Towards Secure and Dependable Storage Services in Cloud

ickybiblegroveInternet και Εφαρμογές Web

3 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

79 εμφανίσεις



Towards Secure and Dependable Storage Services in Cloud
Computing

Abstract

Cloud storage enables users to remotely store their data and enjoy the on
-
demand high quality
cloud applications without the burden of local hardware and software management. Though

the
benefits are clear, such a service is also relinquishing users’ physical possession of their
outsourced data, which inevitably poses new security risks towards the correctness of the data in
cloud. In order to address this new problem and further achi
eve a secure and dependable cloud
storage service, we propose in this paper a flexible distributed storage integrity auditing
mechanism, utilizing the homomorphism token and distributed erasure
-
coded data. The proposed
design allows users to audit the clou
d storage with very lightweight communication and
computation cost. The auditing result not only ensures strong cloud storage correctness
guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of
misbehaving serv
er. Considering the cloud data are dynamic in nature, the proposed design
further supports secure and efficient dynamic operations on outsourced data, including block
modification, deletion, and append. Analysis shows the proposed scheme is highly efficien
t and
resilient against Byzantine failure, malicious data modification attack, and even server colluding
attacks.

Index Terms

Data integrity, dependable distributed storage, error localization, data dynamics,
Cloud Computing









ARCHITECTURE DIA
GRAM









LITERATURE SURVEY:


1.

Privacy
-
Preserving Audit and Extraction of Digital Contents

A growing number of online services, such as Google, Yahoo!, and Amazon, are starting to

charge users for their storage. Customers oft
en use these services to store valuable data such as

email, family photos and videos, and disk backups. Today, a customer must entirely trust such

external services to maintain the integrity of hosted data and return it intact. Unfortunately,

no
service is

infallible.

To make storage services accountable for data loss, we present protocols that
allow a thirdparty

auditor to periodically verify the data stored by a service and assist in
returning the data

intact to the customer. Most importantly, our protoco
ls are privacy
-
preserving,
in that they

never reveal the data contents to the auditor. Our solution removes the burden of
verification

from the customer, alleviates both the customer’s and storage service’s fear of data
leakage, and

provides a method for i
ndependent arbitration of data retention contracts


2. Proofs of Retrievability via Hardness Amplification

Proofs of Retrievability (PoR), introduced by Juels and Kaliski [JK07], allow the client to

store a
file
F
on an untrusted server, and later run an e
fficient audit protocol in which the

server proves
that it (still) possesses the client’s data. Constructions of PoR schemes attempt to

minimize the
client and server storage, the communication complexity of an audit, and even the

number of
file
-
blocks acc
essed by the server during the audit. In this work, we identify several

different
variants of the problem (such as bounded
-
use vs. unbounded
-
use, knowledge
-
soundness

vs.
information
-
soundness), and giving nearly optimal PoR schemes for each of these varian
ts.

Our
constructions either improve (and generalize) the prior PoR constructions, or give the first

known
PoR schemes with the required properties. In particular, we


Formally prove the security of an
(optimized) variant of the bounded
-
use scheme of Juel
s

and Kaliski [JK07], without making any
simplifying assumptions on the behavior of the

adversary.


Build the first unbounded
-
use PoR
scheme where the communication complexity is linear

in the security parameter and which does
not rely on Random Oracles,
resolving an open

question of Shacham and Waters [SW08].


Build the first bounded
-
use scheme with information
-
theoretic security.

The main insight of our


work comes from a simple connection between PoR schemes and the

notion of hardness
amplification, ext
ensively studied in complexity theory. In particular, our improvements

come
from first abstracting a purely information
-
theoretic notion of PoR codes, and

then building
nearly optimal PoR codes using state
-
of
-
the
-
art tools from coding
.


3.

Ensuring Data S
torage Security in Cloud Computing

Cloud Computing has been envisioned as the next

generation

architecture of IT Enterprise. In
contrast to traditional

solutions, where the IT services are under proper physical,

logical and
personnel controls, Cloud Comput
ing moves the

application software and databases to the large
data centers,

where the management of the data and services may not be

fully trustworthy. This
unique attribute, however, poses many

new security challenges which have not been well
understood.

In this article, we focus on cloud data storage security, which

has always been an
important aspect of quality of service. To

ensure the correctness of users’ data in the cloud, we
propose an

effective and flexible distributed scheme with two salient featu
res,

opposing to its
predecessors. By utilizing the
homomorphism

token

with distributed verification of erasure
-
coded data, our scheme

achieves the integration of storage correctness insurance and data

error
localization, i.e., the identification of misbeh
aving server(s).

Unlike most prior works, the new
scheme further supports secure

and efficient dynamic operations on data blocks, including: data

update, delete and append. Extensive security and performance

analysis shows that the proposed
scheme is highl
y efficient and

resilient against Byzantine failure, malicious data modification

attack, and even server colluding attacks.






EXISTING SYSTEM:


In contrast to traditional

solutions, where the IT services are under proper physical
,

logical and
personnel controls, Cloud Computing moves the

application software and databases to the large data
centers,

where the management of the data and services may not be

fully trustworthy. This unique
attribute, however, poses many

new security ch
allenges which have not been well understood.

In this
article, we focus on cloud data storage security, which

has always been an important aspect of quality of
service. To

ensure the correctness of users’ data in the cloud, we propose an

effective and flex
ible
distributed scheme with two salient features,

opposing to its predecessors. By utilizing the
homomorphism token

with distributed verification of erasure
-
coded data, our scheme

achieves the
integration of storage correctness insurance and data

error lo
calization, i.e., the identification of
misbehaving server(s).



