IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105

International Journal of Research in Information Technology (IJRIT)

www.ijrit.com

ISSN 2001-5569

An Approach For Integrity Verification In Multi Cloud Storage Using CPDP Vinitha Varghese Department of Computer Science and Engineering Malabar College of Engineering and Technology Thrissur, Kerala, India [email protected] Abstract— Provable data possession (PDP) is a technique for ensuring the integrity of data in storage outsourcing. In this paper, we address the construction of an efficient PDP scheme for distributed cloud storage to support the scalability of service and data migration, in which we consider the existence of multiple cloud service providers to cooperatively store and maintain the clients’ data. We present a Cooperative PDP (CPDP) scheme based on homomorphic verifiable response and hash index hierarchy. We prove the security of our scheme based on multi-prover zero-knowledge proof system, which can satisfy completeness, knowledge soundness, and zero-knowledge properties. In addition, we articulate performance optimization mechanisms for our scheme, and in particular present an efficient method for selecting optimal parameter values to minimize the computation costs of clients and storage service providers. Our experiments show that our solution introduces lower computation and communication overheads in comparison with non-cooperative approaches. Provable data possession (PDP) (or proofs of retrevability (POR)) is such a probabilistic proof technique for a storage provider to prove the integrity and ownership of clients’ data without downloading data. The proof-checking without downloading makes it especially important for largesize files and folders (typically including many clients’ files) to check whether these data have been tampered with or deleted without downloading the latest version of data. Thus, it is able to replace traditional hash and signature functions in storage outsourcing.

Index Terms- Storage Security, Provable Data Possession, Interactive Protocol, Zero-knowledge, Multiple Cloud, Cooperative.

I. INTRODUCTION In recent years, cloud storage service has become a faster profit growth point by providing a comparably low-cost, scalable, position-independent platform for clients’ data. Since cloud computing environment is constructed based on open architectures and interfaces, it has the capability to incorporate multiple internal and/or external cloud services together to provide high interoperability. We call such a distributed cloud environment as a multi-Cloud (or hybrid cloud). Often, by using virtual infrastructure management (VIM) , a multi-cloud allows clients to easily access his/her resources remotely through interfaces such as Web services provided by Amazon EC2. There exist various tools and technologies for multi-cloud, such as Platform VM Orchestrator, VMware vSphere, and Ovirt. These tools help cloud providers construct a distributed cloud storage platform (DCSP) for managing clients’ data. However, if such an important platform is vulnerable to security attacks, it would bring irretrievable losses to the clients. For example, the confidential data in an enterprise may be illegally accessed through a remote interface provided by a multi-cloud, or relevant data and archives may be lost or tampered with when they are stored into an uncertain storage pool outside the enterprise. Therefore, it is indispensable for cloud service providers to provide security techniques for managing their storage services.

Vinitha Varghese, IJRIT

100

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105

Provable data possession (PDP) (or proofs of retrievability (POR)) is such a probabilistic proof technique for a storage provider to prove the integrity and ownership of clients’ data without downloading data. The proof-checking without downloading makes it especially important for large-size files and folders (typically including many clients’ files) to check whether these data have been tampered with or deleted without downloading the latest version of data. Thus, it is able to replace traditional hash and signature functions in storage outsourcing. Various PDP schemes have been recently proposed, such as Scalable PDP and Dynamic PDP. However, these schemes mainly focus on PDP issues at untrusted servers in a single cloud storage provider and are not suitable for a multi-cloud environment.

II. PROBLEM DEFENITION We would extend our work to explore more effective CPDP constructions. As part of our work, we would extend our work to explore more effective CPDP constructions. First, from our experiments we found that the performance of CPDP scheme, especially for large files, is affected by the bilinear mapping operations due to its high complexity. To solve this problem, RSA-based constructions may be a better choice, but this is still a challenging task because the existing RSA-based schemes have too many restrictions on the performance and security. Next, from a practical point of view, we still need to address some issues about integrating our CPDP scheme smoothly with existing systems, for example, how to match indexhash hierarchy with HDFS’s two-layer name space, how to match index structure with cluster-network model, and how to dynamically update the CPDP parameters according to HDFS’ specific requirements. Finally, it is still a challenging problem for the generation of tags with the length irrelevant to the size of data blocks. We would explore such an issue to provide the support of variable-length block verification.

