Analysis of Cloud access security on file system using secure policies



Similar documents
A SECURE CLOUD WITH ADDITIONAL LAYER OF PROTECTION AND USER AUTHENTICATION

Secure Overlay Cloud Storage with Access Control and Assured Deletion

FADE: Secure Overlay Cloud Storage with File Assured Deletion

Secure Cloud Storage with File Assured Deletion

International Journal of Research in Advent Technology Available Online at:

CLOUD STORAGE SYSTEM MANAGING SECURE FILE EXCLUSION

POLICY BASED FILE ASSURED DELETION WITH SECURE OVERLAY CLOUD STORAGE

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Privacy Preservation and Secure Data Sharing in Cloud Storage

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

A Secure Decentralized Access Control Scheme for Data stored in Clouds

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

A Secure Cloud Backup System with Assured Deletion and Version Control

Public Auditing for Shared Data in the Cloud by Using AES

Data defense in unpredictable Cloud Using Access Control and Access Time

Enabling Public Auditability, Dynamic Storage Security and Integrity Verification in Cloud Storage

Near Sheltered and Loyal storage Space Navigating in Cloud

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

DarkFS - An Encrypted File System

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Data Security Using Reliable Re-Encryption in Unreliable Cloud

G.J. E.D.T.,Vol.3(1):43-47 (January-February, 2014) ISSN: SUODY-Preserving Privacy in Sharing Data with Multi-Vendor for Dynamic Groups

ADVANCE SECURITY TO CLOUD DATA STORAGE

Improving data integrity on cloud storage services

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

A Survey of Different Encryption Techniques for Secure Cloud Storage

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

Cloud Data Storage Services Considering Public Audit for Security

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Secure Way of Storing Data in Cloud Using Third Party Auditor

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Trusted Public Auditing Process for Secure Cloud Storage

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Data Grid Privacy and Secure Storage Service in Cloud Computing

Ensuring Data Storage Security in Cloud Computing By IP Address Restriction & Key Authentication

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

Data Integrity by Aes Algorithm ISSN

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Enable Public Audit ability for Secure Cloud Storage

An Efficient Data Correctness Approach over Cloud Architectures

Identifying Data Integrity in the Cloud Storage

February. ISSN:

Privacy Patterns in Public Clouds

Verifying Correctness of Trusted data in Clouds

Cryptography and Key Management Basics

Decentralized Access Control Secure Cloud Storage using Key Policy Attribute Based Encryption

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

REVIEW OF SECURITY AND PRIVACY ISSUES IN CLOUD STORAGE SYSTEM

Keywords-- Cloud computing, Encryption, Data integrity, Third Party Auditor (TPA), RC5 Algorithm, privacypreserving,

Security over Cloud Data through Encryption Standards

Analyzing the Security Schemes of Various Cloud Storage Services

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

Index Terms : cloud computing, Distributed Storage, error detection, data recovery, SHA, dynamic block operations

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Selective dependable storage services for providing security in cloud computing

How To Ensure Correctness Of Data In The Cloud

Privacy Preserving Public Auditing for Data in Cloud Storage

Erasure correcting to enhance data security in cloud data storage

Cloud Data Service for Issues in Scalable Data Integration Using Multi Authority Attribute Based Encryption

Decentralized Access Control Schemes for Data Storage on Cloud

Outstanding Cloud Security Service For Modify Data Distribute In Cloud Method

A New Distributed Accountability and Auditability for Data Storage in Cloud Computing

Secure Privacy Preserving Public Auditing for Cloud storage

EMC DATA DOMAIN ENCRYPTION A Detailed Review

Self Annihilating Data Storage and Location Based nonterminating Video Streaming Services for Mobile Users in CLOUD Environment

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

How To Protect Your Data In A Cloud Environment

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

IMPLEMENTATION OF NETWORK SECURITY MODEL IN CLOUD COMPUTING USING ENCRYPTION TECHNIQUE

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

How To Get To A Cloud Storage And Byod System

CONSIDERATION OF DYNAMIC STORAGE ATTRIBUTES IN CLOUD

Data management using Virtualization in Cloud Computing

Surveying Cloud Storage Correctness using TPA with BLS

Multi-Owner Data Sharing in Cloud Storage Using Policy Based Encryption

Complying with PCI Data Security

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

Ensuring Data Storage Security in Cloud Computing

Security Digital Certificate Manager

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

COMPUSOFT, An international journal of advanced computer technology, 3 (6), June-2014 (Volume-III, Issue-VI)

