Cloud computingData sharing with accountability in the cloudGroup members: Guided by: k.Jeganathan Ms. chitra.v M.E., A.susheenthiran
ObjectiveCloud computing is a recent model for enablingconvenient, on-demand network access to a sharedpool of configurable computing resources.Cloud computing can play a significant role in avariety of areas including innovations, virtual worlds,e-business, social networks, or search engines.
AbstractThe cloud enables efficient data sharing in the cloud.Users fear that data are accessed and outsourcedwithout their permission.To over come this problem we provide accountabilitymechanism for both data owners as well as client.Client needs to get access privilege from data ownerfor accessing the data in the cloud.Client gets access privilege from data owner andretrieves the data from csp.
Contd..Before that data owners should login to the csp andstores their data in encrypted form along with clientaccess privilege , that is jar file.Client logins to the csp only if he gets permissionfrom data owner for that client should beauthenticated.A file which contains the information of each userwith access privileges and stores along with the datafile in the csp.
Existing systemThe data processed on clouds are often outsourced,leading to a number of issues related toaccountability, including the handling of personallyidentifiable information.Such fears are becoming a significant barrier to thewide adoption of cloud services. Data’s are accessedwithout the permission of data owner data aremodified and outsourced so owners fear of losingtheir control.
DrawbacksAccessing the data without the knowledge of dataowner.Occurrence of data loss.Data owner loss the control of their own data.Possible of attacks like copying, man-in-the-middleattack etc..Integrity cannot be verified due to loss of control.
Proposed systemWe propose a client accountability mechanism forproviding the control for the data owners.Client can access the data only if the owners giveauthentication and access privilege.Data’s are stored in jar format for avoiding the loss ofdata.While the client access the data csp will generates alog file which includes the details of client. Auditingmechanisms can be done with the help of log file.
AdvantagesCsp storage availability for data owners to store the data.Separate authentication mechanism for clients withaccess privilege control.Only privileged clients can access the storage file.Availability of secured data since the datas are stored incsp.Unauthorized clients cannot access the csp without thedata owner permission.Batch auditing is performed.To check the integrity log file will be sent to data ownerwith the access privilege of the each client.
EnhancementEven though batch auditing was performed only byverifying the access privilege, the data owner justifiesthe data has been modified or not.But the data owner doesn’t gain information about thecontent in case of users whose write access privilege.Suppose the client acts as hacker and provides thecorrect information to the csp but hacks the content inthat cases data owner fear of losing their content.
Contd..We implement MAC algorithm for integrityverification, at the time of jar storage itself dataowner will generate MAC code for that data and storeit to the csp.If unauthorized client outsource the data with themodified content ,the csp will generates the MACcode for that data and compare with original dataMAC code if the MAC is not same then integrity hasbeen brooked hence csp does not accept the content.
Algorithms usedMD5(message digest) algorithm for key generation toeach client during the accountability process of client.PBE(password based encryption)algorithm for dataencryption and data decryption.RSA algorithm for public and private key generation.HMAC(hash message authentication code) algorithmfor integrity verification(future enhancement).
ModulesAccountability for cloud users.Jar files storage in the CSP.Logs file generation to data owner.Integrity verification for data outsourcing.
Module descriptionAccountability for cloud users.Client logins to the data owner and gets the accessprivilege and data owner gathers client informationlike file that he needs to access. To access the dataowner files first client should be an authenticated foraccessing those files. Client should register and loginto the data owner.
Data flow diagram DATA OWNER CSP DETAILS DATA OWNER CLIENTREGISTRATION REGISTRATION
Contd..Jar files storage in the CSP.Data owner stores the data in the csp that is defined asjar file storage; the file includes data file and clientinformation. Data will be encrypted before storing inthe csp. Data owners store the data along with theclient’s access privilege in the cloud service provider.Owner’s data and access privilege are modified in jarformat and stored in csp. The JAR file includes a set ofsimple access control rules specifying whether and howthe cloud servers and possibly other data stakeholders(users, companies) are authorized to access the contentitself.
Client access MAC code policies Encrypted Data owner data Creation of CSP jar file
Contd.. Logs file generation to data owner.If client want to get data from csp while mean time it generates the log file to the data owner, log file consist of access privilege, by auditing the log file and clients access privilege data owner verifies the integrity of the data. Once the client gets access permission from the owner csp storage generates the log file to the data owner. The log file consist of clients access permission details along with the date. The integrity can be verified with the help of the generated log record.
Contd.. Integrity verification for data outsourcing.If the client wants to outsource the data ,it uploads the data and produces to the csp, the csp does not accept all data from client it generates a Mac code from the client data if that ,Mac code matches with the code generated by the data owner then only csp accepts to outsource it. We use HMAC algorithm for integrity verification, and thus integrity is verified for the content also.
System RequirementsSoftware Requirements OS : Windows Xp Language : Java IDE : NetBeans 6.9.1Hardware Requirements System : Pentium IV2.4GHz. Hard Disk : 250 GB. Monitor : 15 VGA Color Mouse : Logitech. Ram : 1GB.
Literature surveyA major feature of the cloud services isthat users’ data are usually processedremotely in unknown machines that usersdo not own or operate.highly decentralized informationaccountability framework to keep track ofthe actual usage of the users’ data in thecloud.
Contd..Cloud services are delivered from datacenters located throughout the world.Cloud computing is surrounded by manysecurity issues like securing data, andexamining the utilization of cloud by thecloud computing vendors.The boom in cloud computing has broughtlots of security challenges for theconsumers and service providers.
Contd..Aims to identify the most vulnerablesecurity threats in cloud computing, whichwill enable both end users and vendors toknow about the key security threatsassociated with cloud computing.The main advantage is cost effectivenessfor the implementation of the hardwareand software and this technology canimprove quality of current system
conclusionBy verifying the integrity a secure data sharing isheld in the cloud so that data owner need not fearabout the contents of him.To strengthen user’s controlunder extensive experimental studiesFurther improvement provides efficiency andeffectiveness
ReferencesD.J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigen-baum, J.Hendler, and G.J. Sussman, “InformationAccountability,” Comm. ACM, vol. 51, no. 6, pp. 82-87, 2008.D. Boneh and M.K. Franklin, “Identity-BasedEncryption from the Weil Pairing,” Proc. Int’lCryptology Conf. Advances in Cryptology, pp. 213-229, 2001.
Contd..B. Chun and A.C. Bavier, “Decentralized TrustManagement and Accountability in FederatedSystems,” Proc. Ann. Hawaii Int’l Conf.System Sciences (HICSS), 2004.B. Crispo and G. Ruffo, “Reasoning aboutAccountability within Delegation,” Proc. Third Int’lConf. Information and Comm. Security(ICICS), pp. 251-260, 2001.