INTERNATIONAL CONFERENCE ON DEVELOPMENTS IN ENGINEERING RESEARCH, ICDER - 2014
TIME CONSTRAINED SELF-DESTRUCTING DATA SYSTEM (SeDaS) FOR DATA PRIVACY 1
S. Savitha, PG Scholar,
2
Dr. D. Thilagavathy, Professor,
Department of CSE,
Department of CSE,
Adhiyamaan College of Engineering,
Adhiyamaan College of Engineering,
Hosur-635109, Tamil Nadu, India.
Hosur-635109, Tamil Nadu, India.
1
savithasclick@gmail.com
Abstract--Development of Cloud and popularization of mobile Internet, Cloud services are becoming more and more important for people’s life where they are subjected to post personal credentials like passwords, account number and many more. These details are cached and archived by cloud service providers where security is an important issue to be taken into consideration. Self-destructing data aims at providing privacy to these data which becomes destructed after a user-specified time. The data along with its copies becomes unreadable after a certain period of time. To meet this challenge some cryptographic techniques with active storage framework is used. The performance for uploading/downloading the files has also been achieved better compared to the previous system. Thus the paper tells a short analysis of how the research has been carried out in these areas with various techniques.
2
thilagakarthick@yahoo.co.in
data is transformed and processed it is cached and copied on many systems in the network which is not up to the knowledge of the users. So there are chances of leaking the private details of the users via Cloud Service Providers negligence, hackers’ intrusion or some legal actions. Vanish [1] provides idea for protecting and sharing privacy where the secret key is divided and stored in a P2P system with distributed hash table (DHTs).
Index Terms--cloud computing, time constrained self-destruction, active storage, data privacy
I. INTRODUCTION Fig. 1. The Vanish system architecture [1]
Internet-based development and use of computer technology has opened up to several trends in the era of cloud computing. The software as a service (SaaS) computing architecture together with cheaper and powerful processors has transformed the data centers into pools of computing service on a huge scale. Services that reside solely on remote data centers can be accessed with high quality due to increased network bandwidth and reliable network connections. Moving data into the cloud offers great convenience to users since they don’t have to care about the complexities of direct hardware management. Cloud computing vendors like Amazon Simple Storage Service (S3), Amazon Elastic Compute Cloud (EC2) are well known to all. When people rely more and more on internet and cloud technology the privacy of the users must be achieved through an important issue called security. When
In order to avoid hopping attacks which is one kind of Sybil attack [18],[19] we go for a new scheme, called Self Vanish [4] by extending the length range of key shares along with some enhancement on Shamir secret sharing algorithm [2] implemented in vanish system.
Fig. 2(a). The push operation in the VuzeDHT network.
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 31
www.iaetsd.in
INTERNATIONAL CONFERENCE ON DEVELOPMENTS IN ENGINEERING RESEARCH, ICDER - 2014
Fig. 2(b). Hopping Attack
Another scenario for storing the data and files is active storage framework which has become one of the most important research branches in the domain of intelligent storage systems. For instance, Wickremesinghe et al. [34] proposed a model of load-managed active storage, which strives to integrate computation with storage access in a way that the system can predict the effects of offloading computation to Active Storage Units (ASU). Hence, applications can be configured to match hardware capabilities and load conditions. MVSS [35], a storage system for active storage devices, provided a single framework 2550 IEEE TRANSACTIONS ON MAGNETICS, VOL. 49, NO. 6, JUNE 2013 to support various services at the device level. MVSS separated the deployment of services from file systems and thus allowed services to be migrated to storage devices. III. DISCUSSION AND RESULT Various techniques has been covered to provide security for the data stored in cloud alone with performance evaluation for uploading and downloading the files. Researchers have mainly concentrated on the algorithms that is used for key encryption/decryption and sharing. Let us discuss various approaches that has been used for the same. This paper [3] describes vanish implementation that leads to two Sybil attacks, where the encryption keys are stored in million-node Vuze Bit Torrent DHT. These attacks happens by crawling the DHT and saving each stored value before its time goes out. More than 99% of Vanish messages can be recovered with the keys efficiently in this method.
