Auditing for Data Storage Security in Cloud Computing

Presented by Mr. S. Muthurajkumar (1112419113) Supervisor Dr. M. Vijayalakshmi

Introduction
Cloud Computing has been envisioned as the next generation architecture of IT enterprise, due to its long list of unprecedented advantages in the IT history including as follows: On-demand self-service Ubiquitous network access Location independent resource pooling Rapid resource elasticity, usage-based pricing and transference of risk

centralization of data by outsourcing cloud

Powerful infrastructures
large amount of memory shared

Classification of Cloud Services

Types of services Software-as-a-Service (Saas) Uses Highly scalable internet Examples

based applications are hosted Google Docs, acrobat.com, on the cloud and offered as salesforce.com

services to the clients.

The Platform-as-a-Service platforms used to Service Platform, design, develop, build and Azure

(PaaS)

test applications are provided force.com, Google app engine.

by the cloud infrastructure. It is a pay per use model, in

which services like storage,

Infrastructure-as-a-Service (IaaS) database management and Amazon Web Services, GoGrid computation capabilities are offered as a demand to the

clients.

Levels of Cloud Computing

Levels` Types of services Software as a Users Security Requirements Threats Application End users (a person Access control Modification of

level

Service
(SaaS)

or an organization)
who subscribes to a service offered by a Cloud Service

Communication
protection Software security

on

data at rest in
transit Data Interruption (deletion)

Service availability

Provider.

Virtual level

Platform as a Service (PaaS)

Developer moderator (a person or an organization) who deploys software on a cloud.

Access control Application security Data security

Software modification DDOS

Types of Cloud
A cloud is generally divided into various types which are given below: Private cloud Community cloud Public cloud Hybrid cloud

Characteristics
On-demand Self Service - Automatically without require the human interaction. Broad Network Access - Capabilities are available over the network and accessed through standard mechanisms Resource Pooling - The main resources pooled in the server include storage, processing, memory, network bandwidth, and virtual machines. Measured Service - Resource usage can be monitored, controlled and reported by providing transparency for both the service provider and consumer of the utilized service Selection of Provider - to select the right service provider to make sure that the service provider is reliable, well-reputed for their customer

Security Issues
Server access security Internet access security Database access security Data privacy security Insider attack

Challenges Issues in Cloud

The main challenging issues in cloud are listed below: a) Trust/confidentiality b) Non repudiation c) Integrity d) Authentication

Need for Cloud Security

Large size of the outsourced data and the users constrained resource capability makes it necessary to use the cloud. Clouds ability to audit the correctness of the data is formidable and expensive for the cloud users.
Data security and facilities to save the cloud users computation resources are very important. It is of critical importance to enable public auditability for cloud data storage.

Problem and Solutions

Users may resort to a third party auditor (TPA), who has expertise and capabilities that the users do not, to audit the outsourced data when needed. Public auditability allows an external party, in addition to the user himself, to verify the correctness of remotely stored data. To enable a privacy-preserving third-party auditing protocol, independent to data encryption.

Literature Survey

Data Verification and Data Dynamics

Verifies the reliability or integrity of the data stored in public cloud The TPA supports efficient and dynamic data operation namely block modification, insertion and deletion of the data stored in the public cloud along with multiple data verification operations.

Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Springer - 2009

Existing System Model

Client

Modules Description
Setup or Initialisation KeyGen()
public key (pk) and secret key (sk)

SigGen(sk,F)
- secret key (sk) - blocks mi. - signature set , - message blocks {i}.
sig sk ( H ( R)).

Integrity Verification
Integrity Verification - GenProof(F, , chal) - VerifyProof(pk, chal, P)

Dynamic Data Operation

Dynamic data operation with integrity assurance - ExecUpdate(F,, update) - VerifyUpdate(pk,update, Pupdate)

Modules(Contd)
Merkle Hash Tree After the keys and signatures are generated, Merkle Hash Tree for the file, is generated as in figure 4.2. Figure 4.2 Merkle Hash Tree for file F.

h(m1 )

h(m1) is the hash value of m1 and h(m2)is the hash value of m2 and so on. hp=h(h(m1)||h(m2))and hq=h(h(m1)||h(m2)) and Root, R=h(hp||hq).

