Encrypted Information with File Integrity Verification in Cloud Computing

DOI : 10.17577/IJERTV6IS050577

Download Full-Text PDF Cite this Publication

Text Only Version

Encrypted Information with File Integrity Verification in Cloud Computing

1K. Thyagarajan, 1Associate Professor, Dept. of CSE,

Sri Venkateswara College of Engg and Tech,

Chittoor,

2 V. Edwin

2(M Tech II Year Student, Dept. Of CSE, SVCET Chittoor,

Abstract – In present system, a scheme founded on attribute- centered encryption (ABE) to deduplicate encrypted knowledge stored inside the cloud and at the same time it comfortable to access and manage the information. Evaluation and implementation demonstrate that our scheme is comfortable, mighty, and effective. On this work, we gain knowledge of the most important limitation of constructing certain the integrity of data storage in Cloud Computing. To cut down the computational fee at man or woman side during the integrity verification of their know-how, the concept of public verifiability has been proposed. On the other hand, the challenge is that the computational burden is simply too giant for the customers with valuable useful resource-confined objects to compute most of the people authentication tags of file blocks. To style out the project, we suggest, a brand new cloud storage scheme involving a cloud storage server and a cloud audit server, the place the latter is concept to be semi- honest.

  1. INTRODUCTION

    Cloud computing presents a manufacturer new choice to provide choices by way of rearranging belongings over the net and supplying them to buyers on demand. It performs a predominant position in helping abilities storage, processing, and management within the Internet of Things (IoT). Various cloud supplier vendors (CSPs) present big volumes of storage to maintain and manipulate IoT knowledge, which is able to comprise movies, pix, and man or woman health files. These CSPs furnish fascinating provider homes, akin to scalability, elasticity, fault tolerance, and pay per use. Hence, cloud computing has emerge as a promising provider paradigm to support IoT services and IoT procedure deployment.

    Cloud Computing has been anticipated as the next iteration architecture of the IT organization due to the fact that of its lengthy file of unparalleled advantages: on-demand selfservice, ubiquitous neighborhood entry, vicinity-unbiased useful resource pooling, fast valuable useful resource elasticity, and usagebased pricing. In special, the ever more price-effective and additional robust processors, in conjunction with the software as a service (SaaS) computing structure, are remodeling knowledge amenities into pools of computing supplier on a huge scale. Even though having attractive benefits as a promising service platform for the web, this new advantage storage paradigm in Cloud brings many challenging issues which have profound influence on the usability, reliability, scalability, safety, and efficiency of the whole technique. Normally essentially the most-finest considerations with a ways off talents storage is that of talents integrity verification at untrusted servers. For illustration, the storage service provider may come to a determination to hide such knowledge loss incidents on the grounds that the highly complex failure from the consumers to keep a popularity. What's extra primary is that for saving money and space for storing the service supplier would deliberately discard hardly ever accessed data records which belong to a traditional buyer.

    Due to the fact the significant dimension of the outsourced digital information and the purchaser's constrained useful resource ability, the core of the trouble will also be generalized as how can the client find an robust solution to take part in periodical integrity verification without the regional reproduction of advantage records. So that you could overcome this trouble, many schemes had been proposed under distinct system and protection models [1][10]. In all these works, first-class efforts had been made to design choices that meet various requirements: high scheme effectivity, stateless verification, unbounded use of queries and retrievability of data, and so forth. In keeping with the role of the verifier in the model, the entire schemes to be had fall into two classes: confidential verifiability and public verifiability. Youngsters that reaching greater effectivity, schemes with private verifiability impose computational burden on purchasers. Nonetheless, public verifiability alleviates customers from performing numerous computation for guaranteeing the integrity of information storage.

    To be specified, customers are able to delegate a third get together to participate in the verification without devotion of their computation resources. Inside the cloud, the purchasers may crash swiftly or can't control to pay for the overload of generally large- spread integrity assessments. For this reason, it seems additional rational and sensible to equip the verification protocol with public verifiability, which is anticipated to play an extra most important position obtain better effectivity for Cloud Computing.