III. OUR APPROACH

Fig. 1.1 Verification architecture for data integrity In this architecture, we consider the existence of multiple CSPs to cooperatively store and maintain the clients’ data. Moreover, a cooperative PDP is used to verify the integrity and availability of their stored data in all CSPs. The verification procedure is described as follows: Firstly, a client (data owner) uses the secret key to pre-process a file which consists of a collection of _blocks, generates a set of public verification information that is stored in TTP, transmits the file and some verification tags to CSPs, and may delete its local copy; Then, by using a verification protocol, the clients can issue a challenge for one CSP to check the integrity and availability of outsourced data with respect to public information stored in TTP. We neither assume that CSP is trust to guarantee the security of the stored data, nor assume that data owner has the ability to collect the evidence of the CSP’s fault after errors have been found. To achieve this goal, a TTP server is constructed as a core trust base on the cloud for the sake of security. We assume the TTP is reliable and independent through

Vinitha Varghese, IJRIT

101

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105

the following functions: to setup and maintain the CPDP cryptosystem; to generate and store data owner’s public key; and to store the public parameters used to execute the verification protocol in the CPDP scheme. Note that the TTP is not directly involved in the CPDP scheme in order to reduce the complexity of cryptosystem. There exist various tools and technologies for multicloud, such as Platform VM Orchestrator, VMware, vSphere, and Ovirt. These tools help cloud providers construct a distributed cloud storage platform for managing clients’ data. However, if such an important platform is vulnerable to security attacks, it would bring irretrievable losses to the clients. For example, the confidential data in an enterprise may be illegally accessed through a remote interface provided by a multicloud, or relevant data and archives may be lost or tampered with when they are stored into an· uncertain storage pool outside the enterprise. Therefore, it is indispensable for cloud service providers to provide security techniques for managing their storage services. To check the availability and integrity of outsourced data in cloud storages, researchers have proposed two basic approaches called Provable Data Possession and Proofs of Retrievability .Ateniese et al. first proposed the PDP model for ensuring possession of files on untrusted storages and provided an RSA-based scheme for a static case that achieves the communication cost. They also proposed a publicly verifiable version, which allows anyone, not just the owner, to challenge the server for data possession. They proposed a lightweight PDP scheme based on cryptographic hash function and symmetric key encryption, but the servers can deceive the owners by using previous metadata or responses due to the lack of randomness in the challenges. The numbers of updates and challenges are limited and fixed in advance and users cannot perform block insertions anywhere.

IV. SYSTEM DESIGN AND IMPLEMENTATION Two fundamental techniques for constructing our CPDP scheme: hash index hierarchy (HIH) on which the responses of the clients’ challenges computed from multiple CSPs can be combined into a single response as the final result; and homomorphic verifiable response (HVR) which supports distributed cloud storage in a multi-cloud storage and implements an efficient construction of collision-resistant hash function, which can be viewed as a random oracle model in the verification protocol. There are three modules in this system. Such as user, TTP(Trusted Third Party) and CSP(Cloud Service Provider). TTP is the administrator of this system. TTP is trusted to store verification parameters and offer public query services for these parameters. Clients who have a large amount of data to be stored in multiple clouds and have the permissions to access and manipulate stored data; Cloud Service Providers (CSPs) who work together to provide data storage services and have enough storages and computation resources. In order to reduce the load on TTP, TTP will choose one of the CSP as the organizer. The organizer is responsible to control other CSPs, and it interact with TTP to perform the actions requested by the user. The user module have the following functions: upload a file into CSP: The data is splitted by TTP and stored in different CSPs. Before storing the segmented data is compressed and encrypted. In order to download the user send request to TTP, TTP invoke organizer CSPs, then CSP can issue a challenge for one CSP to check the integrity and availability of data. If the data is available then collect the data decrypt, decompress and merge according to the index stored in TTP. Similarly the user can manage folders (create, move, remove etc), share files via e-mail, manage files (create, move, remove, rename etc). To extend the storage space user can upgrade plans. To upgrade plans the payment is done by the user. Different plans are notified by TTP. TTP can create a dashboard when user registration is completed. It displays active users, log information and resource usage. TTP can manage CSPs. Notifications are provided by TTP such as usage information, different packages for extending space for storage etc. Different plans are provided by TTP to extent storage capacity, these are managed by plan manager. User account information is managed by account management. The payment done by the user is managed by TTP and upgrade the usage space accordingly. From the collection of CSPs one is the organizer. The organizer CSP is selected by TTP. So all CSPs can have the organizer capability. The organizer CSP can do all operations like other CSPs and also control other CSPS. It will act as a challenge

