International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013

ISSN: 2231-2803 http://www.ijcttjournal.org Page 2044

Secure and Accountable Data Sharing In the
Cloud
T.Praveenkumar
1
, K.Narsimhulu
2

1
M.Tech(ComputerScience&Engineering), RajeevGandhiMemorialCollege of Engineering and Technology,
Nandyal, AndhraPradesh, India
2
AssistantProfessor(Dept. Of CSE), RajeevGandhiMemorialCollege of Engineering and Technology,
Nandyal, AndhraPradesh, India


AbstractCloud computing is a technology that offers
hardware and software resources as services over a
network. Cloud Computing provides wide range of
services that are easily used over a network. One of the
major characteristics of the cloud services is that users
data are processed on unknown remote severs that users
do not operate, then it will be a considerable roadblock in
using all available cloud services. To avoid this problem,
we propose a highly decentralized framework to monitor
the actual usage of the users data available on the cloud.
The Cloud Information Accountability (CIA) framework
proposed in this work performs automated logging and
distributed auditing of relevant access performed by other
entity, carried out at any point of time at any cloud service
provider (CSP). It comprises of two major components:
logger and log harmonizer. The proposed methodologies
will also takes the responsibility of the JAR file by
converting the JAR into obfuscated code which will adds
an additional layer of security to the infrastructure. Apart
from this we are going to extend the security of users data
by provable data possessions for integrity verification.
Keywords-- Cloud computing, data sharing, Cloud
Information Accountability framework (CIA), Cloud
Service Provider (CSP), Provable data possession
I.INTRODUCTION
The Cloud Information Accountability framework proposed in
this work conducts automated logging and distributed auditing
of relevant access performed by any other entity, carried out at
any point of time at any cloud service provider. It consists of
two major components: logger and log harmonizer. The J AR
file includes a set of access control rules specifying whether
and how the cloud servers and possibly other data
stakeholders are authorized to access the content itself. Apart
from these we are going to check the integrity of the JRE on
the systems on which the logger components is initiated. This
integrity checks are carried out by using oblivious hashing.
The proposed methodologies will also takes responsibility of
the JAR file by converting the JAR into obfuscated code
which will adds an additional layer of security to the
infrastructure. Apart from this we are going to extend the
security for users data by Provable Data Possessions (PDP)
for integrity verification. Based on the configuration settings
defined at the time of creation, the JAR will provide usage
control to perform logging.
Logging indicates each time there is an access to the data; the
JAR will automatically generates a log record.

II PROBLEM STATEMENT
In this section by considering an illustrative example which
serves as the basis of our problem statement and will be used
throughout the paper to demonstrate the main features of our
system.
In this example, multiple Cloud Service Providers (CSP) are
available in the Internet. A customer uses the services supplied
by a specific CSP like access online travelling, printing, office
applications, etc. In order to use these services, customers
have to register and disclose personal data, including address,
financial details, etc. In order to provide the required
functionalities, a CSP might need to interact with other CSPs
and share relevant data to enable the business transaction. For
example, a travelling service might need to interact with an
external billing service and flight reservation service in order
to supply the required service to the customer.
From Fig.1, all these interactions requires user`s personal and
confidential data needs to be collected; it can potentially be
analysed, processed and exchanged with other third parties. A
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2045

key issue highlighted by this scenario is that both the customer
and CSPs might quickly lose control on data when this data is
exchanged between different parties in chains of interactions.
Customers might desire to retain control about:

Fig.1: Data sharing in cloud
How their data should be used; who can access it, etc. They
might want to: dictate the purposes for which data can be
disclosed to third parties; impose constraints on the retention
time, notifications, etc. Similar comments apply to a service
provider disclosing information to third parties.
In other words, the entities that disclose information would
like to express preferences (including privacy preferences) on
how their personal and confidential data should be handled
along with access control and obligation constraints. Some
specific examples of authorization policies for access control
and obligation policies follow:
Authorization Policies for controlling access
Customer credit card data can be accessed by CSP1
for Business Transaction purposes only ;
Customer email address can be shared with CSP2 and
CSP3 only for business transactions and goods
delivery.
Customer email address details must not be shared
with CSP4.
Obligation Policies
Customer has to be notified by email every time my
data is accessed;
Customer has to be notified every time my credit card
is disclosed to another CSP;
Customer can have full control of their data and can
be able to delete their data, if it is not accessed /used
for long time period.
Interestingly, the above stated constraints might need to be
enforced by all the entities involved disclosing data like, in the
example, by the Travelling Service, the Flight Booking
Service, and the Printing Service etc.
Furthermore, the customer might change their mind and
modify some of their preferences and constraints. These
changes should be distributed through the chain of disclosures.
With this scenario in mind, we identify the common
requirements and developed several guidelines to achieve data
accountability in the cloud. A user, who subscribed to a
certain CSP, usually needs to send his/her data as well as
associated access control policies (if any) to the CSP. After
the data are received by the CSP, the CSP will have granted
access rights such as read, write, and copy on the data. By
using conventional access control techniques, once the access
rights are granted, then CSP can have entire data access rights.
III SYSTEM DESIGN
3.1 JAR Generation
The JAR file includes a set of access control rules specifying
whether and how the CSPs and possibly other data
stakeholders (users, companies) are authorized to access the
content. Based on the configuration settings defined at the
time of creation, the JAR will provide usage control to
perform logging.
3.2 Obfuscation
In software development, obfuscation is the act of creating
obfuscated code deliberately, i.e. machine code that is difficult
for humans to read and understand. Programmers may
obfuscate code deliberately to conceal its purpose (security
through obscurity) in order to avoid tampering and deter
reverse engineering, or recreational challenges for someone
reading the source code. Obfuscators are programs that
transform readable code into obfuscated code by using various
techniques.
Source Code
var a="Hello World!";
function MsgBox(msg)
{
alert(msg+"\n"+a);
}
MsgBox("OK");
Obfuscated code
var
_0xdcf3=["\x48\x65\x6C\x6
C\x6F\x20\x57\x6F\x72\x6C
\x64\x21","\x0A","\x4F\x4B"
];var a=_0xdcf3[0];function
MsgBox(_0x709bx3){alert(_
0x709bx3+_0xdcf3[1]+a);}
;MsgBox(_0xdcf3[2]);

Table.1: Example of obfuscated code
However, a byte code disassemble would still work even if we
are using a code obfuscator that will make all decompilers fail
completely. Remember that JVM instruction set contains high-
level Instructions, as incompatible to real CPUs such as x86,
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2046

so it is easy to understand disassembled Java than
disassembled C++. It would therefore make sense to also
"collapse" the entire structure of the program. The advanced
obfuscation techniques include class hierarchy changes, array
folding/flattening, method inlining and outlining, loop
unrolling, etc.
3.3 The Logging Mechanism
The main responsibility of the JAR is to handle authentication
of entities which are in need to access the data stored in the
JAR file. In this scenario, the data owners may not know the
exact CSPs where the data is handled/processed. Hence,
servers functionality will specify the authentication (which
we assume to be known through a lookup service), but not the
servers URL.
3.4. Log Record Generation
Log records are generated by the component called logger.
Logging occurs for every access to the data in the JAR, and
generated new log entries are appended sequentially, in the
order of creation LR = (r1; . . . ; rk). Each record r
i
is
encrypted individually and appended to the log file. In
particular, a log record contains the following information:
Here, r
i
indicates that an action on the users data by an entity
identified by ID at time T at location Loc.

3.5 PDP (PROVABLE DATA POSSESSION)
3.5.1 Verify data possession
C sends a challenge
chal: a challenge with random value
S process V from chal and F
V: a proof
return V
C checks V

Fig. 2: Verify data possession

A PDP system can be constructed from PDP scheme in two
phases:
Setup
C runs KeyGen, TagBlock and sends pk,F, to S
Challenge
C sends chal to S
S runs GenProof and sends V to C
C check V with Check Proof
We also showed that our PDP scheme provided all security
properties required by zero knowledge interactive proof
system, so that it can resist various kinds of attacks even
though it is deployed as a public audit service in clouds.

