11-12-2012, 02:09 PM
Automatic Protocol Blocker for Privacy-Preserving Public Auditing in Cloud Computing
Automatic Protocol Blocker.pdf (Size: 349.5 KB / Downloads: 55)
Abstract
Cloud Computing is the long dreamed vision of computing as a
utility, where users can remotely store their data into the cloud so
as to enjoy the on-demand high quality applications and services
from a shared pool of configurable computing resources. By data
outsourcing, users can be relieved from the burden of local data
storage and maintenance. However, the fact that users no longer
have physical possession of the possibly large size of outsourced
data makes the data integrity protection in Cloud Computing a
very challenging and potentially formidable task, especially for
users with constrained computing resources and capabilities. Thus,
enabling public auditability for cloud data storage security is of
critical importance so that users can resort to an external audit
party to check the integrity of outsourced data when needed. To
securely introduce an effective Third Party Auditor (TPA), the
following two fundamental requirements have to be met: 1) TPA
should be able to efficiently audit the cloud data storage without
demanding the local copy of data, and introduce no additional
on-line burden to the cloud user; 2) The Third Party Auditing
process should bring in no new vulnerabilities towards user data
privacy. In this paper we are extending the previous system by
using automatic blocker for privacy preserving public auditing
for data storage security in cloud computing.
Introduction
Cloud Computing has been envisioned as the next-generation
architecture of IT enterprise, due to its long list of unprecedented
advantages in the IT history: on-demand self-service, ubiquitous
network access, location independent resource pooling, rapid
resource elasticity, usage-based pric-ing and transference of risk
[1]. As a disruptive technology with profound implications, Cloud
Computing is transforming the very nature of how businesses use
information technology. One fundamental aspect of this paradigm
shifting is that data is being centralized or outsourced into the
Cloud. From users’ perspective, including both individuals and
IT enterprises, storing data remotely into the cloud in a flexible
on-demand manner brings appealing benefits: relief of the burden
for storage management, universal data access with independent
geographical locations, and avoidance of capital expenditure on
hardware, software, and personnel maintenances, etc [2].
Related Work
Ateniese et al. [7] are the first to consider public auditability
in their defined “Provable Data Possession” (PDP) model for
ensuring possession of data files on untrusted storages. Their
scheme utilizes the RSA-based homomorphic authenticators for
auditing outsourced data and suggests randomly sampling a few
blocks of the file. However, the public auditability in their scheme
demands the linear combination of sampled blocks exposed to
external auditor. .When used directly, their protocol is not provably
privacy preserving, and thus may leak user data information to
the auditor. Juels et al. [12], describe a “Proof of Retrievability”
(PoR) model, where spot-checking and error-correcting codes
are used to ensure both “possession” and “retrievability” of data
files on remote archive service systems. However, the number of
audit challenges a user can perform is a fixed priori, and public
auditability is not supported in their main scheme. Although they
describe a straightforward Merkle-tree construction for public
PoRs, this approach only works with encrypted data. Shacham et
al. [11], design an improved PoR scheme built from BLS signatures
with full proofs of security in the security model defined in [12].
Similar to the construction in [7], they use publicly verifiable
homomorphic authenticators that are built from provably secure
BLS signatures. Based on the elegant BLS construction, public
retrievability is achieved. Again, their approach does not support
privacy-preserving auditing for the same reason as [7]. Shah et al.
[8,13], propose allowing a TPA to keep online storage honest by
first encrypting the data then sending a number of pre-computed
symmetric-keyed hashes over the encrypted data to the auditor.
Proposed System
In the introduction we motivated the public auditability with
achieving economies of scale for cloud computing. This section
presents our public auditing scheme for cloud data storage
security.
We start from the overview of our public auditing system and
discuss two straightforward schemes and their demerits. Then
we present our main result for privacy-preserving public auditing
to achieve the aforementioned design goals. We also show how
to extent our main scheme to support batch auditing for TPA
upon delegations from multi-users.Finally we adopt the automatic
blocker at the cloud server, whenever a unauthorized user access the
users data from cloud storage, the system runs an tiny application
to monitor the user inputs, it matches to give access otherwise
does not give user access by blocking the protocols.
Framework of Public Auditing System
We follow the similar definition of previously proposed schemes in
the context of remote data integrity checking [7, 11, 12] and adapt
the framework for our privacy-preserving public auditing system.
A public auditing scheme consists of five algorithms (KeyGen,
SigGen, GenProof, VerifyProof,protocol verifier). KeyGen is a key
generation algorithm that is run by the user to setup the scheme.
SigGen is used by the user to generate verification metadata, which
may consist of MAC, signatures, or other related information that
will be used for auditing. GenProof is run by the cloud server to
generate a proof of data storage correctness, while VerifyProof is
run by the TPA to audit the proof from the cloud server, protocal
verifier is used by the cloud server .
Our public auditing system can be constructed from the above
auditing scheme in three phases, Setup, Audit,Pblock:
– Setup: The user initializes the public and secret parameters of
the system by executing KeyGen, and pre-processes the data file
F by using SigGen to generate the verification metadata. The user
then stores the data file F at the cloud server, delete its local copy,
and publish the verification metadata to TPA for later audit. As part
of pre-processing, the user may alter the data file F by expanding
it or including additional metadata to be stored at server.
The Privacy-Preserving Public Auditing Scheme
To achieve privacy-preserving public auditing, we propose to
uniquely integrate the homomorphic authenticator with random
mask technique. In our protocol, the linear combination of sampled
blocks in the server’s response is masked with randomness
generated by a Pseudo Random Function (PRF). With random
mask, the TPA no longer has all the necessary information to build
up a correct group of linear equations and therefore cannot derive
the user’s data content, no matter how many linear combinations
of the same set of file blocks can be collected. Meanwhile, due
to the algebraic property of the homomorphic authenticator, the
correctness validation of the block-authenticator pairs will not be
affected by the randomness generated from a PRF, which will be
shown shortly. Note that in our design, we use public key based
homomorphic authenticator, specifically, the one in [11], which
is based on BLS signature [16], to equip the auditing protocol
with public auditability. Its flexibility in signature aggregation
will further benefit us for the multi-task auditing.
Conclusions
In this paper, we propose a privacy-preserving public auditing
system for data storage security. we designed the simulation by
considering the single user. In Cloud Computing, where TPA can
perform the storage auditing without demanding the local copy of
data. We utilize the homomorphic authenticator and random mask
technique to guarantee that TPA would not learn any knowledge
about the data content stored on the cloud server during the
efficient auditing process, which not only eliminates the burden
of cloud user from the tedious and possibly expensive auditing
task, but also alleviates the users’ fear of their outsourced data
leakage. Considering TPA may concurrently handle multiple audit
sessions from different users for their outsourced data files, we
further extend our privacy-preserving public auditing protocol into
a multi-user setting, where TPA can perform the multiple auditing
tasks in a batch manner, i.e., simultaneously.