A Rough Set Based Feature Selection Algorithm for Effective Intrusion Detection in Cloud Model Intrusion detection model that combines Rough Set based Feature Selection Algorithm and Fuzzy SVM for effective intrusion detection in the Cloud. generates the optimal feature subsets achieve the best trade-off between detection rate and rate of false alarm. achieve balanced detection performance on different types of attacks

Proposed System Architecture

User Interface
Data Centre 1

D A T

Cloud Data Storage Manager

Data Centre 2

C E N
Security Manager

T R E
Rule Base
Data Centre n

Proposed Work
To improve Data verification and Data dynamics. To improve TPA with multiple auditing. To minimize computation power. To propose a new storage data structure. To minimize communication complexity between data owner and cloud.

References
[1] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling public verifiability and data dynamics for storage security in cloud computing, in Proc. of ESORICS09. Saint Malo, France: Springer-Verlag, 2009, pp. 355370. [2] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, Provable data possession at untrusted stores, in Proc. of CCS07. New York, NY, USA: ACM, 2007, pp. 598609. [3] A. Juels and B. S. Kaliski, Jr., Pors: proofs of retrievability for large files, in Proc. of CCS07. New York, NY, USA: ACM, 2007,pp. 584597. [4] H. Shacham and B. Waters, Compact proofs of retrievability, in Proc. of ASIACRYPT08. Melbourne, Australia: Springer-Verlag, 2008, pp. 90107. [5] K. D. Bowers, A. Juels, and A. Oprea, Proofs of retrievability: Theory and implementation, Cryptology ePrint Archive, Report 2008/175, 2008. [6] M. Naor and G. N. Rothblum, The complexity of online memory checking, in Proc. of FOCS05, Pittsburgh, PA, USA, 2005, pp.573584.

References
[7] E.-C. Chang and J. Xu, Remote integrity check with dishonest storage server, in Proc. of ESORICS08. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 223237. [8] M. A. Shah, R. Swaminathan, and M. Baker, Privacy-preserving audit and extraction of digital contents, Cryptology ePrint Archive, Report 2008/186, 2008. [9] A. Oprea, M. K. Reiter, and K. Yang, Space-efficient block storage integrity, in Proc. of NDSS05, San Diego, CA, USA, 2005. [10] T. Schwarz and E. L. Miller, Store, forget, and check: Using algebraic signatures to check remotely administered storage, in Proc. of ICDCS06, Lisboa, Portugal, 2006, pp. 12-12. [11] Q. Wang, K. Ren, W. Lou, and Y. Zhang, Dependable and secure sensor data storage with dynamic integrity assurance, in Proc. Of IEEE INFOCOM09, Rio de Janeiro, Brazil,2009, pp. 954962.

References
[12] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, Scalable and efficient provable data possession, in Proc. of SecureComm08.New York, NY, USA: ACM, 2008, pp. 110. [13]C. Wang, Q. Wang, K. Ren, and W. Lou, Ensuring data storage security in cloud computing, in Proc. of IWQoS09, Charleston, South Carolina, USA, 2009. [14]C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, Dynamicprovable data possession, in Proc. of CCS09. Chicago, IL, USA: ACM, 2009. [15] K. D. Bowers, A. Juels, and A. Oprea, Hail: A high-availability and integrity layer for cloud storage, in Proc. of CCS09. Chicago, IL, USA: ACM, 2009, pp. 187198. [16] D. Boneh, B. Lynn, and H. Shacham, Short signatures from the weil pairing, in Proc. of ASIACRYPT01. London, UK: Springer-Verlag, 2001, pp. 514532.

References
[16] R. C. Merkle, Protocols for public key cryptosystems, Proc. Of IEEE Symposium on Security and Privacy80, pp. 122133, 1980. [17] S. Lin and D. J. Costello, Error Control Coding, Second Edition.Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 2004. [18] M. Bellare and P. Rogaway, Random oracles are practical: Aparadigm for designing efficient protocols, in Proc. of CCS93, 1993, pp. 6273. [19] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in Proc. Of Eurocrypt03. Warsaw, Poland: Springer-Verlag, 2003, pp. 416432. [20]S.Pavithra and Badi Alekhya, Implementing efficient monitoring and Data dynamics in IRACST, ISSN: 2249-9555 Vol. 2, No. 1, 2012 [21] S.Balakrishnan, G.Saranya, S.Shobana, and S.Karthikeyan Introducing Effective Third Party Auditing(TPA) for Data Storage Security in Cloud, IJCST Vol. 2, Issue 2,2011. [22] M.Yugandhar, D. Subhramanya Sharma, Security of Data Dynamics in cloud computing ,IJCSIT,Vol. 3 (4) , 2012,4868-4873 [23] Xiaorui Wang, Member, IEEE, and Yefu Wang, Student Member, IEEE., Coordinating Power Control and Performance Management for

Thank You