International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
Integrity Verification In Multiple Cloud Storage
Using Cooperative PDP Method
*Usha Sundari Dara1
1PG
M. Swetha Chandra2
Student (M. Tech) Dept. of CSE, TRR College of Engineering, Hyderabad, AP, India
Professor, Dept. of CSE, TRR College of Engineering, Hyderabad, AP, India
2Assistant
Abstract: In this paper we propose Provable data possession (PDP), a probabilistic proof
method for CSPs to prove the data integrity without downloading the whole data. In recent
years, cloud computing has rapidly expanded as an alternative to conventional computing
model since it can provide a flexible, dynamic, resilient and cost effective infrastructure. When
multiple internal and/or external cloud services are incorporated, we can get a distributed
cloud environment, i.e., multicloud. Multicloud is the extension of hybrid cloud. When
multicloud is used to store the clients’ data, the distributed cloud storage platforms are
indispensable for the clients’ data management. Of course, multicloud storage platform is also
more vulnerable to security attacks. In this Paper, We prove the security of our scheme based
on multi-prover zero-knowledge proof system, which can satisfy completeness, knowledge
soundness, and zero-knowledge properties and we also present the performance optimization
mechanisms for our scheme.
Keywords: Interactive Protocol, Zero-knowledge, Multiple Cloud, Cooperative, Integrity
Verification, Multi-Prover, cloud service providers.
a hybrid cloud model by supplementing a
1. Introduction
Cloud computing has become a faster
local
infrastructure
with
computing
profit growth point in recent years by
capacity from an external public cloud.
providing
By
a
comparably
low-cost,
using
virtual
infrastructure
scalable, position-independent platform
management (VIM) [1], a hybrid cloud can
for clients' data. Although commercial
allow remote access to its resources over
cloud
around
the Internet via remote interfaces, such as
public clouds, the growing interest of
the Web services interfaces that Amazon
building private cloud on open-source
EC2 uses.
services
have
revolved
cloud computing tools forces local users
to have
a flexible
and agile
private
In recent years, cloud storage service
has become a faster profit growth point by
infrastructure to run service workloads
providing
within
domains.
scalable, position-independent platform
Private clouds are not exclusive for being
for clients’ data. Since cloud computing
public clouds, and they can also support
environment is constructed based on
their
ISSN: 2231-5381
administrative
http://www.ijettjournal.org
a
comparably
Page 4272
low-cost,
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
open architectures and interfaces, it has
The
proof-checking
the capability to incorporate multiple
downloading
internal and/or external cloud services
important for large-size files and folders
together to provide high interoperability.
(typically including many clients’ files) to
Such a distributed cloud environment is
check whether these data have been
called as a multi-Cloud (or hybrid cloud).
tampered
Often, by using virtual infrastructure
makes
without
with
or
it
especially
deleted
without
downloading the latest version of data.
management (VIM), a multi-cloud allows
clients to easily access his/her resources
Thus, it is able to replace traditional
remotely through interfaces such as Web
hash and signature functions in storage
services provided by Amazon EC2. There
outsourcing. Various PDP schemes have
exist various tools and technologies for
been recently proposed, such as Scalable
multi
VM
PDP and Dynamic PDP. However, these
Orchestrator, VMware vSphere, and Ovirt.
schemes mainly focus on PDP issues at
These
providers
un-trusted servers in a single cloud
construct a distributed cloud storage
storage provider and are not suitable for a
platform (DCSP) for managing clients’
multi-cloud environment.
cloud,
tools
such
as
help
Platform
cloud
data.
With the growing popularity of clouds,
However,
if
such
an
important
the tools and technologies for hybrid
platform is vulnerable to security attacks,
clouds are emerging recently, such as the
it would bring irretrievable losses to the
platform
clients. For example, the confidential data
vSphere , and Ovirt . They help users
in an enterprise may be illegally accessed
construct
through a remote interface provided by a
scalable, location-independent platform
multi-cloud, or relevant data and archives
for managing clients' data. However, if
may be lost or tampered with when they
such an important platform is vulnerable
are stored into an uncertain storage pool
to
outside the enterprise.
irretrievable losses to the clients, for
Therefore, it is indispensable for cloud
service
providers
comparably
attacks,
it
VMware
low-cost,
would
bring
example, the confidential data in an
enterprise may be illegally accessed by
security techniques for managing their
using remote interfaces, or the relevant
storage services. Provable data possession
data and archives are lost or tampered
(PDP) (or proofs of retrievability (POR)) is
with
such a probabilistic proof technique for a
uncertain
storage provider to prove the integrity and
enterprise. Therefore, it is indispensable
ownership
for cloud service providers (CSP s) to
clients’
downloading data.
to
security
a
Orchestrator,
provide
of
(CSPs)
VM
data
without
when
they
storage
are
stored into
pool
outside
the
provide secure management techniques to
ensure their storage services.
