Vous êtes sur la page 1sur 5

International Journal of Computer Information Systems, Vol. 3, No.

2, 2012

Enabling Public Auditability for Cloud Data Storage Security

Abirami G Department Of Computer Science Engineering Hindustan University Chennai, India gabirami08@yahoo.co.in Dhana sundari M Department Of Computer Science Engineering Hindustan University Chennai, India dhanam.sun@gmail.com

Linda Joseph Assistant professor Department of Computer Science Engineering Hindustan University Chennai,India linda24in@gmail.com

Abstract - Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing environment strives to be dynamic, reliable and customizable with a guarantee of quality service. Users access virtual software and hardware in cloud environment, where services are shared among a cloud of service consumers, partners and vendors. To access data virtually the service provider must ensure capabilities such as data confidentiality, integrity and availability. This encryption schema is to ensure that the data shared in storage environment to safeguards all data, stringent access controls to prevent unauthorized access to the data scheduled data backup and safe storage of the backup media. Seven aspects of data security are privileged user access, regulatory compliance, data location, data segregation, recovery, investigative support, long-term viability. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. Third party auditor (TPA) is used by clients and providers alike to determine the security of the cloud implementation. Keywords Cloud computing, security, privacy, third party auditor I. INTRODUCTION Cloud computing is the logical move for services to take as more established parts of IT are commoditized. Storing data in cloud offers convenience to users. These internet-based online services provide large amount of storage space, this computing platform shift, eliminates the responsibility of local

machines to maintain data. As a conclusion, users have to rely on the cloud providers for the availability and integrity of the data. These opportunities to reduce costs motivate them to focus on core competencies instead of infrastructure management along with on demand computing agility and aligning business strategies to information technology. There are also concerns that users normally thinks of like security and maintaining direct control over systems. Several threats that are encountered in cloud computing are Abuse and Nefarious Use of Cloud Computing, Insecure Application Programming Interfaces, Malicious Insiders, shared Technology Vulnerabilities, Data Loss in Account, Service & Traffic Hijacking. On cloud security, few important things that needs to be known are as follows: Consider, cloud security as your internal security as we have to use the same tools which protects our data in the cloud for the purpose of cloud security, with the difference only in the multi-tenant environment where more than one company shares the same cloud service provider. Next is that, all security issues can be addressed using the current security tools by carefully considering it. But these cannot be considered as hindrance while moving to cloud. Third, selecting a quality cloud services provider enables good cloud security. The main issues when developing applications with data-parallelism are in selecting algorithm, the data decomposition strategy, processing node load balancing, communications between nodes during message passage, and the total accuracy of the results. One of the most effective methods used to provide data security in cloud is Cryptography. Cryptography is the use of encryption and decryption algorithms. Cryptography is the technique used for practice and study of communication security while third parties are present. Generally, Cryptography is used for analyzing and constructing protocols that overcome the adversaries influence and those that relates to various aspects in information security like confidentiality of data, integrity of data, and authentication.

February Issue

Page 43 of 62

ISSN 2229 5208

Cloud computing is a set of services that provide infrastructure resources using internet media and data storage on a third party server. Today is the age of information technology. The facets of work and personal life are moving towards the concept of availability of everything online. Understanding this trend, the big and giant web based companies like Google, Amazon, Salesforce.com came with a model named Cloud Computing the sharing of web infrastructure to deal with the internet data storage, scalability and computation. II.PROBLEM STATEMENT Abuse and Nefarious Use of Cloud There are some users who offer free limited period offers to use their cloud services. The providers like Computing IaaS helps users with unlimited storage capacity, network and computing along with easy registration process using credit card to start using their service instantly. But IaaS users suffered attacks by malicious users, spammers and other cyber criminals were conducting activities with easy impunity by taking advantage of the anonymity inside registration process and user model. Recently, IaaS vendors were also became victims for these attacks. Establishing control by cracking password and keys, launching dynamic attack points, DDOS, hosting malicious data, executing botnet command and control are considered as future areas of concerns. Insecure Interfaces and APIs Management, provisioning, monitoring and orchestration are performed by interfaces or APIs used by Cloud Computing users to interact and manage cloud services. Encryption for authentication process and activity monitoring were executed based on the protective design of these interfaces. Other third parties and organizations offer their additional services to customers by building complex new layered APIs upon these interfaces which increases risk as credentials has to be relinquished by them to third parties for enabling their agency Data Loss or Leakage There are various ways through which data can be compromised. Alteration or deletion of records which has no backup forms an obvious example. Destroying the link of a record from a larger context or storing on an unreliable media too can compromise data. Losing an encoding key will result in total destruction as well. Gaining access to sensitive data by unauthorized parties has to be prevented. Data compromise threat is more due to number of risks and challenges as well as due to the operational and architectural characteristics of the cloud environment. Account or Service Hijacking Service or Account hijacking is not new. Attacking methods like fraud, exploitation of software vulnerabilities and Phishing still achieve results. Reusing password credentials amplifies these above mentioned attacks impact. By gaining

