86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014



Similar documents
Secret Sharing based on XOR for Efficient Data Recovery in Cloud

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Security Measures of Personal Information of Smart Home PC

Multi-level Metadata Management Scheme for Cloud Storage System

Device-based Secure Data Management Scheme in a Smart Home

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

A Proxy-Based Data Security Solution in Mobile Cloud

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Single Sign-On Secure Authentication Password Mechanism

An Improved Authentication Protocol for Session Initiation Protocol Using Smart Card and Elliptic Curve Cryptography

Two-Level Metadata Management for Data Deduplication System

A Study on User Access Control Method using Multi-Factor Authentication for EDMS

DESIGN AND IMPLEMENTATION OF A SECURE MULTI-CLOUD DATA STORAGE USING ENCRYPTION

Dynamic Query Updation for User Authentication in cloud Environment

A RFID Data-Cleaning Algorithm Based on Communication Information among RFID Readers

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval

Optimized And Secure Data Backup Solution For Cloud Using Data Deduplication

Data Integrity for Secure Dynamic Cloud Storage System Using TPA

SECURITY STORAGE MODEL OF DATA IN CLOUD Sonia Arora 1 Pawan Luthra 2 1,2 Department of Computer Science & Engineering, SBSSTC

A Study of Key management Protocol for Secure Communication in Personal Cloud Environment

How To Secure Cloud Computing

Secure Data Management Scheme using One-Time Trapdoor on Cloud Storage Environment

BIG DATA: CRYPTOGRAPHICALLY ENFORCED ACCESS CONTROL AND SECURE COMMUNICATION

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham

Monitoring Data Integrity while using TPA in Cloud Environment

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

A Digital Signature Scheme in Web-based Negotiation Support System

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Cryptographic Data Security over Cloud

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

Cloud Computing Security Issues and Access Control Solutions

SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTING SECURITY ENVIRONMENT

Fast Device Discovery for Remote Device Management in Lighting Control Networks

Data Storage Security in Cloud Computing

ISSN Vol.04,Issue.19, June-2015, Pages:

Efficient Nonce-based Authentication Scheme for. session initiation protocol

TELECOMMUNICATION NETWORKS

Research on Storage Techniques in Cloud Computing

Data Integrity by Aes Algorithm ISSN

International Journal of Advanced Research in Computer Science and Software Engineering

Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

A Road Map on Security Deliverables for Mobile Cloud Application


N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Complying with PCI Data Security

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Journal of Electronic Banking Systems

Data Security and Privacy in Cloud using RC6 Algorithm for Remote Data Back-up Server

Design and Implementation of Automatic Attendance Check System Using BLE Beacon

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

A Secure Decentralized Access Control Scheme for Data stored in Clouds

Security Analysis of Cloud Computing: A Survey

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Research Article Secure Authentication System for Hybrid Cloud Service in Mobile Communication Environments

(C) Global Journal of Engineering Science and Research Management

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Near Sheltered and Loyal storage Space Navigating in Cloud

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Security Policy Revision Date: 23 April 2009

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

HYBRID ENCRYPTION FOR CLOUD DATABASE SECURITY

Review of the Techniques for User Management System

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

The Epic Turla Operation: Information on Command and Control Server infrastructure

Securing Storage Data in Cloud Using RC5 Algorithm

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Information Security

A Research on Security Awareness and Countermeasures for the Single Server

Sync Security and Privacy Brief

Data Security Using Reliable Re-Encryption in Unreliable Cloud

Longmai Mobile PKI Solution

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

A Study on the Security of RFID with Enhancing Privacy Protection

Transcription:

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 Dual server-based secure data-storage system for cloud storage Woong Go ISAA Lab, Department of Information Security Engineering, Soonchunhyang University, Asan, Choongchungnam-do, Korea E-mail: wgo@sch.ac.kr Jin Kwak* Department of Information Security Engineering, Soonchunhyang University, Asan, Choongchungnam-do, Korea E-mail: jkwak@sch.ac.kr *Corresponding author Abstract: Users can access data that they store in cloud storage anytime and anywhere over a network. In the cloud storage paradigm, users data are stored in several distributed servers and virtualisation is applied in order to logically integrate those data. However, when users access their data in cloud storage, they directly access the server on which the data are physically stored. Thus, there is a potential threat of data loss due to a malicious attacker accessing the data. In order to solve this threat, we propose a data storage system that uses link and data servers. The link server does not store real data; it only has the address of the data and a symmetric key. The data server, on the other hand, has the real data and access information, and it can only be accessed via the link server. Keywords: cloud storage; data loss prevention; link server; data server. Reference to this paper should be made as follows: Go, W. and Kwak, J. (2014) Dual server-based secure data-storage system for cloud storage, Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, pp.86 90. Biographical notes: Woong Go received his BS and MS in Information Security from Soonchunhyang University, South Korea, in 2008 and 2010, respectively. He is currently a PhD candidate in the Information Security Application and Assurance Lab at Soonchunhyang University. His research interests include security of cloud computing, data management, and key distribution protocols. Jin Kwak received his BS (2000), MS (2003), and PhD (2006) from Sungkyunkwan University (SKKU) in Korea. Prior to joining the faculty at Soonchunhyang University (SCH) in 2007, he joined Kyushu University in Japan as a Visiting Scholar. After that, he served MIC (Ministry of Information and Communication, Korea) as a Deputy Director. Also, he has served as a Dean of DISE (2009 2010) and Vice-Dean of College of Engineering (2009) in SCH. Now he is a Professor at Department of Information Security Engineering (DISE) at SCH. His main research areas are cryptology, information security applications and information assurance. This paper is a revised and expanded version of a paper entitled Dual server-based secure data-storage system for cloud storage presented at the 1st International Conference on Convergence and its Applications, Korea, 10 12 July 2013. 1 Introduction In recent times, advances in science and technology have brought us many benefits. One of those is remote storage, in which users can access their data anytime and anywhere over a network. Cloud storage, a model of networked online storage in which data is stored in virtualised storage pools that are generally hosted by third parties, is the technology that has made this possible. It is a subservice of infrastructure as a service in cloud computing (Peng et al., 2012). In the cloud storage paradigm, data are usually stored in the storage areas of third-party companies instead of in a single host. Further, the data have to be managed and integrated into available resources for users to access. Thus, Copyright 2014 Inderscience Enterprises Ltd.

Dual server-based secure data-storage system for cloud storage 87 cloud storage is able to provide reliable, secure storage services at a low cost (Wu et al., 2012; Zeng et al., 2009). However, when data are stored in cloud storage, users cannot directly manage data. This means that users do not know where the data are and how many copies are stored in cloud storage. These issues can cause serious security concerns. If users want to delete data, they can delete some, but they cannot be sure that all the relevant data have been deleted. This results in user anxiety. In addition, a malicious attacker may find it easy to steal users data due to the existence of many copies (Wu et al., 2010). We therefore propose a data loss prevention scheme for cloud storage that uses a link server. This scheme uses two servers: A LINK server and a DATA server. The link server only has the address of the user s data, which are actually stored in the DATA server. The DATA server, on the other hand, has the user s real data and the data access information. The remainder of this paper is organised as follows: In Section 2, we briefly provide basic information about cloud storage. In Section 3, we discuss problems associated with the security of cloud storage. In Section 4, we present and describe our proposed scheme, and analyse it in Section 5. Finally, we summarise our research and conclude this paper in Section 6. 2 Cloud storage Cloud storage facilities utilise thousands of storage devices clustered by network, distributed file systems, and other storage middleware to provide cloud storage services to users. Cloud storage is typically structured in terms of elements such as storage resource pools, distributed file systems, service level agreements (SLAs), and service interfaces. Globally, they can be divided by physical and logical functional boundaries and relationships to provide more compatibility and interactions (Zeng et al., 2009). Figure 1 Cloud storage architecture (see online version for colours) There are hundreds of different cloud storage systems. Some have a very specific focus, such as storing web e-mail messages or digital pictures. Others are available to store all forms of digital data. Some cloud storage systems are small operations, while others are so large that the physical equipment used can fill up entire warehouses. The facilities that house cloud storage systems are called data centres (Wu et al., 2010; Gelogo and Lee, 2012). 3 Security problems 3.1 Management of data Cloud storage users store their data in remote cloud storage servers. This means that users cannot manage their data directly. Further, they do not know where the data physically reside and how many copies are stored in cloud storage. These management problems can cause serious problems (Rehman and Hussain, 2011). First, users cannot simply rely on the honesty of cloud-storage service providers. In other words, users cannot be sure that the data are stored securely. Consequently, security discomfort occurs from the use of cloud storage. The second concern is data deletion. When users want to remove the data, they cannot be sure that all the data have been removed because cloud storage services backup user s data in case they need to be restored. Therefore, there is a possibility that some copies of the data have not been deleted. 3.2 Data loss problem Cloud storage services store a user s data in remote servers, to which the user has access. This means that the address of the remote server is exposed to the outside. This is the same for the attacker s side. Thus, a malicious attacker can access a remote server in which real data are stored. If a malicious attacker accesses a remote server illegally, he can steal users data from the remote server (Lee, 2012). 4 Proposed scheme In this paper, we propose a scheme for cloud-storage data loss prevention. The scheme solves the problems outlined above by utilising two different servers: a LINK server and a DATA server. The LINK server stores several pieces of data consisting of a symmetric key for encryption/decryption, the physical address of the data, and message authentication code (MAC) to detect illegal modification. The DATA server stores user data that have been encrypted using the symmetric key and access information, ACC INF, for the data. ACC INF consists of counter, timestamp, and user access ID. Figure 2 gives an overview of our proposed scheme.