ISSN: 2231-5381
an
http://www.ijettjournal.org
Page 4273
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
There
exist
various
and
due to the lack of randomness in the
technologies for multi cloud, such as
challenges. The numbers of updates and
Platform
challenges
VM
tools
Orchestrator,
are
limited
and
fixed
in
VMwarevSphere, and Ovirt. These tools
advance and users cannot perform block
help
insertions anywhere.
cloud
providers
construct
a
distributed cloud storage platform for
managing clients’ data. However, if such
an important platform is vulnerable to
security
attacks,
it
would
bring
2. Architecture of proposed MultiCloud for Data Integrity
irretrievable losses to the clients. For
Although existing PDP schemes offer a
example, the confidential data in an
publicly accessible remote interface for
enterprise
accessed
checking and managing the tremendous
through a remote interface provided by a
amount of data, the majority of existing
multi-cloud, or relevant data and archives
PDP schemes are incapable to satisfy the
may be lost or tampered with when they
inherent
are stored into an uncertain storage pool
clouds in terms of communication and
outside the enterprise. Therefore, it is
computation
indispensable for cloud service providers
problem,
to
storage service as illustrated in Figure 1.
provide
may
be
illegally
security
techniques
for
managing their storage services.
requirements
costs.
we
from
To
consider
multiple
address
a
this
multi-cloud
In this architecture, a data storage service
To check the availability and integrity
involves three different entities: Clients
of outsourced data in cloud storages,
who have a large amount of data to be
researchers have
stored in multiple clouds and have the
approaches
proposed two basic
called
Provable
Data
permissions to access and manipulate
Possession and Proofs of Retrievability.
stored
Ateniese et al. first proposed the PDP
(CSPs) who work together to provide data
model for ensuring possession of files on
storage
un-trusted storages
and provided an
storages and computation resources; and
RSA-based scheme for a static case that
Trusted Third Party (TTP) who is trusted
achieves the communication cost. They
to store verification parameters and offer
also
public
proposed
a
publicly
verifiable
version, which allows anyone, not just the
data;
Cloud
services
query
Service
and
services
have
for
parameters.
owner, to challenge the server for data
possession. They proposed a lightweight
PDP scheme based on cryptographic hash
function and symmetric key encryption,
but the servers can deceive the owners by
using previous metadata or responses
ISSN: 2231-5381
http://www.ijettjournal.org
Providers
Page 4274
enough
these
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
information leakage among the interactive
processes. Thus, as a public verification
service
without
mechanism
for
a
strong
data
security
protection,
a
malicious attacker could easily exploit
such a service to obtain private data. This
attack is extremely dangerous to the
confidential data of an enterprise. Even
though
Figure 1 Architecture for data integrity Model.
existing
PDP
schemes
have
addressed various aspects such as public
In this architecture, we consider the
existence
of
cooperatively
multiple
store
and
CSPs
to
maintain
the
clients’ data. Moreover, a cooperative PDP
is
used
to
verify
the
integrity
and
availability of their stored data in all
CSPs.
The
verification
procedure
is
described as follows: Firstly, a client (data
owner) uses the secret key to pre-process
a file which consists of a collection of
blocks,
generates
a
set
of
transmits
the
file
and
some
verification tags to CSPs, and may delete
its
local
copy;
Then,
by
using
a
verification protocol, the clients can issue
a challenge for one CSP to check the
integrity and availability of outsourced
data with respect to public information
stored in TTP.
model provides some mutual channels
among individual clouds. This kind of
channels will no doubt increase the
of
malicious
attacks.
For
example, existing PDP schemes could
provide an efficient integrity checking for
outsourced data, however, most of these
schemes
ignore
ISSN: 2231-5381
need
the
problem
a
careful
consideration
to
the
following attacks, which are more easily
compromise
the
security
of
storage
services in hybrid environments than
those in public clouds.
Data
leakage
interfaces
of
attack:
public
Through
clouds,
the
various
to access data in private clouds, so a PDP
service
(considered
as
a
Daemon)
undoubtedly provides a covert channel to
access the secret data in private clouds.
Therefore, if a PDP scheme cannot resist
against the data leakage attacks, an
adversary can easily obtain the entire
data
through
the
interactive
proof
process. For instance, Attack I and Attack
3
In hybrid clouds, a collaborative work
possibility
[3], and privacy preservation [10], we still
applications in hybrid clouds are allowed
public
verification information that is stored in
TTP,
verifiability [2], dynamics [4], scalability
described
in
Appendix
A
and
B
demonstrates that a verifier can get the
stored data after running or wiretapping
sufficient verification communications. It
is obvious that such an attack could
significantly
impact
the
privacy
of
outsourced data in clouds.
Tag forgery attack: In hybrid clouds,
an untrusted CSP has more opportunities
of
http://www.ijettjournal.org
Page 4275
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
to induce a forgery attack, in which the
Performance aspect: Our scheme should
CSP can cheat a verifier by generating a
have a higher performance for anomaly
valid tag for the tampered data. For
detection
example, Attack 2 and Attack 4 given in
communication
Appendix
overheads.
A
and
B
shows
that
a
successful forgery attack can occur only if
one of the following cases is happened:
and
only
introduce
and
lower
computation
3. Frame Work and Main Architecture
Although
PDP
schemes
evolved
• Clients modify data blocks in a file;
around public clouds offer a publicly
•
accessible remote interface to check and
Clients
insert
and
delete
blocks
repeatedly in a file;
manage the tremendous amount of data,
• Clients reuse the same file name to
store multiple different files.
incapable of satisfying such an inherent
Some security mechanisms, such as
client-side
encryption
the majority of today's PDP schemes is
and
access
requirement of hybrid clouds in terms of
bandwidth
and
time.
To
solve
this
control, can be implemented in clouds to
problem, we consider a hybrid cloud
enhance the security of existing PDP
storage service as illustrated in Figure 2.
schemes,
In this architecture, we consider a data
increase
but
they
the
will undoubtedly
computation
communication
overheads
of
and
storage service involving three different
PDP
entities: Granted clients, who have a large
services.
amount of data to be stored in hybrid
In summary, it is essential to develop
clouds and have
the
permissions to
an efficient verification method for the
access and manipulate these stored data;
data
Cloud service providers (CSP s), who work
security
environments.
in
hybrid
Furthermore,
cloud
the
together to provide data storage services
our
and have enough storage space and
of
computation resources; and Trusted third
outsourced data in hybrid clouds are as
parties (TTP s), who are trusted to store
follows:
the verification parameters and offer the
Security aspect: Our scheme should
query services for these parameters.
above-mentioned
objectives
for
from
challenges,
checking
integrity
provide adequate security features to
resist some existing attacks, such as data
leakage attack and tag forgery attack;
Usability
aspect:
In
the
way
of
collaboration, a client should make use of
the integrity check via a cloud service
provider. Our scheme should conceal the
details of the storage to reduce the
burden on clients; and
ISSN: 2231-5381
Figure 2 Architectural Verification for data integrity in
hybrid clouds
http://www.ijettjournal.org
Page 4276
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
verification tags to CSP s, and may delete
To support this architecture, a cloud
storage
provider
add
verification protocol for collaborative PDP,
implement
the clients can issue a challenge for one
collaborative PDP services. For example,
CSP to check the integrity and availability
OpenNebula is an open source, virtual
of outsourcing data in terms of public
infrastructure manager that integrated
verification information stored in TTP.
corresponding
also
needs
modules
to
to
its local copy; At a later time, by using a
with multiple virtual machine managers,
transfer managers, and external cloud
providers. In Figure 3, we describe such a
cloud
computing
platform
based
on
OpenNebula architecture [1], in which a
service module of collaborative PDP is
added into cloud computing management
platform (CCMP). This module is able to
response
the
PDP
requests
of
TTP
Figure 3 Cloud computing platform for CPDP service
based on OpenNebula
through cloud interfaces. In addition, a
Table 1 Signal Representation
hash index hierarchy (HIH) , which is
described in details in Section III-C, is
used
to
provide
homogeneous
a
uniform
view
of
and
virtualized
resources in virtualization components.
Signal
Representation
n
No. of blocks in a file
s
No. of Sectors in each block
t
No. of index coefficients in a
query
For the sake of clarity, we use yellow color
to indicate the changes from original
c
No of clouds to store in a file
OpenNebula architecture.
Q
Set of index coefficients pairs
θ
The response for a challenge Q
In this architecture, we consider the
existence
of
multiple
CSP
s
to
collaboratively store and maintain the
A representative architecture for data
clients' data. Moreover, a collaborative
storage in hybrid clouds is illustrated as
PDP is used to verify the integrity and
follows: this architecture is a hierarchical
availability of their stored data in CSP s.
structure 1l on three layers to represent
The verification flowchart is described as
the relationship among all blocks for
follows: Firstly, the client (data owner)
stored resources.
uses the secret key to pre-processes the
This kind of architecture is a nature
file, which consists of a collection of n
representation of file storage. We make
blocks,
public
use of this simple hierarchy to organize
verification information that is stored in
multiple CSP services, which involves
TTP,
private
generates
transmits
a
the
set
file
of
and
some
clouds
or
public
clouds,
by
shading the differences between these
ISSN: 2231-5381
http://www.ijettjournal.org
Page 4277
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
clouds. In this architecture, the resources
correspondence
in Express Layer are split and stored into
satisfy the security requirement of IP S.
three CSP s , that have different colors, in
Moreover, in order to ensure the security
Service
CSP
of verified data, this kind of construction
fragments and stores the assigned data
is also a Multi-Prover Zero-knowledge
into the storage servers in Storage Layer.
Proof (MPZKP) system [5], [ I I], which can
We also make use of colors to distinguish
be considered as an extension of the
different CSP s. Moreover, we follow the
notion of an interactive proof system (IP
logical order of the data blocks to organize
S). Roughly speaking, the scenario of
the Storage Layer.
MPZKP is that a polynomial-time bounded
Layer.
In
turn,
each
construction
should
This architecture could provide some
verifier interacts with several provers
special functions for data storage and
whose computational power is unlimited.
management. For example, there may
Given an assertion L, such a system
exist overlap among data blocks (as
satisfies three following properties:
shown in dashed line) and skipping (as
(1) Completeness: whenever x E L, there
shown on a non-continuous color). But
exists
these
convinces the verifier that this is the case;
functions
would
increase
the
a
strategy
for
provers
that
complexity of storage management.
(2) Soundness: whenever x tt L, whatever
Def: A response is called homomorphic
strategy the provers employ, they will not
verifiable response in PDP protocol, if
convince the verifier that x E L;
given two responses ei and ej for two
(3) Zero-knowledge: no cheating verifier
challenges Qi and Qj from two CSPs,
can learn anything other than the veracity
there exists an efficient algorithm to
of the statement. Since this construction
combine
e
is directly derived from MPZKP model, the
o{the
soundness and zero-knowledge properties
them
corresponding
into
to
a
response
the
sum
challenges Qi U Qj.
can protect our construction from various
Homomorphic verifiable response is
attacks as follows:
the key technique of collaborative PDP
• Security for tag forging attack: The
because
soundness means that it is infeasible to
it
not
communication
only
reduces
bandwidth,
but
the
also
fool
the
verifier
into
accepting
false
conceals the location of outsourcing data
statements. It is also regarded as a
in hybrid clouds.
stricter notion of unforgeability for the file
SECURITY
AND
PERF
ORMANCE
ANALYSIS
follows: for every "invalid" tag (J* tt
The collaborate integrity verification
for
distrusted
tags. To be exact, soundness is defined as
outsourcing
data,
in
TagGen(sk, F), there doesn't exists an
interactive
machine
P*
can
pass
essence, is a multi-prover interactive
verification with any verifier V* with
proof
noticeable probability.
system
ISSN: 2231-5381
(IP
S),
so
that
the
http://www.ijettjournal.org
Page 4278
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
Security for data leakage attack: In
overhead. As part of future work, we would
order to protect the confidentiality of the
extend our work to explore more effective
checked data, we are more concerned
CPDP
about the leakage of private information
experiments we found that the performance
in the verification process.
of CPDP scheme, especially for large files, is
constructions.
First,
from
our
In actual practice, we introduce the
affected by the bilinear mapping operations
collaborative PDP scheme to construct an
due to its high complexity. To solve this
audit system architecture for outsourcing
problem, RSAbased constructions may be a
data in hybrid clouds by replacing TTP
better choice, but this is still a challenging
with a third party auditor (TPA) in Figure
task
2. In this architecture, data owner and
schemes have too many restrictions on the
granted
performance and security.
clients
need
to
dynamically
interact with CSP to access or update
their
data
for
various
because
the
existing
RSAbased
Acknowledgements
application
The authors would like to thank the
purposes. However, we neither assume
anonymous reviewers for their comments
that CSP is trusted to guarantee the
which were very helpful in improving the
security of the stored data, nor assume
quality and presentation of this paper.
that data owner has the ability to collect
the evidence of the CSP's fault after errors
References:
[1]
G. Ateniese,
R.
Dipietro,
L.
V.
have been found. Hence TPA, as a trust
Mancini, G. Tsudik, “Scalable and Efficient
third party (TTP), is used to ensure the
Provable Data Possession” SecureComm
storage security of their outsourcing data.
2008, 2008.
We assume the TPA is reliable and
[2]
S. Y Ko, T. Hoque, B. Cho, and T.
independent, and thus has no incentive
Gupta, "On availability o f intermediate
to collude with either CSP s or users
data in cloud computations," in Proc. 12th
during the auditing process.
Usenix
4. Conclusions
In
this
construction
paper,
of
we
Workshop
on
Hot
Topics
in
Operating Systems (HotOS Xll) , 2009, pp.
addressed
collaborative
the
integrity
1-10.
[3]
S. Pallickara, I. Ekanayake, and G.
verification mechanism for distributed data
Fox, "Granules: A lightweight, streaming
outsourcing in hybrid clouds. Based on
runtime for cloud computing with support,
homomorphic verifiable responses and hash
for map-reduce," in CLUSTER, 2009, pp.
index hierarchy, we proposed a collaborative
1-10.
provable data possession scheme to support
dynamic
scalability
on
multiple
storage
[4]
C.
C.
Papamanthou,
Erway,
R.
A.
Kupcu,
Tamassia,
C.
“Dynamic
servers. Our performance analysis indicated
Provable Data Possession,” CCS’09, 2009,
that our proposed solution only incurs a
213-222.
small constant amount of communications
ISSN: 2231-5381
http://www.ijettjournal.org
Page 4279
International Journal of Engineering Trends and Technology (IJETT) – Volume 4 Issue 9- Sep 2013
[5]
F.
Sebe,
J.
Martinez-balleste,
Quisquater,
Domingo-Ferrer,
A.
http://www.eecs.berkeley.edu/Pubs/Tech
Y.
J.
Rpts/2009IEECS-2009-28.html
Deswarte,
“Efficient
Remote
Data
[11]
H. Shacham and B. Waters, "Compact
Integrity checking in Critical Information
proofs of retrievability," in ASIACRYPT,
Infrastructures”, IEEE Transactions on
2008, pp. 90-1 07.
Knowledge and Data Engineering, 20(8),
2008, 1-6.
[6]
[12]
H. Hu, L. Hu, and D. Feng, “On a
class of pseudorandom sequences from
G. Ateniese, R. Burns, R. Curtmola, J.
elliptic curves over finite fields,” IEEE
Herring, L. Kissner, Z. Peterson, D. Song,
Transactions on Information Theory, vol.
“Provable data possession at untrusted
53, no. 7, pp. 2598–2605, 2007.
stores,” CCS’07, 2007, 598-609.
[7]
[13]
B. Sotomayor, R . S. Montero, T. M .
Llorente,
running applications on large clusters
infrastructure management in private and
built of commodity hardware,” Tech. Rep.,
hybrid clouds," IEEE Internet Computing,
2005.
vol. 1 3 , no. 5, pp. 14-22, 2009.
http://lucene.apache.org/hadoop/
G.
T.
T.
Ateniese,
Foster,
and O. O’Malley, “Hadoop: A framework for
"Virtual
[8]
and
A. Bialecki, M. Cafarella, D. Cutting,
R.
C.
Burns,
R.
[Online].
Available:
Authors Profile:
Curtmola, I. Herring, L. Kissner, Z. N. I.
Usha Sundari Dara is pursing her master’s
Peterson, and D. X. Song, "Provable data
degree (M.Tech in CSE) from TRR College of
possession at untrusted stores," in ACM
Engineering, Hyderabad
Conference
on
Computer
and
Communications Security, 2007, pp. 598-
M. Swetha Chandra is working as an
609.
Assistant Professor in Computer Science
[9]
G. Ateniese,
V.
Department at TRR College of Engineering,
Mancini, and G. Tsudik, "Scalable and
Hyderabad. She a had an Experience of two
efficient
years in teaching filed.
provable
Proceedings
of
R. D.
Pietro,
L.
data possession,"
the
4th
in
international
conference on Security and privacy in
communication netowrks, SecureComm,
2008, pp. 1-10.
[10]
M. Armbrust, A. Fox, R. Griffith, A. D.
Joseph, R. H. Katz, A. Konwinski, G. Lee,
D. A. Patterson, A. Rabkin, 1. Stoica, and
M. Zaharia, "Above the clouds : A berkeley
view
of
cloud
Department,
computing,"
University
of
EECS
California,
Berkeley, Tech. Rep. UCB/EECS-2009-28,
Feb
2009.
ISSN: 2231-5381
[Online].
Available:
http://www.ijettjournal.org
Page 4280