    In our solution, we endorse an efficient far off expertise verification scheme simultaneously aiding public verifiability and fully dynamic information operations as an extension of [27], this paper to begin with formally defines the procedure model and protection model for the cloud storage. One-of-a-kind from the prior works, the users aren't required to compute the tags for the outsourced expertise. Therefore, the computational overhead on the person facet would be very low. In precise, our building can stand up to reset assaults induced with the support of the cloud storage server inside the upload segment, and alleviate clients from performing plenty of computation for making distinctive the integrity of expertise storage.

  2. SYSTEM MODEL

    A consultant network architecture for cloud data storage is illustrated in figure 1. Three special community entities may also be identified as follows:

    Customer: An entity that has large advantage documents to be saved within the cloud and is determined by the cloud for know- how maintenance and computation, may even be either individual consumers or firms.

    Cloud Storage Server (CSS):An entity, which is managed with the help of Cloud provider provider (CSP), has

    Fig. 1: Cloud data storage architecture This fig. was extracted from ref [13].

    Massive storage space and computation useful resource to keep consumer's knowledge. The CSS is required to furnish integrity proof to the purchasers or cloud audit server for the duration of the integrity checking segment.

    Cloud Audit Server (CAS):A TPA, which has talents and capabilities that purchasers would not have, is trusted to verify and expose risk of cloud storage offerings on behalf of the consumers upon request. In this process, the cloud audit server additionally generates all of the tags of the files for the patrons before uploading to the cloud storage server.

  3. SECURITY MODEL

    H.Shacham and B.Waters proposed a security model for PoR method in [3]. Probably, the checking scheme is secure if (i) there exists no efficient algorithm that may cheat the verifier with non- negligible probability; (ii) there exist a polynomial-time extractor that can get good the customary information file with the help of assignment multiple challengesresponses. Beneath the definition of a our proposed system, the customer periodically challenges the storage server to make particular the correctness of the cloud information and the typical records will also be recovered by way of interacting with the server. The definitions of correctness and soundness was once given in [3]: the sheme is proper if the verification algorithm accepts when interacting with the respectable prover (e.G., the server returns a valid response) and it's sound if any dishonest server that convinces the patron that's storing the understanding file is surely storing that file.

  4. DESIGN GOALS

    Our design ambitions will also be summarized as the subsequent:

    1. Public verifiability: to enable anyone, now not easily the customers within the commencing saved the file, to have the potential to verify correctness of the remotely saved know-how;

    2. Low computation overhead on the client side: to add data to the cloud server at the same time as assisting verifiability, the data proprietor does not have heavy extra computation; (3) Dynamic expertise operation aid: to allow the customers to perform block- degree operations on the data files whilst preserving the identical stage of information correctness assurance; (4) Stateless verification: to put off the need for state knowledge preservation on the verifier side between audits and at some stage in the long term of understanding storage.

    That is also the elemental requirement for reaching public verifiability. In uncommon, we goal to gain higher safety against reset assaults in our building.

  5. CONSTRUCTION OF PROPOSED SCHEMES This construction was proposed by using two schemes

    (1). Public verifiability (2).Dynamic data operations

    In our scheme, both public verifiability and fully dynamic data operation are supported. We now show the definitions and parameters utilized in our development

    (pk, sk) Setup(1k). It takes as input safety parameter 1k, returns public parameters and the important thing pair of the cloud audit server.

    (F, t) add(sk, F). There are two phases in this algorithm. Within the first section, the consumer uploads its information file F to the cloud audit server, where F is an ordered assortment of blocks Mi. Within the 2d section, the file F is re-uploaded to the cloud storage server by way of the cloud audit server: it takes as input the exclusive key sk and F, and outputs the signature set which is an ordered assortment of signatures i on Mi.We denote the saved file F* = F,. It additionally outputs metadata-the foundation R of a Merkle hash tree from Mi and the signature t = sigsk(h(R)) as the tag of F*.

