International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.4 (2015) pp. 2875-2878 © Research India Publications; http://www.ripublication.com/ijaer.htm
Study On Cloud Based Remote Access Control Using Enhanced Push/Pull Technology 1
S.Arunkumar, 2B.Bharathan, 3Dinesh Khattri Chettri, 4M.Narayanan 123 UG Student, 4 IEEE Member, Assistant Professor Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha University, Thandalam, Chennai, Tamil Nadu E-Mail:
[email protected],
[email protected],
[email protected] ,
[email protected] Abstract: Cloud computing is a subscription-based service where the networked storage space and computer resources can be obtained. Cost efficiently, cloud compute facilitates the pattern of data service outsourcing. But, sensitive cloud data have to be encrypted prior to outsourcing it to the commercial public cloud, in order to safeguard data privacy and make effective data usage. The difficulty of efficacious protected ranked keyword search over encrypted cloud data is done in the proposed system. The system applicability is highly improved by the ranked keyword search which returns the corresponding files in a categorized order. In Cloud Computing, the implementation of privacy-preserving data hosting services is made one step closer as the files are matched according to certain criteria. So by retaining keyword privacy, the resulting design is capable to allow efficient server-side ranking. In the proposed system, the querying process over the cloud computing infrastructure (IAAS) using secured and encrypted data access and ranking is performed for the getting better results. Keywords: Ranked Keyword Search, confidential data, Searchable Encryption, Cloud Computing.
The other hand, such ranking system must support several/numerous keywords search in order to enhance search result accuracy as well as improve user searching experience. This is because a lone keyword search frequently produces very rough result. To recover the most appropriate data, a general practice indicated by Google search, the data users may be inclined to give a set of keywords rather than just one as a sign of their search interest. Few recent designs have been proposed to support Boolean keyword search as an attempt to enhance the search feasibility. But it is still not enough to allow users with appropriate result ranking practicability and solves the secure ranked search over encrypted data with support of only single keyword query. The rest of the paper is organized as follows. In the second section, we present some of the related work in this direction. The third Section describes the system architecture for multi-keyword search. In fourth section, the details about the proposed systems are discussed. The fifth section outlines the future work and concludes the paper.
Related Work Introduction Cloud Computing enables cloud customers to store their data into the cloud and provides an on-demand supreme applications and services from a shared pool of configurable computing resources. The benefits brought by this new computing model include but are not limited to: relief of the burden for storage management, comprehensive data access not dependent on geographical positions, capital outlay/spending on hardware can be avoided, software, and personnel maintenances, etc. To protect data privacy, sensitive data has to be enciphered prior to outsourcing in order to give data confidentiality guarantee to both extremities in the cloud and more. Thereby, exploring privacy-preserving and effective search service over encrypted cloud data is of paramount importance. Data owners may share their data with large number of on-demand data users and huge amount of outsourced data documents in cloud, this problem is particularly challenging as it is extremely difficult to meet also the requirements of performance, system usability and scalability. And in lieu of returning undifferentiated result, substantial amount of documents call on to cloud server to bring about result relevance ranking so as to meet the effective data retrieval need. Such system allows data users to quickly find the most appropriate information. Further, by sending back just the most appropriate data, the ranked search can remove the non essential network traffic.
The evolution of cloud computing is one of the major advances in the technologies which represent cloud computing: Platform-as-a-service (PaaS), Software -as-a-Service (SaaS) and Infrastructure -as-a-Service (IaaS). Public key encryption [8] deals with the privacy of database data. There are two different scenarios: public databases and private databases. Private databases: A user wishes to upload its private data to a remote database and wishes to keep the data private from the remote database administrator. An additional privacy requirement is to hide any information from the database administrator regarding the access pattern, i.e. if some item was retrieved more than once, some item was not retrieved. The database data is public (such as stock quotes) but the user is unaware of it and wishes to retrieve some data-item or search for some data-item, without revealing to the database administrator which item it is. All keyword searches are based on this index; hence our scheme does not order full pattern-matching generality with the actual text. In practice, this should be sufficient for most users. It is worth noting that this framework can have complete control over what words are keywords that can be useful for many applications. In Confidentiality-Preserving Rank-Ordered Search, when an authorized user remotely accesses the data to search and retrieve desired documents, the large size of the collections often makes it infeasible to ship all encrypted data to the user’s side, and then perform decryption and search on the user’s
Innternational Joournal of Appliied Engineeringg Research, ISSN 0973-45622 Vol. 10 No.4 (2015) http://www.ripublication.ccom/ijaer.htm © Reseearch India Pubblications;
Sysstem Architeecture
The search h index is creaated using a seecret key basedd trapdoor generationn function wheere the secret keys k are only known k by the data owner. The eencryption meethod can hanndle large document size efficientlyy. Data owneer can upload aany text files on o to the serverr; the main server willl verify the inddex information n present in it and a diverts the query y to the correesponding clooud servers. The T main keywords are extracted aand the unwantted words are ffiltered by stemming process. Thhe file namess are updated in the ding cloud servvers. The queryy of the user is encrypted correspond using RSA A algorithm; thhis encryption process will prevent the data theft from f the hackeers. The files arre retrieved to the t user as the index data of all the files are mainttained in the inndex of the main cloud server. Upon receeiving data, clooud server is responsible r to search s the index and return the corrresponding set of encrypted documents. To improvve document retrieval accuraacy, search result should be rankedd by cloud servver according to t some rankinng criteria (e.g., coo ordinate matchhing, as will be introducedd shortly). Moreover, to reduce com mmunication cost, c data user may send an optionaal number so thhat cloud serveer only sends back b top-k documents that are mostt relevant to thee search query.. u wants to perform a keeyword searchh, he first When a user connects to the data owner o and seearch for dataa without t data ownerr. The user revealing the keyword innformation to the generates the query andd submits it to the server. In return, he m for thee matched docu uments in a rannk ordered receives metadata manner. d data he choooses after Then the user retrieves the encrypted analyzing the metadata thhat basically co onveys a relevancy level d of the eachh matched docuument, where thhe number of documents returned iss specified by tthe user. Finallly, the user inteeracts with the data owner o in order to decrypt thee documents annd get the correspond ding plaintext.. This is the prrocess of multii-keyword search architecture.