Vinitha Varghese, IJRIT

102

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105

manager. It will check the availability and integrity of stored data. Also it can compress, decompress, encrypt and decrypt data. We would extend our work to explore more effective CPDP constructions. As part of our work, we would extend our work to explore more effective CPDP constructions. First, from our experiments we found that the performance of CPDP scheme, especially for large files, is affected by the bilinear mapping operations due to its high complexity. To solve this problem, RSA-based constructions may be a better choice, but this is still a challenging task because the existing RSA-based schemes have too many restrictions on the performance and security. Next, from a practical point of view, we still need to address some issues about integrating our CPDP scheme smoothly with existing systems, for example, how to match indexhash hierarchy with HDFS’s two-layer name space, how to match index structure with cluster-network model, and how to dynamically update the CPDP parameters according to HDFS’ specific requirements. Finally, it is still a challenging problem for the generation of tags with the length irrelevant to the size of data blocks. We would explore such a issue to provide the support of variable-length block verification. The hierarchy structure which resembles a natural representation of file storage. This hierarchical structure ℋ consists of three layers to represent relationships among all blocks for stored resources. They are described as follows: 1) Express Layer: offers an abstract representation of the stored resources; 2) Service Layer: offers and manages cloud storage services; and 3) Storage Layer: realizes data storage on many physical devices. A homomorphism is a map : ℙ → ℚ between two groups such that ݂(݃1 ⊕ ݃2) = ݂(݃1) ⊗ ݂(݃2) for all ݃1, ݃2 ∈ ℙ, where ⊕ denotes the operation in ℙ and ⊗ denotes the operation in ℚ. This notation has been used to define Homomorphic Verifiable Tags (HVTs) in: Given two values ߪ݅ and ߪ݆ for two messages ݉݅ and ݆݉ , anyone can combine them into a value ߪ′ corresponding to the sum of the messages ݉݅ + ݆݉ . When provable data possession is considered as a challenge-response protocol, we extend this notation to the concept of Homomorphic Verifiable Responses (HVR), which is used to integrate multiple responses from the different CSPs in CPDP scheme as follows: A response is called homomorphic verifiable response in a PDP protocol, if given two responses ߠ݅ and ߠ݆ for two challenges ܳ݅ and ݆ܳ from two CSPs, there exists an efficient algorithm to combine them into a response ߠ corresponding to the sum of the challenges ܳ݅ ∪ܳ. Homomorphic verifiable response is the key technique of CPDP because it not only reduces the communication bandwidth, but also conceals the location of outsourced data in the distributed cloud storage environment. In CPDP scheme, the manager first runs algorithm ‫ ݊݁ܩݕ݁ܭ‬to obtain the public/private key pairs for CSPs and users. Then, the clients generate the tags of outsourced data by using ܶܽ݃‫݊݁ܩ‬. Anytime, the protocol ܲ‫ ݂݋݋ݎ‬is performed by a 5-move interactive proof protocol between a verifier and more than one CSP, in which CSPs need not to interact with each other during the verification process, but an organizer is used to organize and manage all CSPs. This protocol can be described as follows: 1) the organizer initiates the protocol and sends a commitment to the verifier; 2) the verifier returns a challenge set of random index-coefficient pairs ܳ to the organizer; 3) the organizer relays them into each ܲ݅ in ࣪ according to the exact position of each data block; 4) each ܲ݅ returns its response of challenge to the organizer; and 5) the organizer synthesizes a final response from received responses and sends it to the verifier. The above process would guarantee that the verifier accesses files without knowing on which CSPs or in what geographical locations their files reside. A cooperative provable data possession ࣭ = (‫݊݁ܩݕ݁ܭ‬, ܶ ܽ݃‫݊݁ܩ‬, ܲ‫ )݂݋݋ݎ‬is a collection of two algorithms (‫݊݁ܩݕ݁ܭ‬, ܶܽ݃‫ )݊݁ܩ‬and an interactive proof system ܲ‫݂݋݋ݎ‬, as follows: (1ߢ): takes a security parameter ߢ as input, and returns a secret key sk, or a public- secret key pair(pk,sk) TagGen(sk,F,P): takes an input a secret key sk, a file F and set of cloud storage providers P = {Pk}, and returns a triples (ζ,ψ,б), where ζ is the secret in tags, ψ = (u,H) is a set of verification parameters u and an index hierarchy H for F, б = {бk} is the tag of fraction of F in Pk. Proof(P,V) : is a protocol of proof of data possession between CSPs and verifier (v),where each Pk takes as input a file F and a set of tags and a public key Pk and a set of public parameters are the common input between P and V. At the end of the protocol run, V returns a bit {0|1} denoting false and true.

