: cloud server which is managed by the CSP and has significant data storage and computing power (CS and CSP are the same in this paper)TPA: third party auditor has expertise and capabilities that U and CSP don’t have. TPA is trusted to assess the CSP’s storage security upon request from U

Page 12: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Setup & audit phases of public auditing scheme.

Page 13: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Consists of four algorithms (KeyGen, SigGen, GenProof, VerifyProof)

KeyGen: key generation algorithm that is run by the user

SigGen: used by the user to generate verification metadata, which may consist of MAC, signatures or other information used for auditing

GenProof: run by the cloud server to generate a proof of data storage correctness

VerifyProof: run by the TPA to audit the proof from the cloud server

Page 14: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

14

user KeyGen

Public key (sk)&Secret key (pk)

Setup

SigGenuserskBlock 1 Block 2 Block n…

σ1 …σ2 σn

Block 1 Block n…Block 2

σ1 … σnσ2

1- User generates public and secret

parameters

2- A code is generated for each file block

3- The file blocks and their codes are transmitted to the

cloudAudit

-TPA sends a challenge message to CSP-It contains the position of the blocks that will be checked in this audit

GenProofCSP

Selected blocks in challenge

Aggregate authenticator

-CSP also makes a linear combination of selected blocks and applies a mask. Separate PRF key for each auditing.-CSP send aggregate authenticator & masked combination of blocks to TPA

VerifyProofTPA

Masked linear combination of requested blocks

Aggregate authenticator

Compare the obtained Aggregate authenticator to the one received from CSP

Page 15: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

PROPOSED METHOD Public auditing scheme which provides a

complete outsourcing solution of data– not only the data itself, but also its integrity checking

System consist of client and server side application and website.

Effectively audit cloud storage without demanding local copy of data.

Extensive security and performance analysis shows provably secure and highly efficient.

Data conrtol in the hands of users only.

Page 16: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

APPLICATIONS

Used in applications that require public auditing. Can be used for batch auditing. Application that ensures storage correctness.

Page 17: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

SEQUENCE DIAGRAMSLogin Process

Page 18: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Uploading a file

Page 19: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Viewing File

Page 20: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Checking the Security Status

Page 21: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

DFDCLIENT MODULE:

Page 22: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 23: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

TPA MODULE (THIRD PARTY AUDITOR):

Page 24: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 25: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

CSP MODULE (CLOUD SERVICE PROVIDER):

Page 26: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 27: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 28: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

DISCUSSION OF BASE PAPERObjective of the Project The objective of the system is to develop a

system that would enable the cloud users to have control over their data so that they can ensure that their data is secured and not corrupted.

Scope of the Project “ Trusted Cloud Services” provides a security

solution to the cloud users. It ensures that the data of the users that have been stored in a remote server is secured and controlled.

Page 29: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

Constraints Only the registered users will be authorized to

use the service. A trustworthy TPA is required to audit the

storage.Assumptions and dependencies The project will not change in scope The resources identified will be available upon

request Approved funding will be available upon request Only the registered users can access the Website Roles and tasks are predefined.

Page 30: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

EXECUTION TOOLS

Hardware Requirements Intel Pentium dual core processor or above 1 GB RAM 200 GB HDD Other standard peripherals

Software Requirements Operating system : windows XP Tool: Netbeans IDE 6.1 Programming Package : Jdk.5.0 Database :MySQL Server :Glassfish v2

Page 31: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

CONCLUSION The aim of the project is to develop a system

that would enable the cloud users to have control over their data so that they can ensure that their data is secured .

They can know whether there is any data loss or corruption by logging into the website.

TPA would not learn any knowledge about thedata content stored on the cloud server during the efficient auditing process.

TPA can perform multiple auditing tasks in a batch manner for better efficiency.

Schemes are provably secure and highly efficient.

Page 32: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 33: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 34: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 35: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 36: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 37: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 38: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 39: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 40: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE
Page 41: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

REFERENCE P. Mell and T. Grance, “Draft NIST working definition of cloud

computing,” Referenced on June. 3rd, 2009 Online at http://csrc.nist.gov/groups/SNS/cloud-computing/index.

html, 2009. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz,

A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud

computing,” University of California, Berkeley, Tech. M. Arrington, “Gmail disaster: Reports of mass email

deletions,” Online at http://www.techcrunch.com/2006/12/28/gmail-disasterreports-of-mass-email-deletions/,December 2006.

J. Kincaid, “MediaMax/TheLinkup Closes Its Doors,” Online at http://www.techcrunch.com/2008/07/10/ mediamaxthelinkup-closes-its-doors/, July 2008.

Amazon.com, “Amazon s3 availability event: July 20, 2008,” Online at http://status.aws.amazon.com/s3-20080720.html,2008.

Page 42: PUBLIC AUDITING              FOR SECURE CLOUD STORAGE

S. Wilson, “Appengine outage,” Online at http://www.cio-weblog.com/50226711/appengine outage.php, June 2008.

B. Krebs, “Payment Processor Breach May Be Largest Ever,”, Jan. 2009.

G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proc. of CCS’07, Alexandria, VA, October 2007, pp. 598–609.

M. A. Shah, R. Swaminathan, and M. Baker, “Privacypreservingaudit and extraction of digital contents,” Cryptology Print Archive, Report 2008/186, 2008.

Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public verifiability and data dynamics for storage security in cloud computing,” in Proc. of ESORICS’09, volume 5789 of LNCS. Springer-Verlag, Sep. 2009, pp. 355–370.