Efficient Audit Services for Data Outsourcing in Clouds

Similar documents
SignEPC : A Digital Signature Scheme for Efficient and Scalable Access Control in EPCglobal Network

A Secured Mutual Authentication Protocol For RFID System

Supplier Security Directives

Fulfilling CDM Phase II with Identity Governance and Provisioning

Blockchain Role in Smart Cities/IoT Security A Cryptographic Perspective!

Super Schlumberger Scheduler

Privacy Management for Medical Service Application using Mobile Phone collaborated with RFID Reader

Smart Ration Card System Using QR Code and One Time Password

PREDICTIVE INTELLIGENCE SECURITY, PRIVACY, AND ARCHITECTURE

Design and Implementation of Office Automation System based on Web Service Framework and Data Mining Techniques. He Huang1, a

Enabling Robust Information Accountability in E-healthcare Systems

A Lightweight and Practical RFID Grouping Authentication Protocol in Multiple-Tag Arrangements

Efficient System for Maximizing Profit in cloud Computing

IMPLEMENTATION FOR ENHANCING SECURITY OF RFID CARD

IBM QRadar SIEM. Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights

A Dynamic Cloud Computing Platform for ehealth Systems

Electronic I-9 Documentation Guardian Electronic I-9 and E-Verify Compliance with 8 CFR 274a.2

IBM System Storage. IBM Information Archive: The next-generation information retention solution

ABSTRACT. Keywords: Cloud Computing, Mobile Cloud Computing, infrastructures, applications, etc. I. INTRODUCTION

Cloud based Solution for Small and Medium Franchisees

Cloud, Big Data, Android, Struts2, Spring, Java-SEEE

Mobile Agent Code Updating and Authentication Protocol for Code-centric RFID System

ISO 9001:2015 Internal Audit Checklist 7.0 Support

Enhancing SWITCHaai with Micropayment Functionality for Swiss Universities White Paper

Security intelligence for service providers

Modified Truthful Greedy Mechanisms for Dynamic Virtual Machine Provisioning and Allocation in Clouds

Approaches to Communication Organization Within Cyber-Physical Systems

SIMPLE FUND 360: AN AUDITORS GUIDE. Australia s leading cloud SMSF admin solution AN AUDITORS GUIDE.

Security issues in RFID Middleware Systems: Proposed EPC implementation for network layer attacks

teamplay data sheet valid from March 2017 teamplay data sheet siemens.com/teamplay

HP Renew Program fits the bill

Managing FTI Data Compliance. Addressing Publication 1075

Lightweight Cryptography for RFID Systems

Statistics Centre Abu Dhabi Charter of Code of Practices

Robust Coercion-Resistant Registration for Remote E-voting (Extended Abstract)

IBM United States Software Announcement , dated August 21, 2018

Preparation Guide to the New European General Data Protection Regulation

Industrie 4.0 Starter Pack

Security overview. 2. Physical security

Low-cost RFID identification variation

CHAPTER 6 DYNAMIC SERVICE LEVEL AGREEMENT FOR GRID RESOURCE ALLOCATION

siemens.com/teamplay teamplay data sheet

POLOPOLY V9 TECHNICAL OVERVIEW. System Architecture Templates and Presentation Modules

Demand Based Efficient Electricity Distribution for Household Using Iot

TRANSPARENCY AND INFORMATION SECURITY IN AN AUTOMATED ELECTION SYSTEM

TokenD principles. A framework for enterprise tokenization platforms. Distributed Lab

IT Governance and the Audit Committee Recognizing the Importance of Reliable and Timely Information

Reassignment Scheme of an RFID Tag s Key for Owner Transfer

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

The Accurate Marketing System Design Based on Data Mining Technology: A New Approach. ZENG Yuling 1, a

Cyber Security - a New Challenge for Production (Management) Heiko Wolf, Manager R&D Program PSImetals FutureLab

Policy Outsourcing and Cloud-Based File Sharing

Atlant s atwatch CAPA TM. Corrective and Preventive Action System (CAPA) Product & Services Bundle for

Financial Reporting On the Internet

P a g e 1. Course Description

Canadian Self-Regulatory Principles for Online Behavioural Advertising

Multi-Level µtesla: A Broadcast Authentication System for Distributed Sensor Networks

IBM Security Investor Briefing 2018

Data integrity forensics Bring transparency and trust to third-party data use

THE CLOUD, RISKS AND INTERNAL CONTROLS. Presented By William Blend, CPA, CFE

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

Laboratory Management Based on Internet of Things. Jianming Huang

BUILDING A PRIVATE CLOUD

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

Detecting Anomalous Behavior with the Business Data Lake. Protecting the Enterprise with Next-Generation Analytics.

