This document proposes a privacy-preserving public auditing scheme for data storage in cloud computing. It allows a third party auditor (TPA) to efficiently audit the integrity of outsourced data in the cloud without learning anything about the data contents. The scheme utilizes homomorphic linear authenticators and random masking to guarantee privacy during the auditing process. It also supports batch auditing, allowing the TPA to concurrently audit data from multiple users at once in an efficient manner. The goal is to enable public auditing while maintaining privacy, correctness of stored data, and lightweight computation and communication overhead.
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
CLOUD STORAGE PRIVACY AUDIT
1. STORAGE PRIVACY PROTECTION AGAINST DATA
LEAKAGE THREADS IN CLOUD COMPUTING
K ABHINANDAN REDDY
M.Tech 2nd
Year , CSE
abhinandan232@gmail.com
__________________________________________________________________________
Abstract - Using Cloud Storage, users can
remotely store their data and enjoy the on-
demand high quality applications and services
from a shared pool of configurable computing
resources, without the burden of local data
storage and maintenance.However, the fact that
users no longer have physical possession of the
outsourced data makes the data integrity
protection in Cloud Computing a formidable
task, especially for users with constrained
computing resources. Moreover, users should be
able to just use the cloud storage as if it is local,
without worrying about the need to verify its
integrity
This paper proposes privacy preserving public
auditability for cloud storage is of very
importance so that users can arrange to a third
party auditor (TPA) to check the integrity of
outside data and be worry-free. To securely
initiate an effective TPA, the auditing process
should bring no new security challenges towards
user data privacy and no additional online
burden to user. This paper proposes a secure
cloud storage system supporting privacy-
preserving public auditing. We further extend the
TPA to perform audits for multiple users
simultaneously and efficiently.
Index terms – Cloud storage, privacy- protection,
public auditability, cloud computing.
I. INTRODUCTION
Cloud computing promises lower costs, rapid
scaling, easier maintenance, and service
availability anywhere, anytime, a key challenge
is how to ensure and build confidence that the
cloud can handle user data securely.
Cloud computing is transforming the very
nature of how businesses use information
technology. From user’s prospective, including
both individuals and IT enterprises, storing data
remotely to the cloud in a flexible on-demand
manner brings appealing benefits: relief of the
burden for storage management, universal data
access with independent geographical locations,
and avoidance of capital expenditure on
hardware, software, and personnel maintenances,
etc.
While cloud computing makes these advantages
more appealing than ever, it also brings new and
challenging security threats towards user’s
outsourced data. Data outsourcing is actually
relinquishing user’s ultimate control over the
fate of their data. As a result, the correctness of
113
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
2. the data in the cloud is being put at risk due to
the following reasons.
i) The infrastructures under the cloud are much
more powerful and reliable than personal
computing devices; they are still facing the
broad range of both internal and external
threats for data integrity.
ii) There do exist various motivations for Cloud
Service Provider to behave unfaithfully
towards the cloud users regarding the status
of their outsourced data.
The problem, if not properly addressed, may
impede the successful deployment of the cloud
architecture. As users have no longer physically
posses the storage of their data, traditional
cryptographic primitives for the purpose of the
data security protection cannot be directly
adopted. Considering the large size of the
outsourced data and the user’s constrained
resource capability, the tasks of auditing the data
correctness in cloud environment can be
formidable and expensive for the cloud users.
Moreover, the overhead of using cloud storage
should be minimized as much as possible, such
that user does not need to perform too many
operations to use the data.
To fully ensure the data integrity and save the
cloud user’s computation resources as well as
online burden, it is of critical importance to
enable public auditing service for cloud data
storage, so that user’s may resort to an
independent third party auditor (TPA) to audit
the outsourced data when needed. In addition to
help users to evaluate the risk of their subscribed
cloud data services, the audit result from TPA
would also beneficial for the cloud service
providers to improve their cloud based service
platform.
