Provable Possession and Replication of Data over Cloud Servers

Size: px
Start display at page:

Download "Provable Possession and Replication of Data over Cloud Servers"

Transcription

1 Provble Possession nd Repliction of Dt over Cloud Servers Ayd F.Brsoum nd M.Anwr Hsn Deprtment of Electricl nd Computer Engineering University of Wterloo, Ontrio, Cnd. Abstrct. Cloud Computing (CC) is n emerging computing prdigm tht cn potentilly offer number of importnt dvntges. One of the fundmentl dvntges of CC is py-s-you-go pricing model, where customers py only ccording to their usge of the services. Currently, dt genertion is outpcing users storge vilbility, thus there is n incresing need to outsource such huge mount of dt. Outsourcing dt to remote Cloud Service Provider (CSP) is growing trend for numerous customers nd orgniztions lleviting the burden of locl dt storge nd mintennce. Moreover, customers rely on the dt repliction provided by the CSP to gurntee the vilbility nd durbility of their dt. Therefore, Cloud Service Providers (CSPs) provide storge infrstructure nd web services interfce tht cn be used to store nd retrieve n unlimited mount of dt with fees metered in GB/month. The mechnisms used for dt repliction vry ccording to the nture of the dt; more copies re needed for criticl dt tht cnnot esily be reproduced. This criticl dt should be replicted on multiple servers cross multiple dt centers. On the other hnd, non-criticl, reproducible dt re stored t reduced levels of redundncy. The pricing model is relted to the repliction strtegy. Therefore, it is of crucil importnce to customers to hve strong evidence tht they ctully get the service they py for. Moreover, they need to verify tht ll their dt copies re not being tmpered with or prtilly deleted over time. Consequently, the problem of Provble Dt Possession (PDP) hs been considered in mny reserch ppers. Unfortuntely, previous PDP schemes focus on single copy of the dt nd provide no gurntee tht the CSP stores multiple copies of customers dt. In this pper we ddress this chllenging issue nd propose Efficient Multi-Copy Provble Dt Possession (EMC-PDP) protocols. We prove the security of our protocols ginst colluding servers. Through extensive performnce nlysis nd experimentl results, we demonstrte the efficiency of our protocols. Keywords: Cloud computing, outsourcing dt storge, dt integrity, cryptogrphic protocols 1 Introduction Cloud Computing (CC) is n emerging computing prdigm tht cn be viewed s virtulized pool of computing resources (e.g. storge, processing power, memory, pplictions, services, nd network bndwidth), where customers re provisioned nd de-provisioned recourses s they need. CC represents the vision of providing computing services s public utilities like wter nd electricity. CC services cn be ctegorized into [1]: Softwre-s--Service (SS), Pltform-s-- Service (PS), nd Infrstructure-s--Service (IS). The widely used model of CC services is the SS model in which the customers hve ccess to the pplictions running on the cloud provider s infrstructure. Google Docs, Google Clendr, nd Zoho Writer re publicly known exmples of this model. In PS model, the customers cn deploy their pplictions on the

2 2 Ayd F.Brsoum nd M.Anwr Hsn provider infrstructure under condition tht these pplictions re creted using tools supported by the provider. IS model enbles customers to rent nd use the provider s resources (storge, processing, nd network). Hence, the customers cn deploy ny pplictions including operting systems. The considerble ttention of Cloud Computing prdigm is due to number of key dvntges which mke it chllenging reserch re in both cdemi nd industry. This prdigm of Informtion Technology (IT) rchitecture supplies cost effective mens of computing over shred pool of resources, where users cn void cpitl expenditure on hrdwre, softwre, nd services s they py only for wht they use [1]. Moreover, CC model provides low mngement overhed nd immedite ccess to brod rnge of pplictions. In ddition, mintennce cost is reduced s third prt is responsible for everything from running the cloud to storing dt. It is not only the economic benefits tht customers cn gin from CC model, but lso flexibility to scle up nd down IT cpcity over time to business needs. Furthermore, CC offers more mobility where customers cn ccess informtion wherever they re, rther thn hving to remin t their desks. CC llows orgniztions to store more dt on remote servers thn on privte computer systems. Orgniztions will no longer be worried bout constnt server updtes nd other computing issues; they will be free to concentrte on innovtions [2]. Outsourcing dt storge to remote Cloud Service Provider (CSP) is growing trend for more nd more customers nd orgniztions lleviting the burden of locl dt storge nd mintennce. In ddition, storing dt remotely llows mny uthorized users to ccess the dt from vrious different geogrphic loctions mking it more convenient to them. Also, some orgniztions my crete lrge dt files tht must be chieved for mny yers but re rrely ccessed, nd so there is no need to store such files on the locl storge of the orgniztions. According to recent survey, IT outsourcing hs grown by stggering 79% s compnies seek to reduce costs nd focus on their core competencies [3]. However, the fct tht dt owners re no longer physiclly possess their sensitive dt rises new formidble nd chllenging tsks relted to dt security nd integrity protection in Cloud Computing. Dt security cn be chieved by encrypting sensitive dt before outsourcing to remote servers. As such, it is crucil demnd of customers to hve strong evidence tht the cloud servers still possess their dt nd it is not being tempered with or prtilly deleted over time, especilly becuse the internl opertion detils of the CSP my not be known by cloud customers. It is unrguble tht, the completeness nd correctness of customers dt in the cloud is being put t risk due to the following resons. First, the CSP whose gol is to mke profit nd mintin reputtion hs n incentive to hide dt loss or reclim storge by discrding dt tht hs not been or is rrely ccessed. Second, greedy CSP might delete some of the dt or might not store ll dt in fst storge required by the contrct with certin customers, i.e., plce it on CDs or other offline medi nd thus using less fst storge. Third, the cloud infrstructures re subject to wide rnge of internl nd externl security threts. Exmples of security breches of cloud services pper from time to time [4, 5]. In short, lthough outsourcing dt into the cloud is economiclly ttrctive for the cost nd complexity of long-term lrge-scle dt storge, it does not offer ny gurntee on dt completeness nd correctness. This problem, if not properly hndled, my hinder the successful deployment of cloud rchitecture. Since customers dt hs been outsourced to remote servers, efficient verifiction of the completeness nd correctness of the outsourced dt becomes formidble chllenge for dt security in CC. The trditionl cryptogrphic primitives for dt integrity nd vilbility bsed on hshing nd signture schemes re not pplicble on the outsourced dt without hving locl copy of the dt. Of course, it is imprcticl for the clients to downlod ll stored dt in order to vlidte its integrity; this would require n expensive I/O cost nd immense

3 DEMC-PDP & PEMC-PDP 3 communiction overheds cross the network. Therefore, clients need efficient techniques to verify the integrity of their outsourced dt with minimum computtion, communiction, nd storge overhed. Consequently, mny reserchers hve focused on the problem of Provble Dt Possession (PDP) nd proposed different schemes to udit the dt stored on remote servers. Simply, Provble Dt possession (PDP) is technique for vlidting dt integrity over remote servers. Ateniese et l. [6] hve formlized PDP model. In tht model, the dt owner pre-processes the dt file to generte some metdt tht will be used lter for verifiction purposes through chllenge response protocol with the remote/cloud server. The file is then sent to be stored on n untrusted server, nd the owner my delete the locl copy of the file. Lter, the server demonstrtes tht the dt file hs not been deleted or tmpered with by responding to chllenges sent from the verifier who cn be the originl dt owner or other trusted entity tht shres some informtion with the owner. Reserchers hve proposed different vritions of PDP schemes under different cryptogrphic ssumptions [7 14]. We will present vrious PDP schemes in the literture survey section, nd will elborte how they vry from different perspectives. Unfortuntely, previous PDP schemes focus on single copy of the file nd provide no proof tht the CSP stores multiple copies of the owner s file. In this pper we ddress this chllenging problem, propose two Efficient Multi-Copy Provble Dt Possession (EMC-PDP) protocols, nd prove the security (correctness nd soundness) of our protocols ginst colluding servers. Extensive performnce nlysis which is vlidted through implementtion nd experimentl results illustrtes the efficiency of our protocols. Curtmol et l. [15] proposed Multiple-Replic PDP (MR-PDP) scheme, which is the only ttempt in the literture tht cretes multiple replics of owner s file nd udit them. Through extensive investigtion, we will detil the vrious fetures nd limittions of the MR-PDP model. Unfortuntely, Curtmol et l. [15] did not ddress how the uthorized users of the dt owner cn ccess the file copies from the cloud servers noting tht the internl opertions of the CSP re opque. This issue is not hndled in their protocol, nd thus we consider the protocol to be incomplete. We will demonstrte tht our protocols re complete nd outperform the MR-PDP model [15] from both the computtions nd communictions cost. The MR-PDP is investigted in more detils in section 5.2. The reminder of the pper is orgnized s follows: in Section 2 we provide our reserch problem definitions, motivtions, chllenges, nd our min contributions. Section 3 contins n extensive literture survey for the previous schemes of remote dt integrity, the fetures of these schemes, nd their limittions. Our system model nd design gols re presented in Section 4. In Section 5 we present nd nlyze the bsic nturl scheme for multi-copy provble dt possession nd the MR-PDP scheme due to Curtmol et l. [15]. Our EMC-PDP schemes re elborted in Section 6. In Section 7 we prove the security of our proposed schemes. The performnce nlysis nd experimentl results re done in Section 8. Our concluding remrks re given in Section 9. 2 Problem Definition, Motivtion, nd Min Contributions Users resort to dt repliction to ensure the vilbility nd durbility of their sensitive dt, especilly if it cnnot esily be reproduced. As simple exmple, when we re writing reserch pper, we re very creful to keep multiple copies of our pper to be ble to recover it in cse of ny filure or physicl dmge. Likewise, orgniztions, governments, nd universities replicte their finncil, personl, nd generl dt to gurntee its vilbility nd durbility over time. In the Cloud Computing prdigm, customers rely on the CSP to undertke the dt repliction tsk relieving the burden of locl dt storge nd mintennce, but they hve to py for their usge of the CSP s storge infrstructure. On the other side, cloud customers should be securely nd efficiently convinced tht the CSP is ctully possessing ll dt copies tht re greed

