Secret Sharing based on XOR for Efficient Data Recovery in Cloud



Similar documents
A token-based authentication security scheme for Hadoop distributed file system using elliptic curve cryptography

DATA SECURITY MODEL FOR CLOUD COMPUTING

International Journal of Advance Research in Computer Science and Management Studies

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Efficient Data Replication Scheme based on Hadoop Distributed File System

METHOD OF A MULTIMEDIA TRANSCODING FOR MULTIPLE MAPREDUCE JOBS IN CLOUD COMPUTING ENVIRONMENT

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

NoSQL and Hadoop Technologies On Oracle Cloud

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Cyber Forensic for Hadoop based Cloud System

HDFS Space Consolidation

Fully homomorphic encryption equating to cloud security: An approach

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

THE HADOOP DISTRIBUTED FILE SYSTEM

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Scalable Multiple NameNodes Hadoop Cloud Storage System

Detection of Distributed Denial of Service Attack with Hadoop on Live Network

Volume 3, Issue 6, June 2015 International Journal of Advance Research in Computer Science and Management Studies

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

MinCopysets: Derandomizing Replication In Cloud Storage

Distributed File Systems

A NEW APPROACH TO ENHANCE SECURITY IN MPLS NETWORK

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

Schnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania

Hadoop Architecture. Part 1

Storage and Retrieval of Data for Smart City using Hadoop

Lecture 5: GFS & HDFS! Claudia Hauff (Web Information Systems)! ti2736b-ewi@tudelft.nl

Big Data and Hadoop with components like Flume, Pig, Hive and Jaql

Research Article Hadoop-Based Distributed Sensor Node Management System

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) PERCEIVING AND RECOVERING DEGRADED DATA ON SECURE CLOUD

Distributed File System. MCSN N. Tonellotto Complements of Distributed Enabling Platforms

Comparative analysis of mapreduce job by keeping data constant and varying cluster size technique

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

Role Based Encryption with Efficient Access Control in Cloud Storage

CS 758: Cryptography / Network Security

Highly Available Hadoop Name Node Architecture-Using Replicas of Name Node with Time Synchronization among Replicas

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Application-Specific Biometric Templates

A Proxy-Based Data Security Solution in Mobile Cloud

The Misuse of RC4 in Microsoft Word and Excel

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

Strengthen RFID Tags Security Using New Data Structure

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

DATA SECURITY IN CLOUD USING ADVANCED SECURE DE-DUPLICATION

Hadoop Big Data for Processing Data and Performing Workload

A Study on Data Analysis Process Management System in MapReduce using BPM

Client Server Registration Protocol

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

Processing of Hadoop using Highly Available NameNode

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Signature Amortization Technique for Authenticating Delay Sensitive Stream

Snapshots in Hadoop Distributed File System

A REVIEW: Distributed File System

A Fully Homomorphic Encryption Implementation on Cloud Computing

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

A Factoring and Discrete Logarithm based Cryptosystem

PLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.


Providing Data Protection as a Service in Cloud Computing

Securing MANET Using Diffie Hellman Digital Signature Scheme

FAREY FRACTION BASED VECTOR PROCESSING FOR SECURE DATA TRANSMISSION

Information Security

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

CLOUD COMPUTING USING HADOOP TECHNOLOGY

Improving data integrity on cloud storage services

R.K.Uskenbayeva 1, А.А. Kuandykov 2, Zh.B.Kalpeyeva 3, D.K.Kozhamzharova 4, N.K.Mukhazhanov 5

High-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago

Strengthen Cloud Computing Security with Federal Identity Management Using Hierarchical Identity-Based Cryptography

CLOUDDMSS: CLOUD-BASED DISTRIBUTED MULTIMEDIA STREAMING SERVICE SYSTEM FOR HETEROGENEOUS DEVICES

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

A low-cost Alternative for OAEP

Development of CEP System based on Big Data Analysis Techniques and Its Application

Apache Hadoop FileSystem and its Usage in Facebook

Volume 3, Issue 2, February 2015 International Journal of Advance Research in Computer Science and Management Studies

Monitoring Data Integrity while using TPA in Cloud Environment

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

Data Security Strategy Based on Artificial Immune Algorithm for Cloud Computing

Big Data Storage Architecture Design in Cloud Computing

SCADA System Security, Complexity, and Security Proof

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

A secure login system using virtual password

Hadoop: A Framework for Data- Intensive Distributed Computing. CS561-Spring 2012 WPI, Mohamed Y. Eltabakh

Distributed Metadata Management Scheme in HDFS

Role of Cloud Computing in Big Data Analytics Using MapReduce Component of Hadoop

Mutual Authentication Cloud Computing Platform based on TPM

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Transcription:

