Enabling public auditability in cloud computing to provide security in storage

7/27/2019 Enabling public auditability in cloud computing to provide security in storage

1/27

Enabling Public Auditability and Data

Dynamics for Storage Security in CloudComputing


2/27

Introduction

What is Cloud Computing?

A style of computing where massively scalable IT-enabled

capabilities are delivered as a service

Factors boosting cloud growth Cheaper and powerful processors

SaaS technology transforms data centres to pools ofcomputing service

Increasing network bandwidth, reliability and flexibility


3/27

Challenges

Data Integrity

Failures at storage provider hidden from user

CSPs may delete rarely accessed data

How to efficiently check integrity of data withouthaving a local copy ?

Stateless verification.

Unbounded use of queries


4/27

Challenges

Private Auditability

Higher efficiency

Sacrifice computational cost

Public Auditability

Uses a third party auditor without devotion of theircomputation resources

Either client or TPA can check integrity.


5/27

Challenges

Data might not only be accessed but also updatedby clients

State of art technologies support only static data.

Block-less verification


6/27

System Model


7/27

System Model

Client

An entity which has large data files to be stored incloud for maintenance and computation

An individual or organisation Cloud Storage Server

An entity which is managed by CSP

Has significant storage space & computational resource Third Party Auditor

An entity which has expertise and capabilities inauditing

Trusted to assess and expose risk of CSS.


8/27

Key Idea

Use Merkle Hash Tree

A well studied authentication structure to prove a set ofelements is unaltered and undamaged

A challenge is given to cloud provider To compute response, cloud provider need to have

original blocks


9/27

Merkle Hash Tree

MHT Construction

Based on set of ordered value .

Build tree based on elements in ordered set

Leaves corresponds to where corresponds tocryptographic one-way hash function.

Proceed to next level by concatenating hash values oftwo adjacent leaves

Continue till root node is formed

Root node is digitally signed.

x1, x2 .......xn

h(x) h()


10/27

Merkle Hash Tree


11/27

Merkle Hash Tree

Querying MHT

To verify existence of an attribute of value v.

Server will return co-path from specific leaf up to

root node.

Client can recompute the signature values

If it matches the root tag then the data stored is

valid.


12/27

Merkle Hash Tree


13/27

Bilinear Mapping

Let be two groups of prime order p.

Let P and Q be generators of

Now consider mapping e

, *

G1, G2

G1

e :G1G

1G

2

P , Q G1 a , bZp

e(aP ,bQ)=e(P , Q)ab


14/27

Identity Based Encryption

and with a bilinear mapping

e :

g a generator

* S is secret

Public key is

G1 G2

G1 G1 G2

sRZq

Ppub=gs


15/27


Encryption

= ( )

= ( ) Where r is random element

E(g , gs,BOB, m) gr, m xor h2(e (h1(BOB), g

s))r

gr, m xor h2(e (h1(BOB), g))

rs

rZp


16/27


Decryption

Private Key

= ( )

=

= m

w=h1(BOB)s

(u , v) gr, m xor h2(e (h1(BOB), g))rs

D(u , v , w)=v xor h2(e (w , u))

m xor h2(e (h1(BOB), g))rs xor h2(e (h1(BOB)

s, g

r))


17/27

Setup

Given

Choose a random element u

Let t=name||n||u

File tag for F be (name||n||u)

Compute signature for all

=

F=(m1, m2, m3, ...... mn)

SSigssk

i

mi

(H(mi). umi)s

= i for1in


18/27

Setup

Root of MHT is created using

Client signs the root under private key

Client sends {F,t,, } and deletes{F,t, } from its local storage

H(R)s

H(mi)

SSigsk(H(R))

SSigsk(H(R))


19/27

Default Integrity Verification

TPA picks a c-element subset ofset [1,n]

for each TPA chooses randomelement

Verifier sends to CSP

According to the values in CSP responds witha proof.

I=s1, s2, s3, ......sc

v iBZpi I

chal(i , vi)s1isc

chal


20/27


CSP calculates

Co-path { }

CSP responds with P={ }

=i=s1sc v i mi Zp

=i=s1

sc iv iG

()s1is

c

,, H(mi

),i

, Sigsk

(H(R))


21/27


Verification

Verifies

Verifies

e (Sigsk(H(R), g))=e(H(R), gs)

e(, g)=e(i=s1sc H(mi)

v i . u, gs)


22/27

Dynamic Data Operation

Modification

Client modifies

Client generates

Send above information to CSP.

CSP replace block .

Sends new co-path to client.

Client verifies H(R) using m.

If it matches, calculate H(R') and update tree.

mimi '

i '=(H(mi ') . umi ')s

mimi '

'


23/27


Insertion

Client have to add new value

Client generates

Send to CSP

CSP updates MHT and replies

Client generate root R and verifies.

Generate new root R' and send back

mi ' ,i '

i '=(H(mi ') . umi ')s

mi '

H(mi),i , H(R), R '

Sigsk(H(R '))


24/27



25/27



26/27

Conclusion

Its critical to enable TPA to evaluate service qualityin an independent perspective.

Achieved dynamic data verification

Blockless verification is achieved Stateless verification is achieved


27/27

References

(1)Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling Public Verifiabilityand Data Dynamics for Storage Security in Cloud Computing, IEEETRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL.22, NO. 5, MAY 2011

(2)G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z.Peterson, and D.

Song, Provable Data Possession at UntrustedStores,Proc. 14th ACM Conf.Computer and Comm. Security (CCS07), pp. 598-609, 2007

(3)Lecture notes by Einar Mykletun on Using Merkle hash trees on ODB

(4)Lecture notes by John Bethencourt Intro to Bilinear Maps

Documents

Enabling public auditability in cloud computing to provide security in storage