GRD Journals | Global Research and Development Journal for Engineering | International Conference on Innovations in Engineering and Technology (ICIET) - 2016 | July 2016
e-ISSN: 2455-5703
Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication 1N.
R. Anitha Rani 2P. Prem Kumar 1 P. G Student 2Associate Professor 1,2 Department of Computer Science & Engineering 1,2 K.L.N College of Engineering Pottapalayam, Sivagangai 630612, India Abstract Cloud computing makes IT more efficient and cost effective in today’s world. Cloud computing act as a virtual server that the user can access via internet on a needed basis and this eliminates the need for the companies to host their own servers and purchase of expensive software. On the other hand there arise many new types of cyber theft. The main concerns in cloud computing are data integrity, security and enhancement of storage space in the cloud. This paper focuses on maintaining data integrity and security from a user’s perspective and also provides clear understanding of achievable security merits by using multiple distinct clouds simultaneously and enhancing storage space of public cloud by DE duplication from a cloud service provider’s perspective. Symmetric key encryption is used to prevent unauthorized user from accessing data. Convergent encryption is used to maintain data confidentiality. Keyword- Data DE duplication, Data Confidentiality, Security, Data Integrity, Multi-Cloud __________________________________________________________________________________________________
I. INTRODUCTION In the current IT environment every organization is need to invest time and budget to scale up the IT infrastructure such as hardware, software and services. Cloud computing provides computing over the internet. Cloud services consist of highly optimized virtual Data Center that provides various software, hardware and information resource to the needful users. The organization can simply connect to the cloud and use the available resource on pay per user basis. This helps the company to avoid capital expenditure on additional on premise Infrastructure resource and instantly scale up or scale down according to business requirements[1]. Data DE duplication [Fig 1.] is very essential in today’s world to achieve bandwidth optimization and to lower the storage space by eliminating redundant data copies[2].
Fig. 1: Data DE duplication
Data DE duplication can be performed at two levels: 1) File Level DE duplication: eliminates duplicate copies of identical files. 2) Block Level DE duplication: eliminates duplicate data blocks in non-identical files The first and foremost challenge in the current IT world is to prevent sensitive data from being accessed by unauthorized users. In conventional encryption different users use their own key to encrypt data and as a result different cipher text is generated for the same file which belongs to different users. This makes DE duplication highly impossible. To overcome this symmetric key encryption is used to generate same key to encrypt and decrypt identical file of different users. Convergent key encryption provides data confidentiality and checks for redundant copies of data. Secure proof of ownership prevents unauthorized users to access data[3].
All rights reserved by www.grdjournals.com
145
Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication (GRDJE / CONFERENCE / ICIET - 2016 / 024)
II. RELATED WORK A. A Secure DE duplication With Efficient and Reliable [17] Convergent Key Management The elimination of redundant data within the existing environment is called Data DE duplication. It is mainly used in cloud storage environment to reduce both bandwidth and storage space. The proposed system aims at achieving proficient and trustworthy convergent key management through convergent key DE duplication and to reduce enormous number of key generation with increase in number of users[4]. 1) Methodology Used in This System 1) Convergent Encryption [14]: ensures protection against unauthorized users in DE duplication. 2) Dekey: It creates secret shares on original convergent key and sends the shares across multiple key management cloud service providers. The multiple users who share the same block can access the same corresponding convergent keys. 2) Characteristics 1) Increase the storage in cloud by applying DE duplication on convergent key[5] and ensures reliable key management. 2) File Level and Block Level DE duplication is supported by Dekey. B. Secure Distributed DE duplication Systems with Improved Reliability [19] Data DE duplication is the process of eliminating redundant copies of data in cloud storage. The main aim data deduplication is to reduce [12] storage space and upload bandwidth. When the data is outsourced their arise confrontation regarding privacy of sensitive data. In the proposed system the data chunks are distributed across multiple cloud [6] servers with higher reliability and uses deterministic secret sharing scheme in distributed storage for data confidentiality. 1) 1) ď€ ď€ 2)
