Survey of Data Storage Security in Cloud Computing

Transcription

1 Survey of Data Storage Security in Cloud Computing Mr. Kiran Nagargoje, Patel College of Science & Technology Ralamandal Indore, India Abstract: Mr.Niranjan Mahanwar Patel College of Science & Technology Ratibhad Bhopal, India In Cloud Computing data is moved in large data centers of Cloud Service Provider (CSP). management of data and services may not be trustworthy. This poses a security challenge to the data stored inside cloud. As they know cloud data storage security is an important aspect of quality of service, data storage security is having paramount importance in todays life. Keywords: cloud service provider 1. Introduction : Innovations are necessary to ride the inevitable tide of change. Most of enterprises are striving to reduce their computing cost through the means of virtualization. This demand of reducing the computing cost has led to the innovation of Cloud Computing. Cloud computing is a term used to describe a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down as per their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. Cloud Computing has become one of the most talked about technologies in recent times and has got lots of attention from media as they ll as analysts because of the opportunities. PC/Laptops Mobile/PDA Internet IaaS PaaS SaaS Cloud Provider Clients subscribes to the service via internet & they pays as per usage of service to which they have subscribed. Clients need not to be stationary it can be PDA s, Mobiles Laptops. Clients doesn t need to have in house infrastructure, they can purchase to the service they want on hourly, they ekly or monthly reasonable basis. Cloud computing users can avoid capital expenditure on hardware, software, and services when they pay a provider only for what they use. Consumption is usually billed on a utility or subscription basis with little or no upfront cost. Contribution : 1. Giuseppe Ateniese, Randal Burns, Reza Curtmola,and Joseph Herring Lea Kissner, Zachary Peterson Dawn Song introduce a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data without retrieving it. The model generates probabilistic proofs of possession by sampling random sets of blocks from the server, which drastically reduces I/O costs. The client maintains a constant amount of metadata to verify the proof. The challenge/response protocol transmits a small, constant amount of data, which minimizes network communication. Thus, the PDP model for remote data checking supports large data sets in widely-distributed storage systems. Verifying the authenticity of data has emerged as a critical issue in storing data on untrusted servers. It arises in peer-to-peer storage systems, network file systems, long-term archives, they b-service object stores, and database systems. Such systems prevent storage servers from misrepresenting or modifying data by providing authenticity checks when accessing data. Hothey ver, archival storage requires guarantees about the authenticity of data on storage, namely that storage servers possess data. It is insufficient to detect that data have been modified or deleted when accessing the data, because it may be too late to recover lost or damaged data. Archival storage servers retain tremendous amounts of data, little of which are accessed. They also hold data for long periods of time during which there may be exposure to data loss from administration errors as the physical implementation of storage evolves, e.g., backup and restore, data migration to new systems, and changing memberships in peer-to-peer systems. Archival network storage presents unique performance demands. Given that file data are large and are stored at remote sites, accessing an entire file is expensive in I/O costs to the storage server and in transmitting the file across a network. Reading an entire archive, even periodically, greatly limits the scalability of network stores. (The growth in storage capacity has far outstripped the growth in storage access times and bandwidth [44]). Furthermore, I/O incurred to establish data possession interferes with on-demand bandwidth to store and retrieve data. They conclude that clients need to be able to verify that a server has retained file data without retrieving the data from the server and without having the server access the entire file. Previous solutions do not meet these requirements for proving data possession. Some schemes provide a they aker guarantee by enforcing storage complexity: The server has to store an amount of data at least as large as the client s data, but not necessarily the same exact data. Moreover, all previous techniques require the server to access the entire file, which is not feasible when dealing with large amounts of data. They define a model for provable data possession (PDP) that provides probabilistic proof that a third party stores a file. The model is unique in that it allows the server to access small portions of the file in generating the proof; all other techniques must access the entire file. Within this model, they give the first provably-secure scheme for remote data checking. The client stores a small O(1) amount of metadata to Kiran et al. Page 78

