Ijcet: International Journal of Computer Engineering & Technology (Ijcet)

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 5, Issue 3, March (2014), pp. 174-183 IAEME
174

PUBLIC AUDITING IN SECURE CLOUD STORAGE

Ali Sami Azeez

Technical College of Management / Baghdad / Foundation of Technical Education
Baghdad, Iraq
Dept. of Computer Science / Yashwantrao Mohite college of Arts, Science and Commerce
Bharati Vidyapeeth University, Pune, India

I. ABSTRACT

Cloud computing is the technology which enables obtaining resources like so services,
software, hardware over the internet. With cloud storage users can store their data remotely and
enjoy on-demand services and application from the configurable resources. The cloud data storage
has many benefits over local data storage. Users should be able to just use the cloud storage as if it is
local, without worrying about the need to verify its integrity. The problem is that ensuring data
security and integrity of data of user. Sohere, I am going to have public audit ability for cloud storage
that users can resort to a third-party auditor (TPA) to check the integrity of data. This paper gives the
various issues related to privacy while storing the users data to the cloud storage during the TPA
auditing. Without appropriate security and privacy solutions designed for clouds this computing
paradigm could become a big failure. I am a giving privacy-preserving public auditing using ring
signature process for secure cloud storage system. This paper is going to analyze various techniques
to solve these issues and to provide the privacy and security to the data in cloud

Index Terms: Cloud Computing, Data Storage, Privacy-Preserving, Security, Integrity.

II. INTRODUCTION

Cloud computing is widely developed technology used in IT industries which provide
services like resources, network access, infrastructure, platform, and rapid resource elasticity as per
user require. In cloud computing the data of user is centralized to the cloud. The user can access the
services anytime, anywhere with having internet connection. NIST defines cloud computing as:
Cloud computing is a model for enabling convenient, on- demand network access to a shared pool
of configurable computing resources (e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal management effort or service provider
interaction.[1]
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
TECHNOLOGY (IJCET)

ISSN 0976 6367(Print)
ISSN 0976 6375(Online)
Volume 5, Issue 3, March (2014), pp. 174-183
IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2014): 8.5328 (Calculated by GISI)
www.jifactor.com

IJCET

I A E M E

175

Cloud storage is a prototype of networked online storage in which the data is stored in
virtualized pools of storage that are generally given by the TPA. Cloud storage enables data stored
remotely to be temporarily cached on desktop computers, mobile phones or other internet devices.
The IT industries, individuals which are storing their data to the cloud in flexible manner, having
some benefits like avoidance of capital expenditure on personal maintenances, hardware, software,
relief of online burden of data storage [2].
Many users from remote location use services continuously so there may arise some issues
like privacy, security, data integrity, dynamic updates. Every time it is not possible for user to check
the data is being consistent which is stored on cloud storage. So user always wants to maintain data
integrity and privacy. Cloud service providers are the separate entities that store data and provide
services to the user. But user does not know that the cloud service providers can misuse their data,
and correctness of data put on risk [4]. The cloud server stores large amount of data which does not
offer guarantee on data integrity and consistency. This problem is addressed and solved by giving
public auditing for secure cloud.
To ensure the data integrity and to reduce online burden it is important to enable public
auditing service for cloud storage, so that user may resort to third-party auditor (TPA) to audit the
data. The TPA who has capabilities and expertise that can periodically check the integrity of the data
stored in cloud. The user does not have the capabilities that the TPA has. The TPA checks the
correctness of data stored in cloud on behalf of user and maintains the integrity of the data.
Enablingpublic auditing service will play an important role for privacy data security & minimizing
the data risk from hackers. The TPA is the external party which can also view the data stored on
cloud hence does not give the guarantee of data privacy.
As users no longer physically possess the storage of their data, traditional cryptographic
primitives for the purpose of data security protection cannot be directly adopted, In particular, simply
downloading all the data for its integrity verification is not a practical solution due to the
expensiveness in I/O and transmission cost across the network. Besides, it is often insufficient to
detect the data corruption only when accessing the data, as it does not give users correctness
assurance for those unaccessed data and might be too late to recover the data loss or damage.
Considering the large size of the outsourced data and the users constrained resource capability, the
tasks of auditing the data correctness in a cloud environment can be formidable and expensive for the
cloud users.
The aggregation and algebraic properties of the authenticator further benefit my design for
the batch auditing. Specifically, my contribution can be summarized as the following three aspects:

