Optimized And Secure Data Backup Solution For Cloud Using Data Deduplication



Similar documents
DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

An Authorized Duplicate Check Scheme for Removing Duplicate Copies of Repeating Data in The Cloud Environment to Reduce Amount of Storage Space

Secure Hybrid Cloud Architecture for cloud computing

SURVEY ON DISTRIBUTED DEDUPLICATION SYSTEM WITH AUDITING AND IMPROVED RELIABILITY IN CLOUD Rekha R 1, ChandanRaj BR 2

Authorized data deduplication check in hybrid cloud With Cluster as a Service

ADVANCE SECURITY TO CLOUD DATA STORAGE

Implementation of Data Sharing in Cloud Storage Using Data Deduplication

ISSN: (Online) Volume 2, Issue 1, January 2014 International Journal of Advance Research in Computer Science and Management Studies

Secure cloud access system using JAR ABSTRACT:

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Data Deduplication Scheme for Cloud Storage

A Survey on Secure Auditing and Deduplicating Data in Cloud

Improving data integrity on cloud storage services

Secure Network Communications FIPS Non Proprietary Security Policy

Cryptographic Data Security over Cloud

Distributed Attribute Based Encryption for Patient Health Record Security under Clouds

A Secure & Efficient Data Integrity Model to establish trust in cloud computing using TPA

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

Security of Cloud Storage: - Deduplication vs. Privacy

Dashlane Security Whitepaper

A Proxy-Based Data Security Solution in Mobile Cloud

Data management using Virtualization in Cloud Computing

365 Cloud Storage. Security Brief

SecureDoc Disk Encryption Cryptographic Engine

Overview. SSL Cryptography Overview CHAPTER 1

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

Peer-to-peer Cooperative Backup System

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

IDENTIFYING AND OPTIMIZING DATA DUPLICATION BY EFFICIENT MEMORY ALLOCATION IN REPOSITORY BY SINGLE INSTANCE STORAGE

Journal of Electronic Banking Systems

Security Analysis of Cloud Computing: A Survey

Secure Deduplication and Data Security with Efficient and Reliable Convergent Key Management

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

CRYPTOGRAPHY AS A SERVICE

Savitribai Phule Pune University

Review On Deduplicating Data and Secure Auditing in Cloud

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Comprehensive Study on Data Security in Cloud Data Store

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

EMC DATA DOMAIN ENCRYPTION A Detailed Review

How To Ensure Data Integrity In Clouds

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

Data Integrity by Aes Algorithm ISSN

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING

IMPLEMENTATION OF SOURCE DEDUPLICATION FOR CLOUD BACKUP SERVICES BY EXPLOITING APPLICATION AWARENESS

INTENSIVE FIXED CHUNKING (IFC) DE-DUPLICATION FOR SPACE OPTIMIZATION IN PRIVATE CLOUD STORAGE BACKUP

Secure Keyword Based Search in Cloud Computing: A Review

Analyzing the Security Schemes of Various Cloud Storage Services

A Survey on Aware of Local-Global Cloud Backup Storage for Personal Purpose

Verifying Correctness of Trusted data in Clouds

CS 356 Lecture 28 Internet Authentication. Spring 2013

SECURE RE-ENCRYPTION IN UNRELIABLE CLOUD USINGSYNCHRONOUS CLOCK

CRYPTOGRAPHIC SECURE CLOUD STORAGE MODEL WITH ANONYMOUS AUTHENTICATION AND AUTOMATIC FILE RECOVERY

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

FileCloud Security FAQ

Data Integrity Check using Hash Functions in Cloud environment

Data Security Using Reliable Re-Encryption in Unreliable Cloud

Research Paper on Data Integrity Checking In Cloud Computing

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Enhancing Data Integrity in Cloud Storage by Ensuring Maximum Availability

A Survey on Deduplication Strategies and Storage Systems

An Efficiency Keyword Search Scheme to improve user experience for Encrypted Data in Cloud

DNS must be up and running. Both the Collax server and the clients to be backed up must be able to resolve the FQDN of the Collax server correctly.

M. Nathiya 2 B.Tech. (IT), M.E. (CSE), Assistant Professor, Shivani Engineering College, Trichy, Tamilnadu, India.

How To Get To A Cloud Storage And Byod System

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

ISSN Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

A Secure and Dependable Cloud Storage Service in Cloud Computing

A Novel Re-Authentication Scheme on Cloud Based Storage Services T.G.V.V.Srinivas 1, P.Suresh Babu 2 1 Final M.Tech Student, 2 Associate professor

Enterprise Backup Overview Protecting Your Most Important Asset

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

Transcription:

RESEARCH ARTICLE OPEN ACCESS Optimized And Secure Data Backup Solution For Cloud Using Data Deduplication Siva Ramakrishnan S( M.Tech ) 1,Vinoth Kumar P (M.E) 2 1 ( Department Of Computer Science Engineering, SRM University, Chennai) 2 ( Assistant Professor,Department Of Computer Science Engineering, SRM University, Chennai) -------------------------**********************-------------------- Abstract: In the advent of cloud computing technology, more and more customers are adopting a Cloud based approach for their infrastructure requirements which is being offered as an Infrastructure as a service model (IAAS).We will be presenting a model consisting of shared and dedicated storage which is differentiated by the cost involved in the services as well as the security mechanisms involved. Users can store the files either in a dedicated storage spaces which is highly secure as it is not physically shared among any other cloud users or opt to store the files securely in a shared storage along with files from other cloud users. The infrastructure involves both dedicated and shared storage spaces, the user has the option to mandatorily store the file only in the dedicated storage or leave it to the system to decide the services to be used. In a cloud scenario security is a major concern as multiple users may use the same infrastructure. So we present an approach where we encrypt the data with a convergent key which is obtained by hashing the data copy. The users can retain the keys and send the cipher text to cloud after the key generation and encryption. Multiple users who own the same file would generate the same hash value, convergent key and the same cipher text. Users are provided with a pointer from the server, so the user need not upload the same file again. Keywords: - cloud computing; Deduplication; Convergent Encryption; Shared Storage, Dedicated Storage -------------------------**********************-------------------- Introduction: Though cloud computing has greatly reduced the cost involved in infrastructure spending, one can save valuable storage spaces at the public cloud by leveraging the concepts of deduplication and convergent encryption to greatly enhance the security in a cloud based setup. Infrastructure involves a setup which consists of two modes of storage Shared and dedicated storage. Shared storage are storage spaces constituted of RAID disks which are shared among other cloud users but partitioned in such a way that users cannot see other user files. Dedicated storage are storage spaces which are built from RAID disks which are not shared with other users. The difference between the two services is the cost involved, for example say a cloud vendor may charge 10$ for 1 GB of dedicated storage, whereas the same vendor would charge 5 $ for 1 GB of shared storage.this is a win-win scenario for both the vendor and the user as the ISSN: 2394-2231 http://www.ijctjournal.org Page 40

user wins by paying less for the non-critical data by sharing the underlying storage among other users and the vendor wins as the system cost is shared by multiple cloud users. The user has the option to mark the file as confidential and make it mandatory to save the file in the dedicated storage. If the file is not marked as confidential the system decides where to store file in shared or dedicated storage, here we implement the concept of deduplication to check for duplicated files among multiple cloud users and store the file only once in the shared storage space. Security has always been a concern with cloud infrastructure so we introduce encryption in Deduplication, Traditional encryption requires different users to encrypt their data with their own keys. So identical data copies from different users will result in different cipher texts, making deduplication impossible. Convergent encryption [2] has been proposed to enforce data confidentiality while making deduplication feasible..preliminaries: In this section, we first define the notations used in this paper, the notations used in this paper are listed In TABLE 1. Acronym Description S-CSP Secure-cloud service provider PoW Proof of Owner (plu, slu) User s public and secret key pair LF Convergent encryption key for file F P1U Privilege set of a user U P1F Specified privilege set of a file F ϕ F,p1Token of file F with privilege p1 KeySE(1λ)! L is the key generation algorithm That generates l using security parameter 1λ; EnSE(l,M)! C is the symmetric encryption algorithmthat takes the secret l and message M and Then outputs the ciphertext C; and DeSE(κ,C)! M is the symmetric decryption algorithm that takes the secret land ciphertext C and then outputs the original message M. Convergent Encryption: Convergent encryption is achieved by deriving the convergent key from each original data copy and encrypts the data copy with the convergent key. Also a tag is derived for the data copy by the users, the tag will be used to detect the duplicate copies. We conclude that the two data are the same when their tags are the same. The user first sends the tag to the server first to check for duplicate copies and verify if identical copies are already stored on the server. The convergent key and tag are independently derived and the convergent key cannot be found from the tag. Proof of Ownership: Proof of ownership allows the users to prove their ownership of the copies of the data to the secure cloud service provider(s-scp) it is an interactive algorithm which executed by a prover who is the user and the verifier the storage server in this case. ϕ(m) is a short value derived from the data copy by the user. The prover needs to send ϕ to the verifier such that ϕ = ϕ(m). The proof of ownership almost follows the threat model in a content distribution network where the entire file is not known to the attacker but has the accomplices who have the file. Identification Protocol: The two phases of identification protocol are Proof and Verify. In Proof stage a user can demonstrate his identity to a verifier by performing identification proof related to his identity. The user inputs private key slu which is sensitive like a private key of a public key in his certificate, which the user does not like to share. The verification is done by the verifier with input of the public information plu related ISSN: 2394-2231 http://www.ijctjournal.org Page 41

