Post on 06-Jun-2018
Survey of Public Auditing of Shared Data with Multiple Third Party
Auditor with Efficient user Revocation in the Cloud
G.Shreedevi1, K.G.Arunkumar2 1PG Scholar, 2Assistant Professor, Department of Computer Science and Engineering,
Excel Engineering College, Komarapalyam, Nammakal, India.
Abstract
In cloud computing, users remotely store their
data into the cloud and use on-demand high-quality
applications by using a shared pool of configurable
computing resource. When users put their data of
large size on the cloud, the data integrity
protection is challenging. With information storage
and sharing services within the cloud, users will
simply modify and share information as a bunch.
Enabling public audit for cloud data storage
security is important. To make sure shared data
integrity is verified publically, users within the
cluster got to figure signatures on all the blocks in
shared information. Different blocks in shared
information are usually signed by totally different
users owing to information modifications
performed by different users. For security reasons,
once a user is revoked from the cluster, the blocks
that were signed by this revoked user should be re-
signed by existing user. The proposed systems have
a tendency to propose a completely unique public
auditing mechanism for the integrity of shared
information with economical user revocation in
mind. By utilizing the thought of proxy re-
signatures, we can have a first third party auditor
to create initial verification key and creating
revocation list. Additionally, another third party to
re-sign blocks on behalf of existing users
throughout user revocation, in order that existing
users don't have to transfer and re-sign blocks by
themselves is often ready to audit the integrity of
shared information while not retrieving the
complete information from the cloud. Moreover,
this mechanism is in a position to support secured
multiple auditing tasks at the same time.
1. Introduction
The cloud computing is a model for enabling
convenient, on demand network access to shared
pool of configurable resources such a networks,
servers, files storage, applications and services.
The cloud computing field is growing day by day
with an increasing number of businesses and
government
establishments going for cloud computing based
services. [1]
The cloud computing incorporate combination of:-
1. IaaS (Infrastructure as a Service)
2. PaaS (Platform as a Service)
3. SaaS (Software as a Service)
These are collectively called as *aaS (Everything
as a Service) which means a service oriented
architecture. Cloud computing is mainly used for
resource sharing and with very low-maintenance.
The cloud service providers (CSPs), such as
Amazon, are able to provide a various services to
cloud users with the help of powerful various
datacenters. Cloud Providers provides a
fundamental service is data storage (Storage as-a
service). An organisation allows its group members
in the same group or department to store and share
files in the cloud. By utilizing the cloud, the group
members can be completely released
from its local data storage and maintenance. A
significant risk arises in confidentiality of those
stored files. So, the users are not fully trusted the
cloud servers operated by cloud provider while
sensitive data stored in the cloud.
1.1 Data security issues in the cloud:
Securing data is always of vital importance and
because of the critical nature of cloud computing
and large amounts of complex data it carries, the
need is even important. Therefore, data privacy and
security are issues that need to be resolved as they
are acting as a major obstacle in the adoption of
cloud computing services. The major security
issues with cloud are:-
• Privacy and Confidentiality: Once the
clients outsource data to the cloud there must be
some assurance that data is accessible to only
authorized users. The cloud user should be assured
that data stored on the cloud will be confidential.
• Security and Data Integrity: Data
security can be provided using various encryption
and decryption techniques. With providing the
G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243
IJCTA | Mar-Apr 2015 Available online@www.ijcta.com
240
ISSN:2229-6093
security of the data, cloud service provider should
also implement mechanism to monitor integrity of
the data at the cloud. [2]
1.2. Risk Factors in the Cloud:
When a person or a company wants to get into
the cloud computing environment they have to care
about the following things like privacy, security,
reliability, performance and portability. In this
security is the major threat to the cloud computing
because of the multi tenancy architecture. So the
service providers are also give the comfort of “trust
us” to the users who are willing to move into the
cloud environment. The service providers have to
take the responsibility of the security issues at the
following levels. SQL Injection attacks: This technology
is used to attack the database through website.
