Presentation is loading. Please wait.

Presentation is loading. Please wait.

By:- Kan Yang, Xiaohua Jia

Published byAmberlynn Page Modified over 6 years ago

Similar presentations

Presentation on theme: "By:- Kan Yang, Xiaohua Jia"— Presentation transcript:

1 By:- Kan Yang, Xiaohua Jia
AN EFFICIENT AND SECURE DYNAMIC AUDITING PROTOCOL FOR DATA STORAGE IN CLOUD COMPUTING By:- Kan Yang, Xiaohua Jia Presented by:- DEEPAK BEGRAJKA

2 Preliminaries and definitions
CONTENT Introduction Preliminaries and definitions Efficient and privacy preserving auditing protocol Secure dynamic auditing Batch auditing for multi-owner and multi-cloud Performance analysis of auditing protocol Related works Conclusion

3 What is Cloud Computing?
The illusion of infinite computing resources… The elimination of an up-front commitment by cloud users… The ability to pay for use…as needed…”

4

5 Where is My Data on Cloud?
Data resides on servers that the customer cannot physically access. Vendors may store data anywhere at lowest cost if not restrained by agreement

6 CLOUD STORAGE Important service of cloud.
Allow owner to move data from their local computing system to cloud. Owner start to store data on cloud

7 New Challenges Data could be lost in cloud.
Cloud service provider might be dishonest.

8 Third Party Auditing Protocol Requirements
Confidentiality Dynamic Auditing Batch Auditing

9

10 PRELIMINARIES AND DEFINITIONS

11 SYSTEM MODEL OF DATA STORING AND AUDITING

12 KEY NOTATIONS

13 STORAGE AUDITING PROTOCOL
VERIFY(C, P, sKh, pKt, Minfo)0/1 PROVE (M, T, Challenge) Proof CHALLENGE (Minfo) Challenge TAG GENERATION (M, sKt, sKh)  (T) KEY GENERATION (λ.) (sKh, sKt, pKt )

14 ATTACKS BY SERVER REPLACE ATTACK Server may choose another valid and uncorrupted pair of data block and data tag to replace challenged pair of data block and data tag. FORGE ATTACK Server may forge data tag & data block and deceive the auditor, if same secret tag key of owner is used in different version. REPLAY ATTACK Server may generate proof from the previous proof or other information, without retrieving the actual owner’s data

15 Efficient and Privacy-Preserving Auditing Protocol

16 OVERVIEW OF THE SOLUTION
The main challenge to design data storage auditing protocol is the data privacy problem For public data, the auditor may obtain data information by recovering data blocks from data proof. For encrypted data, auditor may obtain content keys somehow through any special channels and could be able to decrypt data. To solve data privacy problem, Generate Encrypted proof with the help of challenge stamp by using bilinearity property of bilinear pairing. Auditor verify proof without decrypting.

17 OVERVIEW OF THE SOLUTION
In this method server compute the proof as intermediate value of verification. Auditor use intermediate value to verify proof. (Reduce Computing loads as auditor is moved to server.) To Improve performance of auditing system, author apply Data Fragmentation and Homomorphic Verifiable Tags. Data Fragmentation technique reduces no. of data tags, Hence reduce storage overhead and improve system performance. Using Homomorphic tags, no matter what how many data blocks are challenged server response to sum of data block and product of tags whose size is constant and is one data block.

18 Algorithm For Auditing Protocol
File F (m data components) F= (F1, F2,… Fm) Data component has its physical meaning and updated dynamically. Data Component Fk divided into nk data blocks, Fk = (mk1, mk2,..mknk) Data Fragmentation, Data block  Sectors. For the algorithm we consider no. of sectors to be constant. For data back with different no. of sectors. Smax Max no of sector, Si variable no of sector. For each data block mi (Si< Smax) P  Security Parameters, n  no of data blocks = n = sizeof (M) / s·log p .