1) I motivate the public auditing system of data storage security in Cloud Computing and provide
a privacy-preserving auditing protocol, i.e., my scheme enables an external auditor to audit
users outsourced data in the cloud without learning the data content.
2) To the best of my knowledge, my scheme is, first to support scalable and efficient public
auditing in the Cloud Computing. Specifically, my scheme achieves batch auditing where
multiple delegated auditing tasks from different users can be performed simultaneously by the
TPA.
3) I prove the security and justify the performance of my proposed schemes through concrete
experiments and comparisons with the state-of-the-art.

One of the next generations IT Enterprise is Cloud Computing which moves the application
software and databases to the centralized large data centers, where the management of the data and
services may not be fully trustworthy. Several trends are opening up the era of Cloud Computing,
which is an Internet-based development and use of computer technology. The ever cheaper and more
powerful processors, together with the software as a service (SaaS) computing architecture, are
176

transforming data centers into pools of computing service on a huge scale. Meanwhile, the increasing
network bandwidth and reliable yet flexible network connections make it even possible that clients
can now subscribe high quality services from data and software that reside solely on remote data
centers. Although envisioned as a promising service platform for the Internet, the new data storage
paradigm in Cloud brings about many challenging design issues which have profound influence on
the security and performance of the overall system. One of the biggest concerns with cloud data
storage is that of data integrity verification at untrusted servers. What is more serious is that for
saving money and storage space the service provider might neglect to keep or deliberately delete
rarely accessed data files which belong to an ordinary client. Consider the large size of the
outsourced electronic data and the clients constrained resource capability, the core of the problem
can be generalized as to how the client can find an efficient way to perform periodical integrity
verifications without the local copy of data files. Considering the role of the verifier in the model, all
the schemes presented before fall into two categories: private audit ability and public audit ability,
Although schemes with private audit ability can achieve higher scheme efficiency, public auditability
allows anyone, not just the client (data owner), to challenge the cloud server for correctness of data
storage while keeping no private information. Then, clients are able to delegate the evaluation of the
service performance to an independent third party auditor (TPA), without devotion of their
computation resources. In the cloud, the clients themselves are unreliable or may not be able to
afford the overhead of performing frequent integrity checks.
In the following section III I will discuss the different types along with their advantages and
disadvantages. Section IV presents the proposed approach.

III. LITERATURE REVIEW

Recently, much of growing interest has been pursued in the context of remotely stored data
verification. Ateniese et al. [1] are the first to consider public auditability in their defined provable
data possession (PDP) model for ensuring possession of files on untrusted storages. In their scheme,
utilize RSA based homomorphic tags for auditing outsourced data, thus public auditability is
achieved. However, Ateniese et al. do not consider the case of dynamic data storage, and the direct
extension of their scheme from static data storage to dynamic case may suffer design and security
problems. In their subsequent work [2], Ateniese et al. propose a dynamic version of the prior PDP
scheme. However, the system imposes a priority bound on the number of queries and does not
support fully dynamic data operations, i.e., it only allows very basic block operations with limited
functionality, and block insertions cannot be supported. In [20], Wang et al. consider dynamic data
storage in a distributed scenario, and the proposed challenge-response protocol can both determine
the data correctness and locate possible errors. Similar to [2], they only consider partial support for
dynamic data operation. Juels et al. [10] describe a proof of retrievability (PoR) model, where
spot-checking and error-correcting codes are used to ensure both possession and retrievability of
data files on archive service systems. Specifically, some special blocks called sentinels are
randomly embedded into the data file F for detection purpose, and F is further encrypted to protect
the positions of these special blocks. However, like [2], the number of queries a client can perform is
also a fixed priori, and the introduction of precomputed sentinels prevents the development of
realizing dynamic data updates.
In addition, public auditability is not supported in their scheme. Shacham et al. [16] design an
improved PoR scheme with full proofs of security in the security model defined in [10].
They use publicly verifiable homomorphic authenticators built from BLS signatures [4],
based on which the proofs can be aggregated into a small authenticator value, and public
retrievability is achieved. Still, the authors only consider static data files. Erway et al. [9] was the
first to explore constructions for dynamic provable data possession. They extend the PDP model in
177