Vinitha Varghese, IJRIT

103

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105

A trivial way to realize the CPDP is to check the data stored in each cloud one by one, i.e.,

However, it would cause significant communication and computation overheads for the verifier, as well as a loss of location-transparent. Such a primitive approach obviously diminishes the advantages of cloud storage: scaling arbitrarily up and down on demand. To solve this problem, we extend above definition by adding an organizer(ܱ), which is one of CSPs that directly contacts with the verifier, as follows:

V.

CONCLUSION

We presented the construction of an efficient PDP scheme for distributed cloud storage. Based on homomorphic verifiable response and hash index hierarchy, we have proposed a cooperative PDP scheme to support dynamic scalability on multiple storage servers. We also showed that our scheme provided all security properties required by zero- knowledge interactive proof system, so that it can resist various attacks even if it is deployed as a public audit service in clouds. Furthermore, we optimized the probabilistic query and periodic verification to improve the audit performance. Our experiments clearly demonstrated that our approaches only introduce a small amount of computation and communication overheads. Therefore, our solution can be treated as a new candidate for data integrity verification in outsourcing data storage systems.

VI. REFERENCES [1] B. Sotomayor, R. S. Montero, I. M. Llorente, and I. T. Foster, “Virtual infrastructure management in private and hybrid clouds,” IEEE Internet Computing, vol. 13, no. 5, pp. 14–22, 2009. [2] G. Ateniese, R. C. Burns, R. Curtmola, J. Herring, L. Kissner, Z. N. J. Peterson, and D. X. Song, “Provable data possession at untrusted stores,” in ACM Conference on Computer and Communications Security, P. Ning, S. D. C. di Vimercati, and P. F. Syverson, Eds. ACM, 2007, pp. 598–609. [3] A. Juels and B. S. K. Jr., “Pors: proofs of retrievability for large files,” in ACMConference on Computer and Communications Security, P. Ning, S. D. C. di Vimercati, and P. F. Syverson, Eds.ACM, 2007, pp. 584–597. [4] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, “Scalable and efficient provable data possession,” in Proceedings of the 4th international conference on Security and privacy in communication netowrks, SecureComm, 2008, pp. 1–10. [5] C. C. Erway, A. K¨upc¸ ¨u, C. Papamanthou, and R. Tamassia,“Dynamic provable data possession,” in ACM Conference on Computer and Communications Security, E. Al-Shaer, S. Jha, and A. D. Keromytis, Eds. ACM, 2009, pp. 213–222. [6] H. Shacham and B. Waters, “Compact proofs of retrievability,” in ASIACRYPT, ser. Lecture Notes in Computer Science, J. Pieprzyk, Ed., vol. 5350. Springer, 2008, pp. 90–107.

