security in cloud computing
TRANSCRIPT
VEENA VENUGOPALM.Sc. CS
DEPARTMENT OF COMPUTER SCIENCEUNIVERSITY OF KERALAKARIAVATTOM CAMPUS
What is Cloud Computing ?
What are the benefits of cloud computing ?
VIDEO
Cloud security
4 / 30Cloud Security 19th October 2015
Currently there is an increasing trend in outsourcing data to remote cloud…
Cloud service providers
Offers huge storage space with low costReduce the maintenance and burden of local data storage
Cloud security
Cloud Security 5 / 30 19th October 2015
Cloud security
Cloud Security 6 / 30 19th October 2015
Cloud security
Cloud Security
Threats in cloud data storage
The cloud service provider intentionally hide data loss.The malicious cloud service provider might delete some data or obtain all the information and sell it to others. An attacker who intercepts can capture sensitive information such as business secrets, client details etc.
7 / 30 19th October 2015
Cloud security
Cloud Security
Existing protocols Does not support both confidentiality and integrity issues.
Dynamic scalability of data is not possible – modification, insertion and deletion of data blocks.
All the existing protocols are unable to provide strong security assurance to users. 8 / 30 19th October 2015
Cloud security
Cloud Security
Proposed protocol
An Efficient & Secure Protocol for Data Storage
Security in Cloud Computing
9 / 30 19th October 2015
Cloud security
Cloud Security
Steps :- User encrypts data to ensure confidentiality.
Compute metadata over encrypted data
Later the verifier can use remote data integrity checking to verify the integrity
10 / 30 19th October 2015
Cloud security
Cloud Security
System modelThe cloud data storage model considering here consisting of 3 main components :Cloud user : An individual or an organization storing their data in cloud and accessing the dataCloud Service Provider(CSP) : The organization who manages cloud servers and provides a paid storage on its infrastructure to users as service.
Third Party Auditor(TPA) : The verifier who has expertise and capabilities to verify the integrity of outsourced data as per the instruction of the user.
11 / 30 19th October 2015
Cloud security
Cloud Security
Efficient & Secure Storage Protocol
The protocol consists of 3 phases :
12 / 30 19th October 2015
Cloud security
Cloud Security
Setup
13 / 30 19th October 2015
Cloud security
Cloud Security
KeyGen:In this phase, the user generates private key and public key pair. The user chooses two large primes p and q of size k .Then compute
n=pq andNn =lcm (p+1, q+1).
b is a randomly chosen integer such that gcd(b, n)=1. It outputs public key PK= {b, n, p} and private key PR ={ Nn }.
14 / 30 19th October 2015
Cloud security
Cloud Security
Encryption:
To ensure the confidentiality of data, the file F is divided into n equal sized data blocks and encrypt them:
F = {m1, m2 ,...mn} = {mi }1 ≤i≤n
F’ m i='=mi + fk (s)
where s is random of size l.
15 / 30 19th October 2015
Cloud security
Cloud Security
MetadataGen:
After encrypting the data, the user computes a metadata over encrypted data to verify the integrity of data, which takes m'i, public key and private key as inputs and produce metadata as output After computation of metadata, the user sends metadata, public key to the TPA for later verification and sends file F' to cloud servers for storage.
16 / 30 19th October 2015
Cloud security
Cloud Security
Verification
17 / 30 19th October 2015
Cloud security
Cloud Security
Challenge:
The verifier creates a challenge text by taking inputs public key and random values.
For each data block challenge text is created, then combined together and send.
18 / 30 19th October 2015
Cloud security
Cloud Security
ProofGen:
Upon receiving the challenge from the verifier, the server computes a response as integrity proof using the following steps, it takes encrypted data m'i, challenge chal as inputs and produce response R as output
19 / 30 19th October 2015
Cloud security
Cloud Security
Check proof:
After receiving a response from the server, the verifier checks the integrity using the steps, it takes public key pk, challenge query chal, and proof R as inputs and return output.
If response is valid, then it returns 1 otherwise 0.
20 / 30 19th October 2015
Cloud security
Cloud Security
Dynamic data operation & VerificationThe proposed scheme also supports dynamic
data operations at block level while maintaining same security assurance, such as Block Modification (BM), Block Insertion (BI) and Block Deletion (BD). These operations are performed by the server based on the user request. The parameter j indicates the particular block to be updated and m*i is the new block.In order to update data in cloud, the user creates a request and sends to the server. Upon receiving an update request from the user, the server performs the particular update operation (modification/insert/delete). 21 / 30 19th October 2015
Cloud security
Cloud Security
Block modification:
Data modification is one of the frequently used operations in cloud data storage. Suppose, the user wants to modify the block mj with m'i, then the user runs the steps to do the following:
Create a new block mj Encrypt the new block Compute the new metadata Create update request and sends to the server. The Metadata sends to TPA for later verification
22 / 30 19th October 2015
Cloud security
Cloud Security
Block insertion:
To perform an insertion of a new block m* after position j in a file, the user runs the following:
Create a new block m*j Encrypt the new block Compute the new metadata Create update request and sends to the server. The Metadata sends to TPA for later verification
23 / 30 19th October 2015
Cloud security
Cloud Security
Block deletion:Suppose the user want to delete a specific data block at position j from file F’
Create delete request (BD,j) and sends to the server.
Send request to TPA to delete corresponding metadata.
Server and TPA deletes the corresponding block from the file. 24 / 30 19th October 2015
Cloud security
Cloud Security
Verification:To ensure the security of dynamic data operations, the user verifies the integrity of updated block immediately after updating as follows: The user challenges the server immediately for the proof of update operation Upon receiving a request from the user, the server computes a response for updated block and returns to the user After receiving an update response from the server, the user verifies whether response is matched with metadata of particular block by running algorithm, if it returns true, server has been updated data successfully otherwise not.
25 / 30 19th October 2015
Cloud security
Cloud Security
Advantages It should detect all data corruption if anybody deletes or modifies the data in cloud storage
The scheme achieves confidentiality of data
It is efficient in terms of computation, storage because its key size is less compared to RSA based solutions.
This protocol supports public verifiability and dynamic data operations such as modification, insertion and deletion
26 / 30 19th October 2015
Cloud security
Cloud Security
CONCLUSIONThe proposed protocol is mainly suitable for thin users who have less resources and limited computing capability
The method satisfies all security and performance requirements of cloud data storage
It also supports public verifiability that enables TPA to verify the integrity of data without retrieving original data from the server
The scheme also supports dynamic data operations
27 / 30 19th October 2015
Cloud Security
• Introduction to Cloud Computing , Prof. Yeh-Ching Chung, http://cs5421.sslab.cs.nthu.edu.tw/home/Materials/Lecture2 -IntroductiontoCloudComputing.pdf?attredirects=0&d=1
• NIST (National Institute of Standards and Technology). http://csrc.nist.gov/groups/SNS/cloud-computing/
• M. Armbrust et. al., “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report No. UCB/EECS-2009-28, University of California at Berkeley, 2009.
• R. Buyya et. al., “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility,” Future Generation Computer Systems, 2009.
• Cloud Computing Explained. http://www.andyharjanto.com/2009/11/wanted-cloud-computing-explained-in.html
• From Wikipedia, the free encyclopedia• “An Efficient and secure protocol for Ensuring Data Storage Security in Cloud Computing” -
International journal of Computer Science Issues ,by Syam kumar P, Subramanian R
BIBLIOGRAPHY
28 / 30 19th October 2015
Cloud security
Cloud Security
Any Questions
?
29 / 30 19th October 2015
Cloud security
Cloud Security
Thank you all…
30 / 30 19th October 2015