Proceedings of International Conference on Advancements in Engineering and Technology
www.iaetsd.in
Secure Data Sharing of Multi-Owner Groups in Cloud 1
Sunilkumar Permkonda , 2D. Madhu Babu
ABSTRACT: Cloud computing provides an economical and efficient solution for sharing group resource among cloud users. Using cloud storage, users can remotely store their data a and enjoy the on-demand high quality application and services from a shared pool of configurable computing resources, without the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the outsourced data makes the data integrity protection in cloud computing a formidable task, especially for users with constrained computing resources. Sharing data in multi-owner manner while preserving data and identity privacy from an un strusted cloud is still a challenging issues. So, secure cloud authentication system has been proposed, in which users can check the integrity of outsourced data by assigning a third party auditor (TPA) and be worry-free. By using an encryption and hashing technique such as Advanced Encryption Standard (AES),Merkle Hash Tree(MHT) algorithm, any cloud users can anonymously share data with others. Also trustworthiness will be increased between the user and the cloud service provider. KEYWORDS: Cloud computing, data preserving, access control, dynamic groups.
sharing,
privacy-
1. INTRODUCTION Cloud Computing is recognized as an alternative to traditional information technology due to its intrinsic resource sharing and low-maintenance characteristics. In cloud computing ,the cloud service provider(CSPs),such as Amazon, are able to deliver various services to cloud users with the help of powerful datacenters. By migrating the local data management systems into cloud servers, users can enjoy highquality services and save significant investments on their local infrastructures. 1
Sunilkumar Permkonda, M. Tech Student, Department of CSE, JNTUA, Anantapur/ Audisankara Institute of Technology, Gudur /India, (e-mail: sunil55varma@gmail.com). 2
D.Madhu Babu, Assistant Professor Department of CSE, JNTUA/ Anantapur/ Audisankara Institute of Technology, Gudur /India,( e-mail: dmadhubabu@yahoo.com).
One of the most fundamental services offered by cloud providers is data storage. By utilizing the cloud ,the users can be completely released from the troublesome local data storage and maintenance. However, It also poses a significant risk to the confidentiality of those stored files. Specifically, the cloud servers managed by cloud providers are not fully trusted by users while the data files stored in cloud may be sensitive and confidential, such as business plans. To preserve data privacy, as basic solution is to encrypted data files, and then upload the encrypted data into the cloud. Unfortunately. Designing an efficient and secure data sharing schema for groups in the cloud is not an easy task due to the following challenging issues. First, identity privacy is one of the most significant obstacles is one the wide deployment of cloud computing . Without the guarantee of identity privacy, users may be unwilling to join in cloud computing systems because their identities could be easily disclosed to cloud providers and attackers. Second it is highly recommended that any member in a group should be able to fully enjoy the data storing and sharing services provided by the cloud , which is defined as the multi-owner manner. Compared with the single-owner manner, where only the group manager can store and modify data in the cloud , the multiple-owner manner is more flexible in practical applications. More concretely, each user in the group is able to not only read data , but also modify their part of data in the entire data file shared by the company. groups are normally dynamic in practice, e.g., new staff participation and current employee revocation in a company. The changes of membership make secure data sharing extremely difficult. On one hand , the anonymous system challenges new granted users to learn the content of data files stored before their participation, because it is impossible for new ranted users to contact with anonymous data owners, and obtain the corresponding decryption keys. On the other hand, an efficient membership revocation mechanism without updating the secret keys of the remaining users is also desired to minimize the complexity of key management. Several security schemes for data sharing on un trusted servers have been proposed. In these approaches, data
ISBN NO : 978 - 1502893314
International Association of Engineering and Technology for Skill Development 86
Proceedings of International Conference on Advancements in Engineering and Technology
owners store the encrypted data files in un trusted storage the encrypted and distribute the corresponding decryption keys only to authorizes users. Thus, unauthorized users as well as storage servers can't learn the content of the data files because they have no knowledge of the decryption keys. However the complexities of user participation and revocation in these schemes are linearly increasing with the number of data owner and the number of revoked users, respectively. By setting a group with a single attribute, Lu et al. proposed a secure provenance scheme based on the cipher text-policy attribute-based encryption technique, which allows any member in group to share data with others. However, the issue of user revocation is not addressed in their scheme presented a scalable and fine-grained data access control scheme in cloud computing based o the Key policy attribute-based encryption(KP-ABE) technique. unfortunately, the single owner manner hinders the adoption of their scheme into