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Security Digital Certificate Manager

Transcription:

Analysis of Cloud access security on file system using secure policies Priyanka Khandelwal M.Tech student(csc) R.C.E.W,Jaipur,Rajasthan,India Priyankakhandelwal85@yahoo.co.in Abstract-Now a days we can outsource data backups off-site to third-party cloud storage services by which we can reduce data management costs. However, we need to provide security guarantees for the outsourced data, maintained by third parties. In this paper we design and implement FADE, a secure overlay cloud storage system which is able to achieve fine-grained, policy-based access control and file assured deletion. It associates the outsourced files with file access policies, and assuredly deletes files to make them unrecoverable by anyone upon revocations of file access policies. For achieving such security goals, FADE is built upon a set of cryptographic key operations that are self-maintained by a quorum of key managers that are independent of thirdparty clouds. Particularly, FADE acts as an overlay system which works seamlessly atop today s cloud storage services. In this paper we study a proof-of-concept prototype of FADE, We conduct extensive empirical studies, and demonstrate that FADE provides security protection for outsourced data, while introducing only minimal performance and monetary cost overhead. Our work provides insights of how to incorporate value-added security features into today s cloud storage services. words:accesscontrol,assured deletion,backup/recovery,cloud storage I. Introduction Cloud computing is defined as the delivery of computing services over the internet. Cloud services allow individuals and businesses to use software and hardware services that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere,where network connection is available. It provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications.the cloud computing model allows access to information and computer resources from anywhere,where network connection is available. It provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications. Now a days Cloud storage become a new business solution for remote backup outsourcing, as it offers an abstraction of infinite storage space for clients to host data backups in a pay-as- you-go manner. It helps enterprises and government agencies significantly in reducing their financial overhead of data management, now they can archive their data backups remotely to third-party cloud storage providers rather than maintain data centers on their own. For example, A SmugMug, a photo sharing website, chose to host terabytes of photos on Amazon S3 in 2006 and saved thousands of dollars on maintaining storage devices[10]. Not only enterprises and government agencies, an individuals can also archive their personal data to the cloud using tools like Dropbox. particularly, with the origin of smartphones, we expect that more people will going to use Dropbox-like tools to move audio/video files from their smartphones to the cloud because Smart phones have limited storage space. As we now outsource the storage of sensitive data to third parities,so security concerns become necessary. In this paper, we are particularly interested to discuss two security issues. First, we need to provide guaran- tees of access control, in which we must ensure that only authorized parties can access the outsourced data on the cloud. In particular, we must restrict third-party cloud storage providers from burrowing any sensitive information of their clients data for their own marketing purposes. Second, it is important to provide guarantees of assured deletion, meaning that outsourced data is permanently inaccessible to anybody (including the data owner) upon requests of deletion of data. Keeping data permanently is undesirable, as data may be unexpectedly opened in future due to malicious attacks on the cloud or because of careless management of cloud operators. The challenge of achieving assured deletion is that we have to trust cloud storage providers to actually delete data, but they may be reluctant in doing so. Also, cloud storage providers typically keep multiple backup copies of data for faulttolerance reasons. It is uncertain, from cloud clients perspectives, whether cloud providers faithfully remove all backup copies upon requests of deletion. These security concerns motivate us, as cloud clients, to 404

