Veena Venugopal presented on cloud security and proposed an efficient and secure protocol for data storage in cloud computing. The protocol has three phases - setup, verification, and dynamic operations and verification. In the setup phase, the user encrypts and generates metadata for the file. A third party auditor verifies the integrity of the stored data by generating challenges and checking proofs from the cloud server. The protocol also supports dynamic operations like modification, insertion, and deletion of blocks while maintaining security. It provides confidentiality, public verifiability, and supports efficient dynamic operations on outsourced data in the cloud.

1. VEENA VENUGOPAL
M.Sc. CS
DEPARTMENT OF COMPUTER SCIENCE
UNIVERSITY OF KERALA
KARIAVATTOM CAMPUS

2. What is Cloud Computing ?
What are the benefits of cloud computing ?

3. VIDEO

4. Cloud security
4 / 30Cloud Security19th October 2015
Currently there is an increasing trend in outsourcing data to remote
cloud…
Cloud service providers
Offers huge storage space with low cost
Reduce the maintenance and burden of local data storage

5. Cloud security
Cloud Security 5 / 3019th October 2015

6. Cloud security
Cloud Security 6 / 3019th October 2015

7. Cloud security
Cloud Security
Threats in cloud data storage
The cloud service provider intentionally hide data loss.
The malicious cloud service provider might delete some data or
obtain all the information and sell it to others.
An attacker who intercepts can capture sensitive information
such as business secrets, client details etc.
7 / 3019th October 2015

8. Cloud security
Cloud Security
Existing protocols
 Does not support both confidentiality and integrity issues.
 Dynamic scalability of data is not possible – modification,
insertion and deletion of data blocks.
 All the existing protocols are unable to provide strong
security assurance to users.
8 / 3019th October 2015

9. Cloud security
Cloud Security
Proposed protocol
An Efficient & Secure Protocol for Data
Storage Security in Cloud Computing
9 / 3019th October 2015

10. Cloud security
Cloud Security
Steps :-
User encrypts data to ensure confidentiality.
Compute metadata over encrypted data
Later the verifier can use remote data integrity checking
to verify the integrity
10 / 3019th October 2015

11. Cloud security
Cloud Security
System model
The cloud data storage model considering here consisting of 3
main components :
Cloud user : An individual or an organization storing their data in cloud
and accessing the data
Cloud Service Provider(CSP) : The organization who manages cloud servers
and provides a paid storage on its infrastructure to users as service.
Third Party Auditor(TPA) : The verifier who has expertise and capabilities
to verify the integrity of outsourced data as per the instruction of the user.
11 / 3019th October 2015

12. Cloud security
Cloud Security
Efficient & Secure Storage Protocol
The protocol consists of 3 phases :
Dynamic data operation and verification
Verification
Setup
12 / 3019th October 2015

13. Cloud security
Cloud Security
 Setup
In this phase, the user pre-processes the file before storing in
cloud. The Setup phase consists of three stages, those are:
KeyGen Encryption MetadataGen.
13 / 3019th October 2015

14. Cloud security
Cloud Security
 KeyGen:
In this phase, the user generates private key and public key pair.
The user chooses two large primes p and q of size k .Then compute
n=pq and
Nn =lcm (p+1, q+1).
b is a randomly chosen integer such that gcd(b, n)=1.
It outputs public key PK= {b, n, p} and private key PR ={ Nn }.
14 / 3019th October 2015

15. Cloud security
Cloud Security
 Encryption:
To ensure the confidentiality of data, the file F is divided into
n equal sized data blocks and encrypt them:
F = {m1, m2 ,...mn} = {mi }1 ≤i≤n
F’ m i='=mi + fk (s)
where s is random of size l.
15 / 3019th October 2015

16. Cloud security
Cloud Security
 MetadataGen:
After encrypting the data, the user computes a metadata over
encrypted data to verify the integrity of data, which takes m'i,
public key and private key as inputs and produce metadata as
output
After computation of metadata, the user sends metadata,
public key to the TPA for later verification and sends file F' to
cloud servers for storage.
16 / 3019th October 2015

17. Cloud security
Cloud Security
 Verification
To verify the integrity of data after storing into cloud, the verifier
first creates a challenge and sends to the server. Upon receiving a
challenge from the verifier, the server computes a response as
integrity proof and return to the verifier. It consists of 3 steps :
Challenge ProofGen CheckProof
17 / 3019th October 2015