the case , where any user is ranted to store and share data. 2. RELATED WORKS Several security schemes for data sharing on un trusted servers have been proposed [4], [5], [6]. In these approaches, data owners store the encrypted data files in un trusted storage and distribute the corresponding decryption keys only to authorized users. Thus, unauthorized users as well as storage servers cannot learn the content of the data files because they have no knowledge of the decryption keys. Proposed a cryptographic storage system that enables secure file sharing on un trusted servers, named plutus. By dividing files into file groups and encrypting each file group with a unique file-block key, the data owner can share the file groups with others through delivering the corresponding lockbox key, where the lockbox key is used to encrypt the file-block keys. However, it brings about a heavy key distribution overhead for large-scale file sharing. Additionally, the fileblock key needs to be updated and distributed again for a user revocation. Files stored on the un trusted server include two parts: file metadata and file data. The file metadata implies the access control information including a series of encrypted key blocks, each of which is encrypted under the public key of authorized users. Thus, the size of the file metadata is proportional to the number of authorized users. The user revocation in the scheme is an intractable issue especially for large-scale sharing, since the file metadata needs to be updated. In their extension version, the NNL construction is used for efficient key revocation. However, when a new user joins the group, the private key of each user in an NNL system needs to be recomputed, which may limit the application for dynamic groups. Another concern is that the computation ISBN NO : 978 - 1502893314
www.iaetsd.in
overhead of encryption linearly increases with the sharing scale. Leveraged proxy re-encryptions to secure distributed storage. Specifically, the data owner encrypts blocks of content with unique and symmetric content keys, which are further encrypted under a master public key. For access control, the server uses proxy cryptography to directly re encrypt the appropriate content key(s) from the master public key to a granted user’s public key. Unfortunately, a collusion attack between the un trusted server and any revoked malicious user can e launched, which enables them to learn the decryption keys of all the encrypted blocks. 3.CLOUD COMPUTING SECURITY Cloud Computing Security as “Cloud computing security (sometimes referred to simply as "cloud security") is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.” 3.1 Data Security in Existing Cloud Computing System: Cloud Computing is the vast developing technology, but Security is the major challenging issue that is faced by the Cloud Service Providers for handling the Outsourced Data. Although the infrastructures under the cloud are much more powerful and reliable than personal computing devices, they are still facing the broad range of both internal and external threats for data integrity. Thus, Trustworthiness for Data Management system reduced rapidly. To overcome this drawback, there is no big implementation was introduced till now. By using this drawback of the cloud, the hackers are hacking the data from the Cloud Servers. Dynamic broadcast encryption technique is used and users can anonymously share data with others .It allows the data owners to securely share data files with others.
To achieve secure data sharing for dynamic groups in the cloud, we expect to combine the group signature and dynamic broadcast encryption techniques. Specially, the group signature scheme enables users to anonymously use the cloud resources, and the dynamic broadcast encryption technique allows data owners to securely share their data files with others including new joining users. Unfortunately, each user has to compute revocation parameters to protect the confidentiality from the revoked users in the dynamic broadcast encryption scheme, which results in that both the International Association of Engineering and Technology for Skill Development 87
Proceedings of International Conference on Advancements in Engineering and Technology
computation overhead of the encryption and the size of the ciphertext increase with the number of revoked users. Thus, the heavy overhead and large ciphertext size may hinder the adoption of the broadcast encryption scheme to capacitylimited users. To tackle this challenging issue, we let the group manager compute the revocation parameters and make the result public available by migrating them into the cloud. Such a design can significantly reduce the computation overhead of users to encrypt files and the cipher text size. Specially, the computations overhead of users for encryption operations and the cipher text size are constant and independent of the revocation users.
From the above analysis, we can observe that how to securely share data files in a multiple-owner manner for dynamic groups while preserving identity privacy from an un trusted cloud remains to be a challenging issue. In this paper, we propose a novel Mona protocol for secure data sharing in cloud computing. Compared with the existing works, Mona offers unique features as follows: 1.
Any user in the group can store and share data files with others by the cloud.
2.
The encryption complexity and size of cipher texts are independent with the number of revoked users in the system.
3.
User revocation can be achieved without updating the private keys of the remaining users.
4.
A new user can directly decrypt the files stored in the cloud before his participation.