4 4 Ayd F.Brsoum nd M.Anwr Hsn upon, these dt copies re complete nd intct, nd thus customers re getting the service they re pying for. Therefore, in this pper we ddress the problem of creting multiple copies of owner s dt file over untrusted CSP nd uditing ll these copies to verify their completeness nd correctness. 2.1 Motivtion nd Chllenges The mechnisms used for dt repliction vry ccording to the nture of the dt; more copies re needed for criticl dt tht cnnot esily be reproduced. The pricing model of the CSPs is relted to the repliction strtegy. For exmple, Amzon S3 stndrd storge strtegy [16] mintins copies of customers dt on multiple servers cross multiple dt centers, while with Amzon Reduced Redundncy Storge (RRS) strtegy which enbles customers to reduce their costs noncriticl, reproducible dt is stored t reduced level of redundncy. As consequence, the pricing for the Amzon S3 stndrd storge is pproximtely 50% higher thn tht of the RRS. Cloud servers cn collude to chet the customers by showing tht they re storing ll copies, while in relity they re storing single copy. Therefore, cloud customers need secure nd efficient techniques to ensure tht the CSP is ctully keeping ll dt copies tht re greed upon, these copies re not corrupted, nd thus they py for rel services. 2.2 Contributions Our contributions cn be summrized s the following: 1. We propose two Efficient Multi-Copy Provble Dt Possession (EMC-PDP) protocols. These protocols efficiently provide the cloud customers with strong evidence tht the CSP is in relity possessing ll dt copies tht re greed upon nd these copies re intct. 2. We prove the security (correctness nd soundness) of our protocols ginst colluding servers. Cloud servers cn provide vlid responses to verifier s chllenges only if they ctully hve ll dt copies in n uncorrupted stte. 3. We justify the performnce of our proposed protocols through concrete nlysis nd comprison with the stte-of-the-rt. 4. We implement our proposed protocols using cryptogrphic librries. The experimentl results vlidte our performnce nlysis. To the best of our knowledge, the proposed protocols re the first complete nd efficient protocols tht ddress the storge integrity of multiple dt copies over Cloud Computing. 3 Literture Survey 3.1 Provble Dt Possession (PDP) Provble dt possession (PDP) is methodology for vlidting the integrity of dt in outsourcing storge service. The fundmentl gol of the PDP scheme is to llow verifier to efficiently, periodiclly, nd securely vlidte tht remote server which supposedly stores the owner s potentilly very lrge mount of dt is not cheting the verifier. The problem of dt integrity over remote servers hs been ddressed for mny yers nd there is simple solution to tckle this problem s follows. First, the dt owner computes messge uthentiction code (MAC) of the whole file before outsourcing to remote server. Then, the owner keeps only the computed MAC on his locl storge, sends the file to the remote server, nd deletes the locl copy of the file. Lter, whenever verifier needs to check the dt integrity, he sends request

5 DEMC-PDP & PEMC-PDP 5 to retrieve the file from the rchive service provider, re-computes the MAC of the whole file, nd compres the re-computed MAC with the previously stored vlue. Alterntively, insted of computing nd storing the MAC of the whole file, the dt owner divides the file F into blocks {b 1, b 2,..., b m }, computes MAC σ i for ech block b i : σ i = MAC sk (i b i ) 1 i m, sends both the dt file F nd the MACs {σ i } 1 i m to the remote/cloud server, deletes the locl copy of the file, nd stores only the secret key sk. During the verifiction process, the verifier requests for set of rndomly selected blocks nd their corresponding MACs, re-computes the MAC of ech retrieved block using sk, nd compres the re-computed MACs with the received vlues from the remote server [7]. The rtionle behind the second pproch is tht checking prt of the file is much esier thn the whole of it. However both pproches suffer from severe drwbck; the communiction complexity is liner with the queried dt size which is imprcticl especilly when the vilble bndwidth is limited. PDP Schemes of Deswrte et l. Deswrte et l. [8] thought of better solution by using two functions f nd H. H is one-wy function nd f is nother function such tht f(c, H (F ile)) = H(C F ile), where H is ny secure hsh function nd C is rndom chllenge number sent from the verifier to the remote server. Thus, the dt owner hs to compute H (F ile) nd store it on his locl storge. To udit the file, the verifier genertes rndom chllenge C, computes V = f(c, H (F ile)), nd sends C to the remote server. Upon receiving the chllenge C, the server computes R = H(C F ile) nd sends the response R to the verifier. To vlidte the file integrity, the verifier checks V =? R. At lest one of the two functions f nd H must be kept secret becuse if both were public, it would be esy for mlicious server to compute nd store only H (F ile) tht is not the entire file, nd then dynmiclly responds with vlid vlue f(c, H (F ile)) tht is not the expected one H(C F ile). Unfortuntely, Deswrte et l. [8] hve not found such functions f, H, nd H stisfying the desired verifiction rule. To workround this problem, finite number Ñ of rndom chllenges re generted offline for the file to be checked, the corresponding responses H(C i F ile) 1 i Ñ re pre-computed offline s well, nd then the pre-computed responses re stored on the verifier locl storge. To udit the file, one of the Ñ chllenges is sent to the remote server nd the response received from the server is compred with the pre-computed response which is previously stored on the verifier side. However, this solution limits the number of times prticulr dt file cn be checked by the number of rndom chllenges Ñ. Once ll rndom chllenges {C i} 1 i Ñ re consumed, the verifier hs to retrieve the dt file F from the storge server in order to compute new responses H(C i F ile), but this is unworkble. Deswrte et l.[8] proposed nother protocol to overcome the problem of limited number of udits per file. In their protocol the dt file is represented s n integer m. Figure 1 illustrtes the scheme proposed in [8] There re two min limittions in the protocol of Deswrte et l. [8]: In ech verifiction, the remote server hs to do the exponentition over the entire file. Thus, if we re deling with huge files, e.g., in order of Terbytes (s most prcticl pplictions require) this exponentition will be hevy. Storge overhed on the verifier side; it hs to store some metdt for ech file to be checked. This could be chllenge for the verifier if it uses smll devices, e.g., PDA or cell phone with limited storge cpcity. More RSA Bsed PDP Schemes. Filho et l. [9] proposed scheme to verify dt integrity using the RSA-bsed Homomorphic hsh function. A function H is Homomorphic if, given two

6 6 Ayd F.Brsoum nd M.Anwr Hsn Dt owner: Represents the dt file s n integer m Genertes RSA modulus N = pq (p & q re prime numbers) Pre-computes nd stores M = m mod N ( R Z N ) Sends the file vlue m to the remote server Chllenge Response Verifier Remote Server 1. Picks r R Z N 2. Computes chllenge A = r mod N A B 4. Computes C = M r mod N 5. Checks C =? B Fig. 1. The PDP protocol by Deswrte et l. [8]. 3. Computes response B = A m mod N opertion + nd, we hve H(d+d ) = H(d) H(d ). The protocol proposed in [9] is illustrted in figure 2. Note tht the response R = H(d) is homomorphic function in the dt file d; H(d + d ) r d+d r d r d H(d)H(d ) mod N. To find collision for this hsh function, one hs to find two messges d, d such tht r d r d, i.e., r d d 1 mod N. Thus, d d must be multiple of ϕ(n). Finding such two messges d, d is belived to be difficult since the fctoriztion of N is unknown. The limittions of the protocol proposed in [9] re similr to those of the protocol in [8]: the rchive service provider hs to exponentite the entire dt file plus the storge overhed on the verifier side. To circumvent the problem of exponentiting the entire file Sebé et l. [10] proposed to verify dt integrity by first frgmenting the file into blocks, fingerprinting ech block, nd then using n RSA-bsed hsh function on the blocks. Thus, the file F is divided into set of m blocks: F = {b 1, b 2,..., b m }, where m fingerprints {M i } 1 i m re generted for the file nd stored on the verifier locl storge. Their proposl does not require the exponentition of the entire file. Figure 3 demonstrtes the protocol proposed by Sebé et l. [10]. Limittions. Although the protocol proposed by Sebé et l. [10] does not require exponentition of the entire file, locl copy of the fingerprints whose size is liner in the number of file blocks must be stored on the verifier side. The verifier hs to store the fingerprints {M i } 1 i m, ech of size N bits consuming m N bits from the verifier locl storge, which my impede the verifiction process when using smll devices like PDAs or cell phones. Dt Storge Commitment Schemes. Golle et l. [11] proposed scheme to verify dt storge commitment, concept tht is weker thn integrity. They investigted storgeenforcing commitment scheme. Through their scheme storge server demonstrtes tht it is mking use of storge spce s lrge s the client s dt, but not necessrily the sme exct

7 DEMC-PDP & PEMC-PDP 7 Dt owner: Genertes RSA modulus N = pq (p & q re prime numbers) Computes ϕ(n) = (p 1)(q 1) Pre-computes nd stores h(d) = d mod ϕ(n) (d is the dt file) Sends the dt file d to the remote server Chllenge Response Verifier 1. Picks r R Z N r R 3. Computes R = r h(d) mod N 4. Checks R? = R Remote Server 2. Computes response R = H(d) = r d mod N Fig. 2. The PDP protocol by Filho et l. [9]. Dt owner: Genertes RSA modulus N = pq (p & q re prime numbers) Computes ϕ(n) = (p 1)(q 1) Splits the dt file F into m blocks: F = {b 1, b 2,..., b m } Pre-computes nd stores M i = b i mod ϕ(n) (1 i m) Sends the dt file F to the remote server Chllenge Response Verifier Remote Server 1. Picks R Z N 2. Genertes l( m) rndom vlues {c i } 1 i l,{c i} 1 i l 3. Computes r = 5. Computes r = R l c i M i mod ϕ(n) i=1 6. Computes R = r mod N 7. Checks R? = R Fig. 3. The protocol by Sebé et l. [10]. l c i b i i=1 4. Computes R = r mod N

8 8 Ayd F.Brsoum nd M.Anwr Hsn dt. The storge server does not directly prove tht it is storing file F, but proves tht it hs committed sufficient resources to do so. Their scheme is bsed on n-power Computtionl Diffie-Hellmn (n-pcdh) ssumption: for group Z p with genertor g, there is no known probbilistic polynomil time lgorithm A tht cn compute g xn given g x, g x2,..., g xn 1 with non-negligible probbility. The min scheme proposed by Golle et l. [11] is illustrted in figure 4. Setup File F = {b 1, b 2,..., b m }, b i Z p Let n = 2m + 1 Secret key sk = x R Z p Public key pk = (g x, g x2,..., g xn ) = (g 1, g 2,..., g n ) Dt owner computes nd stores f 0 = Chllenge Response m i=1 g bi i mod p Verifier 1. Picks rndom k [0, m] Remote Server k 3. Computes f k = 4. Checks f0 xk? = f k f k m i=1 g bi i+k Fig. 4. The protocol by Golle et l. [11]. Since ech file block b i Z p cn be represented by log 2 p bits, then the totl number of bits to store the file F = m log 2 p bits. For the storge server to chet by storing ll the possible vlues of f k (m + 1 vlues), it needs (m + 1) log 2 p bits which is slightly lrger thn the size of the originl file. Limittions. The gurntee provided by the proposed protocol in [11] is weker thn dt integrity since it only ensures tht the server is storing something t lest s lrge s the originl dt file but not necessrily the file itself. In ddition, the verifier s public key is bout twice s lrge s the dt file. Privcy-Preserving PDP Schemes. Shh et l. [12, 13] proposed privcy-preserving PDP protocols. Using their schemes, n externl Third Prty Auditor (TPA) cn verify the integrity of files stored by remote server without knowing ny of the file contents. The dt owner first encrypts the file, then sends both the encrypted file long with the encryption key to the remote server. Moreover, the dt owner sends the encrypted file long with key-commitment tht fixes vlue for the key without reveling the key to the TPA. The primry purposes of the schemes proposed in [12, 13] re to ensure tht the remote server is correctly possessing

