RAFA MAHAMOOD S V SHAMEEMA K V SUMAYYA K P

Introduction
System

and threat model Proposed scheme Security analysis & performance evaluation

Cloud computing gives flexibility to users Users pay as much as they use Users dont need to set up the large computers But the operation is managed by the Cloud Service Provider (CSP) The user give their data to CSP; CSP has control on the data The user needs to make sure the data is correct on the cloud Internal (some employee at CSP) and external (hackers) threats for data integrity CSP might behave unfaithfully

For money reasons, CSP might delete data thats rarely accessed CSP might hide data loss to protect their reputation

 How

to efficiently verify the correctness of outsourced data?

Simply downloading the data by the user is not practical

TPA

can do it and provide an audit report TPA should not read the data content
Legal regulations: US Health Insurance Portability and Accountability Act (HIPAA)
This

paper presents how to enable privacy-preserving third-party auditing protocol

First work in the literature to do this

U: cloud user has a large amount of data files to store in the cloud CS: cloud server which is managed by the CSP and has significant data storage and computing power (CS and CSP are the same in this paper) TPA: third party auditor has expertise and capabilities that U and CSP dont have. TPA is trusted to assess the CSPs storage security upon request from U

 EXISTING

SYSTEM

Controlled by the entity,& restricted by them to the authorised users Delivered via the internet to all users

Not secure

Uses homomorphic authenticator Also uses a random mask achieved by a Pseudo Random Function (PRF)
Homomorphic authenticator Block 1 Block 2

Block k

Verificatio n Metadata

Verificatio n Metadata

Verificatio n Metadata

Aggregate Verification Metadata

A linear combination of data blocks can be verified by looking only at the aggregated authenticator

10

HARDWARE SPECIFICATION Processor : Pentium IV or above

Memory Hard Disk

: 2GB or above : 120 GB or above

RECOMMENDED SOFTWARE

Operating System Programming environment IDE Java Version Google Pluggin for Eclipse

: Windows 7 : Java : Eclipse : JDK 1.6 or later

With cloud computing, users can remotely store their data into the cloud and use on-demand high-quality applications Using a shared pool of configurable computing resources Data outsourcing: users are relieved from the burden of data storage and maintenance When users put their data (of large size) on the cloud, the data integrity protection is challenging Enabling public audit for cloud data storage security is important

Users can ask an external audit party to check the integrity of their outsourced data

user

data

user

External Audit party

user Cloud network

External audit party is called TPA TPA helps the user to audit the data To allow TPA securely: 1) TPA should audit the data from the cloud, not ask for a copy 2) TPA should not create new vulnerability to user data privacy We presents a privacy-preserving public auditing system for cloud data storage

What is auditing?

Consists of four algorithms (KeyGen, SigGen, GenProof, VerifyProof) KeyGen: key generation algorithm that is run by the user to setup the scheme SigGen: used by the user to generate verification metadata, which may consist of MAC, signatures or other information used for auditing GenProof: run by the cloud server to generate a proof of data storage correctness VerifyProof: run by the TPA to audit the proof from the cloud server

Setup

user

KeyGen Public & Secret parameters

SigGen

File F

Verification Metadata TPA

Audit TPA issues an audit message or a challenge to CSP

CSP

GenProof Response message

File F

TPA

VerifyProof

Verification Metadata
18

Block 1

Block 2

Block n

key MAC

File is divided into blocks

File block

Block 1

Block 2 code 2

Block n code n

code
Message Authentication Code (MAC)

user

code 1

TPA

Cloud

-User computes the MAC of every file block -Transfers the file blocks & codes to cloud -Shares the key with TPA

Audit -TPA demands a random number of blocks and their code from CSP -TPA uses the key to verify the correctness of the file blocks

Drawbacks: -The audit demands retrieval of users data; this is not privacypreserving -Communication and computation complexity are linear with the sample size