    Observe that the storage server shops (F*, t), however the audit server (the patron) simplest continues t as receipt.

    1/zero IntegrityVerifyP(pk, F, t) V (pk, t). That is an interactive protocol for integrity verification of a file F* with tag

    t. The cloud storage server plays the role of prover P with enter the public key pk, a saved file F and a file tag t. The cloud audit server performs the function of verifier V with enter pk and t. On the finish of the protocol, V outputs proper (1) if F* passes the integrity verification, or FALSE (0) in any other case.

    (F*, t) replaceP(pk, F*, t) V (sk, t, update). That is an interactive protocol for dynamic update of a file F* with tag t. The cloud storage server performs the position of prover P with enter the public key pk, a stored file F*, and a file tag t. The cloud audit server plays the function of verifier V with enter the confidential key sk, t, and an knowledge operation request update from the purchaser. At the end of the protocol, V outputs a file tag t of the up-to-date file F* if P offers a legitimate proof for the replace, or FALSE (0) in any other case.

  6. Performance analysis

    In this part, we will provide a thorough experimental evaluation of the development proposed. We construct our testbed via using 64-bit M2 high-memory quadruple additional big Linux servers in Amazon EC2 platform because the auditing server and storage server, and a Linux computing device with Intel(R) Core(TM)2 Duo CPU clocked at 2.40 GHz and a couple of GB of procedure memory as the person.

    So as to obtain = 80 bit protection, the high order p of the GDH team G of the bilinear mapping will have to be one hundred sixty bits in length. Word that in all of the evaluations, the corporations G and GT are chosen in one hundred sixty-bit and 512- bit size respectively. Suppose there's a four GB file with block size four KB, then it has n = 1000000 blocks and s = 25 sectors each and every block. When it's uploaded onto the storage server, the set of signatures on the file blocks most effective requires for an additional storage of 20 MB for data Integrity and verification.

    Fig. 2: Tag generation time

    This graph was extracted from ref[12]

    Within the first experiment, the computational overhead for the tag new unlock of files at the cloud audit server is evaluated. We've no longer checked the computational overhead at customers due to the fact it great needs the computation of a digital signature, which may be very small in comparison with the computation of the tags. The cause is that probably the most overhead computation has been dropped on the cloud audit server. Three one in all a type numbers of s are chosen within the experiment to show the results on the effectivity of the time price. From Fig. 2

    Fig. 3: Verification time

    This graph was extracted from ref [25]

    We will be able to see that the time rate grows when the range of s decreases. The traditional time price for file with measurement 50KB is 5s. When put next with the prior related work [12], [25], the computational overhead at customers in [12], [25] is outsourced to the cloud audit server.

    The response time on the consumer side along with the time price of importing records, tag new release on the audit server, development of Merkle-hash tree, communication cost and signature iteration. To assess the response time, the rate of importing file to the cloud audit server is validated. For file with 10MB, the natural time fee is 25s. The time price of development for the Merklehash tree is 27s for the file with size 10MB. The signature new unlock for the foundation is 3ms, to be able to also bedismissed when compared with the time cost of importing and constructing of Merkle-hash tree. Observe that the time fee of importing records can't be kept away from in any applications. Even though the tag generation fee will also be nearly the time cost of importing documents, the cloud audit server can system these tag new liberate in the direction of the file importing. As a consequence, the extra time for the response may be very small. That's ideal for the purchasers due to the fact that the time rate

    would be double on the character part if the tag is computed through the users.

    We additional overview the effectivity for verification at every cloud audit server and cloud storage server in a scalable process in Fig. Three. Certainly, because the progress of the number of s in process, the time fee for response worth at cloud storage server is developing. That's because it wants to compute all of the exponentiations for each and every block in a tag. Whereas, such fee at cloud audit server is virtually consistent (just about 650 ms) because 460 blocks are considerable for the integrity verification it isn't important what the dimension of file to be checked.

