Multi Copy Data Possession and Integrity Techniques in Cloud ...

International Journal of Trend in Research and Development, Volume 3(4), ISSN: 2394-9333 www.ijtrd.com

Multi Copy Data Possession and Integrity Techniques in Cloud Computing 1

Sithara A Satish and 2Shashirekha H, M.Tech student, 2Assistant Professor 1,2 Computer Science and Engineering Department, Visvesvaraya Technological University PG Centre, Mysuru, India 1

Abstract—More organizations are opted for outsourcing their data to remote cloud service providers. Customers tend to rent the CSPs to store and retrieve almost unlimited amount of data by paying fees metered in gigabyte/month. To increase the level of scalability, availability, and durability, some customers may want their data to be replicated on multiple servers across multiple data centers. The more copies the CSP is asked to store, the more fees the customers are charged. Therefore, customers need to have a strong guarantee that the CSP is storing all data copies that are agreed upon in the service contract, and all these copies are consistent with the most recent modifications issued by the customers. For this various integrity checking techniques for cloud data storage have been proposed. In this paper, we propose multicopy dynamic data possession scheme that has the following features: 1) it provides an evidence to the customers that the CSP is not cheating by storing fewer copies; 2) it supports outsourcing of dynamic data, i.e., it supports block-level operations, such as block modification, insertion, deletion, and append; and 3) it allows authorized users to seamlessly access the file copies stored by the CSP. Keywords—Cloud Data Storage, Integrity Checking, Dynamic Environment, Data Duplication, Outsourcing Data Storage I. INTRODUCTION Outsourcing of data to a remote cloud service provider (CSP) allows organizations to store more data on the CSP. Such outsourcing of data enables organizations to concentrate on innovations. Thus relieves the burden of constant server updates and other computing issues. The outsourced data to a remote CSP which may not be trustworthy, the data owners lose direct control over their sensitive data. This lack of control raises new challenging tasks related to data confidentiality and integrity in cloud computing. The confidentiality issue can be handled by encrypting sensitive data before outsourcing to remote servers. As such, it is a crucial demand of customers to have strong evidence that the cloud servers still possess their data and it is not being tampered with or partially deleted over time. Many researchers have focused on the problem of integrity and proposed different schemes to audit the data stored on remote servers. PDP is a method for authenticating data integrity over remote servers. In a typical PDP model, the data owners produce some metadata for a data file to be used later for verification purposes through a challenge-response protocol with the remote/cloud server. The owner sends the file to be stored on a remote server which may be untrusted, and erases the local copy of the file. One of the core design ethics of outsourcing data is to provide dynamic behavior of data for a variety of applications. This means that the slightly stored data can be not only accessed by the authorized users, but also efficient and scaled Examples of PDP constructions that deal with dynamic data. The final are how-ever for a single copy of the data file. PDP method has been obtainable for multiple copies of static IJTRD | Jul-Aug 2016 Available [email protected]

data. PDP system directly deals with multiple copies of dynamic data. When proving multiple data copies, generally system integrity check fails if there is one or more corrupted copies were present. To deal with this issue and recognize which copies have been corrupted, a slight modification has been applied to the proposed scheme. II SYSTEM ARCHITECTURE The cloud computing storage model measured in this work includes three main components as illustrated in Fig. 1: 1. 2.

3.

A data owner that can be an organization initially possessing confidential data to be stored in the cloud. A CSP who handles cloud servers (CSs) and offers paid storage space on its infrastructure to store the owner’s files. Authorized users — a set of owner’s clients who have the right to access the remote data.

The storage model used in this work can be assumed by much practical requests. For example, e-Health applications can be predicted by this model where the patients’ database that includes large and confidential information can be stored on the cloud servers. In these types of applications, the e-Health organization can be measured as the data owner, and the physicians as the approved users who have the right to access the patients’ medical history. Many other practical applications like financial, scientific, and educational applications can be observed in similar settings.

