Secure Auditing and Deduplicating Data in Cloud
ABSTRACT:
As
the cloud computing technology develops during the last decade, outsourcing
data to cloud service for storage becomes an attractive trend, which benefits
in sparing efforts on heavy data maintenance and management. Nevertheless,
since the outsourced cloud storage is not fully trustworthy, it raises security
concerns on how to realize data deduplication in cloud while achieving
integrity auditing. In this work, we study the problem of integrity auditing
and secure deduplication on cloud data. Specifically, aiming at achieving both
data integrity and deduplication in cloud, we propose two secure systems,
namely SecCloud and SecCloud+. SecCloud introduces an auditing entity with a
maintenance of a MapReduce cloud, which helps clients generate data tags before
uploading as well as audit the integrity of data having been stored in cloud.
Compared with previous work, the computation by user in SecCloud is greatly
reduced during the file uploading and auditing phases. SecCloud+ is designed
motivated by the fact that customers always want to encrypt their data before
uploading, and enables integrity auditing and secure deduplication on encrypted
data.
EXISTING SYSTEM:
SecCloud introduces an auditing entity with a
maintenance of a Map Reduce cloud, which helps clients generate data tags
before uploading as well as audit the integrity of data having been stored in
cloud. This design fixes the issue of previous work that the computational load
at user or auditor is too huge for tag generation. For completeness of
fine-grained, the functionality of auditing designed in SecCoud is supported on
both block level and sector level. In addition, SecCoud also enables secure
deduplication. Notice that the “security” considered in SecCoud is the
prevention of leakage of side channel information. In order to prevent the
leakage of such side channel information, we follow the tradition of and design
a proof of ownership protocol between clients and cloud servers, which allows
clients to prove to cloud servers that they exactly own the target data.
Motivated
by the fact that customers always want to encrypt their data before uploading,
for reasons ranging from personal privacy to corporate policy, we introduce a
key server into SecCloud as with and propose the SecCloud+ schema. Besides
supporting integrity auditing and secure deduplication, SecCloud+ enables the
guarantee of file confidentiality. Specifically, thanks to the property of
deterministic encryption in convergent encryption, we propose a method of
directly auditing integrity on encrypted data. The challenge of deduplication
on encrypted is the prevention of dictionary attack. As with, we make a
modification on convergent encryption such that the convergent key of file is
generated and controlled by a secret “seed”, such that any adversary could not
directly derive the convergent key from the content of file and the dictionary
attack is prevented.
Disadvantages :
·
It
is very difficult to audit the files huge and large amount of data in cloud
using integrity auditing.
·
Data
loss and lots of Duplicate files in cloud .
PROPOSED SYSTEM:
We
specify that our proposed SecCloud system has achieved both integrity auditing
and file deduplication. However, it cannot prevent the cloud servers from
knowing the content of files having been stored. In other words, the
functionalities of integrity auditing and secure deduplication are only imposed
on plain files. In this section, we propose SecCloud+, which allows for
integrity auditing and deduplication on encrypted files. Cloud Clients have
large data files to be stored and rely on the cloud for data maintenance and
computation. They can be either individual consumers or commercial
organizations;
Cloud
Servers virtualize the resources according to the requirements of clients and
expose them as storage pools. Typically, the cloud clients may buy or lease
storage capacity from cloud servers, and store their individual data in these
bought or rented spaces for future utilization.
Auditor which helps clients upload and audit their outsourced data
maintains a MapReduce cloud and acts like a certificate authority. This
assumption presumes that the auditor is associated with a pair of public and
private keys. Its public key is made available to the other entities in the
system
The design goal of file
confidentiality requires to prevent the cloud servers from accessing the
content of files. Specially, we require that the goal of file confidentiality
needs to be resistant to “dictionary attack”. That is, even the adversaries
have pre-knowledge of the “dictionary” which includes all the possible files,
they still cannot recover the target file.
Advantages:
·
It
provides the Integrity auditing by Clustering the files with removing the
duplicate files
·
The
duplicate files are mapped with a single copy of the file by mapping with the existing file in the
cloud
MODULE DESCRIPTION:
File Confidentiality:
The
design goal of file confidentiality requires to prevent the cloud servers from
accessing the content of files. Specially, we require that the goal of file
confidentiality needs to be resistant to “dictionary attack”. That is, even the
adversaries have pre-knowledge of the “dictionary” which includes all the
possible files, they still cannot recover the target file
Secure Deduplication:
Deduplication is a technique where
the server stores only a single copy of each file, regardless of how many
clients asked to store that file, such that the disk space of cloud servers as
well as network bandwidth are saved. However, trivial client side deduplication
leads to the leakage of side channel information. For example, a server telling
a client that it need not send the file reveals that some other client has the
exact same file, which could be sensitive information in some case.
Encryption & Decryption:
Encryption and decryption provides data confidentiality
in deduplication. A user (or data owner)
derives a convergent key from the data content and encrypts the data copy with
the convergent key. In addition, the user derives a tag for the data copy, such
that the tag will be used to detect duplicates. Here, we assume that the tag
correctness property holds, i.e., if two data copies are the same, then their
tags are the same. Formally, a convergent encryption scheme can be defined with
four primitive functions:
Integrity Auditing:
The first design goal of this work is
to provide the capability of verifying correctness of the remotely stored data.
The integrity verification further requires two features:
1. Public
verification, which allows anyone, not just the clients originally stored the
file, to perform verification;
2. Stateless
verification, which is able to eliminate the need for state information
maintenance at the verifier side between the actions of auditing and data
storage.
CONCLUSION:
Aiming at achieving both data integrity and deduplication
in cloud, we propose SecCloud and SecCloud+. SecCloud introduces an auditing
entity with maintenance of a MapReduce cloud, which helps clients generate data
tags before uploading as well as audit the integrity of data having been stored
in cloud. In addition, SecCoud enables secure deduplication through introducing
a Proof of Ownership protocol and preventing the leakage of side channel
information in data deduplication. Compared with previous work, the computation
by user in SecCloud is greatly reduced during the file uploading and auditing
phases. SecCloud+ is an advanced construction motivated by the fact that
customers always want to encrypt their data before uploading, and allows for
integrity auditing and secure deduplication directly on encrypted data.
No comments:
Post a Comment