DYNAMIC THIRD PARTY AUDITING AND SECURED OUTSOURCING IN CLOUD

Transcription

1 DYNAMIC THIRD PARTY AUDITING AND SECURED OUTSOURCING IN CLOUD S. Sindu, R. Priya 3-rd Year, Velammal Engineering College Velammal Nagar, Ambattur-Red Hills Road, T amil Nadu, Chennai, INDIA ABSTRACT Abstract- Cloud storage is a data storage technique in which there is remote approaches of services supply so security is a controversy to be taken care of. The resources are dynamic, virtualized, extensible and elastic in nature and thereby data Integrity is to be ensured. Auditing plays an indispensable role in catering elucidation to the data integrity in cloud and providing data security and reliability. Highly distributed and opaque characteristics of cloud, inflates the intricacy of auditing process. Auditing deals with SLA monitoring and compliance. A third party auditor is prescribed to perform auditing to ensure data integrity on cloud services. In this paper, a Dynamic Third Party Auditing System is proposed in which a third party entity dynamically provides auditing services on cloud computing environment. TPA verifies the integrity of data stored in cloud which has to be done by the client.the Dynamic third party auditing system performs auditing adopting public key concepts based on Homomorphic authentication. KEYWORD Cloud Computing, SLA, Auditing, Third Party Auditor I. INTRODUCTION CLOUD Computing is newer dimension proposal that is transmogrifying the IT industry. It provides the obligatory extensible utilities in on-demand basis with basal operation cost. The illustrious cloud computing vendors are Amazon, Google, Microsoft, Yahoo and Sales force. They possess unique security strategies and data services. Cloud Computing is a extremely strewn computing paradigm i n which dynamic, virtualized, on-demand, ascendable resources are lend to the cloud users. Depending on the services, the c loud services are broadly classified as software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS). Based on service deployment, cloud is compartmentalized into Public Cloud, Private Cloud, Hybrid Cloud, and Community Cloud. Cloud users do not have possession of the resources. Users can admittance to the resources hosted by the proprietor on the internet. This mitigates the management overhead of the client. Moreover the highly distributed nature and scalability appends advantages to the cloud. But they turn into perilous security issue as there is no control over data. The location of data is unknown to user and they may get deleted in due course. Provisioning of shared resources to the traitorous users added a challenge in cloud environment. Cloud Computing is a model that bestows on demand services to the client in suitable and productive methodology. This model encloses a shared pool of resources akin to networks, servers, storage, Applications and services Types of Cloud Services: Software as a Service (SaaS) In this service the end users are endowed with subscription to software applications and databases on demand. The cloud users need to pay and use the same.. Infrastructure as a Service (IaaS)- The Cloud Service provider renders the hardware and software resources on demand basis from their Data centers. Platform as a Service (PaaS)- The vendor imparts a computing platform like the OS, web servers, etc to the program developers without installation or downloads. It mixes the simplicity of SaaS with IaaS so it is leveraged as finest known aspect of Cloud Computing. Network as a Service (NaaS) The Cloud Service provider implements virtual network connectivity services and inter-cloud network connectivity services to the users. Fig. 1.1: Cloud Architecture 1

2 1.2.Cloud Computing Models: Private Cloud: This infrastructure involves an exclusive environment that is owned by a sing le organization, say within the corporate firewall. Public Cloud: This model is suitable for civic, that is available in public net works with non-sensitive data. They demand more cloud structure and cloud security considerations. Community cloud: Collaborative effort in which organizations will partake infrastructure. They will supervise internally or by a third force. Hybrid cloud: Consolidation of two or more Private, Public and Community clouds. For application developers the storage area may present itself through a set of application program interface (API) calls. PUBLIC CLOUD Resources are owned and man aged by the third party and provides service with Low Cost and On Demand basis. PRIVATE CLOUD Resources are owned and man aged by a Separate organization for their cloud service in their company. HYBRID CLOUD The integration Of public and private cloud deployment model is also called hybrid where some organization share their cost of infrastructure with public cloud. Two or more organization COMMUNITY form a group and work for a CLOUD single purpose in the Cloud Fig. 1.2: Cloud Computing Types In private cloud, cloud is owned by private concern and they uphold their individual auditing ideology and procedure. Customarily private cloud will not link up with the public networks akin to internet, so the probability of exterior attacks is depleted.the private cloud user are restricted and easily can do monitoring. The public cloud can connect with public network like internet and there is boundless number of users depending upon the service providers competence. The agreement SLA between cloud service provider and cloud user is not translucent to all end users, so there is a possibility of agreement violation Cloud Based Data Storage Cloud based data storage is the ne xt step in the evolution of NAS (network attached station) de vices. Across the web (the cloud), many providers offer data storage that resides in the cloud. environment and provides service as private but less cost when compare to private. 1.4 Advantage of Cloud Based Data Storage Scalability most cloud based data storage providers let you scale your storage capacity (up or down) to align with your storage needs. Pay as per go with most cloud based data storage facilities users pay only for the storage (within a range) that they need Reliability many cloud based data storage provides transparent data replication. Ease of access most cloud based data storage solutions let users map a drive letter to the remote file storage area and then access the files through the use of a logical drive. Depending on your access needs the data may be accessible as follows Through a web browser interface that lets you move files to and from the storage area using a variety of devices. Through a mounted disk drive that appears locally to your computer as a disk drive letter or mounted file system. 2 Figure 1.3: CIA triad

