A Survey of Various Data Sharing with Secure Data in Cloud

Transcription

1 A Survey of Various Data Sharing with Secure Data in Cloud Roshni Sharma 1, Prof. Amit Saxena 2, Dr. Manish Manoria 3 1,2,3 Truba Institute of Engg. & Information Technology, Bhopal, India Abstract Recent technological advances ease a volatile growth of digital contents. Cloud computing are novel computing expressions or symbol found on service and utilization of computing resources. Cloud computing engages groups of remote servers and interconnected software network that make available a centralized data storage online access to computer services or resources. Index Terms Cloud Computing, Certificateless Public Key Cryptography, Public Key Encryption, Data Sharing. I. INTRODUCTION Due to widespread interest in cloud storage services mainly emanates from business organizations and government agencies seeking for more resilient and costeffective systems. That is, the benefits of cloud adoption are very tangible in an innovative period of creativeness, usefulness and efficiency in IT service liberation. For this reason, there is no longer call for to expend great quantities of assets on trade costly application software or complicated hardware that they strength by no means require another time. Cloud computing promises many benefits to the IT profession: the ability to scale resources to meet varying customer demand in real-time, to deliver new computing services faster, and to significantly lower capital and operational costs. Because the computing resources of a cloud are operated by a third-party, clients are relieved from the burdens of hardware ownership, maintenance, and administration of the underlying services. Clients are only responsible for deploying the applications executed in the cloud and paying for the actual consumption of network and computing resources; they need not incur the capital expenditure of hardware with excess capacity to guarantee performance during peak demand. Additionally, they need not incur the costs of maintenance, data backup, and security. Suitable applications for cloud computing include financial market modeling, scientific applications, speech recognition and synthesis, and social networks. According to the way to authenticate public keys, there are mainly tree kinds of public key cryptosystems. The traditional public key cryptosystem (TPKC) uses a certificate to bind a public key with its user s identity. With the aim of preserving the certificate free property of IBC without suffering from the key escrow problem, Al-Riyami and Paterson presented Certificateless Public Key Cryptography (CLPKC) [1]. In CLPKC, the Key Generation Center (KGC) and a user cooperate to generate a private key; the corresponding public key does not require a certificate to guarantee its authenticity. Take a circumstance in cloud computing as an illustration. Cloud computing is a distributed scheme where multiple cloud servers co-exist. Every cloud server has its own master secret key and public key proficient by a PKI. Due to the important weight of certificate organization a cloud server may offer examines to users passing through IBC in performance the responsibility of PKG. All clients trust the server as various clients may want to maintain their privacy from the cloud sever, they can use CLPKC by creation use of the cloud sever as a incomplete private key generation hub. A user in this cloud can utilize powerful computing resources to store sensitive data i.e. by certificateless encryption, or to declare the authenticity of a document i.e. by certificateless signature shared with others. Cloud processing postures security concerns on the grounds that the management provider can get to the data that is on the cloud at any time. It could by the way or intentionally transform or even remove information. Several cloud suppliers can communicate data to unknowns if essential for reasons of correctness even exclusive of a guarantee. That is permitted in their security advances which clients need to permission to before they commence make use of cloud services. Responses for security integrate understanding, performing and in addition end client s assessments for how data is accumulated. Clients can encrypt data that is changed or put away surrounded by the cloud to avoid unauthorized right of entry. Traditionally, this problem can be solved by using certificate revocation lists (CRLs); online certificate status protocol (OCSP) [2], numerous solutions may be envisaged to exchange encrypted data with a cloud provider in a secure way such that the cloud provider is not in a straight line entrusted with key substance, but naive schemes often prove difficult to scale. Seo et al [3] made a survey of revocable identity based encryption, and presented a new realistic threat named decryption key exposure against revocable identity based primitives. Decryption key exposure captures the security perception that a ciphertext does not give away any information about the plaintext even if all previous decryption keys are exposed. They proposed the first scalable revocable identity based encryption scheme against decryption key exposure. To accomplish this, the content owner retains a master key that is used to compute a re-encryption key; this reencryption key is used by the access control server to reencrypt the lockbox public key. 152

2 The problem with this advancement is that the content owner deal with right to use organize for all other clients, which is a great burden on communications if the owner is a mobile device consumer. Additionally, it necessitates dynamic re-encryption of the same data on every occasion multiple clients want to access it. In the new representation proposed method, one-time re-encryption only occurs whenever membership changes, presumably a less frequent occurrence than that of data access. Also, access rights need not be enforced by individual users, and it is not possible for a single user to divulge the keys of all other users to the cloud provider, as they are not known. Other approaches exist [4] that also require a trusted proxy for each decryption, which increases the communication cost. A related work proposes the merging of Attribute-Based Encryption (ABE) with proxy re-encryption in a cloud computing application, allowing fine-grained access control of resources while attempting to offload re-encryption activity to the cloud provider [5]. This scheme has numerous differences to the cloudbased re-encryption scheme that will be proposed; these differences prove to be disadvantageous in a mobile-based environment. The data owner, or originator, is involved in generating a key for each new user that joins r leaves the system, rather than offloading this task to a trusted key authority under the client's control. This is not only a prohibitive cost for a mobile user, but also impractical due to the user's mobility and hence occasional unavailability. Another difference is that a secret key must be regenerated and re-distributed for each user, in lazy fashion, whenever user revocation occurs, rather than allowing users to upgrade a common partition key based on public parameters which would reduce communication and result in higher efficiency. II. THEORETICAL BACKGROUND Despite the economic benefits of outsourcing computation and data to the cloud, the process masquerades very important threats to its clients. For the reason that client data is accumulated and performed on within the cloud domain, and since there is modest or no outside visibility into how the cloud communications is executed and deal with by the service provider, there is important apprehension over the security and privacy of business deals and long-term storage space of sensitive client information. A client has no assurance of exactly where application data and logic is stored, whether it is replicated or cached, how long it is kept for, and who exactly has access to it. Security should be enforced through technical means beyond contractual obligations between the client and provider. IT executives tend to rate security as their highest, or one of their highest, concerns in the use of cloud computing services [6]. Clients need assurance of sufficiently robust security and privacy in a cloud system before committing to it tasks that add core value to an organization and thus cannot be placed at risk. 153 Because IT organizations are reluctant to devolve responsibility of security to a cloud computing supplier, the condition of a valuable security structure surrounded by the cloud is fundamental. It is not recommended for the customer to entrust a cloud provider to manage their encryption keys at least not the same provider that is handling their data. Because key management is complex and difficult for a single customer, it is even more complex and difficult for cloud providers to try to properly manage customers' keys." [7]. III. DATA SHARING AND ACCESSING IN THE CLOUD With the progressions cloud storage services mainly emanates from business organizations and government agencies seeking for cloud computing, there is currently an emergent hub on employing data sharing competence in the Cloud. With the capability to distribute information via the Cloud, the number of advantages increases multifold. In the data sharing circumstances, on the other hand the system necessitates the data owner and the target user (or remote server) sharing some common secret [8]. As businesses and organizations are now outsourcing data and operations to the Cloud, they help additional with the capability to share data between other businesses organizations and government agencies. Human resources also promote as they can contribute to work and cooperate with each other with other employees and can also maintain functioning at home or any other place such as the library. They don t need to worry about losing work as it is always in the Cloud. With social users, the skill to share files, documents, photos and videos with other users provides enormous advantage to them. When taking into account data sharing and group effort straightforward encryption methods do not be adequate, particularly when allowing for key management. To enable secure and confidential data sharing and collaboration in the Cloud, there needs to first be proper key management in the Cloud. On the other hand, the major difficulty with data sharing in the Cloud is the privacy and security concerns. Requirements of Data sharing in the Cloud: To enable data sharing in the Cloud, it is imperative that only authorized users are able to get right to use to data stored in the Cloud. We were reviewing the perfect constraints of data sharing in the Cloud below: The data owner should be proficient to identify a group of clients that are permitted to view his/her information Any component of the group is supposed to gain access to the data anytime exclusive of the information owner s intrusion. No other client, other than the data owner and the components of the collection, should gain right of entry to the information, as well as the Cloud Service Provider.

3 The data owner should be capable to withdraw right of entry to information for any component of the collection. The data owner should be proficient to append components to the collection. No component of the collection should be permitted to withdraw accurate of other elements of the collection or link new clients to the collection. The data owner should be intelligent to indicate who has read/write authorizations on the data owner s files. To get confidentiality and security constraints in the Cloud architecture can go an extensive technique to create a center of attention huge numbers of clients to implementing and assumption Cloud technology. Data Confidentiality: Unauthorized clients including the Cloud should not be proficient to right of entry information at any given moment. Data should wait private in transportation, stationary and on encouragement medium. Only certified users should be able to gain access to information. User revocation: When a client is withdrawing access rights to data or information that user should not be proficient to gain access to the data at any given time. In an ideal world, client revocation should not concern other certified users in the group for efficiency reasons. Scalable and Efficient: Since the number of cloud users have a tendency to be enormously huge and at times changeable as clients join and go away, it is very important that the coordination sustain effectiveness as well as be scalability. Collusion between entities: When thinking data sharing methodologies in the Cloud, it is fundamental that still when confident entities plan, they should still not be able to way in any of the information without the data owner s authorization. Earlier efforts of research on data sharing did not think about this problem, on the other hand collusion between entities can never be written off as an unlikely event [9]. Need for Key Management in Cloud: Encryption gives data protection while key management allows access to confined information. It is robustly suggested to encrypt data in transfer over networks, no longer with us and on encouragement medium. Particularly, data encryption not working e.g., for enduring archival storage can keep away from the risk of malicious cloud service providers or malicious multi-tenants exploitation. Simultaneously, secure key accumulates including key backup and recoverability and access to key stores must be securely put into serviced from the time when inappropriate to access key storage space could show the way to the cooperation of all encrypted information. Key management is anything you do with a key recognize encryption and decryption and wraps the creation/deletion of keys, activation/deactivation of keys, transportation of keys, and storage of keys and almost immediately. 154 Most Cloud service provider s offer essential key encryption methods for defending data or may disappear it to the client to encrypt their own data or information. Both encryption and key management are very essential to facilitate protected applications and data accumulated in the Cloud. Requirements of efficient key management are converse below. Secure key stores: The key stores themselves must be confined from malicious clients. If a malicious client gains access to the keys, they will then be capable to access any encrypted data the key is communicated to. For this reason the key stores themselves must be confined in storage, in transit and on backup medium. Access to key stores: Access to the key accumulates should be inadequate to the clients that have the accurate to access data. Separation of responsibilities should be utilized to facilitate manage access. The entity that uses a given key should not be the entity that stores the key. Key backup and recoverability: Keys require protected backup and recovery explanations. Loss of keys, even though efficient for wipe out right of entry to data, can be extremely disturbing to a business and Cloud providers require to make sure that keys aren t lost throughout backup and recovery methods. IV. CRYPTOGRAPHY FOR SECURE CLOUD DATA STORAGE AND ITS ARCHITECTURE As moving their data to the cloud, users remove the burden of building and maintaining a local storage infrastructure. As such, they only have to pay their cloud service providers for the allocated resources. Certainly these cloud service providers recommend to their customers the option to store, recover and share data with other clients in a visible method. Unfortunately, in addition to its several advantages, cloud storage brings several security issues, namely data confidentiality preservation. Kamara and Lauter [10], and Chow et al. [11] agreed that encrypting outsourced data by the client is a good alternative to mitigate such concerns of data confidentiality. So that, the client preserves the decrypting keys out of reach of the cloud provider. However, the confidentiality provisioning becomes more complicated with flexible data sharing among a group of users. It requires efficient sharing of decrypting keys between different authorized users. For itself, only authorized clients are proficient to acquire the cleartext of data stored in the cloud. In this chapter, we present our first contribution [12]. That is, we propose a new method for improving data confidentiality in cloud storage systems and attractive dynamic sharing between clients.

4 It can be utilized by a genuine client for his data storage space, backup and sharing in the cloud. Their suggestion relies on the use of ID-Based Cryptography (IBC), where each customer operates as a Private Key Generator (PKG). Specifically, they produce his own public elements and originate his private key using a top secret. The uniqueness of their suggested technique is double. Primary, it guarantees enhanced confidentiality to be exact; every client performs as a PKG by computing an ID-based pair of keys to encrypt the data that he proposes to accumulate in the cloud. For itself, the data access is deal with by the data owner. Second, by using a per data ID-based key, they make available an elastic sharing advancement. To be sure, the sharing of decrypting keys between the client and the authoritative customers does not reveal any information about the client s secret. As they review the secure cloud data storage requirements, while considering realistic threats models. We first point out the case where an untrusted service provider has a curious behavior. Second, we consider the case of a malicious user that intends to get information about outsourced contents of another data owner. Figure-1: illustrates descriptive network architecture for cloud storage. It relies on the following entities, permitting a customer to store, retrieve and share data with multiple users: Cloud Service Provider (CSP) a CSP has significant resources to administrate distributed cloud storage space servers and to deal with its database servers. It also makes available virtual communications to host application examinations. These examines can be utilized by the client to manage his data stored in the cloud servers. Client (C) a client is a data owner who makes use of provider s resources to store, retrieve and share data with multiple users. A client can be either an individual or an enterprise. Each client has a unique and authentic identity, denoted by IDC. Users (U) the users are able to access the content stored in the cloud, depending on their access rights which are authorizations granted by the client, like the rights to read, write or re-store the modified data in the cloud. These access rights serve to specify several groups of users. Each group is characterized by an identifier IDG and a set of access rights. Figure-1: - Architecture of cloud data storage. In practice, the Cloud Service Provider provides a web interface for the client to store information into a position of cloud servers, which are successively in a work together and distributed way. As well, the web interface is exploited by the clients to reclaim, alter and renovate data from the cloud, depending on their access rights. Moreover, the Cloud Service Provider relies on database servers to map client s identities to their stored data identifiers and group s identifiers. For instance, an attacker can be either a revoked user with valid data decryption keys, an illegal group element or a group associate with inadequate right of entry corrects. Consequently, safe data sharing should sustain elastic security rules including forward and backward confidentiality. Forward secrecy this property requires that the confidentiality of previously encrypted data has to be ensured even after the long-term secrets are exposed. Such as, a consumer cannot right of entry stored data before he links a collection. Backward secrecy this property means that cooperate of the secret key does not have an effect on the confidentiality of expectations encrypted data. Such, a withdraw group member is incapable to access data that were subcontracted after he disappears the group. 155

5 V. VARIOUS SECURITY ATTACKS ON CLOUD COMPUTING In this part we survey related work on security confronts in electronic document transmission on cloud computing. An incorporated Internet and transmission network can be area under discussion to various types of attacks. These attacks can be classified into two categories, Passive attacks and Active attacks. Active Attacks: An active attack [13] effort to change or wipe out the data being substituted in the network, thus interrupting the usual meaning of the network. It can be classified into two grouping external attacks and internal attacks. External attacks are accepted out by nodes that do not be in the right place to the network. These attacks can be avoided by using usual security methods such as encryption systems and firewalls. Internal attacks are accepted out by cooperation nodes that are essentially part of the network. Since the attackers are previously part of the network as certified nodes, internal attacks are stricter and complex to detect when evaluated to external attacks. The types of attack which concerns the security anxiety of the arrangement are: denial of service, jamming, attack, data modifications, sniffing, birthday attack, differential cryptanalysis, man-in-the-middle attack, linear cryptanalysis, timing password cracking etc. Passive Attacks: A passive attack [13] does not interrupt appropriate process of the network. The attacker interfere the data replaced in the network without modifying it. Here, the condition of privacy can be breached if an attacker is also able to understand the data collected through snooping. Detection of passive attacks is very complicated since the operation of the network itself does not get influenced. One approach of avoiding such difficulties is to use controlling encryption instruments to encrypt the data being transmitted, thus making it impracticable for eavesdroppers to get hold of any valuable information from the data eavesdrop. Among the active type of attack snooping is the most important apprehension to protect. Snooping is illegal access to another person's information. It is related to eavesdropping but is not essentially inadequate to increasing access to information during its transmission. Snooping can incorporate informal execution of an that become visible on another's computer screen or watching what an important person as well is typing. Additional difficult snooping uses software programs to remotely scrutinize action on a computer or network device. Malicious hackers (crackers) commonly use snooping methods to scrutinize keystrokes, confine passwords and login information and to capture and other confidential messages and data transmissions. VI. LITERATURE SURVEY In this paper author has propose a novel mediated Certificateless Public Key Encryption (mcl-pke) [14] method that does not use pairing process. 156 In view of the fact that most CL-PKC methods are in illumination of bilinear pairings, they are computationally expensive. In such case of bilinear pairings, the data owner has to encrypt the identical data encryption key multiple instants, once for each customer, using the client s public keys. To concentrate on this deficiency, they commence an expansion of the essential mcl-pke system. Their widen mcl-pke method necessitate the data owner to encrypt the data encryption key only once upon a time and to make available some extra information to the cloud so that authorized customers can decrypt the substance using their private keys their method abbreviates the computational in the clouds by exploiting a pairing-free move toward. Fig.2 CL-PKE based fine-grained encryption [14] Additional, the handing out expenditures for straightening out at the clients are reduced as a semitrusted security go between to some extent decrypts the encrypted data before the clients decrypts. The safety measure goes about as a collection accomplishment position also and facilitates immediate revocation of cooperation or malicious users. The cloud is working as a secure storage space in addition to a key generation center. The secrecy of the substance and the keys is protected with value to the cloud, because the cloud cannot entirely decrypt the information. Figure 2 shows CL-PKE based fine grained encryption. They put into operation mcl-pke method and the overall cloud based system, and evaluates its security and performance [14]. Results show that schemes are efficient and practical. Further, for multiple users satisfying the same access control policies, the get better move toward completes only a single encryption of each data item and decreases the on the whole transparency at the data owner. In this paper, author has concentrate on the limitations of such they differentiate and appreciate the concerns of make safe investigate over encrypted cloud [15] data at the same time as discount firm scheme intelligent security in the distributed computing perfect representation.

6 Among different multi-keyword semantics, they make a choice the productive correspondence determine of "direction matching, i.e., the identical amount of matches as feasible, to grab the significance of information documents to the search query. In exacting, they make use of "inner product similarity", i.e., the amount of query keywords demonstrating up in a document, to quantitatively evaluate such similarity calculate of that document to the search query. Lei et al. [16] additionally evaluated to symmetric key based methods, here author find a new approach can proficiently deal with keys and user revocations. In symmetric key methods, clients are necessitated to deal with a number of keys equivalent to as a minimum the logarithm of the numeral of clients, while in their come within reach of each client only requires to sustain its public/private key pair. Additional, revocation of clients in a characteristic symmetric key method involves informing the private keys known to all the clients in the group, while in their method private keys of the clients are not need to be transformed. In this paper author made use of CP-ABE in the context of enterprise applications and also developed a revocation mechanism that simultaneously allows high adaptability, fine-grained access control and revocation. The department assigns users a set of attributes within their secret key and distributes the secret key to the respective users. Any user that satisfies the access control policy defined from the data collaborator can access the data. When a user is revoked access rights, the data is reencrypted in the Cloud rendering the revoked user s key useless. The scheme is proven to be semantically securing against chosen cipher text attacks against the CP-ABE model. However, the scheme is not elegant in the case of user revocation since the updating of cipher texts after user revocation places heavy computation overhead even if the burden is transferred to the Cloud [17]. VII. CONCLUSION To search efficient method on encrypted data is also an important concern in untrusted cloud without involving certificates. On the other hand, security apprehension has become the main problem to adoption of cloud because all data and information including reallocation of data, and security management level are entirely under the control of cloud service providers. To confirm the correctness of data stored in an untrusted cloud without concerning certificates. On the other hand, they are not public confirmable as a result how to keep away from administration certificates at public verifiers while still planning a public key-based method too strongly and proficiently audit data integrity in the cloud is a crucial task. REFERENCES [1] S.S. Al-Riyami, K.G. Paterson, Certificateless Public Key Cryptography, In Asiacrypt 2003, LNCS 2894, pp , [2] M. Myers, R. Ankney, A. Alpani, S. Galperin, C. Adams, X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol (OCSP), RFC [3] J.H. Seo, K. Emura, Revocable identity-based encryption revisited: security model and construction, In PKC 2013, LNCS 7778, pp , [4] S. Jahid, P. Mittal, and N. Borisov, \EASiER: encryption-based access control in social networks with efficient revocation," in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS '11. NewYork, NY, USA: ACM, 2011, pp [5] S. Yu, C. Wang, K. Ren, and W. Lou, Achieving secure, scalable, and fine-grained data access control in cloud computing," in Proceedings of the 29 th conference on Information communications, ser. INFOCOM'10. Piscataway, NJ, USA: IEEE Press, 2010, pp [6] N. Leavitt, Is Cloud Computing Really Ready for Prime Time?" Computer, vol. 42, pp , January [7] T. Mather, S. Kumaraswamy, and S. Latif, Cloud Security and Privacy." O'Reilly, [8] S. Jarecki, C. S. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Outsourced symmetric private information retrieval. In CCS 13, Berlin, Germany, 2013, pages , [9] Danan Thilakanathan, Shiping Chen, Surya Nepal and Rafael A, Secure Data Sharing in the Cloud, S. Nepal and M. Pathan (eds.), Security, Privacy and Trust in Cloud Systems, 45 DOI: / _2, Springer-Verlag Berlin Heidelberg [10] S. Kamara and K. Lauter. Cryptographic cloud storage. In Proceedings of the 14 th international conference on Financial cryptograpy and data security, FC 10, Berlin, Heidelberg, Springer-Verlag. [11] R. Chow, P. Golle, M. Jakobsson, E. Shi, J. Staddon, R. Masuoka, and J. Molina. Controlling data in the cloud: outsourcing computation without outsourcing control. In Proceedings of the 2009 ACM workshop on Cloud computing security, pages ACM, 2009 [12] N. Kaaniche, A. Boudguiga, and M. Laurent. ID based cryptography for cloud data storage. In 2013 IEEE Sixth International Conference on Cloud Computing, Santa Clara, CA, USA, June 28 - July 3, 2013, pages , [13] Cryptography-http: [14] Seung-Hyun Seo, Mohamed Nabeel, Xiaoyu Ding and Elisa Bertino "An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds" IEEE Transactions On Knowledge And Data Engineering, Vol. 26, No. 9, September [15] Ning Cao, Cong Wang, Ming Li, Kui Ren and Wenjing Lou "Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data" IEEE Transactions On Parallel And Distributed Systems, Vol. 25, No. 1, January [16] X. W. Lei Xu and X. Zhang, CL-PKE: A certificateless proxy reencryption scheme for secure data sharing with public cloud, in ACM Symp. Inform. Comput. Commun. Security, [17] Tu S, Niu S, Li H, Xiao-ming Y, Li M, Fine-grained access control and revocation for sharing data on clouds, IEEE 26 th international parallel and distributed processing symposium workshops and PhD forum (IPDPSW) 2012, pp