of 5

IRJET-Application of Cloud System on Secure Cloud Storage

Published on February 2017 | Categories: Documents | Downloads: 38 | Comments: 0
86 views

Comments

Content

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 02 Issue: 06 | Sep-2015

p-ISSN: 2395-0072

www.irjet.net

Application of Cloud System on Secure Cloud Storage
Prof. Snehal Chaflekar, Mr. Rahul Raipure
Assistant professor, Department of Information Technology, PBCOE, Nagpur, India
Department of Computer technology, BDCOE, Nagpur, India
---------------------------------------------------------------------***---------------------------------------------------------------------

Abstract - As Associate in Nursing rising technology
and business paradigm, Cloud Computing has taken
business computing by storm. Cloud computing
platforms give quick access to a company’s superior
computing and storage infrastructure through internet
services. We tend to contemplate the matter of building
a secure cloud storage service on prime of a public
cloud infrastructure wherever the service supplier isn't
utterly trusty by the client. We tend to describe, at a
high level, many designs that mix recent and nonstandard science primitives so as to attain our goal. We
tend to survey the advantages such Associate in nursing
design would supply to each customers and repair
suppliers and provides an outline of recent advances in
cryptography actuated specifically by cloud storage.

Key

Words:

cloud

computing,

cloud

infrastructures are going to be roughly classified as either
personal or public. in Associate in Nursing extremely
personal cloud, the infrastructure is managed and closelyheld by the shopper and assail premise (i.e., at intervals
{the clients|the purchasers|the shoppers} region of
customer info is beneath its management and is simply
granted to parties it trusts. in Associate in Nursing
extremely public cloud the infrastructure is closely-held
and managed by a cloud service provider and is found on
premise (i.e., at intervals the service provider's region of
control). this implies that shopper info is outside its
management and can likely be granted to untrusted
parties.Paragraph comes content here. Paragraph comes
content here. Paragraph comes content here. Paragraph
comes content here. Paragraph comes content here.
Paragraph comes content here. Paragraph comes content
here. Paragraph comes content here. Paragraph comes
content here. Paragraph comes content here.

storage,

architecture, science key, token, etc…
1. INTRODUCTION
Cloud computing portends a heavy modification in a very
thanks to store data and run applications. instead of
running programs and knowledge on a personal laptop,
everything is hosted at intervals the “cloud”—a nebulous
assemblage of computers and servers accessed via net.
Cloud computing permits you to access all of your
applications and documents from anywhere at intervals
the planet, emotional you from the compass of the desktop
and making it easier for cluster members in many
locations to collaborate. Advances in networking
technology and an increase at intervals the wish for
computing resources have prompted many organizations
to supply their storage and computing wishes. This new
economic and computing model is commonly expressed as
cloud computing and includes various kinds of services
such as: infrastructure as a service (IaaS), where a
shopper makes use of a service provider's computing,
storage or networking infrastructure; platform as a service
(PaaS), where a shopper leverages the provider's
resources to run custom applications; and finally coding
system as service (SaaS), where customers use coding
system that is run on the provider’s infrastructure. Cloud
© 2015, IRJET

Fig.1 A typical Cloud Storage system design

2. SECURITY SERVICES
To address the concerns written above and increase the
adoption of cloud storage, we've an inclination to argue for
coming up with a virtual personal storage service
supported recently developed cryptologic techniques.
Such services have to be compelled to aim to understand
the best of every world by providing the protection of a
personal cloud and conjointly the utility and worth savings
of a public cloud.
Confidentiality: the cloud storage provider does not learn
any data relating to shopper info. Integrity: Any
unauthorized modifications of shopper info by the cloud
storage provider ar usually detected by the shopper,
whereas holding the foremost edges of a public storage
service:

ISO 9001:2008 Certified Journal

Page 105

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 02 Issue: 06 | Sep-2015

p-ISSN: 2395-0072

www.irjet.net

Availability: shopper info is accessible from any machine
and in any respect times
Reliability: shopper info is reliably protected.
Economical retrieval: info retrieval times ar paying
homage to a public cloud storage service.
Data sharing: customers can share their info with
trustworthy parties. a vital side of a cryptologic storage
service is that the safety properties represented above ar
achieved supported strong cryptologic guarantees as
against legal, physical and access management
mechanisms. At its core, the planning consists of three
components: Associate in Nursing info processor (DP),
that processes info before it's sent to the cloud; Associate
in Nursing info voucher (DV), that checks whether or not
or not the data at intervals the cloud has been tampered
with; and a token generator (TG), that generates tokens
that modification the cloud storage provider to retrieve
segments of shopper data; ANd a papers generator that
implements Associate in Nursing access management
policy by provision credentials to the numerous parties at
intervals the system (these credentials will modification
the parties to decipher encrypted files in line with the
policy).

3. DESIGN OF A SCIENCE STORAGE SERVICE
At its core, the design consists of 3 components: an
information processor (DP), that processes knowledge
before it's sent to the cloud; an information booster (DV),
that checks whether or not the information within the
cloud has been tampered with; and a token generator
(TG), that generates tokens that alter the cloud storage
supplier to retrieve segments of client data; Associate in
Nursingd a certificate generator that implements an access
management policy by issuance credentials to the assorted
parties within the system (these credentials can alter the
parties to decipher encrypted files in step with the policy).

and knowledge with an expansion of science primitives.
Whenever Alice has got to verify the integrity of her
information, the information protagonist is invoked. The
latter uses Alice's master to maneuver with the cloud
storage supplier and ascertain the integrity of the
information. once Alice has got to retrieve information
(e.g., all files labeled with keyword urgent") the token
generator is invoked to make a token. The token is
shipped to the cloud storage supplier unit uses it to
retrieve the acceptable (encrypted) files that it returns to
Alice. Alice then uses the key writing key to decipher the
files. information sharing between Alice and Bob issue
throughout a similar fashion. Whenever she has got to
share information with Bob, the appliance invokes the
token generator to make associate acceptable token, then
the papers generator to urge a papers for Bob. each the
token and papers unit sent to Bob unit, in turn, sends the
token to the supplier. The latter uses the token to retrieve
and ar on the market back the acceptable encrypted
documents that Bob decrypts exploitation his papers.
Figure 2: Alice's machine prepares the data before
inflicting it to the cloud. Bob asks Alice for permission to
travel probing for a keyword. Alice's token and certificate
generators send a token for the keyword and a certificate
back to Bob. Bob sends the token to the cloud. The cloud
uses the token to look out the suitable encrypted
documents and returns them to Bob.

3.1 A shopper design
Consider 3 parties: a user Alice that stores her information
at intervals the cloud; a user Bob with whom Alice has got
to share information; and a cloud storage supplier that
stores Alice's data. To use the service, Alice associate
degreed Bob begin by downloading a shopper application
that consists of Associate in Nursing information
processor, degree information protagonist and a token
generator. Upon its initial execution, Alice's application
generates a science key. we tend to tend to ar attending to
raise this key as a master and assume it's keep regionally
on Alice's system that it's unbroken secret from the cloud
storage supplier. Whenever Alice has got to transfer
information to the cloud, the information processor is
invoked. It attaches some data (e.g., current time, size,
keywords etc) and encrypts and encodes the information
© 2015, IRJET

Fig.2. Alice’s data voucher can verify the integrity of
the data

3.2 Associate in Nursing Enterprise design
In the enterprise state of affairs we've got a bent to have
faith in Associate in Nursing enterprise MegaCorp that
stores its data inside the cloud; a business partner
PartnerCorp with whom MegaCorp has to share
knowledge; and a cloud storage provider that stores
MegaCorp's knowledge. To use the service, MegaCorp
deploys dedicated machines among its network.
Depending on the particular state of affairs, these
dedicated machines will run various core components.
Since these components build use of a master secret key, it
is vital that they be adequately protected and, specially,