Secret Sharing based on XOR for Efficient Data Recovery in Cloud Computing Environment Su-Hyun Kim, Im-Yeong Lee, First Author Division of Computer Software Engineering, Soonchunhyang University, kimsh@sch.ac.kr *,Corresponding Division of Computer Software Engineering, Soonchunhyang University, imylee@sch.ac.kr Abstract Cloud computing has been receiving increasing attention recently. Despite this attention, security is the main problem that still needs to be addressed for cloud computing. In general, a cloud computing environment protects data by using distributed servers for data storage. When the amount of data is too high, however, different pieces of a secret key (if used) may be divided among hundreds of distributed servers. Thus, the management of a distributed server may be very difficult simply in terms of its authentication, encryption, and decryption processes, which incur vast overheads. To address this problem, we propose a system where distributed data are stored on distributed servers that organize or communicate with a user via a XOR-based construction of threshold technique.. Introduction Keywords: Cloud Computing, XOR, Distribute Storage Interest in cloud computing is increasing around the world and a significant amount of research is being conducted in this area. Many companies are interested in cloud computing because it should allow extension into various areas and the efficient use of computing power with the growth of IT technology. However, one of the most critical issues preventing companies from introducing cloud computing environments is the problem of security. Cloud computing service providers have improved security by using various measures to protect user data; however, users cannot be completely confident about their data storage security and its management by the providers. In addition, the data stored on distributed servers may be easier targets for malicious users than data exposed on communication networks. Therefore, user data are stored in an encrypted form in most cloud systems. Data are stored on several distributed servers in typical cloud computing environments to protect the user data. However, problems may arise due to data leaks if data are stored on distributed servers without encryption processes, which may occur if the distributed file locations stored on the master server are traced. The encryption of distributed data using secret keys is necessary to prevent this problem. However, the data may be divided into several tens or hundreds of pieces when large amounts of data are used. If each different key is applied to each individual distributed server that stores the data, this presents difficulties in terms of management and it incurs huge overheads due to the countless processes involved with its certification, encryption, and decryption on distributed servers. This study presents a technique for collecting data pieces more effectively to address these problems. To address this problem, we propose a system where distributed data are stored on distributed servers that organize or communicate with a user via a XOR-based construction of threshold technique. The remainder of this paper is organized as follows. Section introduces related techniques to help readers understand the technique presented in this study. Section explains the basic requirements for the security of cloud computing environments. Section 4 presents the proposed method in greater detail. Section 5 analyzes the safety of the proposed method. Finally, Section 6 provides concluding remarks about this proposed method and directions for future study. This research was supported by the MKE(The Ministry of Knowledge Economy), Korea, under the ITRC(Information Technology Research Center)) support program (NIPA--H--) supervised by the NIPA(National IT Industry Promotion Agency). This work was supported by the Soonchunhyang University Research Fund. Journal of Next Generation Information Technology(JNIT) Volume 4, Number 8, October 48

. Related Work This section introduces related techniques and existing methods to help readers understand the technique proposed in this study... Google File System (GFS) The Google File System (GFS) was developed to store large amounts of data, and it is optimized for core data storage and search engines. GFS stores large amounts of data that are distributed throughout many low-cost storage servers. The GFS structure consists of a master server and multiple chunk servers. In addition, the data are separated into 64 MB units and stored in several chunk servers. The master server assigns a unique 64-bit label to each server at the creation point and maintains the connection by logical mapping. However, there is a limit to the number of measures required to address the possible failures that occur frequently due to the use of a large number of chunk servers... Apache Hadoop Distributed File System (HDFS) HDFS is a file system that can be implemented on existing hardware systems, which has many similarities to existing distributed file systems. However, this system also has many differences, including its high failure recovery feature and a design that is applicable to low cost hardware. HDFS is used widely for distributed file systems and it forms the basis of cloud computing platforms for global IT companies such as Amazon, IBM, and Yahoo. A review of the highlighted items in the design and implementation of HDFS showed that most are identical to GFS, although the major difference was that JAVA was used for implementation to simplify portability between platforms. The use of JAVA with its high portability provides advantages when implementing HDFS in servers that supporting JAVA []... Writing data in HDFS cluster HDFS Client requests to store data in NameNode. NameNode searches the location of data storage. It sends the address of DataNode to save the data to the Client. The Client sends data blocks to the first DataNode. Once data is transmitted, it composes one pipeline and copies it at the same time. When the storage (saving) completes, it sends completion message to NameNode. NameNode stores the saved information. Figure. Writing data in HDFS cluster 49