19 Algorithm For Auditing Protocol
Encrypted data component M= {mi,j} i∈[1,n], j∈[1,s]. G1, G2 and GT be the multiplicative groups with the same prime order p e : G1 × G2 → GT be the bilinear map g1 and g2 be the generators of G1 and G2 respectively Let h : {0,1}∗ →G1 be a keyed secure hash function that maps the Minfo to a point in G1.

20 Key Generation Algorithm
Input (λ) “Implicit Security Parameter” Choose two random number sKt, sKh ∈ Zp Output pKt  pkt = g2 ^ sKt ∈ G2, secret tag key sKt and secret hash key sKh.

21 Tag Generation Algorithm
Input  M “data component”, sKt “Secret Tag Key”, sKh “Secret Hash Key” Chooses s random values x1, x2, · · · , xs ∈ Zp and computes uj = g1 ^ xj ∈ G1 for all j ∈ [1, s]. For each data block mi(i ∈ [1,n]) calculate data tag  ti = (h(skh,Wi) · s Π j=1 uj^mi j )skt Wi = FID||i, FID identifier of the data, i  block number of mi Output  set of data tags T = {ti} i∈[1,n].

22 Challenge Algorithm outputs  “challenge” C = ({i, vi} i ∈ Q, R).
Input  Minfo “Abstract information of the data” Construct Challenge Set Q, generates a random number vi ∈ Z∗p Compute challenge stamp R = (pkt)^r by randomly choosing a number r ∈Z∗p. outputs  “challenge” C = ({i, vi} i ∈ Q, R).

23 “Data proof” Dp Prove Algorithm Input  M, Challenge.
Output  Tag proof , Data Proof. “Tag Proof” For data proof first compute M Pj j ∈ [1, s] “Data proof” Dp

24 Verification Algorithm
Input  Challenge, Proof, Secret hash key “sKh”, Public tag key “pKt”, and Abstract information of data component. Compute Identifier hash value h(skh,Wi), and computes “Challenge Hash” Verifies the proof from the server by the following verification equation: If above equation holds, Output  1 else it is 0.

25 Construction of Privacy-Preserving Auditing Protocol
Owner Initialization Owner generates the keys and the tags for the data, and store data on server. Confirmation Auditing  Check data correctly store on server or not. Sampling Auditing  Check data integrity, periodically.

26 Owner Initialization Run TagGen to compute data tags.
Owners run KeyGen to generate sKh, sKt, pKt. Run TagGen to compute data tags. Owners send data component M={mi}i∈[1,n] & its corresponding data tags T = {ti}i∈[1,n] to server with set of parameters {uj}j∈[1,s]. Owner send pKt, sKh and Minfo to auditor, including data indentifier FID, total no of block n.

27 CONFIRMATION AUDITING
Two way communication. Check owners data correctly stored on the server. Auditor Runs Challenge algorithm and send C = ({i,vi}i∈Q,R) to server. Server Runs prove Algorithm & generate P = (TP,DP) send it to Auditor. Auditor Runs Verify algorithm, check correctness of P, extract auditing result.

28 SAMPLING AUDITING Auditor conduct this algorithm periodically.
Similar to Confirmation Auditing. For t challenged data blocks Probability of detection of corrupted data is Pr(t, s) = 1−(1−ρ)^t·s.

29 SECURE DYNAMIC AUDITING

30 Data owners dynamically update data.
Auditing protocol should be design to support static as well as dynamic update. Dynamic update may make auditing protocol insecure prone to following attacks: Replay attacks Forge attacks.

31 PROPOSED SOLUTION Replay Attack Prevented by Index Table
Forge Attack Prevented by modifying TagGen Algorithm. While generating data tag ti of data block mi, insert all abstract information into ti by setting Wi= FID||i||Bi||Vi||Ti, hence server does not get enough information for forge attack.

32 INDEX TABLE ITable Record abstract information of data. 4 Components:
Index:- current block number of data block mi in data component M. Bi:- original block number of mi. Vi:- current version. Ti:- Time stamp used for generating data tag. ITable created by owner during owner initialization, managed by auditor. Owner send update msg to auditor. After confirmation auditing auditor result to owner.