It is a code injection method that exploits a
security in a website.
Cross site Scripting attacks: It can be
called as XSS; it is also a type of security
vulnerability found in web applications.
Man in middle attacks: In this kind of
attack the attacker makes an independent
connection between the persons and watching
the happenings without the knowledge of them.
Denial of Service attacks: In this kind of
attack the server or the system will not be
available when the request from the intended
users.
Sniffer attacks: In this attack, if the
packet is not encrypted a sniffer can read all the
content of the packet. Sniffer can be an
application or a device.
Security concern with the virtual
machine Manager: The service provider must
be very care, on the service given to their users
because they are running on the VM
technology.Hyperviser or Virtual Machine
Manager plays an important role in the cloud
environment. That allows multiple operating
systems to run on the system at a same time.
1.3 Public Verifier and Public Auditing:
Public verifier is able to verify the integrity of
shared data without retrieving the entire data while
the identity of the signer on each block in shared
data is kept private from the public verifier.
Existing system allow not only a data owner itself
but also a public verifier to efficiently perform
integrity checking without downloading the entire
data from the cloud, which is referred to as public
auditing [9].Data is divided into many small
blocks, where each block is independently signed
by the owner; and a random combination of all the
blocks instead of the whole data is retrieved during
integrity checking. A public verifier could be a data
user who would like to utilize the owner’s data via
the cloud or a third-party auditor (TPA) who can
provide expert integrity checking services. During
public auditing on cloud data, the content of private
data belonging to a personal user is not disclosed to
any public verifier’s. It is necessary to ensure the
integrity of shared data in the cloud is correct.
Public auditing mechanisms can actually be
extended to verify shared data integrity.
2. Existing Work
A. Panda: Public auditing for Shared Data with
Efficient User Revocation in the Cloud [3].
In this paper with data storage and sharing services
in the cloud, users can easily modify and share data
as a group. To ensure shared data integrity can be
verified publicly, users in the group need to
compute signatures on all the blocks in shared data.
Different blocks in shared data are generally signed
by different users due to data modifications
performed by different users. For security reasons,
once a user is revoked from the group, the blocks
which were previously signed by this revoked user
must be re-signed by an existing user.
B. A View of Cloud Computing [4].
Cloud computing, the long-held dream of
computing as a utility, has the potential to
transform a large part of the IT industry, making
software even more attractive as a service and
shaping the way IT hardware is designed and
purchased. Developers with innovative ideas for
new Internet services no longer require the large
capital outlays in hardware to deploy their service
or the human expense to operate it. They need not
be concerned about over provisioning for a service
whose popularity does not meet their predictions,
thus wasting costly resources, or under
provisioning for one that becomes wildly popular,
thus missing potential customers and revenue.
C. Provable Data Possession at Untrusted Store
[5].
In this paper author introduce a model for provable
data possession (PDP) that allows a client that has
stored data at an untrusted server to verify that the
server possesses the original data without retrieving
it.The model generates probabilistic proofs of
possession by sampling random sets of blocks from
the server, which drastically reduces I/O costs. The
client maintains a constant amount of metadata to
verify the proof. The challenge/response protocol
transmits a small, constant amount of data, which
minimizes network communication.
D. Compact Proofs of Retrievability [6].
In this paper, first scheme was built from BLS
signatures and secure in the random oracle model,
features a proof-of-retrievability protocol in which
G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243
IJCTA | Mar-Apr 2015 Available online@www.ijcta.com
241
ISSN:2229-6093
the client’s query and server’s response are both
extremely short. This scheme allows public
verifiability: anyone can act as a verifier, not just
the file owner.Second scheme, which builds on
pseudorandom functions and is secure in the
standard model, allows only private verification. It
features a proof-of-retrievability protocol with an
even shorter server’s response than our first
scheme, but the client’s query is long.