Recently, the notation of public auditability has
been proposed in the context of ensuring
remotely stored data integrity under different
system and security models. Public auditability
allows external party, in addition to the user
himself, to verify the correctness of remotely
stored data. From the perspective of protecting
data privacy, the users, who own the data and
rely on TPA just for the storage security of their
data, do not want this auditing process
introducing new vulnerabilities of unauthorized
information leakage towards their data security
Exploiting data encryption before outsourcing is
one way to mitigate this privacy concern, but it
is only complementary to the privacy preserving
public auditing scheme to be proposed in this
paper. Without a properly designed auditing
protocol, encryption itself cannot prevent data
from “flowing away” towards external parties
during the auditing process. Therefore, how to
enable a privacy-preserving third-party auditing
protocol, independent to data encryption, is the
problem we are going to tackle in this paper.
To address these problems, our work utilizes the
technique of public key based homomorphic
linear authenticator (or HLA for short), which
enables TPA to perform the auditing without
demanding the local copy of data and thus
drastically reduces the communication and
computation overhead as compared to the
straightforward data auditing approaches. By
integrating the HLA with random masking, our
114
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
3. protocol guarantees that the TPA could not learn
any knowledge about the data content stored in
the cloud server during the efficient auditing
process.
a) Design Goals
To enable privacy-preserving public auditing for
cloud data storage our protocol design should
achieve the following security and performance
guarantees.
1) Public auditability: to allow TPA to verify
the correctness of the cloud data on demand
without retrieving a copy of the whole data
or introducing additional online burden to
the cloud users.
2) Storage correctness: to ensure that there
exists no cheating cloud server that can pass
the TPA’s audit without indeed storing
user’s data intact.
3) Privacy-preserving: to ensure that the TPA
cannot derive user’s data content from
information collected during the auditing
process.
4) Batch Auditing: to enable TPA with secure
and efficient auditing capability to cope with
multiple auditing delegations from possibly
large number of different users
simultaneously.
5) Lightweight: to allow TPA to perform
auditing with minimum communication and
computation overhead.
II. PRPOSED SCHEMES
This heading presents our public auditing
scheme which provides a complete outsourcing
solution of data -not only the data itself, but also
it integrity security. Then we present our main
scheme and show how to extent our main
scheme to support batch auditing for the TPA
upon delegations from multiple users. Finally we
discuss how to generalize our privacy-preserving
public auditing scheme and its support of data
dynamics.
a) Our Framework & Definitions
We follow similar definition of previously
proposed schemes in the context of remote data
integrity checking and adapt the framework for
our privacy preserving public auditing system.
A public auditing scheme consists of four
algorithms (KeyGen, SigGen, GenProof,
VerifyProof).
KeyGen: is a key generation algorithm run by
the user to setup the scheme.
SigGen: is used by the user to generate
verification metadata, which may consist of
MAC, signatures, or other related information
that will be used for auditing.
GenProof: is run by the CS (Cloud server) to
generate a proof of data storage correctness,
while VerifyProof is run by the TPA to audit the
proof from the cloud server.
Running a public auditing system consists of two
phases, Setup and Audit:
Setup: the user initializes the public and secret
parameters of the system by executing KeyGen,
and pre-processes the data file by using SigGen
to generate verification metadata.
Audit: the TPA issues an audit message or
challenge to the cloud server to make sure that
115
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
4. the cloud server has retained the data file
properly at the time of the audit. The CS will
derive a response message from a function of the
stored data file and its verification metadata by
executing GenProof. The TPA then verifies the
response via VerifyProof.
Our frame work assumes the TPA is stateless,
which is a desirable property achieved by our
proposed solution. It is easy to extend the
framework above to capture a stateful auditing
system, essentially by splitting the verification
metadata into two parts which are stored by the
TPA and the cloud server respectively.
b) Basic Schemes
HLA-based solution. To effectively support
public auditability without having to retrieve the
data blocks themselves, the HLA technique can
be user HLA’s like MACs are also some
unforgeable verification metadata that
authentication the integrity of a data block. The
difference is that HLAs can be aggregate.
c) Privacy-Preserving Public Auditing
Scheme
To achieve privacy-preserving public auditing,
we propose to uniquely integrated the homophic
linear authenticator with random masking
technique. On the other hand, the correctness
validation of the block- authenticator pairs can
still be carried out in a new way which will be
shown shortly, even with the presence of the
randomness. Our design makes use of public key
based HLA, to equip the auditing protocol with
public auditability. Moreover, we use the HLA
proposed, which is based on the short signature
scheme proposed by Boneh,Lynn and Shacham
(BLS).
d) BLS Schema Details
Let G1, G2, and GT be multiplicative cyclic group
of primary order and e: G1 X G2→ GT . the BLS
map as introduced in mainly.
