A Novel Re-Authentication Scheme on Cloud Based Storage Services T.G.V.V.Srinivas 1, P.Suresh Babu 2 1 Final M.Tech Student, 2 Associate professor

Transcription

1 A Novel Re-Authentication Scheme on Cloud Based Storage Services T.G.V.V.Srinivas 1, P.Suresh Babu 2 1 Final M.Tech Student, 2 Associate professor 1,2 Dept of CSE, Kaushik College of engineering, JNTUK University Abstract: Cloud service providers provide storage service for outsourced data to store. Users store their sensitive information in cloud service, security and authentication is mainly raising issue. Therefore in this paper we proposed a new framework consists of three features authentication, secure storage, and verification. In our process we used block cipher technique to encrypt the data such as RC4 and for authentication we used password authentication. For manipulation of the data should be done by data owner only after the verification of the data owner authentication. It provides mutual trust between data owner and cloud service provider. We limit the privileges of access of the data in the cloud service. I. INTRODUCTION Verifying the authenticity of data has emerged as a critical issue in storing data on untrusted servers. This issue arisesin peer-to-peer storage systems and the network file systems long-term archives and the web-service object stores, and database systems. Such types of systems areprevent storage servers from misrepresenting or modifying data by providing authenticity checks when accessing data. However, archival storage requires guarantees about the authenticity of data on storage and namely that storage servers possess data and it is insufficient to detect that data have been modified or deleted when accessing the data and this is because it may be too late to recover lost or damaged data. Archival storage servers retain tremendous amounts of data which are accessed and hold data for long periods of time during which there may be exposure to data loss from administration errors as the physical implementation of storage evolves, e.g., backup and restore the data migration to new systems and the changing memberships in peer-topeer systems.[2,4] Archival network storage presents unique performance demands. Take the file data are large and are stored at remote sites and the accessing an entire file is expensive in I/O costs to the storage server and in transmitting the file across a network. Reading an entire archive that even periodically and it greatly limits the scalability of network stores and the growth in storage capacity has far outstripped the growth in storage access times and bandwidth. Furthermore, I/O incurred to establish data possession interferes with on-demand bandwidth to store and retrieve data. We justify that clients need to be able to verify that a server has retained file data without retrieving the data from the server and without having the server access the entire file. Previous solutions do not meet these requirements for proving data possession. Some schemes provide a weaker guarantee by enforcing storage complexity:[6] The server has to store an amount of data at least as large as the client s data and not necessarily the same exact data. All previous techniques require the server to access the entire file and which is not feasible when dealing with large amounts of data.several trends are opening up the era of Cloud Computing is an Internetbased development and use of computer technology. The ever cheaper and more powerful processors and together with the software as a service (SaaS) computing architecture and are transforming data centers into pools of computing service on a huge scale. The increasing network bandwidth and reliable yet flexible network connections make it even possible that clients can now subscribe high quality services from data and software that reside solely on remote data centers. The envisioned as a promising service platform for the Internet, this new data storage paradigm in Cloud brings about many challenging design issues which have profound influence on the security and performance of the overall system. The most biggest concerns with cloud data storage is that of data integrity verification at untrusted servers. [7] For example, the storage service provider that which experiences Byzantine failures occasionally and it may decide to hide the data errors from the clients for the benefit of their own. Question is what is more serious is ISSN: Page 327