International Journal of Computer Information Systems, Vol. 3, No. 2, 2012 access to user credentials, attackers can misinterpret the users activities on any transactions, can manipulate data, returning falsified information or redirecting the clients to inappropriate sites. Attackers can convert the hacked users accounts or service instance as a new base and start additional illegal activities. This image theft will help them to start subsequent attacks Shared Technology Issues IaaS vendors use sharing of infrastructure as scalable way of delivering their services. The components underlying these infrastructures were not often designed for offering strong isolation properties for multiple client architecture. As a solution to this problem, a virtualization hypervisor has been designed to mediate the access between all guest operating systems and physical computer resources. As always, hypervisors too have their own area of concern which enables guest operating systems to take inappropriate control levels or underlying platform influences, which now requires a in depth defense strategy that includes storage, compute and network security monitoring and enforcement. By implementing strong compartmentalization, individual customers should be stopped from impacting other tenants operations that are running on the same cloud provider. The Residual or actual data, network traffic usage of other tenants should not be accessible to other users at any given point of time. III.PROPOSED SOLUTION Cryptography is used to change readable text, called plaintext, into an unreadable secret format, called cipher text, using a process called encryption. Encrypting data provides additional benefits besides protecting the confidentiality of data. Other benefits include ensuring that messages have not been altered during transit and verifying the identity of the message sender. All these benefits can be realized by using basic encryption methods. Asymmetric or public key, cryptography is the last encryption method. This type of cryptography uses two keys, a private key and a public key, to perform encryption and decryption. The use of two keys overcomes a major weakness in symmetric key cryptography in that a single key does not need to be securely managed among multiple users. In asymmetric cryptography, a public key is freely available to everyone while the private key remains with receiver of cipher text to decrypt messages. Algorithms that use public key cryptography include RSA and Diffie-Hellman. In a classic cryptosystem in order to make sure that nobody, except the intended recipient, deciphers the message, the people involved had to strive to keep the key secret. In a public-key cryptosystem. The public key cryptography solves one of the most vexing problems of all prior cryptography: the necessity of establishing a secure channel for the exchange of the key. The RSA algorithm is a public key algorithm that can be used to send an encrypted message without a separate exchange of secret keys. It can also be used to sign a message.

February Issue

Page 44 of 62

ISSN 2229 5208

RSA Algorithm was discovered by a group of three scientists namely Ron Rivest,Adi Shamir and Len Adleman and was first published in 1978.The RSA scheme is a block cipher in which the plain text and cipher text are integers between 0 and n-1 for some n. A Typical size of n is 1024 bits or 309 decimal digits. This is a public key encryption scheme. Compared to first and second party audits where auditors are not independent, the third party audit is objective. It is an assessment of an organizations quality system conducted by an independent, outside auditor or team of auditors. When referring to a third party audit as it applies to an international quality standard such as ISO 9000, the term "third party" is synonymous with a quality system registrar whose primary responsibility is to assess an organizations quality system for conformance to that standard and issue a certificate of conformance (upon completion of a successful assessment). ). In our formulation, a delegation of audit is secure, if the data owner can verify whether TPA has indeed performed the audit task specified by the data owner; the data owner can verify whether TPA did perform the audit task at the right time specified by the data owner; the confidentiality of the data is protected against the TPA and/or the CSP. The task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud. Cloud architecture diagram

International Journal of Computer Information Systems, Vol. 3, No. 2, 2012 IV.IMPLEMENTATION The RSA scheme is a block cipher in which the plain text and cipher text are integers between 0 and n-1 for some n. A Typical size of n is 1024 bits or 309 decimal digits. This is a public key encryption scheme. The mathematical details of the algorithm used in obtaining the public and private keys are available at the RSA Web site. Briefly, the algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key. Once the keys have been developed, the original prime numbers are no longer important and can be discarded. Both the public and the private keys are needed for encryption /decryption but only the owner of a private key ever needs to know it. Using the RSA system, the private key never needs to be sent across the Internet. The private key is used to decrypt text that has been encrypted with the public key. Thus, if I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key. When you receive it, you decrypt it with your private key. Key Generation Algorithm: RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g. 1024 bits. Compute n = pq and (phi) = (p-1)(q-1). Choose an integer e, 1 < e < phi, such that gcd(e, phi) = 1. Compute the secret exponent d, 1 < d < phi, such that ed 1 (mod phi). The public key is (n, e) and the private key (d, p, q). Keep all the values d, p, q and phi secret. [we prefer sometimes to write the private key as (n, d) because you need the value of n when using d.] n is known as the modulus. e is known as the public exponent or encryption exponent or just the exponent. d is known as the secret exponent or decryption exponent. Encryption Sender A does the following:Obtains the recipient B's public key (n, e). Represents the plaintext message as a positive integer m, 1 < m < n Computes the ciphertext c = me mod n. Sends the ciphertext c to B. Decryption

