1. PUBLIC AUDITING
FOR SECURE CLOUD STORAGE
Anand K Menon[MTALECS004 ]
Bharath Chandran Nair[MTALECS015]
Godwin C Antony[MTALECS025]
Eighth semester B.Tech CSE, Department of Computer Science,
Met’s School of Engineering,Mala,
Under the Guidance of
Miss.Asha S
Assistant Professor, Dept. of CSE,
Met’s School of Engineering,Mala
2. OUTLINE OF THE PRESENTATION
o OBJECTIVE
o INTRODUCTION
o LITERATURE SURVEY
o EXISTING METHOD
o PROBLEM DESCRIPTION
o BLOCK DIAGRAM
o PROPOSED METHOD
o APPLICATIONS
o RESULT AND DISCUSSION OF BASE PAPER
o EXECUTION TOOLS
o CONCLUSION
o REFERENCES
3. OBJECTIVE
The objective of the system is to develop a system
that would enable the cloud users to have control
over their data so that they can ensure that their
data is secured and not corrupted.
It provides security to the users data by encrypting
the data and splitting up the file into small blocks for
storage.
Auditing the cloud storage without demanding a
local copy of data enables more efficiency.
4. INTRODUCTION
Cloud computing customers do not own a physical
infrastructure; rather they rent the usage from a third
party provider.
They consume resources as a service and pay only for
resources that they use.
Cloud computing comes in three forms: public clouds,
private clouds, and hybrids clouds.
Public clouds offer the greatest level of efficiency in
shared resources but are more vulnerable.
Private clouds offer the greatest level of security and
control, but they require the company to still purchase
and maintain all the software and infrastructure.
Hybrid cloud includes both public and private
options.The downside is that we have to keep track of
multiple different security platforms.
5. Cloud computing provides on demand self
services,location independent resource
pooling,rapid resource elasticity,usage based
pricing etc..
Challenge faced is security threats towards users
outsourced data.
Here the correctness of user data in the cloud is put
at risk.
CSP might reclaim storage for monetary reasons by
discarding rarely accesed data or even hiding data
corruption due to server hacks over byzantine
failures.
6. LITERATURE REVIEW
SL
.N
O
AUTHOR YEAR TITLE DESCRIPTION
1 P. Mell and T.
Grance
June 2009 DraftNISTworking
definitionofcloud
computing
Subscribers should identify the specific resources that are
suitable for migrating data into and out of clouds.
Resources could be services such as: (1) email, (2)
data repositories such as shared documents, or (3) systems that run in
virtualized environments.
2 M. Arrington December
2006
Gmail disaster: Reports
of mass email
deletions
Cloud Computing provides convenient on demand network access to
a shared pool of configurable computing
resources that can be rapidly deployed with the great efficiency and
minimal management overhead.
3 J. Kincaid December
2006.
MediaMax/TheLinkup
Closes Its Doors
To achieve the assurances of cloud data
integrity and availability and enforce the quality of
dependable cloud storage service for users, To
propose an effective and flexible distributed
scheme with explicit dynamic data support,
including block update, delete, and append.
7. LITERATURE REVIEW
S
L
.
N
O
AUTHOR YEAR TITLE DESCRIPTION
4 M.A.Shah,R.Swamina
than, and M. Baker
Oct.
2008
Privacy-preserving audit
and extraction of digital
contents
A growing number of online services, such as Google, Yahoo!,
and Amazon, are starting to charge users for their storage.
Customers often use these services to store valuable data such as
email, family photos and videos, and disk backups. Today, a
customer must entirely trust such external services to maintain
the integrity of hosted data and return it intact.
5 Q. Wang, C. Wang, J.
Li, K. Ren, and W.
Lou
Sep.
2009
Enabling publicverifiability
and data dynamics for
storage security in cloud
computing
Cloud Computing has been envisioned as the next-generation
architecture of IT Enterprise. It moves the application software
and databases to the centralized large data centers, where the
management of the data and services may not be fully
trustworthy.
6 G. Ateniese, S.
Kamara, and J. Katz
2009 Proofs of storage
fromhomomorphic
identification protocols
Proofs of storage (PoS) are interactive protocols allowing a client
to verify that a server faithfully stores a file. Previous work has
shown that proofs of storage can be constructed from any
homomorphic linear authenticator (HLA). The latter, roughly
speaking, are signature/message authentication schemes where
`tags' on multiple messages can be homomorphically combined
to yield a `tag' on any linear combination of these messages.
8. 8
BASIC SCHEME 1
MAC
key
File block
code
Message Authentication Code (MAC)
Block 1 Block nBlock 2 …
File is divided into blocks
Cloud
user
TPA
Block 1 Block n…Block 2
code 1 code n…code 2
-User computes the MAC of every file block
-Transfers the file blocks & codes to cloud
-Shares the key with TPA
Audit
-TPA demands a random number of
blocks and their code from CSP
-TPA uses the key to verify the
correctness of the file blocks
Drawbacks: -The audit demands retrieval of user’s data; this is not privacy-preserving
-Communication and computation complexity are linear with the sample size
EXISTING METHOD
9. 9
BASIC SCHEME 2
Block 1 Block n…Block 2
code 1 code n…code 2
code 1 code n…code 2
code 1 code n…code 2
Key 1
Key 2
Key s
…
user
Cloud
TPA
Block 1 Block m…Block 2
Setup
-User uses s keys and computes the MAC for blocks
-User shares the keys and MACs with TPA
Audit
-TPA gives a key (one of the s keys) to CSP and requests MACs for the blocks
-TPA compares with the MACs at the TPA
-Improvement from Scheme 1: TPA doesn’t see the data, preserves privacy
-Drawback: a key can be used once.
