Secure Data Sharing of Multi-Owner Groups in Cloud 1Sunilkumar

advertisement
Secure Data Sharing of Multi-Owner Groups in Cloud
1Sunilkumar
Permkonda , 2D. Madhu Babu
ABSTRACT: Cloud computing provides an economical and
efficient solution for sharing group resource among cloud users.
Using cloud storage, users can remotely store their data a and
enjoy the on-demand high quality application and services from a
shared pool of configurable computing resources, without the
burden of local data storage and maintenance. However, the fact
that users no longer have physical possession of the outsourced
data makes the data integrity protection in cloud computing a
formidable task, especially for users with constrained computing
resources. Sharing data in multi-owner manner while preserving
data and identity privacy from an un strusted cloud is still a
challenging issues. So, secure cloud authentication system has
been proposed, in which users can check the integrity of
outsourced data by assigning a third party auditor (TPA) and be
worry-free. By using an encryption and hashing technique such
as Advanced Encryption Standard (AES),Merkle Hash
Tree(MHT) algorithm, any cloud users can anonymously share
data with others. Also trustworthiness will be increased between
the user and the cloud service provider.
KEYWORDS: Cloud computing, data
preserving, access control, dynamic groups.
sharing,
privacy-
1. INTRODUCTION
Cloud Computing is recognized as an alternative to
traditional information technology due to its intrinsic resource
sharing and low-maintenance characteristics. In cloud
computing ,the cloud service provider(CSPs),such as Amazon,
are able to deliver various services to cloud users with the
help of powerful datacenters. By migrating the local data
management systems into cloud servers, users can enjoy highquality services and save significant investments on their local
infrastructures.
1
Sunilkumar Permkonda, M. Tech Student, Department of
CSE, JNTUA, Anantapur/ Audisankara Institute of
Technology,
Gudur
/India,
(e-mail:
sunil55varma@gmail.com).
2
D.Madhu Babu, Assistant Professor Department of CSE,
JNTUA/ Anantapur/ Audisankara Institute of Technology,
Gudur /India,( e-mail: dmadhubabu@yahoo.com).
One of the most fundamental services offered by cloud
providers is data storage. By utilizing the cloud ,the users can
be completely released from the troublesome local data
storage and maintenance. However, It also poses a significant
risk to the confidentiality of those stored files. Specifically, the
cloud servers managed by cloud providers are not fully trusted
by users while the data files stored in cloud may be sensitive
and confidential, such as business plans. To preserve data
privacy, as basic solution is to encrypted data files, and then
upload the encrypted data into the cloud. Unfortunately.
Designing an efficient and secure data sharing schema for
groups in the cloud is not an easy task due to the following
challenging issues.
First, identity privacy is one of the most significant
obstacles is one the wide deployment of cloud computing .
Without the guarantee of identity privacy, users may be
unwilling to join in cloud computing systems because their
identities could be easily disclosed to cloud providers and
attackers.
Second it is highly recommended that any member in a
group should be able to fully enjoy the data storing and
sharing services provided by the cloud , which is defined as
the multi-owner manner. Compared with the single-owner
manner, where only the group manager can store and modify
data in the cloud , the multiple-owner manner is more flexible
in practical applications. More concretely, each user in the
group is able to not only read data , but also modify their part
of data in the entire data file shared by the company. groups
are normally dynamic in practice, e.g., new staff participation
and current employee revocation in a company. The changes
of membership make secure data sharing extremely difficult.
On one hand , the anonymous system challenges new granted
users to learn the content of data files stored before their
participation, because it is impossible for new ranted users to
contact with anonymous data owners, and obtain the
corresponding decryption keys. On the other hand, an efficient
membership revocation mechanism without updating the
secret keys of the remaining users is also desired to minimize
the complexity of key management.
Several security schemes for data sharing on un
trusted servers have been proposed. In these approaches, data
owners store the encrypted data files in un trusted storage the
encrypted and distribute the corresponding decryption keys
only to authorizes users. Thus, unauthorized users as well as
storage servers can't learn the content of the data files because
they have no knowledge of the decryption keys. However the
complexities of user participation and revocation in these
schemes are linearly increasing with the number of data
owner and the number of revoked users, respectively. By
setting a group with a single attribute, Lu et al. proposed a
secure provenance scheme based on the cipher text-policy
attribute-based encryption technique, which allows any
member in group to share data with others. However, the issue
of user revocation is not addressed in their scheme presented a
scalable and fine-grained data access control scheme in cloud
computing based o the Key policy attribute-based
encryption(KP-ABE) technique. unfortunately, the single
owner manner hinders the adoption of their scheme into the
case , where any user is ranted to store and share data.
