PUBLIC AUDITING FOR SECURE CLOUD STORAGE
Download as PPTX, PDF4 likes1,744 views
This document outlines a presentation on public auditing for secure cloud storage. It discusses the objective of developing a system to allow cloud users to ensure their data is secure and not corrupted. It covers topics like introduction to cloud computing, literature review on existing methods, problem description, the proposed method, applications, discussion of base paper, execution tools, and conclusions. The proposed method aims to enable public auditing of cloud storage without requiring local data copies, providing privacy and efficiency.
![PUBLIC AUDITING
FOR SECURE CLOUD STORAGE
Anand K Menon[MTALECS004 ]
Bharath Chandran Nair[MTALECS015]
Godwin C Antony[MTALECS025]
Eighth semester B.Tech CSE, Department of Computer Science,
Met’s School of Engineering,Mala,
Under the Guidance of
Miss.Asha S
Assistant Professor, Dept. of CSE,
Met’s School of Engineering,Mala](https://image.slidesharecdn.com/1-160730050929/85/PUBLIC-AUDITING-FOR-SECURE-CLOUD-STORAGE-1-320.jpg)
PUBLIC AUDITING FOR SECURE CLOUD STORAGE
- 1. PUBLIC AUDITING FOR SECURE CLOUD STORAGE Anand K Menon[MTALECS004 ] Bharath Chandran Nair[MTALECS015] Godwin C Antony[MTALECS025] Eighth semester B.Tech CSE, Department of Computer Science, Met’s School of Engineering,Mala, Under the Guidance of Miss.Asha S Assistant Professor, Dept. of CSE, Met’s School of Engineering,Mala
- 2. OUTLINE OF THE PRESENTATION o OBJECTIVE o INTRODUCTION o LITERATURE SURVEY o EXISTING METHOD o PROBLEM DESCRIPTION o BLOCK DIAGRAM o PROPOSED METHOD o APPLICATIONS o RESULT AND DISCUSSION OF BASE PAPER o EXECUTION TOOLS o CONCLUSION o REFERENCES
- 3. OBJECTIVE The objective of the system is to develop a system that would enable the cloud users to have control over their data so that they can ensure that their data is secured and not corrupted. It provides security to the users data by encrypting the data and splitting up the file into small blocks for storage. Auditing the cloud storage without demanding a local copy of data enables more efficiency.
- 4. INTRODUCTION Cloud computing customers do not own a physical infrastructure; rather they rent the usage from a third party provider. They consume resources as a service and pay only for resources that they use. Cloud computing comes in three forms: public clouds, private clouds, and hybrids clouds. Public clouds offer the greatest level of efficiency in shared resources but are more vulnerable. Private clouds offer the greatest level of security and control, but they require the company to still purchase and maintain all the software and infrastructure. Hybrid cloud includes both public and private options.The downside is that we have to keep track of multiple different security platforms.
- 5. Cloud computing provides on demand self services,location independent resource pooling,rapid resource elasticity,usage based pricing etc.. Challenge faced is security threats towards users outsourced data. Here the correctness of user data in the cloud is put at risk. CSP might reclaim storage for monetary reasons by discarding rarely accesed data or even hiding data corruption due to server hacks over byzantine failures.
- 6. LITERATURE REVIEW SL .N O AUTHOR YEAR TITLE DESCRIPTION 1 P. Mell and T. Grance June 2009 DraftNISTworking definitionofcloud computing Subscribers should identify the specific resources that are suitable for migrating data into and out of clouds. Resources could be services such as: (1) email, (2) data repositories such as shared documents, or (3) systems that run in virtualized environments. 2 M. Arrington December 2006 Gmail disaster: Reports of mass email deletions Cloud Computing provides convenient on demand network access to a shared pool of configurable computing resources that can be rapidly deployed with the great efficiency and minimal management overhead. 3 J. Kincaid December 2006. MediaMax/TheLinkup Closes Its Doors To achieve the assurances of cloud data integrity and availability and enforce the quality of dependable cloud storage service for users, To propose an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append.
- 7. LITERATURE REVIEW S L . N O AUTHOR YEAR TITLE DESCRIPTION 4 M.A.Shah,R.Swamina than, and M. Baker Oct. 2008 Privacy-preserving audit and extraction of digital contents A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to charge users for their storage. Customers often use these services to store valuable data such as email, family photos and videos, and disk backups. Today, a customer must entirely trust such external services to maintain the integrity of hosted data and return it intact. 5 Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou Sep. 2009 Enabling publicverifiability and data dynamics for storage security in cloud computing Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy. 6 G. Ateniese, S. Kamara, and J. Katz 2009 Proofs of storage fromhomomorphic identification protocols Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where `tags' on multiple messages can be homomorphically combined to yield a `tag' on any linear combination of these messages.
- 8. 8 BASIC SCHEME 1 MAC key File block code Message Authentication Code (MAC) Block 1 Block nBlock 2 … File is divided into blocks Cloud user TPA Block 1 Block n…Block 2 code 1 code n…code 2 -User computes the MAC of every file block -Transfers the file blocks & codes to cloud -Shares the key with TPA Audit -TPA demands a random number of blocks and their code from CSP -TPA uses the key to verify the correctness of the file blocks Drawbacks: -The audit demands retrieval of user’s data; this is not privacy-preserving -Communication and computation complexity are linear with the sample size EXISTING METHOD
- 9. 9 BASIC SCHEME 2 Block 1 Block n…Block 2 code 1 code n…code 2 code 1 code n…code 2 code 1 code n…code 2 Key 1 Key 2 Key s … user Cloud TPA Block 1 Block m…Block 2 Setup -User uses s keys and computes the MAC for blocks -User shares the keys and MACs with TPA Audit -TPA gives a key (one of the s keys) to CSP and requests MACs for the blocks -TPA compares with the MACs at the TPA -Improvement from Scheme 1: TPA doesn’t see the data, preserves privacy -Drawback: a key can be used once. -The TPA has to keep a state; remembering which key has been used -Schemes 1 & 2 are good for static data (data doesn’t change at the cloud)
- 10. PROBLEM DESCRIPTION Audit cloud storage demanding local copy of data. Violates the privacy-preserving guarantee. Large communication overhead and time delay. Band-width available between the TPA and the cloud server is limited. Auditor can modify user data. Copy of user data on auditing side. No data control on user side. The number of times a particular data file can be audited is limited by the number of secret key.