LIMS FOR TESTING LABORATORIES AN OVERVIEW OF FEATURES AND COMPLIANCE FOR TESTING LABORATORIES

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On-Premise Software

Jetstream Certification and Testing

Blockchain: A revolutionary change or not?

Making the Grid Pay - Economic Web Services

Resource Scheduling in Hybrid Grid Environment

WHY COMMERCIAL REAL ESTATE FIRMS ARE EMBRACING OFFICE 365. Find out how out-of-the-box Cloud services in Office 365 can help you grow your practice

IPDR BASED BILLING SYSTEM FOR VoIP

MANAGEMENT INFORMATION SYSTEMS (MIS)

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

Consolidated Fax Solutions Brief

DocuLynx Mercury Web Seamless Access to Document Archives

D.1.2 Report on requirements study II

Automatic Demand Draft Generation using the Automated Teller Machine

Secure EPCglobal Class-1 Gen-2 RFID System Against Security and Privacy Problems

IBM Clinical Development

Service description. Dispatch, receipt and archiving of e-bills Effective from

MSP: TRENDS, CHALLENGES AND THE KEYS TO SUCCESS IN MANAGED SECURITY IN 2017

Resource Utilization & Execution Time Enhancement by Priority Based Preemptable Shortest Job Next Scheduling In Private Cloud Computing

GDPR COMPLIANCE: HOW AUTOMATION CAN HELP

Use of Distributed Ledger Technology to control Unsolicited Commercial Communication. Pavan Gupta, Jt. Advisor Telecom Regulatory Authroty of India

Believe in a higher level of IT Security SECUDE Business White Paper. How to Improve Business Results through Secure Single Sign-on to SAP

SERVICE DESCRIPTION MANAGED PRIVATE CLOUD

The Benefits of Remote Signing & eidas INFOCOM CYPRUS 2017

CHAPTER 3 ENTERPRISE SYSTEMS ARCHITECTURE

MODELS OF MOBILE PAYMENTS

A Social Compute Cloud: For Sharing Resources

SAP Enterprise Threat Detection Overview & Roadmap. Martin Plummer, SAP SE November 2016

Cryptographic protocol for electronic auctions with extended requirements.

IARPA: ADVANCED CYBER RESEARCH IN A CONNECTED WORLD DR. STACEY DIXON

Bitcoin: A Digital Currency In Cryptography We Trust

EDI in e-commerce application and safety measures. Liu Dan

Implications of Real-Time Versus Batch Reporting for Surveillance

DECENTRALIZED NETWORK FOR DATA EXCHANGE AND STORAGE "MASTERCHAIN" Version 1.1 WHITEPAPER

Sarbanes-Oxley Compliance Kit

Transcription:

IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 16, Issue 6, Ver. VI (Nov Dec. 2014), PP 24-28 Efficient Audit Services for Data Outsourcing in Clouds Anuraj C.K (Department of Computer Science and Engineering, Sapthagiri College of Engineering, Dharmapuri/Anna University,Chennai) Abstract: This paper introduce a dynamic audit service for integrity verification of untrusted and outsourced storages. Our audit service is constructed based on the techniques, fragment structure, random sampling, and index-hash table, supporting provable updates to outsourced data and timely anomaly detection. Constructed on interactive proof system (IPS) with the zero knowledge property, our audit service can provide public auditability without downloading raw data and protect privacy of the data. Also, our audit system can support dynamic data operations and timely anomaly detection with the help of several effective techniques, such as fragment structure, random sampling, and index-hash table (IHT). We also propose an efficient approach based on probabilistic query and periodic verification for improving the performance of audit services. A proof-ofconcept prototype is also implemented to evaluate the feasibility and viability of our proposed approaches. Our experimental results not only validate the effectiveness of our approaches, but also show that our system does not create any significant computation cost and require less extra storage for integrity verification. Keywords: Cloud storage, audit service, storage security I. Introduction The cloud storage service (CSS) relieves the burden for storage management and maintenance. However, if such an important service is vulnerable to attacks or failures, it would bring irretrievable losses to the clients because their data or archives are stored in an uncertain storage pool outside the enterprises. These security risks come from the following reasons: First, the cloud infrastructures are much more powerful and reliable than personal computing devices, but they are still susceptible to internal threats (e.g., via virtual machine) and external threats (e.g., via system holes) that can damage data integrity; second, for the benefits of possession, there exist various motivations for cloud service providers (CSP) to behave unfaithfully toward the cloud users ; furthermore, disputes occasionally suffer from the lack of trust on CSP because the data change may not be timely known by the cloud users, even if these disputes may result from the users own improper operations [1]. Therefore, it is necessary for CSP to offer an efficient audit service to check the integrity and availability of stored data [2]. Therefore, security and performance objectives such as Public auditability, dynamic operations, timely detection, effective forensic are the objectives should be addressed to achieve an efficient audit for outsourced storage in clouds. Public auditability: To allow a third party auditor (TPA) or clients with the help of TPA to verify the correctness of cloud data on demand without retrieving a copy of the whole data or introducing additional online burden to cloud services. Dynamic operations: To ensure there is no attack to compromise the security of verification protocol or cryptosystem by using dynamic data operations. Timely detection: To detect data errors or losses in outsourced storage, as well as anomalous behaviors of data operations in a timely manner. Effective forensic: To allow TPA to exercise strict audit and supervision for outsourced data, and offer efficient evidences for anomalies. Lightweight: To allow TPA to perform audit tasks with the minimum storage, lower communication cost, and less computation overhead. II. Related Works And Problem Definition The traditional cryptographic technologies for data integrity and availability, based on Hash functions and signature schemes [3], [4], [5], cannot work on the outsourced data. it is not a practical solution for data validation by downloading them due to the expensive communications, especially for large size files. Moreover, the ability to audit the correctness of the data in a cloud environment can be formidable and expensive for the cloud users. Therefore, it is crucial to realize public audit ability for CSS, so that data owners (Dos) may resort to a third party auditor (TPA), who has expertise and capabilities that a common user does not have, for periodically auditing the outsourced data. This audit service is significantly important for digital forensics and credibility in clouds. To implement public audit ability, the notions of proof of retrievability (POR) [6] and 24 Page

provable data possession (PDP) [7] have been proposed by some researchers. Their approach was based on a probabilistic proof technique for a storage provider to prove that clients data remain intact. There exist some solutions for audit services on out-sourced data. For example, Xie et al. [8] proposed an efficient method on content comparability for outsourced database, but it was not suitable for irregular data. Wang et al. [9] also provided a similar architecture for public audit services. To support their architecture, a public audit scheme was proposed with privacy-preserving property. However, the lack of rigorous performance analysis for a constructed audit system greatly affects the practical application of their scheme. For instance, in this scheme an outsourced file is directly split into n blocks, and then each block generates a verification tag. To maintain security, the length of block must be equal to the size of cryptosystem, that is, 160 bits, which is 20 bytes. This means that 1M bytes file is split into 50,000 blocks and generates 50,000 tags [10], and the storage of tags is at least 1M bytes. Therefore, it is inefficient to build an audit system based on this scheme. To address such a problem, we introduce a fragment technique to improve the system performance and reduce the extra storage. Another major concern is the security issue of dynamic data operations for public audit services. In clouds, one of the core design principles is to provide dynamic scalability for various applications. This means that remotely stored data might be not only accessed by the clients but also dynamically updated by them, for instance, through block operations such as modification, deletion and insertion. However, these operations may raise security issues in most of existing schemes, e.g., the forgery of the verification metadata (called as tags) generated by DOs and the leakage of the user s secret key. Hence, it is crucial to develop a more efficient and secure mechanism for dynamic audit services, in which a potential adversary s advantage through dynamic data operations should be prohibited. III. Proposed Scheme This paper introduce a dynamic audit service for integrity verification of untrusted and outsourced storages [6]. Our audit system, based on novel audit system architecture, can support dynamic data operations and timely abnormal detection with the help of several effective techniques, such as fragment structure, random sampling, and index-hash table. Furthermore, we propose an efficient approach based on probabilistic query and periodic verification for improving the performance of audit services. A proof of- concept prototype is also implemented to evaluate the 2 feasibility and viability of our proposed approaches. Our experimental results not only validate the effectiveness of our approaches, but also show our system has a lower computation cost, as well as a shorter extra storage for integrity verification IV. Architecture This paper introduce an audit system architecture for outsourced data in clouds as shown in Fig. 1. In this architecture, we consider that a data storage service involves four entities: DO, who has a large amount of data to be stored in the cloud; CSP, who provides data storage service and has enough storage space and computation resources; TPA, who has capabilities to manage or monitor the outsourced data under the delegation of DO; and authorized applications (AAs), who have the right to access and manipulate the stored data. Finally, application users can enjoy various cloud application services via these AAs. Here assume the TPA is reliable and independent through the following audit functions: TPA should be able to make regular checks on the integrity and availability of the delegated data at appropriate intervals; TPA should be able to organize, manage, and maintain the outsourced data instead of Dos, and support dynamic data operations for AAs; and TPA should be able to take the evidences for disputes about the inconsistency of data in terms of authentic records for all data operations. 25 Page