Methodology Used in This System Secret Sharing Scheme: It consist of two algorithms Share and Recover Share: The secret key is divided and shared Recover: With enough shares the secret key can be extracted and recovered. Tag Generation Algorithm: Maps the original data copy and the tag which is used by the user to perform duplicate check with the server. 3) Proof Of Ownership[11]: Takes inputs as file and an index then generate tag[7] as output which is used for proof of ownership. 4) Message Authentication Code[8]: It is a short piece of information used to authenticate message and provides integrity. 2) Characteristics 1) Minimize network and storage overhead by detecting and eliminating [10] redundancy among data blocks. 2) Ensures fault tolerance even if certain number of node fails [9]. C. Secure Auditing and DE duplicating Data in Cloud [15] In outsourced cloud storage, data maintenance is not highly reliable. The main aim of this project is to resolve the problem of integrity auditing and enhance DE duplication along with data reliability in the outsourced cloud storage. In this system two secure systems, are constructed (i.e.) SecCloud and SecCloud+, which helps to achieve both data integrity[16] and secure deduplication. 1) Methodology Used in This System 1) SecCloud SecCloud initiates an auditing entity with a preservation of a MapReduce cloud. It generates set of data tags and sends these tags while uploading the files to the cloud server by the client. Further it also audit the integrity of data stored in cloud. The SecCloud[20] system supports file level DE duplication and intercept the leakage of side channel information. 2) SecCloud+: SecCloud+ system grants integrity auditing and data DE duplication on encrypted files. The client with of the key server generates convergent key to encrypt the file before uploading to the cloud server. This system permits the guarantee of file confidentiality. The convergent key to encrypt the uploading file is generated and controlled by a secret key. It supports file level DE duplication and sector level DE duplication. 2) Characteristics 1) It provides the integrity auditing by clustering the files with removing the duplicate. 2) The duplicate files are detected with a single copy of the file by mapping with the existing file in the cloud. D. Security and Privacy Enhancing Multicloud Architecture [13] Security issues in cloud computing technology seems to increase day by day and this results in many new novel security approaches and techniques. This paper focuses on maintaining data integrity and providing security merits by using multiple distinct clouds simultaneously.
All rights reserved by www.grdjournals.com
146
Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication (GRDJE / CONFERENCE / ICIET - 2016 / 024)
1) Methodology Used in This System 1) Partition of Application Data into Fragments by Searchable encryption: The application data is partitioned and distributed to distinct cloud by cryptographic data splitting by using Searchable encryption which allows keyword search on encrypted data if an authorized token for the keyword is provided. The keys are stored in a private cloud whereas the data resided in the public cloud which is not trustworthy. E. Characteristics 1) The application data is fragmented and stored in multiple clouds which improve the Data Confidentiality. 2) The fragmented data[21] is stored in encrypted format which prevent malicious users from accessing data.
III. EXISTING SYSTEM Aiming at efficiently solving the problem of DE duplication with differential privileges in cloud computing, a hybrid cloud architecture is considered consisting of a public cloud and a private cloud. Private cloud is involved as a proxy to allow data owner/users to securely perform duplicate check with differential privileges. Such architecture is practical and has attracted much attention from researchers. The data owners only outsource their data storage by utilizing public cloud while the data operation is managed in private cloud. A DE duplication system supporting differential duplicate check is proposed under this hybrid cloud architecture where the S-CSP resides in the public cloud. The user is only allowed to perform the duplicate check for files marked with the corresponding privileges. An advanced scheme to support stronger security by encrypting the file with differential privilege keys. The users without corresponding privileges cannot perform the duplicate check .In the existing system, the actual file is stored in public cloud and there is a possibility of security breach for the data stored. The efficiency of the existing system is low when using a single Public cloud for storage. Uploading and retrieval of huge data takes more time.