3.6 Auditing Mechanism
Data owners are frequently and accurately notified about the
access to their data, our logging mechanism is formulated by
an innovative auditing mechanism in distributed environment.
We support two auditing techniques: 1) push mode 2) pull
mode.

3.6.1 Push mode:
The logs are frequently pushed to the data owner by the Log
Harmonizer. The push action will trigger anyone from
following two events: one event is that the elapsed time for a
particular period according to the temporal timer inserted as
part of the JAR file. The other event is that if JAR file creation
exceeds the specified size by the data owner. After the log
files are forwarded to the data owner, the log files can be
deleted in order to have free space for future logs. Deletion of
logs also dumps relevant log information like error correcting
etc. This mode is the basic mode which is compatible for both
the Pure Logs and the Access Logs, anyway whether the data
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2047

owner request for the log files. Push mode serves to fulfill two
purposes in the architecture of logging: 1) it assures that the
log file size does not exceed and 2) it performs timely
detection and correction of any damage or loss to the log files.
Concerning the latter purpose, we notice that the data owner,
upon receiving the log file, will check its cryptographic
guarantees, by verifying integrity and authenticity of the
records. By construction of the records, the data owner will be
able to quickly detect for forgery entries, by using the
checksum appended for every record.
3.6.2 Pull mode:
This mode allows data owners to retrieve the logs anytime
when they want to check the recent access to their own data.
The pull message comprise simply of an FTP pull command,
which can be issued from the command line. The request will
be sent to the log harmonizer, and the user will be informed of
the data locations and obtain an integrated copy of the
authentic and sealed log file.
3.7 Accountability Mechanism
In Fig 3 working of accountability mechanism in cloud is
given in this when user will access data then log of each
access is created by logger and periodically sent to log
harmonizer, log harmonizer send these logs to the data owner
and data owner can check logs and take appropriate action if
he wants.


Fig 3: Accountability Mechanism in cloud






IV. SECURITY ANALYSIS

4.1 Copying Attack
The most intuitive attack is that the attacker copies entire JAR
files. The adversary may assume that doing so allows
accessing the data in the JAR file without being noticed by the
data owner. However, such attacks are going to be detected by
our auditing mechanism. Recall that every JAR file must send
log records to the log harmonizer.
In particular, with the push mode, the log harmonizer will
send the logs to data owners frequently. That is, even if the
data owner is not aware of the existence of the additional
copies of its JAR files, he can still be able to receive log files
from all existing copies. If attackers move additional copies of
JARs to places where the log harmonizer cannot connect, the
additional copies of JARs will soon become inaccessible.
4.2 Data Leakage Attack
An Attack by which an adversary can easily obtain the stored
data through verification process after running or wire tapping
sufficient verification communications. An attacker will use
well-formed requests for an application, service, or device that
may result in the inadvertent disclosure of sensitive data by
handling weaknesses in the configuration of the target results
in that target reveals more details to an attacker than expected.
The attacker might collect all this information through
different methods like active querying and passive
observation. Information may contain details relevant to the
capabilities or configuration of the target, clues as to the
temporal arrangement or nature of activities, or otherwise
sensitive data. Often this kind of attack is overlooked in
preparation for some other attacks, although the gathering of
information may end goal of attacker in some cases. Retrieved
information may used by the attacker in making assumptions
about vulnerabilities, potential weaknesses or techniques that
helps in achieving the attacker's objectives. Leakage of data
may come various forms such as confidential information
stored in insecure directories, or services that provide
diagnostic messages in response to normal queries.

4.3 Disassembling Attack
Another possible next attack is to disassemble JAR file
relevant to the logger and then attempt for extracting useful
information out of it. Once the JAR file is disassembled, the
attacker is having the public IBE key which is used for
encrypting the log files. Therefore, the attacker has to depend
on learning the private key or subverting the encryption to
International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 7July 2013
ISSN: 2231-2803 http://www.ijcttjournal.org Page 2048