ISO 9001:2008 Certified Journal

Page 106

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 02 Issue: 06 | Sep-2015

p-ISSN: 2395-0072

www.irjet.net

that the key be unbroken secret from the cloud storage
provider and PartnerCorp. If typically|this can be} often
too costly in terms of resources or expertise, management
of the dedicated machines (or specific components) can as
an alternative be outsourced to a trustworthy entity.
inside the case of a medium-sized enterprise with enough
resources and skill, the dedicated machines embody
Associate in Nursing info processor, Associate in Nursing
info champion, a token generator and a papers generator.
To begin, each MegaCorp and PartnerCorp employee
receives papers from the papers generator. These
credentials will mirror some relevant information
concerning the employees like their organization or team
or role. Whenever a MegaCorp employee generates data
that has to be hold on inside the cloud, it sends the data
beside Associate in nursing associated secret writing
policy to the dedicated machine for method. The key
writing policy specifies the sort of credentials necessary to
rewrite the data (e.g., entirely members of a particular
team). To retrieve data from the cloud (e.g., all files
generated by a particular employee), Associate in Nursing
employee re requests Associate in Nursing applicable
token from the dedicated machine. the employee then
sends the token to the cloud provider World Health
Organization uses it to hunt out and are available back the
appropriate encrypted files that the employee decrypts
exploitation his credentials. Whenever MegaCorp has to
verify the integrity of the data, the dedicated machine's
data champion is invoked. The latter uses the master
secret key to act with the storage provider and ascertain
the integrity of the data.
Presently have faith in the case where a PartnerCorp
employee needs access to MegaCorp's data. the employee
authenticates itself to MegaCorp's dedicated machine and
sends it a keyword. The latter verifies that the particular
search is allowed for this PartnerCorp employee.
If so, the dedicated machine returns Associate in Nursing
applicable token that the worker uses to recover the
acceptable (encrypted) files from the service supplier. It
then uses its credentials to decipher the file. This method
is illustrated in Figure three. equally to the patron design,
it's imperative that every one parts be either ASCII text file
or enforced by somebody apart from the cloud service
supplier. In the case that MegaCorp may be a terribly giant
organization which the prospect of running and
maintaining enough dedicated machines to method all
worker knowledge is unworkable, think about the
subsequent slight variation of the design delineate on top
of. additional exactly, during this case the dedicated
machines solely run knowledge verifiers, token generators
and certificate generators whereas the information
process is distributed to every worker. this is often
illustrated in Figure four.

© 2015, IRJET

Figure 3: (1) every MegaCorp and PartnerCorp worker
receives a credential; (2) MegaCorp workers send their
knowledge to the dedicated machine; (3) the latter
processes the information exploitation the information
processor before causing it to the cloud; (4) the
PartnerCorp worker sends a keyword to MegaCorp's
dedicated machine ; (5) the dedicated machine returns a
token; (6) the PartnerCorp worker sends the token to the
cloud; (7) the cloud uses the token to search out the
acceptable encrypted documents and returns them to the
worker. additional exactly, during this case the dedicated
machines solely run knowledge verifiers, token generators
and certificate generators whereas the information
process is distributed to every worker.

Figure 4: (1) every MegaCorp and PartnerCorp worker
receives a credential; (2) MegaCorp workers method their
knowledge exploitation their own knowledge processors
and send them to the cloud; (3) the PartnerCorp worker
sends a keyword to MegaCorp's dedicated machine; (4)
the latter returns a token; (5) the worker sends the token
to the cloud; (6) the cloud uses the token to search out the
acceptable encrypted documents and returns them to the
worker. At any purpose in time, MegaCorp's knowledge
booster will check the integrity of MegaCorp's knowledge.
The authors can acknowledge any person/authorities in
this section. This is not mandatory.