[1] to support provable updates to stored data files using rank-based authenticated skip lists. The
scheme is essentially a fully dynamic version of the PDP solution. To support updates, especially for
block insertion, they eliminate the index information in the tag computation in Atenieses PDP
model [1] and employ authenticated skip list data structure to authenticate the tag information of
challenged or updated blocks first before the verification procedure. However, the efficiency of their
scheme remains unclear. Although the existing schemes aim at providing integrity verification for
different data storage systems, the problem of supporting both public auditability and data dynamics
has not been fully addressed, How to achieve a secure and efficient design to seamlessly integrate
these two important components for data storage service remains an open challenging task in Cloud
Computing. Two basic solutions (i.e., the MAC-based and signature based schemes) for realizing
data audit ability and discuss their demerits in supporting public audit ability and data dynamics.
Secondly, generalize the support of data dynamics to both proof of retrievability (PoR) and provable
data possession (PDP) models and discuss the impact of dynamic data operations on the overall
system efficiency both.
In particular, emphasize that while dynamic data updates can be performed efficiently in PDP
models more efficient protocols need to be designed for the update of the encoded files in PoR
models.

IV. PROPOSED ALGORITHM

4.1 Problem description
The entities in the proposed network are client, cloud storage server and third party auditor.
Client is an individual or organization who depends on cloud service provider for storing data files
and maintaining them. The cloud storage server is having lot of storage space and computational
resources. It is maintained by cloud service provider. Third party auditor is trusted and has
capabilities of auditing the clients data on demand.

Figure 1: Proposed Architecture

As it can be seen in fig. 1, it is evident that clients store their data into cloud storage servers
provided by cloud service provider. This model assumes two things. They are a) the cloud data
provider may delete files of client. B) Cloud data provider may hide potential problems in the data
center. Keeping these assumptions in mind, the mechanisms in the proposed system are designed.
178

4.2 Proposed Work
In this paper, I have presented a framework and an efficient construction for seamless
integration of these two components in the protocol design. My contribution can be summarized as
follows:

(1) I propose a general formal PoR model with public verifiability for cloud data storage, in which
block less verification is achieved;
(2) I equip the proposed PoR construction with the function of supporting for fully dynamic data
operations, especially to support block insertion, which is missing in most existing schemes;
(3) I prove the security of my proposed construction and justify the performance of my scheme
through concrete implementation and comparisons with the state-of-the-art.
(4) I improve the existing proof of storage models by manipulating the classic Merkle Hash Tree
construction for block tag authentication to achieve efficient data dynamics.
(5) I further explore the technique of bilinear aggregate signature to extend my main result into a
multiuser setting, where TPA can perform multiple auditing tasks simultaneously.
(6) Extensive security and performance analysis show that the proposed scheme is highly efficient
and provably secure.

4.3 Approach
I enhance the scheme with explicit and efficient dynamic data operations for data storage
security in Cloud Computing. Therefore, it is crucial to consider the dynamic case, where a user may
wish to perform various block-level operations of update, delete and append to modify the data file
while maintaining the storage correctness assurance. The straightforward and trivial way to support
these operations is for user to download all the data from the cloud servers and re-compute the whole
parity blocks as well as verification tokens.

A. Update Operation
In cloud data storage, sometimes the user may need to modify some data block(s) stored in
the cloud, from its current value fij to a new one, fij + fij. I refer this operation as data update.

B. Delete Operation
Sometimes, after being stored in the cloud, certain data blocks may need to be deleted. The
delete operation I am considering is a general one, in which user replaces the data block with zero or
some special reserved data symbol. From this point of view, the delete operation is actually a special
case of the data update operation, where the original data blocks can be replaced with zeros or some
predetermined special blocks.