Data Owner Third Party Auditor Name Server Cloud Authorized Applications Application Users Fig. 1. Audit System Architecture V. Techniques To realize these functions, our audit service is comprised of three processes: V. 1. Tag Generation The client (DO) uses a secret key to preprocess a file, which consists of a collection of n blocks, generates a set of public verification parameters (PVPs) and index hash table (IHT) that are stored in TPA, transmits the file and some verification tags to CSP, and may delete its local copy (See Fig. 2.1). File+ Tags Name Server Data Server File Tag Generation Index-Hash Table+ Verification Parameters Audit Third Party Auditor Secret Key Key Generation Public Key Fig. 2.1. Tag generation for outsourcing file Fig. 2.2. Periodic Sampling Audit 26 Page

File+Tags Name Server Data Server File Blocks Update/Delete /Insert Checking Secret Key Index- Hash Table Audit Third Party Auditor Fig. 2.3. Dynamic data operations and audit Fig. 2. Three processes of audit system V. 2. Periodic Sampling Audit In contrast with whole checking, random sampling checking greatly reduces the workload of audit services, while still achieves an effective detection of misbehaviors. Thus, a probabilistic audit on sampling checking is preferable to realize the anomaly detection in a timely manner, as well as to rationally allocate resources. Generally, this algorithm relies on homomorphic properties to aggregate data and tags into a constantsize response, which minimizes network communication costs. Since the single sampling checking may overlook a small number of data abnormalities, we propose a periodic sampling approach to audit outsourced data, which is named as Periodic Sampling Audit. With this approach, the audit activities are efficiently scheduled in an audit period, and a TPA merely needs to access small portions of files to perform audit in each activity. Therefore, this method can detect exceptions periodically, and reduce the sampling numbers in each audit (Fig.2.2). V. 3. Audit For Dynamic Operations To ensure the security, dynamic data operations are available only to DOs or AAs, who hold the secret key. Here, all operations are based on data blocks. Moreover, to implement audit services, applications need to update the IHTs. It is necessary for TPA and CSP to check the validity of updated data. First, an AA obtains the public verification information from TPA. Second, the application invokes the Update, Delete, and Insert algorithms, and then sends to TPA and CSP, respectively. Next, the CSP makes use of an algorithm check to verify the validity of updated data. Note that the Check algorithm is important to ensure the effectiveness of the audit. Finally, TPA modifies audit records after the confirmation message from CSP is received and the completeness of records is checked (Fig 2.3). V. 4. Anomaly Detection For every available tag generation and a random challenge, the protocol always passes the verification test and to protect the confidentiality of the checked data, we are more concerned about the leakage of private information in public verification process. It is obvious that enormous audit activities would increase the computation and communication overheads of our audit service. However, the less frequent activities may not detect anomalies in a timely manner. Hence, the scheduling of audit activities is significant for improving the quality of audit services. To detect anomalies in a low-overhead and timely manner, we attempt to optimize the audit performance from two aspects: Performance evaluation of probabilistic queries and scheduling of periodic verification. Our basic idea is to maintain a tradeoff between overhead and accuracy, which helps us improve the performance of audit systems. In general, the AAs should be cloud application services inside clouds for various application purposes, but they must be specifically authorized by DOs for manipulating outsourced data. Since the acceptable operations require that the AAs must present authentication information for TPA, any unauthorized modifications for data will be detected in audit processes or verification processes. Based on this kind of strong 27 Page

