1. HYBRID
CLOUDS
EFFICIENT PROVABLE
DATA POSSESSION
FOR
YAN ZHU1,2, HUAIXI WANG3, ZEXING HU1, GAIL-JOON AHN4, HONGXIN HU4, STEPHEN S. YAU4
1INSTITUTE OF COMPUTER SCIENCE AND TECHNOLOGY, PEKING UNIVERSITY, BEIJING 100871,
CHINA 2KEY LABORATORY OF NETWORK AND SOFTWARE SECURITY ASSURANCE (PEKING
UNIVERSITY), MINISTRY OF EDUCATION 3SCHOOL OF MATHEMATICAL SCIENCES, PEKING
UNIVERSITY, BEIJING 100871, CHINA 4ARIZONA STATE UNIVERSITY, TEMPE, AZ 85287, USA
{YAN.ZHU,WANGHX,HUZX}@PKU.EDU.CN, {GAHN,HXHU,YAU}@ASU.EDU
CYBER
SECURITY
2. CONTENT
01
02
03
04
05
06
WHAT IS HYBRID CLOUD ?
COMPONENTS IN HYBRID CLOUD STORAGE
CONSTRUCTION OF PDP SCHEMES IN HYBRID CLOUDS
HASH INDEX HIERARCHY
WHAT IS CPDP MODEL ?
FRAGMENT STRUCTURE OF CPDP
3. WHAT IS HYBRID
CLOUD ?
Hybrid cloud storage architecture
is a combination of public and
private cloud storage
architectures. It is designed to
provide organizations with the
flexibility and scalability of public
clouds while ensuring the security
and privacy of private clouds. In a
hybrid cloud storage architecture,
data is stored and accessed from
both public and private cloud
storage infrastructures, allowing
organizations to leverage the
benefits of both environments.
4. COMPONENTS IN HYBRID
CLOUD STORAGE
Private cloud storage: The private cloud storage component provides a secure, dedicated storage
infrastructure within an organization's data center or on-premises environment. It is typically used to
store sensitive or confidential data that needs to be protected from external threats.
Public cloud storage: The public cloud storage component provides a scalable, cost-effective storage
infrastructure that can be accessed over the Internet. It is typically used to store less sensitive data
that needs to be accessed from anywhere and by anyone.
Hybrid cloud storage gateway: The hybrid cloud storage gateway is a software or hardware appliance
that connects the private and public cloud storage components. It provides a unified view of the entire
storage infrastructure and allows data to be seamlessly moved between the two environments.
5. Data migration tools: Data migration tools are used to move data between the private and public cloud
storage components. They ensure that data is securely transferred between the two environments and
that data integrity is maintained throughout the migration process.
Security and compliance tools: Security and compliance tools are used to ensure that data stored in
the hybrid cloud storage architecture is protected from unauthorized access, theft, or loss. They also
help organizations comply with industry and government regulations related to data privacy and
security.
Data backup and disaster recovery: Data backup and disaster recovery are critical components of a
hybrid cloud storage architecture. Organizations need to ensure that their data is backed up regularly
and that they have a disaster recovery plan in place in case of a catastrophic event.
6. CONSTRUCTION OF PDP
SCHEMES IN HYBRID CLOUDS
Provable Data Possession (PDP) schemes are cryptographic techniques used to
ensure that a remote storage server has not tampered with or lost any data that has
been entrusted to it by a client. Hybrid clouds, on the other hand, are cloud
computing environments that combine both private and public clouds. PDP schemes
can be constructed in hybrid clouds to provide a secure and reliable method for
storing and retrieving data.
There are several techniques that can be used to construct PDP schemes in hybrid
clouds like, Replication-based, Encryption-based, and Erasure-coded PDP schemes.
In all of these techniques, the PDP scheme is constructed in such a way that the data
owner can verify the integrity and availability of their data without having to
download the entire data from the remote server. This makes PDP schemes in hybrid
clouds efficient, scalable, and secure, allowing for the reliable storage and retrieval of
data in cloud computing environments.
7. HASH INDEX HIERARCHY
Hash index hierarchy is a data structure used in computer science to organize and access
large amounts of data efficiently. It is a hierarchical structure that uses hash functions to
map keys to specific locations in memory, allowing for fast retrieval of data.
Here's a brief explanation of each layer of the Hash Index Hierarchy:
First Layer (Express Layer): This layer provides an abstract representation of the stored
resources. It is responsible for handling metadata and other non-data aspects of storage.
The express layer typically consists of a database or index that allows for efficient
searching and organization of stored data.
Second Layer (Service Layer): The service layer promptly offers and manages cloud
storage services. It serves as a bridge between the express and storage layers, providing a
standardized interface for clients to interact with the storage system. The service layer is
responsible for managing user authentication, access control, and resource allocation.
Third Layer (Storage Layer): The storage layer directly realizes data storage on many
physical devices. It consists of the physical infrastructure, including servers, storage
devices, and network components, that stores and manages the data. The storage layer is
responsible for data replication, backup, and recovery, ensuring that data is always
available and protected.
8. WHAT IS CPDP MODEL ?
The Cooperative Provable Data Possession (CPDP) model is a method of ensuring the
integrity and availability of data stored in a remote server or cloud storage. It is designed
to address security concerns that arise when individuals or organizations store their data
on remote servers that are not under their direct control.
The data owner generates a set of cryptographic keys that are used to create a proof of
possession (PoP) for each block of data that is stored on the remote server. The PoP is a
small piece of data that can be used to verify that the corresponding block of data has not
been tampered with or deleted.
The data owner requests that the server provides a set of challenges that require the
server to provide PoPs for random blocks of data stored on the server. The server must
provide the correct PoP for each block in order to prove that the data has not been
tampered with or deleted. If the server fails to provide the correct PoP for any block, the
data owner can assume that the data has been tampered with and take appropriate action.
The CPDP model provides a way for data owners to ensure that their data remains secure
and available even when it is stored on remote servers or cloud storage.
9. FRAGMENT STRUCTURE OF
CPDP
The fragment structure of the Cooperative Provable Data Possession (CPDP) model is a way of dividing
the data into smaller, manageable pieces to allow for efficient processing and storage.
In the CPDP model, the data is divided into fixed-size blocks or fragments, which are typically a few
kilobytes in size. Each fragment is associated with a unique identifier, known as a fragment ID, which is
used to track and verify the fragment's integrity.
The data owner generates a set of cryptographic keys, including a set of secret keys and a set of
public keys, which are used to generate the proofs of possession (PoPs) for each fragment. The secret
keys are kept secret by the data owner, while the public keys are provided to the server for verification
To store the data on the remote server, each fragment is first encrypted using a symmetric encryption
algorithm, such as Advanced Encryption Standard (AES), with a unique key. The unique key for each
fragment is then encrypted using a public key encryption algorithm, such as RSA, with the server's
public key, and stored on the server along with the encrypted fragment.
10. When the data owner requests a set of challenges, the server selects a random set of fragments and
sends their corresponding fragment IDs to the data owner. The data owner uses their secret key to
compute the PoP for each selected fragment and sends them back to the server for verification. The
server then uses the corresponding public key to verify the PoP for each fragment and sends the result
back to the data owner.
If the server fails to provide the correct PoP for any fragment, the data owner can assume that the
corresponding fragment has been tampered with or deleted, and take appropriate action to ensure the
integrity and availability of their data.
11. Made by :
Hardikkumar P. Patel (21BT04141)
Janak M. Radadiya (21BT04094)
Preet H. Prajapati (21BT04094)
THANK YOU
CYBER
SECURITY