Provable Possession and Replication of Data over Cloud Servers


 Baldric McDonald
 2 years ago
 Views:
Transcription
1 Provble Possession nd Repliction of Dt over Cloud Servers Ayd F.Brsoum nd M.Anwr Hsn Deprtment of Electricl nd Computer Engineering University of Wterloo, Ontrio, Cnd. Abstrct. Cloud Computing (CC) is n emerging computing prdigm tht cn potentilly offer number of importnt dvntges. One of the fundmentl dvntges of CC is pysyougo pricing model, where customers py only ccording to their usge of the services. Currently, dt genertion is outpcing users storge vilbility, thus there is n incresing need to outsource such huge mount of dt. Outsourcing dt to remote Cloud Service Provider (CSP) is growing trend for numerous customers nd orgniztions lleviting the burden of locl dt storge nd mintennce. Moreover, customers rely on the dt repliction provided by the CSP to gurntee the vilbility nd durbility of their dt. Therefore, Cloud Service Providers (CSPs) provide storge infrstructure nd web services interfce tht cn be used to store nd retrieve n unlimited mount of dt with fees metered in GB/month. The mechnisms used for dt repliction vry ccording to the nture of the dt; more copies re needed for criticl dt tht cnnot esily be reproduced. This criticl dt should be replicted on multiple servers cross multiple dt centers. On the other hnd, noncriticl, reproducible dt re stored t reduced levels of redundncy. The pricing model is relted to the repliction strtegy. Therefore, it is of crucil importnce to customers to hve strong evidence tht they ctully get the service they py for. Moreover, they need to verify tht ll their dt copies re not being tmpered with or prtilly deleted over time. Consequently, the problem of Provble Dt Possession (PDP) hs been considered in mny reserch ppers. Unfortuntely, previous PDP schemes focus on single copy of the dt nd provide no gurntee tht the CSP stores multiple copies of customers dt. In this pper we ddress this chllenging issue nd propose Efficient MultiCopy Provble Dt Possession (EMCPDP) protocols. We prove the security of our protocols ginst colluding servers. Through extensive performnce nlysis nd experimentl results, we demonstrte the efficiency of our protocols. Keywords: Cloud computing, outsourcing dt storge, dt integrity, cryptogrphic protocols 1 Introduction Cloud Computing (CC) is n emerging computing prdigm tht cn be viewed s virtulized pool of computing resources (e.g. storge, processing power, memory, pplictions, services, nd network bndwidth), where customers re provisioned nd deprovisioned recourses s they need. CC represents the vision of providing computing services s public utilities like wter nd electricity. CC services cn be ctegorized into [1]: SoftwresService (SS), Pltforms Service (PS), nd InfrstructuresService (IS). The widely used model of CC services is the SS model in which the customers hve ccess to the pplictions running on the cloud provider s infrstructure. Google Docs, Google Clendr, nd Zoho Writer re publicly known exmples of this model. In PS model, the customers cn deploy their pplictions on the
2 2 Ayd F.Brsoum nd M.Anwr Hsn provider infrstructure under condition tht these pplictions re creted using tools supported by the provider. IS model enbles customers to rent nd use the provider s resources (storge, processing, nd network). Hence, the customers cn deploy ny pplictions including operting systems. The considerble ttention of Cloud Computing prdigm is due to number of key dvntges which mke it chllenging reserch re in both cdemi nd industry. This prdigm of Informtion Technology (IT) rchitecture supplies cost effective mens of computing over shred pool of resources, where users cn void cpitl expenditure on hrdwre, softwre, nd services s they py only for wht they use [1]. Moreover, CC model provides low mngement overhed nd immedite ccess to brod rnge of pplictions. In ddition, mintennce cost is reduced s third prt is responsible for everything from running the cloud to storing dt. It is not only the economic benefits tht customers cn gin from CC model, but lso flexibility to scle up nd down IT cpcity over time to business needs. Furthermore, CC offers more mobility where customers cn ccess informtion wherever they re, rther thn hving to remin t their desks. CC llows orgniztions to store more dt on remote servers thn on privte computer systems. Orgniztions will no longer be worried bout constnt server updtes nd other computing issues; they will be free to concentrte on innovtions [2]. Outsourcing dt storge to remote Cloud Service Provider (CSP) is growing trend for more nd more customers nd orgniztions lleviting the burden of locl dt storge nd mintennce. In ddition, storing dt remotely llows mny uthorized users to ccess the dt from vrious different geogrphic loctions mking it more convenient to them. Also, some orgniztions my crete lrge dt files tht must be chieved for mny yers but re rrely ccessed, nd so there is no need to store such files on the locl storge of the orgniztions. According to recent survey, IT outsourcing hs grown by stggering 79% s compnies seek to reduce costs nd focus on their core competencies [3]. However, the fct tht dt owners re no longer physiclly possess their sensitive dt rises new formidble nd chllenging tsks relted to dt security nd integrity protection in Cloud Computing. Dt security cn be chieved by encrypting sensitive dt before outsourcing to remote servers. As such, it is crucil demnd of customers to hve strong evidence tht the cloud servers still possess their dt nd it is not being tempered with or prtilly deleted over time, especilly becuse the internl opertion detils of the CSP my not be known by cloud customers. It is unrguble tht, the completeness nd correctness of customers dt in the cloud is being put t risk due to the following resons. First, the CSP whose gol is to mke profit nd mintin reputtion hs n incentive to hide dt loss or reclim storge by discrding dt tht hs not been or is rrely ccessed. Second, greedy CSP might delete some of the dt or might not store ll dt in fst storge required by the contrct with certin customers, i.e., plce it on CDs or other offline medi nd thus using less fst storge. Third, the cloud infrstructures re subject to wide rnge of internl nd externl security threts. Exmples of security breches of cloud services pper from time to time [4, 5]. In short, lthough outsourcing dt into the cloud is economiclly ttrctive for the cost nd complexity of longterm lrgescle dt storge, it does not offer ny gurntee on dt completeness nd correctness. This problem, if not properly hndled, my hinder the successful deployment of cloud rchitecture. Since customers dt hs been outsourced to remote servers, efficient verifiction of the completeness nd correctness of the outsourced dt becomes formidble chllenge for dt security in CC. The trditionl cryptogrphic primitives for dt integrity nd vilbility bsed on hshing nd signture schemes re not pplicble on the outsourced dt without hving locl copy of the dt. Of course, it is imprcticl for the clients to downlod ll stored dt in order to vlidte its integrity; this would require n expensive I/O cost nd immense
3 DEMCPDP & PEMCPDP 3 communiction overheds cross the network. Therefore, clients need efficient techniques to verify the integrity of their outsourced dt with minimum computtion, communiction, nd storge overhed. Consequently, mny reserchers hve focused on the problem of Provble Dt Possession (PDP) nd proposed different schemes to udit the dt stored on remote servers. Simply, Provble Dt possession (PDP) is technique for vlidting dt integrity over remote servers. Ateniese et l. [6] hve formlized PDP model. In tht model, the dt owner preprocesses the dt file to generte some metdt tht will be used lter for verifiction purposes through chllenge response protocol with the remote/cloud server. The file is then sent to be stored on n untrusted server, nd the owner my delete the locl copy of the file. Lter, the server demonstrtes tht the dt file hs not been deleted or tmpered with by responding to chllenges sent from the verifier who cn be the originl dt owner or other trusted entity tht shres some informtion with the owner. Reserchers hve proposed different vritions of PDP schemes under different cryptogrphic ssumptions [7 14]. We will present vrious PDP schemes in the literture survey section, nd will elborte how they vry from different perspectives. Unfortuntely, previous PDP schemes focus on single copy of the file nd provide no proof tht the CSP stores multiple copies of the owner s file. In this pper we ddress this chllenging problem, propose two Efficient MultiCopy Provble Dt Possession (EMCPDP) protocols, nd prove the security (correctness nd soundness) of our protocols ginst colluding servers. Extensive performnce nlysis which is vlidted through implementtion nd experimentl results illustrtes the efficiency of our protocols. Curtmol et l. [15] proposed MultipleReplic PDP (MRPDP) scheme, which is the only ttempt in the literture tht cretes multiple replics of owner s file nd udit them. Through extensive investigtion, we will detil the vrious fetures nd limittions of the MRPDP model. Unfortuntely, Curtmol et l. [15] did not ddress how the uthorized users of the dt owner cn ccess the file copies from the cloud servers noting tht the internl opertions of the CSP re opque. This issue is not hndled in their protocol, nd thus we consider the protocol to be incomplete. We will demonstrte tht our protocols re complete nd outperform the MRPDP model [15] from both the computtions nd communictions cost. The MRPDP is investigted in more detils in section 5.2. The reminder of the pper is orgnized s follows: in Section 2 we provide our reserch problem definitions, motivtions, chllenges, nd our min contributions. Section 3 contins n extensive literture survey for the previous schemes of remote dt integrity, the fetures of these schemes, nd their limittions. Our system model nd design gols re presented in Section 4. In Section 5 we present nd nlyze the bsic nturl scheme for multicopy provble dt possession nd the MRPDP scheme due to Curtmol et l. [15]. Our EMCPDP schemes re elborted in Section 6. In Section 7 we prove the security of our proposed schemes. The performnce nlysis nd experimentl results re done in Section 8. Our concluding remrks re given in Section 9. 2 Problem Definition, Motivtion, nd Min Contributions Users resort to dt repliction to ensure the vilbility nd durbility of their sensitive dt, especilly if it cnnot esily be reproduced. As simple exmple, when we re writing reserch pper, we re very creful to keep multiple copies of our pper to be ble to recover it in cse of ny filure or physicl dmge. Likewise, orgniztions, governments, nd universities replicte their finncil, personl, nd generl dt to gurntee its vilbility nd durbility over time. In the Cloud Computing prdigm, customers rely on the CSP to undertke the dt repliction tsk relieving the burden of locl dt storge nd mintennce, but they hve to py for their usge of the CSP s storge infrstructure. On the other side, cloud customers should be securely nd efficiently convinced tht the CSP is ctully possessing ll dt copies tht re greed
4 4 Ayd F.Brsoum nd M.Anwr Hsn upon, these dt copies re complete nd intct, nd thus customers re getting the service they re pying for. Therefore, in this pper we ddress the problem of creting multiple copies of owner s dt file over untrusted CSP nd uditing ll these copies to verify their completeness nd correctness. 2.1 Motivtion nd Chllenges The mechnisms used for dt repliction vry ccording to the nture of the dt; more copies re needed for criticl dt tht cnnot esily be reproduced. The pricing model of the CSPs is relted to the repliction strtegy. For exmple, Amzon S3 stndrd storge strtegy [16] mintins copies of customers dt on multiple servers cross multiple dt centers, while with Amzon Reduced Redundncy Storge (RRS) strtegy which enbles customers to reduce their costs noncriticl, reproducible dt is stored t reduced level of redundncy. As consequence, the pricing for the Amzon S3 stndrd storge is pproximtely 50% higher thn tht of the RRS. Cloud servers cn collude to chet the customers by showing tht they re storing ll copies, while in relity they re storing single copy. Therefore, cloud customers need secure nd efficient techniques to ensure tht the CSP is ctully keeping ll dt copies tht re greed upon, these copies re not corrupted, nd thus they py for rel services. 2.2 Contributions Our contributions cn be summrized s the following: 1. We propose two Efficient MultiCopy Provble Dt Possession (EMCPDP) protocols. These protocols efficiently provide the cloud customers with strong evidence tht the CSP is in relity possessing ll dt copies tht re greed upon nd these copies re intct. 2. We prove the security (correctness nd soundness) of our protocols ginst colluding servers. Cloud servers cn provide vlid responses to verifier s chllenges only if they ctully hve ll dt copies in n uncorrupted stte. 3. We justify the performnce of our proposed protocols through concrete nlysis nd comprison with the stteofthert. 4. We implement our proposed protocols using cryptogrphic librries. The experimentl results vlidte our performnce nlysis. To the best of our knowledge, the proposed protocols re the first complete nd efficient protocols tht ddress the storge integrity of multiple dt copies over Cloud Computing. 3 Literture Survey 3.1 Provble Dt Possession (PDP) Provble dt possession (PDP) is methodology for vlidting the integrity of dt in outsourcing storge service. The fundmentl gol of the PDP scheme is to llow verifier to efficiently, periodiclly, nd securely vlidte tht remote server which supposedly stores the owner s potentilly very lrge mount of dt is not cheting the verifier. The problem of dt integrity over remote servers hs been ddressed for mny yers nd there is simple solution to tckle this problem s follows. First, the dt owner computes messge uthentiction code (MAC) of the whole file before outsourcing to remote server. Then, the owner keeps only the computed MAC on his locl storge, sends the file to the remote server, nd deletes the locl copy of the file. Lter, whenever verifier needs to check the dt integrity, he sends request
5 DEMCPDP & PEMCPDP 5 to retrieve the file from the rchive service provider, recomputes the MAC of the whole file, nd compres the recomputed MAC with the previously stored vlue. Alterntively, insted of computing nd storing the MAC of the whole file, the dt owner divides the file F into blocks {b 1, b 2,..., b m }, computes MAC σ i for ech block b i : σ i = MAC sk (i b i ) 1 i m, sends both the dt file F nd the MACs {σ i } 1 i m to the remote/cloud server, deletes the locl copy of the file, nd stores only the secret key sk. During the verifiction process, the verifier requests for set of rndomly selected blocks nd their corresponding MACs, recomputes the MAC of ech retrieved block using sk, nd compres the recomputed MACs with the received vlues from the remote server [7]. The rtionle behind the second pproch is tht checking prt of the file is much esier thn the whole of it. However both pproches suffer from severe drwbck; the communiction complexity is liner with the queried dt size which is imprcticl especilly when the vilble bndwidth is limited. PDP Schemes of Deswrte et l. Deswrte et l. [8] thought of better solution by using two functions f nd H. H is onewy function nd f is nother function such tht f(c, H (F ile)) = H(C F ile), where H is ny secure hsh function nd C is rndom chllenge number sent from the verifier to the remote server. Thus, the dt owner hs to compute H (F ile) nd store it on his locl storge. To udit the file, the verifier genertes rndom chllenge C, computes V = f(c, H (F ile)), nd sends C to the remote server. Upon receiving the chllenge C, the server computes R = H(C F ile) nd sends the response R to the verifier. To vlidte the file integrity, the verifier checks V =? R. At lest one of the two functions f nd H must be kept secret becuse if both were public, it would be esy for mlicious server to compute nd store only H (F ile) tht is not the entire file, nd then dynmiclly responds with vlid vlue f(c, H (F ile)) tht is not the expected one H(C F ile). Unfortuntely, Deswrte et l. [8] hve not found such functions f, H, nd H stisfying the desired verifiction rule. To workround this problem, finite number Ñ of rndom chllenges re generted offline for the file to be checked, the corresponding responses H(C i F ile) 1 i Ñ re precomputed offline s well, nd then the precomputed responses re stored on the verifier locl storge. To udit the file, one of the Ñ chllenges is sent to the remote server nd the response received from the server is compred with the precomputed response which is previously stored on the verifier side. However, this solution limits the number of times prticulr dt file cn be checked by the number of rndom chllenges Ñ. Once ll rndom chllenges {C i} 1 i Ñ re consumed, the verifier hs to retrieve the dt file F from the storge server in order to compute new responses H(C i F ile), but this is unworkble. Deswrte et l.[8] proposed nother protocol to overcome the problem of limited number of udits per file. In their protocol the dt file is represented s n integer m. Figure 1 illustrtes the scheme proposed in [8] There re two min limittions in the protocol of Deswrte et l. [8]: In ech verifiction, the remote server hs to do the exponentition over the entire file. Thus, if we re deling with huge files, e.g., in order of Terbytes (s most prcticl pplictions require) this exponentition will be hevy. Storge overhed on the verifier side; it hs to store some metdt for ech file to be checked. This could be chllenge for the verifier if it uses smll devices, e.g., PDA or cell phone with limited storge cpcity. More RSA Bsed PDP Schemes. Filho et l. [9] proposed scheme to verify dt integrity using the RSAbsed Homomorphic hsh function. A function H is Homomorphic if, given two
6 6 Ayd F.Brsoum nd M.Anwr Hsn Dt owner: Represents the dt file s n integer m Genertes RSA modulus N = pq (p & q re prime numbers) Precomputes nd stores M = m mod N ( R Z N ) Sends the file vlue m to the remote server Chllenge Response Verifier Remote Server 1. Picks r R Z N 2. Computes chllenge A = r mod N A B 4. Computes C = M r mod N 5. Checks C =? B Fig. 1. The PDP protocol by Deswrte et l. [8]. 3. Computes response B = A m mod N opertion + nd, we hve H(d+d ) = H(d) H(d ). The protocol proposed in [9] is illustrted in figure 2. Note tht the response R = H(d) is homomorphic function in the dt file d; H(d + d ) r d+d r d r d H(d)H(d ) mod N. To find collision for this hsh function, one hs to find two messges d, d such tht r d r d, i.e., r d d 1 mod N. Thus, d d must be multiple of ϕ(n). Finding such two messges d, d is belived to be difficult since the fctoriztion of N is unknown. The limittions of the protocol proposed in [9] re similr to those of the protocol in [8]: the rchive service provider hs to exponentite the entire dt file plus the storge overhed on the verifier side. To circumvent the problem of exponentiting the entire file Sebé et l. [10] proposed to verify dt integrity by first frgmenting the file into blocks, fingerprinting ech block, nd then using n RSAbsed hsh function on the blocks. Thus, the file F is divided into set of m blocks: F = {b 1, b 2,..., b m }, where m fingerprints {M i } 1 i m re generted for the file nd stored on the verifier locl storge. Their proposl does not require the exponentition of the entire file. Figure 3 demonstrtes the protocol proposed by Sebé et l. [10]. Limittions. Although the protocol proposed by Sebé et l. [10] does not require exponentition of the entire file, locl copy of the fingerprints whose size is liner in the number of file blocks must be stored on the verifier side. The verifier hs to store the fingerprints {M i } 1 i m, ech of size N bits consuming m N bits from the verifier locl storge, which my impede the verifiction process when using smll devices like PDAs or cell phones. Dt Storge Commitment Schemes. Golle et l. [11] proposed scheme to verify dt storge commitment, concept tht is weker thn integrity. They investigted storgeenforcing commitment scheme. Through their scheme storge server demonstrtes tht it is mking use of storge spce s lrge s the client s dt, but not necessrily the sme exct
7 DEMCPDP & PEMCPDP 7 Dt owner: Genertes RSA modulus N = pq (p & q re prime numbers) Computes ϕ(n) = (p 1)(q 1) Precomputes nd stores h(d) = d mod ϕ(n) (d is the dt file) Sends the dt file d to the remote server Chllenge Response Verifier 1. Picks r R Z N r R 3. Computes R = r h(d) mod N 4. Checks R? = R Remote Server 2. Computes response R = H(d) = r d mod N Fig. 2. The PDP protocol by Filho et l. [9]. Dt owner: Genertes RSA modulus N = pq (p & q re prime numbers) Computes ϕ(n) = (p 1)(q 1) Splits the dt file F into m blocks: F = {b 1, b 2,..., b m } Precomputes nd stores M i = b i mod ϕ(n) (1 i m) Sends the dt file F to the remote server Chllenge Response Verifier Remote Server 1. Picks R Z N 2. Genertes l( m) rndom vlues {c i } 1 i l,{c i} 1 i l 3. Computes r = 5. Computes r = R l c i M i mod ϕ(n) i=1 6. Computes R = r mod N 7. Checks R? = R Fig. 3. The protocol by Sebé et l. [10]. l c i b i i=1 4. Computes R = r mod N
8 8 Ayd F.Brsoum nd M.Anwr Hsn dt. The storge server does not directly prove tht it is storing file F, but proves tht it hs committed sufficient resources to do so. Their scheme is bsed on npower Computtionl DiffieHellmn (npcdh) ssumption: for group Z p with genertor g, there is no known probbilistic polynomil time lgorithm A tht cn compute g xn given g x, g x2,..., g xn 1 with nonnegligible probbility. The min scheme proposed by Golle et l. [11] is illustrted in figure 4. Setup File F = {b 1, b 2,..., b m }, b i Z p Let n = 2m + 1 Secret key sk = x R Z p Public key pk = (g x, g x2,..., g xn ) = (g 1, g 2,..., g n ) Dt owner computes nd stores f 0 = Chllenge Response m i=1 g bi i mod p Verifier 1. Picks rndom k [0, m] Remote Server k 3. Computes f k = 4. Checks f0 xk? = f k f k m i=1 g bi i+k Fig. 4. The protocol by Golle et l. [11]. Since ech file block b i Z p cn be represented by log 2 p bits, then the totl number of bits to store the file F = m log 2 p bits. For the storge server to chet by storing ll the possible vlues of f k (m + 1 vlues), it needs (m + 1) log 2 p bits which is slightly lrger thn the size of the originl file. Limittions. The gurntee provided by the proposed protocol in [11] is weker thn dt integrity since it only ensures tht the server is storing something t lest s lrge s the originl dt file but not necessrily the file itself. In ddition, the verifier s public key is bout twice s lrge s the dt file. PrivcyPreserving PDP Schemes. Shh et l. [12, 13] proposed privcypreserving PDP protocols. Using their schemes, n externl Third Prty Auditor (TPA) cn verify the integrity of files stored by remote server without knowing ny of the file contents. The dt owner first encrypts the file, then sends both the encrypted file long with the encryption key to the remote server. Moreover, the dt owner sends the encrypted file long with keycommitment tht fixes vlue for the key without reveling the key to the TPA. The primry purposes of the schemes proposed in [12, 13] re to ensure tht the remote server is correctly possessing
9 DEMCPDP & PEMCPDP 9 the client s dt long with the encryption key, nd to prevent ny informtion lekge to the TPA which is responsible for the uditing tsk. Thus, clients especilly with constrined computing resources nd cpbilities cn resort to externl udit prty to check the integrity of outsourced dt, nd this third prty uditing process should bring in no new vulnerbilities towrds the privcy of client s dt. In ddition to the uditing tsk of the TPA, it hs nother primry tsk which is extrction of digitl contents. For the uditing tsk, the TPA intercts with the remote server to check tht the stored dt is intct. For the extrction tsk, the TPA intercts with both the remote server nd the dt owner to first check tht the dt is intct then delivers it to the owner. The protocols proposed by Shh et l. [12, 13] re illustrted in figure 5. The protocols proposed by Shh et l. [12, 13] hve the following key limittions: The number of times prticulr dt item cn be verified is limited nd must be fixed beforehnd. Storge overhed on the TPA; it hs to store Ñ hsh vlues for ech file to be udited. Lck of support for stteless verifiction; the TPA hs to updte its stte (the list L) between udits to prevent using the sme rndom number or the sme HMAC twice. Very high communiction complexity to retrieve E K (F ) if the TPA wnts to regenerte new list of hsh vlues to chieve unbounded number of udits. PDP in Dtbse Context. In dtbse outsourcing scenrio, the dtbse owner stores dt t storge service provider nd the dtbse users send queries to the service provider to retrieve some tuples/records tht mtch the issued query. Dt integrity is n impertive concern in the dtbse outsourcing prdigm; when user receives query result from the service provider, he wnts to be convinced tht the received tuples re not being tmpered with by mlicious service provider. Mykletun et l. [14] investigted the notion of signture ggregtion to vlidte the integrity of the query result. Signture ggregtion enbles bndwidth nd computtionefficient integrity verifiction of query replies. In the scheme presented in [14], ech dtbse record is signed before outsourcing the dtbse to remote service provider. Mykletun et l. [14] provided two ggregtion mechnisms: one is bsed on RSA [17] nd the other is bsed on BLS signture [18]. For the scheme bsed on the RSA signture, ech record in the dtbse is signed s: σ i = h(b i ) d mod N, where h is onewy hsh function, b i is the dt record, d is the RSA privte key, nd N is the RSA modulus. A user issues query to be executed over the outsourced dtbse, the server processes the query nd computes n ggregted signture σ = t i=1 σ i mod N, where t is the number of records in the query result. The server sends the query result long with the ggregted signture to the user. To verify the integrity of the received records, the user checks σ e =? t i=1 σ i mod N, where e is the RSA public key. The second scheme proposed by Mykletun et l. [14] which is bsed on the BLS signture [18] is similr to the first scheme but the record signture σ i = h(m i ) x, where x R Z p is secret key. To verify the integrity of the received records, the user checks ê(σ, g)? = ê( t i=1 h(b i), y), where g is genertor of the group Z p, y = g x (public key), nd ê is computble biliner mp tht will be explined lter. Although dt integrity (correctness) is n impertive concern in the dtbse outsourcing prdigm, completeness is nother crucil demnd for dtbse users. Completeness mens tht the service provider should send ll records tht stisfy the query criteri not just subset of them. The schemes proposed by Mykletun et l. [14] did not fulfill the completeness requirement. The completeness problem hs been ddressed by other reserchers (see for exmple [3, 19]). We emphsize tht the techniques bsed on ggregted signtures [14] would fil to provide blockless verifiction, which is needed by ny efficient PDP scheme. Indeed, the verifier hs to
10 10 Ayd F.Brsoum nd M.Anwr Hsn Setup Dt owner sends key K nd the encrypted file E K (F ) to the remote server Dt owner sends keycommitment vlue g K nd the encrypted file E K (F ) to the TPA (g is genertor for Z p ) The TPA genertes list L of rndom vlues nd HMACs: L = {(R i, H i )} 1 i Ñ, H i = HMAC(R i, E K (F )), nd R i is rndom number. TPA keeps L, H(E K (F )), g K, nd cn discrd E K (F ) (H is secure hsh function) TPA Checking Dt Integrity 1. Picks ny R i, H i from L Remote Server nd L = L\{(R i, H i )} R i 2. Computes H s =HMAC(R i, E K (F )) H s 3. Checks H? i = Hs Checking Key Integrit 1. Genertes β R Z p 3. Checks (g K ) β =? (W s ) Dt Extrction g β 2. Computes W s = (g β ) K W s D s =E K (F ) Checks hshing of its locl cched copy: H(E K (F ))? = H(D s ). If vlid, sends E K (F ) to the owner Key Extrction Assume tht the owner nd the server gree on shred rndom secret X K+X, g X Checks g K+X =? g K g X. If vlid, sends K + X to the owner Owner gets K = (K + X) X Fig. 5. The protocols by Shh et l. [12, 13].
11 DEMCPDP & PEMCPDP 11 hve the bility to verify dt integrity even though he does not possess ny of the file blocks. The schemes proposed in [14] depend on the retrieved records of the query result to verify the integrity of the outsourced dtbse. Blockless verifiction is min concern to minimize the required communiction cost over the network. Ateniese et l. [6] proposed model to overcome some of the limittions of the previous protocols: limited number of udits per file determined by fixed chllenges tht must be specified in dvnce, expensive server computtion by doing the exponentition over the entire file, storge overhed on the verifier side by keeping some metdt to be used lter in the uditing tsk, high communiction complexity, nd lck of support for blockless verifiction. Ateniese et l. [6] proposed PDP model in which the dt owner frgments the file F into blocks {b 1, b 2,..., b m } nd genertes metdt ( tg) for ech block to be used for verifiction. The file is then sent to be stored on remote/cloud server which my be untrusted nd the dt owner my delete the locl copy of the file. The remote server provides proof tht the dt hs not been tmpered with or prtilly deleted by responding to chllenges sent from the verifier. The scheme proposed by Ateniese et l. [6] provides probbilistic gurntee of dt possession, where the verifier checks rndom subset of stored file blocks with ech chllenge (spot checking). PDP Schemes Bsed on Homomorphic Verifible Tgs. Ateniese et l. [6] proposed using Homomorphic Verifible Tgs(HVTs)/Homomorphic Liner Authentictors(HLAs) s the bsic building blocks of their scheme. In short, the HVTs/HLAs re unforgeble verifiction metdt constructed from the file blocks in such wy tht the verifier cn be convinced tht liner combintion of the file blocks is ccurtely computed by verifying only the ggregted tg/uthentictor. In their work, Ateniese et l. [6] differentite between the concept of public verifibility nd privte verifibility. In public verifibility nyone not necessrily the dt owner who knows the owner s public key cn chllenge the remote server nd verify tht the server is still possessing the owner s files. On the other side, privte verifibility llows only the originl owner (or verifier with whom the originl owner shres secret key) to perform the uditing tsk. Ateniese et l. [6] proposed two min PDP schemes: Smpling PDP (SPDP) nd Efficient PDP (EPDP) schemes. In fct, there is slight difference between the SPDP scheme nd the EPDP model, but the EPDP model provides weker gurntee of dt possession. The EPDP scheme only gurntees possession of the sum of file blocks nd not necessrily possession of ech one of the blocks being chllenged. Both protocols proposed in [6] re illustrted in figure 6. Although the models proposed by Ateniese et l. [6] hve ddressed mny drwbcks of the previous protocols, they still hve some limittions: HVTs in [6] re bsed on RSA nd thus re reltively long; the HVT for ech file block is in order of N bits. Therefore, to chieve 80bit security level, the generted tg should be of size 1024 bits. The time is tkes to generte the tgs is too long [7]. Since there is no indictor for the file identifier in the block tg, mlicious server cn chet by using blocks from different files if the dt owner uses the sme secret keys d nd v for ll his files. Ateniese et l. [6] clculted tht for mlicious server to ttck their EPDP scheme, it hs to store vlues to be ble to chet with probbility 100% 1. Shchm nd Wters [20] presented simple ttck ginst the EPDP scheme which enbles mlicious server to chet with probbility 91% requiring no more storge thn n honest server to store the file vlues if the number of the file blocks = 1000 nd the number of chllenged blocks = 101
12 12 Ayd F.Brsoum nd M.Anwr Hsn I. SPDP scheme Setup N = pq is the RSA modulus (p & q re prime numbers) g is genertor of QR N (QR N is the set of qudrtic residues modulo N) Public key pk = (N, g, e), secret key sk = (d, v), v R Z N, nd ed 1 mod (p 1)(q 1) π is pseudorndom permuttion, f is pseudorndom function, nd H is hsh function File F = {b 1, b 2,..., b m } Dt owner genertes tg T i for ech block b i : T i = (H(v i) g b i ) d mod N Dt owner sends the dt file F = {b i } nd the tgs {T i } (1 i m) to the remote server Chllenge Response Verifier Remote Server 1. Picks two keys k 1 (key for π), k 2 (key for f), c(# of blocks to be chllenged ), nd g s = g s mod N(s R Z N ) c, k 1, k 2, g s 2. Computes the chllenged block indices: i j = π k1 (j) 1 j c 3. Computes the rndom vlues: j = f k2 (j) 1 j c c 4. Computes T = mod N T, ρ 6. Computes i j = π k1 (j), j = f k2 (j)(1 j c) T 7. Computes τ = c e H(v i j ) j j=1 8. Checks H(τ s mod N)? = ρ T j i j j=1 c j=1 bi j j 5. Computes ρ = H(gs mod N) II. EPDP scheme The only difference between the EPDP nd the SPDP is tht : { j } 1 j c = 1, nd thus Step 4 : T = c T ij mod N j=1 c j=1 b i j Step 5 : ρ = H(gs mod N) T Step 7 : τ = c e H(v i j ) j=1 Fig. 6. The SPDP nd EPDP protocols by Ateniese et l. [6].
13 DEMCPDP & PEMCPDP 13 Recently, Ateniese et l. [21] showed tht the HLAs cn be constructed from homomorphic identifiction protocols. They provided compilerlike trnsformtion to build HLAs from homomorphic identifiction protocols nd showed how to turn the HLA into PDP scheme. As concrete exmple, they pplied their trnsformtion to vrint of n identifiction protocol proposed by Shoup [22] yielding fctoringbsed PDP scheme. Comprison. We present comprison between the previous PDP schemes in tble 1. The comprison is bsed on the following: Owner precomputtion: the opertions performed by the dt owner to process the file before being outsourced to remote server. Verifier storge overhed: the extr storge required to store some metdt on the verifier side to be used lter during the verifiction process. Server storge overhed: the extr storge on the server side required to store some metdt not including the originl file sent from the owner. Server computtion: the opertions performed by the server to provide the dt possession gurntee. Verifier computtion: the opertions performed by the verifier to vlidte the server s response. Communiction cost: bndwidth required during the chllenge response phse. Unbounded chllenges: to indicted whether the scheme llows unlimited number to udit the dt file. Frgmenttion: to indicte whether the file is treted s one chunk or divided into smller blocks. Type of gurntee: to indicte whether the gurntee provided from the remote server is deterministic gurntee which requires to ccess ll file blocks or probbilistic gurntee tht depends on spot checking. Prove dt possession: to indicte whether the scheme proves the possession of the file itself or proves tht the server is storing something t lest s lrge s the originl file. We will use the nottions EXF to indicte the EXponentition of the entire File, DET to indicte deterministic gurntee, nd PRO to indicte probbilistic gurntee. For simplicity, the security prmeter is not included s fctor for the relevnt costs. 3.2 Proof of Retrievbility (POR) A Proof of Retrievbility (POR) scheme is n orthogonl/ complementry pproch to Provble Dt Possession (PDP) system. A POR scheme is chllengeresponse protocol which enbles remote server to provide n evidence tht verifier cn retrieve or reconstruct the entire dt file from the responses tht re relibly trnsmitted from the server. The min ide of the POR schemes is to pply ersure code to dt files before outsourcing to llow more errorresiliency. Thus, if it is criticl demnd to detect ny modifiction or deletion of tiny prts of the dt file, then ersure code could be used before outsourcing. The work done by Juels nd Kliski [23] ws from the first ppers to consider forml models for POR schemes. In their model, the dt is first encrypted then disguised blocks (clled sentinels) re embedded into the ciphertext. The sentinels re hidden mong the regulr file blocks in order to detect dt modifiction by the server. In the uditing phse, the verifier requests for rndomly picked sentinels nd checks whether they re corrupted or not. If the server corrupts or deletes prts of the dt, then sentinels would lso be influenced with certin probbility. The min limittion of the scheme in [23] is tht it llows only limited number of chllenges on the
14 14 Ayd F.Brsoum nd M.Anwr Hsn Scheme [8] [9] [10] [11] [12, 13] [6] Owner precomputtion EXF O(1) O(m) O(m) O(1) O(m) Verifier storge overhed O(1) O(1) O(m) O(1) O(Ñ)  Server storge overhed O(m) Server computtion EXF EXF O(c) O(m) O(1) O(c) Verifier computtion O(1) O(1) O(c) O(1) O(1) O(c) Communiction cost O(1) O(1) O(1) O(1) O(1) O(1) Unbounded chllenges Frgmenttion Type of gurntee DET DET DET/ PRO DET DET PRO Prove dt possession Tble 1. Comprison of PDP schemes for file consisting of m blocks, c is the number of chllenged blocks, nd Ñ is finite number of rndom chllenges. Verifier precomputtion is O(Ñ) to generte list L of HMACs. [6] cn be esily modified to support deterministic gurntee dt files, which is specified by the number of sentinels embedded into the dt file. This limited number of chllenges is due to the fct tht sentinels nd their position within the file must be reveled to the server t ech chllenge nd the verifier cnnot reuse the reveled sentinels. Schwrtz nd Miller [24] proposed using lgebric signture to verify dt integrity cross multiple servers using errorcorrecting codes. Through keyed lgebric encoding nd strem cipher encryption, they re ble to detect file corruptions. The min limittion of their proposl is tht the communiction complexity is liner with respect to the queried dt size. Moreover, the security of their proposl is not proven nd remins in question [7]. Shchm nd Wters [20] proposed compct proof of retrievbility model tht enbles the verifier to unboundedly chllenge the server solving the limittion of Juels nd Kliski [23]. The min contribution of Shchm nd Wters [20] is the construction of HLAs tht enble the server to ggregte the tgs of individul file blocks nd to generte single short tg s response to the verifier s chllenge. Shchm nd Wters [20] proposed two HLAs: one is bsed on the PseudoRndom Function (PRF), nd the other is bsed on the BLS signture [18]. Other vrious POR schemes cn be found in the literture (see for exmple [25 28]). 3.3 Dynmic Provble Dt Possession (DPDP) The PDP nd POR schemes focus on sttic or wrehoused dt which is essentil in numerous different pplictions such s librries, rchives, nd stronomicl/medicl/scientific/legl repositories. On the other side, Dynmic Provble Dt Possession (DPDP) schemes investigte the dynmic file opertions such s updte, delete, ppend, nd insert opertions. There re some DPDP constructions in the literture stisfying different system requirements. Ateniese et l. [29] proposed DPDP model bsed on cryptogrphic hsh function nd symmetric key encryption. The min drwbck of their scheme is tht the number of updtes nd chllenges is limited nd fixed in dvnce. Moreover, their model does not support block insertion opertion. Erwy et l. [30] extended the work of Ateniese et l. [29] to support dt dynmics using uthenticted skip list. However, the efficiency of their scheme remins in question. Wng et l. [31] presented DPDP scheme by integrting the compct proof of retrievbility model due to Shchm nd Wters [20] nd Merkle Hsh Tree (MHT). Zhu et l. [32] ddressed the construction of DPDP schemes on hybrid clouds to support sclbility of service nd dt migrtion. A hybrid cloud is
15 DEMCPDP & PEMCPDP 15 CC deployment model in which n orgniztion provides nd hndles some internl nd externl resources. For exmple, n orgniztion cn use public cloud service s Amzon EC2 [33] to perform the generl computtion, while the dt files re stored within the orgniztion s locl dt center in privte cloud. Zhu et l. [32] proposed two DPDP schemes: Interctive Provble Dt Possession (IPDP) scheme nd Coopertive Provble Dt Possession (CPDP) scheme. It is importnt to note tht none of the bove pproches (PDP, POR, DPDP) ddress the problem of creting multiple copies of dt file over cloud servers, uditing ll these copies to verify their completeness nd correctness, nd providing strong evidence to the owners tht they re getting wht they re pying for. There re some previous work on mintining the file copies throughout distributed systems to chieve vilbility nd durbility, but none of them gurntee tht multiple copies of the dt file re ctully mintined [34, 35]. 4 System Model nd Design Gols 4.1 System Model In our work we consider model of cloud computing dt storge system consisting of three min components s illustrted in figure 7: (i) dt owner customer or n orgniztion originlly possessing lrge mount of dt to be stored in the cloud; (ii) Cloud Servers (CSs) mnged by CSP which provides pid storge spce on its infrstructure to store owner s files; nd (iii) uthorized users set of owner s clients llowed to use the owner s files nd shre some keying mteril with the dt owner. The uthorized users receive the dt from the cloud servers in n encrypted form, nd using the secret key shred with the owner they get the plin dt. The uthoriztion between the dt owner nd the legl users is out of our scope, nd we ssume tht it is ppropritely done. Through the pper we do not differentite between cloud server nd cloud service provider. Fig. 7. Cloud Computing Dt Storge System Model There re mny pplictions tht cn be envisioned to dopt this model of outsourced dt storge system. For ehelth pplictions, dtbse contining sensitive nd lrge mount of informtion bout ptients medicl history is to be stored on the cloud servers. We cn consider the ehelth orgniztion to be the dt owner nd the physicins to be the uthorized users with pproprite ccess right to the dtbse. Finncil pplictions, scientific pplictions, nd eductionl pplictions contining sensitive informtion bout students trnscripts cn lso be envisioned in similr settings.
16 16 Ayd F.Brsoum nd M.Anwr Hsn 4.2 Design Gols From the extensive literture survey of the previous PDP schemes, we hve explored nd investigted the vrious fetures nd limittions of such schemes. Now, we im t designing efficient nd secure protocols tht overcome the identified limittions in the previous models nd t the sme time to ddress the problem of creting multiple copies of dt files over cloud servers, uditing ll these copies to verify their completeness nd correctness, nd providing strong evidence to the dt owner tht he is getting wht he is ctully pying for. Our design gols cn be summrized in the following points: 1. Designing Efficient MultiCopy Provble Dt Possession (EMCPDP) protocols. These protocols should efficiently nd securely provide the owner with strong evidence tht the CSP is in relity possessing ll dt copies tht re greed upon nd these copies re intct. 2. Allowing the uthorized users of the dt owner to semlessly ccess the file copy received from the CSP. 3. Scling down the storge overhed on both the server nd the verifier sides. 4. Minimizing the computtionl complexity on both the server nd the verifier sides. 5. Limiting the bndwidth required by the protocols during the uditing phse. 6. Enbling public verifibility where nyone not necessrily the dt owner who knows the owner s public key cn chllenge the remote servers nd verify tht the CSP is still possessing the owner s files. 7. Supporting blockless verifiction where the verifier hs to hve the bility to verify the dt integrity even though he neither possesses nor retrieves the file blocks from the server. 8. Allowing unbounded number of uditing rther thn imposing fixed limit on the number of interctions between the verifier nd the CSP. 9. Fcilitting stteless verifiction where the verifier is not needed to hold nd upgrde stte between udits. Mintining such stte is unmngeble in cse of physicl dmge of the verifier s mchine or if the uditing tsk is delegted to TPA. 10. Enbling both probbilistic nd deterministic gurntees. In probbilistic gurntee the verifier checks rndom subset of stored file blocks with ech chllenge (spot checking), while the verifier checks ll the stored file blocks in the deterministic gurntee. Remrk 1. We re considering economicllymotivted CSPs tht my ttempt to use less storge thn required by the contrct through deletion of few copies of the file. The CSPs hve lmost no finncil benefit by deleting only smll portion of copy of the file. As result, in our work we do not encode the dt file before outsourcing. Such encoding, for exmple using ersure codes, is minly to reconstruct the file from limited mount of dmges. In our proposed schemes, multiple copies of the file re generted nd stored on number of servers; hence server s copy cn be reconstructed even from complete loss using duplicted copies on other servers. More importntly, unlike ersure codes, duplicted files enble sclbility vitl issue in the Cloud Computing system. Also, file tht is duplicted nd stored strtegiclly on multiple servers locted t vrious geogrphic loctions cn help reduce ccess time nd communiction cost for users. Remrk 2. In this work we focus on sensitive rchivl nd wrehoused dt, which is essentil in numerous different pplictions such s digitl librries nd stronomicl/medicl/scientific/legl repositories. Such dt re subject to infrequent chnge, so we tret them s sttic. Since we re deling with sensitive dt like ptients medicl history or finncil dt, this dt must be encrypted before outsourcing to cloud servers. In our schemes we utilize the BLS uthentictors [20] to build public verifible model.
17 DEMCPDP & PEMCPDP 17 5 MultiCopy Provble Dt Possession (MCPDP) schemes Suppose tht CSP offers to store n copies of n owner s file on n different servers to prevent simultneous filure of ll copies nd to chieve the vilbility spect in exchnge for prespecified fees metered in GB/month. Thus, the dt owner needs strong evidence to ensure tht the CSP is ctully storing no less thn n copies, ll these copies re complete nd correct, nd the owner is not pying for service tht he does not get. A nïve solution to this problem is to use ny of the previous PDP schemes to seprtely chllenge nd verify the integrity of ech copy on ech server. This is certinly not workble solution; cloud servers cn conspire to convince the dt owner tht they store n copies of the file while indeed they only store one copy. Whenever request for PDP scheme execution is mde to one of the n severs, it is forwrded to the server which is ctully storing the single copy. The CSP cn use nother trick to prove dt vilbility by generting the file copies upon verifier s chllenge; however, there is no evidence tht the ctul copies re stored ll the time. The min core of this cheting is tht the n copies re identicl mking it trivil for the servers to deceive the owner. Therefore, one step towrds the solution is to leve the control of the file copying opertion in the owner s hnd to crete unique distinguishble/differentible copies. Before presenting our min protocols, we strt with wrmup scheme Bsic MultiCopy Provble Dt Possession (BMCPDP) scheme which leds to severe computtionl, communiction, nd mngement overhed. We then present the MultipleReplic Provble Dt Possession (MRPDP) scheme due to Curtmol et l. [15]. To the best of our knowledge, this is the only scheme in the literture tht ddressed the uditing tsk of multiple copies of dt file. Through extensive nlysis, we will elborte the vrious fetures nd limittions of the MRPDP model especilly from the uthorized users side. Curtmol et l. [15] did not consider how the uthorized users of the dt owner cn ccess the file copies from the cloud servers noting tht the internl opertions of the CSP re opque. Moreover, we will demonstrte the efficiency of our protocols from the storge, computtion, nd communiction spects. We believe tht the investigtion of both BMCPDP nd MRPDP models will led us to our min schemes. 5.1 Bsic MultiCopy Provble Dt Possession (BMCPDP) scheme As explined previously, the cloud servers cn conspire to convince the dt owner tht they store n copies of the file while indeed they store fewer thn n copies, nd this is due to the fct tht the n copies re identicl. Thus, the BMCPDP scheme tries to solve the problem by leving the control of the file copying opertion in the owner s hnd to generte unique distinguishble/differentible copies of the dt file. To this end, the dt owner cretes n distinct copies by encrypting the file under n different keys keeping these keys secret from the CSP. Hence, the cloud servers could not conspire by using one copy to nswer the chllenges for nother. This nturl solution enbles the verifier to seprtely chllenge ech copy on ech server using ny of the PDP schemes, nd to ensure tht the CSP is possessing not less thn n copies. Although the BMCPDP scheme is workble solution, it is imprcticl nd hs the following criticl drwbcks: The computtion nd communiction complexities of the verifiction tsk grow linerly with the number of copies. Essentilly, the BMCPDP scheme is equivlent to pplying ny PDP schemes to n different files. Key mngement is severe problem with the BMCPDP scheme. Since the dt file is encrypted under n different keys, the dt owner hs to keep these keys secret from the CSP nd t the sme time to shre these n keys with ech uthorized user. Moreover, when the uthorized user intercts with the CSP to retrieve the dt file, it is not necessrily to receive the sme copy ech time. According to the lod blncing mechnism used by the
18 18 Ayd F.Brsoum nd M.Anwr Hsn CSP to orgnize the work of the servers, the uthorized user s request is directed to the server with the lowest congestion. Consequently, ech copy should contin some indictor bout the key used in the encryption to enble the uthorized users to properly decrypt the received copy. 5.2 MultipleReplic Provble Dt Possession (MRPDP) scheme Curtmol et l. [15] proposed MultipleReplic PDP (MRPDP) scheme where dt owner cn verify tht severl copies of file re stored by storge service provider. The MRPDP scheme is n extension to the PDP models proposed by Ateniese et l. [6]. Curtmol et l. [15] proposed creting distinct replics/copies of the dt file by first encrypting the file then msking the encrypted version with some rndomness generted from PseudoRndom Function (PRF). The MRPDP scheme of creting nd uditing n distinct copies is illustrted in figure 8. Key limittions of the MRPDP scheme of Curtmol et l. [15] re s follows: Since the MRPDP scheme is n extension to the PDP models proposed by Ateniese et l. [6], it inherits ll the limittions of these models identified erlier in the literture survey section: long tgs (1024 bits to chieve 80bit secuirty level), computtion overhed on both the verifier nd server side, bility of CSP to chet by using blocks from different files if the dt owner uses the sme secret key (d, v) for ll his files. A slightly modified version of the criticl key mngement problem of the BMCPDP scheme is nother concern in the MRPDP scheme. The uthorized users hve to know which copy hs been specificlly retrieved from the CSP to properly unmsk it before decryption. Due to the opqueness nture of the internl opertions of the CSP, the server on which specific copy is exctly stored is unknown to cloud customers the MRPDP scheme does not ddress how the uthorized users of the dt owner cn ccess the file copies from the cloud servers. The MRPDP supports only privte verifibility, where just the dt owner (or verifier with whom the originl owner shres secret key) cn do the uditing tsk. Essentilly, the MRPDP is n extension to the EPDP version proposed by Ateniese et l. [6], nd thus it only proves possession of the sum of the chllenged blocks not the blocks themselves. Moreover, the CSP cn corrupt the dt blocks nd the summtion is still vlid. For the CSP to prove possession of the blocks, it should multiply ech of the chllenged blocks with rndom vlue. 6 The Proposed Efficient MultiCopy Provble Dt Possession (EMCPDP) schemes To chieve the design gols outlined in section 4.2, we propose Efficient MultiCopy Provble Dt Possession (EMCPDP) schemes utilizing the BLS Homomorphic Liner Authentictors (HLAs)[20]. In short, the HLAs enble dt owner to fingerprint ech block b i of file F in such wy tht for ny chllenge vector C = {c 1, c 2,..., c r } the server cn homomorphiclly construct tg uthenticting the vlue r i=1 c i b i. The direct doption of the HLAs proposed in [20] is not suitble nd leds to two min ttcks. The first ttck rises when the dt owner delegtes the uditing tsk to TPA: by collecting enough number of liner combintions of the sme blocks, the TPA cn obtin the dt blocks by solving system of liner equtions breking the privcy of the owner s dt. This ttck cn be prevented by encrypting the dt file before outsourcing to the CSP, nd thus the TPA cnnot get ny informtion bout the collected blocks. The second ttck rises if the file identifier is not included in the block tg nd
19 DEMCPDP & PEMCPDP 19 Setup N = pq is the RSA modulus (p & q re prime numbers) g is genertor of QR N (QR N is the set of qudrtic residues modulo N) Public key pk = (N, g, e), secret key sk = (d, v, x), v, x R Z N, nd ed 1 mod (p 1)(q 1) π is pseudorndom permuttion, f x is pseudorndom function keyed with the secret key x, nd H is hsh function File F = {b 1, b 2,..., b m } E K is n encryption lgorithm under key K Dt Owner Obtins n encrypted file F by encrypting the originl file F using the encryption key K: F = { b 1, b 2,... b m }, where b j = E K (b j ), 1 j m. Uses the encrypted version of the file F to crete set of tgs {T j } 1 j m for ll copies to be used in the verifiction process: T j = (H(v j) g b j ) d mod N Genertes n distinct replics { F i } 1 i n, F i = {ˆb i,1, ˆb i,2,..., ˆb i,m }, using rndom msking s follows. for i = 1 to n do for j = 1 to m do 1. Computes rndom vlue r i,j = f x (i j) 2. Computes the replic s block ˆb i,j = b j + r i,j (dded s lrge integers in Z) Dt owner sends the specific replic F i to specific server S i, 1 i n Checking possession of replic F z To check the possession of the replic F z = {ˆb z,1, ˆb z,2,... ˆb z,m }, the owner chllenges the specific server S z s follows: Owner Remote Server S z 1. Picks key k for the π function, c(# of blocks to be chllenged), nd g s = g s mod N (s R Z N ) c, k, g s 2. Computes the chllenged block indices: j u = π k (u) 1 u c c 3. Computes T = mod N 4. Computes ρ = g c u=1 ˆb z,j u s T, ρ 5. Computes j u = π k (u) 1 u c T 6. Checks ( c e g r chl ) s =? ρ, H(v j u ) u=1 where r chl = c u=1 r z,ju is the sum of the rndom vlues used to obtin the blocks in the replic F z Fig. 8. The MRPDP protocol by Curtmol et l. [15]. u=1 T ju mod N
20 20 Ayd F.Brsoum nd M.Anwr Hsn the sme owner s secret key is used with ll the owner s files. This llows the CSP to chet by using blocks from different files during verifiction. Since the min core to design multicopy provble dt possession model is to generte unique distinguishble/differentible copies of the dt file, we use simple yet efficient wy to generte these distinct copies. In our EMCPDP models we resort to the diffusion property of ny secure encryption scheme. Diffusion mens tht the output bits of the ciphertext should depend on the input bits of the plintext in very complex wy. In n encryption scheme with strong diffusion property, if there is chnge in one single bit of the plintext, then the ciphertext should completely chnge in n unpredictble wy [36]. Our methodology of generting distinct copies is not only efficient, but lso successful in solving the uthorized users problem of the MR PDP scheme [15] to ccess the file copy received from the CSP. In our schemes, the uthorized users need only to keep single secret key shred with the dt owner to decrypt the file copy; it is not necessrily to recognize the specific server from which the copy is received. In our work, the dt owner hs file F nd the CSP offers to store n copies, {F 1, F 2,..., F n }, of the owner s file in exchnge for prespecified fees metered in GB/month. We provide two versions of our EMCPDP scheme: Deterministic EMCPDP (DEMCPDP) nd Probbilistic EMCPDP (PEMCPDP). In the DEMCPDP version, the CSP hs to ccess ll the blocks of the dt file, while in the PEMCPDP we depend on spot checking by vlidting rndom subset of the file blocks. It is trdeoff between the performnce of the system nd the strength of the gurntee provided by the CSP. 6.1 Preliminries nd Nottions F is dt file to be outsourced, it is composed of sequence of m blocks, i.e., F = {b 1, b 2,..., b m }, where ech block b i Z p for some lrge prime p. π key ( ) is PseudoRndom Permuttion(PRP): key {0, 1} log(m) {0, 1} log(m) ψ key ( ) is PseudoRndom Function (PRF): key {0, 1} Z p Biliner Mp/Piring. The biliner mp is one of the essentil building blocks of our proposed schemes. Let G 1, G 2, nd G T be cyclic groups of prime order p. Let g 1 nd g 2 be genertors of G 1 nd G 2, respectively. A biliner piring is mp ê : G 1 G 2 G T with the following properties [37]: 1. Biliner: ê(u 1 u 2, v 1 ) = ê(u 1, v 1 ) ê(u 2, v 1 ), ê(u 1, v 1 v 2 ) = ê(u 1, v 1 ) ê(u 1, v 2 ) u 1, u 2 G 1 nd v 1, v 2 G 2 2. Nondegenerte: ê(g 1, g 2 ) 1 3. Computble: there exists n efficient lgorithm for computing ê 4. ê(u, v b ) = ê(u, v) b u G 1, v G 2, nd, b Z p H( ) is mptopoint hsh function : {0, 1} G 1 E K is n encryption lgorithm with strong diffusion property, e.g., AES 6.2 Deterministic EMCPDP (DEMCPDP) scheme The DEMCPDP consists of five polynomil time lgorithms: KeyGen, CopyGen, TgGen, Proof, nd Verify. (pk, sk) KeyGen(). This lgorithm is run by the dt owner to generte public key pk nd privte key sk. F = {F i } 1 i n CopyGen(CN i, F ) 1 i n. This lgorithm is run by the dt owner. It tkes s input copy number CN i nd file F nd genertes unique differentible copies F = {F i } 1 i n, where ech copy F i is n ordered collection of blocks {b ij } 1 i n. 1 j m
Small Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd processes. Introducing technology
More informationSmall Business Networking
Why Network is n Essentil Productivity Tool for Any Smll Business TechAdvisory.org SME Reports sponsored by Effective technology is essentil for smll businesses looking to increse their productivity. Computer
More informationSmall Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd business. Introducing technology
More informationSmall Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd business. Introducing technology
More informationSmall Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd processes. Introducing technology
More informationSmall Business Networking
Why network is n essentil productivity tool for ny smll business Effective technology is essentil for smll businesses looking to increse the productivity of their people nd processes. Introducing technology
More informationClearPeaks Customer Care Guide. Business as Usual (BaU) Services Peace of mind for your BI Investment
ClerPeks Customer Cre Guide Business s Usul (BU) Services Pece of mind for your BI Investment ClerPeks Customer Cre Business s Usul Services Tble of Contents 1. Overview...3 Benefits of Choosing ClerPeks
More informationUnleashing the Power of Cloud
Unleshing the Power of Cloud A Joint White Pper by FusionLyer nd NetIQ Copyright 2015 FusionLyer, Inc. All rights reserved. No prt of this publiction my be reproduced, stored in retrievl system, or trnsmitted,
More informationNetwork Configuration Independence Mechanism
3GPP TSG SA WG3 Security S3#19 S3010323 36 July, 2001 Newbury, UK Source: Title: Document for: AT&T Wireless Network Configurtion Independence Mechnism Approvl 1 Introduction During the lst S3 meeting
More informationEnterprise Risk Management Software Buyer s Guide
Enterprise Risk Mngement Softwre Buyer s Guide 1. Wht is Enterprise Risk Mngement? 2. Gols of n ERM Progrm 3. Why Implement ERM 4. Steps to Implementing Successful ERM Progrm 5. Key Performnce Indictors
More informationGFI MilArchiver 6 vs C2C Archive One Policy Mnger GFI Softwre www.gfi.com GFI MilArchiver 6 vs C2C Archive One Policy Mnger GFI MilArchiver 6 C2C Archive One Policy Mnger Who we re Generl fetures Supports
More informationSmall Business Cloud Services
Smll Business Cloud Services Summry. We re thick in the midst of historic sechnge in computing. Like the emergence of personl computers, grphicl user interfces, nd mobile devices, the cloud is lredy profoundly
More informationJaERM SoftwareasaSolution Package
JERM SoftwresSolution Pckge Enterprise Risk Mngement ( ERM ) Public listed compnies nd orgnistions providing finncil services re required by Monetry Authority of Singpore ( MAS ) nd/or Singpore Stock
More informationPolynomial Functions. Polynomial functions in one variable can be written in expanded form as ( )
Polynomil Functions Polynomil functions in one vrible cn be written in expnded form s n n 1 n 2 2 f x = x + x + x + + x + x+ n n 1 n 2 2 1 0 Exmples of polynomils in expnded form re nd 3 8 7 4 = 5 4 +
More informationReasoning to Solve Equations and Inequalities
Lesson4 Resoning to Solve Equtions nd Inequlities In erlier work in this unit, you modeled situtions with severl vriles nd equtions. For exmple, suppose you were given usiness plns for concert showing
More information2. Transaction Cost Economics
3 2. Trnsction Cost Economics Trnsctions Trnsctions Cn Cn Be Be Internl Internl or or Externl Externl n n Orgniztion Orgniztion Trnsctions Trnsctions occur occur whenever whenever good good or or service
More informationIntroducing Kashef for Application Monitoring
WextWise 2010 Introducing Kshef for Appliction The Cse for Reltime monitoring of dtcenter helth is criticl IT process serving vriety of needs. Avilbility requirements of 6 nd 7 nines of tody SOA oriented
More informationHillsborough Township Public Schools Mathematics Department Computer Programming 1
Essentil Unit 1 Introduction to Progrmming Pcing: 15 dys Common Unit Test Wht re the ethicl implictions for ming in tody s world? There re ethicl responsibilities to consider when writing computer s. Citizenship,
More informationHealth insurance exchanges What to expect in 2014
Helth insurnce exchnges Wht to expect in 2014 33096CAEENABC 02/13 The bsics of exchnges As prt of the Affordble Cre Act (ACA or helth cre reform lw), strting in 2014 ALL Americns must hve minimum mount
More informationFactoring Polynomials
Fctoring Polynomils Some definitions (not necessrily ll for secondry school mthemtics): A polynomil is the sum of one or more terms, in which ech term consists of product of constnt nd one or more vribles
More informationQuadratic Equations. Math 99 N1 Chapter 8
Qudrtic Equtions Mth 99 N1 Chpter 8 1 Introduction A qudrtic eqution is n eqution where the unknown ppers rised to the second power t most. In other words, it looks for the vlues of x such tht second degree
More informationSPECIAL PRODUCTS AND FACTORIZATION
MODULE  Specil Products nd Fctoriztion 4 SPECIAL PRODUCTS AND FACTORIZATION In n erlier lesson you hve lernt multipliction of lgebric epressions, prticulrly polynomils. In the study of lgebr, we come
More informationData replication in mobile computing
Technicl Report, My 2010 Dt repliction in mobile computing Bchelor s Thesis in Electricl Engineering Rodrigo Christovm Pmplon HALMSTAD UNIVERSITY, IDE SCHOOL OF INFORMATION SCIENCE, COMPUTER AND ELECTRICAL
More informationAll pay auctions with certain and uncertain prizes a comment
CENTER FOR RESEARC IN ECONOMICS AND MANAGEMENT CREAM Publiction No. 12015 All py uctions with certin nd uncertin prizes comment Christin Riis All py uctions with certin nd uncertin prizes comment Christin
More informationAn Undergraduate Curriculum Evaluation with the Analytic Hierarchy Process
An Undergrdute Curriculum Evlution with the Anlytic Hierrchy Process Les Frir Jessic O. Mtson Jck E. Mtson Deprtment of Industril Engineering P.O. Box 870288 University of Albm Tuscloos, AL. 35487 Abstrct
More informationGFI MilArchiver 6 vs Quest Softwre Archive Mnger GFI Softwre www.gfi.com GFI MilArchiver 6 vs Quest Softwre Archive Mnger GFI MilArchiver 6 Quest Softwre Archive Mnger Who we re Generl fetures Supports
More informationExample 27.1 Draw a Venn diagram to show the relationship between counting numbers, whole numbers, integers, and rational numbers.
2 Rtionl Numbers Integers such s 5 were importnt when solving the eqution x+5 = 0. In similr wy, frctions re importnt for solving equtions like 2x = 1. Wht bout equtions like 2x + 1 = 0? Equtions of this
More informationHealth insurance marketplace What to expect in 2014
Helth insurnce mrketplce Wht to expect in 2014 33096VAEENBVA 06/13 The bsics of the mrketplce As prt of the Affordble Cre Act (ACA or helth cre reform lw), strting in 2014 ALL Americns must hve minimum
More informationEcon 4721 Money and Banking Problem Set 2 Answer Key
Econ 472 Money nd Bnking Problem Set 2 Answer Key Problem (35 points) Consider n overlpping genertions model in which consumers live for two periods. The number of people born in ech genertion grows in
More informationTreatment Spring Late Summer Fall 0.10 5.56 3.85 0.61 6.97 3.01 1.91 3.01 2.13 2.99 5.33 2.50 1.06 3.53 6.10 Mean = 1.33 Mean = 4.88 Mean = 3.
The nlysis of vrince (ANOVA) Although the ttest is one of the most commonly used sttisticl hypothesis tests, it hs limittions. The mjor limittion is tht the ttest cn be used to compre the mens of only
More informationHelicopter Theme and Variations
Helicopter Theme nd Vritions Or, Some Experimentl Designs Employing Pper Helicopters Some possible explntory vribles re: Who drops the helicopter The length of the rotor bldes The height from which the
More informationFacilitating Rapid Analysis and Decision Making in the Analytical Lab.
Fcilitting Rpid Anlysis nd Decision Mking in the Anlyticl Lb. WHITE PAPER Sponsored by: Accelrys, Inc. Frnk Brown, Ph.D., Chief Science Officer, Accelrys Mrch 2009 Abstrct Competitive success requires
More informationAgenda. Who are we? Agenda. Cloud Computing in Everyday Life. Who are we? What is Cloud Computing? Drivers and Adoption Enabling Technologies Q & A
Agend Who re we? Wht is Cloud Computing? Drivers nd Adoption Enbling Technologies Cloud Computing in Everydy Life Joe Wong Senior Development Mnger, ICS, IBM Kit Yeung Advisory Softwre Engineer, ICS, IBM
More informationVoIP for the Small Business
Reducing your telecommunictions costs VoIP (Voice over Internet Protocol) offers low cost lterntive to expensive trditionl phone services nd is rpidly becoming the communictions system of choice for smll
More informationSirindhorn International Institute of Technology Thammasat University at Rangsit
Sirindhorn Interntionl Institute of Technology Thmmst University t Rngsit School of Informtion, Computer nd Communiction Technology COURSE : ECS 204 Bsic Electricl Engineering L INSTRUCTOR : Asst. Prof.
More informationVendor Rating for Service Desk Selection
Vendor Presented By DATE Using the scores of 0, 1, 2, or 3, plese rte the vendor's presenttion on how well they demonstrted the functionl requirements in the res below. Also consider how efficient nd functionl
More informationOperations with Polynomials
38 Chpter P Prerequisites P.4 Opertions with Polynomils Wht you should lern: Write polynomils in stndrd form nd identify the leding coefficients nd degrees of polynomils Add nd subtrct polynomils Multiply
More information1 Numerical Solution to Quadratic Equations
cs42: introduction to numericl nlysis 09/4/0 Lecture 2: Introduction Prt II nd Solving Equtions Instructor: Professor Amos Ron Scribes: Yunpeng Li, Mrk Cowlishw Numericl Solution to Qudrtic Equtions Recll
More informationTests for One Poisson Mean
Chpter 412 Tests for One Poisson Men Introduction The Poisson probbility lw gives the probbility distribution of the number of events occurring in specified intervl of time or spce. The Poisson distribution
More informationg(y(a), y(b)) = o, B a y(a)+b b y(b)=c, Boundary Value Problems Lecture Notes to Accompany
Lecture Notes to Accompny Scientific Computing An Introductory Survey Second Edition by Michel T Heth Boundry Vlue Problems Side conditions prescribing solution or derivtive vlues t specified points required
More informationMath 135 Circles and Completing the Square Examples
Mth 135 Circles nd Completing the Squre Exmples A perfect squre is number such tht = b 2 for some rel number b. Some exmples of perfect squres re 4 = 2 2, 16 = 4 2, 169 = 13 2. We wish to hve method for
More informationTest Management using Telelogic DOORS. Francisco López Telelogic DOORS Specialist
Test Mngement using Telelogic DOORS Frncisco López Telelogic DOORS Specilist Introduction Telelogic solution for Requirements Mngement DOORS Requirements mngement nd trcebility pltform for complex systems
More informationChromebook Parent/Student Information
Chromebook Prent/Student Informtion 1 Receiving Your Chromebook Student Distribution Students will receive their Chromebooks nd cses during school. Students nd prents must sign the School City of Hmmond
More informationFile Storage Guidelines Intended Usage
Storge 1 Google Cloud 2 Other cloud storge Exmple or Box, Dropbox, Crbonite, idrive File Storge Guidelines Usge Fculty nd student collbortion Specil use cses. When nonlcc employee nd students need ccess
More informationTechniques for Requirements Gathering and Definition. Kristian Persson Principal Product Specialist
Techniques for Requirements Gthering nd Definition Kristin Persson Principl Product Specilist Requirements Lifecycle Mngement Elicit nd define business/user requirements Vlidte requirements Anlyze requirements
More informationDlNBVRGH + Sickness Absence Monitoring Report. Executive of the Council. Purpose of report
DlNBVRGH + + THE CITY OF EDINBURGH COUNCIL Sickness Absence Monitoring Report Executive of the Council 8fh My 4 I.I...3 Purpose of report This report quntifies the mount of working time lost s result of
More information9 CONTINUOUS DISTRIBUTIONS
9 CONTINUOUS DISTIBUTIONS A rndom vrible whose vlue my fll nywhere in rnge of vlues is continuous rndom vrible nd will be ssocited with some continuous distribution. Continuous distributions re to discrete
More informationCurve Sketching. 96 Chapter 5 Curve Sketching
96 Chpter 5 Curve Sketching 5 Curve Sketching A B A B A Figure 51 Some locl mximum points (A) nd minimum points (B) If (x, f(x)) is point where f(x) reches locl mximum or minimum, nd if the derivtive of
More informationOn the Meaning of Regression Coefficients for Categorical and Continuous Variables: Model I and Model II; Effect Coding and Dummy Coding
Dt_nlysisclm On the Mening of Regression for tegoricl nd ontinuous Vribles: I nd II; Effect oding nd Dummy oding R Grdner Deprtment of Psychology This describes the simple cse where there is one ctegoricl
More informationPortfolio approach to information technology security resource allocation decisions
Portfolio pproch to informtion technology security resource lloction decisions Shivrj Knungo Deprtment of Decision Sciences The George Wshington University Wshington DC 20052 knungo@gwu.edu Abstrct This
More informationDEVELOPMENT. Introduction to Virtualization Ebook. anow is the time to realize all of the benefits of virtualizing your test and development lab.
Introduction to Virtuliztion Ebook S Now is the time to relize ll of the benefits of virtulizing your test nd development lb. YOUR CHAPTER 3 p 2 A TEST AND p 4 VOLATILE IT S p 7 p 9 p 10 YOUR CHAPTER
More informationGeneralized Inverses: How to Invert a NonInvertible Matrix
Generlized Inverses: How to Invert NonInvertible Mtrix S. Swyer September 7, 2006 rev August 6, 2008. Introduction nd Definition. Let A be generl m n mtrix. Then nturl question is when we cn solve Ax
More informationPROF. BOYAN KOSTADINOV NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY
MAT 0630 INTERNET RESOURCES, REVIEW OF CONCEPTS AND COMMON MISTAKES PROF. BOYAN KOSTADINOV NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY Contents 1. ACT Compss Prctice Tests 1 2. Common Mistkes 2 3. Distributive
More informationNovel Methods of Generating SelfInvertible Matrix for Hill Cipher Algorithm
Bibhudendr chry, Girij Snkr Rth, Srt Kumr Ptr, nd Sroj Kumr Pnigrhy Novel Methods of Generting SelfInvertible Mtrix for Hill Cipher lgorithm Bibhudendr chry Deprtment of Electronics & Communiction Engineering
More informationSoftware Cost Estimation Model Based on Integration of Multiagent and CaseBased Reasoning
Journl of Computer Science 2 (3): 276282, 2006 ISSN 15493636 2006 Science Publictions Softwre Cost Estimtion Model Bsed on Integrtion of Multigent nd CseBsed Resoning Hsn AlSkrn Informtion Technology
More informationConfiguring a DataCore SAN with Windows Clustered H/A VM s on 2 Physical Servers
Configuring DtCore SAN with Windows Clustered H/A VM s on 2 Physicl Servers Technicl Bulletin #18b My, 2015 This Technicl Bulletin describes how to configure highly vilble VM s on clustered pir of servers
More information11. Fourier series. sin mx cos nx dx = 0 for any m, n, sin 2 mx dx = π.
. Fourier series Summry of the bsic ides The following is quick summry of the introductory tretment of Fourier series in MATH. We consider function f with period π, tht is, stisfying f(x + π) = f(x) for
More informationCorporate Compliance vs. EnterpriseWide Risk Management
Corporte Complince vs. EnterpriseWide Risk Mngement Brent Sunders, Prtner (973) 2364682 November 2002 Agend Corporte Complince Progrms? Wht is EnterpriseWide Risk Mngement? Key Differences Why Will
More informationSection A4 Rational Expressions: Basic Operations
A Appendi A A BASIC ALGEBRA REVIEW 7. Construction. A rectngulr opentopped bo is to be constructed out of 9 by 6inch sheets of thin crdbord by cutting inch squres out of ech corner nd bending the
More informationLecture 3 Gaussian Probability Distribution
Lecture 3 Gussin Probbility Distribution Introduction l Gussin probbility distribution is perhps the most used distribution in ll of science. u lso clled bell shped curve or norml distribution l Unlike
More informationEconomics Letters 65 (1999) 9 15. macroeconomists. a b, Ruth A. Judson, Ann L. Owen. Received 11 December 1998; accepted 12 May 1999
Economics Letters 65 (1999) 9 15 Estimting dynmic pnel dt models: guide for q mcroeconomists b, * Ruth A. Judson, Ann L. Owen Federl Reserve Bord of Governors, 0th & C Sts., N.W. Wshington, D.C. 0551,
More informationSyGEMe: Integrated Municipal Facilities Management of Water Ressources Swiss Geoscience Meeting, Neuchâtel, 21 novembre 2009 k
SyGEMe: Integrted Municipl Fcilities Mngement of Wter Ressources Tool presenttion, choice of technology, mnmchine mchine interfce, business opportunities nd prospects 1. Introduction 2. Mnmchine interfce
More information4.11 Inner Product Spaces
314 CHAPTER 4 Vector Spces 9. A mtrix of the form 0 0 b c 0 d 0 0 e 0 f g 0 h 0 cnnot be invertible. 10. A mtrix of the form bc d e f ghi such tht e bd = 0 cnnot be invertible. 4.11 Inner Product Spces
More informationTotal Data Protection for Sensitive Data Wherever It May Flow
Totl Dt Protection for Sensitive Dt Wherever It My Flow PGP Corportion nd Protegrity protect sensitive dt throughout its lifecycle, while enforcing nd verifying policy requirements for complince. Protegrity
More informationRegular Sets and Expressions
Regulr Sets nd Expressions Finite utomt re importnt in science, mthemtics, nd engineering. Engineers like them ecuse they re super models for circuits (And, since the dvent of VLSI systems sometimes finite
More informationProtocol Analysis. 17654/17764 Analysis of Software Artifacts Kevin Bierhoff
Protocol Anlysis 17654/17764 Anlysis of Softwre Artifcts Kevin Bierhoff TkeAwys Protocols define temporl ordering of events Cn often be cptured with stte mchines Protocol nlysis needs to py ttention
More informationAccording to Webster s, the
dt modeling Universl Dt Models nd P tterns By Len Silversn According Webster s, term universl cn be defined s generlly pplicble s well s pplying whole. There re some very common ptterns tht cn be generlly
More information3GPP TSG SA WG3 Security S3#23 S May 2002, Victoria, Canada CRFormv5.1 CHANGE REQUEST
1 TSG SA WG3 Security S3#23 S3020201 1417 My 2002, Victori, Cnd CRFormv5.1 CHANGE REQUEST 33.102 CR CRNum rev  Current version: 4.3.0 For HELP on using this form, see bottom of this pge or look t
More informationLINEAR TRANSFORMATIONS AND THEIR REPRESENTING MATRICES
LINEAR TRANSFORMATIONS AND THEIR REPRESENTING MATRICES DAVID WEBB CONTENTS Liner trnsformtions 2 The representing mtrix of liner trnsformtion 3 3 An ppliction: reflections in the plne 6 4 The lgebr of
More informationElectronic Postal Certification Mark
Electronic Postl Certifiction Mrk Electronic Postl Certifiction Mrk (EPCM) Evolution stndrd nd delivery enduser pplictions Mssimo Fgiolo PostEurop IT Forum, Bonn 15 June 2007 1 Agend The EPCM inititive
More informationIn this section make precise the idea of a matrix inverse and develop a method to find the inverse of a given square matrix when it exists.
Mth 52 Sec S060/S0602 Notes Mtrices IV 5 Inverse Mtrices 5 Introduction In our erlier work on mtrix multipliction, we sw the ide of the inverse of mtrix Tht is, for squre mtrix A, there my exist mtrix
More informationBasic Analysis of Autarky and Free Trade Models
Bsic Anlysis of Autrky nd Free Trde Models AUTARKY Autrky condition in prticulr commodity mrket refers to sitution in which country does not engge in ny trde in tht commodity with other countries. Consequently
More informationVoIP for the Small Business
Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the
More informationTITLE THE PRINCIPLES OF COINTAP METHOD OF NONDESTRUCTIVE TESTING
TITLE THE PRINCIPLES OF COINTAP METHOD OF NONDESTRUCTIVE TESTING Sung Joon Kim*, DongChul Che Kore Aerospce Reserch Institute, 45 EoeunDong, YouseongGu, Dejeon, 35333, Kore Phone : 824286231 FAX
More informationand thus, they are similar. If k = 3 then the Jordan form of both matrices is
Homework ssignment 11 Section 7. pp. 24925 Exercise 1. Let N 1 nd N 2 be nilpotent mtrices over the field F. Prove tht N 1 nd N 2 re similr if nd only if they hve the sme miniml polynomil. Solution: If
More informationNOTES AND CORRESPONDENCE. Uncertainties of Derived Dewpoint Temperature and Relative Humidity
MAY 4 NOTES AND CORRESPONDENCE 81 NOTES AND CORRESPONDENCE Uncertinties of Derived Dewpoint Temperture nd Reltive Humidity X. LIN AND K. G. HUBBARD High Plins Regionl Climte Center, School of Nturl Resource
More informationIntegration by Substitution
Integrtion by Substitution Dr. Philippe B. Lvl Kennesw Stte University August, 8 Abstrct This hndout contins mteril on very importnt integrtion method clled integrtion by substitution. Substitution is
More informationDecision Rule Extraction from Trained Neural Networks Using Rough Sets
Decision Rule Extrction from Trined Neurl Networks Using Rough Sets Alin Lzr nd Ishwr K. Sethi Vision nd Neurl Networks Lbortory Deprtment of Computer Science Wyne Stte University Detroit, MI 48 ABSTRACT
More informationChapter 6 Solving equations
Chpter 6 Solving equtions Defining n eqution 6.1 Up to now we hve looked minly t epressions. An epression is n incomplete sttement nd hs no equl sign. Now we wnt to look t equtions. An eqution hs n = sign
More informationSecure routing for structured peertopeer overlay networks
Secure routing for structured peertopeer overly networks Miguel Cstro 1, Peter Druschel 2, Aylvdi Gnesh 1, Antony Rowstron 1 nd Dn S. Wllch 2 1 Microsoft Reserch Ltd., 7 J J Thomson Avenue, Cmbridge,
More informationVoIP for the Small Business
Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the
More informationUse Geometry Expressions to create a more complex locus of points. Find evidence for equivalence using Geometry Expressions.
Lerning Objectives Loci nd Conics Lesson 3: The Ellipse Level: Preclculus Time required: 120 minutes In this lesson, students will generlize their knowledge of the circle to the ellipse. The prmetric nd
More informationBlackbaud The Raiser s Edge
Riser s Edge Slesce.com Comprison Summry Introduction (continued) Chrt (continued) NonPrit Strter Pck Compny Bckground Optionl Technology Both Slesce modules supports hs become include over Slesce.com
More informationAllocation Strategies of Virtual Resources in CloudComputing Networks
RESEARCH ARTICLE OPEN ACCESS Alloction Strtegies of Virtul Resources in CloudComputing Networks 1 K.Delhi Bbu, 2 D.Giridhr Kumr Deprtment of Computer Science nd Engineering, SreeVidynikethnEngg.College,
More informationValue Function Approximation using Multiple Aggregation for Multiattribute Resource Management
Journl of Mchine Lerning Reserch 9 (2008) 20792 Submitted 8/08; Published 0/08 Vlue Function Approximtion using Multiple Aggregtion for Multittribute Resource Mngement Abrhm George Wrren B. Powell Deprtment
More informationHealth insurance exchanges What to expect in 2014
Helth insurnce exchnges Wht to expect in 2014 33096CAEENABC 11/12 The bsics of exchnges As prt of the Affordble Cre Act (ACA or helth cre reform lw), strting in 2014 ALL Americns must hve minimum mount
More informationAssuming all values are initially zero, what are the values of A and B after executing this Verilog code inside an always block? C=1; A <= C; B = C;
B26 Appendix B The Bsics of Logic Design Check Yourself ALU n [Arthritic Logic Unit or (rre) Arithmetic Logic Unit] A rndomnumer genertor supplied s stndrd with ll computer systems Stn KellyBootle,
More informationCombined Liability Insurance. Information and Communication Technology Proposal form
Comined Liility Insurnce Informtion nd Communiction Technology Proposl form Comined Liility Insurnce Informtion nd Communiction Technology  Proposl form This proposl form must e completed nd signed y
More informationVoIP for the Small Business
Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the
More informationVoIP for the Small Business
VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become
More informationApplicationLevel Traffic Monitoring and an Analysis on IP Networks
ApplictionLevel Trffic Monitoring nd n Anlysis on IP Networks MyungSup Kim, Young J. Won, nd Jmes WonKi Hong Trditionl trffic identifiction methods bsed on wellknown port numbers re not pproprite for
More informationVoIP for the Small Business
VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become
More informationCcrcs Cognitive  Counselling Research & Conference Services (eissn: 23012358)
Ccrcs Cognitive  Counselling Reserch & Conference Services (eissn: 23012358) Volume I Effects of Music Composition Intervention on Elementry School Children b M. Hogenes, B. Vn Oers, R. F. W. Diekstr,
More informationTRUST and reputation are crucial requirements for most
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 3, MAY/JUNE 2012 375 Itertive Trust nd Reputtion Mngement Using Belief Propgtion Ermn Aydy, Student Member, IEEE, nd Frmrz Feri, Senior
More informationEQUATIONS OF LINES AND PLANES
EQUATIONS OF LINES AND PLANES MATH 195, SECTION 59 (VIPUL NAIK) Corresponding mteril in the ook: Section 12.5. Wht students should definitely get: Prmetric eqution of line given in pointdirection nd twopoint
More informationChapter 4: Dynamic Programming
Chpter 4: Dynmic Progrmming Objectives of this chpter: Overview of collection of clssicl solution methods for MDPs known s dynmic progrmming (DP) Show how DP cn be used to compute vlue functions, nd hence,
More informationVoIP for the Small Business
VoIP for the Smll Business Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become
More informationVoIP for the Small Business
Reducing your telecommunictions costs Reserch firm IDC 1 hs estimted tht VoIP system cn reduce telephonyrelted expenses by 30%. Voice over Internet Protocol (VoIP) hs become vible solution for even the
More informationHealth Information Systems: evaluation and performance of a Help Desk
536 Digitl Helthcre Empowering Europens R. Cornet et l. (Eds.) 2015 Europen Federtion for Medicl Informtics (EFMI). This rticle is published online with Open Access by IOS Press nd distributed under the
More informationVoIP for the Small Business
Reducing your telecommunictions costs Overview Voice over Internet Protocol (VoIP) hs become vible solution for even the smllest of compnies s brodbnd internet ccess hs become ffordble nd much more widespred.
More information