2 verify the server s proof. Also, the scheme uses O(1) bandwidth1. The challenge and the response are each slightly more than 1 Kilobit. They also present a more efficient version of this scheme that proves data possession using a single modular exponentiation at the server, even though it provides a they aker guarantee. Both schemes use homomorphic verifiable tags. Because of the homomorphic property, tags computed for multiple file blocks can be combined into a single value. The client pre-computes tags for each block of a file and then stores the file and its tags with a server. At a later time, the client can verify that the server possesses the file by generating a random challenge against a randomly selected set of file blocks. Using the queried blocks and their corresponding tags, the server generates a proof of possession. The client is thus convinced of data possession, without actually having to retrieve file blocks. The efficient PDP scheme is the fundamental construct underlying an archival introspection system that they are developing for the long-term preservation of Astronomy data. They are taking possession of multi-terabyte Astronomy databases at a University library in order to preserve the information long after the research projects and instruments used to collect the data are gone. The database will be replicated at multiple sites. Sites include resource-sharing partners that exchange storage capacity to achieve reliability and scale. As such, the system is subject to freeloading in which partners attempt to use storage resources and contribute none of their own. The location and physical implementation of these replicas are managed independently by each partner and will evolve over time. Partners may even outsource storage to third-party storage server providers. Efficient PDP schemes will ensure that the computational requirements of remote data checking do not unduly burden the remote storage sites. They implemented our more efficient scheme (E-PDP) and two other remote data checking protocols and evaluated their performance. Experiments show that probabilistic possession guarantees make it practical to verify possession of large data sets. With sampling, E-PDP verifies a 64MB file in about 0.4 seconds as compared to 1.8 seconds without sampling. Further, I/O bounds the performance of E-PDP; it generates proofs as quickly as the disk produces data. Finally, E-PDP is 185 times faster than the previous secure protocol on 768 KB files. They focused on the problem of verifying if an untrusted server stores a client s data. They introduced a model for provable data possession, in which it is desirable to minimize the file block accesses, the computation on the server, and the client-server communication. Our solutions for PDP fit this model: They incur a low (or even constant) overhead at the server and require a small, constant amount of communication per challenge. Key components of our schemes are the homomorphic verifiable tags. They allow to verify data possession without having access to the actual data file. Experiments show that our schemes, which offer a probabilistic possession guarantee by sampling the server s storage, make it practical to verify possession of large data sets. Previous schemes that do not allow sampling are not practical when PDP is used to prove possession of large amounts of data. Our experiments show that such schemes also impose a significant I/O and computational. 2. Ensuring Data Storage Security in Cloud Computing interduce by Cong Wang, Qian Wang, and Kui Ren, They njing Lou.he try to focus on secure data strorage in clould. In Cloud Computing has been envisioned as the nextgeneration architecture of IT Enterprise. In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, Cloud Computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy. This unique attribute, hothey ver, poses many new security challenges which have not been they ll understood. In this article, they focus on cloud data storage security, which has always been an important aspect of quality of service. To ensure the correctness of users data in the cloud, they propose an effective and flexible distributed scheme with two salient features, opposing to its predecessors. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., the identification of misbehaving server(s). Unlike most prior works, the new scheme further supports secure and efficient dynamic operations on data blocks, including: data update, delete and append. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure, malicious data modification attack, and even server colluding attacks. Several trends are opening up the era of Cloud Computing, which is an Internet-based development and use of computer technology. The ever cheaper and more pothey rful processors, together with the software as a service (SaaS) computing architecture, are transforming data centers into pools of computing service on a huge scale. The increasing network bandwidth and reliable yet flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centers. Moving data into the cloud offers great convenience to users since they don t have to care about the complexities of direct hardware management. The pioneer of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2) [1] are both they ll known examples. While these internet-based online services do provide huge amounts of storage space and customizable computing resources, this computing platform shift, hothey ver, is eliminating the responsibility of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. Recent downtime of Amazon s S3 is such an example. From the perspective of data security, which has always been an important aspect of quality of service, Cloud Computing inevitably poses new challenging security threats for Several trends are opening up the era of Cloud Computing, which is an Internet-based development and use of computer Kiran et al. Page 79

3 technology. The ever cheaper and more pothey rful processors, together with the software as a service (SaaS) computing architecture,are transforming data centers into pools of computing service on a huge scale. The increasing network bandwidth and reliable yet flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centers. Moving data into the cloud offers great convenience to users since they don t have to care about the complexities of direct hardware management. The pioneer of Cloud Computing vendors, Amazon Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2) are both they ll known examples. While these internet-based online services do provide huge amounts of storage space and customizable computing resources, this computing platform shift, hothey ver, is eliminating the responsibility of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. Recent downtime of Amazon s S3 is such an example. From the perspective of data security, which has always been an important aspect of quality of service, Cloud Computing inevitably poses new challenging security threats for data storage. 2.1 Securing The Data Storage: In cloud data storage system, users store their data in the cloud and no longer possess the data locally. Thus, the correctness and availability of the data files being stored on the distributed cloud servers must be guaranteed. One of the key issues is to effectively detect any unauthorized data modification & corruption, possibly due to server compromise. Besides, in the distributed case when such inconsistencies are successfully detected, to find which server the data error lies in is also of great significance, since it can be the first step to fast recover the storage errors. Our system operation is divided into four modules, File Distribution Preparation Token Pre-computation Correctness Verification & Error Localization File Retrieval & Error Recovery. Notation & Preliminaries : F The data file to be stored. They assume that F can be denoted as a matrix of m equal-sized data vectors, each consisting of l blocks. Data blocks are all they ll represented as elements in Galois Field G(2w) for w=4,8,16. R The dispersal matrix used for Reed-Solomon coding. D Data matrix constructed over data vectors. C The encoded file matrix, which includes a set of n=m+k vectors, each consisting of l blocks. PRF Pseudorandom function. PRP Pseudorandom permutation. 2.2 File Distribution Preparation : It is they ll known that erasure-correcting code may be used to tolerate multiple failures in distributed storage systems [18]. In cloud data storage, they rely on this technique to disperse the data file F redundantly across a set of n=m+k distributed servers. R m+k,k Reed-Solomon erasure-correcting code is used to create k redundancy parity vectors from m data vectors in such a way that the original m data vectors can be reconstructed from any m out of the m+k data and parity vectors. By placing each of the m+k vectors on a different server, the original data file can survive the failure of any k of the m+k servers without any data loss, with a space overhead of k/ m. For support of efficient sequential I/O to the original file, our file layout is systematic, i.e., the unmodified m data file vectors are distributed across m+k different servers. They are using Reed Solomon Algorithm to disperse the file redundantly over m storage devices. 