Wednesday, 5 June 2013



Automatic Protocol Blocker for Privacy-Preserving Public
Auditing in Cloud Computing

Abstract:
        
Cloud Computing is the long dreamed vision of computing as a utility, where users can  remotely store their data into the cloud so as to enjoy the on-demand high quality applications and services from a shared pool of configurable computing resources. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the fact that users no longer have physical possession of the possibly large size of outsourced data makes the data integrity protection in Cloud Computing a very challenging and potentially formidable task, especially for users with constrained computing resources and capabilities. Thus, enabling public auditability for cloud data storage security is of critical importance so that users can resort to an external audit party to check the integrity of outsourced data when needed. To securely introduce an effective Third Party Auditor (TPA), the following two fundamental requirements have to be met: 1) TPA should be able to efficiently audit the cloud data storage without demanding the local copy of data, and introduce no additional on-line burden to the cloud user; 2) The Third Party Auditing process should bring in no new vulnerabilities towards user data privacy. In this paper we are extending the previous system by using automatic blocker for privacy preserving public auditing for data storage security in cloud computing. we utilize the public key based homomorphic authenticator and uniquely integrate it with random mask technique and automatic blocker. to achieve a privacy-preserving public auditing system for cloud data storage security while keeping all above requirements in mind. Extensive security and performance analysis shows the proposed schemes are provably secure and highly efficient.





Architecture:

Algorithms:
  1. KeyGen Algorithm
                                KeyGen is a key generation algorithm that is run by the user to setup the scheme.
  1. SigGen Algorithm
SigGen is used by the user to generate verification metadata, which may consist of MAC, signatures, or other related information that will be used for auditing.
  1. GenProof Algorithm
 GenProof is run by the cloud server to generate a proof of data storage correctness.
  1. VerifyProof Algorithm
 VerifyProof is run by the TPA to audit the proof from the cloud server
  1. Protocol Verifier Algorithm
Protocol verifier is used by the cloud server.
Existing System:
         First of all, although the infrastructures under the cloud are much more powerful and reliable than personal computing devices, they are still facing the broad range of both internal and external threats for data integrity. Examples of outages and security breaches of noteworthy cloud services appear from time to time. Secondly, for the benefits of their own, there do exist various motivations for cloud service providers to behave unfaithfully towards the cloud users regarding the status of their outsourced data. Examples include cloud service providers, for monetary reasons, reclaiming storage by discarding data that has not been or is rarely accessed or even hiding data loss incidents so as to maintain a reputation.
DisAdvantages:
1.                Data Loss.
2.                It does not offer any guarantee on data integrity and availability.
3.                Do not support the privacy protection of users’ data against external auditors
4.                No Security.
5.                No Correctness and Verification proof.

Proposed System:
Our public auditing system and discuss two straightforward schemes and their demerits. Then we present our main result for privacy-preserving public auditing to achieve the aforementioned design goals. We also show how to extent our main scheme to support batch auditing for TPA upon delegations from multi-users. Finally we adopt the automatic blocker at the cloud server, whenever a unauthorized user access the users data from cloud storage, the system runs an tiny application to monitor the user inputs, it matches to give access otherwise does not give user access by blocking the protocols.
Advantages:
1.                Relief of the burden for storage management.
2.                Block unauthorized user access.
3.                protecting data privacy
4.                storage security of their data

Modules:
The system is proposed to have the following modules along with functional requirements.
1.Threat Model
We consider a cloud data storage service involving three different entities, as illustrated in fig. 1: the cloud user (U), who has large amount of data files to be stored in the cloud; the Cloud Server (CS), which is managed by Cloud Service Provider (CSP) to provide data storage service and has significant storage space and computation resources (we will not differentiate CS and CSP hereafter.); the Third Party Auditor (TPA), who has expertise and capabilities that cloud users do not have and is trusted to assess the cloud storage service security on behalf of the user upon request.
2. Public Auditability
To allow TPA to verify the correctness of the cloud data on demand without retrieving a copy of the whole data or introducing additional on-line burden to the cloud users.
3. Storage Correctness
To ensure that there exists no cheating cloud server that can pass the audit from TPA without indeed storing users’ data intact.