The overview of thhe proposed sysstem is illustratted in Fig.1. We W assu ume that the parrties are semi-h honest and do not n collude witth each h other to bypass the security measures.
Proposeed System
trustted computers. Therefore, new n techniquess are needed to t encrrypt and organiize the data coollections in a way w as to allow w the data centre to o perform efficient search in an encrypteed main [4]. dom Ordeer-Preserving Symmetric Encryption (OPSE), is i deterrministic encrryption schemee whose encryyption functioon preserves numericcal ordering off the plaintextts. OPSE is thhe form m of one-part codes, c which are a lists of plaaintexts and thhe correesponding ciphher texts, both h of which are arranged in aan alph habetical or num merical order so o that a single copy c is requireed for efficient e encrypption and decryyption [5]. OPS SE not only alllows efficient range r queries, but also allow ws indeexing and queery processingg to be done exactly and iis efficcient for unenccrypted data. Data D owner hass a collection oof the data d files and th hey outsource the data on to the t cloud serveer in an n encrypted forrm for the effecctive utilizationn of the data [1]. To do d so, before outsourcing, data d owner will w first build a secuure searchable index from a set of disstinct keywordds extraacted from the file collectionn, and store botth the index annd the encrypted e file collection on to t the cloud seerver. To searcch the file collectionn for a given keyword, an authorized useer mits a search reequest in a secrret form. geneerates and subm An authorized a useer remotely accesses the data to search annd retrieve the desired d documents, which w often maakes it infeasiblle m to shhip all encrypted data to the user’s side, annd then perform decrryption and search s on thee user’s trustted computerrs. Therrefore, new tecchniques are neeeded to encryypt and organizze the data d collectionss in such a wayy so as to allow w the data centrre to perform p efficieent search in encrypted do omain [6]. Thhe requuirements of balancing b priv vacy and conffidentiality witth efficciency and acccuracy pose significant s challenges to thhe desig gn of search scchemes for a nuumber of searcch scenarios.
The data owner up ploads these seearch index filles to the serveer e docu uments. togeether with the encrypted
Fig.1. Multi--keyword Rankked Search Arcchitecture
Cloud ownners publish ceertain files and they are encryypted so as to maintaiin privacy. Thee server can hoold certain keyw words and the proceess can be peerformed whenn any user accesses a a particular data or file. This can be done based on ranking process. The T scheme is shown s as follow ws. S Setup: Data ow wner randomlyy generates a sset of files on to the cloud. c B Build Index: The T cloud can be b of index serrver which holds information about the servers. T Trapdoor: Thiis can be prevventing variouss attackers from accessing private fi files using encryyption techniqques. Q Query: This caan be given by y the users to search for any particuular file or infoormation O aand Stemming A. Cloud Organization Cloud serrvers are consstructed with the t files and the index informatioon are maintainned in the main n cloud serverr. Query is given to th he main cloudd server, so thaat the main clooud server will verify y the index information pressent in it and divert the query to th he correspondiing cloud serveers. The wordss in the files aree extracted to filter f the unwannted words using word stemmer algoorithm. The keeywords are paassed on to
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.4 (2015) © Research India Publications; http://www.ripublication.com/ijaer.htm the cloud. The file names are updated in the corresponding cloud servers. The index server is the main server which holds all the information of the corresponding servers. Cloud server intentionally wants to do so for saving cost when handling large number of search requests, or there may be software bugs, or internal/external attacks. Thus, enabling a search result authentication mechanism that can detect such unexpected behavior of cloud server is also of practical interest and worth further investigation. B. Encryption Technique The query of the user is encrypted using RSA algorithm; this encryption process will prevent the data theft from the hackers. Data security is ensured using RSA encryption. RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. The encrypted scores are the only additional information that the adversary can utilize against the security guarantee, i.e., keyword privacy and file confidentiality. Cloud server acts in an honest fashion and correctly follows the designated protocol specification. However, it is curious to infer and analyze data (including index) in its storage and message flows received during the protocol so as to learn additional information. Due to the security strength of the file encryption scheme, the file content is clearly well protected. Thus, we only need to focus on keyword privacy. Both for signing and encryption, it is the first algorithm considered to be appropriate. Also, it is one of the foremost developments in public key cryptography. Mostly in electronic commerce protocols, RSA is commonly utilized. And given sufficiently long keys and the utilization of state-of-the-art implementations, it is considered to be secure. 