Public integrity auditing for shared dynamic cloud data with group user revocation
Download as DOCX, PDF0 likes192 views
The document discusses a proposed system for public integrity auditing of shared dynamic cloud data with secure group user revocation. It aims to address issues with existing systems, including unexpected privilege escalation exposing all data, lack of efficiency, and insecure shared data. The proposed system uses vector commitment, asymmetric group key agreement, and group signatures to enable public auditing of data modified by multiple users, while providing traceability and countability. It is designed to be secure against collusion between revoked group users and the cloud storage server.
![Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore
www.pvrtechnology.com, E-Mail: pvrieeeprojects@gmail.com, Ph: 81432 71457
a scheme with an online data owner to update the data for a group is inappropriate for the data
owner. It will cause tremendous communication and computation overhead to data owner, which
will result in the single point of data owner.
ImplementationModules:
1. Data Group sharing,
2. Public integrity auditing
3. Revoked Group Users
4. Group signature
5. Cloud Storage Model
1. Data Group sharing,
server can use this aggregate trapdoor and some public information to perform keyword search and return
the result to Bob. Therefore, in KASE, the delegation of keyword search right can be achieved by sharing
the single aggregate key. We note that the delegation of decryption rights can be achieved using the key-
aggregate encryption approach recently proposed in [4], but it remains an open problem to delegate the
keyword search rights together with the decryption rights, which is the subject topic of this paper. To
summarize, the problem of constructing a KASE .
2. Public integrity auditing
public integrity auditing for shared dynamicdata with group user revocation. Our contributionsare three
folds:1) We explore on the secure and efficient shareddata integrate auditing for multi-user operation
for ciphertext database.2) By incorporating the primitives of victor commitment, asymmetric group key
agreement and group signature, we propose an efficient data auditing scheme while at the same time
providing some new features, such as traceability and countability. 3) We provide the security and
efficiency analysis of our scheme, and the analysis results show that our scheme is secure and efficient.
3. Cloud Storage Model](https://image.slidesharecdn.com/publicintegrityauditingforshareddynamicclouddatawithgroupuserrevocation-151217065309/85/Public-integrity-auditing-for-shared-dynamic-cloud-data-with-group-user-revocation-3-320.jpg)
![Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore
www.pvrtechnology.com, E-Mail: pvrieeeprojects@gmail.com, Ph: 81432 71457
Cloud storage is a model of data storage where the digital data is stored in logical pools, the physical
storage spans multiple servers (and often locations), and the physical environment is typically owned and
managed by a hosting company. These cloud storage providers are responsible for keeping the data
available and accessible, and the physical environment protected and running. People and organizations
buy or lease storage capacity from the providers to store user, organization, or application data.Cloud
storage services may be accessed through a co-located cloud computer service, a web service application
programming interface (API) or by applications that utilize the API, such as cloud desktop storage, a
cloud storage gateway or Web-based content management systems.
who are authorized to access and modify the data by the data owner. The cloud storage server is semi-
trusted, who provides data storage services for the group users. TPA could be any entity in the cloud,
which will be able to conduct the data integrity of the shared data stored in the cloud server. In our
system, the data owner could encrypt and upload its data to the remote cloud storage server. Also, he/she
shares the privilege such as access and modify (compile and execute if necessary) to a number of group
users.
