Click here to load reader
Upload
lamhuong
View
219
Download
7
Embed Size (px)
Citation preview
South Asian Journal of Engineering and Technology Vol.2, No.29 (2016) 1–3
1
ISSN Number (online): 2454-9614
Efficient Data Utilization and Content Privacy in
Hybrid Cloud Priyanka. T
#1, Madhavi. K
*2
Dept of CSE, JNTUA, AP, India [email protected]
****selected paper from International Conference On Computing (NECICC-2K16)
Abstract— As the world moves to digital storage for archival
purpose, a hybrid cloud architecture can be used for storing the
data in the cloud. Secure Deduplication is a compression
technique for eliminating duplicate copies of stored data to
reduce storage space and save bandwidth. A novel encryption
scheme has been used to encrypt the data before storing it to the
cloud. To better protect data confidentiality, this paper makes an
attempt to assign differential permissions to the authorized users.
Our proposed design allows data files deduplication and
authorized access rights. The result shows that proposed
authorized access control scheme incurs minimal effort
compared to previous operations.
I. INTRODUCTION
Cloud storage service is gaining popularity in the recent
years and becomes prevalent, so an increasing amount of data
is stored in the cloud. To reduce storage space and make data
management scalable in cloud, many cloud storage services
employs secure deduplication. That is when a user wants to
upload a data file to cloud server, the server checks whether
this particular file already exists in the cloud (uploaded by
some user previously). If it exists the server won’t allow to upload the same file to the cloud. In this way, every single file
will have only one copy in the cloud (i.e, Single Instance
Storage).
Data DE duplication technique keeps only one physical
copy without maintaining multiple copies with the same
content and refers other redundant data to that copy. It takes
place at both File level and Block level. Deduplication has
many benefits, but still security concerns arise because user’s
data is affected by insider and outsider attacks.
Convergent Encryption has been proposed to
encrypt/decrypt a data copy with a convergent key. After
encrypting a data copy user retains the key and transfers the cipher text to the cloud server. Proof of Ownerships avoids
unauthorized user to access the data. Earlier deduplication
systems doesn’t support differential authorized access control.
In the proposed scheme, each registered user is assigned with
different permissions during the setup of the system.
Each authorized user is allowed to perform duplicate check
for the files by using the file token based on their permissions.
For example, a user is assigned with some specified
permissions to realize the access control. Traditional system although providing confidentiality to some extent, do
not support differential permissions to users.
In this paper, aiming to solve the problem of deduplication
with authorized access permissions. We consider public cloud
to store the data and the private cloud to manage the data
operations. We introduce an advanced scheme to support
security by encrypting the data with different permissions.
Security analysis shows that proposed system is good in terms
of authorized differential access permissions.
II. RELATED WORK
In this section, we define some methods used in the paper.
A. Secure Duplication
With the approach of cloud computing, secure data
deduplication has pulled in much consideration from the
research group. Yuan and Yu proposed a deduplication
framework in the cloud storage to decrease the capacity size
of the tags for integrity check. Stanek et al. exhibited a new
encryption technique that gives differential security for
popular information and unpopular information. Li et al.
tended to the key-management issue in block-level
deduplication by dispersing these keys over various servers
after encrypting the files.
B. Convergent Encryption
Convergent encryption guarantees information security in
deduplication. Bellare et al. addressed this primitive as
message-locked encryption, and examined its application in
effective secure outsourced stockpiling. Xu et al. additionally
tended to the issue and demonstrated a secure convergent
encryption for effective encryption, without taking into
account the issues of the key-management list and block level
South Asian Journal of Engineering and Technology Vol.2, No.29 (2016) 1–3
2
deduplication. There are additionally a few executions of
convergent executions of various convergent encryption
variations for secure deduplication.
C. Proof Of Proprietorship
Halevi et al. proposed the notion of "proofs of
proprietorship" for deduplication frameworks, such that a user
can proficiently demonstrate to the cloud storage server that
he/she claims a file without transferring the file itself. Pietro
and Sorniotti proposed another proficient POP scheme by
picking the projection of a file onto some arbitrarily chosen bit positions as the file proof. Note that all the above schemes try
not to consider data security. As of late, Bugiel et al. gave an
engineering comprising of twin clouds for secure outsourcing
of information and subjective calculations to an untrusted item
cloud.
D. Adversaries
Here we noticed two types of adversaries,
1. Outside adversary: Any hacker plays the role of a
cloud user to interact with cloud server
2. Inside adversary: The server will maintain user
files but will be curious about user’s sensitive files
III. PROPOSED WORK
In this section, we propose a hybrid cloud architecture for
secure deduplication and authorized access control.
There are three entities defined in our architecture -.
1. Users: They outsource data to cloud and uses
whenever they are needed. Each authorized user is
assigned with a set of permissions.
2. S-CSP: The cloud server is always online and stores
data on behalf of users, it resides in the public cloud.
3. PRIVATE CLOUD: The data operations of files are
managed in the private cloud. The keys for specified
permissions are managed here.