3 1.5. Disadvantage of Cloud Based Data Storage Performance because the cloud based disk storage devices are accessed over the internet they will never be as fast as local drives. Security some users will never feel comfortable with their data in the cloud. Data orphans user may abandon data in cloud storage facilities, leaving confidential private or company data at risk The Security Triad or CIA Triad The three fundamentals concepts of information security Confidentiality Integrity Availability Confidentiality The prevention of intentional or un-intentional unauthorized disclosure of contents is called confidentiality. Loss of confidentiality can occur in many ways For Example: loss of confidentiality can occur through the intentional release of private company information or through a misapplication of network rights. Some of the elements of telecommunications used to ensure confidentiality are as follows: Network security protocols, Network authentication services, Data encryption services. Integrity Integrity is the guarantee that the message sent is the message received and that the message is not intentionally or unintentionally altered. Loss of integrity can occur through an intentional attack to change information (for example a website defacement) or more commonly, unintentional (data is accidentally altered by an operator). Integrity also contains the concept of non repudiation of a message source elements used to ensure integrity: Firewall services, Communication security management, and Intrusion detection services Availability This concept refers to the elements that create reliability and stability in networks and systems. It ensures that connectivity is accessible when needed, allowing authorized users to access the network or systems. Also in that assurance the guarantee that security services for the security practitioner are usable when they are needed. That concept of availability also trends to include areas in an 3 information system that are traditionally not thought of as pure security (such as guarantee of service, performance, and up-time) yet are obviously affected by breaches such as a denial-of-service Entities a.dataowner Data owner is one of the entities which contain the data to be stored in the cloud storage system which is provided by the cloud service provider the data owner may be an individual user or a small organization. b. Cloud Service Provider The cloud service provider (CSP) which provides the various cloud services in our approach CSP provides the data storage space and computational resources. c. Cloud Servers: The collection of mainframe systems or server which is owned and managed by the cloud service provider (CSP) and also it pr vides the computational resources. d. Certificate Authority The certificate authority is one of the entities in the architecture which provides a valid certificate during the identity management. e. Trusted Third Party Auditor: The trusted third party auditor is one of the entities who has versatile, skilled, computational resources that users may not have and provides the audit service on behalf of the user 1.8. Auditing The requirement for audit arises as the SLA agreement is opaque to the users. There are two types of audit based on the product under audition. Internal Au dit audits the process that takes place while imparting the service. External Audit audits the quality of service such as CPU performance, availability and SLA parameters. Audit can be mutually static and dynamic. In static auditing, auditing is done sporadically to verify the veracity of data. Samples are taken from the data and it is verified for integrity of data. In dynamic auditing, auditing is done on dynamic data. The dynamic data operations are modification, insertion and deletion. Batch auditing is required when there are multiple owners and multiple cloud servers. The issues evolves when decision is to be made on which entity can perform auditing. If auditing is done by Cloud providers they may conceal their faults and violations. On the other hand if the user does the auditing, it adds the overhead to them. The solution is to have a third party entity to do the auditing. The third party should be unbiased to