- 11. BLOCK DIAGRAM U: cloud user has a large amount of data files to store in the cloud CS: cloud server which is managed by the CSP and has significant data storage and computing power (CS and CSP are the same in this paper) TPA: third party auditor has expertise and capabilities that U and CSP don’t have. TPA is trusted to assess the CSP’s storage security upon request from U
- 12. Setup & audit phases of public auditing scheme.
- 13. Consists of four algorithms (KeyGen, SigGen, GenProof, VerifyProof) KeyGen: key generation algorithm that is run by the user SigGen: used by the user to generate verification metadata, which may consist of MAC, signatures or other information used for auditing GenProof: run by the cloud server to generate a proof of data storage correctness VerifyProof: run by the TPA to audit the proof from the cloud server
- 14. 14 user KeyGen Public key (sk)& Secret key (pk) Setup SigGenuser sk Block 1 Block 2 Block n… σ1 …σ2 σn Block 1 Block n…Block 2 σ1 … σnσ2 1- User generates public and secret parameters 2- A code is generated for each file block 3- The file blocks and their codes are transmitted to the cloud Audit -TPA sends a challenge message to CSP -It contains the position of the blocks that will be checked in this audit GenProofCSP Selected blocks in challenge Aggregate authenticator -CSP also makes a linear combination of selected blocks and applies a mask. Separate PRF key for each auditing. -CSP send aggregate authenticator & masked combination of blocks to TPA VerifyProofTPA Masked linear combination of requested blocks Aggregate authenticator Compare the obtained Aggregate authenticator to the one received from CSP
- 15. PROPOSED METHOD Public auditing scheme which provides a complete outsourcing solution of data– not only the data itself, but also its integrity checking System consist of client and server side application and website. Effectively audit cloud storage without demanding local copy of data. Extensive security and performance analysis shows provably secure and highly efficient. Data conrtol in the hands of users only.
- 16. APPLICATIONS Used in applications that require public auditing. Can be used for batch auditing. Application that ensures storage correctness.
- 18. Uploading a file
- 19. Viewing File
- 20. Checking the Security Status
- 23. TPA MODULE (THIRD PARTY AUDITOR):
- 25. CSP MODULE (CLOUD SERVICE PROVIDER):
- 28. DISCUSSION OF BASE PAPER Objective of the Project The objective of the system is to develop a system that would enable the cloud users to have control over their data so that they can ensure that their data is secured and not corrupted. Scope of the Project “ Trusted Cloud Services” provides a security solution to the cloud users. It ensures that the data of the users that have been stored in a remote server is secured and controlled.
- 29. Constraints Only the registered users will be authorized to use the service. A trustworthy TPA is required to audit the storage. Assumptions and dependencies The project will not change in scope The resources identified will be available upon request Approved funding will be available upon request Only the registered users can access the Website Roles and tasks are predefined.
- 30. EXECUTION TOOLS Hardware Requirements Intel Pentium dual core processor or above 1 GB RAM 200 GB HDD Other standard peripherals Software Requirements Operating system : windows XP Tool: Netbeans IDE 6.1 Programming Package : Jdk.5.0 Database :MySQL Server :Glassfish v2
- 31. CONCLUSION The aim of the project is to develop a system that would enable the cloud users to have control over their data so that they can ensure that their data is secured . They can know whether there is any data loss or corruption by logging into the website. TPA would not learn any knowledge about the data content stored on the cloud server during the efficient auditing process. TPA can perform multiple auditing tasks in a batch manner for better efficiency. Schemes are provably secure and highly efficient.
- 41. REFERENCE P. Mell and T. Grance, “Draft NIST working definition of cloud computing,” Referenced on June. 3rd, 2009 Online at http://csrc.nist.gov/groups/SNS/cloud-computing/index. html, 2009. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” University of California, Berkeley, Tech. M. Arrington, “Gmail disaster: Reports of mass email deletions,” Online at http://www.techcrunch.com/2006/12/28/gmail- disasterreports-of-mass-email-deletions/,December 2006. J. Kincaid, “MediaMax/TheLinkup Closes Its Doors,” Online at http://www.techcrunch.com/2008/07/10/ mediamaxthelinkup-closes- its-doors/, July 2008. Amazon.com, “Amazon s3 availability event: July 20, 2008,” Online at http://status.aws.amazon.com/s3-20080720.html,2008.
- 42. S. Wilson, “Appengine outage,” Online at http://www.cio- weblog.com/50226711/appengine outage.php, June 2008. B. Krebs, “Payment Processor Breach May Be Largest Ever,”, Jan. 2009. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proc. of CCS’07, Alexandria, VA, October 2007, pp. 598– 609. M. A. Shah, R. Swaminathan, and M. Baker, “Privacypreservingaudit and extraction of digital contents,” Cryptology Print Archive, Report 2008/186, 2008. Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public verifiability and data dynamics for storage security in cloud computing,” in Proc. of ESORICS’09, volume 5789 of LNCS. Springer-Verlag, Sep. 2009, pp. 355–370.