4.RevokedGroup Users
The group signature will prevent the collusion of cloud and revoked group users, where the data owner
will take part in the user revocation phase and the cloud could not revoke the data that last modified by
the revoked user.An attacker out side the group (include the revoked group user cloud storage server) may
obtain some knowledge of the plaintext of the data. Actually, this kind of attacker has to at lease break the
security of the adopted group data encryption scheme. The cloud storage server colludes with the revoked
group users, and they want to provide a illegal data without being detected. Actually, in cloud
environment, we assume that the cloud storage server is semi-trusted. Thus, it is reasonable that a revoked
user will collude with the cloud server and share its secret group key to the cloud storage server. In this
case, although the server proxy group user revocation way [24] brings much communication and
computation cost saving, it will make the scheme insecure against a malicious cloud storage server who
can get the secret key of revoked users during the user revocation phase. Thus, a malicious cloud server
will be able to make data m, last modified by a user that needed to be revoked, into a malicious data m′.](https://image.slidesharecdn.com/publicintegrityauditingforshareddynamicclouddatawithgroupuserrevocation-151217065309/85/Public-integrity-auditing-for-shared-dynamic-cloud-data-with-group-user-revocation-4-320.jpg)
Public integrity auditing for shared dynamic cloud data with group user revocation
- 1. Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore www.pvrtechnology.com, E-Mail: [email protected], Ph: 81432 71457 Public Integrity Auditing for Shared Dynamic Cloud Data with Group User Revocation Abstract: The advent of the cloud computing makes storage outsourcing become a rising trend, which promotes the secure remote data auditing a hot topic that appeared in the research literature. Recently some research consider the problem of secure and efficient public data integrity auditing for shared dynamic data. However, these schemes are still not secure against the collusion of cloud storage server and revoked group users during user revocation In practical cloud storage system. In this paper, we figure out the collusion attack in the exiting scheme and provide an efficient public integrity auditing scheme with secure group user revocation based on vector commitment and verifier-local revocation group signature. We design a concrete scheme based on the our scheme definition. Our scheme supports the public checking and efficient user revocation and also some nice properties, such as confidently, efficiency, count ability and traceability of secure group user revocation. Finally, the security and experimental analysis show that, compared with its relevant schemes our scheme is also secure and efficient. EXISTING SYSTEM: Considering data privacy, a traditional way to ensure it is to rely on the server to enforce the access control after authentication, which means any unexpected privilege escalation will expose all data. In a shared-tenancy cloud computing environment, things become even worse. Data from different clients can be hosted on separate virtual machines (VMs) but reside on a single physical machine. Data in a target VM could be stolen by instantiating another VM co-resident with the target one. Regarding availability of files, there are a series of cryptographic schemes
- 2. Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore www.pvrtechnology.com, E-Mail: [email protected], Ph: 81432 71457 which go as far as allowing a third-party auditor to check the availability of files on behalf of the data owner without leaking anything about the data, or without compromising the data owner’s anonymity. Likewise, cloud users probably will not hold the strong belief that the cloud server is doing a good job in terms of confidentiality. A cryptographic solution, with proven security relied on number-theoretic assumptions is more desirable, whenever the user is not perfectly happy with trusting the security of the VM or the honesty of the technical staff. These users are motivated to encrypt their data with their own keys before uploading them to the server. DISADVANTAGES OF EXISTING SYSTEM: Unexpected privilege escalation will expose all It is not efficient. Shared data will not be secure. Proposed System: providing the integrity and availability of remote cloud store, some solutions and their variants have been proposed. In these solutions, when a scheme supports data modification, we call it dynamic scheme, otherwise static one (or limited dynamic scheme, if a scheme could only efficiently support some specified operation, such as append). A scheme is publicly verifiable means that the data integrity check can be performed not only by data owners, but also by any third-party auditor. However, the dynamic schemes above focus on the cases where there is a data owner and only the data owner could modify the data. these software development environments, multiple users in a group need to share the source code, and they need to access, modify, compile and run the shared source code at any time and place. The new cooperation network model in cloud makes the remote data auditing schemes become infeasible, where only the data owner can update its data. Obviously, trivially extending