Figure 1: System Architecture III RELATED WORK Our contributions can be review as follows: We propose a map-based provable multi-copy dynamic data possession (MB-PMDDP) method. This method provides an sufficient guarantee that the CSP stores all copies that are agreed upon in the service contract. Additionally, the method supports outsourcing of dynamic data, i.e., it supports blocklevel functions such as block alteration, insertion, removal, and append. The certified users, who have the right to access the owner’s file, can effortlessly access the copies received from the CSP. 350

International Journal of Trend in Research and Development, Volume 3(4), ISSN: 2394-9333 www.ijtrd.com A thorough comparison of MB-PMDDP with a reference scheme, which one can obtain by expanding existing PDP models for dynamic single-copy data. iii)We show the security of our system against colluding servers, and talk about a slight alteration of the proposed scheme to identify corrupted copies. comment 1: Proof of retrievability (POR) is a balancing approach to PDP, and is stronger than PDP in the sense that the verifier can rebuild the entire file from answers that are consistently transmitted from the server. This is due to encoding of the data file, for example using erasure codes, before outsourcing to remote servers. In this work, we do not instruct the data to be outsourced for the following reasons. Primarily, we are dealing with dynamic data, and therefore if the data file is encoded before outsourcing, modifying a portion of the file needs re-encoding the data file which may not be suitable in practical applications due to high calculation transparency. Secondly, we are allowing for economicallymotivated CSPs that may challenge to use less storage than essential by the service agreement through deletion of a few copies of the file. The CSPs have approximately no economic benefit by removing only a small portion of a copy of the file. Thirdly, and more significantly, unlike removal codes, duplicating data files transversely multiple servers attains scalability which is a basic client constraint in CC systems. A file that is duplicated and stored deliberately on multiple servers situated at various geographic locations – can help decrease access time and communication cost for users. In addition, a server’s copy can be rebuilt even from a whole damage using duplicated copies on other servers. IV APPROACHES TO CHECK DATA INTEGRITY Approch to check Data Integrity: Once the data has to be outsourced, there are few steps for the establishment of Integrity check which can be later used for verification of data integrity. 1.

Pre-Processing: In this step metadata is generated. For verification, the client need something be compared with. Hence metadata is used for this purpose. There are several technique by which metadata can be generated. After that metadata is encrypted so that adversary cannot read it in its original form.

2.

Integrity Establishment: In this step metadata is either stored on local machine. It is based on the method used for metadata generation. These metadata are usually embedded along with the original file.

3.

Upload: File is uploaded to the storage server.

4.

Verification: The client or TPA requests the required parameters and metadata for the integrity check of the requested file from the server. Server responds with requested data to the client or the TPA. The verifier either compares with locally stored copy of metadata or recomputes the metadata and compares with the received one. If both matches then file are considered to be correct otherwise it is considered as tampered illegally.

A. Methods to check Data Integrity Provable Data Possesion (PDP): In this client pre-computes tags for each block of a file. Then it stores the file and its tags in a server. Later the client can verify that the server possesses the file by generating a random challenge against a randomly selected set of file blocks. Using the queried blocks and their corresponding tags, the server generates a proof of possession.

IJTRD | Jul-Aug 2016 Available [email protected]

The client is thus convinced of data possession, without actually having to retrieve file blocks. Proof of Retrievability (PoR): This is another scheme where first file is divided into blocks and then encoded with error correcting codes. Then check blocks called sentinels are embedded for each block. Encryption is performed to make check blocks indistinguishable from other file blocks. The verifier challenges the prover by specifying the positions of a collection of sentinels. The prover returns the respective sentinels. If prover has modified or deleted a substantial portion of file, then it will have also suppressed a number of sentinels. MD5 based: This method is based on MD5 function. In this method first file is read and compressed. This compressed content is input to the MD5 function which generates the message digest. This Message digest is encrypted and appended with the original file content within pre defined tag. For verification, file is read back. File is compressed for both matches then file is intact otherwise it is tampered. Encryption Algorithm: In this method, proposed system is consisting of three entities. A trusted third party called cloud broker, clients and cloud service provider. In this broker acts as interface between cloud data storage server and client. Request handling and integrity checking is performed by this entity. Here, Client inputs a file. At broker side a partitioner partitions the file based on the storage available. Tag generator module generates the tag for each segments. Hash values for each segment is calculated and stored in database. Database manager stores all relevant and required values in database. For verification, verifier retrieves all encrypted segments from the storage and calculates the hash of all segments. These values are compared with respective segment's hash value stored in database. If hash of all segments matches than file is intact otherwise tampered. Generate Encrypt and Append Metadata: This method is based on XOR operation. First the file is divided into blocks. Size of metadata is fixed. For each of the block, bits are selected from various positions. Generation of these positions is done using a function g which takes the parameter as block no and 1 to size of metadata. Another function h is used to generate random byte sequence which is then XORed with values located at the positions generated by the function g. This XORed values are used as encrypted metadata and appended to the end of file. File is then uploaded. For Verification, Let the client wants to verify the integrity of ith block. It sends the block no and the bit no generated by function g. Client also specifies the position at which the metadata for the block is appended. Server responds with specified metadata and the corresponding bit. At client side decryption is performed to generate the data which is then compared with bit sent by the server. Any mismatch shows the loss of integrity. RSA based:In this, method specified is based on the RSA algorithm which makes use of large prime numbers. It has four phases KeyGen , SigGen, GenProof, VerifyProof 1.

