Enabling Cloud Storage Auditing with Verifiable Outsourcing of Key Updates

Enabling Cloud Storage Auditing with Verifiable Outsourcing of Key Updates

Abstract

Key-exposure resistance has always been an important issue for in-depth cyber defence in many security applications. Recently, how to deal with the key exposure problem in the settings of cloud storage auditing has been proposed and studied. To address the challenge, existing solutions all require the client to update his secret keys in every time period, which may inevitably bring in new local burdens to the client, especially those with limited computation resources such as mobile phones. In this paper, we focus on how to make the key updates as transparent as possible for the client and propose a new paradigm called cloud storage auditing with verifiable outsourcing of key updates. In this paradigm, key updates can be safely outsourced to some authorized party, and thus the key-update burden on the client will be kept minimal. Specifically, we leverage the third party auditor (TPA) in many existing public auditing designs, let it play the role of authorized party in our case, and make it in charge of both the storage auditing and the secure key updates for key-exposure resistance. In our design, TPA only needs to hold an encrypted version of the client’s secret key, while doing all these burdensome tasks on behalf of the client. The client only needs to download the encrypted secret key from the TPA when uploading new files to cloud. Besides, our design also equips the client with capability to further verify the validity of the encrypted secret keys provided by TPA. All these salient features are carefully designed to make the whole auditing procedure with key exposure resistance as transparent as possible for the client. We formalize the definition and the security model of this paradigm. The security proof and the performance simulation show that our detailed design instantiations are secure and efficient.

Architecture:

SYSTEM ANALYSIS

Existing System

Existing solutions all require the client to update his secret keys in every time period, which may inevitably bring in new local burdens to the client, especially those with limited computation resources such as mobile phones. The third party auditor (TPA) in many existing public auditing designs, let it play the role of authorized party in our case, and make it in charge of both the storage auditing and the secure key updates for key-exposure resistance.

PROPOSED SYSTEM

Cloud storage auditing has been proposed and studied. To address the challenge, existing solutions all require the client to update his secret keys in every time period, which may inevitably bring in new local burdens to the client, especially those with limited computation resources have been proposed to deal with this problem. These protocols focus on different aspects of cloud storage auditing such as the high efficiency the privacy protection of data the privacy protection of identities dynamic data operations the data sharing. Firstly proposed the notion of wallet databases with observers, in which a hardware was used to help the client perform some expensive computations. The first outsourcing algorithm for modular exponentiations was proposed .which was based on the methods of precomputation and server-aided computation. A secure outsourcing algorithm to complete sequence comparisons. Proposed an outsourcing algorithm for attributebased signatures computations. The auditing protocols supporting dynamic data operations were also proposed auditing protocol supporting both the dynamic property and the privacy preserving property. The privacy preserving of the user’s identity for shared data auditing was considered in. The problem of user revocation in shared data auditing was considered in proposed a public auditing protocol for data sharing with multiuser modification. The proposed cloud storage auditing protocol with outsourcing of key updates is verifiable.

ALGORITHM

Key update algorithm:

Key update algorithm in each time period to make his secret key move forward. For some clients with limited computation resources, they might not like doing such extra computations by themselves in each time period.

It would be obviously more attractive to make key updates as transparent as possible for the client, especially in frequent key update scenarios.

KeyGen Algorithm:

The process of key is used to encrypt and decrypt whatever data is being encrypted/decrypted. Modern cryptographic systems include symmetric-key algorithms and public-key algorithms. Symmetric-key algorithms use a single shared key; keeping data secret requires keeping this key secret.

Encryption algorithm:

A mathematical procedure for performing encryption on data. Through the use of an algorithm, information is made into meaningless cipher text and requires the use of a key to transform the data back into its original form.

Encrypted key verifying algorithm:

Encrypted key verification algorithm is one aspect of testing a product's fitness for purpose. Validation is the complementary aspect. Often one refers to the overall checking process. Verification algorithm for any valid input it produces the result required by the algorithm’s specification.