4. PROPOSED CLOUD DATA SECURITY MODEL
www.iaetsd.in
4.1 OVERALL DESIGN: The following figure shows the overall architecture of proposed system.Here the data is stored in a secure manner in cloud and TPA audits the data to verify its integrity. If any part of data is modified or corrupted, then mail alert is sent to the data owner to indicate that the file has been changed.
Figure: System model. 4.2 DATA SECURITY Once Data Owners registers in the cloud, private and public keys are generated for that registered owners. By using these keys, data owners can now store and retrieve data from cloud. A data owner encrypts the data using Advanced Encryption Standard (AES) and this encrypted data is then hashed with Merkle Hash Tree algorithm. By using Merkle Hash Tree algorithm the data will be audited via multiple level of batch auditing process. The top hash value is stored in local database and other hash code files are stored in cloud. Thus the original data cannot be retrieved by anyone from cloud, since the top hash value is not in cloud. Even if any part of data gets hacked, it is of no use to the hacker. Thus, the security can be ensured 4.3DATA INTEGRITY:
To overcome this drawback, we propose secure storage for To check whether the data is modified or not, that is multi-owner data sharing authentication system in loud. If data present in cloud, data owner assigns a third party called owner wants to upload data in cloud, Public and Private Keys Trusted Party Auditor (TPA). Once the data owner sends the will be generated for that user. He first encrypts the data using request to audit the data, TPA checks the integrity of the data Advance Encryption Standard algorithm and then hashes the by getting the hash code files from cloud server and top hash encrypted data using Merkle Hash Tree algorithm. Then the value from db and verifies the file using Merkle Hash Tree data will be given to the Trusted Party Auditor for auditing Algorithm. After each time period, the auditing information purpose. The Auditor audits the data using Merkle Hash Tree will be updated by the Trusted Party Auditor. If any file is Algorithm and stores in the Cloud Service Provider. If the user missing or corrupted, email alert will be sent to data owner wants to View/Download the data, they have to provide the indicating that the data has been modified. The TPA can verify public key. The Data Owners will check the public key the file either by random or in manual way. Thus by allowing entered by the User. If valid, then the decryption key will be the Trusted Party Auditor to audit the data, Trustworthiness provided to the user to encrypt the data. ISBN NO : 978 - 1502893314 International Association of Engineering and Technology for Skill Development 88
Proceedings of International Conference on Advancements in Engineering and Technology
www.iaetsd.in
will be increased between the User and Cloud service Providers.
number of group members (i.e., the staffs) as illustrated in Fig. 1.
Our contributions: To solve the challenges presented above, we propose Mona, a secure multi-owner data sharing scheme for dynamic groups in the cloud. The main contributions of this paper include:
Group manager takes charge of system parameters generation, user registration, user revocation, and revealing the real identity of a dispute data owner. In the given example, the group manager is acted by the administrator of the company. Therefore, we assume that the group manager is fully trusted by the other parties. Group members are a set of registered users that will store their private data into the cloud server and share them with others in the group. In our example, the staffs play the role of group members. Note that, the group membership is dynamically changed, due to the staff resignation and new employee participation in the company.
1.
We propose a secure multi-owner data sharing scheme. It implies that any user in the group can securely share data with others by the un trusted cloud.
2.
Our proposed scheme is able to support dynamic groups efficiently. Specifically, new granted users can directly decrypt data files uploaded before their participation without contacting with data owners. User revocation can be easily achieved through a novel revocation list without updating the secret keys of the remaining users. The size and computation overhead of encryption are constant and independent with the number of revoked users.
3.
4.
We provide secure and privacy-preserving access control to users, which guarantees any member in a group to anonymously utilize the cloud resource. Moreover, the real identities of data owners can be revealed by the group manager when disputes occur. We provide rigorous security analysis, and perform extensive simulations to demonstrate the efficiency of our scheme in terms of storage and computation overhead.