C. Append Operation
The user may want to increase the size of his stored data by adding blocks at the end of the
data file, which I refer as data append. I anticipate that the most frequent append operation in cloud
data storage is bulk append, in which the user needs to upload a large number of blocks (not a single
block) at one time.
Dynamic operations are performed by constructing the matrix, where 0s indicate the blocks I
need to change and 1s indicate the unchanged blocks [8]. I create a cloud environment where user,
TPA and cloud server are connected each other. In public auditing system, the correctness of the data
is checked by keygen, sagging, gen proof and verifies proof algorithms. Homomorphism
authenticator with random masking is used to achieve privacy preserving auditing scheme. The
technique of bi-linear aggregate signature is used to achieve batch auditing. In cloud, the data does
not remain static. I enhance the system with explicit dynamic operations in data blocks.
179

4.4 Algorithms
4.4.1 Algorithm for Data Integrity Verification

1. Start
2. TPA generates a random set
3. CSS computes root hash code based on the filename/blocks input
4. CSS computes the originally stored value
5. TPA decrypts the given content and compares with generated root hash
6. After verification, the TPA can determine whether the integrity is breached.
7. Stop

4.4.2 Algorithm for Updating and Deleting Data Present in CSS

1. Start
2. Client generates new Hash for tree then sends it to CSS
3. CSS updates F and computes new R
4. Client computes R
5. Client verifies signature. If it fails output is FALSE
6. Compute new R and verify the update and
7. Stop

4.5. System design
4.5.1 Design Goals
My design goals can be summarized as the following:

(1) Public verification for storage correctness assurance: to allow anyone, not just the clients who
originally stored the file on cloud servers, to have the capability to verify the correctness of the
stored data on demand;
(2) Dynamic data operation support: to allow the clients to perform block-level operations on the
data files while maintaining the same level of data correctness assurance. The design should
be as efficient as possible so as to ensure the seamless integration of public verifiability and
dynamic data operation support;
(3) Blockless verification: no challenged file blocks should be retrieved by the verifier (e.g., TPA)
during verification process for both efficiency and security concerns.
(4) Stateless verification: to eliminate the need for state information maintenance at the verifier
side between audits throughout the long term of data storage.
(5) Multi-User Support by TPA.

4.5.2 System Major Operations
4.5.2.1 Security Analysis
The proposed system enables public audit ability without need for retrieving data blocks of a
file. Towards this homomorphic authenticator technique [1] [3] is used. There is the unforgivable
metadata generator computed from individual data blocks. In the proposed work two authenticators
such as BLS signature [3] and RSA signature based authenticator. The security mechanism is further
described here. The procedure of protocol is divided into setup, default integration verification and
dynamic data operation with integrity assurance. In the last step, data modification, data insertion,
and data deletion are a part. Later on, batch processing with multi client data is also discussed here.

180

4.5.2.2 Setup
In this phase KeyGen () method is invoked to generate public key and private key. SigGen()
is meant for pre-processing and homomorphic authenticators and along with Meta data. The
SigGen() method takes two arguments namely secret key and file. The file content is divided into
blocks. Then signature is computed for each block. Each blocks hash code is taken and two nodes
hash is merged into one in order to generate the next node. This process continues for all leaf nodes
until tree node is found. The root element is then taken by client and signs it and send to cloud
storage server.

4.5.2.3 Data Integrity Verification
The content of outsourced data can be verified by either client or TPA. This is done by
challenging server by giving some file and block randomly. Up on the challenge, the cloud storage
server computes the root hash code for the given file and blocks and then returns the computed root
hash code and originally stored hash code along with signature. Then the TPA or client uses public
key and private key in order to decrypt the content and compare the root hash code with the root hash
code returned by client. This procedure is specified in the following algorithm.

4.5.2.4 Data Modification and Data Insertion
Data modifications are the frequent operations on cloud storage. It is a process of replacing
specified blocks with new ones. The data modification operation cant affect the logic structure of
clients data. Another operation is known as data insertion. Data Insertion is a process of inserting
new record in to existing data. The new blocks are inserted into specified locations or blocks in the
data file F.