Vinitha Varghese, IJRIT

104

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105

[7] Q. Wang, C.Wang, J. Li, K. Ren, and W. Lou, “Enabling public verifiability and data dynamics for storage security in cloud computing,” in ESORICS, ser. Lecture Notes in Computer Science, M. Backes and P. Ning, Eds., vol. 5789. Springer, 2009, pp. 355–370. [8] Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu, and S. S. Yau, “Dynamic audit services for integrity verification of outsourced storages in clouds,” in SAC, W. C. Chu, W. E. Wong, M. J.Palakal, and C.-C. Hung, Eds. ACM, 2011, pp. 1550–1557. [9] K. D. Bowers, A. Juels, and A. Oprea, “Hail: a high-availability and integrity layer for cloud storage,” in ACM Conference on Computer and Communications Security, E. Al-Shaer, S. Jha, and A. D. Keromytis, Eds. ACM, 2009, pp. 187–198. [10] Y. Dodis, S. P. Vadhan, and D. Wichs, “Proofs of retrievability via hardness amplification,” in TCC, ser. Lecture Notes in Computer Science, O. Reingold, Ed., vol. 5444. Springer, 2009, pp. 109–127. [11] L. Fortnow, J. Rompel, and M. Sipser, “On the power of multiprover interactive protocols,” in Theoretical Computer Science, 1988, pp. 156–161. [12] Y. Zhu, H. Hu, G.-J. Ahn, Y. Han, and S. Chen, “Collaborative integrity verification in hybrid clouds,” [13]Yan Zhu, Hongix Hu, Gail-Joon Ahn, “Cooperative provable data possession for integrity verification in multi cloud storage”

Vinitha Varghese, IJRIT

105

An Approach For Integrity Verification In Multi Cloud Storage ... - IJRIT

using virtual infrastructure management (VIM) , a multi-cloud allows clients to easily ... These tools help cloud providers construct a distributed cloud storage ...

109KB Sizes 3 Downloads 394 Views

Recommend Documents

An Approach For Integrity Verification In Multi Cloud Storage ... - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 2, Issue 7, July 2014, Pg: 100-105. Vinitha Varghese ... In this paper, we address the ... Since cloud computing environment is constructed based on open architectures ...

A Secured Cost-effective Multi-Cloud Storage in Cloud Computing ...
service business model known as cloud computing. Cloud data storage redefines the security issues targeted on customer's outsourced data (data that is not ...

data integrity proofs in cloud storage pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. data integrity ...

A Secured Cost-effective Multi-Cloud Storage in ... - IJRIT
Cloud data storage redefines the security issues targeted on customer's ... Hardware. Specification. System. Pentium IV 2.4 GHz & onwards. Hard Disk. 40 GB.

Multi Deployment and Multi Snapshotting on cloud - IJRIT
the leverage of extra storage space in servers and data centers. ... space and overhead related to VM management on dedicated storage nodes, which can im-.

Multi-Chip Reticle Approach for OPC Model Verification
University of Oregon. ABSTRACT. The complexity ... engineering efforts and expenses to deliver the final product to customers. One of the largest ... Figure 1: Layout of the Multichip vehicle for both Metal and Via levels. As shown in the layout ...

Multi Deployment and Multi Snapshotting on cloud - IJRIT
In this most basic cloud service model, cloud providers offer computers, as physical or ... ages in a virtual machine image library, and file-based storage. ... inside the VMs require and are often offered by the cloud provider (e.g., database .... r

Multi-Chip Reticle Approach for OPC Model Verification
vehicle. In one of the four instances, no OPC was applied, while different OPC .... OPC VTRE model was generated using Mentor Graphics Calibre software [1].