IV. PROPOSED SYSTEM In the proposed system multiple distinct clouds are used in order to bring down the risk of malicious data manipulation and maintain data integrity. The partition of application data and store them in multiple distinct cloud makes difficult for cloud service provider to gain access to all data and make strong hold for data confidentiality. Further in this model an authorized data DE duplication is achieved with minimal overhead when compared with traditional DE duplication in a secured manner. A. Proposed Modules 1) Data Owners Module An owner is an entity that wants to outsource data to the S-CSP (Storage – Cloud Service Provider) and access the data later. In a storage system supporting DE duplication, only unique data is uploaded and avoid uploading any duplicate data which may be owned by the same owner or different owners. In the authorized DE duplication system, each file is protected with the convergent encryption key[18] and privilege keys to realize the authorized DE duplication with differential privileges. 2) Private Cloud Module This is a new entity introduced for facilitating owner’s secure usage of cloud service. Private cloud is able to provide data owner with an execution environment and act as an interface between owner and the public cloud. The privileges for owners are managed by the private cloud. 3) Multi Cloud Service Provider Module This is an entity that provides a data storage service for multi cloud. The S-CSP (Storage – Cloud Service Provider) provides the data outsourcing service and stores data on behalf of the owners. To reduce the storage cost, the S-CSP eliminates the storage of redundant data via DE duplication and keeps only unique data. The file is fragmented into blocks [Fig 2.] and only the encrypted data blocks are sent across multiple cloud servers to enhance data security.
All rights reserved by www.grdjournals.com
147
Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication (GRDJE / CONFERENCE / ICIET - 2016 / 024)
Fig. 2: Multi-Cloud System
4) Data Integrity Module This module informs the Private Cloud about the modified block while being updated by the owner. It enhances data integrity check and acts as an auditor. This module provides an additional support to the private server while achieving data DE duplication and data integrity.
V. RESULT AND DISCUSSION 10 9 8 7 6
Existing Model
5
Proposed Model
4 3 2 1
om pl ia nc e
os t
C
C
In te gr i ty
Se cu rit y Ea se of U se
C
on fi d en ti a li t y
0
Fig. 3: Comparison chart of Existing and Proposed System
From these results [Fig 3.] the data integrity and security is enhanced further in hybrid cloud with data stored in an encrypted format. The partition of application data into fragments allows sharing fine grained fragments of data in multi cloud. The ease of accessibility is highly increased by deploying the model in a hybrid cloud environment. The cost incurred in maintaining the data integrity is high.
VI. CONCLUSION The notion of authorized data DE duplication was proposed to protect the data security by including differential privileges of users in the duplicate check. Several new DE duplication constructions supporting authorized duplicate check in hybrid cloud architecture, in which the duplicate-check tokens of files are generated by the private cloud server with private keys. The private cloud act as an interface between the public cloud and the user. The data is encrypted and send across multiple cloud servers to enhance data security. Data integrity check is done by private cloud server and make the system more secure.
All rights reserved by www.grdjournals.com
148
Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication (GRDJE / CONFERENCE / ICIET - 2016 / 024)