2.3 Rs-Raid Algorithm : Let there be n storage devices (D1,2,,D3,,Dn) each of which holds k bytes. These are called the Data Devices. Let there be m more storage devices (C1,2,,C3,,Cm) each of which also holds k bytes. These are called the Checksum Devices. The contents of each checksum device will be calculated from the contents of the data devices. The goal is to define the calculation of each ci such that if any m of (D1,D2,,D3,,Dn,C1,C2,,C3,,Cm) fail, then the contents of the failed devices can be reconstructed from the non-failed devices. In other words they have n data words d1,d2,,d3,,dn and m checksum words c1,c2,,c3,,cm which are computed from the data words in such a way that the loss of any m words can be tolerated. To compute a checksum word ci for the checksum device Ci, they apply function Pi to the data words: ci= Pi d1,d2,.,dn If a data word on device Dj is updated from dj to dj, then each checksum word ci is recomputed by applying a function Gi,j such that cj = Gi,j dj,dj,ci When up to m devices fail, they reconstruct the system as follows. First, for each failed data device Dj, they construct a function to restore the words in Dj from the words in the non-failed devices. When that is completed, they recomputed any failed checksum devices Ci with Pi. For example, suppose m=1. They can describe n+1 parity in the above terms. There is one checksum device C1.To compute each checksum word c1, they take the parity (XOR) of the data words: c1= P1 d1,d2,.,dn = d1 d2. dn If a word on data device Dj changes from dj to dj, then c1 is recalculated from the parity of its old value and the two data words: c1 = G1,j dj,dj,c1 = c1 dj dj If a device Dj fails, then each word may be restored as the parity of the corresponding words on the remaining devices: dj= d1 d2. dn c1.in such a way, the system is resilient to any single device failure. They are given n data words d1,d2,..dn. They define functions P and Kiran et al. Page 80

4 G which they use to calculate and maintain the checksum words c1,c2,..cm. They then describe how to reconstruct the words of any lost data device when up to m devices fail. Once the data words are reconstructed, the checksum words can be recomputed from the data words and P. Thus, the entire system is reconstructed. 2.4 Calculating & Maintaining Checksums : They define each function Pi to be a linear combination of the data words: ci= Pi d1,d2,.,dn = dj Pi,j nj=1 In other words, if they represent the data and checksum words as the vectors D and C, the functions Pi as rows of the matrix P, then the state of the system adheres to the following equation: PD=C They define to be the m n matrix pi,j = ji 1, and thus the above equation becomes: p1,1 p1,2 p1,n d1 p2,1 p2,2 p2,n d2 = pm,1 pm,2 pm,n dn d1 c1 1 2 n d2 = c ^m-1 n^m-1 d3 c3 When one of the data words dj changes to dj, then each of the checksum words must be changed as they ll. This can be affected by subtracting out the portion of the checksum word that corresponds to d, and adding the required amount for dj. Thus, Gi, is defined as follows: ci = Gi,j dj,dj,ci = ci+ pi.j(dj dj) Therefore, the calculation and maintenance of checksum words can be done by simple arithmetic. 2.5 Recovering From Failures : To explain recovery from errors, they define the matrix A and the vector E as follows: A= IP and E= DC. Then they have the following equation AD=E.They can view each device in the system as having a corresponding row of the matrix A and the vector E. When a device fails, they reflect the failure by deleting the device s row from A and from E. What results a new matrix A and a new vector E that adhere to the equation: A D=E Suppose exactly m devices fail. A is n n matrix. Because matrix P is defined to be a Vandermonde matrix, every subset of n rows of matrix A is guaranteed to be linearly independent. Thus, the matrix A is non-singular, and the values of D may be calculated from A D=E using Gaussian Elimination. Hence all data devices can be recovered. Once the values of D are obtained, the values of any failed C1 may be recomputed from D. It should be obvious that if fethey r than m devices fail; the system may be recovered in the same manner, choosing any n rows of A. Thus system can tolerate any number of device failures up to m. 2.6 Rs Raid Algorithm Summarized : Given n data devices and m checksum devices, the RS-Raid algorithm for making them fault-tolerant to up to n failures is as follows. 1. Choose a value of w such that 2w>n+m. It is easiest to choose w=4 or w= 8 or w=16, as words then fall directly on byte boundaries. w word size. 2. Set up the table s gflog and gfilog. These tables are used to perform multiplication over Galois Fields. 3. Set up the matrix P to be the m n matrix: pi, = ji 1 where multiplication is performed over GF(2w). 4. Use the matrix P to calculate and maintain each word of the checksum devices from the words of the data devices. Again, all addition and multiplication is performed over GF 2. Create the matrix D as actual data matrix & Calculate C by equation PD=C. 5. If any number of devices up to m fails, then they can be restored in the following manner. Choose any n of the remaining devices, and construct A and a vector E. Then solve for D in A D=E. This enables the data devices to be restored. Once the data devices are restored, the failed checksum devices may be recalculated using the matrix F. So, as per RS Raid algorithm, they divide the input file to the n data vectors, where n is number of storage devices present in the system. The data vectors that are generated are of equal size, so the load will be distributed equally to all the storage devices. They create m n matrix D & store all the data vectors in matrix D. In next step they create a Reed Kiran et al. Page 81

5 Solomon matrix R which is generated over Galois field, i. e. GF 2w. In our case they have assumed word size w=4. After this stage, they perform matrix multiplication to generate checksum matrix C. They multiply data matrix D with Reed Solomon matrix R. The resultant matrix is the redundant matrix which contains original data from data matrix D & parity vectors added by Reed Solomon matrix. It means matrix D will be stored redundantly across the different storage devices & it will be used for token computation as they ll as data recovery purpose. 2.8 Challenge Token Precomputation : To verify the correctness of user s data & to locate the errors, they entirely rely on the pre-computed verification tokens. These tokens are calculated before file distribution & they are very short. They are computing the tokens by pseudorandom function PRF & pseudorandom permutation function PRP. They pre-computes short verification tokens on individual vector, each token covering a random subset of data blocks. They have assumed. Algorithm: TOKEN PRE-COMPUTATION 1. Begin 2. Choose file F to upload & encrypt the file using AES. 3. Generate n m Vector Matrix D on file F. 4. Create Reed Solomon Matrix P over Galois Field GF 2. where w=4. 5. Generate Matrix C=D P. It is Checksum Matrix created for fault tolerance. 6. Compute Token over Matrix C i.e. ComputeToken (C,,t,r), where l block size, t no. of tokens, r indices per verification. Compute the tokens by pseudorandom function PRF & pseudorandom permutation function PRP Correctness Verification & Error Localization : To eliminate the errors in storage systems key prerequisite is to locate the errors. Hothey ver, many previous schemes do not explicitly consider the problem of data error localization, thus only provide binary results for the storage verification. In our scheme they integrate the correctness verification and error localization in our challenge-response protocol. The newly computed tokens from servers for each challenge are compared with pre-computed tokens to determine the correctness of the distributed storage. This also gives information to locate potential data errors. Algorithm: Correctness Verification : 1. Begin Challenge i, for i=(i=1 to n), where n total number of cloud servers. 2. Get TokenAr() // Getting precomputed tokens from main cloud server. 3. HandleC alleng() // Reading file blocks from all cloud servers for calculating new tokens. 4. Generate Vector Matrix D on all file blocks that are read in step Create Reed Solomon Matrix P 6. Generate Matrix C=D P. On this matrix, new tokens will be computed. 7. Compute token on Matrix C. ComputeToken (C,l,t,r) 8. If ((Precomputed token==newly computed token) then, Data is intact Else Data is Corrupt. For that i, initiate the recovery. 9. End Error Recovery & File Retrieval : Once the data corruption is detected, next important step is to recover the corrupted data and bring data storage back to consistent state. The comparison of pre-computed tokens and received response values can guarantee the identification of misbehaving server. Therefore user can recover the corrupted data. Our system recovers data from backup server & distributes all data vectors to corresponding servers. This will results in successful recovery of corrupted data. But due to file splitting they made at the time of file distribution, user s need to recover file from all the servers. Error localization is limited to misbehaving servers only, i.e. servers giving false assurance of posing user s data. Algorithm: Error Recovery 1. Begin (Assume that the data corruptions have been detected & s k servers have been identified misbehaving.) 2. Download consistent data blocks from backup server. 3. Create the data vectors as per number of cloud storage servers. 4. Distribute the consistent data blocks to corresponding servers & recover the data. 5. End Dynamic Operations : In cloud data storage, there are many potential scenarios where data stored in the cloud is dynamic, like electronic documents, photos, or log files etc. Therefore, it is crucial to consider the dynamic case, where a user may wish to perform various operations of update, delete and append to modify the data file while maintaining the storage correctness assurance. Thus they have analyzed the data security concerns in cloud data storage, which is a distributed storage system. They proposed a distributed scheme to ensure users that their data are indeed stored appropriately and kept intact all the time in the cloud. To provide redundancy they used erasure correcting code in the file distribution preparation. As they all know Kiran et al. Page 82

6 cloud is not just a third party data warehouse. So providing support for dynamic operations is very important. Our scheme maintains the same level of storage correctness assurance even if users modify, delete or append their data files in the cloud. Challenge response protocol along with pre-computed token is used to verify the storage correctness of user s data & to effectively locate the malfunctioning server when data corruption has been detected. Through detailed performance analysis, they show that our scheme is having very low communication overhead & guarantees to detect every single unauthorized data modification. Our scheme has no limitation on number of pre-computed tokens used for challenging the cloud servers. Unlimited number of challenges can be made. They removed burden of calculating precomputed tokens & storing the locally from the users. By splitting the file according to the number of server s they are added extra security to system. But they still believe that data storage security in Cloud computing is an area full of challenges and of paramount importance. 2. Conclusions : This paper described the focused on the problem of verifying if an untrusted server stores a client s data.they incur a low (or even constant) overhead at the server and require a small, constant amount of communication per challenge. Key components of our schemes are the homomorphic verifiable tags. They allow to verify data possession without having access to the actual data file. We have analyzed the data security concerns in cloud data storage, which is a distributed storage system. We proposed a distributed scheme to ensure users that their data are indeed stored appropriately and kept intact all the time in the cloud. To provide redundancy we used erasure correcting code in the file distribution preparation. As we all know cloud is not just a third party data warehouse. So providing support for dynamic operations is very important. References [1] A. Juels, J. Burton, and S. Kaliski, PORs: Proofs of Retrievability for Large Files, Proc. ACM CCS 07, Oct. 2007, pp [2] G.Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, Provable Data Possession at Untrusted Stores, Proc. ACM CCS 07, Oct. 2007, pp [3] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, Scalable and Efficient Provable Data Possession, Proc. SecureComm 08, Sept [4] H. Shacham and B. Waters, Compact Proofs of Retrievability, Proc. Asia-Crypt 08, LNCS, vol. 5350, Dec. 2008, pp [5] K. D. Bowers, A. Juels, and A. Oprea, Hail: A High-Availability and Integrity Layer for Cloud Storage, Proc. ACM CCS 09, Nov. 2009, pp [6] C.Wang, Qian Wang, Kui Ren, Wenjing Lou, Ensuring Data Storage Security in Cloud Computing, Proc. IWQoS 09, July 2009, pp [7] Q. Wang, C.Wang, Wenjing Lou, Jin Li, Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing, Proc. ESORICS 09, Sept. 2009, pp [8] C. Erway, Alptekin, Charalampos Papamanthou, Roberto Tamassia, Dynamic Provable Data Possession, Proc. ACM CCS 09, Nov. 2009, pp [9] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, MR-PDP: Multiple-replica provable data possession, in Proc. of ICDCS 08. IEEE Computer Society, 2008, pp [10] T. Schwarz and E. L. Miller, Store, forget, and check: Using algebraic signatures to check remotely administered storage, in Proc. of ICDCS 06, [11] N. Gohring, Amazon s S3 down for several hours, Online amazons_s3_down_for_several hours.html, [12] M. Arrington, Gmail Disaster: Reports of Mass Deletions, Dec.2006; [13] Peter Mell, Tim Grance, The NIST Definition of Cloud Computing, Online at [14] K. D. Bowers, A. Juels, and A. Oprea, Proofs of Retrievability: Theory and Implementation, Cryptology eprint Archive, Report 2008/175, 2008, [15] M. Lillibridge, S. Elnikety, A. Birrell, M. Burrows and M. Isard, A Cooperative Internet Backup Scheme, Proc. of the 2003, USENIX Annual Technical Conference (General Track), pp , [16] Qian Wang, Cong Wang, Kui Ren, Wenjing Lou, and Jin Li, Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing, IEEE Transactions on Parallel & Distributed Systems, Volume: 22, Issue: 5, pages: [17] C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-preserving public auditing for storage security in cloud computing, in Proc. of IEEE INFOCOM 10, San Diego, CA, USA, March [18] J. S. Plank and Y. Ding, Note: Correction to the 1997 Tutorial on Reed-Solomon Coding, University of Tennessee, Tech. Rep. CS , Kiran et al. Page 83