4. Privacy-Preserving
To ensure that there exists no way for TPA to derive users’ data content from the information collected during the auditing process;
5. Batch Auditing
To enable TPA with secure and efficient auditing capability to cope with multiple auditing delegations from possibly large number of different users simul-taneously.
6. Setup
The user initializes the public and secret parameters of the system by executing KeyGen, and pre-processes the data file F by using SigGen to generate the verification metadata. The user then stores the data file F at the cloud server, delete its local copy, and publish the verification metadata to TPA for later audit. As part of pre-processing, the user may alter the data file F by expanding it or including additional metadata to be stored at server.
7. Audit
The TPA issues an audit message or challenge to the cloud server to make sure that the cloud server has retained the data file F properly at the time of the audit. The cloud server will derive a response message from a function of the stored data file F by executing GenProof. Using the verification metadata, the TPA verifies the response via VerifyProof.
8. PBlocker
Once the user initializes the parameters the system checks the all the specified parameters and validates the protocol for proper users, it blocks the unauthorized users -if the user newly access the cloud servers, the system prompts for security parameters, previously assigned by the system during the user creation.



Software Requirements:
               Technologies             : Asp .Net and C#.Net
                                Database                   : MS-SQL Server 2005/2008
                                IDE                          : Visual Studio 2008
 Hardware Requirements:
                                Processor                  : Pentium IV
                                RAM                                        : 1GB 

Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing



Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing

Order this project from: www.ocularsystems.in 

or

 
Abstract:
              Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. This paper proposed some services for data security and access control when users outsource sensitive data for sharing on cloud servers. This paper addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine grained data access control to untrusted cloud servers without disclosing the underlying data contents. Our proposed scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. We achieve this goal by exploiting and uniquely combining techniques of attribute-based encryption (ABE), proxy re-encryption, and lazy re-encryption. Our proposed scheme also has salient properties of user access privilege confidentiality and user secret key accountability and achieves fine - graininess, scalability and data confidentiality for data access control in cloud computing. Extensive analysis shows that our proposed scheme is highly efficient and provably secures under existing security models.

Advantages
·        Low initial capital investment
·        Shorter start-up time for new services
·        Lower maintenance and operation costs
·        Higher utilization through virtualization
·        Easier disaster recovery

Existing System:
             Our existing solution applies cryptographic methods by disclosing data decryption keys only to authorized users. These solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine grained data access control is desired, and thus do not scale well.

Proposed System:
             In order to achieve secure, scalable and fine-grained access control on outsourced data in the cloud, we utilize and uniquely combine the following three advanced cryptographic techniques:

·        Key Policy Attribute-Based Encryption (KP-ABE).
·        Proxy Re-Encryption (PRE)
·        Lazy re-encryption




Module Description:

1) Key Policy Attribute-Based Encryption (KP-ABE):
                     KP-ABE is a public key cryptography primitive for one-to-many communications. In KP-ABE, data are associated with attributes for each of which a public key component is defined. User secret key is defined to reflect the access structure so that the user is able to decrypt a cipher text if and only if the data attributes satisfy his access structure. A KP-ABE scheme is composed of four algorithms which can be defined as follows:
·        Setup Attributes
·        Encryption
·        Secret key generation
·        Decryption

Setup Attributes:
                   This algorithm is used to set attributes for users. From these attributes public key and master key for each user can be determined. The attributes, public key and master key are denoted as
                Attributes- U = {1, 2. . . N}
                Public key- PK = (Y, T1, T2, . . . , TN)
                Master key- MK = (y, t1, t2, . . . , tN)

Encryption:
                  This algorithm takes a message M, the public key PK, and a set of attributes I as input. It outputs the cipher text E with the following format:
                                      E = (I, ˜ E, {Ei}i )
where ˜E = MY, Ei = Ti.

Secret key generation:
         This algorithm takes as input an access tree T, the master key MK, and the public key PK. It outputs a user secret key SK as follows.
                                   SK = {ski}
  
Decryption:
                 This algorithm takes as input the cipher text E encrypted under the attribute set U, the user’s secret key SK for access tree T, and the public key PK.
Finally it output the message M if and only if U satisfies T.

2) Proxy Re-Encryption (PRE):
              Proxy Re-Encryption (PRE) is a cryptographic primitive in which a semi-trusted proxy is able to convert a cipher text encrypted under Alice’s public key into another cipher text that can be opened by Bob’s private key without seeing the underlying plaintext. A PRE scheme allows the proxy, given the proxy re-encryption key
                                                    rkab,
to translate cipher texts under public key pk1 into cipher texts under public key pk2 and vise versa.

3) Lazy re-encryption:
               The lazy re-encryption technique and allow Cloud Servers to aggregate computation tasks of multiple operations. The operations such as
§  Update secret keys
§  Update user attributes.


System Requirements:

Hardware Requirements:

                    System                      : Pentium IV 2.4 GHz.
                    Hard Disk        : 40 GB.
                    Floppy Drive             : 1.44 Mb.
                    Monitor     : 15 VGA Colour.
                    Mouse                       : Logitech.
                    Ram                         : 512 Mb.




Software Requirements:

                    Operating system       : - Windows XP.
                    Coding Language       : DOT NET
                    Data Base                 : SQL Server 2005