to slu. The verifier outputs accept or reject to denote proof is passed or not. System Model: At a high level our setting of interest is a small and medium business (SMB) consisting of group of affiliated clients say employees of a company who will use the S-CSP and store data with a deduplication technique. This technique is mostly used as data backup solutions and disaster recovery applications to reduce the storage space greatly. There are four entities defined in our system, that is, users, and Shared storage, dedicated Storage and S-CSP in public cloud as shown in Fig 1. The Secure cloud service provider performs deduplication by checking if the contents of two files are same and stores only any one of them. The right to access a file is defined based on a set of privileges. The definition of a privilege varies across various applications. For example, we may define role based privilege according to the job Positions (e.g., Director, Project Head, and Technical Engineer), or we may define a time-based privilege that specifies a valid time period (e.g., 2015-01-01 to 2015-01-31) within which a file be accessed. Each privilege of the user is represented in the form of a short Message called a token. Every file is associated with file tokens, which denotes the tag with the specified privileges. User computes and sends duplicate-check tokens to the public cloud for authorized duplicate check. Implementation: Figure 1 System Model The implementation involves a prototype of the proposed system where we model three modules as separate C++ programs.a client program is used for file upload whereas a private server program is used to model private cloud which manages the private keys and file tokens. Cryptographic opeartions of hashing and encryption are implemented by open ssllibrary[4], the inter communication between modules is based on http using GNU Linmicrohttpd and libcur The following function calls are invoked in order to support token generation and deduplication process along with the file upload procedure. * FileTag(ile) - SHA-1 hash of the File is computed as file tag. TokenReq(Tag, UserID) the private server is requested for file token generation with user ID and File tag. DupCheckReq(Token) duplicate check of the file is done by sending the file token received from private server. ISSN: 2394-2231 http://www.ijctjournal.org Page 42

ShareTokenReq(Tag, {Priv.}) the private server is requested to generate share file token with file tag and target sharing privilege set. FileEncrypt(File) This function call encrypts the file with convergent encryption using 256 AES algorithm in cipher block chaining mode where the convergent key id SHA-256 hashing from the file. FileUploadReq(FileID, File, Token) This function call uploads the file data to the storage server if the file is unique and the file token stored is updated.the implementation of our private server includes request handlers for token generation and maintains key storage with hash map. TokenGen(Tag, UserID) - This function call loads the associated privilege keys of the user and generate the token along with HMAC-SHA- 1 algorithm; Evaluation: Authorization steps like file token generation along with share token generation produces certain overhead, which is compared with the convergent encryption and share token generation. The evaluation is based on varying different overhead factors like 1) number of files stored 2) File Size 3) privilege set size 4) deduplication ratio. The evaluation was done with three machines of the below configuration with an Inter I5 2.66 Ghz CPU with 4 GB of RAM and installed with Ubuntu 14.04 connected over a 100 Mbps Ethernet network. The upload process is broken in to six steps namely, * Tagging * Token generating * Deduplication check *Sharetoken generation * Encryption and * Transfer. Conclusion: In this paper, the concept of convergent encryption was proposed in a public cloud infrastructure which enables the users to securely transfer the files to and fro from the Public cloud storage provider, we also had space savings by imposing Data deduplication techniques to the files which are redundantly stored by different users from different companies. The security analysis shows that our scheme is secure in terms of outsider attacks. As a proof of concept, A prototype has been implemented for proposed authorized deduplicate check scheme. The proposed model would lead to greater cost saving in a small and medium business setup as we store only confidential data in the dedicated storage space which is costlierthan the shared storage space where we store all possible redundantdata from the same company users as well as other company users. Also the implementation is secure to the extent that the users don t have to worry about security attacks or loss of information. Acknowledgements: This paper is an extended version of [1] submitted on the category of Parallel and Distributed Systems, IEEE Transactions on (Volume:PP, Issue: 99 ) References: [1] A Hybrid Cloud Approach for Secure Authorized Deduplication Jin Li, Yan Kit Li, Xiaofeng Chen, Patrick P. C. Lee, Wenjing Lou [2] J. R. Douceur, A. Adya, W. J. Bolosky, D. Simon, and M. Theimer.Reclaiming space from duplicate files in a serverless distributed file system. In ICDCS, pages 617 624, 2002. [3] M. Bellare, S. Keelveedhi, and T. Ristenpart. Message-locked encryption and secure deduplication. In EUROCRYPT, pages 296 312, 2013. [4] OpenSSL Project. http://www.openssl.org/. ISSN: 2394-2231 http://www.ijctjournal.org Page 43

[5] R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman.Role-based access control models. IEEE Computer, 29:38 47, Feb1996. [6] R. D. Pietro and A. Sorniotti. Boosting efficiency and securityin proof of ownership for deduplication. In H. Y. Youm andy. Won, editors, ACM Symposium on Information, Computer andcommunications Security, pages 81 82. ACM, 2012. ISSN: 2394-2231 http://www.ijctjournal.org Page 44

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information