4.4 USER AUTHENTICATION:In this module, the user is allowed to access the information from the Cloud Server. When a user registers in cloud, private key and public key will be generated for that user by cloud server. If user wants to view his own file, he uses private key. If user wants to view others file, he uses public key. This public key is split up equally for verification by data owners. Each part of the public key is verified by data owners. After verifying the key, if the key is valid, then user is allowed to access the data. If the key is invalid, then the user is rejected to access the data by Cloud Service Provider. We consider a cloud computing architecture by combining with an example that a company uses a cloud to enable its staffs in the same group or department to share files. The system model consists of three different entities: the cloud, a group manager (i.e., the company manager), and a large ISBN NO : 978 - 1502893314
Cloud is operated by CSPs and provides priced abundant storage services. However, the cloud is not fully trusted by users since the CSPs are very likely to be outside of the cloud users’ trusted domain. Similar to [3], [7], we assume that the cloud server is honest but curious. That is, the cloud server will not maliciously delete or modify user data due to the protection of data auditing schemes [17], [18], but will try to learn the content of the stored data and the identities of cloud users. 4.5 ADVANTAGES By providing the Public and Private key components, only the valid user will be allowed to access the data. By allowing the Trusted party Auditorto audit the data, Trustworthiness will be increased between the User and Cloud ServiceProviders. By using Merkle Hash Tree Algorithm the data will be audited via multiple level of batch auditing Process. As Business Point of view, the Company’s Customers will be increased due to the Security and Auditing Process. Anonymity and traceability: Anonymity guarantees that group members can access the cloud without revealing the real identity. Although anonymity represents an effective protection for user identity, it also poses a potential inside attack risk to the system. For example, an inside attacker may store and share a mendacious information to derive substantial benefit. Thus, to tackle the inside attack, the group manager should have the ability to reveal the real identities of data owners.
Efficiency: The efficiency is defined as follows: Any group member can store and share data files with others in the group by the cloud . User revocation can be achieved without International Association of Engineering and Technology for Skill Development 89
Proceedings of International Conference on Advancements in Engineering and Technology
involving the remaining users. That is, the remaining users do not need to update their private keys or re-encryption operations. New granted users can learn all the content data files stored before his participation without contacting with the data owner. 5. CONCULSION Data is secured by keeping the top hash value in local database and hash code files in Cloud Server. By enabling TPA to audit he data, integrity is maintained. Authenticating the requested user key by all data owners. we design a secure data sharing scheme, Mona, for dynamic groups in an un trusted cloud. In Mona, a user is able to share data with others in the group without revealing identity privacy to the cloud. Additionally, Mona supports efficient user revocation and new user joining. More specially, efficient user revocation can be achieved through a public revocation list without updating the private keys of the remaining users, and new users can directly decrypt files stored in the cloud before their participation. Moreover, the storage overhead and the encryption computation cost are constant. Extensive analyses show that our proposed scheme satisfies the desired security requirements and guarantees efficiency as well.
www.iaetsd.in
Cloud”, IEEE Trans. On Parallel and Distributed Systems, pp.1182-1191. [8] H. Shacham and B. Waters (2008), “Compact Proofs of Retrievability”, proc. Int’l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (Asiacrypt), pp. 90-107. [9] C. Wang, Q. Wang, K. Ren, and W. Lou (2013), “PrivacyPreserving Public Auditing for Secure Cloud Storage”, IEEE Trans. on Computers, pp. 362-375. [10] S. Yu, C. Wang, K. Ren, and W. Lou (2010), “Achieving Secure, Scalable and Fine Grained Data Access Control in Cloud Computing”, Proc. IEEE INFOCOM, pp. 534 - 542.
6. REFERENCES [1] G. Ateniese, K. Fu, M. Green, and S. Hohenberger (2005), “Improved Proxy Re- Encryption Schemes with Applications to secure Distributed Storage”, Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 29-43 [2] G. Ateniese, R. Burns, R.Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable Data Possession at Untrusted stores”, proc. 14th ACM Conf. Computer and Comm. Security (CSS ’07), pp. 598-609 [3] K.D. Bowers, A.Juels, and A.Oprea (2009), “HAIL: A High-Availability and Integrity Layer for Cloud Storage”, Proc.ACM Conf. Computer and Comm. Security (CCS ’09), pp. 187-198 [4] A. Fiat and M.Naor (1993),“Broadcast Encryption”, proc. Int’l Cryptology Conf. Advances in Cryptology(CRYPTO), pp.480-491. [5] E.Goh, H. Shacham, N. Modadugu,and D.Boneh (2003), “Sirius: Securing Remote Untrusted Storage”, Proc. Network and Distributed Systems Security Symp. (NDSS), pp. 131145. [6] M.Kallahalla,E.Riedel,R. Swaminathan, Q. Wang, and K. Fu (2003), “Plutus: Scalable Secure File Sharing on Untrusted storage”, Proc.USENIX Conf. File and Storage Technologies, pp. 29-42. [7] X. Liu, Y. Zhang, B. Wang, and J. Yan (2013), “Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the ISBN NO : 978 - 1502893314
International Association of Engineering and Technology for Skill Development 90