PROPOSED SYSTEM
:


This System propose an effective and flexible distributed storage verification scheme with
explicit dynamic data support to ensure the correctness and availability
of users’ data in the
cloud
.


In this tool, the system rely on erasure correcting code in the file distribution preparation
to provide redundancies and guarantee the data dependability against Byzantine servers , where a
storage server may fail in arbitrar
y ways.


In this system the main scheme is to support third
-
party auditing, where users can safely
delegate the integrity checking tasks to third
-
party auditors and be worry
-
free to use the
cloud storage services
.

Analysis shows the proposed scheme is hig
hly efficient and
resilient against Byzantine failure, malicious data modification attack, and even server
colluding attacks. This System work is among the first few ones in this field to consider
distributed data storage security in Cloud Computing. O
ur contribution can be
summarized as the following three aspects:



1. Compared to many of its predecessors, which only provide binary results about the
storage status across the distributed servers, the proposed scheme achieves the
integration of

storage correctness insurance and data error localization, i.e., the
identification of misbehaving server(s).


2. Unlike most prior works for ensuring remote data integrity, the new scheme further
supports secure and efficient dynamic operations on data b
locks, including: update,
delete and append.


3. The experiment results demonstrate the proposed scheme is highly efficient.
Extensive security analysis shows our scheme is resilient a gainst Byzantine failure,
malicious data modification attack
, and even server colluding attacks.


Modules


1. Client Module:

In this module, the client sends the query to the server. Based on the query the server sends the
corresponding file to the client. Before this process, the client authorization step is invol
ved.

In
the server side, it checks the client name and its password for security process. If it is satisfied
and then received the queries form the client and search the corresponding files in the database.
Finally, find that file and send to the client. I
f the server finds the intruder means, it set the
alternative Path to those intruder.

2. System Module:

Representative network architecture for cloud data storage is illustrated in Figure 1. Three
different network entities can be identified as follows:



User:

Users, who have data to be stored in the cloud and rely on the cloud for data computation, consist
of both individual consumers and organizations.



• Cloud Service Provider (CSP):


A CSP, who has significant resources and expertise in building and m
anaging distributed cloud
storage servers, owns and operates live Cloud Computi
ng systems.

• Third Party Auditor (TPA):


An optional TPA, who has expertise and capabilities that users may not have, is trusted to assess
and expose risk of cloud storage serv
ices on behalf of the users upon request

3. Cloud data storage Module:


Cloud data storage, a user stores his data through a CSP into a set of cloud servers, which are
running in a simultaneous, the user interacts with the cloud servers via CSP to access o
r retrieve
his data. In some cases, the user may need to perform block level operations on his data. Users
should be equipped with security means so that they can make continuous correctness assurance
of their stored data even without the existence of loca
l copies. In case that user do not necessarily
have the time, feasibility or resources to monitor their data, they can delegate the tasks to an
optional trusted TPA of their respective choices. In our model, we assume that the point
-
to
-
point
communication
channels between each cloud server and the user is authenticated and reliable,
which can be achieved in practice with little overhead.

4. Cloud Authentication Server:

The Authentication Server (AS) functions as any AS would with a few additional behaviors
added to the typical client
-
authentication protocol. The first addition is the sending of the client
authentication information to the masquerading router. The AS in this model also functions as a
ticketing authority, controlling permissions on the applica
tion network. The other optional
function that should be supported by the AS is the updating of client lists, causing a reduction in
authentication time or even the removal of the client as a valid client depending upon the request
.






5.
Unauthorized dat
a modification and corruption module
:

One of the key issues is to effectively detect any unauthorized data modification and corruption,
possibly due to server compromise and/or random Byzantine failures. Besides, in the distributed
case when such inconsist
encies are successfully detected, to find which server the data error lies
in is also of great significance

6. Adversary Module
:

Security threats faced by cloud data storage can come from two different sources. On the one
hand, a CSP can be self
-
interested
, un

trusted and possibly malicious. Not only does it desire to
move data that has not been or is rarely accessed to a lower tier of storage than agreed for
monetary reasons, but it may also attempt to hide a data loss incident due to management errors,
By
zantine failures and so on.

On the other hand, there may also exist an economically motivated
adversary, who has the capability to compromise a number of cloud data storage servers in
different time intervals and subsequently is able to modify or delete us
ers’ data while remaining
undetected by CSPs for a certain period. Specifically, we consider two types of adversary with
different levels of capability in this paper:


Weak Adversary
:

The adversary is interested in corrupting the user’s data files stored o
n
individual servers. Once a server is comprised, an adversary can pollute the original data files by
modifying or introducing its own fraudulent data to prevent the original data from being
retrieved by the user.


Strong Adversary
:

This is the worst case
scenario, in which we assume that the adversary
can compromise all the storage servers so that he can intentionally modify the data files as long
as they are internally consistent. In fact, this is equivalent to the case where all servers are
colluding tog
ether to hide a data loss or corruption incident






Software and Hardware Requirement Specifications

S
OFTWARE SPECIFICATION
:




Operating System

: Windows XP



Software

: JAVA ( JDK 1.6.0)




Protocol

: TCP/IP




IDE


: Eclipse


HARDWARE SPECIFICATION:

Processor




: Pentium
-
IV

Speed





: 1.1GHz

RAM





: 512MB

Hard D
isk




: 40GB

General

: Keyboard, Monitor, Mouse