E. Privacy-Preserving Public Auditing for Data
Storage Security in Cloud Computing [7].
This work studies the problem of ensuring the
integrity of data storage in Cloud Computing. In
particular, the task of allowing a third party auditor
(TPA), on behalf of the cloud client, to verify the
integrity of the dynamic data stored in the cloud.
The introduction of TPA eliminates the
involvement of client through the auditing of
whether his data stored in the cloud is indeed
intact, which can be important in achieving
economies of scale for Cloud Computing. In
particular, to achieve efficient data dynamics, we
improve the Proof of Retrievability model by
manipulating the classic Merkle Hash Tree (MHT)
construction for block tag authentication. Extensive
security and performance analysis show that the
proposed scheme is highly efficient and provably
secure.
F. Ensuring Data Storage Security in Cloud
Computing [8].
In this Paper, author focus on cloud data storage
security, which has always been an important
aspect of quality of service. To ensure the
correctness of users' data in the cloud, we propose
an effective and flexible distributed scheme with
two salient features, opposing to its predecessors.
By utilizing the homomorphic token with
distributed verification of erasure-coded data, our
scheme achieves the integration of storage
correctness insurance and data error localization,
i.e., the identification of misbehaving server (s).
Unlike most prior works, the new scheme further
supports secure and efficient dynamic operations
on data blocks, including: data update, delete and
append. Extensive security and performance
analysis shows that the proposed scheme is highly
efficient and resilient against Byzantine failure,
malicious data modification attack, and even server
colluding attacks.
3. Proposed Architecture
In this model, we are going to introduce the
Multiple Trusted Third Party. Because the biggest
problem faced by the computer technology is data
security, due to the users works with very sensitive
information. For that we are going to make a new
model called Trusted Computing Technology using
TTP. In the cloud environment various numbers of
users want to join, it means join into the cloud
computing environment, due to the elastic nature of
the architecture. The proposed system provides
Enhanced Security. Here we try to introduce a
Trusted Third Party like a ticket granting server
(Resource Broker). If a user wants to access the
data stored in a cloud server the user must get
authentication key from the TTP then, the
authentication key will be verified then only the
user will be allowed to access the data which is
stored in the cloud server. The user must get the
authentication key for each and every time. By this
we can avoid the misbehaved nodes. If a user wants
to join into the cloud, first step the user have to
prove their identity. In this system the user first
communicates with the TTP and reveals their
identity. Then the TTP check with the identity
provided by the user and verify for the trust worthy
of the user. If found trustworthy then it will give a
secure key Then the user has to enter into the cloud
with the secret key which was given by the TTP. If
the key match with the key given by TTP, then the
user will be allowed to access the Data. The one
TTP is used to do generate initial keys, generate
revocation list and maintain user detail. The other
TTP does check integrity of the data in the cloud
and does the key regeneration during revocation
process.
Figure 1: System Architecture
G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243
IJCTA | Mar-Apr 2015 Available online@www.ijcta.com
242
ISSN:2229-6093
3.1. Proposed Scheme
3.1.1. User Registration. User registered with their
details such as identity (user name, password and
email-id).For registered users they will obtain
private key, that private key is used for group
signature and file decryption. The Resource Broker
adds the user identity (ID) to the group user list that
will be used in traceability phase.
3.1.2. File Generation. Group members will store
their data in real cloud. The groups members will
request with group id and based on the revocation
list the TTP allow the data owner to upload the data
in the cloud, if their signature is true. If it’s a
revoked user, he is not allowing for generating the
data and signature verification status false. When
generating the data, hash id will be generated that
will be used for deleting the data.
3.1.3. File Access. To access the data that are
stored in the cloud, group member will give request
as group id, data id. Resource Broker will verify
their signature, if the group member in the same
group then allow to access file. Group member
have rights to access data, but not having rights to
delete or modify the data that are stored in the
cloud. If any request from revoked user, cloud
server won’t allow accessing the data.
