Obfuscated Data Storage For Cloud Environment

Obfuscated Data Storage For demoralize EnvironmentRavi Pandey, and Kamlesh Chandra PurohitAbstract. Data storehouse service is one of the most attractive services provided by the cloud service provider. Despite the benefits of cloud computing threat to info confidentiality, integrity and availability may stop the selective data owner from switching to a cloud environment. Handing over the entropy to a third ships company to store and manage may generate information security issues as owner of the data dealnot deploy its own security policies in storage service providers premises. A storage service provider may misuse the customers data. In a cloud environment data is stored in the service providers premises so there should be a mechanism which hides meaning of the data from the service provider or any other unauthorized entity. In this paper, we propose a mechanism which utilizes slightly animate schemes like erasure correcting code, AES, SHA256 and some new techniques to achieve data security guarantees against any unauthorized entity.Keywords Data storage service, cloud computing, erasure correcting code, AES, SHA256.1. IntroductionCloud computing technology, which is popular for its pay as you go model attracts enterprises and individuals to host their data in a cloud environment. Based on results from IDCs 2012 North American CloudTrack Survey more than 30% of organizations expect that at heart five years, the majority of their IT capability will be delivered through public cloud services and that within three years, they will access 45.5% of IT resources through some form of cloud public, private, or hybrid. As Cloud Computing has advantages for both providers and users, it is developing in an amazing pace and predicted to grow and be adopted by a large amount of users in the near future 1.Cloud storage is an grave service of cloud computing, which allows data owners (owners) to move data from their local computing schemes to the cloud 2. T he storage space requirement is increasing every day as rate of data generation is very high. According to IDC Digital Universe Study, June 2011, In 2011, the amount of information created and replicated will surpass 1.8 zettabytes (1.8 trillion gigabytes), growing by a factor of nine in just five years. Thats nearly as some bits of information in the digital universe as stars in the physical universe. Various surveys show that the issue of data security is highest among clients who wish to switch their data in the cloud. existent encryption schemes call security guarantee for data while traversing in the network, where data resides for very short time. In case of data stored in a cloud environment, data resides for a long time in the service providers storage premises, so the service provider or its any employee can judge brute force attack to get information from the clients stored data.In a cloud environment there can be some internal attackers like employee of service provid er who can behave dishonestly. Some applications stored by other client on the same waiter may be malicious which try to access data of other clients. Although it becomes difficult for an external attacker to attack intended data as in cloud where data is stored is not known to attacker but they can try to attack any random data.Therefore, client expects a secure network in which client can upload data, an honest service provider and a third companionship auditor who can take responsibility to check integrity of data stored in cloud server.This paper is extension of our previous paper . Here we will explain proposed scheme in more detail and we will lose it the complexity of our algorithm.2. System ModelCloud storage auditing system consists of three entities client, cloud server and third political party auditor. Client is the owner of data to be stored in cloud. Client generates the data to be hosted in cloud and can access, modify or delete the data to be hosted. Cloud stora ge server stores the data and provides mechanisms to access, modifying or deleting the data.Fig. 1. Cloud data storage architecture.Storage servers are geographically distant located, data is redundantly stored in multiple servers for security reasons. ternary party auditor is an authorised system to check integrity of data storage. Data flow in between any pair of entity happens in encrypted form. We know that system is prone to internal and external attacks other issues like hardware failure, software bugs, networking may also impact the system. We believe that, the third party auditing scheme, proposed by many researcher with some modification can make the whole cloud storage environment more reliable and secure.3. Design GoalIn Existing scheme get a line problem is that data stored in cloud data storage server is in meaningful manner. Our design goal is to obfuscate data before uploading it to the cloud server. After that we utilize existing data encryption techniques and has hishing algorithm for providing user authentication and ensuring data integrity.4. Proposed Work4.1. Data Obfuscation algorithmic ruleLet F be the private institutionalize, which is to be uploaded in the cloud environment. (we can see file F as an array of bytes from 0 to Flength.) accept a key K, an array of 10 digits from 0 to 9 without any repetition.Initialize 10 files f0,f1,f2,f3,f9., we call them file parts.For each(prenominal) byte Fi of file F, calculate j= i %10For each j, look for Kj and append Fi byte on fKj component.Figure 1. Demonstration of the file F, which is to be uploaded in the cloud environment.Figure 2. Demonstration of the key K.Figure 3. Demonstration of the file component fj.4.2. Program Code for data obfuscation algorithmProgram code in python for splitting file in components.count=0n=0path=Iabcdkhol = open(path,rb)clone1=open(I115,wb)clone2=open(I116,wb)clone3=open(I117,wb)clone4=open(I120,wb)clone5=open(I121,wb)clone6=open(I123,wb)clone7=open(I124,wb )clone8=open(I125,wb)clone9=open(I126,wb)myL=clone3,clone5,clone2,clone7,clone1,clone9,clone4,clone8,clone6byte=startwhile byte=byte = khol.read(1)n=count%9count=count+1if byteif n==0clone=myL0clone.write(byte)elif n==1clone=myL1clone.write(byte)elif n==2clone=myL2clone.write(byte)elif n==3clone=myL3clone.write(byte)elif n==4clone=myL4clone.write(byte)elif n==5clone=myL5clone.write(byte)elif n==6clone=myL6clone.write(byte)elif n==7clone=myL7clone.write(byte)elif