February Issue

Page 45 of 62

ISSN 2229 5208

International Journal of Computer Information Systems, Vol. 3, No. 2, 2012 VI.REFERENCES Recipient B does the following:Uses his private key (n, d) to compute m = cd mod n. Extracts representative m. the plaintext from the message 1. https://wiki.umn.edu/pub/UmmCSciSeniorSeminar 2. Q. Wang, K. Ran, W. Lou, and Y. Zhang, Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance, Proc. of IEEE 3. Amazon EC2 Crosses the Atlantic. http://aws.amazon.com/about-aws/whatsnew/2008/12/10/amazon-ec2-crosses-the-atlantic/. 4. Guidelines on Security and Privacy in Public cloud computing -National institute of standards and technology 5. Security and Privacy in Cloud Computing 6.A. Juels and J. Burton S. Kaliski, PORs: Proofs of Retrievability for Large Files, Proc. of CCS 07, pp. 584 597, 2007. 7. H. Shacham and B. Waters, Compact Proofs of Retrievability, Proc.of Asiacrypt 08, Dec. 2008 8.cloud computing security-trend micro 9. Cloud computing- the role of internal audit. Ernst & young 10. Knuth, D. E. The Art of Computer Programming, Vol 2: Semi numerical Algorithms. Addison-Wesley, Reading, Mass., 1969. 11. Levine, J., and Brawley, J.V. Some cryptographic applications of permutation Polynomials. Cryptologia 1 (Jan. 1977), 76-92. 12.Niven, I., and Zuckerman, H.S. An Introduction to the Theory of Numbers. Wiley,New York, 1972. 13. Pohlig, S.C., and Hellman, M.E. An improved algorithm for computing logarithms Over GF (p) and its cryptographic significance. To appear in IEEE Trans. Inform.Theory, 1978.

Public verification enables a third party auditor (TPA), on the behalf of the data owner, to verify the integrity of cloud storage with the data owner's public key. RSA algorithm is used for key generation in user and file transfer modules. To enable a privacy-preserving third-party auditing protocol, independent to data encryption, is the problem we are going to tackle here. Our work is among the first few ones to support privacy-preserving public auditing in Cloud Computing, with a focus on data storage. In which RSA algorithm is used for encryption and decryption. As the individual auditing of these growing tasks can be tedious and cumbersome, a natural demand is then how to enable the TPA to efficiently perform multiple auditing tasks in a batch manner, i.e., simultaneously. V.CONCLUSION In this paper, we have discussed the problem of data security in cloud data storage. To verify the correctness of data. we have given an effective and flexible cryptosystem. By analysing detailed security and performance analysis, we show that our cryptosystem is highly efficient and resilient Byzantine failure, data loss and leakage. . Cryptosystem used here is RSA algorithm.cloud computing offers economical and performance gains for developers and users. While hardware infrastructure is entirely outsourced, the applications and services still must be configured. To ensure sensitive data remains private, virtual machines must be locked down and monitored and external communications must be encrypted. Cloud fears largely stem from the perceived loss of control of sensitive data. Considering TPA may concurrently handle multiple audit sessions from different users for their outsourced data files, we further extend our privacypreserving public auditing protocol into a multi-user setting, where TPA can perform the multiple auditing tasks in a batch manner, i.e. simultaneously. Extensive security and performance analysis shows that the proposed schemes are provably secure and highly efficient. . Cloud computing system stores multiple vendor data in a shared cloud server. Security and reliability of the stored data is a raising concern today and hence vendors are not completely geared up for adopting cloud. The proposed system targets in coming up with techniques that can be implemented to ensure data security and reliability in cloud system.

February Issue

Page 46 of 62

ISSN 2229 5208

International Journal of Computer Information Systems, Vol. 3, No. 2, 2012


Abirami G, Chennai, 27.05.1983, M.E Computer science and engineering, School of Computing Sciences and Engineering, Hindustan University, Chennai, Tamil Nadu, India.

Dhana sundari M, Chennai, 19.08.1989, M.E Computer science and engineering, School of Computing Sciences and Engineering, Hindustan University, Chennai, Tamil Nadu, India.

Linda Joseph, Chennai, Assistant Professor, School of Computing Sciences and Engineering, Hindustan University, Chennai, Tamil Nadu, India.

February Issue

Page 47 of 62

ISSN 2229 5208