2. RELATED WORKS
Several security schemes for data sharing on un trusted servers
have been proposed [4], [5], [6]. In these approaches, data
owners store the encrypted data files in un trusted storage and
distribute the corresponding decryption keys only to
authorized users. Thus, unauthorized users as well as storage
servers cannot learn the content of the data files because they
have no knowledge of the decryption keys.
Proposed a cryptographic storage system that enables secure
file sharing on un trusted servers, named plutus. By dividing
files into file groups and encrypting each file group with a
unique file-block key, the data owner can share the file groups
with others through delivering the corresponding lockbox
key, where the lockbox key is used to encrypt the file-block
keys. However, it brings about a heavy key distribution
overhead for large-scale file sharing. Additionally, the fileblock key needs to be updated and distributed again for a user
revocation. Files stored on the un trusted server include two
parts: file metadata and file data. The file metadata implies the
access control information including a series of encrypted key
blocks, each of which is encrypted under the public key of
authorized users. Thus, the size of the file metadata is
proportional to the number of authorized users. The user
revocation in the scheme is an intractable issue especially for
large-scale sharing, since the file metadata needs to be
updated. In their extension version, the NNL construction is
used for efficient key revocation. However, when a new user
joins the group, the private key of each user in an NNL system
needs to be recomputed, which may limit the application for
dynamic groups. Another concern is that the computation
overhead of encryption linearly increases with the sharing
scale.
Leveraged proxy re-encryptions to secure distributed storage.
Specifically, the data owner encrypts blocks of content with
unique and symmetric content keys, which are further
encrypted under a master public key. For access control, the
server uses proxy cryptography to directly re encrypt the
appropriate content key(s) from the master public key to a
granted user’s public key. Unfortunately, a collusion attack
between the un trusted server and any revoked malicious user
can e launched, which enables them to learn the decryption
keys of all the encrypted blocks.
3.CLOUD COMPUTING SECURITY
Cloud Computing Security as “Cloud computing security
(sometimes referred to simply as "cloud security") is an
evolving sub-domain of computer security, network security,
and, more broadly, information security. It refers to a broad set
of policies, technologies, and controls deployed to protect
data, applications, and the associated infrastructure of cloud
computing.”
3.1 Data Security in Existing Cloud Computing System:
Cloud Computing is the vast developing technology, but
Security is the major challenging issue that is faced by the
Cloud Service Providers for handling the Outsourced Data.
Although the infrastructures under the cloud are much more
powerful and reliable than personal computing devices, they
are still facing the broad range of both internal and external
threats for data integrity. Thus, Trustworthiness for Data
Management system reduced rapidly. To overcome this
drawback, there is no big implementation was introduced till
now. By using this drawback of the cloud, the hackers are
hacking the data from the Cloud Servers. Dynamic broadcast
encryption technique is used and users can anonymously share
data with others .It allows the data owners to securely share
data files with others.
To achieve secure data sharing for dynamic groups in the
cloud, we expect to combine the group signature and dynamic
broadcast encryption techniques. Specially, the group
signature scheme enables users to anonymously use the cloud
resources, and the dynamic broadcast encryption technique
allows data owners to securely share their data files with
others including new joining users. Unfortunately, each user
has to compute revocation parameters to protect the
confidentiality from the revoked users in the dynamic
broadcast encryption scheme, which results in that both the
computation overhead of the encryption and the size of the
ciphertext increase with the number of revoked users. Thus,
the heavy overhead and large ciphertext size may hinder the
adoption of the broadcast encryption scheme to capacitylimited users. To tackle this challenging issue, we let the
group manager compute the revocation parameters and make
the result public available by migrating them into the cloud.
Such a design can significantly reduce the computation
overhead of users to encrypt files and the cipher text size.
Specially, the computations overhead of users for encryption
operations and the cipher text size are constant and
independent of the revocation users.
From the above analysis, we can observe that how to securely
share data files in a multiple-owner manner for dynamic
groups while preserving identity privacy from an un trusted
cloud remains to be a challenging issue. In this paper, we
propose a novel Mona protocol for secure data sharing in
cloud computing. Compared with the existing works, Mona
offers unique features as follows:
1.
Any user in the group can store and share data files
with others by the cloud.
2.
The encryption complexity and size of cipher texts
are independent with the number of revoked users in
the system.
3.
User revocation can be achieved without updating the
private keys of the remaining users.
4.
A new user can directly decrypt the files stored in the
cloud before his participation.