MODULE DESCRIPTION

MODULE

Ø  Data Upload and Modifying.

Ø  Data Sharing.

Ø  Auditing.

Ø  Key Update.

MODULE DESCRIPTION

Data Upload and Modifying:

The client wants to upload new files to the cloud, it needs to verify the validity of the encrypted secret key from the TPA and recover the real secret key. We show the time for these two processes happened in different time periods. They only happen in the time periods when the client needs to upload new files to the cloud. Furthermore, the work for verifying the correctness of the encrypted secret key can fully be done by the cloud

Data Sharing:

The shared data are signed by a group of users. Therefore, disputes between the two parties are unavoidable to a certain degree. So an arbitrator for dispute settlement is indispensable for a fair auditing scheme. We extend the threat model in existing public schemes by differentiating between the auditor (TPAU) and the arbitrator (TPAR) and putting different trust assumptions on them. Because the TPAU is mainly a delegated party to check client’s data integrity and the potential dispute may occur between the TPAU and the CSP, so the arbitrator should be an unbiased third party who is different to the TPAU.

As for the TPAR, we consider it honest-but-curious. It will behave honestly most of the time but it is also curious about the content of the auditing data, thus the privacy protection of the auditing data should be considered. Note that, while privacy protection is beyond the scope of this paper, our scheme can adopt the random mask technique proposed for privacy preservation of auditing data, or the ring signatures in to protect the identityprivacy of signers for data shared among a group of users.

Auditing:

Public auditing schemes mainly focus on the delegation of auditing tasks to a third party auditor (TPA) so that the overhead on clients can be offloaded as much as possible. However, such models have not seriously considered the fairness problem as they usually assume an honest owner against an untrusted CSP. Since the TPA acts on behalf of the owner, then to what extent could the CSP trust the auditing result? What if the owner and TPA collude together against an honest CSP for a financial compensation. In this sense, such models reduce the practicality and applicability of auditing schemes.

Key Update:

The key update workload is outsourced to the TPA. In contrast, the client has to update the secret key by itself in each time period in scheme. We compare the key update time on client side between the both schemes the key update time on the client is related to the depth of the node corresponding to the current time period. Outsource key updates for cloud storage auditing with key-exposure resilience. We propose the first cloud storage auditing protocol with verifiable outsourcing of key updates. In this protocol, key updates are outsourced to the TPA and are transparent for the client. In addition, the TPA only sees the encrypted version of the client’s secret key, while the client can further verify the validity of the encrypted secret keys when downloading them from the TPA. We give the formal security proof and the performance simulation of the proposed scheme.

SYSTEM SPECIFICATION

Hardware Requirements:

•  System : Pentium IV 2.4 GHz.

•  Hard Disk : 40 GB.

•  Floppy Drive : 1.44 Mb.

•  Monitor : 14’ Colour Monitor.

•  Mouse : Optical Mouse.

•  Ram : 512 Mb.

Software Requirements:

•  Operating system : Windows 7 Ultimate.

•  Coding Language : ASP.Net with C#

•  Front-End : Visual Studio 2010 Professional.

•  Data Base : SQL Server 2008.

Conclusion:

The aim of this paper is to provide an integrity auditing scheme with public verifiability, efficient data dynamics and fair disputes arbitration. To eliminate the limitation of index usage in tag computation and efficiently support data dynamics, we differentiate between block indices and tag indices, and devise an index switcher to keep block-tag index mapping to avoid tag re-computation caused by block update operations, which incurs limited additional overhead, as shown in our performance evaluation. Meanwhile, since both clients and the CSP potentially may misbehave during auditing and data update, we extend the existing threat model in current research to provide fair arbitration for solving disputes between clients and the CSP, which is of vital significance for the deployment and promotion of auditing schemes in the cloud environment.We achieve this by designing arbitration protocols based on the idea of exchanging metadata signatures upon each update operation. Our experiments demonstrate the efficiency of our proposed scheme, whose overhead for dynamic update and dispute arbitration are reasonable.