- 3. Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore www.pvrtechnology.com, E-Mail: [email protected], Ph: 81432 71457 a scheme with an online data owner to update the data for a group is inappropriate for the data owner. It will cause tremendous communication and computation overhead to data owner, which will result in the single point of data owner. ImplementationModules: 1. Data Group sharing, 2. Public integrity auditing 3. Revoked Group Users 4. Group signature 5. Cloud Storage Model 1. Data Group sharing, server can use this aggregate trapdoor and some public information to perform keyword search and return the result to Bob. Therefore, in KASE, the delegation of keyword search right can be achieved by sharing the single aggregate key. We note that the delegation of decryption rights can be achieved using the key- aggregate encryption approach recently proposed in [4], but it remains an open problem to delegate the keyword search rights together with the decryption rights, which is the subject topic of this paper. To summarize, the problem of constructing a KASE . 2. Public integrity auditing public integrity auditing for shared dynamicdata with group user revocation. Our contributionsare three folds:1) We explore on the secure and efficient shareddata integrate auditing for multi-user operation for ciphertext database.2) By incorporating the primitives of victor commitment, asymmetric group key agreement and group signature, we propose an efficient data auditing scheme while at the same time providing some new features, such as traceability and countability. 3) We provide the security and efficiency analysis of our scheme, and the analysis results show that our scheme is secure and efficient. 3. Cloud Storage Model
- 4. Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore www.pvrtechnology.com, E-Mail: [email protected], Ph: 81432 71457 Cloud storage is a model of data storage where the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the physical environment is typically owned and managed by a hosting company. These cloud storage providers are responsible for keeping the data available and accessible, and the physical environment protected and running. People and organizations buy or lease storage capacity from the providers to store user, organization, or application data.Cloud storage services may be accessed through a co-located cloud computer service, a web service application programming interface (API) or by applications that utilize the API, such as cloud desktop storage, a cloud storage gateway or Web-based content management systems. who are authorized to access and modify the data by the data owner. The cloud storage server is semi- trusted, who provides data storage services for the group users. TPA could be any entity in the cloud, which will be able to conduct the data integrity of the shared data stored in the cloud server. In our system, the data owner could encrypt and upload its data to the remote cloud storage server. Also, he/she shares the privilege such as access and modify (compile and execute if necessary) to a number of group users. 4.RevokedGroup Users The group signature will prevent the collusion of cloud and revoked group users, where the data owner will take part in the user revocation phase and the cloud could not revoke the data that last modified by the revoked user.An attacker out side the group (include the revoked group user cloud storage server) may obtain some knowledge of the plaintext of the data. Actually, this kind of attacker has to at lease break the security of the adopted group data encryption scheme. The cloud storage server colludes with the revoked group users, and they want to provide a illegal data without being detected. Actually, in cloud environment, we assume that the cloud storage server is semi-trusted. Thus, it is reasonable that a revoked user will collude with the cloud server and share its secret group key to the cloud storage server. In this case, although the server proxy group user revocation way [24] brings much communication and computation cost saving, it will make the scheme insecure against a malicious cloud storage server who can get the secret key of revoked users during the user revocation phase. Thus, a malicious cloud server will be able to make data m, last modified by a user that needed to be revoked, into a malicious data m′.
- 5. Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore www.pvrtechnology.com, E-Mail: [email protected], Ph: 81432 71457 In the user revocation process, the cloud could make the malicious data m′ become valid. To overcome the problems above, Group signature Group signature is introduced by Chaum and Heyst It provides anonymity for signers, where each group member has a private key that enables the user to sign messages. However,the resulting signature keeps the identity of the signer secret. Usually, there is a third party that can conduct the signature anonymity using a special trapdoor. Some systems support revocation where group membership can be disabled without affecting the signing ability of unrevoked users. Boneh and Shacham proposed an efficient group signature with verifier-local revocation. The scheme provides the properties of group signature such as selfless-anonymity and traceability. Also, the scheme is a short signature scheme where user revocation only requires sending revocation information to signature verifiers. Libert et al. proposed a new scalable revocation method for group signature based on the broadcast encryption framework. However,the scheme introduces important storage overhead at group user side. Later,Libert et al. designed a scheme to enhance the former scheme which could obtain private key of constant size. In their scheme,the unrevoked members still do not need to update their keys at each revocation. System Configuration: HARDWARE REQUIREMENTS: Hardware - Pentium Speed - 1.1 GHz RAM - 1GB Hard Disk - 20 GB Key Board - Standard Windows Keyboard
- 6. Head office: 3nd floor, Krishna Reddy Buildings, OPP: ICICI ATM, Ramalingapuram, Nellore www.pvrtechnology.com, E-Mail: [email protected], Ph: 81432 71457 Mouse - Two or Three Button Mouse Monitor - SVGA SOFTWARE REQUIREMENTS: Operating System : Windows Technology : Java and J2EE Web Technologies : Html, JavaScript, CSS IDE : My Eclipse Web Server : Tomcat Tool kit : Android Phone Database : My SQL Java Version : J2SDK1.5