4. PROPOSED CLOUD DATA SECURITY MODEL
4.1 OVERALL DESIGN:
The following figure shows the overall architecture
of proposed system.Here the data is stored in a secure manner
in cloud and TPA audits the data to verify its integrity. If any
part of data is modified or corrupted, then mail alert is sent to
the data owner to indicate that the file has been changed.
Figure: System model.
4.2 DATA SECURITY
Once Data Owners registers in the cloud, private and
public keys are generated for that registered owners. By using
these keys, data owners can now store and retrieve data from
cloud. A data owner encrypts the data using Advanced
Encryption Standard (AES) and this encrypted data is then
hashed with Merkle Hash Tree algorithm. By using Merkle
Hash Tree algorithm the data will be audited via multiple level
of batch auditing process. The top hash value is stored in local
database and other hash code files are stored in cloud. Thus
the original data cannot be retrieved by anyone from cloud,
since the top hash value is not in cloud. Even if any part of
data gets hacked, it is of no use to the hacker. Thus, the
security can be ensured
4.3DATA INTEGRITY:
To overcome this drawback, we propose secure storage for
multi-owner data sharing authentication system in loud. If data
owner wants to upload data in cloud, Public and Private Keys
will be generated for that user. He first encrypts the data using
Advance Encryption Standard algorithm and then hashes the
encrypted data using Merkle Hash Tree algorithm. Then the
data will be given to the Trusted Party Auditor for auditing
purpose. The Auditor audits the data using Merkle Hash Tree
Algorithm and stores in the Cloud Service Provider. If the user
wants to View/Download the data, they have to provide the
public key. The Data Owners will check the public key
entered by the User. If valid, then the decryption key will be
provided to the user to encrypt the data.
To check whether the data is modified or not, that is
present in cloud, data owner assigns a third party called
Trusted Party Auditor (TPA). Once the data owner sends the
request to audit the data, TPA checks the integrity of the data
by getting the hash code files from cloud server and top hash
value from db and verifies the file using Merkle Hash Tree
Algorithm. After each time period, the auditing information
will be updated by the Trusted Party Auditor. If any file is
missing or corrupted, email alert will be sent to data owner
indicating that the data has been modified. The TPA can verify
the file either by random or in manual way. Thus by allowing
the Trusted Party Auditor to audit the data, Trustworthiness
will be increased between the User and Cloud service
Providers.
number of group members (i.e., the staffs) as illustrated in Fig.
1.
Our contributions: To solve the challenges presented above,
we propose Mona, a secure multi-owner data sharing scheme
for dynamic groups in the cloud. The main contributions of
this paper include:
Group manager takes charge of system parameters
generation, user registration, user revocation, and revealing
the real identity of a dispute data owner. In the given example,
the group manager is acted by the administrator of the
company. Therefore, we assume that the group manager is
fully trusted by the other parties. Group members are a set of
registered users that will store their private data into the cloud
server and share them with others in the group. In our
example, the staffs play the role of group members. Note that,
the group membership is dynamically changed, due to the staff
resignation and new employee participation in the company.
1.
We propose a secure multi-owner data sharing
scheme. It implies that any user in the group can
securely share data with others by the un trusted
cloud.
2.
Our proposed scheme is able to support dynamic
groups efficiently. Specifically, new granted users
can directly decrypt data files uploaded before their
participation without contacting with data owners.
User revocation can be easily achieved through a
novel revocation list without updating the secret keys
of the remaining users. The size and computation
overhead of encryption are constant and independent
with the number of revoked users.
3.
4.
We provide secure and privacy-preserving access
control to users, which guarantees any member in a
group to anonymously utilize the cloud resource.
Moreover, the real identities of data owners can be
revealed by the group manager when disputes occur.
We provide rigorous security analysis, and perform
extensive simulations to demonstrate the efficiency
of our scheme in terms of storage and computation
overhead.
Cloud is operated by CSPs and provides priced abundant
storage services. However, the cloud is not fully trusted by
users since the CSPs are very likely to be outside of the cloud
users’ trusted domain. Similar to [3], [7], we assume that the
cloud server is honest but curious. That is, the cloud server
will not maliciously delete or modify user data due to the
protection of data auditing schemes [17], [18], but will try to
learn the content of the stored data and the identities of cloud
users.
4.5 ADVANTAGES



4.4 USER AUTHENTICATION:In this module, the user is allowed to access the
information from the Cloud Server. When a user registers in
cloud, private key and public key will be generated for that
user by cloud server. If user wants to view his own file, he
uses private key. If user wants to view others file, he uses
public key. This public key is split up equally for verification
by data owners. Each part of the public key is verified by data
owners. After verifying the key, if the key is valid, then user is
allowed to access the data. If the key is invalid, then the user is
rejected to access the data by Cloud Service Provider.