n==8clone=myL8clone.write(byte)elsebreakkhol.close()clone1.close()clone2.close()clone3.close()clone4.close()clone5.close()clone6.close()clone7.close()clone8.close()clone9.close()Program code in python for regenerating main file from components.clone1=open(I115,rb)clone2=open(I116,rb)clone3=open(I117,rb)clone4=open(I120,rb)clone5=open(I121,rb)clone6=open(I123,rb)clone7=open(I124,rb)clone8=open(I125,rb)clone9=open(I126,rb)recover=open(Iabcd,wb)myL=clone3,clone5,clone2,clone7,clone1,clone9,clone4,clone8,clone6byte=startwhile by te=if bytefor x in myLbyte=x.read(1)recover.write(byte)elsebreakclone1.close()clone2.close()clone3.close()clone4.close()clone5.close()clone6.close()clone7.close()clone8.close()clone9.close()recover.close()4.3. Erasure Correcting CodeAfter division of File F in 10 components, we use erasure correcting code to achieve data availability against byzantine failure. Erasure coding (EC) is a method of data shelter in which data is broken into fragments, expanded and encoded withredundantdata pieces and stored across a set of different locations or storage media. Erasure coding creates a mathematicalfunctionto describe asetof numbers racket so they can be checked for accuracy and recovered if one is lost. Referred to aspolynomial interpolationor oversampling, this is the key concept behind erasure codes. In mathematical terms, the protection offered by erasure coding can be represented in simple form by the following equation n = k + m. The variable k is the original amount of data or sym bols. The variable m stands for the extra or redundant symbols that are added to provide protection from failures. The variable n is the amount of money number of symbols created after the erasure coding process. For instance, in a 1016 method six extra symbols (m) would be added to the 10 base symbols (k). The 16 data fragments (n) would be spread across 16 drives, nodes or geographic locations. The original file could be reconstructed from 10 verified fragments.4.4. Component Encryption (AES)Now we can encrypt each file component with AES using 128 bit, 192 bit, or 256 bit key for encryption.4.5. Token Generation(SHA256)We calculate hash function SHA256 for every data component H(fi)=xi. TheSHA algorithm is a cryptographic hash functionwhich produces a 64 digithash appreciate. We use this token as a challenge token for auditing the storage server. Third party auditor keeps token value of each encrypted file component. File components are identified by a random_number generated b y the client. Size of random_number depends on the requirement of the storage space by the client.4.6. Database descriptionAfter uploading files in the data storage server the client can delete the files in its local machine. Client keeps database of each file which contains file name, AES encryption password , file distribution password. Besides this for each file client keeps database for file component of that file. It contains random_number associated with each file component.Third party auditor keeps clients id, random_number associated with file components and challenge token corresponding to each component.Storage server stores client id and file component named with random_number generated by the client.5. Third Party auditingTPA sends random_number to the cloud storage server.On receiving this random_number, cloud storage server calculates hash function of corresponding file component.Storage server encrypts this hash value with a shared key among TPA and storage server and sends encrypted hash value to TPA.TPA matches this received value with its database.If the stored hash value of a file and received hash value are same then file component is stored correctly, otherwise TPA sends alert message to the corresponding client of that file.6. Algorithm AnalysisIn this section, we evaluate the complexity of the proposed scheme under the section 4.1. We took files of size 10 kb, 100 kb, 1000 kb and 10,000 kb for analyzing time complexity of the algorithm. Using time function of python we majored repeatedly the time of execution of proposed algorithm. We anchor that time of execution linearly (O(n)) depends on the size of file. Similarly, we majored time of execution at the time of regeneration of file from its components, and we found that time of regeneration of file is also linearly (O(n)) depends on file size. After execution of algorithm we found that total size of file components generated from the file to be uploaded is equal to the size of original file. In this way proposed scheme do not impose any extra storage burden.7. ConclusionTo guarantee cloud data storage security, it is essential to hide meaning of data from all the third party entities like storage service provider and third party auditor. This is only possible when owner of data obfuscate the file to be uploaded in its own machine before uploading. The scheme which we have proposed ensures that information stored in the file cannot be pick uped by the third party auditor and storage service provider. Hence, clients file is safe from both internal and external attackers. Utilization of existing scheme erasure correcting code ensures security against byzantine failure and use of random_number associated with file components together with secure hash algorithm allows third party auditor to audit file components without sharing any information which can help storage service provider to interpret the meaning of stored file.ReferencesAgrawal, R., Srikant, R. Fast Algo rithms for Mining Association Rules. In Proceedings of the 20th International Conference on Very Large Databases. Morgan Kaufmann, Santiago, Chile, 487-499. (1994)Garcia-Molina, H., Ullman, D. J., Widom, J. Database Systems The Complete Book. Prentice Hall, bran-new Jersey, USA. (2002)Wang, X., Bettini, C., Brodsky, A., Jajoida, S. Logical Design for Temporal Databases with Multiple Granularities. ACM Transactions on Database Systems, Vol. 22, No. 2, 115-170. (1997)Bruce, K. B., Cardelli, L., Pierce, B. C. Comparing Object Encodings. In Abadi, M., Ito, T. (eds.) Theoretical Aspects of electronic computer Software. Lecture Notes in Computer Science, Vol. 1281. Springer-Verlag, Berlin Heidelberg New York, 415438. (1997)van Leeuwen, J. (ed.) Computer Science Today. Recent Trends and Developments. Lecture Notes in Computer Science, Vol. 1000. Springer-Verlag, Berlin Heidelberg New York (1995)Ribire, M., Charlton, P. Ontology Overview. Motorola Labs, Paris (2002). Online. Available htt p//www.fipa.org/docs/input/f-in-00045/f-in-00045.pdf (current October 2003)