9 DEMC-PDP & PEMC-PDP 9 the client s dt long with the encryption key, nd to prevent ny informtion lekge to the TPA which is responsible for the uditing tsk. Thus, clients especilly with constrined computing resources nd cpbilities cn resort to externl udit prty to check the integrity of outsourced dt, nd this third prty uditing process should bring in no new vulnerbilities towrds the privcy of client s dt. In ddition to the uditing tsk of the TPA, it hs nother primry tsk which is extrction of digitl contents. For the uditing tsk, the TPA intercts with the remote server to check tht the stored dt is intct. For the extrction tsk, the TPA intercts with both the remote server nd the dt owner to first check tht the dt is intct then delivers it to the owner. The protocols proposed by Shh et l. [12, 13] re illustrted in figure 5. The protocols proposed by Shh et l. [12, 13] hve the following key limittions: The number of times prticulr dt item cn be verified is limited nd must be fixed beforehnd. Storge overhed on the TPA; it hs to store Ñ hsh vlues for ech file to be udited. Lck of support for stteless verifiction; the TPA hs to updte its stte (the list L) between udits to prevent using the sme rndom number or the sme HMAC twice. Very high communiction complexity to retrieve E K (F ) if the TPA wnts to regenerte new list of hsh vlues to chieve unbounded number of udits. PDP in Dtbse Context. In dtbse outsourcing scenrio, the dtbse owner stores dt t storge service provider nd the dtbse users send queries to the service provider to retrieve some tuples/records tht mtch the issued query. Dt integrity is n impertive concern in the dtbse outsourcing prdigm; when user receives query result from the service provider, he wnts to be convinced tht the received tuples re not being tmpered with by mlicious service provider. Mykletun et l. [14] investigted the notion of signture ggregtion to vlidte the integrity of the query result. Signture ggregtion enbles bndwidth- nd computtionefficient integrity verifiction of query replies. In the scheme presented in [14], ech dtbse record is signed before outsourcing the dtbse to remote service provider. Mykletun et l. [14] provided two ggregtion mechnisms: one is bsed on RSA [17] nd the other is bsed on BLS signture [18]. For the scheme bsed on the RSA signture, ech record in the dtbse is signed s: σ i = h(b i ) d mod N, where h is one-wy hsh function, b i is the dt record, d is the RSA privte key, nd N is the RSA modulus. A user issues query to be executed over the outsourced dtbse, the server processes the query nd computes n ggregted signture σ = t i=1 σ i mod N, where t is the number of records in the query result. The server sends the query result long with the ggregted signture to the user. To verify the integrity of the received records, the user checks σ e =? t i=1 σ i mod N, where e is the RSA public key. The second scheme proposed by Mykletun et l. [14] which is bsed on the BLS signture [18] is similr to the first scheme but the record signture σ i = h(m i ) x, where x R Z p is secret key. To verify the integrity of the received records, the user checks ê(σ, g)? = ê( t i=1 h(b i), y), where g is genertor of the group Z p, y = g x (public key), nd ê is computble biliner mp tht will be explined lter. Although dt integrity (correctness) is n impertive concern in the dtbse outsourcing prdigm, completeness is nother crucil demnd for dtbse users. Completeness mens tht the service provider should send ll records tht stisfy the query criteri not just subset of them. The schemes proposed by Mykletun et l. [14] did not fulfill the completeness requirement. The completeness problem hs been ddressed by other reserchers (see for exmple [3, 19]). We emphsize tht the techniques bsed on ggregted signtures [14] would fil to provide blockless verifiction, which is needed by ny efficient PDP scheme. Indeed, the verifier hs to

10 10 Ayd F.Brsoum nd M.Anwr Hsn Setup Dt owner sends key K nd the encrypted file E K (F ) to the remote server Dt owner sends key-commitment vlue g K nd the encrypted file E K (F ) to the TPA (g is genertor for Z p ) The TPA genertes list L of rndom vlues nd HMACs: L = {(R i, H i )} 1 i Ñ, H i = HMAC(R i, E K (F )), nd R i is rndom number. TPA keeps L, H(E K (F )), g K, nd cn discrd E K (F ) (H is secure hsh function) TPA Checking Dt Integrity 1. Picks ny R i, H i from L Remote Server nd L = L\{(R i, H i )} R i 2. Computes H s =HMAC(R i, E K (F )) H s 3. Checks H? i = Hs Checking Key Integrit 1. Genertes β R Z p 3. Checks (g K ) β =? (W s ) Dt Extrction g β 2. Computes W s = (g β ) K W s D s =E K (F ) Checks hshing of its locl cched copy: H(E K (F ))? = H(D s ). If vlid, sends E K (F ) to the owner Key Extrction Assume tht the owner nd the server gree on shred rndom secret X K+X, g X Checks g K+X =? g K g X. If vlid, sends K + X to the owner Owner gets K = (K + X) X Fig. 5. The protocols by Shh et l. [12, 13].

11 DEMC-PDP & PEMC-PDP 11 hve the bility to verify dt integrity even though he does not possess ny of the file blocks. The schemes proposed in [14] depend on the retrieved records of the query result to verify the integrity of the outsourced dtbse. Blockless verifiction is min concern to minimize the required communiction cost over the network. Ateniese et l. [6] proposed model to overcome some of the limittions of the previous protocols: limited number of udits per file determined by fixed chllenges tht must be specified in dvnce, expensive server computtion by doing the exponentition over the entire file, storge overhed on the verifier side by keeping some metdt to be used lter in the uditing tsk, high communiction complexity, nd lck of support for blockless verifiction. Ateniese et l. [6] proposed PDP model in which the dt owner frgments the file F into blocks {b 1, b 2,..., b m } nd genertes metdt ( tg) for ech block to be used for verifiction. The file is then sent to be stored on remote/cloud server which my be untrusted nd the dt owner my delete the locl copy of the file. The remote server provides proof tht the dt hs not been tmpered with or prtilly deleted by responding to chllenges sent from the verifier. The scheme proposed by Ateniese et l. [6] provides probbilistic gurntee of dt possession, where the verifier checks rndom subset of stored file blocks with ech chllenge (spot checking). PDP Schemes Bsed on Homomorphic Verifible Tgs. Ateniese et l. [6] proposed using Homomorphic Verifible Tgs(HVTs)/Homomorphic Liner Authentictors(HLAs) s the bsic building blocks of their scheme. In short, the HVTs/HLAs re unforgeble verifiction metdt constructed from the file blocks in such wy tht the verifier cn be convinced tht liner combintion of the file blocks is ccurtely computed by verifying only the ggregted tg/uthentictor. In their work, Ateniese et l. [6] differentite between the concept of public verifibility nd privte verifibility. In public verifibility nyone not necessrily the dt owner who knows the owner s public key cn chllenge the remote server nd verify tht the server is still possessing the owner s files. On the other side, privte verifibility llows only the originl owner (or verifier with whom the originl owner shres secret key) to perform the uditing tsk. Ateniese et l. [6] proposed two min PDP schemes: Smpling PDP (S-PDP) nd Efficient PDP (E-PDP) schemes. In fct, there is slight difference between the S-PDP scheme nd the E-PDP model, but the E-PDP model provides weker gurntee of dt possession. The E-PDP scheme only gurntees possession of the sum of file blocks nd not necessrily possession of ech one of the blocks being chllenged. Both protocols proposed in [6] re illustrted in figure 6. Although the models proposed by Ateniese et l. [6] hve ddressed mny drwbcks of the previous protocols, they still hve some limittions: HVTs in [6] re bsed on RSA nd thus re reltively long; the HVT for ech file block is in order of N bits. Therefore, to chieve 80-bit security level, the generted tg should be of size 1024 bits. The time is tkes to generte the tgs is too long [7]. Since there is no indictor for the file identifier in the block tg, mlicious server cn chet by using blocks from different files if the dt owner uses the sme secret keys d nd v for ll his files. Ateniese et l. [6] clculted tht for mlicious server to ttck their E-PDP scheme, it hs to store vlues to be ble to chet with probbility 100% 1. Shchm nd Wters [20] presented simple ttck ginst the E-PDP scheme which enbles mlicious server to chet with probbility 91% requiring no more storge thn n honest server to store the file vlues if the number of the file blocks = 1000 nd the number of chllenged blocks = 101

12 12 Ayd F.Brsoum nd M.Anwr Hsn I. S-PDP scheme Setup N = pq is the RSA modulus (p & q re prime numbers) g is genertor of QR N (QR N is the set of qudrtic residues modulo N) Public key pk = (N, g, e), secret key sk = (d, v), v R Z N, nd ed 1 mod (p 1)(q 1) π is pseudo-rndom permuttion, f is pseudo-rndom function, nd H is hsh function File F = {b 1, b 2,..., b m } Dt owner genertes tg T i for ech block b i : T i = (H(v i) g b i ) d mod N Dt owner sends the dt file F = {b i } nd the tgs {T i } (1 i m) to the remote server Chllenge Response Verifier Remote Server 1. Picks two keys k 1 (key for π), k 2 (key for f), c(# of blocks to be chllenged ), nd g s = g s mod N(s R Z N ) c, k 1, k 2, g s 2. Computes the chllenged block indices: i j = π k1 (j) 1 j c 3. Computes the rndom vlues: j = f k2 (j) 1 j c c 4. Computes T = mod N T, ρ 6. Computes i j = π k1 (j), j = f k2 (j)(1 j c) T 7. Computes τ = c e H(v i j ) j j=1 8. Checks H(τ s mod N)? = ρ T j i j j=1 c j=1 bi j j 5. Computes ρ = H(gs mod N) II. E-PDP scheme The only difference between the E-PDP nd the S-PDP is tht : { j } 1 j c = 1, nd thus Step 4 : T = c T ij mod N j=1 c j=1 b i j Step 5 : ρ = H(gs mod N) T Step 7 : τ = c e H(v i j ) j=1 Fig. 6. The S-PDP nd E-PDP protocols by Ateniese et l. [6].

13 DEMC-PDP & PEMC-PDP 13 Recently, Ateniese et l. [21] showed tht the HLAs cn be constructed from homomorphic identifiction protocols. They provided compiler-like trnsformtion to build HLAs from homomorphic identifiction protocols nd showed how to turn the HLA into PDP scheme. As concrete exmple, they pplied their trnsformtion to vrint of n identifiction protocol proposed by Shoup [22] yielding fctoring-bsed PDP scheme. Comprison. We present comprison between the previous PDP schemes in tble 1. The comprison is bsed on the following: Owner pre-computtion: the opertions performed by the dt owner to process the file before being outsourced to remote server. Verifier storge overhed: the extr storge required to store some metdt on the verifier side to be used lter during the verifiction process. Server storge overhed: the extr storge on the server side required to store some metdt not including the originl file sent from the owner. Server computtion: the opertions performed by the server to provide the dt possession gurntee. Verifier computtion: the opertions performed by the verifier to vlidte the server s response. Communiction cost: bndwidth required during the chllenge response phse. Unbounded chllenges: to indicted whether the scheme llows unlimited number to udit the dt file. Frgmenttion: to indicte whether the file is treted s one chunk or divided into smller blocks. Type of gurntee: to indicte whether the gurntee provided from the remote server is deterministic gurntee which requires to ccess ll file blocks or probbilistic gurntee tht depends on spot checking. Prove dt possession: to indicte whether the scheme proves the possession of the file itself or proves tht the server is storing something t lest s lrge s the originl file. We will use the nottions EXF to indicte the EXponentition of the entire File, DET to indicte deterministic gurntee, nd PRO to indicte probbilistic gurntee. For simplicity, the security prmeter is not included s fctor for the relevnt costs. 3.2 Proof of Retrievbility (POR) A Proof of Retrievbility (POR) scheme is n orthogonl/ complementry pproch to Provble Dt Possession (PDP) system. A POR scheme is chllenge-response protocol which enbles remote server to provide n evidence tht verifier cn retrieve or reconstruct the entire dt file from the responses tht re relibly trnsmitted from the server. The min ide of the POR schemes is to pply ersure code to dt files before outsourcing to llow more errorresiliency. Thus, if it is criticl demnd to detect ny modifiction or deletion of tiny prts of the dt file, then ersure code could be used before outsourcing. The work done by Juels nd Kliski [23] ws from the first ppers to consider forml models for POR schemes. In their model, the dt is first encrypted then disguised blocks (clled sentinels) re embedded into the ciphertext. The sentinels re hidden mong the regulr file blocks in order to detect dt modifiction by the server. In the uditing phse, the verifier requests for rndomly picked sentinels nd checks whether they re corrupted or not. If the server corrupts or deletes prts of the dt, then sentinels would lso be influenced with certin probbility. The min limittion of the scheme in [23] is tht it llows only limited number of chllenges on the

14 14 Ayd F.Brsoum nd M.Anwr Hsn Scheme [8] [9] [10] [11] [12, 13] [6] Owner pre-computtion EXF O(1) O(m) O(m) O(1) O(m) Verifier storge overhed O(1) O(1) O(m) O(1) O(Ñ) - Server storge overhed O(m) Server computtion EXF EXF O(c) O(m) O(1) O(c) Verifier computtion O(1) O(1) O(c) O(1) O(1) O(c) Communiction cost O(1) O(1) O(1) O(1) O(1) O(1) Unbounded chllenges Frgmenttion Type of gurntee DET DET DET/ PRO DET DET PRO Prove dt possession Tble 1. Comprison of PDP schemes for file consisting of m blocks, c is the number of chllenged blocks, nd Ñ is finite number of rndom chllenges. Verifier pre-computtion is O(Ñ) to generte list L of HMACs. [6] cn be esily modified to support deterministic gurntee dt files, which is specified by the number of sentinels embedded into the dt file. This limited number of chllenges is due to the fct tht sentinels nd their position within the file must be reveled to the server t ech chllenge nd the verifier cnnot reuse the reveled sentinels. Schwrtz nd Miller [24] proposed using lgebric signture to verify dt integrity cross multiple servers using error-correcting codes. Through keyed lgebric encoding nd strem cipher encryption, they re ble to detect file corruptions. The min limittion of their proposl is tht the communiction complexity is liner with respect to the queried dt size. Moreover, the security of their proposl is not proven nd remins in question [7]. Shchm nd Wters [20] proposed compct proof of retrievbility model tht enbles the verifier to unboundedly chllenge the server solving the limittion of Juels nd Kliski [23]. The min contribution of Shchm nd Wters [20] is the construction of HLAs tht enble the server to ggregte the tgs of individul file blocks nd to generte single short tg s response to the verifier s chllenge. Shchm nd Wters [20] proposed two HLAs: one is bsed on the Pseudo-Rndom Function (PRF), nd the other is bsed on the BLS signture [18]. Other vrious POR schemes cn be found in the literture (see for exmple [25 28]). 3.3 Dynmic Provble Dt Possession (DPDP) The PDP nd POR schemes focus on sttic or wrehoused dt which is essentil in numerous different pplictions such s librries, rchives, nd stronomicl/medicl/scientific/legl repositories. On the other side, Dynmic Provble Dt Possession (DPDP) schemes investigte the dynmic file opertions such s updte, delete, ppend, nd insert opertions. There re some DPDP constructions in the literture stisfying different system requirements. Ateniese et l. [29] proposed DPDP model bsed on cryptogrphic hsh function nd symmetric key encryption. The min drwbck of their scheme is tht the number of updtes nd chllenges is limited nd fixed in dvnce. Moreover, their model does not support block insertion opertion. Erwy et l. [30] extended the work of Ateniese et l. [29] to support dt dynmics using uthenticted skip list. However, the efficiency of their scheme remins in question. Wng et l. [31] presented DPDP scheme by integrting the compct proof of retrievbility model due to Shchm nd Wters [20] nd Merkle Hsh Tree (MHT). Zhu et l. [32] ddressed the construction of DPDP schemes on hybrid clouds to support sclbility of service nd dt migrtion. A hybrid cloud is

15 DEMC-PDP & PEMC-PDP 15 CC deployment model in which n orgniztion provides nd hndles some internl nd externl resources. For exmple, n orgniztion cn use public cloud service s Amzon EC2 [33] to perform the generl computtion, while the dt files re stored within the orgniztion s locl dt center in privte cloud. Zhu et l. [32] proposed two DPDP schemes: Interctive Provble Dt Possession (IPDP) scheme nd Coopertive Provble Dt Possession (CPDP) scheme. It is importnt to note tht none of the bove pproches (PDP, POR, DPDP) ddress the problem of creting multiple copies of dt file over cloud servers, uditing ll these copies to verify their completeness nd correctness, nd providing strong evidence to the owners tht they re getting wht they re pying for. There re some previous work on mintining the file copies throughout distributed systems to chieve vilbility nd durbility, but none of them gurntee tht multiple copies of the dt file re ctully mintined [34, 35]. 4 System Model nd Design Gols 4.1 System Model In our work we consider model of cloud computing dt storge system consisting of three min components s illustrted in figure 7: (i) dt owner customer or n orgniztion originlly possessing lrge mount of dt to be stored in the cloud; (ii) Cloud Servers (CSs) mnged by CSP which provides pid storge spce on its infrstructure to store owner s files; nd (iii) uthorized users set of owner s clients llowed to use the owner s files nd shre some keying mteril with the dt owner. The uthorized users receive the dt from the cloud servers in n encrypted form, nd using the secret key shred with the owner they get the plin dt. The uthoriztion between the dt owner nd the legl users is out of our scope, nd we ssume tht it is ppropritely done. Through the pper we do not differentite between cloud server nd cloud service provider. Fig. 7. Cloud Computing Dt Storge System Model There re mny pplictions tht cn be envisioned to dopt this model of outsourced dt storge system. For ehelth pplictions, dtbse contining sensitive nd lrge mount of informtion bout ptients medicl history is to be stored on the cloud servers. We cn consider the ehelth orgniztion to be the dt owner nd the physicins to be the uthorized users with pproprite ccess right to the dtbse. Finncil pplictions, scientific pplictions, nd eductionl pplictions contining sensitive informtion bout students trnscripts cn lso be envisioned in similr settings.

16 16 Ayd F.Brsoum nd M.Anwr Hsn 4.2 Design Gols From the extensive literture survey of the previous PDP schemes, we hve explored nd investigted the vrious fetures nd limittions of such schemes. Now, we im t designing efficient nd secure protocols tht overcome the identified limittions in the previous models nd t the sme time to ddress the problem of creting multiple copies of dt files over cloud servers, uditing ll these copies to verify their completeness nd correctness, nd providing strong evidence to the dt owner tht he is getting wht he is ctully pying for. Our design gols cn be summrized in the following points: 1. Designing Efficient Multi-Copy Provble Dt Possession (EMC-PDP) protocols. These protocols should efficiently nd securely provide the owner with strong evidence tht the CSP is in relity possessing ll dt copies tht re greed upon nd these copies re intct. 2. Allowing the uthorized users of the dt owner to semlessly ccess the file copy received from the CSP. 3. Scling down the storge overhed on both the server nd the verifier sides. 4. Minimizing the computtionl complexity on both the server nd the verifier sides. 5. Limiting the bndwidth required by the protocols during the uditing phse. 6. Enbling public verifibility where nyone not necessrily the dt owner who knows the owner s public key cn chllenge the remote servers nd verify tht the CSP is still possessing the owner s files. 7. Supporting blockless verifiction where the verifier hs to hve the bility to verify the dt integrity even though he neither possesses nor retrieves the file blocks from the server. 8. Allowing unbounded number of uditing rther thn imposing fixed limit on the number of interctions between the verifier nd the CSP. 9. Fcilitting stteless verifiction where the verifier is not needed to hold nd upgrde stte between udits. Mintining such stte is unmngeble in cse of physicl dmge of the verifier s mchine or if the uditing tsk is delegted to TPA. 10. Enbling both probbilistic nd deterministic gurntees. In probbilistic gurntee the verifier checks rndom subset of stored file blocks with ech chllenge (spot checking), while the verifier checks ll the stored file blocks in the deterministic gurntee. Remrk 1. We re considering economiclly-motivted CSPs tht my ttempt to use less storge thn required by the contrct through deletion of few copies of the file. The CSPs hve lmost no finncil benefit by deleting only smll portion of copy of the file. As result, in our work we do not encode the dt file before outsourcing. Such encoding, for exmple using ersure codes, is minly to reconstruct the file from limited mount of dmges. In our proposed schemes, multiple copies of the file re generted nd stored on number of servers; hence server s copy cn be reconstructed even from complete loss using duplicted copies on other servers. More importntly, unlike ersure codes, duplicted files enble sclbility vitl issue in the Cloud Computing system. Also, file tht is duplicted nd stored strtegiclly on multiple servers locted t vrious geogrphic loctions cn help reduce ccess time nd communiction cost for users. Remrk 2. In this work we focus on sensitive rchivl nd wrehoused dt, which is essentil in numerous different pplictions such s digitl librries nd stronomicl/medicl/scientific/legl repositories. Such dt re subject to infrequent chnge, so we tret them s sttic. Since we re deling with sensitive dt like ptients medicl history or finncil dt, this dt must be encrypted before outsourcing to cloud servers. In our schemes we utilize the BLS uthentictors [20] to build public verifible model.

17 DEMC-PDP & PEMC-PDP 17 5 Multi-Copy Provble Dt Possession (MC-PDP) schemes Suppose tht CSP offers to store n copies of n owner s file on n different servers to prevent simultneous filure of ll copies nd to chieve the vilbility spect in exchnge for prespecified fees metered in GB/month. Thus, the dt owner needs strong evidence to ensure tht the CSP is ctully storing no less thn n copies, ll these copies re complete nd correct, nd the owner is not pying for service tht he does not get. A nïve solution to this problem is to use ny of the previous PDP schemes to seprtely chllenge nd verify the integrity of ech copy on ech server. This is certinly not workble solution; cloud servers cn conspire to convince the dt owner tht they store n copies of the file while indeed they only store one copy. Whenever request for PDP scheme execution is mde to one of the n severs, it is forwrded to the server which is ctully storing the single copy. The CSP cn use nother trick to prove dt vilbility by generting the file copies upon verifier s chllenge; however, there is no evidence tht the ctul copies re stored ll the time. The min core of this cheting is tht the n copies re identicl mking it trivil for the servers to deceive the owner. Therefore, one step towrds the solution is to leve the control of the file copying opertion in the owner s hnd to crete unique distinguishble/differentible copies. Before presenting our min protocols, we strt with wrmup scheme Bsic Multi-Copy Provble Dt Possession (BMC-PDP) scheme which leds to severe computtionl, communiction, nd mngement overhed. We then present the Multiple-Replic Provble Dt Possession (MR-PDP) scheme due to Curtmol et l. [15]. To the best of our knowledge, this is the only scheme in the literture tht ddressed the uditing tsk of multiple copies of dt file. Through extensive nlysis, we will elborte the vrious fetures nd limittions of the MR-PDP model especilly from the uthorized users side. Curtmol et l. [15] did not consider how the uthorized users of the dt owner cn ccess the file copies from the cloud servers noting tht the internl opertions of the CSP re opque. Moreover, we will demonstrte the efficiency of our protocols from the storge, computtion, nd communiction spects. We believe tht the investigtion of both BMC-PDP nd MR-PDP models will led us to our min schemes. 5.1 Bsic Multi-Copy Provble Dt Possession (BMC-PDP) scheme As explined previously, the cloud servers cn conspire to convince the dt owner tht they store n copies of the file while indeed they store fewer thn n copies, nd this is due to the fct tht the n copies re identicl. Thus, the BMC-PDP scheme tries to solve the problem by leving the control of the file copying opertion in the owner s hnd to generte unique distinguishble/differentible copies of the dt file. To this end, the dt owner cretes n distinct copies by encrypting the file under n different keys keeping these keys secret from the CSP. Hence, the cloud servers could not conspire by using one copy to nswer the chllenges for nother. This nturl solution enbles the verifier to seprtely chllenge ech copy on ech server using ny of the PDP schemes, nd to ensure tht the CSP is possessing not less thn n copies. Although the BMC-PDP scheme is workble solution, it is imprcticl nd hs the following criticl drwbcks: The computtion nd communiction complexities of the verifiction tsk grow linerly with the number of copies. Essentilly, the BMC-PDP scheme is equivlent to pplying ny PDP schemes to n different files. Key mngement is severe problem with the BMC-PDP scheme. Since the dt file is encrypted under n different keys, the dt owner hs to keep these keys secret from the CSP nd t the sme time to shre these n keys with ech uthorized user. Moreover, when the uthorized user intercts with the CSP to retrieve the dt file, it is not necessrily to receive the sme copy ech time. According to the lod blncing mechnism used by the

18 18 Ayd F.Brsoum nd M.Anwr Hsn CSP to orgnize the work of the servers, the uthorized user s request is directed to the server with the lowest congestion. Consequently, ech copy should contin some indictor bout the key used in the encryption to enble the uthorized users to properly decrypt the received copy. 5.2 Multiple-Replic Provble Dt Possession (MR-PDP) scheme Curtmol et l. [15] proposed Multiple-Replic PDP (MR-PDP) scheme where dt owner cn verify tht severl copies of file re stored by storge service provider. The MR-PDP scheme is n extension to the PDP models proposed by Ateniese et l. [6]. Curtmol et l. [15] proposed creting distinct replics/copies of the dt file by first encrypting the file then msking the encrypted version with some rndomness generted from Pseudo-Rndom Function (PRF). The MR-PDP scheme of creting nd uditing n distinct copies is illustrted in figure 8. Key limittions of the MR-PDP scheme of Curtmol et l. [15] re s follows: Since the MR-PDP scheme is n extension to the PDP models proposed by Ateniese et l. [6], it inherits ll the limittions of these models identified erlier in the literture survey section: long tgs (1024 bits to chieve 80-bit secuirty level), computtion overhed on both the verifier nd server side, bility of CSP to chet by using blocks from different files if the dt owner uses the sme secret key (d, v) for ll his files. A slightly modified version of the criticl key mngement problem of the BMC-PDP scheme is nother concern in the MR-PDP scheme. The uthorized users hve to know which copy hs been specificlly retrieved from the CSP to properly unmsk it before decryption. Due to the opqueness nture of the internl opertions of the CSP, the server on which specific copy is exctly stored is unknown to cloud customers the MR-PDP scheme does not ddress how the uthorized users of the dt owner cn ccess the file copies from the cloud servers. The MR-PDP supports only privte verifibility, where just the dt owner (or verifier with whom the originl owner shres secret key) cn do the uditing tsk. Essentilly, the MR-PDP is n extension to the E-PDP version proposed by Ateniese et l. [6], nd thus it only proves possession of the sum of the chllenged blocks not the blocks themselves. Moreover, the CSP cn corrupt the dt blocks nd the summtion is still vlid. For the CSP to prove possession of the blocks, it should multiply ech of the chllenged blocks with rndom vlue. 6 The Proposed Efficient Multi-Copy Provble Dt Possession (EMC-PDP) schemes To chieve the design gols outlined in section 4.2, we propose Efficient Multi-Copy Provble Dt Possession (EMC-PDP) schemes utilizing the BLS Homomorphic Liner Authentictors (HLAs)[20]. In short, the HLAs enble dt owner to fingerprint ech block b i of file F in such wy tht for ny chllenge vector C = {c 1, c 2,..., c r } the server cn homomorphiclly construct tg uthenticting the vlue r i=1 c i b i. The direct doption of the HLAs proposed in [20] is not suitble nd leds to two min ttcks. The first ttck rises when the dt owner delegtes the uditing tsk to TPA: by collecting enough number of liner combintions of the sme blocks, the TPA cn obtin the dt blocks by solving system of liner equtions breking the privcy of the owner s dt. This ttck cn be prevented by encrypting the dt file before outsourcing to the CSP, nd thus the TPA cnnot get ny informtion bout the collected blocks. The second ttck rises if the file identifier is not included in the block tg nd

19 DEMC-PDP & PEMC-PDP 19 Setup N = pq is the RSA modulus (p & q re prime numbers) g is genertor of QR N (QR N is the set of qudrtic residues modulo N) Public key pk = (N, g, e), secret key sk = (d, v, x), v, x R Z N, nd ed 1 mod (p 1)(q 1) π is pseudo-rndom permuttion, f x is pseudo-rndom function keyed with the secret key x, nd H is hsh function File F = {b 1, b 2,..., b m } E K is n encryption lgorithm under key K Dt Owner Obtins n encrypted file F by encrypting the originl file F using the encryption key K: F = { b 1, b 2,... b m }, where b j = E K (b j ), 1 j m. Uses the encrypted version of the file F to crete set of tgs {T j } 1 j m for ll copies to be used in the verifiction process: T j = (H(v j) g b j ) d mod N Genertes n distinct replics { F i } 1 i n, F i = {ˆb i,1, ˆb i,2,..., ˆb i,m }, using rndom msking s follows. for i = 1 to n do for j = 1 to m do 1. Computes rndom vlue r i,j = f x (i j) 2. Computes the replic s block ˆb i,j = b j + r i,j (dded s lrge integers in Z) Dt owner sends the specific replic F i to specific server S i, 1 i n Checking possession of replic F z To check the possession of the replic F z = {ˆb z,1, ˆb z,2,... ˆb z,m }, the owner chllenges the specific server S z s follows: Owner Remote Server S z 1. Picks key k for the π function, c(# of blocks to be chllenged), nd g s = g s mod N (s R Z N ) c, k, g s 2. Computes the chllenged block indices: j u = π k (u) 1 u c c 3. Computes T = mod N 4. Computes ρ = g c u=1 ˆb z,j u s T, ρ 5. Computes j u = π k (u) 1 u c T 6. Checks ( c e g r chl ) s =? ρ, H(v j u ) u=1 where r chl = c u=1 r z,ju is the sum of the rndom vlues used to obtin the blocks in the replic F z Fig. 8. The MR-PDP protocol by Curtmol et l. [15]. u=1 T ju mod N

20 20 Ayd F.Brsoum nd M.Anwr Hsn the sme owner s secret key is used with ll the owner s files. This llows the CSP to chet by using blocks from different files during verifiction. Since the min core to design multi-copy provble dt possession model is to generte unique distinguishble/differentible copies of the dt file, we use simple yet efficient wy to generte these distinct copies. In our EMC-PDP models we resort to the diffusion property of ny secure encryption scheme. Diffusion mens tht the output bits of the ciphertext should depend on the input bits of the plintext in very complex wy. In n encryption scheme with strong diffusion property, if there is chnge in one single bit of the plintext, then the ciphertext should completely chnge in n unpredictble wy [36]. Our methodology of generting distinct copies is not only efficient, but lso successful in solving the uthorized users problem of the MR- PDP scheme [15] to ccess the file copy received from the CSP. In our schemes, the uthorized users need only to keep single secret key shred with the dt owner to decrypt the file copy; it is not necessrily to recognize the specific server from which the copy is received. In our work, the dt owner hs file F nd the CSP offers to store n copies, {F 1, F 2,..., F n }, of the owner s file in exchnge for pre-specified fees metered in GB/month. We provide two versions of our EMC-PDP scheme: Deterministic EMC-PDP (DEMC-PDP) nd Probbilistic EMC-PDP (PEMC-PDP). In the DEMC-PDP version, the CSP hs to ccess ll the blocks of the dt file, while in the PEMC-PDP we depend on spot checking by vlidting rndom subset of the file blocks. It is trde-off between the performnce of the system nd the strength of the gurntee provided by the CSP. 6.1 Preliminries nd Nottions F is dt file to be outsourced, it is composed of sequence of m blocks, i.e., F = {b 1, b 2,..., b m }, where ech block b i Z p for some lrge prime p. π key ( ) is Pseudo-Rndom Permuttion(PRP): key {0, 1} log(m) {0, 1} log(m) ψ key ( ) is Pseudo-Rndom Function (PRF): key {0, 1} Z p Biliner Mp/Piring. The biliner mp is one of the essentil building blocks of our proposed schemes. Let G 1, G 2, nd G T be cyclic groups of prime order p. Let g 1 nd g 2 be genertors of G 1 nd G 2, respectively. A biliner piring is mp ê : G 1 G 2 G T with the following properties [37]: 1. Biliner: ê(u 1 u 2, v 1 ) = ê(u 1, v 1 ) ê(u 2, v 1 ), ê(u 1, v 1 v 2 ) = ê(u 1, v 1 ) ê(u 1, v 2 ) u 1, u 2 G 1 nd v 1, v 2 G 2 2. Non-degenerte: ê(g 1, g 2 ) 1 3. Computble: there exists n efficient lgorithm for computing ê 4. ê(u, v b ) = ê(u, v) b u G 1, v G 2, nd, b Z p H( ) is mp-to-point hsh function : {0, 1} G 1 E K is n encryption lgorithm with strong diffusion property, e.g., AES 6.2 Deterministic EMC-PDP (DEMC-PDP) scheme The DEMC-PDP consists of five polynomil time lgorithms: KeyGen, CopyGen, TgGen, Proof, nd Verify. (pk, sk) KeyGen(). This lgorithm is run by the dt owner to generte public key pk nd privte key sk. F = {F i } 1 i n CopyGen(CN i, F ) 1 i n. This lgorithm is run by the dt owner. It tkes s input copy number CN i nd file F nd genertes unique differentible copies F = {F i } 1 i n, where ech copy F i is n ordered collection of blocks {b ij } 1 i n. 1 j m

Small Business Networking

Small Business Networking Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd processes. Introducing technology

More information

Small Business Networking

Small Business Networking Why Network is n Essentil Productivity Tool for Any Smll Business TechAdvisory.org SME Reports sponsored by Effective technology is essentil for smll businesses looking to increse their productivity. Computer

More information

Small Business Networking

Small Business Networking Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd business. Introducing technology

More information

Small Business Networking

Small Business Networking Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd business. Introducing technology

More information

Small Business Networking

Small Business Networking Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd processes. Introducing technology

More information

Small Business Networking

Small Business Networking Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd processes. Introducing technology

More information

ClearPeaks Customer Care Guide. Business as Usual (BaU) Services Peace of mind for your BI Investment

ClearPeaks Customer Care Guide. Business as Usual (BaU) Services Peace of mind for your BI Investment ClerPeks Customer Cre Guide Business s Usul (BU) Services Pece of mind for your BI Investment ClerPeks Customer Cre Business s Usul Services Tble of Contents 1. Overview...3 Benefits of Choosing ClerPeks

More information

Unleashing the Power of Cloud

Unleashing the Power of Cloud Unleshing the Power of Cloud A Joint White Pper by FusionLyer nd NetIQ Copyright 2015 FusionLyer, Inc. All rights reserved. No prt of this publiction my be reproduced, stored in retrievl system, or trnsmitted,

More information

Network Configuration Independence Mechanism

Network Configuration Independence Mechanism 3GPP TSG SA WG3 Security S3#19 S3-010323 3-6 July, 2001 Newbury, UK Source: Title: Document for: AT&T Wireless Network Configurtion Independence Mechnism Approvl 1 Introduction During the lst S3 meeting

More information

Enterprise Risk Management Software Buyer s Guide

Enterprise Risk Management Software Buyer s Guide Enterprise Risk Mngement Softwre Buyer s Guide 1. Wht is Enterprise Risk Mngement? 2. Gols of n ERM Progrm 3. Why Implement ERM 4. Steps to Implementing Successful ERM Progrm 5. Key Performnce Indictors

More information

GFI MilArchiver 6 vs C2C Archive One Policy Mnger GFI Softwre www.gfi.com GFI MilArchiver 6 vs C2C Archive One Policy Mnger GFI MilArchiver 6 C2C Archive One Policy Mnger Who we re Generl fetures Supports

More information

Polynomial Functions. Polynomial functions in one variable can be written in expanded form as ( )

Polynomial Functions. Polynomial functions in one variable can be written in expanded form as ( ) Polynomil Functions Polynomil functions in one vrible cn be written in expnded form s n n 1 n 2 2 f x = x + x + x + + x + x+ n n 1 n 2 2 1 0 Exmples of polynomils in expnded form re nd 3 8 7 4 = 5 4 +

More information

Small Business Cloud Services

Small Business Cloud Services Smll Business Cloud Services Summry. We re thick in the midst of historic se-chnge in computing. Like the emergence of personl computers, grphicl user interfces, nd mobile devices, the cloud is lredy profoundly

More information

JaERM Software-as-a-Solution Package

JaERM Software-as-a-Solution Package JERM Softwre-s--Solution Pckge Enterprise Risk Mngement ( ERM ) Public listed compnies nd orgnistions providing finncil services re required by Monetry Authority of Singpore ( MAS ) nd/or Singpore Stock

More information

Reasoning to Solve Equations and Inequalities

Reasoning to Solve Equations and Inequalities Lesson4 Resoning to Solve Equtions nd Inequlities In erlier work in this unit, you modeled situtions with severl vriles nd equtions. For exmple, suppose you were given usiness plns for concert showing

More information

2. Transaction Cost Economics

2. Transaction Cost Economics 3 2. Trnsction Cost Economics Trnsctions Trnsctions Cn Cn Be Be Internl Internl or or Externl Externl n n Orgniztion Orgniztion Trnsctions Trnsctions occur occur whenever whenever good good or or service

More information

Introducing Kashef for Application Monitoring

Introducing Kashef for Application Monitoring WextWise 2010 Introducing Kshef for Appliction The Cse for Rel-time monitoring of dtcenter helth is criticl IT process serving vriety of needs. Avilbility requirements of 6 nd 7 nines of tody SOA oriented

More information

Hillsborough Township Public Schools Mathematics Department Computer Programming 1

Hillsborough Township Public Schools Mathematics Department Computer Programming 1 Essentil Unit 1 Introduction to Progrmming Pcing: 15 dys Common Unit Test Wht re the ethicl implictions for ming in tody s world? There re ethicl responsibilities to consider when writing computer s. Citizenship,

More information

Factoring Polynomials

Factoring Polynomials Fctoring Polynomils Some definitions (not necessrily ll for secondry school mthemtics): A polynomil is the sum of one or more terms, in which ech term consists of product of constnt nd one or more vribles

More information

Health insurance exchanges What to expect in 2014

Health insurance exchanges What to expect in 2014 Helth insurnce exchnges Wht to expect in 2014 33096CAEENABC 02/13 The bsics of exchnges As prt of the Affordble Cre Act (ACA or helth cre reform lw), strting in 2014 ALL Americns must hve minimum mount

More information

All pay auctions with certain and uncertain prizes a comment

All pay auctions with certain and uncertain prizes a comment CENTER FOR RESEARC IN ECONOMICS AND MANAGEMENT CREAM Publiction No. 1-2015 All py uctions with certin nd uncertin prizes comment Christin Riis All py uctions with certin nd uncertin prizes comment Christin

More information

SPECIAL PRODUCTS AND FACTORIZATION

SPECIAL PRODUCTS AND FACTORIZATION MODULE - Specil Products nd Fctoriztion 4 SPECIAL PRODUCTS AND FACTORIZATION In n erlier lesson you hve lernt multipliction of lgebric epressions, prticulrly polynomils. In the study of lgebr, we come

More information

An Undergraduate Curriculum Evaluation with the Analytic Hierarchy Process

An Undergraduate Curriculum Evaluation with the Analytic Hierarchy Process An Undergrdute Curriculum Evlution with the Anlytic Hierrchy Process Les Frir Jessic O. Mtson Jck E. Mtson Deprtment of Industril Engineering P.O. Box 870288 University of Albm Tuscloos, AL. 35487 Abstrct

More information

Health insurance marketplace What to expect in 2014

Health insurance marketplace What to expect in 2014 Helth insurnce mrketplce Wht to expect in 2014 33096VAEENBVA 06/13 The bsics of the mrketplce As prt of the Affordble Cre Act (ACA or helth cre reform lw), strting in 2014 ALL Americns must hve minimum

More information

Data replication in mobile computing

Data replication in mobile computing Technicl Report, My 2010 Dt repliction in mobile computing Bchelor s Thesis in Electricl Engineering Rodrigo Christovm Pmplon HALMSTAD UNIVERSITY, IDE SCHOOL OF INFORMATION SCIENCE, COMPUTER AND ELECTRICAL

More information

GFI MilArchiver 6 vs Quest Softwre Archive Mnger GFI Softwre www.gfi.com GFI MilArchiver 6 vs Quest Softwre Archive Mnger GFI MilArchiver 6 Quest Softwre Archive Mnger Who we re Generl fetures Supports

More information

Example 27.1 Draw a Venn diagram to show the relationship between counting numbers, whole numbers, integers, and rational numbers.

Example 27.1 Draw a Venn diagram to show the relationship between counting numbers, whole numbers, integers, and rational numbers. 2 Rtionl Numbers Integers such s 5 were importnt when solving the eqution x+5 = 0. In similr wy, frctions re importnt for solving equtions like 2x = 1. Wht bout equtions like 2x + 1 = 0? Equtions of this

More information

Treatment Spring Late Summer Fall 0.10 5.56 3.85 0.61 6.97 3.01 1.91 3.01 2.13 2.99 5.33 2.50 1.06 3.53 6.10 Mean = 1.33 Mean = 4.88 Mean = 3.

Treatment Spring Late Summer Fall 0.10 5.56 3.85 0.61 6.97 3.01 1.91 3.01 2.13 2.99 5.33 2.50 1.06 3.53 6.10 Mean = 1.33 Mean = 4.88 Mean = 3. The nlysis of vrince (ANOVA) Although the t-test is one of the most commonly used sttisticl hypothesis tests, it hs limittions. The mjor limittion is tht the t-test cn be used to compre the mens of only

More information

Agenda. Who are we? Agenda. Cloud Computing in Everyday Life. Who are we? What is Cloud Computing? Drivers and Adoption Enabling Technologies Q & A

Agenda. Who are we? Agenda. Cloud Computing in Everyday Life. Who are we? What is Cloud Computing? Drivers and Adoption Enabling Technologies Q & A Agend Who re we? Wht is Cloud Computing? Drivers nd Adoption Enbling Technologies Cloud Computing in Everydy Life Joe Wong Senior Development Mnger, ICS, IBM Kit Yeung Advisory Softwre Engineer, ICS, IBM

More information

Helicopter Theme and Variations

Helicopter Theme and Variations Helicopter Theme nd Vritions Or, Some Experimentl Designs Employing Pper Helicopters Some possible explntory vribles re: Who drops the helicopter The length of the rotor bldes The height from which the

More information

Econ 4721 Money and Banking Problem Set 2 Answer Key

Econ 4721 Money and Banking Problem Set 2 Answer Key Econ 472 Money nd Bnking Problem Set 2 Answer Key Problem (35 points) Consider n overlpping genertions model in which consumers live for two periods. The number of people born in ech genertion grows in

More information

Facilitating Rapid Analysis and Decision Making in the Analytical Lab.

Facilitating Rapid Analysis and Decision Making in the Analytical Lab. Fcilitting Rpid Anlysis nd Decision Mking in the Anlyticl Lb. WHITE PAPER Sponsored by: Accelrys, Inc. Frnk Brown, Ph.D., Chief Science Officer, Accelrys Mrch 2009 Abstrct Competitive success requires

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs VoIP (Voice over Internet Protocol) offers low cost lterntive to expensive trditionl phone services nd is rpidly becoming the communictions system of choice for smll

More information

Operations with Polynomials

Operations with Polynomials 38 Chpter P Prerequisites P.4 Opertions with Polynomils Wht you should lern: Write polynomils in stndrd form nd identify the leding coefficients nd degrees of polynomils Add nd subtrct polynomils Multiply

More information

Math 135 Circles and Completing the Square Examples

Math 135 Circles and Completing the Square Examples Mth 135 Circles nd Completing the Squre Exmples A perfect squre is number such tht = b 2 for some rel number b. Some exmples of perfect squres re 4 = 2 2, 16 = 4 2, 169 = 13 2. We wish to hve method for

More information

Vendor Rating for Service Desk Selection

Vendor Rating for Service Desk Selection Vendor Presented By DATE Using the scores of 0, 1, 2, or 3, plese rte the vendor's presenttion on how well they demonstrted the functionl requirements in the res below. Also consider how efficient nd functionl

More information

g(y(a), y(b)) = o, B a y(a)+b b y(b)=c, Boundary Value Problems Lecture Notes to Accompany

g(y(a), y(b)) = o, B a y(a)+b b y(b)=c, Boundary Value Problems Lecture Notes to Accompany Lecture Notes to Accompny Scientific Computing An Introductory Survey Second Edition by Michel T Heth Boundry Vlue Problems Side conditions prescribing solution or derivtive vlues t specified points required

More information

Test Management using Telelogic DOORS. Francisco López Telelogic DOORS Specialist

Test Management using Telelogic DOORS. Francisco López Telelogic DOORS Specialist Test Mngement using Telelogic DOORS Frncisco López Telelogic DOORS Specilist Introduction Telelogic solution for Requirements Mngement DOORS Requirements mngement nd trcebility pltform for complex systems

More information

Techniques for Requirements Gathering and Definition. Kristian Persson Principal Product Specialist

Techniques for Requirements Gathering and Definition. Kristian Persson Principal Product Specialist Techniques for Requirements Gthering nd Definition Kristin Persson Principl Product Specilist Requirements Lifecycle Mngement Elicit nd define business/user requirements Vlidte requirements Anlyze requirements

More information

Chromebook Parent/Student Information

Chromebook Parent/Student Information Chromebook Prent/Student Informtion 1 Receiving Your Chromebook Student Distribution Students will receive their Chromebooks nd cses during school. Students nd prents must sign the School City of Hmmond

More information

DEVELOPMENT. Introduction to Virtualization E-book. anow is the time to realize all of the benefits of virtualizing your test and development lab.

DEVELOPMENT. Introduction to Virtualization E-book. anow is the time to realize all of the benefits of virtualizing your test and development lab. Introduction to Virtuliztion E-book S Now is the time to relize ll of the benefits of virtulizing your test nd development lb. YOUR CHAPTER 3 p 2 A TEST AND p 4 VOLATILE IT S p 7 p 9 p 10 YOUR CHAPTER

More information

DlNBVRGH + Sickness Absence Monitoring Report. Executive of the Council. Purpose of report

DlNBVRGH + Sickness Absence Monitoring Report. Executive of the Council. Purpose of report DlNBVRGH + + THE CITY OF EDINBURGH COUNCIL Sickness Absence Monitoring Report Executive of the Council 8fh My 4 I.I...3 Purpose of report This report quntifies the mount of working time lost s result of

More information

File Storage Guidelines Intended Usage

File Storage Guidelines Intended Usage Storge 1 Google Cloud 2 Other cloud storge Exmple or Box, Dropbox, Crbonite, idrive File Storge Guidelines Usge Fculty nd student collbortion Specil use cses. When non-lcc employee nd students need ccess

More information

Portfolio approach to information technology security resource allocation decisions

Portfolio approach to information technology security resource allocation decisions Portfolio pproch to informtion technology security resource lloction decisions Shivrj Knungo Deprtment of Decision Sciences The George Wshington University Wshington DC 20052 knungo@gwu.edu Abstrct This

More information

Curve Sketching. 96 Chapter 5 Curve Sketching

Curve Sketching. 96 Chapter 5 Curve Sketching 96 Chpter 5 Curve Sketching 5 Curve Sketching A B A B A Figure 51 Some locl mximum points (A) nd minimum points (B) If (x, f(x)) is point where f(x) reches locl mximum or minimum, nd if the derivtive of

More information

Corporate Compliance vs. Enterprise-Wide Risk Management

Corporate Compliance vs. Enterprise-Wide Risk Management Corporte Complince vs. Enterprise-Wide Risk Mngement Brent Sunders, Prtner (973) 236-4682 November 2002 Agend Corporte Complince Progrms? Wht is Enterprise-Wide Risk Mngement? Key Differences Why Will

More information

Software Cost Estimation Model Based on Integration of Multi-agent and Case-Based Reasoning

Software Cost Estimation Model Based on Integration of Multi-agent and Case-Based Reasoning Journl of Computer Science 2 (3): 276-282, 2006 ISSN 1549-3636 2006 Science Publictions Softwre Cost Estimtion Model Bsed on Integrtion of Multi-gent nd Cse-Bsed Resoning Hsn Al-Skrn Informtion Technology

More information

PROF. BOYAN KOSTADINOV NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY

PROF. BOYAN KOSTADINOV NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY MAT 0630 INTERNET RESOURCES, REVIEW OF CONCEPTS AND COMMON MISTAKES PROF. BOYAN KOSTADINOV NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY Contents 1. ACT Compss Prctice Tests 1 2. Common Mistkes 2 3. Distributive

More information

Section A-4 Rational Expressions: Basic Operations

Section A-4 Rational Expressions: Basic Operations A- Appendi A A BASIC ALGEBRA REVIEW 7. Construction. A rectngulr open-topped bo is to be constructed out of 9- by 6-inch sheets of thin crdbord by cutting -inch squres out of ech corner nd bending the

More information

9 CONTINUOUS DISTRIBUTIONS

9 CONTINUOUS DISTRIBUTIONS 9 CONTINUOUS DISTIBUTIONS A rndom vrible whose vlue my fll nywhere in rnge of vlues is continuous rndom vrible nd will be ssocited with some continuous distribution. Continuous distributions re to discrete

More information

Novel Methods of Generating Self-Invertible Matrix for Hill Cipher Algorithm

Novel Methods of Generating Self-Invertible Matrix for Hill Cipher Algorithm Bibhudendr chry, Girij Snkr Rth, Srt Kumr Ptr, nd Sroj Kumr Pnigrhy Novel Methods of Generting Self-Invertible Mtrix for Hill Cipher lgorithm Bibhudendr chry Deprtment of Electronics & Communiction Engineering

More information

Total Data Protection for Sensitive Data Wherever It May Flow

Total Data Protection for Sensitive Data Wherever It May Flow Totl Dt Protection for Sensitive Dt Wherever It My Flow PGP Corportion nd Protegrity protect sensitive dt throughout its lifecycle, while enforcing nd verifying policy requirements for complince. Protegrity

More information

Lecture 3 Gaussian Probability Distribution

Lecture 3 Gaussian Probability Distribution Lecture 3 Gussin Probbility Distribution Introduction l Gussin probbility distribution is perhps the most used distribution in ll of science. u lso clled bell shped curve or norml distribution l Unlike

More information

SyGEMe: Integrated Municipal Facilities Management of Water Ressources Swiss Geoscience Meeting, Neuchâtel, 21 novembre 2009 k

SyGEMe: Integrated Municipal Facilities Management of Water Ressources Swiss Geoscience Meeting, Neuchâtel, 21 novembre 2009 k SyGEMe: Integrted Municipl Fcilities Mngement of Wter Ressources Tool presenttion, choice of technology, mn-mchine mchine interfce, business opportunities nd prospects 1. Introduction 2. Mn-mchine interfce

More information

Economics Letters 65 (1999) 9 15. macroeconomists. a b, Ruth A. Judson, Ann L. Owen. Received 11 December 1998; accepted 12 May 1999

Economics Letters 65 (1999) 9 15. macroeconomists. a b, Ruth A. Judson, Ann L. Owen. Received 11 December 1998; accepted 12 May 1999 Economics Letters 65 (1999) 9 15 Estimting dynmic pnel dt models: guide for q mcroeconomists b, * Ruth A. Judson, Ann L. Owen Federl Reserve Bord of Governors, 0th & C Sts., N.W. Wshington, D.C. 0551,

More information

LINEAR TRANSFORMATIONS AND THEIR REPRESENTING MATRICES

LINEAR TRANSFORMATIONS AND THEIR REPRESENTING MATRICES LINEAR TRANSFORMATIONS AND THEIR REPRESENTING MATRICES DAVID WEBB CONTENTS Liner trnsformtions 2 The representing mtrix of liner trnsformtion 3 3 An ppliction: reflections in the plne 6 4 The lgebr of

More information

According to Webster s, the

According to Webster s, the dt modeling Universl Dt Models nd P tterns By Len Silversn According Webster s, term universl cn be defined s generlly pplicble s well s pplying whole. There re some very common ptterns tht cn be generlly

More information

Protocol Analysis. 17-654/17-764 Analysis of Software Artifacts Kevin Bierhoff

Protocol Analysis. 17-654/17-764 Analysis of Software Artifacts Kevin Bierhoff Protocol Anlysis 17-654/17-764 Anlysis of Softwre Artifcts Kevin Bierhoff Tke-Awys Protocols define temporl ordering of events Cn often be cptured with stte mchines Protocol nlysis needs to py ttention

More information

4.11 Inner Product Spaces

4.11 Inner Product Spaces 314 CHAPTER 4 Vector Spces 9. A mtrix of the form 0 0 b c 0 d 0 0 e 0 f g 0 h 0 cnnot be invertible. 10. A mtrix of the form bc d e f ghi such tht e bd = 0 cnnot be invertible. 4.11 Inner Product Spces

More information

Regular Sets and Expressions

Regular Sets and Expressions Regulr Sets nd Expressions Finite utomt re importnt in science, mthemtics, nd engineering. Engineers like them ecuse they re super models for circuits (And, since the dvent of VLSI systems sometimes finite

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the

More information

Allocation Strategies of Virtual Resources in Cloud-Computing Networks

Allocation Strategies of Virtual Resources in Cloud-Computing Networks RESEARCH ARTICLE OPEN ACCESS Alloction Strtegies of Virtul Resources in Cloud-Computing Networks 1 K.Delhi Bbu, 2 D.Giridhr Kumr Deprtment of Computer Science nd Engineering, SreeVidynikethnEngg.College,

More information

Secure routing for structured peer-to-peer overlay networks

Secure routing for structured peer-to-peer overlay networks Secure routing for structured peer-to-peer overly networks Miguel Cstro 1, Peter Druschel 2, Aylvdi Gnesh 1, Antony Rowstron 1 nd Dn S. Wllch 2 1 Microsoft Reserch Ltd., 7 J J Thomson Avenue, Cmbridge,

More information

Basic Analysis of Autarky and Free Trade Models

Basic Analysis of Autarky and Free Trade Models Bsic Anlysis of Autrky nd Free Trde Models AUTARKY Autrky condition in prticulr commodity mrket refers to sitution in which country does not engge in ny trde in tht commodity with other countries. Consequently

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the

More information

and thus, they are similar. If k = 3 then the Jordan form of both matrices is

and thus, they are similar. If k = 3 then the Jordan form of both matrices is Homework ssignment 11 Section 7. pp. 249-25 Exercise 1. Let N 1 nd N 2 be nilpotent mtrices over the field F. Prove tht N 1 nd N 2 re similr if nd only if they hve the sme miniml polynomil. Solution: If

More information

EQUATIONS OF LINES AND PLANES

EQUATIONS OF LINES AND PLANES EQUATIONS OF LINES AND PLANES MATH 195, SECTION 59 (VIPUL NAIK) Corresponding mteril in the ook: Section 12.5. Wht students should definitely get: Prmetric eqution of line given in point-direction nd twopoint

More information

TRUST and reputation are crucial requirements for most

TRUST and reputation are crucial requirements for most IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 3, MAY/JUNE 2012 375 Itertive Trust nd Reputtion Mngement Using Belief Propgtion Ermn Aydy, Student Member, IEEE, nd Frmrz Feri, Senior

More information

Health Information Systems: evaluation and performance of a Help Desk

Health Information Systems: evaluation and performance of a Help Desk 536 Digitl Helthcre Empowering Europens R. Cornet et l. (Eds.) 2015 Europen Federtion for Medicl Informtics (EFMI). This rticle is published online with Open Access by IOS Press nd distributed under the

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the

More information

icbs: Incremental Cost based Scheduling under Piecewise Linear SLAs

icbs: Incremental Cost based Scheduling under Piecewise Linear SLAs i: Incrementl Cost bsed Scheduling under Piecewise Liner SLAs Yun Chi NEC Lbortories Americ 18 N. Wolfe Rd., SW3 35 Cupertino, CA 9514, USA ychi@sv.nec lbs.com Hyun Jin Moon NEC Lbortories Americ 18 N.

More information

Decision Rule Extraction from Trained Neural Networks Using Rough Sets

Decision Rule Extraction from Trained Neural Networks Using Rough Sets Decision Rule Extrction from Trined Neurl Networks Using Rough Sets Alin Lzr nd Ishwr K. Sethi Vision nd Neurl Networks Lbortory Deprtment of Computer Science Wyne Stte University Detroit, MI 48 ABSTRACT

More information

Quality Evaluation of Entrepreneur Education on Graduate Students Based on AHP-fuzzy Comprehensive Evaluation Approach ZhongXiaojun 1, WangYunfeng 2

Quality Evaluation of Entrepreneur Education on Graduate Students Based on AHP-fuzzy Comprehensive Evaluation Approach ZhongXiaojun 1, WangYunfeng 2 Interntionl Journl of Engineering Reserch & Science (IJOER) ISSN [2395-6992] [Vol-2, Issue-1, Jnury- 2016] Qulity Evlution of Entrepreneur Eduction on Grdute Students Bsed on AHP-fuzzy Comprehensive Evlution

More information

Blackbaud The Raiser s Edge

Blackbaud The Raiser s Edge Riser s Edge Slesce.com Comprison Summry Introduction (continued) Chrt -(continued) Non-Prit Strter Pck Compny Bckground Optionl Technology Both Slesce modules supports hs become include over Slesce.com

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the

More information

Combined Liability Insurance. Information and Communication Technology Proposal form

Combined Liability Insurance. Information and Communication Technology Proposal form Comined Liility Insurnce Informtion nd Communiction Technology Proposl form Comined Liility Insurnce Informtion nd Communiction Technology - Proposl form This proposl form must e completed nd signed y

More information

Integration by Substitution

Integration by Substitution Integrtion by Substitution Dr. Philippe B. Lvl Kennesw Stte University August, 8 Abstrct This hndout contins mteril on very importnt integrtion method clled integrtion by substitution. Substitution is

More information

TITLE THE PRINCIPLES OF COIN-TAP METHOD OF NON-DESTRUCTIVE TESTING

TITLE THE PRINCIPLES OF COIN-TAP METHOD OF NON-DESTRUCTIVE TESTING TITLE THE PRINCIPLES OF COIN-TAP METHOD OF NON-DESTRUCTIVE TESTING Sung Joon Kim*, Dong-Chul Che Kore Aerospce Reserch Institute, 45 Eoeun-Dong, Youseong-Gu, Dejeon, 35-333, Kore Phone : 82-42-86-231 FAX

More information

Use Geometry Expressions to create a more complex locus of points. Find evidence for equivalence using Geometry Expressions.

Use Geometry Expressions to create a more complex locus of points. Find evidence for equivalence using Geometry Expressions. Lerning Objectives Loci nd Conics Lesson 3: The Ellipse Level: Preclculus Time required: 120 minutes In this lesson, students will generlize their knowledge of the circle to the ellipse. The prmetric nd

More information

Health insurance exchanges What to expect in 2014

Health insurance exchanges What to expect in 2014 Helth insurnce exchnges Wht to expect in 2014 33096CAEENABC 11/12 The bsics of exchnges As prt of the Affordble Cre Act (ACA or helth cre reform lw), strting in 2014 ALL Americns must hve minimum mount

More information

VoIP for the Small Business

VoIP for the Small Business VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become

More information

Application-Level Traffic Monitoring and an Analysis on IP Networks

Application-Level Traffic Monitoring and an Analysis on IP Networks Appliction-Level Trffic Monitoring nd n Anlysis on IP Networks Myung-Sup Kim, Young J. Won, nd Jmes Won-Ki Hong Trditionl trffic identifiction methods bsed on wellknown port numbers re not pproprite for

More information

VoIP for the Small Business

VoIP for the Small Business VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become

More information

VoIP for the Small Business

VoIP for the Small Business VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become

More information

C-crcs Cognitive - Counselling Research & Conference Services (eissn: 2301-2358)

C-crcs Cognitive - Counselling Research & Conference Services (eissn: 2301-2358) C-crcs Cognitive - Counselling Reserch & Conference Services (eissn: 2301-2358) Volume I Effects of Music Composition Intervention on Elementry School Children b M. Hogenes, B. Vn Oers, R. F. W. Diekstr,

More information

Value Function Approximation using Multiple Aggregation for Multiattribute Resource Management

Value Function Approximation using Multiple Aggregation for Multiattribute Resource Management Journl of Mchine Lerning Reserch 9 (2008) 2079-2 Submitted 8/08; Published 0/08 Vlue Function Approximtion using Multiple Aggregtion for Multittribute Resource Mngement Abrhm George Wrren B. Powell Deprtment

More information

Experiment 6: Friction

Experiment 6: Friction Experiment 6: Friction In previous lbs we studied Newton s lws in n idel setting, tht is, one where friction nd ir resistnce were ignored. However, from our everydy experience with motion, we know tht

More information

Assuming all values are initially zero, what are the values of A and B after executing this Verilog code inside an always block? C=1; A <= C; B = C;

Assuming all values are initially zero, what are the values of A and B after executing this Verilog code inside an always block? C=1; A <= C; B = C; B-26 Appendix B The Bsics of Logic Design Check Yourself ALU n [Arthritic Logic Unit or (rre) Arithmetic Logic Unit] A rndom-numer genertor supplied s stndrd with ll computer systems Stn Kelly-Bootle,

More information

VoIP for the Small Business

VoIP for the Small Business VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the

More information

Performance analysis model for big data applications in cloud computing

Performance analysis model for big data applications in cloud computing Butist Villlpndo et l. Journl of Cloud Computing: Advnces, Systems nd Applictions 2014, 3:19 RESEARCH Performnce nlysis model for big dt pplictions in cloud computing Luis Edurdo Butist Villlpndo 1,2,

More information

Space Vector Pulse Width Modulation Based Induction Motor with V/F Control

Space Vector Pulse Width Modulation Based Induction Motor with V/F Control Interntionl Journl of Science nd Reserch (IJSR) Spce Vector Pulse Width Modultion Bsed Induction Motor with V/F Control Vikrmrjn Jmbulingm Electricl nd Electronics Engineering, VIT University, Indi Abstrct:

More information

AN ANALYTICAL HIERARCHY PROCESS METHODOLOGY TO EVALUATE IT SOLUTIONS FOR ORGANIZATIONS

AN ANALYTICAL HIERARCHY PROCESS METHODOLOGY TO EVALUATE IT SOLUTIONS FOR ORGANIZATIONS AN ANALYTICAL HIERARCHY PROCESS METHODOLOGY TO EVALUATE IT SOLUTIONS FOR ORGANIZATIONS Spiros Vsilkos (), Chrysostomos D. Stylios (),(b), John Groflkis (c) () Dept. of Telemtics Center, Computer Technology

More information

VoIP for the Small Business

VoIP for the Small Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephony-relted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the

More information

ASG Techniques of Adaptivity

ASG Techniques of Adaptivity ASG Techniques of Adptivity Hrld Meyer nd Dominik Kuropk nd Peter Tröger Hsso-Plttner-Institute for IT-Systems-Engineering t the University of Potsdm Prof.-Dr.-Helmert-Strsse 2-3, 14482 Potsdm, Germny

More information

6.2 Volumes of Revolution: The Disk Method

6.2 Volumes of Revolution: The Disk Method mth ppliction: volumes of revolution, prt ii Volumes of Revolution: The Disk Method One of the simplest pplictions of integrtion (Theorem ) nd the ccumultion process is to determine so-clled volumes of

More information