IDENTITY-BASED DATA OUTSOURCING WITHCOMPREHENSIVE AUDITING IN CLOUDS
ABSTRACT
Cloud storage system provides facilitative file storage and sharing services for distributed clients. To address integrity,controllable outsourcing and origin auditing concerns on outsourced files, we propose an identity-based data outsourcing (IBDO)scheme equipped with desirable features advantageous over existing proposals in securing outsourced data. First, our IBDO schemeallows a user to authorize dedicated proxies to upload data to the cloud storage server on her behalf, e.g., a company may authorizesome employees to upload files to the company’s cloud account in a controlled way. The proxies are identified and authorized with theirrecognizable identities, which eliminates complicated certificate management in usual secure distributed computing systems. Second,our IBDO scheme facilitates comprehensive auditing, i.e., our scheme not only permits regular integrity auditing as in existing schemesfor securing outsourced data, but also allows to audit the information on data origin, type and consistence of outsourced files. Securityanalysis and experimental evaluation indicate that our IBDO scheme provides strong security with desirable efficiency
PROPOSED SYSTEM:
Our ContributionsTo address the above issues for securing outsourced data inclouds, this paper proposes an identity-based data outsourcing(IBDO) system in a multi-user setting. Compared to existingPoS like proposals, our scheme has the following distinguishingfeatures._ Identity-based outsourcing. A user and her authorizedproxies can securely outsource files to a remotecloud server which is not fully trustable, while anyunauthorized ones cannot outsource files on behalf ofthe user. The cloud clients, including the file-owners,proxies and auditors, are recognized with their identities,which avoids the usage of complicatedcryptographic certificates. This delegate mechanismallows our scheme to be efficiently deployed in amulti-user setting._ Comprehensive auditing. Our IBDO schemeachieves a strong auditing mechanism. The integrityof outsourced files can be efficiently verified byan auditor, even if the files might be outsourcedby different clients. Also, the information about theorigin, type and consistence of outsourced files canbe publicly audited. Similar to existing publicly auditableschemes, the comprehensive auditability hasadvantages to allow a public common auditor toaudit files owned by different users, and in case ofdisputes, the auditor can run the auditing protocolto provide convincing judicial witnesses without requiringdisputing parties to be corporative._ Strong security guarantee. Our IBDO schemeachieves strong security in the sense that: (1) it candetect any unauthorized modification on the outsourcedfiles and (2) it can detect any misuse/abuseof the delegations/authorizations. These securityproperties are formally proved against active colludingattackers. To the best of our knowledge, this is thefirst scheme that simultaneously achieves both goals.
EXISTING SYSTEM:
The notion of PDP introduced by Ateniese et al. allowsan auditor to check the integrity of an outsourced filewithout retrieving the entire file from the cloud server;at the same time the server does not need to access theentire file for answering integrity queries. A subsequentwork in supports modification and deletion, but notinsertion operations on the outsourced data. Yang and Jia presented a scheme to support dynamic update for theoutsourced data.Wang et al. introduced a third securitymediatorinto PDP system to generate verifiable metadataon the outsourced files in a blind way, so that the securitymediatorlearns nothing about the file. In , Wang et al.offloaded the burdensome exponentiations in PDP schemesat the client side by outsourcing the computations to a singlecomputation server.Using proxy re-signatures, Wang et al. proposeda secure cloud storage scheme with user revocation in amulti-user setting, that is, if some user is revoked, thenher outsourced data will be re-signed by the cloud storageserver. Chen et al. investigated the relationship betweensecure cloud storage and secure networking coding, wherea systematic way is presented to construct a secure cloud storagescheme from any secure networking coding protocol.Zhu et al. discussed multicloud storage and presented acooperative PDP scheme which can efficiently support datamigration. Wang also considered the multicloud storagescenario and proposed a secure identity-based scheme.Recently, Yu et al. studied key-exposure problem insecure cloud storage. In , an identity-based PDP schemeis presented from pre-homomorphic signatures to supportgroup-oriented applications.
CONCLUSION
In this paper, we investigated proofs of storage in cloud ina multi-user setting. We introduced the notion of identitybased data outsourcing and proposed a secure IBDOscheme. It allows the file-owner to delegate her outsourcingcapability to proxies. Only the authorized proxy can processand outsource the file on behalf of the file-owner. Both thefile origin and file integrity can be verified by a publicauditor. The identity-based feature and the comprehensiveauditing feature make our scheme advantageous over existingPDP/PoR schemes. Security analyses and experimentalresults show that the proposed scheme is secure and hascomparable performance as the SW scheme.
REFERENCES
[1] D. Song, E. Shi, I. Fischer, and U. Shankar, “Cloud data protectionfor the masses,” Computer, IEEE, vol. 45, no. 1, pp. 39–45, Jan 2012.
[2] C.-K. Chu, W.-T. Zhu, J. Han, J. Liu, J. Xu, and J. Zhou, “Securityconcerns in popular cloud storage services,” Pervasive Computing,IEEE, vol. 12, no. 4, pp. 50–57, Oct 2013.
[3] K. Yang and X. Jia, “Data storage auditing service in cloud computing:challenges, methods and opportunities,” World Wide Web,vol. 15, no. 4, pp. 409–428, 2012.
[4] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson,and D. Song, “Provable Data Possession at UntrustedStores,” in Proceedings of the 14th ACM Conference on Computer andCommunications Security. New York, NY, USA: ACM, 2007, pp.598–609.
[5] J. Sun and Y. Fang, “Cross-Domain Data Sharing in DistributedElectronic Health Record Systems,” Parallel and Distributed Systems,IEEE Transactions on, vol. 21, no. 6, pp. 754–764, 2010.
[6] J. Sun, X. Zhu, C. Zhang, and Y. Fang, “HCPP: Cryptographybased Secure EHR System for Patient Privacy and EmergencyHealthcare,” in Distributed Computing Systems (ICDCS), 2011 IEEE31st International Conference on. IEEE, 2011, pp. 373–382.
[7] L. Guo, C. Zhang, J. Sun, and Y. Fang, “PAAS: A Privacy-Preserving Attribute-Based Authentication System for eHealthNetworks,” in Distributed Computing Systems (ICDCS), 2012 IEEE32nd International Conference on. IEEE, 2012, pp. 224–233.
[8] A. Juels and B. S. Kaliski, Jr., “PoRs: Proofs of Retrievability forLarge Files,” in Proceedings of the 14th ACM Conference on Computerand Communications Security, New York, NY, USA, 2007, pp. 584–597.
[9] H. Shacham and B. Waters, “Compact proofs of retrievability,”Journal of Cryptology, vol. 26, no. 3, pp. 442–483, 2013.
[10] C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public Auditing for Secure Cloud Storage,” Computers,IEEE Transactions on, vol. 62, no. 2, pp. 362–275,2013.