Fig. 3. Increasing the length of range of key shares [4]
II. RELATED WORK In cloud, providing privacy to the data stored in it is a major task where performance measures are also important to be done to achieve excellence. So accordingly storage and retrieval plays an important role where the use of Objectbased storage (OBS) [21] uses an object-based storage device (OSD) [22] as the underlying storage device. The T10 OSD standard [22] is being developed by the Storage Networking Industry Association (SNIA) and the INCITS T10 Technical Committee. Each OSD consists of a CPU, network interface, ROM, RAM, and storage device (disk or RAID subsystem) and exports a high-level data object abstraction on the top of device block read/write interface.
According to this paper [5] so as to take advantage of the process capabilities of service migration they need used a method known as Active storage. However, in recent analysis, they have enforced a model of service execution that also remains passive request-driven mode. In self-management scenario, a mechanism for automatic service execution has been implemented which is important. To handle this drawback they have employed an energetic storage framework for object-based device that provides a hybrid approach to mix request-driven model and policy-driven model. Supported the necessities of active storage, some enhancements area unit additional into the present version T10 OSD specification have been given in the paper. Finally, they have shown a classification system example with the assistance of the active storage mechanism, network delay may be dramatically reduced.
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 32
www.iaetsd.in
INTERNATIONAL CONFERENCE ON DEVELOPMENTS IN ENGINEERING RESEARCH, ICDER - 2014
forging identities. The Sybil attack refers to the situation where an adversary controls a set of fake identities, each called a Sybil, and joins a targeted system multiple times under these Sybil identities. In this paper, they have considered an identity-based systems where each user is intended to have a single identity and is expected to use this identity when interacting with other users in the system. In such systems, we call a user with multiple identities a Sybil user and each identity the user uses a Sybil identity. The solution to this attack has been given in the paper Safe Vanish [4]. IV. PROPOSED WORK
Fig. 4. Active Storage in context of parallel file systems [5], [12]
According to this paper [9] they have introduced parallel I/O interface that executes data analysis, mining, statistical operation evaluated on an active storage system. They have proposed a scheme where common analysis kernels are embedded in parallel file systems. They have shown experimentally that the overall performance of the proposed system improved by 50.9% of all four benchmarks and that the compute-intensive portion of the k-means clustering kernel can be improved by 58.4% through GPU offloading when executed with a larger computational load. According to this paper [11] so as to reduce the data management cost and to solve security concerns they have used a concept called FADE to outsource the data to the thirdparty cloud storage services. FADE is designed to be readily deployable in cloud storage system which focuses on protecting deleted data with policy-based file assured deletion. FADE guarantees privacy and integrity of the outsourced data files using some standard cryptographic techniques encrypts the outsourced data files. Important of all it assuredly deletes files to make them unrecoverable to anyone (including those who manage the cloud storage) when those files are tried to access. This objective is implemented by a working prototype of FADE atop Amazon S3 which is one of today’s cloud storage service uses the working prototype of FADE , which provides policy based file assured deletion with a minimal performance overhead. This work provides the insights of how to incorporate value-added security features into data outsourcing applications. According to this paper [18] they have discussed about Sybil attack in detail as how it occurs in a distributed hash table (DHTs). Sybil attacks represents the situation where a particular service in an identity-based system is subverted by