3.1.4. File Deletion. File that are stored in the
cloud can be deleted by either group member (i.e.,
the member who uploaded the file into the server)
or by Resource broker. It allows data owners to
delete their own files that are stored in the cloud. If
any delete request from the group member, cloud
server will verify the signature and delete the data
file that are stored in the cloud.
3.1.5. Traceability. Resource Broker will reveal
their real identity in case of any dispute occurs. If
any malpractice happened inside the organization it
can be easily traceable. If any group members are
modify or delete the data file of other groups, it can
easily identify which member doing such activities.
3.1.6. User Revocation. User Revocation is
performed by the TTP (General
Manager).Revocation List is generated by Resource
Broker, group members are allowed to encrypt the
data and make that data confident against revoked
users. Revocation list is bounded by signature to
declare its validity.
4. Conclusion
In this paper, analyses of proposed work is done
and have a tendency to propose a completely
unique public auditing mechanism for the integrity
of shared knowledge with economical user
revocation in mind. By utilizing the thought of
proxy re-signatures, give tendency to enable third
party to re-sign blocks on behalf of existing users
throughout user revocation and other third party
auditor is often able to audit the integrity of shared
knowledge while not retrieving the complete
knowledge from the cloud. Additionally, a resource
broker (third party) creates revocation list and
initial user key. Moreover, this mechanism is in a
position to support batch auditing by verifying
multiple auditing tasks at the same time. We
proposed a new public auditing mechanism for
shared data with efficient user revocation in the
cloud with multiple trusted third party auditors.
When a user in the group is revoked, this allow
third party to re-sign blocks that were signed by the
revoked user with proxy re-signatures done by TTP
along with checking integrity of shared data.
5. References [1] Roberts, Book Title, Publisher, Location, References
Prashant Rewagad, Yogita Pawar, “Use of Digital
Signature and Rijndael encryption Algorithm to
Enhanced Security of data in Cloud computing Services”, proceeding published in International.
[2]Parsi Kalpana, Sudha Singaraju, “Data Security in
Cloud Computing using RSA Algorithm”, International
Journal of Research in Computer and Communication Technology (IJRCCT), Vol. 1, Issue 4, September 2012.
[3]Boyang Wang, Baochun Li, Panda: Public auditing for
Shared Data with Efficient User Revocation in the Cloud,
2014. [4]M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H.
Katz, A. Konwinski, G. Lee,A. Patterson, A. Rabkin, I.
Stoica, and M. Zaharia, “A View of Cloud Computing,
“Communications of the ACM, vol. 53, no. 4, pp. 50–58, April 2010.
[5]G. Ateniese, R. Burns, R. Curtmola, J. Herring, L.
Kissner, Z. Peterson, and D. Song, Provable Data
Possession at Untrusted Stores, in the Proceedings of ACM CCS 2007, 2007, pp. 598–610.
[6]H. Shacham and B. Waters, Compact Proofs of
Retrievability, in the Proceedings of ASIACRYPT 2008.
Springer-Verlag, 2008, pp. 90–107. [7]C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-
Preserving Public Auditing for Data Storage Security in
Cloud Computing, in the Proceedings of IEEE
INFOCOM 2010, 2010, pp. 525–533. [8]C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring
Data Storage Security in Cloud Computing,” in the
Proceedings of ACM/IEEE IWQoS 2009, 2009, pp. 1–9.
[9]B.Wang, B. Li, and H. Li, “Oruta: Privacy-Preserving
Public Auditing for Shared Data in the Cloud,” in the Proceedings of IEEE Cloud 2012, 2012, pp. 295–302.
G Shreedevi et al, Int.J.Computer Technology & Applications,Vol 6 (2),240-243
IJCTA | Mar-Apr 2015 Available online@www.ijcta.com
243
ISSN:2229-6093