Dynamic Audit Services for Integrity Verification

Dynamic Audit Services for Integrity Verification

of Outsourced Storages in Clouds

Abstract:

In this paper, we propose a dynamic audit service for verifyingthe integrity ofuntrusted and outsourced storage. Ouraudit service, constructed based on the techniques, fragmentstructure, random sampling and index-hash table, can supportprovable updates to outsourced data, and timely abnormaldetection. In addition, we propose an efficient approachbased on probabilistic query and periodic verification for improvingthe performance of audit services. Our experimental results not only validate the effectiveness of our approaches,but also show our audit system has a lower computationoverhead, as well as a shorter extra storage for audit metadata.

Architecture:

Existing System:

The traditional cryptographic technologies for data integrityand availability, based on Hash functions and signature schemes cannot work on the outsourced data.it is not apractical solution for data validation by downloading themdue to the expensive communications, especially for large sizefiles. Moreover, the ability to audit the correctness ofthe data in a cloud environment can be formidable and expensivefor the cloud users. Therefore, it is crucial to realizepublic audit ability for CSS, so that data owners may resort to a third party auditor, who has expertise andcapabilities that a common user does not have, for periodicallyauditing the outsourced data. This audit service issignificantly important for digital forensics and credibilityin clouds. To implement public audit ability, the notions of proof of retrievability and provable data possession have been proposed by some researchers. Their approachwas based on a probabilistic proof technique for a storageprovider to prove that clients’ data remain intact.

Disadvantage:

Lack of rigorous performance analysis for constructed audit system greatly affects the practical application of this scheme.

It is crucial to develop a more efficient and secure mechanism for dynamic audit services, in which possible adversary advantage through dynamic data operations should be prohibits.

Proposed System:

In this paper, we introduce a dynamic audit service for integrity verification of untrusted and outsourced storages. Our audit system, based on novel audit system architecture, can support dynamic data operations and timely abnormal detection with the help of several effective techniques, such as fragment structure, random sampling, and index-hash table. Furthermore, we propose an efficient approach based on probabilistic query and periodic verification for improving the performance of audit services. A proof of- concept prototype is also implemented to evaluate the2 feasibility and viability of our proposed approaches. Our experimental results not only validate the effectiveness of our approaches, but also show our system has a lower computationcost, as well as a shorter extra storage for integrity verification.

Advantage:

A fragment technique is introduced in this paper to improve performance and reduce extra storage.

The audit activities are efficiently scheduled in an audit period, and a TPA needs merely access file to perform audit in each activity.

Algorithm:

KeyGen: takes a security parameter as input, andreturns a public/secret key pair (pk, sk);

TagGen (sk, F): takes as inputs the secret key sk and afile F, and returns the triple (Γ, ψ, µ),where Γ denotesthe secret used to generate the verification tags, is a setof public verification parameters u and index-hash tableX, i.e., = (u, X), andµ denotes the set of tags.

Update (sk, ψ ,m′i): is an algorithm run by AA to update theblock of file m′i at the index i by using sk, and it returnsa new verification File.

Delete (sk, ψ,mi): is an algorithm run by AA to delete theblock mi of file at the index i by using sk, and it returns a new verification file.

Modules:

1. Key Generation:

The owner generates apublic/secret key pair (pk, sk) by himself or the system manager,and then sends his public key pk to TPA. Note thatTPA cannot obtain the client’s secret key sk; secondly, theowner chooses the random secret.

1. Tag Generation:

The client (data owner) uses the secretkey sk to pre-process a file, which consists of a collectionof n blocks, generates a set of public verification parameters and index-hash table that are storedin TPA, and transmits the file and some verification tags toCSP.

1. Periodic Sampling Audit:

TPA (or other applications) issuesa “Random Sampling” challenge to audit the integrityand availability of outsourced data in terms of the verificationinformation stored in TPA.

1. Audit for Dynamic Operations:

An authorized application, which holds data owner’s secret key sk, can manipulatethe outsourced data and update the associated index hashtable stored in TPA. The privacy of sk andthe checking algorithm ensure that the storage server cannotcheat the authorized applications and forge the validaudit records.

System Requirements:

Hardware Requirements:

•System : Pentium IV 2.4 GHz.

•Hard Disk : 40 GB.

•Floppy Drive: 1.44 Mb.

•Monitor: 15 VGA Colour.

•Mouse: Logitech.

•Ram: 512 Mb.

Software Requirements:

•Operating system : Windows XP.

•Coding Language: ASP.Net with C#

•Data Base : SQL Server 2005