ISO 9001:2008 Certified Journal

Page 107

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 02 Issue: 06 | Sep-2015

p-ISSN: 2395-0072

www.irjet.net

4. ADVANTAGES OF A CRYPTOGRAPHICALLY
SECURED STORAGE SERVICE
4.1 Confidentiality Assurance
In a scientific discipline storage service, the knowledge is
encrypted on-premise by the knowledge processor(s).
This way, customers could also be assured that the
confidentiality of their info is preserved regardless of the
actions of the cloud storage provider. This greatly reduces
any legal exposure for every the consumer and
additionally the provider.

4.2. Geographic restrictions
In a scientific discipline storage service data is solely
detain encrypted kind so any law that pertains to the keep
info has little or no to any result on the consumer. This
reduces legal exposure for the consumer and permits the
cloud storage provider to make best use of its storage
infrastructure, thereby reducing costs.

4.3. Subpoenas
In a scientific discipline storage service, since information
is hold on in encrypted type and since the client retains
possession of all the keys, any request for the
(unencrypted) information should be created on to the
client.

4.4. Reducing Risk of Security Breaches
Even if a cloud storage supplier implements sturdy
security practices there's continually the chance of a
security breach. If this happens the client could also be
lawfully accountable. In exceedingly scientific discipline
storage service information is encrypted and information
integrity will be verified at any time. Therefore, a security
breach poses very little to no risk for the client.

4.5. Information retention and destruction
In several cases a client could also be to blame for the
retention and destruction of the info it's collected. If this
information is hold on within the cloud, however, it will be
tough for a client to establish the integrity of the info or to
verify whether or not it had been properly discarded. A
scientific discipline storage service alleviates these issues
since information integrity will be verified and since {the
information the knowledge the information} necessary to
decode data (i.e., the master key) is unbroken on-premise.
Secure information erasure will be effectively achieved by
simply erasing the master.

5. IMPLEMENTING THE CORE ELEMENTS
The core elements of a scientific discipline storage service
will be enforced employing a type of techniques, a number
of that was developed specifically for cloud storage.
© 2015, IRJET

5.1. Searchable secret writing
At a high level, a probable secret writing theme provides
some way to cipher a search index so its contents are
hidden except to a celebration that's given acceptable
tokens. a lot of exactly, contemplate a probe index
generated over a set of files (this may well be a full-text
index or simply a keyword index). Employing a searchable
secret writing theme, the index is encrypted in such some
way that (1) given a token for a keyword one will retrieve
tips to the encrypted files that contain the keyword; and
(2) while not a token the contents of the index are hidden.
Additionally, the tokens will solely be generated with data
of a secret key and therefore the retrieval procedure
reveals nothing regarding the files or the keywords except
that the files contain a keyword in common.
5.1.1. Bilaterally symmetric searchable secret writing
SSE is suitable in any setting wherever the party that
searches over the info is additionally the one WHO
generates it. The protection guarantees provided are,
roughly speaking, and the following:
1. with none tokens the server learns nothing regarding
the info except its length.
2. Given a token for a keyword w, the server learns that
(encrypted) documents contain w while not learning w.
5.1.2. Uneven searchable secret writing (ASE)
ASE schemes are acceptable in any setting wherever the
party looking over the info is totally different from the
party that generates it.
The security guarantees provided by ASE are the
following:
1. with none tokens the server learns nothing regarding
the info except its length.
2. Given a token for a keyword w, the server learns that
(encrypted) documents contain w.
5.1.3. Economical ASE (ESE)
ESE schemes are acceptable in any setting wherever the
party that searches over the info is totally different from
the party that generates it and wherever the keywords
introduce to guess.
5.1.4. Multi-user (MSSE)
MSSE schemes are acceptable in any setting wherever
several parties want to look over information that's
generated by a single party.