88 W. Go and J. Kwak Figure 2 Overview of our proposed scheme (see online version for colours) 4.1 Notation Table 1 outlines the notations we will use throughout this paper to discuss our proposed scheme. Table 1 Notation ID U DATA RQ(DATA) DATA INF ACC INF TS MAC LINK INF PRNG( ) PW CK SYK LK CT ACC TB SQ H( ) Notations used in our proposed scheme Description 4.2 LINK server User ID User s data Request data Data information Access information for data Timestamp Message authentication code Link information for data Pseudo random generation User password Pre-distributed key Symmetric key for data Encryption/decryption key for LINK information Counter value Table of access information Sequence number of data Hash function The LINK server has LINK information (LINK INF ) that is used to access a user s real data. The LINK information is as follows: LINK = E ( SYK LINK) MAC INF CK SYK is an encryption/decryption key for a symmetric algorithm, such as AES and 3-DES. This key is generated each time the data are stored; resulting in a different key for each set of data. Furthermore, in cloud storage there is no need to directly manage the symmetric key, and so there is no key management problem occurring. LINK has the real address of the user s data. This address includes the location of the server in which the data are stored and the physical address of the data. The user can access his/her real data using LINK information. SYK and LINK are encrypted using the user s password and a sequence number (assigned according to the order in which the data are stored). This sequence number is managed by the server, and thus, the server can decrypt the user s data normally. MAC is hash data associated with SYK and LINK. Cloud storage services can detect forged data using the MAC. 4.3 DATA server The DATA server has DATA information (DATA INF ), and LINK information (LINK INF ) referred to it. This server is accessible only via LINK information on the LINK server. Further, no one can access it directly over the network. The DATA information is as follows: DATA = ACC E ( DATA ) INF INF SYK ACC INF stores access information about the user s data; it is updated each time the data are accessed. This information consists of three elements: counter (CT, when a user accesses the data, the value of this counter is increased), timestamp (TS), and access ID (not owner ID). These three elements are computed using an exclusive-or operation. To detect illegal modifications, ACC INF is duplicated and managed separately by the server. Thus, if a malicious attacker attempts to modify this information, s/he will be denied. DATA is the user s real data. The data are encrypted using SYK on the LINK server. Therefore, only authorised users can decrypt SYK and DATA.

Dual server-based secure data-storage system for cloud storage 89 4.4 Data registration phase In the data registration phase, the user inputs his/her ID/PW ( IDU PW ) and data (DATA) in order to register the data. The cloud storage service then generates LINK and DATA information, which are stored on the LINK and DATA servers, respectively. The protocol used in this phase is outlined in Figure 3. 4.5 Data request phase In this phase, the user sends a request to the LINK server for his/her data. The LINK server then searches LINK INF and requests the user s data from the DATA server. Finally, the DATA server decrypts the user s data, and the user accesses the data via LINK. The protocol used in this phase is outlined in Figure 4. Figure 3 Protocol used in the data registration phase Figure 4 Protocol used in the data request phase

90 W. Go and J. Kwak 5 Analysis 5.1 Protection against data management problems Users cannot manage data directly, and they also do not know where data is stored or how many copies are stored in cloud storage. Consequently, users have to trust completely in the honesty of their cloud storage service provider. However, this is impossible. Our proposed scheme uses LINK information (LINK INF ) for data management. LINK INF comprises symmetric key (SYK), address of data (LINK), and MAC. A user can access his/her data using LINK, and determine where his/her data are stored. Thus, users do not simply have to trust completely in the honesty of their cloud storage service provider. Next, the access information parameter (ACC INF ) shows who accessed the user s data and how many times the data were accessed. Thus, users can check for illegal access to their data; which resolves the problems associated with data management. 5.2 Protection against illegal access Current cloud storage services allow users to access data directly from a remote server. This means that a malicious attacker can access a user s real data using illegal hacking, resulting in serious problems. In our proposed scheme, ACC INF is used to protect the data and detect illegal access. This information consists of counter (CT), timestamp (TS), and access user ID (ID U ). When the data are accessed, CT is increased and TS, and user ID are changed. These pieces of information are computed using an exclusive-or operation. In addition, the DATA server backs up this information and uses the backup to identify illegal modification. For example, if a malicious attacker modifies any element of ACC INF, the DATA server can detect that modification using the backup file. Further, the user can check the illegal access information using ACC INF. Attacker => ACCINF = CTA TSA ID A (uncorrected information) Server, User => Compare backup file and ACC ACCINF (from ACCTB ) = ACC INF Result of comparison is incorrect 5.3 Protection against data loss To prevent data loss, our proposed scheme encrypts user data using a symmetric key (SYK). This key is generated randomly, and SYK and LINK of ACC INF are encrypted using the encryption/decryption key (LK). This key is generated using the user s password (PW) and a sequence number (SQ). SQ is generated according to upload data sequences, whereas the LINK server manages and stores SQ. If anyone wants to access data, they need LINK from ACC INF. Thus, they need SYK and LK to decrypt and access? INF data. As a consequence, a malicious attacker not only needs LINK, but also PW or SQ from ACCINF. Acknowledgements This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korean government (MSIP) (No. 2012-010886). This work was supported by the Soonchunhyang University Research Fund. The authors declare that there is no conflict of interest regarding the publication of this article. 6 Conclusions In this paper, we proposed a dual server-based secure data storage scheme for cloud storage services. Our proposed scheme utilises two different servers: a LINK server and a DATA server. The LINK server has LINK INF, which comprises SYK, LINK, and MAC, while the DATA server stores DATA INF, which comprises ACC INF (CT, TS, and ID U ) and data encrypted using SYK. ACC INF is used to detect illegal access and illegal modifications. To protect user data in cloud storage, users are allowed direct access only to the LINK server. The DATA server can be accessed only through the LINK server. The above features provide security for cloud storage services. References Gelogo, Y.E. and Lee, S. (2012) Database management system as a cloud service, International Journal of Future Generation Communication and Networking, Vol. 5, No. 2, pp.71 76. Lee, K. (2012) Security threats in cloud computing environments, International Journal of Security and Its Applications, Vol. 6, No. 4., pp.25 32. Peng, Y., Zhao, W., Xie, F., Dai, Z., Gao, Y. and Chen, D. (2012) Secure cloud storage based on cryptographic techniques, The Journal of China Universities of Posts and Telecommunications, Vol. 19, No. 2, pp.182 189. Rehman, A.u. and Hussain, M. (2011) Efficient cloud data confidentiality for DaaS, International Journal of Advanced Science and Technology, Vol. 35, pp.1 10. Wu, J., Ping, L., Ge, X., Wang, Y. and Fu, J. (2010) Cloud storage as the infrastructure of cloud computing, International Conference on Intelligent Computing and Cognitive Informatics, Hangzhou, China, June, pp.380 383. Wu, T., Lee, W. and Lin, C.F. (2012) Cloud storage performance enhancement by real-time feedback control and deduplication, Wireless Telecommunications Symposium (WTS), Taipei, Taiwan, 1 5 April. Zeng, W., Zhao, Y., Ou, K. and Song, W. (2009) Research on cloud storage architecture and key technologies, Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, New York, USA, November, pp.1044 1048.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information