read the log records. To accord confidentiality of log files,
attacker will attempt to determine which relevant encrypted
log records to his/her actions by mounting selected plaintext
attack to derive plain texts and pairs of encrypted log records.
However, the usage of the Weil Pairing algorithm assures that
the CIA framework has both chosen plain text security and
cipher text security in the random oracle model. Therefore, the
attacker may not be able to decrypt any other data or log files
in the disassembled JAR file. Even though the attacker
bypasses authorization, he/she can access the actual content
file but he/she will not be able to decrypt any data including
the log files that are viewable to the data owner exclusively.
Through disassembled JAR files, the attackers are not able to
have directed the access control policies as the original source
code is not incorporated in the JAR files. If attacker wants to
deduce access control policies, the possible way is by
analyzing the log file only. This is very hard to achieve, as log
records are encrypted and the decryption is computationally
hard. Also, the attacker will be not modifying the log files that
are extracted from a disassembled JAR.
The above specified attacks are more frequent in this
distributed environment.
V. ADVANTAGE

The CIA framework ability lies in maintaining lightweight and
accountability mechanism that combines aspects of access
control, authentication, and usage control. Providing defenses
against man in middle attack, dictionary attack, Disassembling
Attack, Compromised JVM Attack, Data leakage attack.PDP
allows the data owners to remotely verify the integrity of their
data its Suitable for limited and large number of storages.
VI. CONCLUSION

CIA framework is developed with innovative approach for
automatically logging every access to the data available on the
cloud together with auditing mechanisms. Our approach
permits data owner to not only monitor his/her data but also
enforce constraints for strong back-end protection. Apart from
that we have enclosed PDP methodology to enhance the
integrity of owners data. In future, we plan to extend our
approach to verify the integrity of JRE. For that we will cross-
check whether it is possible to leverage the advantage of
secure JVM being developed by IBM and we would like to
enhance our PDP architecture from user end which will allow
the users to check data remotely in an efficient manner in
multi cloud environment.


REFERENCES

1. Conference Proceedings
[1] Smitha Sundareswaran, Anna C. Squicciarini, and Dan
Lin, Ensuring Distributed Accountability for Data Sharing in
the Cloud, IEEE TRANSACTIONS ON DEPENDABLE
AND SECURE COMPUTING, VOL. 9, NO. 4,
JULY/AUGUST 2012
[2] P. Ammann and S. Jajodia, Distributed Timestamp
Generation in Planar Lattice Networks, ACM Trans.
Computer Systems, vol. 11, pp. 205-225, Aug. 1993.
[3] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner,
Z. Peterson, and D. Song, Provable Data Possession at
Untrusted Stores, Proc. ACM Conf. Computer and Comm.
Security, pp. 598-609, 2007.
[4] Provable Data Possession for Integrity Verification in
Multi-Cloud Storage Author Van Zhu, Hongxin Hu, Gail-
JoonAhn, Senior Member, IEEE, Mengyang Yu
[5] D. Boneh and M.K. Franklin, Identity-Based Encryption
from the Weil Pairing, Proc. Intl Cryptology Conf.
Advances in Cryp-tology, pp.213-229, 2001.
[6] P. Buneman, A. Chapman, and J. Cheney, Provenance
Manage-ment in Curated Databases, Proc. ACM SIGMOD
Intl Conf. Management of Data (SIGMOD 06), pp. 539-550,
2006.
[7] Hsio Ying Lin, Tzeng.W.G, A Secure Erasure Code-
Based Cloud Storage System with Secure Data Forwarding ,
IEEE transactions on parallel and distributed systems, 2012.
[8] S. Pearson, Y. Shen, and M. Mowbray," A privacy
manager for Cloud Computing," Proc. Int'l Conf. Cloud
Computing (cloudcom), pp.90-106, 2009.
[9] S. Pearson and A. Charlesworth, "Accountability as a Way
Forward for Privacy Protection in the Cloud, "Proc First Int'l
conf. Cloud Computing, 2009.
[10] Ryan K L Ko, Peter Jagadpramana, Miranda Mowbray,
Siani Pearson, Markus Kirchberg, Qianhui, TrustCloud: A
Framework for Accountability and Trust in Cloud
Computing HP Laboratories, pp 1 7, HPL-2011-38.
[11] Marco Casassa Mont, Ilaria Matteucci, Marinella
Petrocchi, Marco Luca Sbodio Enabling Data Sharing in the
Cloud HP Laboratories, HPL-2012-22