Fig 1: System design for authorized Access
To solve the problems of the existing system, we propose
advanced deduplication system supporting authorized access
permissions. In the new system, a set of permissions is issued to each user by the private cloud. For a user with a set of
permissions, he will be assigned with the set of private keys.
The private keys with permission set will be kept and
managed in the private cloud. To support authorized access
permissions, a token is generated to each authorized user
based on their data copy. To perform a duplicate check for
file, the user needs a file token which is issued by the private
cloud. Based on the results of the duplicate check, the user
uploads the file or runs PoW. In order to provide
confidentiality to the user’s sensitive files, each user is given
only some certain permissions to access the data. If they have all privileges to the data they can delete/modify the data. Data
owners (who owns the file) are given all the access
permissions.
Suppose a user wants to upload a file to the cloud, he/she
has to prove his ownership by providing the token to the
server. After that, he is allowed to perform the duplicate check
for the file. If a duplicate is found he is assigned a pointer to
access the file. Otherwise allows a user to upload by
encrypting the file with the convergent key. The encrypted file
is stored in S-CSP.
For suppose a user wants to download a file, he requests the S-CSP with a file name. The S-CSP will check the user’s
eligibility to download the file. If failed, it won’t allow to
retrieve the file. Otherwise, issues a key to recover the cipher-
text.
The security analysis for inside and outside adversaries are
provided with specific permission keys stored in the private
cloud. The data is encrypted with symmetric key encryption
technique. The symmetric key is chosen randomly, and it is
encrypted with a convergent key. Therefore the adversaries do
not conspire with the private cloud and S-CSP, the
confidentiality of our system is secure.
IV. SYSTEM EVALUATION
We implemented an authorized deduplication architecture
supporting authorized access permissions. The
implementation of user supports to perform deduplication and
token generation along with file upload process. The user
requests private cloud for file token generation by taking
UserId as input and sends token to S-CSP. The user encrypts a
file using AES algorithm by convergent key and uploads a
unique file by taking the file, fileId and token as inputs.
The implementation of cloud storage server supports
performing deduplication to the data files and maintains a
chart for the files and their related tokens. It performs duplicate check and stores the data.
South Asian Journal of Engineering and Technology Vol.2, No.29 (2016) 1–3
3
The implementation of private cloud/admin involves
handling the data associated operations and maintaining keys
and tokens of related data files. And then issues each user with a set of permissions to access the data in the cloud storage.
Our evaluation focuses on comparing the overhead induced
by authorizations steps, including token generation, duplicate
check and convergent encryption. For each step, we record the
start time and end time of it and therefore obtain the
breakdown of the total time spent.
Fig 2: Time breakdown for different no. of stored files
Fig. 3 shows the number of intrusions occurred in the
proposed system compared to the previous system. The no. of
attacks occurred in proposed system are less compared to the
existing attacks.
Fig 3: Comparison of occurred intrusions
V. CONCLUSION
In this paper, we identified a security concern in the
cloud storage: deduplication system supporting authorized
duplicate check by using the token stored in the private cloud.
Each user is issued with a set of permissions during the setup
of the system. We noticed that this project provides
confidentiality to the user’s sensitive data files.
REFERENCES
[1] J.Li, Yan Kit Li, X.Chen, P.Lee, W.Lou, “A Hybrid cloud approach for
secure authorized deduplication” in Proc.IEEE Trans on Parallel
Distributed syst.
[2] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role based
access control models,” IEEE Comput., vol. 29, no. 2, pp. 38-47, Feb.
1996.
[3] J. Stanek, A. Sorniotti, E. Androulaki, and L. Kencl, “A secure data
deduplication scheme for cloud storage,” Tech. Rep. IBM Research,
Zurich, ZUR 1308-022, 2013.
[4] J.Yuan and S.Yu, “Secure and constant cost public cloud storage
auditing with deduplication,” IACR cryptography ePrint Archive,
2013:149, 2013.
[5] D. Ferraiolo and R. Kuhn, “Role based access controls,” in Proc. 15th
NIST-NCSC, 1992, pp. 554-563.
[6] S. Halevi, D. Harnik, B. Pinkas, and A. Shulman, “Proofs of ownership
in remote storage systems,” in Proc. ACM conf. 2011,pp.491-500.
[7] W.K. Ng, Y. Wen, and H. ZHU, “Private data deduplication protocols in
cloud storage,” in Proc. 27th Annu.ACM Symp. Appl. Comput., 2012.
[8] M.W. Storer, K. Greenan, D. E. Long and E.L. Miller, “Secure data
deduplication,” in Proc. 4th ACM Int. 2008, pp.21-26.
[9] S. Bugiel, S. Nurnberger, T. Schneider, “Twin cloud: An architecture
for secure cloud computing,” in Proc. Workshop Cryptography Security
Clouds, 2011, pp. 32-44.
[10] J.Li, X.Chen, M.Li, J.Li, P.Lee, and W.Lou, “Secure deduplication with
efficient and reliable convergent key management,” in Proc. IEEE
Trans. Parallel Distrib. Syst.2013.