Data integrity proof techniques in cloud storage


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Data integrity proof techniques in cloud storage

  1. 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME454DATA INTEGRITY PROOF TECHNIQUES IN CLOUD STORAGEMs.RohiniG.Khalkar1and Prof. Dr. S.H.Patil21M. Tech. Computer Student, Bharati Vidyapeeth Deemed University College of Engineering,Pune2HOD, Computer Engineering Department, Bharati Vidyapeeth Deemed University College ofEngineering, PuneABSTRACTCloud Computing has been unreal as the next generation architecture of IT Enterprise.Clients release their work of storing and maintaining the data regionally by storing it over thecloud. As cloud provides several advantages, it conjointly brings sure challenges. Thoughclients cannot physically access the information from the cloud server directly, withoutclient’s information, cloud supplier will modify or delete information which are not used byclient from a long a time or occupies large space. Hence, there is a requirement of checkingthe information periodically for correction purpose which is called information integrity. Thispaper contains survey on the different techniques of information integrity. The basic schemesfor information integrity in cloud are Proof of Retrievability (PoR) and Provable informationPossession (PDP). These two schemes are most active space of analysis in the cloudinformation integrity field. The objective of this survey is to supply new researchers aguideline, and to perceive the analysis work carried out in previous few years.Keywords: Data integrity, Proof of Retrievability, Provable information PossessionI: INTRODUCTIONCloud computing aims to provide reliable, customized and guaranteed computingdynamic environment to the end users. Virtualized resources in the cloud can bedynamically reconfigured to regulate a variable load (scale). It also allows for an optimumresource utilization. End users can access the services available in the internet withoutknowing location and management of these resources.Cloud storage moves the client’s data to large data centers, which are remotelylocated, on which user does not have any control. In this paper we will discuss privacyconcerns of cloud environment. This paper mainly focuses on the survey of the variousprivacy techniques.INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING& TECHNOLOGY (IJCET)ISSN 0976 – 6367(Print)ISSN 0976 – 6375(Online)Volume 4, Issue 2, March – April (2013), pp. 454-458© IAEME: Impact Factor (2013): 6.1302 (Calculated by GISI)www.jifactor.comIJCET© I A E M E
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME455II. DATA INTEGRITY PROVING SCHEMES2.1 Provable Data Possession (PDP)Definition: A PDP scheme checks that a file, which consists of a collection of n blocksis retained by a remote cloud server . The data owner processes the information file togenerate some metadata to store it locally. The file is then sent to the server, and theowner delete the native copy of the file. The owner verifies the possession of file in usingchallenge response protocol. This technique is used by clients to check the integrity of thedata and to periodically check their data that is stored on the cloud server. So this techniqueensure server security to the client. PDP scheme supports dynamic expansion.Ateniese et al. [8] are the first to consider public auditability in their defined“provable data possession” model for ensuring possession of files on untrusted storages. Intheir scheme, they utilize Homomorphic Verifiable Tags for auditing outsourced data, toachieve public auditability.However, Ateniese et al. do not consider the case of dynamic data storage, and thedirect expansion of their scheme from static data storage to dynamic case may suffer designand security .In their subsequent work [9], Ateniese et al. proposed a dynamic version ofthe prior PDP scheme problems. The system does not support fully dynamic dataoperations. In [4], Wang et al. consider the proposed challenge-response protocol canboth determine the data correctness and locate possible errors. Erway et al. [5] were thefirst to explore constructions for dynamic provable data possession. They extend thePDP model in [8] to support provable updates to stored data files using rank-basedauthenticated skip lists. This scheme is essentially a complete dynamic version of thePDP solution. They remove the index information in the “tag” computation inAteniese’s PDP model [8] to support update for block insertion, and employ authenticatedskip list data structure to authenticate the tag information of challenged or updatedblocks first before the verification procedure. Feifei Liu[7] were proposed an improveddynamic model that reduce the computational and communication complexity toconstant by using Skip-List, Block, Tag and Hash method.PDP provides following techniques to perform integrity check on the data.2.2 Methods used in the PDP Schemes.2.2.1 Proof of Retrievability (PoR)Definition: In PoR Scheme a cloud server proves to a data owner that a target file isunbroken, in the sense that the client can retrieve the complete file from the server with highprobability. Hence, PoR guarantees not only correct data possession but it also assuresretrievability upon some data corruptions. To address concerns of corruption PoR schemealso includes error-correcting codes. It supports only a limited number of queries as achallenge since it deals with a finite number of check blocks (sentinels).Juels and Kaliski [1] describe a “proof of retrievability” model in which spot-checkingand error correcting codes are used to ensure both “possession” and “retrievability” of datafiles on archive service systems. For detection purpose some special blocks called“sentinels” are randomly embedded into the data file F, and to protect the positions of thesespecial blocks file F is encrypted. Shacham and Waters [10] design an improved PoRscheme with full proofs of security in the security model defined in [1]. They use
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME456publicly verifiable homomorphic authenticators built from BLS signatures [6], based onwhich the proofs can be aggregated into a small authenticator value.Table 1. Shows comparison of different Methods used in the PoR SchemeTechniques Used PublicAuditabilityStatic/DynamicOperationUnboundedQueriesSymmetric key Cryptography, ErrorCodingNo Static NoBLS signatures, Pseudorandom Functions(PRFs)Yes Static -Generate, Encrypt and Append Metadata No Static NoFragment structure, Random Sampling andindex-hash tableYes Dynamic -Bi-Linear Map,Merkle Hash Tree Yes Dynamic Yes2.2.2 Naive MethodComparison of data is the main idea behind this method. In NAIVE method client willcompute the hash value for the file F and having key K (i.e. h(K,F)) and later it willsend the file F to the server. Clients are having different assortment of keys and hash valuesso it will perform multiple check on the file F. Whenever client desires to check the fileit release key K and sends it to the server, which is then asked to recomputed the hash value,supported F and K. Then server provides reply back to the client with hash value forcomparison. This method gives the strong proof that server is having the original file F.However this method has high overhead as each time hashing process is run over theentire file. It requires high computation cost.2.2.3 Original Provable Data PossessionIn this method, the data is pre-processed before sending it to the cloud server. Herethe data is filled with some tag value to verify at the client side. Complete data is sent over tothe server and at the client side meta-data is stored. This meta-data is used for theverification as per user need. To check the integrity user will sends the challenge to the serverat that time server will respond with the data. Then the client will compare the reply data withthe local meta-data. In this way client will check that the data is modified or not. OriginalPDP has low computation and storage overhead. It supports both encrypted data and plaindata. It provides public verifiability. It is efficient because small portion of the file needs tobe accessed to generate proof on the server. This technique is only applicable to the staticfiles. Homomorphic hashing technique is employed to compose multiple block inputs into asingle value to reduce the size of proof.2.2.4 Scalable PDPScalable PDP is an extended version of the original PDP. Original PDP uses public key toreduce computation overhead whereas Scalable PDP uses the symmetric encryption.Scalable PDP provides dynamic operation on remote data. Bulk encryption is not required byscalable PDP. It uses the symmetric-Key which is more efficient than public-Key encryption.
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME4572.2.5. Dynamic PDPDynamic PDP supports full dynamic operations like insert, update, modify,delete etc. In this technique the dynamic operation permits the authenticated insert anddelete functions with rank-based authenticated directories and with a skip list. ThoughDPDP has some procedure quality it is still economical. For example, to generate theproof for 1GB file, DPDP only produces 415KB proof data and 30ms procedureoverhead. It provides comparatively greater computational, communication, and storageoverhead.2.3 Other Auditing Methods2.3.1 Message Authentication Code (MAC) MethodThe outsourced data file F consists of a finite ordered set of blocks m1; m2; . . . mn.One simple way to ensure the data integrity is to pre-compute MACs for the complete file.Before data outsourcing, the data owner pre-computes MACs of F with a set of secretkeys and stores them locally. During the auditing process each time , the data owner revealsa secret key to the cloud server and asks for a fresh keyed MAC to verify it. This methodprovides deterministic data integrity assurance because the verification covers all the datablocks. However, the number of verifications can be performed in this solution is limited bythe number of secret keys. Once the keys are exhausted, the data owner has to retrievethe entire file of F from the server in order to estimate new MACs, which is usuallyimpractical due to the large communication overhead. Private keys are required forverification so public audit ability is not supported.2.3.2 Signature MethodThe data owner pre-computes the signature of each block and sends both F and thesignatures to the cloud server for storage. Data owner can adopt a spot-checking approachto verify correctness of F. i.e., requesting a number of randomly selected blocks and theircorresponding signatures to be returned.Note that above methods can only support the static data and also a largecommunication overhead that greatly affects system efficiency.Table 2. shows comparison of different methods used for data integrityMethod Used Public Auditability Static/DynamicOperationUnbounded QueriesRSA assumption Yes Static -Bloom Filter - Dynamic -HLAs and RSA signature Yes Dynamic -Encryption Algorithm Yes -
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME458III. CONCLUSIONIn this paper we observed that data integrity is emerging area in cloudcomputing for security purpose. Researcher proposed efficient new techniques based on thePDP and PoR schemes. PDP scheme easily support dynamic operation but it doesn’t includeerror correcting code. so significant amount of overhead in the PoR scheme comes from theerror-correcting codes which are not present in the PDP scheme. Therefore we can saythat designing efficient, secure and fully dynamic remote data integrity is still open areaof research.REFERENCES[1]A. Juels and B.S. Kaliski Jr., “Pors: Proofs of Retrievability for Large Files,” Proc. 14thACM Conf. Computer and Comm. Security (CCS ’07), pp. 584-597, 2007[2]Bo Chen and Reza Curtmola. “Robust Dynamic Provable Data Possession,” 1545-0678/12$26.00 © 2012 IEEE.[3]B. Priyadharshini and P. Parvathi, “Data Integrity in Cloud Storage”, ISBN: 978-81-909042-2-3 ©2012 IEEE [4]C. Wang, Q. Wang, K. Ren and W. Lou, “Ensuring DataStorage Security in Cloud Computing,” Proc. 17th Int’l Workshop Quality of Service(IWQoS ’09), 2009.[5]C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia,“Dynamic Provable DataPossession,” Proc. 16th ACM Conf. Computer and Comm. Security (CCS ’09), 2009.[6]D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,” Proc.Seventh Int’l Conf. Theory and Application of Cryptology and Information Security:Advances in Cryptology (ASIACRYPT ’01), pp. 514-532, 2001.[7]Feifei Liu, Dawu Gu, Haining Lu,” An Improved Dynamic Provable Data PossessionModel,” 978-1-61284-204-2/11/$26.00 ©2011 IEEE[8]G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song,“Provable Data Possession at Untrusted Stores,” Proc. 14th ACM Conf. Computer andComm. Security (CCS ’07), pp. 598-609, 2007.[9] G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, “Scalable and Efficient ProvableData Possession,” Proc. Fourth Int’l Conf. Security and Privacy in Comm. Networks(SecureComm ’08), pp. 1-10.[10] H. Shacham and B. Waters, “Compact Proofs of Retrievability,” Proc. 14th Int’l Conf.Theory and Application of Cryptology and Information Security: Advances inCryptology (ASIACRYPT ’08), pp. 90-107, 2008.[11] R Suchithra and Dr.N.Rajkumar, “Virtual Machine Placement in a Virtualized Cloud”,International journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 3,2012, pp. 435 - 445, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.[12] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security in CloudComputing”, International journal of Computer Engineering & Technology (IJCET), Volume3, Issue 1, 2012, pp. 258 - 265, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.[13] V.Ramesh and P.Dhanalakshmi, “Perceiving and Recovering Degraded Data on SecureCloud”, International journal of Computer Engineering & Technology (IJCET), Volume 4,Issue 2, 2013, pp. 229 - 236, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.