20

user
Key 1

Block 1

Block 2

Block n

code 1 code 1

code 2

code n code n

Block 1

Block 2

Block m

Key 2
Key s

code 2

code 1

code 2

code n

Cloud Setup -User uses s keys and computes the MAC for blocks -User shares the keys and MACs with TPA Audit -TPA gives a key (one of the s keys) to CSP and requests MACs for the blocks -TPA compares with the MACs at the TPA -Improvement from Scheme 1: TPA doesnt see the data, preserves privacy -Drawback: a key can be used once. -The TPA has to keep a state; remembering which key has been used -Schemes 1 & 2 are good for static data (data doesnt change at the cloud)
TPA

21

Proposed scheme

Uses homomorphic authenticator Also uses a random mask achieved by a Pseudo Random Function (PRF)
Homomorphic authenticator Block 1 Block 2 Block k

Verificatio n Metadata

Verificatio n Metadata

Verificatio n Metadata

Aggregate Verification Metadata

A linear combination of data blocks can be verified by looking only at the aggregated authenticator
22

- In addition to Aggregate Authenticator, the TPA will receive a linear combination of file blocks: Random Mask by PRF vi are random number mi are file blocks -The PRF function masks the data -It has a property of not affecting the Verification Metadata

-If TPA sees many linear combinations of the same blocks, it might be able to infer the file blocks
-This, we also use a random mask provided by the Pseudo Random Function (PRF)

Block 1

Block 1 with PRF Mask

Verificatio n Metadata Equal

Verificatio n Metadata

r is the mask
23

Setup
Block 1 Block 2 Block n

user

KeyGen user Public key (sk)& Secret key (pk)

sk

Block 1

Block 2

SigGen

Block n

1 1 2 n

1- User generates public and secret parameters

2- A code is generated for each file block

3- The file blocks and their codes are transmitted to the cloud

Audit -TPA sends a challenge message to CSP -It contains the position of the blocks that will be checked in this audit
Selected blocks in challenge -CSP also makes a linear combination of selected blocks and applies a mask. Separate PRF key for each GenProof auditing. -CSP send aggregate authenticator & Aggregate authenticator masked combination of blocks to TPA

CSP

Masked linear combination of requested blocks

TPA

VerifyProof
Aggregate authenticator

Compare the obtained Aggregate authenticator to the one received from CSP

24

 The

data sent from CSP to TPA is independent of the data size

Linear combination with mask

Previous

work has shown that if the server is missing 1% of the data

We need 300 or 460 blocks to detect that with a probability larger than 95% or 99%, respectively

 Batch

auditing

There are K users having K files on the same cloud They have the same TPA Then, the TPA can combine their queries and save in computation time The comparison function that compares the aggregate authenticators has a property that allows checking multiple messages in one equation Instead of 2K operation, K+1 are possible

 Data

dynamics

The data on the cloud may change according to applications This is achieved by using the data structure Merkle Hash Tree (MHT) With MHT, data changes in a certain way; new data is added in some places There is more overhead involved ; user sends the tree root to TPA This scheme is not evaluated in the paper

 Reference

[11] doesnt have privacypreserving property

TPA can read the information

Number of auditing tasks increased from 1 to 200 in multiple of 8 Auditing time per task: total auditing time / number of tasks

 In

batch auditing, true means that all of the messages are correct False means at least one is wrong

Divide batch in half, repeat for left- and right parts Binary search

Wrong

10

Wrong
1,2,3 and 9,10 3 and 10

1
1 1

2
2 2

3
3 3

4
4 4

5
5 5

6
6 6

7
7 7

8
8 8

9
9 9

10
10 10
30

The more errors that there is, it takes more time to find them

31

Utilize the homomorphic linear authenticator and random masking to guarantee that the TPA would not learn any knowledge about the data content stored on the cloud server during the efficient auditing process. Eliminates the burden of cloud user from the tedious and possibly expensive auditing task and alleviates the users fear of their outsourced data leakage TPA may concurrently handle multiple audit sessions from different users for their outsourced data files. Extend our privacy-preserving public auditing protocol into a multi-user setting, where the TPA can perform multiple auditing tasks in a batch manner for better efficiency Schemes are provably secure and highly efficient