  7. CONCLUSION

This paper proposes, a brand new proof of retrievability for cloud storage, where a cozy audit server is provided to preprocess and add the information on behalf of the shoppers. On this, the computation overhead for tag new release on the patron side is reduced vastly. The cloud audit server additionally performs the information integrity verification or updating the outsourced information upon the clients request. Apart from, we construct yet one other new proposed scheme confirmed secure beneath a proposed mannequin with improved security in opposition to reset assault within the upload segment. The scheme moreover helps public verifiability and dynamic expertise operation simultaneously.

There are several fascinting problems to do alongside this gain knowledge of line. For example, we are able to (1) minimize the believe on the cloud audit server for added normal purposes, (2) make stronger the defense model in the direction of reset assaults within the data integrity verification protocol, and (three) in finding further amazing constructions requiring for less storage and verbal alternate fee. We leave the study of these disorders as our future work.

REFERENCES

  1. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner,Z. Peterson, and D. Song, Provable data possession at untrusted stores, in CCS 07: Proceedings of the 14th ACM conference onComputer and communications security. New York, NY, USA:ACM, 2007, pp. 598609.

  2. A. Juels and B. S. K. Jr., Pors: proofs of retrievability for largefiles, in CCS 07: Proceedings of the 14th ACM conference on Computer and communications security. New York, NY, USA:ACM, 2007, pp. 584597.

  3. H. Shacham and B. Waters, Compact proofs of retrievability,in ASIACRYPT 08: Proceedings of the 14th InternationalConference on the Theory and Application of Cryptology andInformation Security. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 90107.

  4. K. D. Bowers, A. Juels, and A. Oprea, Proofs of retrievability:theory and implementation, in Proceedings of CCSW 2009.ACM, 2009, pp. 4354.

  5. M. Naor and G. N. Rothblum, The complexity of onlinememory checking, J. ACM, vol. 56, no. 1, pp. 2:1 2:46, Feb.2009. [Online]. Available: http://doi.acm.org/10.1145/1462153.1462155

  6. E.-C. Chang and J. Xu, Remote integrity check with dishoneststorage server, in Proceedings of ESORICS 2008, volume 5283of LNCS. Springer-Verlag, 2008, pp. 223237.

  7. M. A. Shah, R. Swaminathan, and M. Baker, Privacy- preservingaudit and extraction of digital contents, Cryptology ePrintArchive, Report 2008/186, 2008, http://eprint.iacr.org/.

  8. A. Oprea, M. K. Reiter, and K. Yang, Space-efficient blockstorage integrity, in In Proc. of NDSS 2005, 2005.

  9. T. S. J. Schwarz and E. L. Miller, Store, forget, and check: Usingalgebraic signatures to check remotely administered storage,in ICDCS 06: Proceedings of the 26th IEEE InternationalConference on Distributed Computing Systems. Washington,DC, USA: IEEE Computer Society, 2006.

  10. Q. Wang, K. Ren, S. Yu, and W. Lou, Dependableand secure sensor data storage with dynamic integrityassurance, ACM Transactions on Sensor Networks, vol. 8,no. 1, pp. 9:19:24, Aug. 2011. [Online]. Available: http:

    //doi.acm.org/10.1145/1993042.1993051

  11. L. V. M. Giuseppe Ateniese, Roberto Di Pietro and G. Tsudik,Scalable and efficient provable data possession, in InternationalConference on Security and Privacy in Communication Networks(SecureComm 2008), 2008.

  12. C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy- preservingpublic auditing for data storage security in cloud computing, in INFOCOM, 2010, pp. 525533.

  13. Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu, and S. S. Yau,Dynamic audit services for integrity verification of outsourcedstorages in clouds, in SAC, 2011, pp. 1550 1557.