As per the proposed, the security measures have been taken effectively for the files stored on the cloud server. Hence in order to avoid unauthorized control over the user’s personal data SeDas is proposed. Self-Destructing data system aim is to destruct all the data along with its copies, either cached or archived after certain period of time so that it becomes unreadable even to the admin (say CSPs) who maintains it. Whenever the user uploads/downloads a file SeDas works such that the ttl (Time-to-Live) parameter will be given for that particular file. This can be implemented by using Shamir Secret Sharing algorithm which seems to be one of the strongest algorithm in usage. An easy solution to this can be provided by using the spring MVC framework that provides model-view-controller architecture and ready components which can be used to develop flexible and loosely coupled web application which has interceptors as well as controllers, making it easy to factor out behavior common to the handling of many requests. It helps to create high performing, easily testable, reusable code
Fig. 5. SeDaS system architecture
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 33
www.iaetsd.in
INTERNATIONAL CONFERENCE ON DEVELOPMENTS IN ENGINEERING RESEARCH, ICDER - 2014
Storing data in cloud might be safe on one side but on the other hand what if the confidential data gets misused? There are also some amount of data residing in the cloud which has not been used for years and years. This leads to lower performance in the cloud and issues in network traffic. So this paper gives the solution for the above problems with the help of SeDas. Thus the latency and throughput performance measures are being improved here in this paper. V. CONCLUSION In cloud computing environment many a technique have been used to provide security for the user’s data/files. As of the above information many researchers have given many techniques and ideas for the same. According to the above analysis many techniques has been taken into work where the data disappears but without the knowledge of the user. SeDas makes the sensitive information such as credential details to get self-destructed without any action on the user’s part so that the details are unreadable to anyone after that supported by object-based storage technique. The Experimental security analysis sheds intuitive practicableness of the approach. This time-constrained system can facilitate to produce researchers with any valuable expertise to tell future of Cloud services. REFERENCES [1] R. Geambasu, T. Kohno, A. Levy, and H. M. Levy, “Vanish: Increasing data privacy with self-destructing data,” in Proc. USENIX Security Symp., Montreal, Canada, Aug. 2009, pp. 299–315. [2] A. Shamir, “How to share a secret,” Commun. ACM, vol. 22, no. 11, pp. 612–613, 1979. [3] S. Wolchok, O. S. Hofmann, N. Heninger, E. W. Felten, J. A. Halderman, C. J. Rossbach, B. Waters, and E. Witchel, “Defeating vanish with low-cost sybil attacks against large DHEs,” in Proc. Network and Distributed System Security Symp., 2010.
[4] L. Zeng, Z. Shi, S. Xu, and D. Feng, “Safevanish: An improved data self-destruction for protecting data privacy,” in Proc. Second Int. Conf. Cloud Computing Technology and Science (CloudCom), Indianapolis, IN, USA, Dec. 2010, pp. 521–528. [5] L. Qin and D. Feng, “Active storage framework for object-based storage device,” in Proc. IEEE 20th Int. Conf. Advanced Information Networking and Applications (AINA), 2006. [6] S. W. Son, S. Lang, P. Carns, R. Ross, R. Thakur, B. Ozisikyilmaz, W.-K. Liao, and A. Choudhary, “Enabling active storage on parallel I/O software stacks,” in Proc. IEEE 26th Symp. Mass Storage Systems and Technologies (MSST), 2010. [7] Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman, “FADE: Secure overlay cloud storage with file assured deletion,” in Proc. SecureComm, 2010. [8] J. R. Douceur, “The sybil attack,” in Proc. IPTPS ’01: Revised Papers from the First Int. Workshop on Peer-toPeer Systems, 2002. [9] T. Cholez, I. Chrisment, and O. Festor, “Evaluation of sybil attack protection schemes in kad,” in Proc. 3rd Int. Conf. Autonomous Infrastructure,Management and Security, Berlin, Germany, 2009, pp. 70–82. [10] M. Mesnier, G. Ganger, and E. Riedel, “Objectbased storage,” IEEE Commun. Mag., vol. 41, no. 8, pp. 84–90, Aug. 2003. [11] R. Weber, “Information Technology—SCSI object-based storage device commands (OSD) - vol. 41, no. 8, pp. 84– 90, Aug. 2003. [12] R. Wickremesinghe, J. Chase, and J. Vitter, “Distributed computing with load-managed active storage,” in Proc. 11th IEEE Int. Symp. High Performance Distributed Computing (HPDC), 2002, pp. 13–23 [13] X. Ma and A. Reddy, “MVSS: An active storage architecture,” IEEE Trans. Parallel Distributed Syst., vol. 14, no. 10, pp. 993–1003, Oct. 2003.
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 34
www.iaetsd.in