Towards secure the multi –cloud using homomorphic ... - IJRIT
atomism of traditional social science in which individual behavior—such as ... Title : Public-Key Cryptosystems Based on Composite Degree Residuosity Classes ... The social network field is an interdisciplinary research programmer which ...

An approach for automating the verification of KADS- based expert ...
Our study indicates that in order to verify an expert system, it is necessary to have a ... provides principled mapping to the symbol level necessary for V&V (2). 4. .... the user, database when the value is queried from a database, derived when the

Towards secure the multi –cloud using homomorphic ... - IJRIT
Towards secure the multi –cloud using homomorphic encryption scheme. Rameshbabu .... in the design of current SNA techniques. Multiple key issues can be ...

An approach for automating the verification of KADS ...
knowledge base development environment upon which we build our verification tool. Section 5 ... In such applications, there is a possibility of great financial.

An Innovative Detection Approach to Detect Selfish Attacks in ... - IJRIT
Student, Computer Science & Engineering, Laki Reddy Bali Reddy College Of Engineering. Mylavaram .... Haojin Zhu et.al proposed a method to find the probable security threats towards the collaborative spectrum ... integrity violations [6].

An Algorithmic Approach for Auto- Selection of Resources to ... - IJRIT
These algorithms can be implemented into a small computer application using any computer programming language. After implementation of these algorithms, the process of automatic selection of the resources responsible for good performance will be auto

Data Security Proofs in the Cloud Storage Data ... - IJRIT
Company, who desires to store their data in the cloud, buy or lease storage capacity from them ... Blob store, cloud by Apple. ... It's further complicated for the owner of the data whose devices like Personnel Digital Assist and mobile phones.

Data Security Proofs in the Cloud Storage Data ... - IJRIT
In cloud computing, data is moved to a remotely located cloud server. Cloud ... Data Integrity is very important among the other cloud storage issues. .... The next generation of cloud storage provides a new architecture to address the storage, ...

Enabling Data Storage Security in Cloud Computing for ... - wseas.us
important aspect of quality of service, Cloud. Computing inevitably poses ... also proposed distributed protocols [8]-[10] for ensuring storage .... Best practices for managing trust in private clouds ... information they're hosting on behalf of thei

Enabling Data Storage Security in Cloud Computing for ... - wseas.us
Cloud computing provides unlimited infrastructure to store and ... service, paying instead for what they use. ... Due to this redundancy the data can be easily modified by unauthorized users which .... for application purposes, the user interacts.

Machine Learning In Chemoinformatics: A Novel Approach for ... - IJRIT
methods, high throughput docking, drug discovery, data analysis methods, etc[6] .... QSAR, protein-Ligand Models, Structure Based Models, Microarray Analysis,.

A modified approach for aggregation technique in WSN - IJRIT
IJRIT International Journal of Research in Information Technology, Volume 3, Issue 7, ... Wireless sensor network are used in many application such as military, ...

A modified approach for aggregation technique in WSN - IJRIT
In computer science and telecommunications, wireless sensor networks are an ... and conferences arranged each year. ... Figure 1: Types of grids (a) Triangular lattice (b) Square grid (c) Hexagonal grid ... Degree-degree Correlations”, in Proc.

Machine Learning In Chemoinformatics: A Novel Approach for ... - IJRIT
Keywords-chemoinformatics; drug discovery; machine learning techniques; ... methods, high throughput docking, drug discovery, data analysis methods, etc[6].

Google Cloud Storage Cloud Platform
Store application data Google Cloud Storage provides fast access to application data, such as images for a photo editing app. • Share data with colleagues and ...

A Novel Scheme for Remote Data Storage - Dual Encryption - IJRIT
Abstract:- In recent years, cloud computing has become a major part of IT industry. It is envisioned as a next generation in It. every organizations and industries ...