-The TPA has to keep a state; remembering which key has been used
-Schemes 1 & 2 are good for static data (data doesn’t change at the cloud)
10. PROBLEM DESCRIPTION
Audit cloud storage demanding local copy of data.
Violates the privacy-preserving guarantee.
Large communication overhead and time delay.
Band-width available between the TPA and the
cloud server is limited.
Auditor can modify user data.
Copy of user data on auditing side.
No data control on user side.
The number of times a particular data file can be
audited is limited by the number of secret key.
11. BLOCK DIAGRAM
U: cloud user has a large amount of data files to store in the cloud
CS: cloud server which is managed by the CSP and has significant
data storage and computing power (CS and CSP are the same in
this paper)
TPA: third party auditor has expertise and capabilities that U and
CSP don’t have. TPA is trusted to assess the CSP’s storage security
upon request from U
13. Consists of four algorithms (KeyGen, SigGen,
GenProof, VerifyProof)
KeyGen: key generation algorithm that is run by
the user
SigGen: used by the user to generate verification
metadata, which may consist of MAC, signatures or
other information used for auditing
GenProof: run by the cloud server to generate a
proof of data storage correctness
VerifyProof: run by the TPA to audit the proof
from the cloud server
14. 14
user KeyGen
Public key (sk)&
Secret key (pk)
Setup
SigGenuser
sk
Block 1 Block 2 Block n…
σ1 …σ2 σn
Block 1 Block n…Block 2
σ1 … σnσ2
1- User generates public
and secret parameters
2- A code is generated for
each file block
3- The file blocks and their codes
are transmitted to the cloud
Audit
-TPA sends a challenge
message to CSP
-It contains the position
of the blocks that will be
checked in this audit
GenProofCSP
Selected blocks in challenge
Aggregate authenticator
-CSP also makes a linear combination
of selected blocks and applies a
mask. Separate PRF key for each
auditing.
-CSP send aggregate authenticator &
masked combination of blocks to TPA
VerifyProofTPA
Masked linear combination of requested blocks
Aggregate authenticator
Compare the obtained Aggregate
authenticator to the one received from
CSP
15. PROPOSED METHOD
Public auditing scheme which provides a complete
outsourcing solution of data– not only the data
itself, but also its integrity checking
System consist of client and server side application
and website.
Effectively audit cloud storage without demanding
local copy of data.
Extensive security and performance analysis shows
provably secure and highly efficient.
Data conrtol in the hands of users only.
16. APPLICATIONS
Used in applications that require public auditing.
Can be used for batch auditing.
Application that ensures storage correctness.
28. DISCUSSION OF BASE PAPER
Objective of the Project
The objective of the system is to develop a system
that would enable the cloud users to have control
over their data so that they can ensure that their
data is secured and not corrupted.
Scope of the Project
“ Trusted Cloud Services” provides a security
solution to the cloud users. It ensures that the data
of the users that have been stored in a remote
server is secured and controlled.
29. Constraints
Only the registered users will be authorized to use the
service.
A trustworthy TPA is required to audit the storage.
Assumptions and dependencies
The project will not change in scope
The resources identified will be available upon request
Approved funding will be available upon request
Only the registered users can access the Website
Roles and tasks are predefined.
30. EXECUTION TOOLS
Hardware Requirements
Intel Pentium dual core processor or above
1 GB RAM
200 GB HDD
Other standard peripherals
Software Requirements
Operating system : windows XP
Tool: Netbeans IDE 6.1
Programming Package : Jdk.5.0
Database :MySQL
Server :Glassfish v2
31. CONCLUSION
The aim of the project is to develop a system that
would enable the cloud users to have control over
their data so that they can ensure that their data is
secured .
They can know whether there is any data loss or
corruption by logging into the website.
TPA would not learn any knowledge about the
data content stored on the cloud server during the
efficient auditing process.
TPA can perform multiple auditing tasks in a batch
manner for better efficiency.
Schemes are provably secure and highly efficient.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41. REFERENCE
P. Mell and T. Grance, “Draft NIST working definition of cloud
computing,” Referenced on June. 3rd, 2009 Online at
http://csrc.nist.gov/groups/SNS/cloud-computing/index.
html, 2009.
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz,
A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica,
and M. Zaharia, “Above the clouds: A berkeley view of cloud
computing,” University of California, Berkeley, Tech.
M. Arrington, “Gmail disaster: Reports of mass email deletions,”
Online at http://www.techcrunch.com/2006/12/28/gmail-
disasterreports-of-mass-email-deletions/,December 2006.
J. Kincaid, “MediaMax/TheLinkup Closes Its Doors,” Online at
http://www.techcrunch.com/2008/07/10/ mediamaxthelinkup-closes-
its-doors/, July 2008.
Amazon.com, “Amazon s3 availability event: July 20, 2008,” Online
at http://status.aws.amazon.com/s3-20080720.html,2008.
42. S. Wilson, “Appengine outage,” Online at http://www.cio-
weblog.com/50226711/appengine outage.php, June 2008.
B. Krebs, “Payment Processor Breach May Be Largest Ever,”, Jan.
2009.
G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z.
Peterson, and D. Song, “Provable data possession at untrusted
stores,” in Proc. of CCS’07, Alexandria, VA, October 2007, pp. 598–
609.
M. A. Shah, R. Swaminathan, and M. Baker, “Privacypreservingaudit
and extraction of digital contents,” Cryptology Print Archive, Report
2008/186, 2008.
Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, “Enabling public
verifiability and data dynamics for storage security in cloud
computing,” in Proc. of ESORICS’09, volume 5789 of LNCS.
Springer-Verlag, Sep. 2009, pp. 355–370.