4. Cloud security
4 / 30Cloud Security19th October 2015
Currently there is an increasing trend in outsourcing data to remote
cloud…
Cloud service providers
Offers huge storage space with low cost
Reduce the maintenance and burden of local data storage
7. Cloud security
Cloud Security
Threats in cloud data storage
The cloud service provider intentionally hide data loss.
The malicious cloud service provider might delete some data or
obtain all the information and sell it to others.
An attacker who intercepts can capture sensitive information
such as business secrets, client details etc.
7 / 3019th October 2015
8. Cloud security
Cloud Security
Existing protocols
Does not support both confidentiality and integrity issues.
Dynamic scalability of data is not possible – modification,
insertion and deletion of data blocks.
All the existing protocols are unable to provide strong
security assurance to users.
8 / 3019th October 2015
10. Cloud security
Cloud Security
Steps :-
User encrypts data to ensure confidentiality.
Compute metadata over encrypted data
Later the verifier can use remote data integrity checking
to verify the integrity
10 / 3019th October 2015
11. Cloud security
Cloud Security
System model
The cloud data storage model considering here consisting of 3
main components :
Cloud user : An individual or an organization storing their data in cloud
and accessing the data
Cloud Service Provider(CSP) : The organization who manages cloud servers
and provides a paid storage on its infrastructure to users as service.
Third Party Auditor(TPA) : The verifier who has expertise and capabilities
to verify the integrity of outsourced data as per the instruction of the user.
11 / 3019th October 2015
12. Cloud security
Cloud Security
Efficient & Secure Storage Protocol
The protocol consists of 3 phases :
Dynamic data operation and verification
Verification
Setup
12 / 3019th October 2015
13. Cloud security
Cloud Security
Setup
In this phase, the user pre-processes the file before storing in
cloud. The Setup phase consists of three stages, those are:
KeyGen Encryption MetadataGen.
13 / 3019th October 2015
14. Cloud security
Cloud Security
KeyGen:
In this phase, the user generates private key and public key pair.
The user chooses two large primes p and q of size k .Then compute
n=pq and
Nn =lcm (p+1, q+1).
b is a randomly chosen integer such that gcd(b, n)=1.
It outputs public key PK= {b, n, p} and private key PR ={ Nn }.
14 / 3019th October 2015
15. Cloud security
Cloud Security
Encryption:
To ensure the confidentiality of data, the file F is divided into
n equal sized data blocks and encrypt them:
F = {m1, m2 ,...mn} = {mi }1 ≤i≤n
F’ m i='=mi + fk (s)
where s is random of size l.
15 / 3019th October 2015
16. Cloud security
Cloud Security
MetadataGen:
After encrypting the data, the user computes a metadata over
encrypted data to verify the integrity of data, which takes m'i,
public key and private key as inputs and produce metadata as
output
After computation of metadata, the user sends metadata,
public key to the TPA for later verification and sends file F' to
cloud servers for storage.
16 / 3019th October 2015
17. Cloud security
Cloud Security
Verification
To verify the integrity of data after storing into cloud, the verifier
first creates a challenge and sends to the server. Upon receiving a
challenge from the verifier, the server computes a response as
integrity proof and return to the verifier. It consists of 3 steps :
Challenge ProofGen CheckProof
17 / 3019th October 2015
18. Cloud security
Cloud Security
Challenge:
The verifier creates a challenge text by taking inputs
public key and random values.
For each data block challenge text is created, then
combined together and send.
18 / 3019th October 2015
19. Cloud security
Cloud Security
ProofGen:
Upon receiving the challenge from the verifier, the server
computes a response as integrity proof using the following steps,
it takes encrypted data m'i, challenge chal as inputs and produce
response R as output
19 / 3019th October 2015
20. Cloud security
Cloud Security
Check proof:
After receiving a response from the server, the verifier checks the
integrity using the steps, it takes public key pk, challenge query
chal, and proof R as inputs and return output.
If response is valid, then it returns 1 otherwise 0.
20 / 3019th October 2015
21. Cloud security
Cloud Security
Dynamic data operation & Verification
The proposed scheme also supports dynamic data operations at
block level while maintaining same security assurance, such as Block
Modification (BM), Block Insertion (BI) and Block Deletion (BD). These
operations are performed by the server based on the user request. The parameter
j indicates the particular block to be updated and m*i is the new block.
In order to update data in cloud, the user creates a request and sends to the
server. Upon receiving an update request from the user, the server performs the
particular update operation (modification/insert/delete).
21 / 3019th October 2015
22. Cloud security
Cloud Security
Block modification:
Data modification is one of the frequently used operations in cloud
data storage. Suppose, the user wants to modify the block mj with
m'i, then the user runs the steps to do the following:
Create a new block mj
Encrypt the new block
Compute the new metadata
Create update request and sends to the server.
The Metadata sends to TPA for later verification
22 / 3019th October 2015
23. Cloud security
Cloud Security
Block insertion:
To perform an insertion of a new block m* after position j in a
file, the user runs the following:
Create a new block m*j
Encrypt the new block
Compute the new metadata
Create update request and sends to the server.
The Metadata sends to TPA for later verification
23 / 3019th October 2015
24. Cloud security
Cloud Security
Block deletion:
Suppose the user want to delete a specific data block at position j
from file F’
Create delete request (BD,j) and sends to the server.
Send request to TPA to delete corresponding metadata.
Server and TPA deletes the corresponding block from the file.
24 / 3019th October 2015
25. Cloud security
Cloud Security
Verification:
To ensure the security of dynamic data operations, the user verifies the
integrity of updated block immediately after updating as follows:
The user challenges the server immediately for the proof of update
operation
Upon receiving a request from the user, the server computes a
response for updated block and returns to the user
After receiving an update response from the server, the user verifies
whether response is matched with metadata of particular block by
running algorithm, if it returns true, server has been updated data
successfully otherwise not.
25 / 3019th October 2015
26. Cloud security
Cloud Security
Advantages
It should detect all data corruption if anybody deletes or
modifies the data in cloud storage
The scheme achieves confidentiality of data
It is efficient in terms of computation, storage because its key
size is less compared to RSA based solutions.
This protocol supports public verifiability and dynamic data
operations such as modification, insertion and deletion
26 / 3019th October 2015
27. Cloud security
Cloud Security
CONCLUSION
The proposed protocol is mainly suitable for thin users who have less
resources and limited computing capability
The method satisfies all security and performance requirements of
cloud data storage
It also supports public verifiability that enables TPA to verify the
integrity of data without retrieving original data from the server
The scheme also supports dynamic data operations
27 / 3019th October 2015
28. Cloud Security
• Introduction to Cloud Computing , Prof. Yeh-Ching Chung,
http://cs5421.sslab.cs.nthu.edu.tw/home/Materials/Lecture2 -
IntroductiontoCloudComputing.pdf?attredirects=0&d=1
• NIST (National Institute of Standards and Technology). http://csrc.nist.gov/groups/SNS/cloud-computing/
• M. Armbrust et. al., “Above the Clouds: A Berkeley View of Cloud Computing,” Technical Report No.
UCB/EECS-2009-28, University of California at Berkeley, 2009.
• R. Buyya et. al., “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing
as the 5th utility,” Future Generation Computer Systems, 2009.
• Cloud Computing Explained. http://www.andyharjanto.com/2009/11/wanted-cloud-computing-explained-in.html
• From Wikipedia, the free encyclopedia
• “An Efficient and secure protocol for Ensuring Data Storage Security in Cloud Computing” - International
journal of Computer Science Issues ,by Syam kumar P, Subramanian R
BIBLIOGRAPHY
28 / 3019th October 2015