authorization-verification mechanism, we assume neither CSP is trusted to guarantee the security of stored data, nor a DO has the capability to collect the evidence of CSP s faults after errors have been found. The ultimate goal of this audit infrastructure is to enhance the credibility of CSSs, but not to increase DO s burden. Therefore, TPA should be constructed in clouds and maintained by a CSP. To ensure the trust and security, TPA must be secure enough to resist malicious attacks, and it should be strictly controlled to prevent unauthorized accesses even for internal members in clouds. A more practical way is that TPA in clouds should be mandated by a trusted third party (TTP). This mechanism not only improves the performance of an audit service, but also provides the DO with a maximum access transparency. This means that DOs are entitled to utilize the audit service without additional costs. VI. Conclusion In this paper, I presented a construction of dynamic audit services for untrusted and outsourced storages. We also presented an efficient method for periodic sampling audit to enhance the performance of TPAs and storage service providers. Our experiments showed that our solution has a small, constant amount of overhead, which minimizes computation and communication costs. Acknowledgements I would like to take this opportunity for expressing our profound gratitude and deep regards to Mr. P. Senthil Kumar (Head of the Department, Computer Science and Engineering, Sapthagiri College of Engineering), Mr. P.V Sankar Ganesh(PG Coordinator, Computer Science and Engineering, Sapthagiri College of Engineering) and all teaching and non-teaching staffs of the department of Computer Science and Engineering, Sapthagiri College of Engineering, Dharmapuri, Tamil Nadu, for their guidance, monitoring and constant encouragement throughout the preparation of this paper. References [1]. M. Mowbray, The Fog over the Grimpen Mire: Cloud Computing and the Law, Technical Report HPL-2009-99, HP Lab., 2009.. [2]. A.A. Yavuz and P. Ning, BAF: An Efficient Publicly Verifiable Secure Audit Logging Scheme for Distributed Systems, Proc. Ann.Computer Security Applications Conf. (ACSAC), pp. 219-228, 2009. [3]. H.-C. Hsiao, Y.-H. Lin, A. Studer, C. Studer, K.-H. Wang, H.Kikuchi, A. Perrig, H.-M. Sun, and B.-Y. Yang, A Study of User- Friendly Hash Comparison Schemes, Proc. Ann. Computer Security Applications Conf. (ACSAC), pp. 105-114, 2009. [4]. A.R. Yumerefendi and J.S. Chase, Strong Accountability for Network Storage, Proc. Sixth USENIX Conf. File and Storage Technologies (FAST), pp. 77-92, 2007. [5]. Y. Zhu, H. Wang, Z. Hu, G.-J. Ahn, H. Hu, and S.S. Yau, Efficient Provable Data Possession for Hybrid Clouds, Proc. 17th ACM Conf. Computer and Comm. Security, pp. 756-758, 2010. [6]. A. Juels and B.S. Kaliski Jr., PORs: Proofs of Retrievability for Large Files, Proc. ACM Conf. Computer and Communications Security (CCS 07), pp. 584-597, 2007. [7]. G. Ateniese, R.C. Burns, R. Curtmola, J. Herring, L. Kissner, Z.N.J. Peterson, and D.X. Song, Provable Data Possession at Untruste Stores, Proc. 14th ACM Conf. Computer and Comm.Security, pp. 598-609, 2007. [8]. M. Xie, H. Wang, J. Yin, and X. Meng, Integrity Auditing of Outsourced Data, Proc. 33rd Int l Conf. Very Large Databases (VL), pp. 782-793, 2007. [9]. C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing, Proc. IEEE INFOCOM, pp. 1-9, 2010. Author Details Anuraj C.K received his B-Tech Degree in Computer Science and Engineering in 2011 from Adi Shankara Institute of Engineering and Technology, Kalady affiliated to Mahatma Gandhi University, Kottayam. He completed his M.E research in the area of Cloud Storage Security in the Department of Computer Science and Engineering, Sapthagiri College of Engineering, Dharmapuri, affiliated to Anna University, Chennai. His area of interests include Cloud Computing, Storage Security, Network Security, Internet Computing Computer Graphics, Operating Systems and Neural Network. 28 Page

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback