International Journal of Engineering Trends and Technology (IJETT) – Volume23 Number 4- May 2015
Privacy Preserving Secure Auditing Scheme with
Split Cloud Storage
Dhanya Shenoy, N. P. Chawande
Department of Computer Engineering
A.C.Patil College of Engineering,
Kharghar-Navi Mumbai
Abstract— Cloud computing is a promising computing model
that enables convenient and on-demand network access to a
shared pool of resources. One of the cloud service is storage i.e
client store their data on cloud servers and the clients can access
the data from the cloud servers whenever needed. This new
paradigm of data storage service also introduces new security
challenges, because client and data servers have different
identities and different business interests. Therefore, an
independent auditing service is required to make sure that the
data is correctly stored in the cloud. This is possible by allowing a
third party auditor (TPA), on behalf of the cloud client, to verify
the integrity of the dynamic data stored in the cloud. Taking into
consideration of different ways of methodology to implement
TPA for data auditing, the proposed scheme is developed for data
integrity check via TPA, providing data privacy as well as public
auditability. Here the data is encrypted at the client then the
signature is generated. The signature is stored at TPA and parts
of encrypted data are stored at different clouds. Whenever the
audit takes place, the data parts are merged and a new signature
is generated then data integrity checking is done by TPA through
equality checking of both the signatures.
Keywords—Cloud computing; TPA;Integrity; Auditing.
I.
INTRODUCTION
Cloud computing is a significant advancement in the delivery
of information technology and services. By providing on
demand access to a shared pool of computing resources in a
self-service, dynamically scaled and metered manner, Cloud
computing offers compelling advantages in cost, speed, and
efficiency [4]. One of the Cloud services is storage. Although
it is envisioned as a promising service platform for the
Internet, this new data storage paradigm in Cloud brings about
many challenging design issues which have profound
influence on the security and performance of the overall
system. As data generation is far outpacing data storage, it
proves costly for small firms to frequently update their
hardware whenever additional data is created. Also
maintaining the storage can be a difficult task. Storage
outsourcing of data to Cloud storage helps such firms by
reducing the cost of storage and maintenance. It can also
assure a reliable storage of important data by keeping multiple
copies of the data thereby reducing the chance of losing data
by hardware failures. Storing of user data in the Cloud despite
its advantages has many interesting security challenges. One
of the biggest concerns with Cloud data storage is that of data
integrity verification at un-trusted servers. For example, the
storage service provider, which experiences failures
ISSN: 2231-5381
occasionally, may decide to hide the data errors from the
clients for the benefit of their own or might neglect to keep or
deliberately delete rarely accessed data files which belong to
an ordinary client for saving money and storage space. Hence
there is a need to keep track of the data integrity. In this paper
to deal with the problem and to fully ensure the data integrity,
it is of critical importance to enable public auditing service for
Cloud data storage, so that users may resort to an independent
third party auditor (TPA) to audit the outsourced data when
needed. The TPA, who has expertise and capabilities that
users do not, can periodically check the integrity of all the data
stored in the Cloud on behalf of the users, which provides a
much more easier and affordable way for the users to ensure
their storage correctness in the Cloud.
II.
RELATED WORK
Here is a brief review on the literature, there are many ways
to implement TPA inorder to check integrity of the user data at
the cloud storage. Proofs of Data Possession (PDP) scheme in
[1] used to detect large amount corruption in outsourced data.
This technique doesn’t consider data privacy problem. It uses
RSA based Homomorphic authentication for auditing the
cloud data and randomly sampling a few blocks of files.
Proofs of retrievability (PoR) Scheme proposed in [2] allows
user to retrieve files without any data loss or corruptions. It
uses spot checking error correcting codes to ensure both
Possession and Retrievability. Specifically, some special
blocks called sentinels are randomly embedded into the data
file for detection purpose, and file is further encrypted to
protect the positions of these special blocks. Compact proofs
of retrievability scheme in [3] design an improved PoR with
full proofs of security in the security model. They use publicly
verifiable homomorphic authenticators built from BLS
signatures , based on which the proofs can be aggregated into
a small authenticator value, and public retrievability is
achieved. MAC Based Solution in which MAC(Message
Authentication Code) is used to authenticate the data. It has
two types, First type is just uploading the data blocks with
their MACs to the server, and sends the corresponding secret
key to the TPA. Later, the TPA can randomly retrieve blocks
with their MACs and check the correctness via secret key. The
second type of solution, may restrict the verification to just
consist of equality checking. The idea is as follows: Before
data outsourcing, the cloud user chooses s random keys and
pre-computes MACs for the whole data file F, and publishes
http://www.ijettjournal.org
Page 167
International Journal of Engineering Trends and Technology (IJETT) – Volume23 Number 4- May 2015
these verification metadata (the keys and the MACs) to TPA.
The TPA can reveal a secret key to the cloud server and ask
for a fresh keyed MAC for comparison in each audit. Here
TPA doesn’t see the data, preserves privacy. However, it has
disadvantages as keeping track on the revealed MAC keys and
recomputing the secret keys when exhausted. Homomorphic
Linear Authenticator (HLA) based solution supports efficient
public auditing without retrieving data block in [4] and [5]. It
is aggregated and requires constant bandwidth. It is possible to
compute an aggregate HLA which authenticates a linear
combination of the individual data blocks. HLAs, like MACs,
are also some unforgeable verification metadata that
authenticate the integrity of a data block. And during the audit
process, CSP generates linear equation as proof of integrity
check and provides it to TPA, which does not contain the
exact data. In HLA with Random Masking Technique, the
linear combination of sampled blocks in the server’s response
is masked with randomness generated by a pseudo random
function (PRF) in [6]. With random masking, the TPA no
longer has all the necessary information to build up a correct
group of linear equations and therefore cannot derive the
user’s data content, no matter how many linear combinations
of the same set of file blocks can be collected. Homomorphic
Non-Linear Authentication with random masking techniques
to achieve cloud security in this protocol, the non-linear
blocks in the server’s response is masked with randomness
generated by the server in [7]. With random masking, the TPA
no longer has all the necessary information to build up a
correct group of non-linear equations and therefore cannot
derive the user’s data content, no matter how many linear
combinations of the same set of file blocks can be collected.
Using Extensible authentication protocol (EAP) through three
ways hand shake with RSA in [8]. Implementation of this
EAP-CHAP in cloud computing provides authentication of the
client. It provides security against spoofing identity theft, data
tempering threat and DoS attack. The data is being transferred
between client and cloud providers. Using Automatic Protocol
Blocker to avoid unauthorized access and also technique for
error correction which check data storage correctness in [9].
When an unauthorized user access user data, a small
application runs which monitors user inputs, it matches the
user input, if it is matched then it allows user to access the
data otherwise it will block protocol automatically. Other than
Setup and Audit phase, it has one more phase named
PBlocker: Once the user initializes the parameters the system
checks the all the specified parameters and validates the
protocol for proper users, it blocks the unauthorized users.
III.
intact, the multiple parts of the encrypted data is merged at the
main server and a new signature is generated and later the
TPA verifies by equality checking of both the signatures. Thus
the data integrity checking is done. To enable privacypreserving public auditing for cloud data storage, the design
will achieve the following security and performance
guarantees:
Public auditability that allows TPA to verify the
correctness of the cloud data on demand without
retrieving a copy of the whole data.
Security is improved by storing data in encrypted
format as well as by splitting into multiple parts and
storing in different clouds.
It is important to note that our proof of data integrity protocol
just checks the integrity of data i.e. if the data has been
illegally modified.
1. System Architecture
In our scheme, the system architecture for cloud data storage
has three entities as follows:
Client : is a entity which has data files to be stored in
the Cloud and relies on the Cloud for data
maintenance.
Cloud Server : is a entity managed by Cloud service
provider and has significant storage space to maintain
client’s data. Here we are using more than one Cloud
storage to improve security of data.
Third Party Auditor (TPA) : is a entity which has
expertise and capabilities to check integrity of
client’s data stored at Cloud on behalf of client, upon
audit request.
Figure 1 : System Architecture
PROPOSED SCHEME
One of the important concerns of cloud storage service, that
need to be addressed is to assure the client’s data integrity i.e.
correctness of his data in the cloud. As the data is physically
not accessible to the client, the cloud should provide a way for
the user to check if the integrity of his data is maintained or is
compromised. In the proposed system Secure cloud auditing,
the data is encrypted at the client then the signature of the
encrypted data is generated. The generated signature is stored
at TPA and the encrypted data is divided into multiple parts at
the main server and stored at different clouds. When there is a
audit request by a client to check whether the data stored is
ISSN: 2231-5381
2. Scheme Implementation Overview
The proposed system mainly has 4 main algorithms as
follows:
KeyGen : This algorithm is run at Client. Whenever a Client
registers, a randomised key is generated and data file is
encrypted using that key.
SigGen : This algorithm is used to generate signature of the
encrypted data, which will be used as verification metadata for
checking data integrity at Client.
GenProof : It is used by the Cloud server to generate a new
signature as a proof of data storage correctness.
http://www.ijettjournal.org
Page 168
International Journal of Engineering Trends and Technology (IJETT) – Volume23 Number 4- May 2015
Verifyproof : This algorithm is run at TPA, which does
equality checking of signature generated by SigGen on file
upload by client and new signature generated by Genproof as
a data integrity response by Cloud server.
The scheme is divided into two phases as setup phase and
audit phase.
Setup Phase: In this phase at the client end, randomly
a key is generated by using KeyGen algorithm and
then the data file is encrypted. The encrypted data
file is preprocessed by using SigGen algorithm to
generate signature. The encrypted data file is sent to
Cloud server for storage and the signature is sent to
TPA. In the Cloud server the encrypted data is split
into two parts and stored at different Cloud storage.
Audit Phase : TPA issues an audit message to Cloud
server. It will access the data from different Cloud
storage, merge into a single data file and generate a
new signature by executing GenProof algorithm. This
newly generated signature is sent to TPA, where it
verifies both the signature by executing VerifyProof
algorithm.
Figure 3 : Communication cost versus File size
V.
The idea provides a privacy-preserving public auditing for
cloud by using a TPA (Third Party Auditor), which does the
auditing without retrieving the data copy, hence privacy is
preserved. The data is stored in the encrypted format as well
as in parts at different cloud storage which makes the data
secure. The data integrity can be verified by the auditor as
data ’touched’ or ’untouched’ by the comparison of signatures.
Though this auditing scheme cannot recognize if the data is
been read illegally, but this would not affect since the data
stored is in encrypted format as well as is stored in parts. The
future work can have a module to identify if the data file is
read illegally and there can be a effort to add additional
concept of retrival of the actual data on tampering i.e restoring
the actual data if the data is been modified.
VI.
Figure 2 : Phases of the scheme
IV.
Experimental Results
We implemented our experiment using Java with
experimental setup consisting of three systems in Windows 7
connected via LAN. Database is used at backend to store user
data. Initially three systems are considered as Client, TPA and
Cloud Server respectively. To achieve constant bandwidth
cost we took file range from 100 to 500 KB. Experiment is
held on files with .doc, .txt and .pdf formats.
ISSN: 2231-5381
CONCLUSION
REFERENCES
[1] Giuseppe Ateniese, Randal Burns, Reza Curtmola,
Joseph Herring, Lea Kissner, Zachary Peterson, and
Dawn Song. Provable data possession at untrusted
stores. In Proceedings of the 14th ACM conference
on Computer and communications security, pages
598–609,ACM, 2007.
[2] S.kaliski A.Juels, J.Burton. Pors: Proofs of
retrievability for large les. In Proc. of
CCS07,Alexandria, pages 584–597, 2007.
[3] Hovav Shacham and Brent Waters. Compact proofs
of retrievability. In Advances in CryptologyASIACRYPT 2008, pages 90–107. Springer, 2008.
[4] Qian Wang, Cong Wang, Jin Li, Kui Ren, and
Wenjing Lou. Enabling public verifiability and data
dynamics for storage security in cloud computing. In
Computer Security– ESORICS 2009, pages 355–370.
Springer, 2009.
[5] Qian Wang, Cong Wang, Kui Ren, Wenjing Lou, and
Jin Li. Enabling public auditability and data
dynamics for storage security in cloud computing.
Parallel and Distributed Systems, IEEE Transactions
on, 22(5):847–859, 2011.
[6] Cong Wang, S Chow, Qian Wang, Kui Ren, and
Wenjing Lou. Privacy-preserving public auditing for
secure cloud storage. IEEE Transaction on Cloud
Computing 2013.
http://www.ijettjournal.org
Page 169
International Journal of Engineering Trends and Technology (IJETT) – Volume23 Number 4- May 2015
[7] D Srinivas. Privacy-preserving public auditing in
cloud storage security. International Journal of
computer science nad Information Technologies,
2(6):2691–2693, 2011.
[8] Sadia Marium, Qamar Nazir, Aftab Ahmed Shaikh,
Saira Ahthasham, and Mirza Aamir Mehmood.
Implementation of eap with rsa for enhancing the
security of cloud computing. International Journal of
Basic and Applied Sciences, 1(3):177–183, 2012.
[9] P.Radhakrishna,
K.Kiran Kumar, K.Padmaja.
Automatic protocol blocker for privacy preserving
public auditing in cloud computing. International
Journal of Computer Science and technology, 3:936–
940, 2012.
[10] Shobana.S
Balkrishna.s,
Saranya.G
and
Karthikeyan.S. Introducing effective third party
auditing(tpa) for data storage security in cloud.
International Journal of Computer Science and
technology, 2(2), 2012.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 170