We consider a cloud computing architecture by combining
with an example that a company uses a cloud to enable its
staffs in the same group or department to share files. The
system model consists of three different entities: the cloud, a
group manager (i.e., the company manager), and a large

By providing the Public and Private key components,
only the valid user will be allowed to access the data.
By allowing the Trusted party Auditorto audit the
data, Trustworthiness will be increased between the
User and Cloud ServiceProviders.
By using Merkle Hash Tree Algorithm the data will
be audited via multiple level of batch auditing
Process.
As Business Point of view, the Company’s
Customers will be increased due to the Security and
Auditing Process.
Anonymity and traceability: Anonymity guarantees that
group members can access the cloud without revealing the real
identity. Although anonymity represents an effective
protection for user identity, it also poses a potential inside
attack risk to the system. For example, an inside attacker may
store and share a mendacious information to derive substantial
benefit. Thus, to tackle the inside attack, the group manager
should have the ability to reveal the real identities of data
owners.
Efficiency: The efficiency is defined as follows: Any
group member can store and share data files with others in the
group by the cloud . User revocation can be achieved without
involving the remaining users. That is, the remaining users do
not need to update their private keys or re-encryption
operations. New granted users can learn all the content data
files stored before his participation without contacting with the
data owner.
5. CONCULSION
Data is secured by keeping the top hash value in local
database and hash code files in Cloud Server. By enabling
TPA to audit he data, integrity is maintained. Authenticating
the requested user key by all data owners. we design a secure
data sharing scheme, Mona, for dynamic groups in an un
trusted cloud. In Mona, a user is able to share data with others
in the group without revealing identity privacy to the cloud.
Additionally, Mona supports efficient user revocation and new
user joining. More specially, efficient user revocation can be
achieved through a public revocation list without updating the
private keys of the remaining users, and new users can directly
decrypt files stored in the cloud before their participation.
Moreover, the storage overhead and the encryption
computation cost are constant. Extensive analyses show that
our proposed scheme satisfies the desired security
requirements and guarantees efficiency as well.
6. REFERENCES
[1] G. Ateniese, K. Fu, M. Green, and S. Hohenberger (2005),
“Improved Proxy Re- Encryption Schemes with Applications
to secure Distributed Storage”, Proc. Network and Distributed
Systems Security Symp. (NDSS), pp. 29-43
[2] G. Ateniese, R. Burns, R.Curtmola, J. Herring, L. Kissner,
Z. Peterson, and D. Song, “Provable Data Possession at
Untrusted stores”, proc. 14th ACM Conf. Computer and
Comm. Security (CSS ’07), pp. 598-609
[3] K.D. Bowers, A.Juels, and A.Oprea (2009), “HAIL: A
High-Availability and Integrity Layer for Cloud Storage”,
Proc.ACM Conf. Computer and Comm. Security (CCS ’09),
pp. 187-198
[4] A. Fiat and M.Naor (1993),“Broadcast Encryption”, proc.
Int’l Cryptology Conf. Advances in Cryptology(CRYPTO),
pp.480-491.
[5] E.Goh, H. Shacham, N. Modadugu,and D.Boneh (2003),
“Sirius: Securing Remote Untrusted Storage”, Proc. Network
and Distributed Systems Security Symp. (NDSS), pp. 131145.
[6] M.Kallahalla,E.Riedel,R. Swaminathan, Q. Wang, and K.
Fu (2003), “Plutus: Scalable Secure File Sharing on Untrusted
storage”, Proc.USENIX Conf. File and Storage Technologies,
pp. 29-42.
[7] X. Liu, Y. Zhang, B. Wang, and J. Yan (2013), “Mona:
Secure Multi-Owner Data Sharing for Dynamic Groups in the
Cloud”, IEEE Trans. On Parallel and Distributed Systems,
pp.1182-1191.
[8] H. Shacham and B. Waters (2008), “Compact Proofs of
Retrievability”, proc. Int’l Conf. Theory and Application of
Cryptology and Information Security: Advances in Cryptology
(Asiacrypt), pp. 90-107.
[9] C. Wang, Q. Wang, K. Ren, and W. Lou (2013), “PrivacyPreserving Public Auditing for Secure Cloud Storage”, IEEE
Trans. on Computers, pp. 362-375.
[10] S. Yu, C. Wang, K. Ren, and W. Lou (2010), “Achieving
Secure, Scalable and Fine Grained Data Access Control in
Cloud Computing”, Proc. IEEE INFOCOM, pp. 534 - 542.
Download