  14. Q. Zheng and S. Xu, Fair and dynamic proofs of retrievability,in CODASPY, 2011, pp. 237248.

  15. J. Li, X. Chen, J. Li, C. Jia, J. Ma, and W. Lou, Fine- grainedaccess control system based on attribute-based encryption, ESORICS,2013.

  16. J. Li and K. Kim, Hidden attribute-based signatures withoutanonymity revocation, Information Sciences, vol. 180, no. 9, pp.16811689, 2010.

  17. J. Li, C. Jia, J. Li, and X. Chen, Outsourcing encryption ofattribute-based encryption with mapreduce, ICICS, 2012.

  18. X. Chen, J. Li, J. Ma, Q. Tang, and W. Lou, New algorithms ofoutsourcing modular exponentiations, ESORICS, pp. 541556,2012.

  19. Y. Zhu, H. Hu, G.-J. Ahn, and M. Yu, Cooperative provable datapossession for integrity verification in multicloud storage, IEEETrans. Parallel Distrib. Syst., vol. 23, no. 12, pp. 22312244,2012.

  20. H. Xiong, X. Zhang, D. Yao, X. Wu, and Y. Wen, Towards endto-end secure content storage and delivery with public cloud, inCODASPY, 2012, pp. 257266.

  21. Q. Zheng and S. Xu, Secure and efficient proof of storage withdeduplication, in CODASPY, 2012, pp. 112.

  22. C. Wang, Q. Wang, and K. Ren, Ensuring data storage securityin cloud computing, in Proceedings of IWQoS 2009, Charleston,South Carolina, USA, 2009.

  23. C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, Dynamicprovable data possession, Cryptology ePrint Archive,Report 2008/432, 2008, http://eprint.iacr.org/.

  24. X. Lei, X. Liao, T. Huang, H. Li, and C. Hu, Outsourcinglarge matrix inversion computation to a public cloud,, in IEEETransactions on Cloud Computing, 2013, pp. vol. 1, no. 1.

  25. Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling publicverifiability and data dynamics for storage security in cloudcomputing, in ESORICS, 2009, pp. 355370.

  26. H. Li, B. Wang, and B. Li, Oruta: Privacy-preserving publicauditing for shared data in the cloud, in IEEE Transactions onCloud Computing, 2014, pp. vol. 2, no. 1, 4356.

  27. J. Li, X. Tan, X. Chen, and D. S. Wong, An efficient proof ofretrievability with public auditing in cloud computing, in INCoS,2013, pp. 9398.

  28. D. Boneh and C. Gentry, Aggregate and verifiably encryptedsignatures from bilinear maps, in Proceedings of Eurocrypt 2003, volume 2656 of LNCS. Springer-Verlag, 2003, pp. 416432.

  29. D. Boneh, B. Lynn, and H. Shacham, Short signatures fromthe weil pairing, in ASIACRYPT 01: Proceedings of the 7thInternational Conference on the Theory and Application ofCryptology and Information Security. London, UK: Springer-Verlag, 2001, pp. 514532.

  30. R. C. Merkle, Protocols for public key cryptosystems, inProceedings of IEEE Symposium on Security and Privacy 1980.IEEE, 1980, pp. 122133.

  31. Z. Liu, Y. Hu, X. Zhang, and H. Ma, Provably secure multiproxysignature scheme with revocation in the standard model,Computer Communications, vol. 34, no. 3, pp. 494 501, 2011.

  32. T. Malkin, S. Obana, and M. Yung, The hierarchy of keyevolving signatures and a characterization of proxy signatures, inProceedings of Eurocrypt 2004, volume 3027 of LNCS. Springer-Verlag, 2004, pp. 306322.

  33. J. C. Schuldt, K. Matsuura, and K. G. Paterson, Proxy signaturessecure against proxy key exposure, in Proceedings of PKC 2008,volume 4939 of LNCS. Springer- Verlag, 2008, pp. 141161.

Leave a Reply