4.3 Ranking and Best File Identification Ranking the best file is done by calculating the ratio between the frequency and the total number of keywords. The value is calculated and compared with the rest of the values. The maximum valued files are ranked in order. The files are retrieved to the user as the index data of all the files are maintained in the index of the main cloud. The ranking is done on the user side, which may bring in huge computation and post processing overhead. Moreover, sending back all the files consumes large undesirable bandwidth. The best file identification is achieved using Top k query process. Further, the search query is accounted as a binary vector wherein each bit means whether similar keyword occurs in this search request. Therefore, the comparability could be precisely measured by inner product of query vector with data vector. However, directly outsourcing data vector or query vector will violate index privacy or search privacy. The maximum ranked values are obtained using term frequency calculation. The files are kept in the ascending order. The best files are given as output to the main cloud server. The main cloud server retrieves top files and given as output to the user. 4.4 Security Analysis Only if accurate defensive implementations are established, the cloud security architecture is effective. Problems that will occur with security management must be identified by efficient cloud security architecture. These problems are addressed by the security management with security controls. In order to protect any flaws in the system and decrease the influence of an attack, these controls are established. The cloud server should not learn the plaintext of either the data
files or the searched keywords. The new scheme embeds the encrypted relevance scores in the searchable index in addition to file ID. Thus, the encrypted scores are the only additional information that the adversary can utilize against the security guarantee, i.e., keyword privacy and file confidentiality. Due to the security strength of the file encryption scheme, the file content is clearly well protected. The user gets the ranked results without letting cloud server learn any additional information more than the access pattern and search pattern. To enable ranked search for effective utilization of outsourced cloud data under the above mentioned model, the system design should simultaneously achieve security and performance guarantees as follows. Multi-keyword Ranked Search: To design search schemes which allow multi-keyword query and provide result similarity ranking for effective data retrieval, instead of returning undifferentiated results. Privacy-Preserving: To prevent cloud server from learning additional information from dataset and index, and to meet privacy requirements. Efficiency: Above goals on functionality and privacy should be achieved with low communication and computation overhead.
Conclusion The problem of solving efficient ranked keyword search is to achieve the effective utilization of remotely stored encrypted data in Cloud Computing. A basic scheme shows that by following the same existing searchable encryption framework, it is very inefficient to achieve ranked search. This appropriately weaken the security guarantee, resort to the newly developed encrypted algorithms, which allows the efficiency in cloud. Investigations of privacy and efficiency assurance of proposed method is mentioned and experiments on the real-world dataset show how our proposed schemes introduce low overhead on both computation and communication. It is a secure and privacy preserving, while correctly realizing the goal of ranked keyword search. There are possible improvements and undergoing efforts that will appear in the future work. Firstly, the user side of proposed system will be implemented on mobile devices running Android and iOS operating systems since the potential application scenario envisions that users access the data anywhere and anytime. Secondly, the proposed method will be tested on a real dataset in order to compare the performance of our ranking method with the ranking methods used in plain datasets that do not involve any security or privacy-preserving techniques.
References [1]. W. Lee, A. Cinzia Squicciarini, and E. Bertino,“The Design and Evaluation of Accountable Grid Computing System,”Proc. 29th IEEE Int’l Conf. Distributed Computing Systems (ICDCS ’09), pp. 145-154, 2009. [2]. R. Kailar, “Accountability in Electronic Commerce Protocols,”IEEE Trans. Software Eng., vol. 22, no. 5, pp. 313-328, May 1996.
2877
International Journal of Applied Engineering Research, ISSN 0973-4562 Vol. 10 No.4 (2015) © Research India Publications; http://www.ripublication.com/ijaer.htm [3]. OASIS Security Services Technical Committee, “Security Assertion Markup Language (saml) 2.0,” http://www.oasis-open.org/committees/tc home.php?wg abbrev=security, 2012. [4]. D. Boneh and M.K. Franklin, “Identity-Based Encryption from theWeil Pairing,” Proc. Int’l Cryptology Conf. Advances in Cryptology,pp. 213-229, 2001. [5]. R. Bose and J. Frew, “Lineage Retrieval for Scientific Data Processing: A Survey,” ACM Computing Surveys, vol. 37, pp. 1-28, Mar. 2005. [6]. P. Buneman, A. Chapman, and J. Cheney, “Provenance Management in Curated Databases,” Proc. ACM SIGMOD Int’l Conf.Management of Data (SIGMOD ’06), pp. 539-550, 2006. [7]. B. Chun and A.C. Bavier, “Decentralized Trust Management and Accountability in Federated Systems,” Proc. Ann. Hawaii Int’l Conf.System Sciences (HICSS), 2004.
2878