18. Cloud security
Cloud Security
 Challenge:
The verifier creates a challenge text by taking inputs
public key and random values.
For each data block challenge text is created, then
combined together and send.
18 / 3019th October 2015

19. Cloud security
Cloud Security
 ProofGen:
Upon receiving the challenge from the verifier, the server
computes a response as integrity proof using the following steps,
it takes encrypted data m'i, challenge chal as inputs and produce
response R as output
19 / 3019th October 2015

20. Cloud security
Cloud Security
 Check proof:
After receiving a response from the server, the verifier checks the
integrity using the steps, it takes public key pk, challenge query
chal, and proof R as inputs and return output.
If response is valid, then it returns 1 otherwise 0.
20 / 3019th October 2015

21. Cloud security
Cloud Security
 Dynamic data operation & Verification
The proposed scheme also supports dynamic data operations at
block level while maintaining same security assurance, such as Block
Modification (BM), Block Insertion (BI) and Block Deletion (BD). These
operations are performed by the server based on the user request. The parameter
j indicates the particular block to be updated and m*i is the new block.
In order to update data in cloud, the user creates a request and sends to the
server. Upon receiving an update request from the user, the server performs the
particular update operation (modification/insert/delete).
21 / 3019th October 2015

22. Cloud security
Cloud Security
 Block modification:
Data modification is one of the frequently used operations in cloud
data storage. Suppose, the user wants to modify the block mj with
m'i, then the user runs the steps to do the following:
 Create a new block mj
 Encrypt the new block
 Compute the new metadata
 Create update request and sends to the server.
 The Metadata sends to TPA for later verification
22 / 3019th October 2015

23. Cloud security
Cloud Security
 Block insertion:
To perform an insertion of a new block m* after position j in a
file, the user runs the following:
 Create a new block m*j
 Encrypt the new block
 Compute the new metadata
 Create update request and sends to the server.
 The Metadata sends to TPA for later verification
23 / 3019th October 2015

24. Cloud security
Cloud Security
 Block deletion:
Suppose the user want to delete a specific data block at position j
from file F’
 Create delete request (BD,j) and sends to the server.
 Send request to TPA to delete corresponding metadata.
Server and TPA deletes the corresponding block from the file.
24 / 3019th October 2015

25. Cloud security
Cloud Security
 Verification:
To ensure the security of dynamic data operations, the user verifies the
integrity of updated block immediately after updating as follows:
 The user challenges the server immediately for the proof of update
operation
 Upon receiving a request from the user, the server computes a
response for updated block and returns to the user
 After receiving an update response from the server, the user verifies
whether response is matched with metadata of particular block by
running algorithm, if it returns true, server has been updated data
successfully otherwise not.
25 / 3019th October 2015

26. Cloud security
Cloud Security
Advantages
 It should detect all data corruption if anybody deletes or
modifies the data in cloud storage
 The scheme achieves confidentiality of data
 It is efficient in terms of computation, storage because its key
size is less compared to RSA based solutions.
 This protocol supports public verifiability and dynamic data
operations such as modification, insertion and deletion
26 / 3019th October 2015

27. Cloud security
Cloud Security
CONCLUSION
The proposed protocol is mainly suitable for thin users who have less
resources and limited computing capability
The method satisfies all security and performance requirements of
cloud data storage
It also supports public verifiability that enables TPA to verify the
integrity of data without retrieving original data from the server
The scheme also supports dynamic data operations
27 / 3019th October 2015

28. Cloud Security
• Introduction to Cloud Computing , Prof. Yeh-Ching Chung,
http://cs5421.sslab.cs.nthu.edu.tw/home/Materials/Lecture2 -
IntroductiontoCloudComputing.pdf?attredirects=0&d=1
• NIST (National Institute of Standards and Technology). http://csrc.nist.gov/groups/SNS/cloud-computing/
• M. Armbrust et. al., “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report No.
UCB/EECS-2009-28, University of California at Berkeley, 2009.
• R. Buyya et. al., “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing
as the 5th utility,” Future Generation Computer Systems, 2009.
• Cloud Computing Explained. http://www.andyharjanto.com/2009/11/wanted-cloud-computing-explained-in.html
• From Wikipedia, the free encyclopedia
• “An Efficient and secure protocol for Ensuring Data Storage Security in Cloud Computing” - International
journal of Computer Science Issues ,by Syam kumar P, Subramanian R
BIBLIOGRAPHY
28 / 3019th October 2015

29. Cloud security
Cloud Security 29 / 3019th October 2015

30. Cloud security
Cloud Security
Thank you all…
30 / 3019th October 2015