4.5.2.5 Batch Auditing for Multi-client Data
Cloud servers support simultaneous access. It does mean that in server it is possible to have
different verification sessions running parallel. Therefore it is essential to have auditing functionality
that works concurrently for many user sessions. The proposed scheme is extended to achieve this for
provable data updates and verification of multi-client system. Here an important decision made is to
make use of Bilearaggregate Signature Scheme.

4.6 Design Considerations
The main design consideration is to achieve auditability and data dynamics. The solution is
BLS based and it can also be done with RSA based signatures. BLS solution is 160 bits where as
RSA is of 1024 bits. Shortest query and response is possible with BLS. RSA also supports variable
sized blocks. MHT (Merkle Hash Tree) has to be used to achieve the solution. The other design
consideration is data dynamics. To achieve data dynamics PDP and PoR schemes can be extended.
However, they have security problems. As discussed earlier an adversary can intrude and perform
operations with ease unless, H (name||i) is changed for each update operation. Modifications are done
in the existing blocks while insertion can be done at any point in F denoting a file which has been
saved to cloud storage server. In basic PDP constructions the system stores static files without error
correction capabilities. The proposed scheme aims at designing a block less and stateless verification
of data. This is important as the TPA does not need actual data. The actual data is not shown to
anyone. Only hash values and secure keys are used for verification instead of actual data. Yet another
design consideration is to support distributed storage security. When data of clients are stored in
multiple cloud servers, it needs a mechanism to retrieve such data and manage data. The data is
duplicated at many places to withstand faults. The given file F is stored in multiple cloud storage
servers.

181

V. EXPERIMENTAL ANALYSIS

Figure 2: Login page

In this page Normal User and CSP Can Login From this Page

Figure 3: Client Registration Form

In this page Normal User or Data Owner Can Register From this Page and Specify the
Duration and Actual Storage that he want in Client Registration

Figure 4: Client Upload

182

This page shows Upload Menu Client Can Upload the Data into Multi Cloud

Figure 5: Notification

In this page if users uploaded data get changed then User can get the Notification for It. And
he can also recover the data.

VI. CONCLUSION AND FUTURE WORK

In progress Cloud computing is a technology which is used worldwide through the internet.
The main point in this paper is privacy and security issue. Ihave tried to address this problem in this
paper. I have given here many privacy and security issues and solution tothem.
For ensuring security of cloud data storage, it is difficult for enabling a TPA for evaluating the
quality of service from an objective and independent point of view. Public auditability is able to
allow clients for delegating the tasks of integrity verification to TPA while they are independently
not reliable or cannot commit required resources of computation performing verifications in a
continuous manner. One more important concern is the procedure for construction of verification
protocols which can be able to accommodate data files that are dynamic. In this paper, the problem
of employing simultaneous public auditability and data dynamics for remote data integrity check in
Cloud Computing is explored. The construction is designed for meeting these two main goals but
efficiency is set as the main goal. For achieving data dynamics that are effective, the existing proof
of storage models is enhanced through manipulation of the construction of classic Merkle Hash Tree
for authentication of block tag. For supporting good handling of multiple numbers of auditing tasks,
the method of bilinear aggregate signature is further explored for extending the main result into a
multiuser setting, where TPA is able to perform multiple auditing tasks in a simultaneous manner.
Huge security as well as performance analysis proves that the proposed scheme is efficient and
secure to a greater extent.

VII. REFERENCE

[1] A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, M. Zaharia, Above the clouds:
A berkeley view of cloud computing, University of California, Berkeley, Tech. Rep, 2009.
[2] Cong Wang, QianWang, KuiRen, Wenjing Lou (2009),"Ensuring Data Storage Security in
Cloud Computing".
[3] Cong Wang, QianWang, KuiRen, Wenjing Lou (2010), "Privacy Preserving Public Auditing
for Data Storage Security in Cloud Computing".
[4] A. L. Ferrara, M. Greeny, S. Hohenberger, M. Pedersen (2009), "Practical short signature
batch verification", in Proceedings of CT-RSA, volume 5473 of LNCS. Springer-Verlag,
pp. 309324.
183

