Professional Documents
Culture Documents
Auditing For Data Storage Security in Cloud Computing
Auditing For Data Storage Security in Cloud Computing
Introduction
Cloud Computing has been envisioned as the next generation architecture of IT enterprise, due to its long list of unprecedented advantages in the IT history including as follows: On-demand self-service Ubiquitous network access Location independent resource pooling Rapid resource elasticity, usage-based pricing and transference of risk
based applications are hosted Google Docs, acrobat.com, on the cloud and offered as salesforce.com
(PaaS)
clients.
level
Service
(SaaS)
or an organization)
who subscribes to a service offered by a Cloud Service
Communication
protection Software security
on
data at rest in
transit Data Interruption (deletion)
Service availability
Provider.
Virtual level
Types of Cloud
A cloud is generally divided into various types which are given below: Private cloud Community cloud Public cloud Hybrid cloud
Characteristics
On-demand Self Service - Automatically without require the human interaction. Broad Network Access - Capabilities are available over the network and accessed through standard mechanisms Resource Pooling - The main resources pooled in the server include storage, processing, memory, network bandwidth, and virtual machines. Measured Service - Resource usage can be monitored, controlled and reported by providing transparency for both the service provider and consumer of the utilized service Selection of Provider - to select the right service provider to make sure that the service provider is reliable, well-reputed for their customer
Security Issues
Server access security Internet access security Database access security Data privacy security Insider attack
Literature Survey
Client
Modules Description
Setup or Initialisation KeyGen()
public key (pk) and secret key (sk)
SigGen(sk,F)
- secret key (sk) - blocks mi. - signature set , - message blocks {i}.
sig sk ( H ( R)).
Integrity Verification
Integrity Verification - GenProof(F, , chal) - VerifyProof(pk, chal, P)
Modules(Contd)
Merkle Hash Tree After the keys and signatures are generated, Merkle Hash Tree for the file, is generated as in figure 4.2. Figure 4.2 Merkle Hash Tree for file F.
h(m1 )
h(m1) is the hash value of m1 and h(m2)is the hash value of m2 and so on. hp=h(h(m1)||h(m2))and hq=h(h(m1)||h(m2)) and Root, R=h(hp||hq).
A Rough Set Based Feature Selection Algorithm for Effective Intrusion Detection in Cloud Model Intrusion detection model that combines Rough Set based Feature Selection Algorithm and Fuzzy SVM for effective intrusion detection in the Cloud. generates the optimal feature subsets achieve the best trade-off between detection rate and rate of false alarm. achieve balanced detection performance on different types of attacks
D A T
Data Centre 2
C E N
Security Manager
T R E
Rule Base
Data Centre n
Proposed Work
To improve Data verification and Data dynamics. To improve TPA with multiple auditing. To minimize computation power. To propose a new storage data structure. To minimize communication complexity between data owner and cloud.
References
[1] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling public verifiability and data dynamics for storage security in cloud computing, in Proc. of ESORICS09. Saint Malo, France: Springer-Verlag, 2009, pp. 355370. [2] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, Provable data possession at untrusted stores, in Proc. of CCS07. New York, NY, USA: ACM, 2007, pp. 598609. [3] A. Juels and B. S. Kaliski, Jr., Pors: proofs of retrievability for large files, in Proc. of CCS07. New York, NY, USA: ACM, 2007,pp. 584597. [4] H. Shacham and B. Waters, Compact proofs of retrievability, in Proc. of ASIACRYPT08. Melbourne, Australia: Springer-Verlag, 2008, pp. 90107. [5] K. D. Bowers, A. Juels, and A. Oprea, Proofs of retrievability: Theory and implementation, Cryptology ePrint Archive, Report 2008/175, 2008. [6] M. Naor and G. N. Rothblum, The complexity of online memory checking, in Proc. of FOCS05, Pittsburgh, PA, USA, 2005, pp.573584.
References
[7] E.-C. Chang and J. Xu, Remote integrity check with dishonest storage server, in Proc. of ESORICS08. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 223237. [8] M. A. Shah, R. Swaminathan, and M. Baker, Privacy-preserving audit and extraction of digital contents, Cryptology ePrint Archive, Report 2008/186, 2008. [9] A. Oprea, M. K. Reiter, and K. Yang, Space-efficient block storage integrity, in Proc. of NDSS05, San Diego, CA, USA, 2005. [10] T. Schwarz and E. L. Miller, Store, forget, and check: Using algebraic signatures to check remotely administered storage, in Proc. of ICDCS06, Lisboa, Portugal, 2006, pp. 12-12. [11] Q. Wang, K. Ren, W. Lou, and Y. Zhang, Dependable and secure sensor data storage with dynamic integrity assurance, in Proc. Of IEEE INFOCOM09, Rio de Janeiro, Brazil,2009, pp. 954962.
References
[12] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, Scalable and efficient provable data possession, in Proc. of SecureComm08.New York, NY, USA: ACM, 2008, pp. 110. [13]C. Wang, Q. Wang, K. Ren, and W. Lou, Ensuring data storage security in cloud computing, in Proc. of IWQoS09, Charleston, South Carolina, USA, 2009. [14]C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, Dynamicprovable data possession, in Proc. of CCS09. Chicago, IL, USA: ACM, 2009. [15] K. D. Bowers, A. Juels, and A. Oprea, Hail: A high-availability and integrity layer for cloud storage, in Proc. of CCS09. Chicago, IL, USA: ACM, 2009, pp. 187198. [16] D. Boneh, B. Lynn, and H. Shacham, Short signatures from the weil pairing, in Proc. of ASIACRYPT01. London, UK: Springer-Verlag, 2001, pp. 514532.
References
[16] R. C. Merkle, Protocols for public key cryptosystems, Proc. Of IEEE Symposium on Security and Privacy80, pp. 122133, 1980. [17] S. Lin and D. J. Costello, Error Control Coding, Second Edition.Upper Saddle River, NJ, USA: Prentice-Hall, Inc., 2004. [18] M. Bellare and P. Rogaway, Random oracles are practical: Aparadigm for designing efficient protocols, in Proc. of CCS93, 1993, pp. 6273. [19] D. Boneh, C. Gentry, B. Lynn, and H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in Proc. Of Eurocrypt03. Warsaw, Poland: Springer-Verlag, 2003, pp. 416432. [20]S.Pavithra and Badi Alekhya, Implementing efficient monitoring and Data dynamics in IRACST, ISSN: 2249-9555 Vol. 2, No. 1, 2012 [21] S.Balakrishnan, G.Saranya, S.Shobana, and S.Karthikeyan Introducing Effective Third Party Auditing(TPA) for Data Storage Security in Cloud, IJCST Vol. 2, Issue 2,2011. [22] M.Yugandhar, D. Subhramanya Sharma, Security of Data Dynamics in cloud computing ,IJCSIT,Vol. 3 (4) , 2012,4868-4873 [23] Xiaorui Wang, Member, IEEE, and Yefu Wang, Student Member, IEEE., Coordinating Power Control and Performance Management for
Thank You