2 that for saving money and storage space the service provider might neglect to keep or deliberately delete rarely accessed data files which belong to an ordinary client. Say the large size of the outsourced electronic data and the client s constrained resource capability and core of the problem can be generalized as how can the client find an efficient way to perform periodical integrity verifications without the local copy of data files. In order to solve this problem and many of the schemes are proposed under different systems and security models. In all these works the great efforts are made to design solutions that meet various requirements: high scheme efficiency and the stateless verification, unbounded use of queries and retrievability of data and so on. The role of the verifier in the model and all the schemes presented before fall into two categories: private verifiability and public verifiability. However the schemes with private verifiability can achieve higher scheme efficiency, public verifiability allows anyone and not just the client such as data owner, to challenge the cloud server for correctness of data storage while keeping no private information. Then the clients are able to delegate the evaluation of the service performance to an independent third party auditor (TPA), without devotion of their computation resources. In cloud service the clients themselves are unreliable or cannot afford the overhead of performing frequent integrity checks. So for the practical use, it seems more rational to equip the verification protocol with public verifiability and which is expected to play a more important role in achieving economies of scale for Cloud Computing. Moreover, for efficiency consideration and the outsourced data themselves should not be required by the verifier for the verification purpose. [4] Data outsourcing brings with it many advantages. But associated with it are the risks involved. Though client cannot physically access the data from the cloud server directly, without client s are either not used by client from a long time. Hence, there is a requirement of checking the data periodically for correction purpose, known as data integrity. Here we provide a survey on the different techniques of data integrity. The traditional schemes for data integrity in cloud are Provable Data Possession (PDP) knowledge, cloud provider can modify or delete data which and Proof of Retrievability (PoR). These two schemes are the most active area of research in the cloud data integrity field. Traditional access control techniques assume the existence of the data owner and the storage servers in the same trust domain. This assumption is no longer holds when the data is outsourced to a remote CSP which takes the full charge of the outsourced data management and resides outside the trust domain of the data owner. A feasible achievement solution can be presented to enable the owner to enforce access control of the data stored on a remote untrusted CSP. Through this data is encrypted under a certain key which is shared only with the authorized users. The unauthorized users are including the CSP and are unable to access the data since they do not have the decryption key. This simple solution has been widely incorporated into existing schemes, which aim at providing data storage security on untrusted remote servers. Some other class of solutions utilizes attributebased encryption to achieve fine-grained access control. II. RELATED WORK Data Storage Commitment Schemes: A storage-enforcing commitment scheme (SEC) is a three party protocol executed between the parameters message source S, a prover P, and a verifier V. The message source communicates the message M to the prover and the commitment C to the verifier. The verifier V may verify whether the prover is storing the secret by invoking a probabilistic interactive algorithm. This algorithm may be executed an unlimited number of times. Once the message is revealed then the verifier may check the commitment by running the algorithm Verify. This scheme has three properties called binding, concealing, and storageenforcing.[3] Privacy-Preserving PDP Schemes: The data owner first encrypts the file, Sends both the encrypted file along with the encryption key to the remote server. And also the data owner sends the encrypted file along with a key-commitment that fixes a value for the keywithout revealing the key to the TPA. The main purpose of this scheme is to ensure that the remote server correctly possesses the client s data along with the encryption key and prevent any information leakage to the TPA which is responsible for the auditing task. Therefore the clients especially with constrained computing resources and capabilities can resort to external audit party to check the integrity of outsourced data and third party auditing process should bring in no new vulnerabilities towards the privacy of client s data. And also to the auditing task the TPA and it has anotherprimary task which is extraction of digital contents.[2] The PDP schemes discussed above focus on static or warehoused data which is essential in numerous ISSN: Page 328

