29-06-2012, 04:36 PM
TOWARDS SECURE AND DEPENDABLE STORAGE SERVICES IN CLOUD COMPUTING
TOWARDS SECURE AND DEPENDABLE STORAGE SERVICES IN CLOUD COMPUTING.doc (Size: 79.5 KB / Downloads: 92)
ABSTRACT
Cloud storage enables users to remotely store their data and enjoy the on demand high quality cloud applications without the burden of local hardware and software management.
Though the benefits are clear, such a service is also giving up users’ physical possession of their outsourced data, which inevitably poses new security risks towards the correctness of the data in cloud.
In order to address this new problem and further achieve a secure and dependable cloud storage service, we propose in this paper a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost.
The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization, i.e., the identification of misbehaving server.
Considering the cloud data are dynamic in nature, the proposed design further supports secure and efficient dynamic operations on outsourced data, including block modification, deletion, and append.
The SHA(Secure Hash) algorithm is used to for the verification of the homomorphic token. The token will be asked to change automatically by the server if any user is trying to access the data with the token for more than three times.
EXISTING SYSTEM:
In cloud data storage, a user stores his data through a CSP into a set of cloud servers. Data redundancy can be employed with technique of erasure correcting code to further tolerate faults or server crash as user’s data grows in size and importance. Thereafter, for application purposes, the user interacts with the cloud servers via CSP to access or retrieve his data. The adversary is interested in continuously corrupting the user’s data files stored on individual servers. Once a server is comprised, an adversary can pollute the original data files by modifying or introducing its own fraudulent data to prevent the original data from being retrieved by the user. This corresponds to the threats from external attacks. In the worst case scenario, the adversary can compromise all the storage servers so that he can intentionally modify the data files as long as they are internally consistent.
DISADVANTAGES OF EXISTING SYSTEM:
Data Redundancy.
Data can be modified or deleted.
PROPOSED SYSTEM:
In cloud data storage system, users store their data in the cloud and no longer possess the data locally. Thus, the correctness and availability of the data files being stored on the distributed cloud servers must be guaranteed. In the distributed case when such inconsistencies are successfully detected, to find which server the data error lies in is also of great significance, since it can always be the first step to fast recover the storage errors and/or identifying potential threats of external attacks. The first part is devoted to a review of basic tools from coding theory that is needed in our scheme for file distribution across cloud servers. Then, the homomorphic token is introduced. The token computation can be perfectly integrated with the verification of erasure-coded data. Subsequently, it is shown how to derive a challenge response protocol for verifying the storage correctness as well as identifying misbehaving servers. The SHA algorithm is also used by the server to intimate the user for generating the token if any user tries to access the data more than three times.The procedure for file retrieval and error recovery based on erasure correcting code is also outlined.
ADVANTAGES OF PROPOSED SYSTEM:
Correctness and availability of the data files being stored on the distributed cloud servers must be guaranteed.
The homomorphic token computation can be perfectly integrated with the verification of erasure-coded data.
MODULES:
CLIENT-SERVER COMMUNICATION
FILE DISTRIBUTION PREPARATION
CHALLENGE TOKEN PRE-COMPUTATION
SIGNATURE AUTHENTICATION FOR DATA
CORRECTNESS VERIFICATION AND ERROR LOCALIZATION
FILE RETRIEVAL AND ERROR RECOVERY
CLIENT-SERVER COMMUNICATION:
The client server communication is done initially to send files to each other. The client chooses the files and then it will send. The server selects the location for the data to be stored.
FILE DISTRIBUTION PREPARATION:
In cloud data storage, we rely on this technique to disperse the data file F redundantly across a set of distributed servers. The file is distributed such that it is distributed and it is then encoded.
CHALLENGE TOKEN PRE-COMPUTATION:
In order to achieve assurance of data storage correctness and data error localization simultaneously, our scheme entirely relies on the pre-computed verification tokens. The main idea is as follows: before file distribution the user pre-computes a certain number of short verification tokens, each token covering a random subset of data blocks. Later,
when the user wants to make sure the storage correctness for the data in the cloud, he challenges the cloud servers with a set of randomly generated block indices.
SIGNATURE AUTHENTICATION FOR DATA
Upon receiving challenge, each cloud server computes a short “signature” over the specified blocks and returns them to the user. The values of these signatures should
match the corresponding tokens pre-computed by the user.
CORRECTNESS VERIFICATION AND ERROR LOCALIZATION:
Error localization is a key prerequisite for eliminating errors in storage systems. It is also of critical importance to identify potential threats from external attacks. However, many previous schemes do not explicitly consider the problem of data error localization, thus only providing binary results for the storage verification. Our scheme outperforms those by integrating the correctness verification and error localization (misbehaving server identification) in our challenge-response protocol: the response values from servers for each challenge not only determine the correctness of the distributed storage, but also contain information to locate potential data error(s).
FILE RETRIEVAL AND ERROR RECOVERY:
whenever the data corruption is detected, the comparison of pre-computed tokens and
received response values can guarantee the identification of misbehaving server(s) (again with high probability), which will be discussed shortly. Therefore, the user can
always ask servers to send back blocks of the r rows specified in the challenge and regenerate the correct blocks by erasure correction The newly recovered blocks can then be redistributed to the misbehaving servers to maintain the correctness of storage.
CONCLUSION:
In this paper, we investigate the problem of data security in cloud data storage, which is essentially a distributed storage system. To achieve the assurances of cloud data integrity and availability and enforce the quality of dependable cloud storage service for users We rely on erasure-correcting code in the file distribution preparation to provide redundancy parity vectors and guarantee the data dependability. By utilizing the homomorphic token with distributed verification of erasure-coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., whenever data corruption has been detected during the storage correctness verification across the distributed servers, we can almost guarantee the simultaneous identification of the misbehaving server(s). Considering the time, computation resources, and even the related on line burden of users, we also provide the extension of the proposed main scheme to support third-party auditing, where users can safely delegate the integrity checking tasks to third-party auditors and be worry-free to use the cloud storage services.