VOLUME 1, NUMBER 1, JUNE 2014 OPEN JOURNAL OF INFORMATION SECURITY AND APPLICATIONS Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing K. Mohammed Aaqib Ameen, A. Anny Leema Sekar* Department of Computer Applications, B. S. Abdur Rahman University, Chennai, India. *Corresponding author: annyleema@gmail.com Abstract: Cloud computing provides high end services to the user from various places over the Internet on an as per the user needs. An important feature of the cloud services is that users data are usually processed remotely in unknown machines that users do not own or operate by themselves. While users fear of losing control of their own data becomes a significant barrier to wider adoption of cloud services. To address this problem, hereby proposes an information accountability framework to keep track of the actual usage of the users data in the cloud accessed by various users. Bringing the JAR programmable capabilities to create a dynamic and traveling object (Java ARchieves), and to ensure that any access to user data will trigger authentication and automated logging local to the JARs. To strengthen users control, and to provide distributed auditing mechanisms our work is implemented which allows the data owner to edit his content as well as enforce back end protection if needed. Finally the experimental studies demonstrated the efficiency and effectiveness of the proposed approaches. Keywords: Clients and Cloud Storage Servers; JAR File Creation; Cloud Monitoring; Log Record Generation 1. Introduction Cloud computing is a subscription-based service where one can obtain networked storage space and computer resources. Cloud computing enables highly scalable services to be easily consumed over the Internet on an as per the user needs. A major feature of the cloud services is that users data are usually processed remotely in unknown machines that users do not own or operate. While users fears of losing control of their own data can become a significant barrier to wider adoption of cloud services. To address this problem, it proposes a novel highly decentralized information accountability framework to keep track of the actual usage of the users data in the cloud. Cloud Computing is an Internet-based computer technology. The ever cheaper and more powerful processors, together with the software as a service computing architecture, are transforming data centers into pools of computing services on a huge scale [1]. The increasing network bandwidth and reliable yet flexible network connections make it even possible that users can now subscribe high quality services from data and software that reside solely on remote data centers. The pioneer of Cloud Computing 1
vendors, Amazon Simple Storage Service and Amazon Elastic Compute Cloud are the internet-based online services provide huge amounts of storage space and customizable computing resources which eliminates the responsibility of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers for the availability and integrity of their data. Even though the cloud infrastructures are much more powerful and more reliable than personal computing devices, broad range of both internal and external threats to data integrity still exist. Examples of outages and data loss incidents of noteworthy cloud storage services appear from time to time. On the other hand, since users may not retain a local copy of outsourced data, there exist various incentives for cloud service providers (CSP) to behave unfaithfully towards the cloud users regarding the status of their outsourced data [2]. 2. Background Study Cloud computing has raised a range of important privacy and security issues. Such issues are due to the fact that, in the cloud, users data and applications reside at least for a certain amount of time on the cloud cluster which is owned and maintained by a third party. The authors present a layered architecture for addressing the end-to-end trust management and accountability problem in federated systems. The authors focus is very different from this, in that they mainly leverage trust relationships for accountability, along with authentication and anomaly detection. Further, their solution requires third-party services to complete the monitoring and focuses on lower level monitoring of system resources. R. Corin et al. (2005) proposes a language that allows agents to distribute data with usage policies in a decentralized architecture. In the framework, the compliance with usage policies is not enforced [3]. However, agents may be audited by an authority at an arbitrary moment in time. It designs a logic that allows auditing agents to prove their actions, and to prove their authorization to posses particular data. Accountability is defined in several areas, including agent accountability and data accountability. Finally, it shows the soundness of the logic. B. Chun et al. (2004) describes three key problems for trust management in federated systems and presents a layered architecture for addressing them [4]. The three problems it addresses include how to express and verify trust in a flexible and scalable manner, how to monitor the use of trust relationships over time, and how to manage and reevaluate trust relationships based on historical traces of past behavior. While previous work provides the basis for expressing and verifying trust, it does not address the concurrent problems of how to continuously monitor and manage trust relationships over time. These problems close the loop on trust management and are especially relevant in the context of federated systems where remote resources can be acquired across multiple administrative domains and used in potentially undesirable ways (e.g., to launch denial-of service attacks). A. Squicciarini et al. (2010) says Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. While cloud computing is expanding rapidly and used by many individuals and organizations internationally, data protection issues in the cloud have not been carefully addressed at current stage. Users fear of confidential data leakage and loss of privacy in the cloud may become a significant barrier to wider adoption of cloud services [5]. Q. Wang et al. (2009) states Cloud Computing has been envisioned as the next-generation architecture of IT Enterprise. It moves the application software and databases to the centralized large data centers, where the management of the data and services may not be fully trustworthy [6]. This unique paradigm brings about many new security challenges, which have not been well understood. This work studies the problem of ensuring the integrity of data storage in Cloud Computing. In particular, it considers the task of allowing a third party auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic 2
Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing data stored in the cloud. R. Jagadeesan et al. (2009) proposes Accountability Mechanisms, which rely on after-the-fact verification, are an attractive means to enforce authorization policies. In this project, it describes an operational model of accountability-based distributed systems. It describes analyses which support both the design of accountability systems and the validation of auditors for fumitory accountability systems [7]. The study provides formal foundations to explore the tradeoffs underlying the design of accountability Systems including: the power of the auditor, the efficiency of the audit protocol, the requirements placed on the agents, and the requirements placed on the communication infrastructure. The existing system has the following disadvantages: (1) Requires Third Party Services auditing; (2) Data integrity and confidentiality of user own data is not secure; (2) Highly Centralized System. 3. Proposed System The basic approach to addressing these issues is to leverage and extend the programmable capability of JAR (Java ARchives) files to automatically log the usage of the users data by any entity in the cloud. Users will send their data along with any policies such as access control policies and logging policies that they want to enforce, enclosed in JAR files, to cloud service providers. Any access to the data will trigger an automated and authenticated logging mechanism local to the JARs. This strong binding exists even when copies of the JARs are created; thus, the user will have control over the data at any location. It provides the JARs with a central point of contact which forms a link between them and the user. It records the error correction information sent by the JARs, which allows it to monitor the loss of any logs from any of the JARs. 3.1 Advantages of the Proposed System The Proposed system has the following advantages: (1) First time a systematic approach to data accountability through the novel usage of JAR files; (2) Platform independent and highly decentralized; (3) Proposed System is high Efficient, scalability and granularity. 3.2 Architectural Design The system architecture defines the structure of the developed system, which comprises different components or modules, their externally visible properties and the relationships among them. Fig.1 explains about the overall architecture diagram of our work. 3.3 Detailed Design Detailed Design will explain the software components in detail. This will help in the implementation of the system. Moreover, this will guide the further chances in the system to satisfy the future requirements. Fig.2 shows the hierarchical diagram of the system. The entire project is divided into six modules. The six modules include User Interface Design, Clients and Cloud Storage Servers, JAR File Creation, Cloud 3
Figure 1. Architectural Diagram Monitoring, Log Record Generation, Log Alerts. Figure 2. Hierarchical diagram of the proposed System 3.4 Module Descriptions 3.4.1 User Interface Design In this module user page is created using GUI, which acts as the media to connect user with the cloud and through which client is able to give request to the cloud and cloud server can send the response to the client. Hence communication is established between the client and cloud. In this page user is able to know about the overview of the whole application and having some link to get better knowledge about the whole application. The data flow diagram for user interface design is shown in Fig.3. 4
Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing Figure 3. Data Flow Diagram for User Interface Design Figure 4. Data Flow Diagram for Clients and Cloud storage servers 3.4.2 Clients and Cloud Storage Servers User credential is checked by the login page by receiving the username and password from the user and checked in the database whether to give request or not. Newest user is also added through user registration by taking all the important details like users name, gender, username, password, address, email id, phone no from the user. Here the cloud user also subscribe to the services offered by the cloud service provider. In this module remote storage is created in the remote location where the user is able to store the data based on storage cost. The data flow diagram for Client and Cloud Storage Servers is shown in Fig.4. 3.4.3 JAR File Creation Before data owner store the data in the cloud, it is compressed into a format known as JAR file which contains the original data to be stored as well as the control policy associated with the data (if any) to the cloud service provider specifying how the end user are authorized to access the content itself. The JAR file contains the user data item and the corresponding log file which is mainly responsible for authentication of entities which want to access the data stored in the file. This module reduces the space by compressing the files. The data in JAR file can be accessed without any intimation which is found during auditing. If someone is trying to download the JAR files it is recorded in the log files. This log files is send to the user through mail and the data owner will be aware 5
Figure 5. Screen shot for Main Page & Login Page of the status of his JAR file. The hacker trying to access the data in JAR file has to decrypt the file to get the actual data but it is a hectic task to break the encryption. 3.4.4 Cloud Monitoring of data usage In this module the data owner control rules are processed to access the data. After the data are received by the cloud service provider, the service provider will have granted access rights, such as read, write, and copy, on the data. In order to monitor the actual usage of the data in the cloud, some conventional novel logging and auditing techniques is used. Every access of the data is correctly, automatically and periodically inform to the user. 3.4.5 Log Record Generation In this module the log records are generated by the logger component. Any access to the data will trigger the logger component where access to the data can be found out and new log entries are appended in sequential order. The log record is generated with the content such as the username, the access time and date, the access locations, access type. 3.4.6 Log Alert The data owner will be alerted with the automatically generated log files about their data usage using two editing modes know as push and pull mode. In the push mode the owner will be triggered automatically 6
Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing Figure 6. Screen shot of Registration page Figure 7. Screen shot for Profile Page with the log files. Using this mode it can ensure the size of the log record and timely detection of the user access. In the Pull mode the data owner is allowed to request to retrieve the logs at any time when they want to check the recent access of their data items. 4. Implementation Implementation is the stage of the project where the theoretical design is turned out into a working 7
Figure 8. Screen shot for Uploading Page Figure 9. Screen shot for File Creation Page 8 system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective. The implementation stage involves careful planning, investigation of the existing system and its constraints on the implementation, designing of methods to achieve changeover and evaluation of changeover methods. The application is developed using Net Beans as front-end and SQL server is used as back-end. In this module user page is created using the GUI, which acts as the media to connect users with the cloud and through which client is able to give the request to the cloud and cloud server can send the response to the client. In this page user is able to know about the overview of the whole application and having some link to get better knowledge about the whole application. Fig. 5 depicts the screen shot for the main page and the login page of the application cloud Nephele. Fig.6 depicts the registration details about the fields required to open an account into the site Nephele. Fig.7 depicts the Profile of a User which holds the forms containing details like Name, username,
Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing Figure 10. Screen shot for View/Download Login Page password, email, mobile number, location, membership type, payment mode, date of account created. Fig.8 will have the JRE which contains Plugins to Add File, Remove File, Upload, and Create JAR. Fig.9 depicts the creation of JAR File where the list of files is uploaded and Compressed into a JAR File with Secure Logs. Fig.10 shows Fotolog available in the Nephele cloud web server, where all the shared files of the various users are made available to every user to view / download files. 5. Resulits And Conclusion The result of the work Enabling Public Accountability and Data Sharing for Storage Security in Cloud Computing is to keep track of the actual usage of the user s data in the cloud accessed by various users. Bringing the JAR programmable capabilities to create a dynamic and traveling object (Java ARchieves), and to ensure that any access to user data will trigger authentication and automated logging local to the JARs. The proposed innovative approaches allow the data owner to not only audit his content but also enforce strong back-end protection if needed. Moreover, one of the main features of our work is that it enables the data owner to audit even those copies of its data that were made without ones knowledge. References [1] M. S. Y. Krishna Mohanta and V. Khan, Data storage security in cloud computing, International Journal of Advanced Research Ensuring, vol. 1, no. 9, pp. 415 420, 2013. [2] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, Toward secure and dependable storage services in cloud computing, Services Computing, IEEE Transactions on, vol. 5, no. 2, pp. 220 232, 2012. [3] R. Corin, S. Etalle, J. den Hartog, G. Lenzini, and I. Staicu, A logic for auditing accountability in decentralized systems. Springer, 2005. [4] Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling public verifiability and data dynamics for storage security in cloud computing, in Computer Security ESORICS 2009, pp. 355 370, Springer, 9
2009. [5] R. Jagadeesan, A. Jeffrey, C. Pitcher, and J. Riely, Towards a theory of accountability and audit, in Computer Security ESORICS 2009, pp. 152 167, Springer, 2009. [6] D. J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigenbaum, J. Hendler, and G. J. Sussman, Information accountability, Communications of the ACM, vol. 51, no. 6, pp. 82 87, 2008. [7] S. Pearson, Y. Shen, and M. Mowbray, A privacy manager for cloud computing, in Cloud Computing, pp. 90 106, Springer, 2009. 10
About This Journal ISA is an open access journal published by Scientific Online Publishing. This journal focus on the following scopes (but not limited to): Access Control Authentication and Authorization Database Security E-Commerce Security Encryption and Decryption Grid Security Information Hiding and Watermarking Information Privacy Intrusion Detection Network Security OS Security Security Engineering Security for Personal Information Security Models Security Protocols Welcome to submit your original manuscripts to us. For more information, please visit our website: http://www.scipublish.com/journals/isa/ You can click the bellows to follow us: Facebook: https://www.facebook.com/scipublish Twitter: https://twitter.com/scionlinepub LinkedIn: https://www.linkedin.com/company/scientific-online-publishing-usa Google+: https://google.com/+scipublishsop SOP welcomes authors to contribute their research outcomes under the following rules: Although glad to publish all original and new research achievements, SOP can t bear any misbehavior: plagiarism, forgery or manipulation of experimental data. As an international publisher, SOP highly values different cultures and adopts cautious attitude towards religion, politics, race, war and ethics. SOP helps to propagate scientific results but shares no responsibility of any legal risks or harmful effects caused by article along with the authors. SOP maintains the strictest peer review, but holds a neutral attitude for all the published articles. SOP is an open platform, waiting for senior experts serving on the editorial boards to advance the progress of research together.