Secret Sharing based on XOR for Efficient Data Recovery in Cloud Computing Environment. Security Requirements One of the core mechanisms used by cloud computing is data encryption via key management. A failure in the key storage server can make data access impossible; hence, research into key management methods is essential. The following security requirements are needed to prevent various failures. Safe Key Storage: as with other types of sensitive data, the key must be protected during storage, transmission, and back-up processes. Inadequate key storage could destroy all of the encrypted data. Key Storage Access: the access to key storage should be limited only to those entities who require private keys. The key storage management policy should also maintain separate access control. The entity used to provide the keys should be different from the entity used to store the keys. Key Back-up and Recovery: a lost key inevitably leads to a loss of data, which is an effective way of destroying data. The accidental loss of a key can also lead to major losses for a business. Therefore, safe back-up and recovery solutions must be implemented. Confidentiality: data communications between the storage server and a client terminal should only be verified using legitimate objects. Authentication: the legitimacy of a storage server where the data is distributed and stored should only be verifiable by a legitimate object recognition client. Availability: certification and secrecy should be performed at a fast rate to ensure availability for transmitting large amounts of data. Computational Efficiency: only the minimum number of computations should be performed to reduce frequent overheads on the client terminals and cloud servers. 4. Proposed Scheme 4.. Data storage and error recovery Cloud computing environment overall, was designed based on HDFS of Apach. The cloud computing environment, will be distributed saving is divided into blocks of 8MB for the data storage capacity. It has been stored in the form of text data stored in the distributed storage server is not encrypted, when the distributed storage server is taken by an attacker, the problem of some data is exposed as it occurs. Figure. Distributed data storage phase 5

HDFS propose to the user encrypted to prevent an attack, but the system itself is not provided. We use Chaning of CBC mode is one of the block encryption mode proposed method of this paper. The original data block is converted into a data block of random. Parity block is generated as shown in equation (). C i... C n ~ n ~ n i n () If an error occurs in the original data blocks, a parity block generated is able to recover the original data block. Steps to generate and recover the data block are as follows(fig. ). -Process of generating the C C C C -Process of recovery the D D C D 4. Data Piece Collection Step If a request is received from a user, a collection process is required for the distributed data. The distributed servers are physically and logically separated from the master server; hence, the certifications of all the individual distributed servers should be provided secretly to the communication networks while transmitting the data pieces. However, the use of an existing public key encryption system is very inefficient in terms of its cost and computation. Therefore, this study proposes a method for more efficient communication by applying group signcryption[6]. Step : The storage server can encrypt using signcryption. random x x w yis mod p k G( r H ( m,server_info, s x /( r xss ) mod q c Ek ( m) ( m E ( data)) K D Step : Users receive messages from the storage server that are approved by signcryption and they verify the storage server and the encryption of messages by unsigncryption. The user receives c, r, and s, distinguishes message w from m, and compares them with the received r value to verify that they are correct using unsigncryption. r s xis w ( yss g ) mod p k G( m k ( c) if ( r? H ( m,server_info, 5

5. Efficiency Analysis The technique proposed in this study ensures that a system is protected from attackers, because they cannot acquire. 5.. Calculation Efficiency The application of the signcryption technique proposed in this study delivered a minimum efficiency of 7% in terms of its overheads compared with existing methods of encryption after a signature is acquired using public and symmetric keys[5]. The group signcryption application also facilitates more efficient key management for users. The user data are divided into many pieces and stored on storage servers by the master server. If a user request is received for data, a collection process is required for the distributed data. The storage servers are physically and logically separated from the master server, so the certifications for all of the individual distributed servers should be provided secretly in the communication networks used during the transmission of the data pieces. The use of an existing public key encryption system is very inefficient in terms of its costs and computations. 5.. Authentication and Confidentiality The user data are divided into many pieces and stored on storage servers by the master server. If a user request is received for data, a collection process is required for the distributed data. The storage servers are physically and logically separated from the master server, so the certifications for all of the individual distributed servers should be provided secretly in the communication networks used during the transmission of the data pieces. The use of an existing public key encryption system is very inefficient in terms of its costs and computations. 6. Conclusion The management of a distributed server may be very difficult simply in terms of its authentication, encryption, and decryption processes, which incur vast overheads. To address this problem, we propose a system where distributed data are stored on distributed servers that organize or communicate with a user via a XOR-based construction of threshold technique. A more detailed comparative analysis should be made of existing methods and the method proposed in this paper using a simulation that considers various environmental factors. 7. References [] K. Shvachko, H. Huang, S. Radia, R. Chansler, The hadoop distributed file system, in: 6th IEEE (MSST) Symposium on Massive Storage Systems and Technologies, May,. [] A.Shamir, "How to share a Secret", Communications of the ACM. Vol., No., pp. 6-, 979. [] C. Cachin, "On-line Secret Sharing", Cryptography and Coding, LNCS Vol.5, pp.9-98, 995. [4] Raghu Rmakrishnan, "Sherpa: Cloud Computing of the Third Kind," Data- Intensive Computing Symposium, 8. [5] Y. Zheng, Digital signcryption or how to achieve cost(signature & encryption) << cost(signature)+ cost(encryption), in Advanced in Cryptology CRYPTO 97 Proceedings, LNCS Vol. 94, pages 65 79, Springer Verlag, 997. [6] D. Kwak and S. Moon. Effcient distributed signcryption scheme as group signcryption. In:Applied Cryptography and Network Security (ACNS ), LNCS 846, Springer-Verlag, pages 4-47,. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information