3 different applications such as libraries, archives, and astronomical /medical /scientific /legal repositories. On the other side, Dynamic Provable Data Possession (DPDP) schemes investigate the dynamic file operations such as update or delete or append and insert operations. There are some DPDP constructions in the literature satisfying different system requirements.[1] Scalable DPDP: This process is based entirely on symmetric-key cryptography. 1. Before outsourcing, data owner pre-computes a certainnumber of short possession verification tokens and eachof tokencovering some set of data blocks. The actual data is thenhanded over to server. 2. Subsequently, when data owner wants to obtain a proof of data possession and it challenges server with a set ofrandom-looking block indices. 3. In turn, server must compute a short integrity checkover the specified blocks (corresponding to the indices) andreturn it to data owner. Cloud computing, the trend toward loosely coupled networking of computing resources which is unmooring data from local storage platforms. Users today regularly access files without knowing or needing to know on what machines or in what geographical locations their files reside. They may even store files on platforms with unknown owners and operators and more particularly in peer-to-peer computing environments. While cloud computing encompasses the full spectrum of computing resources, in this paper we focus on archival or backup data, large files subject to infrequent updates. While users may access such files only sporadically and the demonstrable level of availability may be required contractually or by regulation. [10] Financial records for a while have to be retained for several years to comply with recently enacted regulations. Recently proposed a notion for archived files that they call a proof of retrievability (POR). A POR is a protocol in which a server/archive proves to a client that a target file F is intact it is in the sense that the client can retrieve all of F from the server with high probability. In a naıve POR, a client might simply download F itself and check an accompanying digital signature and related constructions adopt a challenge-response format that achieves much lower (nearly constant) communication complexity as little as tens of bytes per round in practice. A formal definition of a POR and describe a set of different POR designs in which a client stores just a single symmetric key and a counter. Their most practical constructions and support only a limited number of POR challenges. An alternative construction based on the idea of storing homomorphic block integrity values that can be aggregated to reduce the communication complexity of a proof. Its main advantage is that, due to the underlying block integrity structure, clients can initiate and verify an unlimited number of challenges. III.PROPOSED WORK In our work we introduced a novel method to limit the access control. This is because of private and sensitive data stored in third party servers. Data which is store by a person called data owner and data base which is allow to store is referred as cloud service provider. The data stored in cloud is verified by a trusted person called as trusted authority. In our work the features are as follows: 1) Prevents unauthorized access of the content in cloud service provider. 2) For accessing the content every member have to prove them, for this we implemented password based access control method. 3) It gives privilege to provide trust between data owner and cloud providing service. 4) It provides secure encryption technique of the content to prevent intruder attacks. ISSN: Page 329

4 6. Verify signatures Data Owner 4. Send signature and Meta data Trusted Authority 3. Store encrypte d Data blocks and set password 1. Reg iste r 2. Sen d res po nse 5. Request for signature Cloud 5. Send signature 7. update/delete stored data blocks After proving of him self Architecture of proposed system The algorithm is divided into three parts. Those are Initialization and authentication, Encryption and Storage, Proof and Verification. The below explained all the phases. A) Initialization and authentication Initially Data owner send request to cloud service to store information. Then cloud service sends response and provides unique Id and secure master key. And for registration cloud provide verification method to user cloud service provider. B) Encryption and Storage After authentication data owner encrypts his file using RC4 algorithmas follows: These are the steps for RC4 encryption algorithm is as follows: 1- Get the data to be encrypted and the selected key. 2- Create two string arrays. 3- Initiate one array with numbers from 0 to Fill the other array with the selected key. 5- Randomize the first array depending on the array of the key. 6- Randomize the first array within itself to generate the final key stream. 7- XOR operation of the final key stream with the data to be encrypted to give cipher text. Algorithm: Find the length of the file L. Divide that file into equal length of blocks such as 32/64/128/256/516/1028. Generally we prefer 128, and it is compatible to RC4 encryption. For every block below RC4 algorithm encrypts and gives Cipher text. Input: input data Output: Cipher Text and Signature 1. j = 0; 2. for i = 0 to 255: 3. S[i] = i; 4. for i = 0 to 255: 5. j = (j + S[i] + K[i]) mod 256; 6. swap S[i] and S[j]; It is important to notice that here the swapping of the locations of the numbers 0 to 255 (each of which occurs only once) in the state table. The values that are present in the state table are provided. Once the initialization process is completed and the operation process may be summarized as shown by the pseudo code below; 7. i = j = 0; 8. for (k = 0 to N-1) { 9. i = (i + 1) mod 256; 10. j = (j + S[i]) mod 256; 11. swap S[i] and S[j]; 12. pr = S[ (S[i] + S[j]) mod 256] 13. output M[k] XOR pr} Where M[0..N-1] is the input message consisting of N bits. Generate message digest using secure hash algorithm. Cloud service generates password and security code for particular file and sends to data owner using simple mail ISSN: Page 330

5 transfer protocol for security issue. Then store that blocks in Data base. C) Proof and Verification For update of the file blocks in cloud service, data owner have to prove himself to cloud. Cloud checks Data owner using password verification. Then Data have to prove himself and then he allows manipulating the file content such as blocks. In verification process auditor verifies the file blocks using signature sent by data owner. Auditor requests the signature from the cloud. Then auditor compares the signature of the cloud and the data owner. If two signatures are equal the file is secure otherwise not secure and the verification result is sent to data owner using simple mail transfer protocol. IV. CONCLUSION In our paper we introduced novel prototype to secure storage of the data and secure authentication of the content in cloud service provider. Cloud storage service scheme provides storing of dynamic data where the owner is able to change and accessing the data stored by the cloud service provider and also updating data on the cloud storage. The data owner enforces to blocks ciphering and confidentiality of the data using the authentication schemes which is used in this process. REFERENCES [1] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, Provable data possession at untrusted stores, in Proceedings of the 14th ACM Conference on Computer and Communications Security, ser. CCS 07, 2007, pp [2] F. Seb e, J. Domingo-Ferrer, A. Martinez-Balleste, Y. Deswarte, and J.-J.Quisquater, Efficient remote data possession checking in critical information infrastructures, IEEE Trans. on Knowl.And Data Eng., vol. 20, no. 8, [3] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, Scalable and efficient provable data possession, in Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, 2008, pp [4] C. Erway, A. K upc u, C. Papamanthou, and R. Tamassia, Dynamic provable data possession, in Proceedings of the 16th ACM Conference on Computer and Communications Security, 2009, pp [5] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling public verifiability and data dynamics for storage security in cloud computing, in Proceedings of the 14th European Conference on Research in Computer Security, 2009, pp [6] A. F. Barsoum and M. A. Hasan, Provable possession and replication of data over cloud servers, Centre For Applied Cryptographic Research, Report 2010/32, 2010, uwaterloo.ca/techreports/2010/cacr pdf. [7] R. Curtmola, O. Khan, R. Burns, and G. Ateniese, MR-PDP: multiple-replica provable data possession, in 28th IEEE ICDCS, 2008, pp [8] A. F. Barsoum and M. A. Hasan, On verifying dynamic multiple data copies over cloud servers, Cryptology eprint Archive, Report 2011/447, 2011, 2011, [9] K. D. Bowers, A. Juels, and A. Oprea, HAIL: a high-availability and integrity layer for cloud storage, in CCS 09: Proceedings of the 16th ACM conference on Computer and communications security. New York, NY, USA: ACM, 2009, pp [10] Y. Dodis, S. Vadhan, and D. Wichs, Proofs of retrievability via hardness amplification, in Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography, [11] A. Juels and B. S. Kaliski, PORs: Proofs of Retrievability for large files, in CCS 07: Proceedings of the 14th ACM conference on Computer and communications security. ACM, 2007, pp [12] H. Shacham and B. Waters, Compact proofs of retrievability, in ASIACRYPT 08, 2008, pp BIOGRAPHIES T.G.V.V.Srinivas completed his B- TECH in computer science and engineering in He is pursuing M.Tech in Computer Science and Engineering from Kaushik College of Engineering. His areas of interest include Operating system; cloud computing, Data Mining and Warehousing and Computer Networks. P.SureshBabu completed his B.Tech and M.E. in Computer Science and Engineering. He is currently working as Associate professor of Department of computer science and engineering at Kaushik College of engineering, JNTUK University. He is having industrial experience of 4 years and teaching experience of 15 years. His areas of interest include Artificial intelligence, Neural Networks, Cryptography & Network security, Compiler Design and Advanced Data Structures. ISSN: Page 331