5.2. Attribute-based secret writing
It permits the specification of a cryptography policy to be
related to a cipher text. A user will then cypher a message
below a public key and a policy. Cryptography can solely
work if the attributes related to the cryptography key

ISO 9001:2008 Certified Journal

Page 108

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 02 Issue: 06 | Sep-2015

p-ISSN: 2395-0072

www.irjet.net

match the policy wont to cypher the message. Attributes
are qualities of a celebration which will be established
through relevant credentials.

5.3. Proofs of Storage
A proof of storage may be a protocol dead between a
consumer and a server with that the server will persuade
the consumer that it failed to tamper with its information.
The consumer begins by cryptography the info before
storing it within the cloud. From that time on, whenever it
desires to verify the integrity of the info it runs an
indication of storage protocol with the server.
The main advantages of an indication of storage are that
(1) they'll be dead a discretional range of times; and (2)
the quantity of knowledge changed between the consumer
and therefore the server is very little and freelance of the
scale of the info. Proofs of storage will be either in private
or publically verifiable. in private verifiable proofs of
storage solely enable the consumer (i.e., the party that
encoded the file) to verify the integrity of the info. With a
publically verifiable proof of storage, on the opposite
hand, anyone that possesses the client's public key will
verify the data's integrity.

[9] J. Benaloh, M. Chase, E. Horvitz, and K. Lauter. Patient
controlled encryption: ensuring privacy of
Mahima Joshi et al, International Journal of Computer
Science & Communication Networks,Vol 1(2), 171-175
Oct-Nov 2011 174 ISSN:2249-5789
electronic medical records. In ACM workshop on Cloud
computing security (CCSW '09), pages 103-114. ACM,
2009.
[10] D. Boneh, E. Kushilevitz, R. Ostrovsky, and W. Skeith.
Public-key encryption that allows PIR queries. In A.
Menezes, editor, Advances in Cryptology - CRYPTO '07,
volume 4622 of Lecture Notes in Computer Science, pages
50-67. Springer, 2007.
[11] J. W. Byun, H. S. Rhee, H.-A. Park, and D. H. Lee. Offline
keyword guessing attacks on recent keyword search
schemes over encrypted data. In Secure Data Management,
volume 4165 of Lecture Notes in Computer Science, pages
75-83. Springer, 2006.

REFERENCES
[1] G. Ateniese, S. Kamara, and J. Katz. Proofs of storage
from homomorphic identification protocols. In To appear
in Advances in Cryptology - ASIACRYPT '09, Lecture Notes
in Computer Science. Springer, 2009.
[2] Luis M.Vaquero,Luis Rodero-Merino, Jua critical areas
of focus in cloud computing. Technical report, Cloud
Security Alliance, April 2009.
[5] J. Baek, R. Safavi-Naini, and W. Susilo. On the
integration of public key data encryption and public key
encryption with keyword search. In International
Conference on Information Security (ISC '06), volume
4176 of Lecture Notes in Computer Science. Springer,
2006.
[6] J. Baek, R. Safavi-Naini, and W. Susilo. Public key
encryption with keyword search revisited. In International
conference on Computational Science and Its Applications,
pages 1249-1259. Springer-Verlag, 2008.
[7] Q.Wang, C.Wang, J. Li, K. Ren, and W. Lou. Enabling
public verifiability and data dynamics for storage security
in cloud computing. In European Symposium on Research
in Computer Security (ESORICS '09), volume 5789 of
Lecture Notes in Computer Science, pages 355{370.
Springer, 2009.
[8] D. Song, D. Wagner, and A. Perrig. Practical techniques
for searching on encrypted data. In IEEE Symposium on
Research in Security and Privacy, pages 44-55. IEEE
Computer Society, 2000.
© 2015, IRJET

ISO 9001:2008 Certified Journal

Page 109

Sponsor Documents


Recommended

No recommend documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close