REFERENCES [1] Ahamed K.Elmagarmid, Panagiotis G. Ipeirotis, Vassilios S. Verykios. (2007), ‘Duplicate Record Detection: A Survey’, IEEE Transactions on Knowledge and Data Engineering, Vol. 19, No. 1, pp.1-16. [2] Anderson P and Zhang L. (2010), ‘Fast and secure laptop backups with encrypted de-duplication’, In Proc. of USENIX LISA. [3] Bellare M,Keelveedhi S, and Ristenpart T. (2013), ‘Dupless: Server Aided encryption for deduplicated storage’, In USENIX Security Symposium, pp. 179-194. [4] Bellare M,Keelveedhi S, and Ristenpart T. (2013), ‘Message-locked encryption and secure deduplication’, In EUROCRYPT, pp.296– 312. [5] Bellare M, Namprempre C, and Neven G. (2008),‘Security proofs for identity-based identification and signature schemes’, Journal of Cryptology, Vol. 22, No. 1, pp. 1–61. [6] Bugiel S, Nurnberger S, Sadeghi A, and Schneider T. (2011), ‘Twin clouds: An architecture for secure cloud computing’, In Workshop on Cryptography and Security in Clouds, pp. 32-44. [7] Chang Liu, Rajiv Ranjan, Chi Yang ,Xuyun Zhang.(2015),’MuR-DPA: Top-Down Levelled Multi-Replica Merkle Hash Tree Based Secure Public Auditing for Dynamic Big Data Storage on Cloud’,IEEE Transactions on Computers, Vol. 64 , No 9, pp 2609 – 2622. [8] Cheng-Kang Chu, Sherman S.M. Chow, Wen-Guey Tzeng, Jianying Zhou, Robert H. Deng.(2014),’KeyAggregatecryptosystem for Scalable Data Sharing in Cloud Storage’, IEEE Transactions on Parallel and Distributed Systems, Vol. 25, No 2, pp. 468 – 477. [9] Douceur J R , Adya A, Bolosky W J, Simon D, and Theimer M. (2002), ‘Reclaiming space from duplicate files in a serverless distributed file system’, In ICDCS, pp 617–624. [10] Ferraiolo D and Kuhn R. (1992), ‘Role-based access controls’, In 15th NIST-NCSC National Computer Security Conf.,. [11] Halevi S,Harnik D,Pinkas B,Ra Shulman-peleg. (2011), ‘Proof of ownership in remote storage systems’, ACM Conference on Computer and Communications Security, pp. 491-500. [12] Huang, Ming Xian, Shaojing Fu, Jian Liu. (2014), ‘Securing the cloud storage audit service: defending against frame and collude attacks of third party auditor ‘, IET Communications, Vol. 8, No 12, pp. 2106 – 2113. [13] Jens-Matthias Bohli, Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, and Ninja Marnau. (2013), ‘Security and Privacy – Enhancing Multicloud Architectures’, IEEE Transaction on Dependable and Secure Computing, Vol. 10, No. 4, pp. 212 – 224. [14] Jia Yu, Kui Ren, Cong Wang. (2016),’Enabling Cloud Storage Auditing with Verifiable Outsourcing of Key Updates’, IEEE Transactions on Information Forensics and Security, Vol. PP , No 99, pp. 1. [15] JingweiLi, Xie, D.,Cai, Z. (2015), ‘Secure Auditing and Deduplicating data in Cloud’, IEEE Transaction on Computers, Vol. PP, No. 99, pp. 1. [16] Jin Li, Xiaofeng Chen, Fatos Xhafa, Leonard Barolli. (2015), ’Secure Deduplication storage systems supporting keyword search’, Journal of Computer and System Sciences-ACM, Vol. 81, No. 8, pp.1532- 1541. [17] Jin Li, Xiaofeng Chen, Mingqiang Li, Jingwei Li, Patrick P.C, Lee and Wenjing Lou.(2014). ‘Secure Deduplication with Efficient and Reliable Convergent Key Management’, IEEE Transactions on Parallel and Distributed Systems, Vol. 25, No. 6, pp.1615-1625. [18] Jin Li, Yan Kit Li, Xiaofeng Chen, Patrick P. C. Lee, Wenjing Lou. (2015), ‘A Hybrid Cloud Approach for Secure Authorized Deduplication’, IEEE Transactions on Parallel and Distributed Systems, Vol. 26, No. 5, pp.1206 – 1216. [19] Li J., Chen X., Huang X., Tang S., Xiang Y., Hassan M, Alelaiwi. (2015), ‘Secure Distributed Deduplication Systems with Improved Reliability’, IEEE Transactions on Computers, Vol. PP, No. 99, pp.1. [20] Li Chaoling, Chen Yue, Zhou Yanzhou. (2014), ‘A Data assured deletion scheme in cloud storage’, IEEE Transactions on Communications, Vol.11, No.4, pp 98-110. [21] Seung-Hyun Seo, Mohamed Nabeel, Xiaoyu Ding, Elisa Bertino. (2014),’ An Efficient Certificate less Encryption for Secure Data Sharing in Public Clouds ‘,IEEE Transactions on Knowledge and Data Engineering, Vol. 26, No. 9, pp 2107 – 2119.
All rights reserved by www.grdjournals.com
149