Setup Phase: the cloud user runs KeyGen
algorithm to generate the public and secrete
parameters. A then the user runs SigGen to
compute authenticator for each block and name
is chosen by the user uniformity at random.
Audit Phase: the TPA first retrieves the file tag.
With respect to the mechanism in the setup
phase, the TPA verifies the signature and quits
by emitting FALSE if the verification fails.
Otherwise, the TPA recovers name.
Now it comes to the core part of the auditing
process. To generate the challenge message for
the audit, the TPA picks a random element
subset of set [1, n]. then the TPA sends challenge
message to the server.
Upon receiving challenge, the server runs
GenProof to generate a response proof of data
storage correctness.
b) Support for Batch Auditing
With the establishment of privacy-preserving
public auditing the TPA concurrently handle
multiple upon different user’s delegation. The
individual auditing of these tasks for the TPA
can be tedious and very inefficient. It is more
advantageous for the TPA to batch these
multiple tasks together and audit at one time.
116
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
5. Keeping this in mind, we slightly modify our
protocol in a single user case, and achieve the
aggregation of K verification equations into
single on.
III. CONCLUSION
In this paper, we propose a privacy-preserving
public auditing system for data storage security
in cloud computing. We utilize the homomorphic
linear authenticator and random masking to
guarantee that TPA would not learn any
knowledge about the data content stored on the
cloud server during efficient auditing process.
And we slight change our protocol, the TPA can
perform multiple audit sessions from different
users for their outsourced data files. Extensive
analysis shows that our schemes are provably
secure and highly efficient.
REFERENCES
[1]Cong Wang, Qian Wang, Kui Ren, Wenjing
Lou “Privacy-Preserving Public Auditing for
Secure Cloud Storage” in Proc. of Compu-
ters”, pp. 362-375, 2013.
[1] C. Erway, A. Kupcu, C. Papamanthou, and
R. Tamassia, “Dynamic provable data
possession,” in Proc. of CCS’09, 2009, pp.
213–222.
[2] M. A. Shah, R. Swaminathan, and M. Baker,
“Privacypreserving audit and extraction of
digital contents,” Cryptology ePrint Archive,
Report 2008/186, 2008.
[3] G. Ateniese, R. Burns, R. Curtmola, J.
Herring, L. Kissner, Z. Peterson, and D.
Song, “Provable data possession at untrusted
stores,” in Proc. of CCS’07, Alexandria, VA,
October 2007, pp. 598–609.
[4] C.Wang, Q.Wang, K. Ren, andW. Lou,
“Ensuring data storage security in cloud
computing,” in Proc. of IWQoS’09, July
2009, pp. 1–9.
[5] R. C.Merkle, “Protocols for public key
cryptosystems,” in Proc. of IEEE
Symposium on Security and Privacy, Los
Alamitos, CA, USA, 1980.
[6] S. Yu, C. Wang, K. Ren, and W. Lou,
“Achieving secure, scalable, and fine-
grained access control in cloud computing,”
in Proc. of IEEE INFOCOM’10, San Diego,
CA, USA, March 2010.
AUTHORS
Mr.K ABHINANDAN
REDDY received the
Narayana Engineering
College, Nellore, B.Tech
degree in computer
science & engineering from the Jawaharlal
Nehru technological university Anantapur, in
2012, and received the Audisankara Institute of
Technology, Gudur M.Tech degree in computer
science engineering from the Jawaharlal Nehru
technological university Anantapur in 2014,
respectively. He Participated National Level
Paper Symposiums in different Colleges.
117
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in