4 the source and end user Third Party Auditor (TPA) The Cloud user propels the data to service provider through the network. The user data may contain very insightful data like user personal information, Bank d etails, Password, Important keyword, Business client details etc. Cloud service providers normally employ Secure Socket Layer (SSL), Point to Point Tunneling protocol (PPTP), V PN for secure transaction. We are having memoirs th at attackers and intruders have succeeded over this type of security services. While transferring the data between user and the cloud service providers it is very hard to shun malevolent assail. But users require assurance lawfully about the safety over their data. For this we need an authentication mechanism based on the third party. This third party monitors the behavior of cloud user and cloud service provider. Routinely cloud service providers and client will have a Service Level Agreement (SLA). Both parties have to trail the rules and regulations mentioned in the SLA. This agreement includes the Cloud service provider s quality of service, Standard of the service, service monitoring and controlling. T he Cloud service may give oodles of commitment and service offers to the cloud user due to market rivalry but he need s to follow them everlastingly. The cloud service providers fo r their profit will hide the data errors from the cloud user. T o circumvent this problem and to retain the security standards w e call for a Third Party Auditor (TPA). TPA will abide by the auditing norms and techniques, also they will have cat alog of auditing strategies. The TPA should familiar with the SLA between cloud service provider and cloud user. TPA will play promising role between two parties. TPA is having knack to ensure the integrity of data which is stored in the cloud. The auditing should not impinge on the secrecy of the cloud users. Here the cloud user predominantly concern about their data security. Data Security encompasses Data integrity, Data Availability, Data Confidentiality as the data is stored. In order to verify the data integrity untrustworthy servers become a colossal concern with cloud environment. Data security means shielding the data from the unnecessary actions from unauthorized users and defending from devastating forces. The variety of forces is hardware failure, software failure, network failure, system failure, external forces, natural calamities etc. The illicit user may be an intruder. We have to monitor the all user activities, if we found any unauthorized function from any user, immediately we should chunk the particular user prior to mutilating the data. Data Integrity means sustaining the accuracy and consistency over the cloud user data continuously. The cloud user may stock up crucial information in the cloud storage; the precision of the user data information should be accurate in perpetuum. Data Confidentiality means maintaining the secrecy about the user data. Confidentiality is a collection of rules and promises to maintain the concealment over selected cloud user data information. The Cloud Service Provider should not enclose that information to any individual eternally. The auditing process embodies three diverse phases namely Planning, Execution and Reporting. In planning phase the TPA have to conclude the subsequent important tasks, substance to audit, agenda of the auditing, duration of auditing, vicinity of auditing, audit team size etc. The audit time and team size depends upon th e magnitude of the content. Execution is the important phase in which we have to analyze the security coercions in the clo ud storage, scrutinize the earlier threats and determine the echelon of preceding threats. Additionally user has to do the data integrity assessment. Reporting is the report of execution phase; this report will help the Cloud service provider to enrich their service. Fig. 1.3: TPA in Cloud Public Batch Auditing means T PA can do simultaneous integrity checks on multiple cloud user data, which is stored in numerous clouds. II. PROPOSED SYSTEM TPA is the external entity that supports the data integrity in the cloud. Cloud Service Providers relocates the data to cloud user from cloud server. Transferred data is later on checked for its integrity. The process is as follows, TPA will amass the received data and send that data for verification. If both data equivalent, then there is no contravention in the data integrity. Realistically this is impossible for outsized data. Also TPA is an external entity; if we give complete set of data again then data integrity questions will arise in closing stages. For the manifold 4

5 cloud and several users we need various auditing called batch auditing. We need to instigate a new technique with Homomorphic authenticator nd the bilinear aggregate signature method 2.1. Components: Client: Client wields the services furnished by the owner. Client retrieves the data lent by the owner through the Cloud server. But cloud server is an imperceptible entity to the Client. The Client should be an authenticated user to the data owner. Owner: The owner utilizes cloud server to stockpile the data. The proprietor provides data to the end u sers through the Cloud Server. The possessor provides on demand services to the user. The file to be sent is encrypted and positioned in the Cloud server which is reachable by the user. The owner annexes a tag with the data to be sent so that auditor can corroborate the data using the tag. Key Generation: Key generation is accomplished by the Owner. The data is encrypted using the private key of the owner and public key is transferred along with the data. Server Integrity proof: TPA wrangles over the server to give a proof of data integrity. The server sends the proof. Integrity Verification: In receipt of the proof from the Server, TPA verifies the integrity devoid of encrypting the data. The tag in the data assists the TPA to check the data efficiently. The Auditing can be done periodically on samples of data. Over the period, the samples are collected and verification is done Cloud Server: The Cloud server presents storage services to the data vendor. The owner has to register with Cloud server to provide the use the storage services. Cloud server acts as a platform to gather the owner s data to be accessed by the client. Many owners can operate on same Cloud server to provide services to their collection of users. TPA: The data are provided to server and the integrity is clueless. The owner can attest the integrity of data in Cloud server by auditing. Having an audition at t he proprietor end aggravates overhead and the elucidation is to have a third party auditor. On behalf of owner the TPA will make sure that the owner s data storage and security is appropriate. TPA should be trustworthy but then trusting a third party is not advisable. The contents are not made available for TPA for the same purpose. It also verifies encrypted data and can be done using Homomorphic authentication. The metadata is developed using the same and disputes the server for the proof of data integrity. The server gives the proof which is checkered against the owner s metadata Authentication Process (Modules Description) a. IDENTITY Based Authentication: 1. User REQUEST - Authentication, Certification REQUEST- Generation of Random Number User The TPA process works in three steps: Key Generation, Server integrity proof, integrity verification With Received random number, Generation of Public Key Cloud Server by the user 3. Cloud sends random number with the received random number and user generates token cloud. 4. Cloud server verifies the token with the generated values = True Identity (Cloud

6 session key user) b. OUTSOURCING in the Cloud: 1. Data Owner Initiate the Process 2. Splitting: File=No.of.Blocks * parity Vector 3. Encryption: Each block is encrypted using the token generated by homomorphic encryption 4. The encrypted file is send to the cloud. 5. The Set of Token of Each Block and indices is send to the Third Party Auditor(TPA) c. PERIODIC Auditing Using Third Party: 1. TPA checks the integrity of the uploaded file. It queries the Cloud Service Provider (CSP). 2. TPA challenge algorithm verify the integrity of outsourced file. f. Misbehaving Attack: 1. An attacker hacks the message of CSP verified by certificate authority 2. TPA sends the queries to the servers to send back the blocks of the r rows specified in the challenge. 3. Case 1: CSP ended the session, the attacker try to access the data in the cloud, Case 1 will not succeed because the certificate cannot be reused 4. Case 2: CSP is completely disconnected but the session was not over, in this case the attacker may hack the data in the cloud. 5. Case 2: will not succeed because the cloud ask to enter the hash key, original Cloud Service Provider (CSP) only know the hash key but the malicious user doesn t aware about the hash key 3. Cloud sends the random file block for the specified indices. 4. TPA check the response whether the response is correct or not d. Error Localization and Correctness Verification: 1. Third Party Auditor (TPA) challenges the cloud by sending block indices 2. Response values of cloud servers determines the correctness of the distributed storage 3. TPA - check values- correctness 4. Else there is occurrence of corrupted File= ERROR 5. Identification of Misbehaving server e. Dynamic Data Operations: 1. Cloud server also receives the public verifiable parameters from TPA and performs the following set of operation: Insert, Delete and Update. 2. The modified file is send to the data owner 3. Data owner verifies the modified file and send the confirmation to the TPA 4. TPA modifies the audit record. Fig.2.4: Increase in auditing verification based on no of files g. Advantages in Proposed System: 1. Audit system can support dynamic data operations and timely anomaly detection 2. Security is provided for dynamic data operations 3. Detects the malicious cloud service provider, when accessing the data in the cloud 4. Detect the malicious identity while the data owner outsourcing in the cloud. 5. GOOGLE APP Engine a) Google App Engine (often referred to as GAE or simply App Engine) is a platform as a service (PaaS), cloud computing platform for developing and hosting web applications 6

7 b) App Engine offers automatic scaling for web applications as the number of requests increases for an application. c) It automatically allocates more resources for the web application to handle the additional demand. III. CONCLUSION [4] Cong Wang, Sherman S.M. Chow, Qian Wang, Kui Ren, and Wenjing Lou (2013) Privacy Preserving Public Auditing for Secure Cloud Storage [5] Ling Li, Lin Xu, Jing Li, Changchun Zhang, Hefei, Anhui, P.R,China (2011) Study on the Third Party Audit in Cloud Storage Service. At contemporary stage, cloud computing became a big computing paradigm. Number of cloud users and cloud providers grow swiftly. As the n umber of cloud providers increases, choosing a trusted service became dreary. The auditing mechanism is indispensable to resolve the cloud integrity concern. There is an assortment of auditing framework anticipated in cloud com putting.. But most of them are static in nature and they are instigated by cloud providers. In order to have dynamic monitoring, Dynamic Third Party Auditing System is proposed. The main advantage of the proposed system is that the data integrity is verified on dynamic data by the third party auditor. As the data integrity is verified by third party auditor, auditing becomes transparent to the Client. Future works needs to be done in order to concentrate on the scalability of the cloud services audit. Scalability is the main characteristic of the cloud. As cloud is highly distributed, the number of distributed nodes in the auditing process is also a factor to be considered the main characteristics of the cloud. As cloud is highly distributed, the number of distributed nodes in the auditing process is also a factor to be considered. Thus proposed scheme also provides the secure outsourcing services by enabling periodic third party audit and dynamic operations. Also the verification process provided for the cloud service provider to access the data in the cloud. Hence the malicious cloud service providers or malicious user are get highlighted and removed from the cloud system. REFERNCES [1] Kan Yang, and Xiaohua jia (2013) An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing [2] Jachak K.B, Korde S.K, Ghorpade P.P and Gagare G.J (2012) Homomorphic Authentication with Random Masking Technique Ensuring Privacy and Security in Cloud Computing [3] Irfan Gul, Atiq ur Rehman, M.Hasan Islam, Cloud Computing Security Auditing 7