2. 3. 4.

KeyGen: Public key and private keys are generated. File is encrypted using the key. Then file is divided into blocks. For each of the block authenticators are generated. SigGen: Generates verification metadata. This function generates the authenticator for each of the block of file. GenProof: Run by cloud server to generate a proof of data storage correctness VerifyProof: Run by the TPA to verify the proof from the cloud server 351

International Journal of Trend in Research and Development, Volume 3(4), ISSN: 2394-9333 www.ijtrd.com CONCLUSION

References

Organizations opt for outsourcing of data to remote cloud service providers. Clients can store unlimited amount of data as per the fees paid for the CSPs. Once the data stored in cloud, clients tend to lose direct access of their data. This lack of control raises new challenging tasks like the Confidentiality and the Integrity protection in cloud. Issue related to Confidentiality can be handled by encrypting the data before outsourcing it to remote servers. In this work we have considered the difficulty of creating multiple copies of dynamic data file and confirm those copies stored on untrusted cloud servers. We have proposed a new PDP scheme (referred to as MB-PMDDP), which supports outsourcing of multi-copy dynamic data, where the data owner is skilled of not only archiving and accessing the data copies stored by the CSP, but also updating and scaling these copies on the remote servers. The proposed scheme is the first to address multiple copies of dynamic data.

[1] Amazon.com, ―Amazon s3 Availability Event: July 20, 2008,‖ July 2008. http://status.aws.amazon.com/s320080720.html [2] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, ―Provable Data Possession at Untrusted Stores,‖ Proc. 14th ACM Conf. Computer and Comm. Security (CCS ’07), pp. 598-609, 2007. [3] Sanchika Gupta,Anjani Srdan, Padam kumar,Ajit Abraham,‖A Secure and Lightweight Approach for Critical Data Security in Cloud‖ in Proc.CASoN-IEEE Jan 2012 [4] Sanchika Gupta,Anjani Srdan, Padam kumar,Ajit Abraham,‖A Secure and Lightweight Approach for Critical Data Security in Cloud‖ in Proc.CASoN-IEEE Jan 2012 [5] Sravan Kumar R, Ashutosh Saxena, ―Data Integrity Proofs in Cloud Storage,‖ in Proc. Comsnets-Ieee [6] Wenjun Luo, Guojing Bai,‖Ensuring The Data Integrity in Cloud Data Storage ‖ in Proc. CCIS-IEEE Jan 2011 [7] Ayad F. Barsoum and M. Anwar Hasan, ―Provable Multicopy Dynamic Data Possessionin Cloud Computing Systems‖, Ieee Transactions On Information Forensics And Security, Vol. 10, No. 3, March 2015.

The communication between the authorized users and the CSP is measured in our system, where the authorized users can effortlessly access a data copy received from the CSP using a single secret key shared with the data owner. Furthermore, the proposed scheme supports public verifiability, allows arbitrary number of auditing, and allows possession-free verification where the verifier has the capability to verify the data integrity even though they neither possesses nor retrieves the file blocks from the server.

IJTRD | Jul-Aug 2016 Available [email protected]

352