33 Three Steps : DYNAMIC AUDITING Data Update Index Update
Update Confirmation

34 DATA UPDATE 3 types of operations: Modify “Vi Vi*, Ti Ti*”.
Insert  “Bi Bi*, Vi Vi*, Ti Ti*”. Delete

35 INDEX UPDATE 3 types: IModify “Vi Vi*, Ti Ti*”.
IInsert  “Bi Bi*, Vi Vi*, Ti Ti*”. IDelete

36 UPDATE CONFORMATION Auditor updates the ITable, conducts confirmation
auditing & sends result to owner. Owner can choose to delete the local version of data according to the update confirmation auditing result.

37

38 BATCH AUDITING FOR MULTI-OWNER AND MULTI-CLOUD

39 Large numbers of Owners  Many auditing Request to Auditor.
Auditor Combine Auditing Request Conduct Batch Auditing for all Owners. Author apply the encryption method with the Bilinearity property of the bilinear pairing to ensure the data privacy. Hence In the multi-cloud batch auditing protocol does not have any commitment phase. This method does not require any additional trusted organizer.

40 Algorithm for Batch Auditing for Multi owner and Multi Cloud.
O  Set owners, S Set of cloud Servers. Phase 1: Owner Initialization. Each owner apply KeyGen and TagGen algorithm, and send abstract information to the auditor. Three Steps Batch Challenge ({Minfo,kl}k∈O,l∈S) → C. Batch Proof ({Mkl} k ∈ Ochal , {Tkl} k∈ Ochal , Cl,{Rk} k∈ Ochal ) → Pl. Pl = (TPl ,DPl). Batch Verify (C,{Pl},{skh, lk},{pkt, k},{Minfo, kl}) → 0/1. Phase 2: Batch Auditing

41 PERFORMANCE ANALYSIS OF AUDITING PROTOCOLS

42 Computation Complexity
Performance Analysis Communication Cost Computation Complexity

43 Communication Cost

44 Computation Cost of Auditor Computation Cost of Server

45 Computation Cost of Auditor
Wang’s scheme requires data blocks more than Zhu’s 7 proposed scheme, computation time is almost s times. (not comparable).

46 Computation Cost of Server

47 Erway et al Extended PDP model  Cost heavy computation burden
Related Work Ateniese et al. –Developed Dynamic provable data possession protocol –Based on Cryptographic Hash Function and Hash Function –ProblemsEach update requires recreating all the remaining metadata &cannot perform block insertions anywhere Erway et al Extended PDP model  Cost heavy computation burden Zhu et al –Proposed cooperative provable data possession scheme – support batch auditing for multiple clouds and also extend it to support the dynamic auditing -Not Support Batch Auditing for multiple owners. Also requires additional trusted organizer. Wang’s schemes and Zhu’s schemes incur heavy computation cost of the auditor, which makes the auditing system inefficient.

48 Conclusion Paper discusses an efficient and inherently secure dynamic auditing protocol. Protocol Protects data privacy against the auditor by combining the cryptography method with the bilinearity property of bilinear paring, rather than using the mask technique. Proposed Multi-cloud batch auditing protocol does not require any additional organizer. Batch auditing protocol can also support the batch auditing for multiple owners. Auditing scheme incurs less communication cost and less computation cost of the auditor by moving the computing loads of auditing from the auditor to the server can be applied to large scale cloud storage systems.

49 QUESTIONS ???? Thank you

Download ppt "By:- Kan Yang, Xiaohua Jia"

Similar presentations

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar(96608205043) C.Karthik(96608205022) H.Sheik mohideen(96608205046) S.Lakshmi rajan(96608205023)

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Bob can sign a message using a digital signature generation algorithm

Bob can sign a message using a digital signature generation algorithm
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.
Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.

Xiaohua Jia Shen Zhen Graduate School Harbin Institute of Technology Data Security for Cloud Storage Systems 1.
(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi

(Multimedia University) Ji-Jian Chin Swee-Huay Heng Bok-Min Goi
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September 2007 1.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

Similar presentations

Ads by Google