[5] H. Shacham, B. Waters (Dec 2008), "Compact proofs of retrievability", in Proc. of Asia crypt
2008, vol. 5350, pp. 90107
[6] M.A.Shah, R.Swaminathan, M. Baker (2008), "Privacy preserving audit and extraction of
digital contents", Cryptology ePrint Archive.
[7] M.A. Shah, R. Swaminathan, and M. Baker, Privacy-Preserving Audit and Extraction of
Digital Contents, Report 2008/186, Cryptologye Print Archive, 2008.
[8] A. Oprea, M.K. Reiter, and K. Yang, Space-Efficient Block Storage Integrity, Proc. 12th
Ann. Network and Distributed System Security Symp. (NDSS 05), 2005.
[9] T. Schwarz and E.L. Miller, Store, Forget, and Check: Using Algebraic Signatures to Check
Remotely Administered Storage, Proc. 26th IEEE Intl Conf. Distributed Computing
Systems (ICDCS06), p. 12, 2006.
[10] Q. Wang, K. Ren, W. Lou, and Y. Zhang, Dependable and Secure Sensor Data Storage with
Dynamic Integrity Assurance, Proc.IEEE INFOCOM, pp. 954-962, Apr. 2009.
[11] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, Scalable and Efficient Provable Data
Possession, Proc. Fourth Intl Conf. Security and Privacy in Comm. Networks
(SecureComm 08), pp. 1-10, 2008.
[12] C. Wang, Q. Wang, K. Ren, and W. Lou, Ensuring Data Storage Security in Cloud
Computing, Proc. 17th Intl Workshop Quality of Service (IWQoS 09), 2009.
[13] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, Dynamic Provable Data
Possession, Proc. 16th ACM Conf. Computer and Comm. Security (CCS 09), 2009.
[14] K.D. Bowers, A. Juels, and A. Oprea, Hail: A High-Availability and Integrity Layer for
Cloud Storage, Proc. 16th ACM Conf. Computer and Comm. Security (CCS 09),
pp. 187-198, 2009.
[15] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and Verifiably Encrypted
Signatures from Bilinear Maps, Proc. 22ndIntl Conf. Theory and Applications of
Cryptographic techniques (Eurocrypt 03), pp. 416-432, 2003.
[16] Ahmed Hashim Mohammed, Dr. Hanaa M. A. Salman and Dr. Saad K. Majeed, A Survey of
Cloud Based Secured Web Application, International Journal of Computer Engineering &
Technology (IJCET), Volume 4, Issue 4, 2013, pp. 441 - 448, ISSN Print: 0976 6367,
ISSN Online: 0976 6375.
[17] Sujay Pawar and Prof. U. M. Patil, A Survey on Secured Data Outsourcing in Cloud
Computing, International Journal of Computer Engineering & Technology (IJCET),
Volume 4, Issue 3, 2013, pp. 70 - 76, ISSN Print: 0976 6367, ISSN Online: 0976 6375.
[18] V.Ramesh and P.Dhanalakshmi, Perceiving and Recovering Degraded Data on Secure
Cloud, International Journal of Computer Engineering & Technology (IJCET), Volume 4,
Issue 2, 2013, pp. 229 - 236, ISSN Print: 0976 6367, ISSN Online: 0976 6375.
[19] Khatri Nishant P., Preeti Gupta and Tusal Patel, Privacy Preserving Clustering on
Centralized Data Through Scaling Transformation, International Journal of Computer
Engineering & Technology (IJCET), Volume 4, Issue 3, 2013, pp. 449 - 454, ISSN Print:
0976 6367, ISSN Online: 0976 6375.
[20] D.Pratiba and Dr.G.Shobha, Privacy-Preserving Public Auditing for Data Storage Security
in Cloud Computing, International Journal of Computer Engineering & Technology
(IJCET), Volume 4, Issue 3, 2013, pp. 441 - 448, ISSN Print: 0976 6367, ISSN Online:
0976 6375.

Ijcet: International Journal of Computer Engineering & Technology (Ijcet)

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Ijcet: International Journal of Computer Engineering & Technology (Ijcet)

Transféré par

Droits d'auteur :

Formats disponibles

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),

Vous aimerez peut-être aussi