have a system that can accomplish access control and assured deletion of outsourced data on the cloud in a fine-grained manner. As we all know, building such a system is really a difficult task and especially when it involves protocol or hardware changes in cloud storage infrastructures that are externally owned and managed by third-party cloud providers.thus, it is necessary to design a secure overlay cloud storage system that can be overlaid and work seamlessly atop existing cloud storage services. In FADE, active data files that live on the cloud are associated with a set of user-defined file access policies like., time expiration, read/write permissions of authorized users and these data files are accessible only to users who satisfy the file access policies[7]. The design perception of FADE is to decouple the management of encrypted data and cryptographic keys, such that encrypted data remains on third-party,cloud storage providers, while cryptographic keys are independently maintained and operated by a quorum of key managers that altogether from trustworthiness.to provide gurantees of access control and assured deletion,fade leverages offthe-shelf cryptographic schemes including threshold secret sharing and attribute based encryption[6] and performs various cryptographic key operations that provide security protection for basic file upload/download operations. We implement a proof- of-concept prototype of FADE to validate its feasibility, and export a set of library APIs that can be used, as a value-added security service, to boost the security properties of general data outsourcing applications. The design of FADE is based on the thin-cloud interface which means that it only requires the cloud to support the basic data access operations such as PUT and GET. Thus, FADE is applicable for general types of storage backends, as long as such backends provide the interface for uploading / downloading data. In short,our work address the access control and assured deletion problems from a practi- cal perspective. Our FADE implementation characterizes and evaluates the performance and monetary cost impli- cations of applying access control and assured deletion in a real-life cloud storage environment. II. FADE Overview We now analyze the design of FADE,A system which provides guarantees of access control and assured deletion for the outsourced data in cloud storage. In this paper we show the necessary components of FADE, and state the design and security goals that it seeks to achieve.figure 1 illustrates an overview of the FADE system.the cloud hosts data files on behalf of a group of FADE users who want to outsource data files to the cloud based on their definitions of file access policies. It applies security protection to the outsourced data files before they are hosted on the cloud. Fade client Data source file Data source file manager 1... Cloud Fig. 1: The FADE system. Each client (deployed locally with its own data source) interacts with one or multiple key managers and uploads/downloads data files to/from the cloud. 2.1 FADE Entities As shown in Figure 1, the FADE system is made up of two main entities: FADE clients: A FADE client is an interface that bridges the data source or filesystem and the cloud. It applies encryption/decryption to the outsourced data files uploaded to /downloaded from the cloud. managers: FADE is made up of a quorum of key managers,each of which is a stand-alone entity which maintains policy-based keys for access control and assured deletion. 2.2 Representation of Metadata manager 2 File (encrypted ) metadata File (encrypted ) metadata Manager N For every data file protected by FADE, we include the metadata. Metadata describes the policies that are associated with the file as well as a set of cryptographic keys. More precisely, the metadata contains the specification of the Boolean combination of policies, and the corresponding crypto- graphic keys including the encrypted data key of the file and the control keys associated with the policies. Here, we assume that each (atomic) policy is specified by a unique 4-byte integer identifier. To represent a Boolean combination of policies, we express it in disjunctive canon- ical form, i.e., the disjunction (OR) of conjunctive policies, and use the characters * and + to denote the AND and OR operators. We upload the metadata as a separate file to the cloud. This enables us to renew policies directly on the metadata file without retrieving the entire data file from the cloud.in our implementation, individual data files have their own metadata, each specifying its own data key. To reduce the metadata overhead as compared to the data file size, we can form a tarball of multiple files under the same policy combination and have all files protected with the same data key. 405

2.3 Cryptographic s In this paper we discuss a FADE system which defines three types of cryptographic keys to protect data files stored on the cloud: Data key: A data key is a random secret that is generated and maintained by a FADE client. It is used for encrypting or decrypting data files via symmetrickey encryption (e.g., AES). Control key: A control key is associated with a particular policy. It is represented by a public-private key pair, and the private control key is maintained by the quorum of key managers. It is used to encrypt/decrypt the data keys of the files protected with the same policy. The control key forms the basis of policy-based assured deletion.it is used for encrypting and decrypting files via AES.. Access key: Similar to the control key, an access key is associated with a particular policy, and is represented by a public-private key pair. However, unlike the control key, the private access key is maintained by a FADE client that is authorized to access files of the associated policy. The access key is built on attributebased encryption, and forms the basis of policy-based access control. Intuitively, to successfully decrypt an encrypted file stored on the cloud, we require the correct data key, control key, and access key. Without any of these keys, it is computationally infeasible to recover an outsourced file being protected by FADE. The following explains how we manage such keys to achieve our security goals. 2.4 Security Goals Here we specify the security goals that FADE attempt to find in order to protect the outsourced data files. In this paper we discuss a design and working of a cloud storage system called FADE, which aims to provide access control assured deletion.fade. 3.1 Data Owner/Client: In FADE client implementation uses four function calls to enable end users to interact with the cloud: 3.1.1 Upload(file, policy): The client encrypts the input file according to the specified policy (or a Boolean combination of policies). Here, the file is encrypted using the 128-bit AES algorithm with the cipher block chaining (CBC) mode. After en- cryption, the client also appends the encrypted file size (8 bytes long) and the HMAC-SHA1 signature (20 bytes long) to the end of encrypted file for integrity checking in later downloads. It then sends the encrypted file and the metadata onto the cloud. 3.1.2 Download(file): The client retrieves the file and policy metadata from the cloud. It then checks the integrity of the encrypted file, and decrypts the file. 3.1.3 Revoke(policy):The client tells the key managers to permanently revoke the specified policy. All files associated with the policy will be assuredly deleted. If a file is associated with the conjunctive policy combination that contains the revoked policy, then it will be assuredly deleted as well. 3.1.4 Renew(file, new_policy): The client first fetches the metadata of the given file from the cloud. It updates the metadata with the new policy. Finally, it sends the metadata back to the cloud. Note that the operation does not involve transfer of the input file.we export the above function calls exported as library APIs. Thus, different implementations of the client can call the library APIs and have the protection offered by FADE. In our current prototype, we implement the client as a user-level program that can access files under a specified folder. Threat model: Here, we assume an adversary that seeks to compromise the privacy of two types of files that are outsourced and stored on the cloud: (i) active files, i.e., the data files that the adversary is unauthorized to access and (ii) deleted files, i.e., the data files that havebeen requested to be deleted by the authorized parties. III. Design and Implementation of FADE 406

IV. Sequence diagram An interaction diagram that shows how process operate with between mobile user/user,key manager and cloud and in what order. 1) Without the control key, the data key and hence the data file remain encrypted and are deemed to be inaccessible. 2) The main security property of file assured deletion is that even if a cloud provider does not remove expired file copies from its storage those files remain encrypted and unrecoverable. Login Login Mobile Entry Invalid login File name and policy Invalid input Success Fig 2 Sequence diagram manage r Send Data key Revoke file Send message Save file Success RSA key pair C lo u d Decrypt the data key VI. Conclusions In this paper we study that with the origin of cloud computing the conventional way of computing has gone for a sea change. As per some expert opinions, it is going to be the face of future cloud computing. And hence, the future of cloud computing seems very promising. And this is not an overestimate or exaggeration, as we are already using cloud and its applications in one form or another. Using email and connecting to social media through smart phones, watching movies over smart phones and uploading and accessing pictures from websites like Flicker are common examples of cloud computing in our day-to-day life. However, privacy and integrity concerns become relevant as we now count on third parties to host possibly sensitive data. To protect outsourced data, a straightforward approach is to apply cryptographic encryption onto sensitive data with a set of encryption keys, yet maintaining and protecting such encryption keys will create another security issue. One specific issue is that upon requests of deletion of files, cloud storage providers may not completely remove all file copies (e.g., cloud storage providers may make multiple file backup copies and distribute them over the cloud for reliability, and clients do not know the number or even the existence of these backup copies), and eventually have the data disclosed if the encryption keys are unexpectedly obtained, either by accidents or by malicious attacks. Therefore, we seek to achieve a major security goal called file assured deletion, meaning that files are reliably deleted and remain permanently unrecoverable and inaccessible by any party. V. Evaluation In this paper we study that Time-based file assured deletion, is introduced, which means that files can be securely deleted and remain permanently inaccessible after a predefined duration. The main idea behind it, that a file is encrypted with a data key by the owner of the file, and this data key is again encrypted with a control key by a separate key manager. The key manager is a server that is responsible for cryptographic key management. In, the control key is time-based, meaning is that it will be completely removed by the key manager as an expiration time is reached, the expiration time is specified at the time the file is first declared. Without the control key, the data key and hence the data file remain encrypted and are deemed to be inaccessible. Problems Of Existing System REFRENCES [1] H. Abu-Libdeh, L. Princehouse, and H. Weatherspoon. RACS: A Case for Cloud Storage Diversity. In Proc. of ACM SoCC, 2010. [2] V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data.In Proc. of ACM CCS, 2006. [3] S. Kamara and K. Lauter.Cryptographic Cloud Storage. In Proc. of Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization, 2010. [4] LibAWS++. http://aws.28msec.com/, 2010. [5] A. J. Menezes, P. C. van Oorschot, and S. A.Vanstone. Handbook of Applied Cryptography. CRC Press, Oct 1996. [6] W. Stallings. Cryptography and Network Security.Prentice Hall, 2006. 407

[7] Y. Tang, P. P. C. Lee, J. C. S. Lui, and R. Perlman. FADE: Secure Overlay Cloud Storage with File Assured Deletion. In Proc.Of ICST SecureComm, 2010.. [8] C. Wang, Q. Wang, K. Ren, and W. Lou. Privacy-preserving public auditing for storage security in cloud computing. In Proc. of IEEE INFOCOM, Mar 2010. [9] M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu.Plutus: Scalable Secure File Sharing on Untrusted Storage. In Proc. of USENIX FAST, 2003. [10] SmugMug. http://www.smugmug.com/, 2010. 408

, 409

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information