Scribd
Upload
74 views

Identity-Based Data Outsourcing With Comprehensive

This document proposes an identity-based data outsourcing (IBDO) scheme that allows users to securely outsource files to cloud storage while addressing integrity, auditing, and controlled delegation concerns. The key features of the proposed IBDO scheme are: 1) It allows users to authorize proxies to upload files on their behalf in a controlled and verifiable way. 2) It enables comprehensive auditing to verify file integrity as well as origin, type, and consistency of outsourced files. 3) It provides strong security guarantees against active attacks while maintaining efficiency.

Uploaded by

shital
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
74 views

Identity-Based Data Outsourcing With Comprehensive

This document proposes an identity-based data outsourcing (IBDO) scheme that allows users to securely outsource files to cloud storage while addressing integrity, auditing, and controlled delegation concerns. The key features of the proposed IBDO scheme are: 1) It allows users to authorize proxies to upload files on their behalf in a controlled and verifiable way. 2) It enables comprehensive auditing to verify file integrity as well as origin, type, and consistency of outsourced files. 3) It provides strong security guarantees against active attacks while maintaining efficiency.

Uploaded by

shital
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Identity-Based Data Outsourcing with Comprehensive Auditing in

Clouds
Abstract

Cloud storage system provides facilitative file storage and sharing services for
distributed clients. To address integrity, controllable outsourcing and origin
auditing concerns on outsourced files, we propose an identity-based data
outsourcing (IBDO) scheme equipped with desirable features advantageous over
existing proposals in securing outsourced data. First, our IBDO scheme allows a
user to authorize dedicated proxies to upload data to the cloud storage server on
her behalf, e.g., a company may authorize some employees to upload files to the
company’s cloud account in a controlled way. The proxies are identified and
authorized with their recognizable identities, which eliminates complicated
certificate management in usual secure distributed computing systems. Second, our
IBDO scheme facilitates comprehensive auditing, i.e., our scheme not only permits
regular integrity auditing as in existing schemes for securing outsourced data, but
also allows to audit the information on data origin, type and consistence of
outsourced files. Security analysis and experimental evaluation indicate that our
IBDO scheme provides strong security with desirable efficiency.

Existing System

We observe two critical issues not well addressed in existing proposals. First, most
schemes lack a controlled way of delegatable outsourcing. One may note that many
cloud storage systems (e.g., Amazon, Dropbox, Google Cloud storage) allow the
account owner to generate signed URLs using which any other designated entity
can upload, and modify content on behalf of the user. However, in this scenario,
the delegator cannot validate whether or not the authorized one has uploaded the
file as specified or verify whether or not the uploaded file has been kept intact.
Hence, the delegator has to fully trust the delegatees and the cloud server. In fact,
the file-owner may not only need to authorize some others to generate files and
upload to a cloud, but also need to verifiably guarantee that the uploaded files have
been kept unchanged. For instance, in Electronic Health Systems (EHS), when
consulting a doctor, the patient needs to delegate her doctor to generate electronic
health records (EHRs) and store them at a remote EHRs center maintained by a
CSP . In another typical scenario of cloud-aided office applications, a group of
engineers in different places may fulfill a task in cooperation. The group leader can
create a cloud storage account and authorize the members with secret warrants.
The behavior of the group members and the cloud server should be
verifiable.Second, existing PoS-like schemes, including PDP and Proofs of
Retrievability (PoR) , do not support data log related auditing in the process of data
possession proof. The logs are critical in addressing disputes in practice. For
example, when the patient and doctor in EHS get involved medical disputes, it
would be helpful if some specific information such as outsourcer, type and
generating time of the outsourced EHRs are auditable. However, there exist no
PoS-like schemes that can allow validation of these important information in a
multi-user setting.

Proposed Syatem

In proposed system,consist of file-owners, proxies, auditors, registry server, and


storage server. Generally, the file-owners, proxies and auditors are cloud clients.
The registry server is a trusted party responsible for setting up the system and
responding to the clients’ registration, and also allows the registered clients to store
the public parameters of outsourced files. The cloud storage server provides
storage services to the registered clients for storing outsourced files. In real-world
applications, an organization buys storage services from some CSP, and the IT
department of the organization can play the role of a registry server. In this way,
the registered clients (employees) can take advantage of the storage services. The
file-owner and her authorized proxies can outsource files to the cloud server.
Specifically, on behalf of the owner, the authorized proxy processes the file, sends
the processed results to the storage server, and uploads the corresponding public
parameters of the file to the registry server. Neither the file-owner nor the proxy is
required to store the original file or the processed file locally. The duty of the
auditor is to check the integrity of outsourced files and their originlike general log
information by interacting with the cloud storage server without retrieving the
entire file.
Implementation

Module Description

The modules are:

1. Identity-based outsourcing Module


2. Comprehensive auditing Module
3. Strong security guarantee Module
4. Dedicated delegation Module

Identity-based outsourcing Module

A user and her authorized proxies can securely outsource files to a remote cloud
server which is not fully trustable, while any unauthorized ones cannot outsource
files on behalf of the user. The cloud clients, including the file-owners, proxies and
auditors, are recognized with their identities, which avoids the usage of
complicated cryptographic certificates. This delegate mechanism allows our
scheme to be efficiently deployed in a multi-user setting. The adversary can ask for
private key for any identity IDi. The challenger generates ski and gives it to A.
This query means that the attacker can collude with some file-owner or proxy.

Comprehensive auditing Module

Our IBDO scheme achieves a strong auditing mechanism. The integrity of


outsourced files can be efficiently verified by an auditor, even if the files might be
outsourced by different clients. Also, the information about the origin, type and
consistence of outsourced files can be publicly audited. Similar to existing publicly
auditable schemes, the comprehensive auditability has advantages to allow a public
common auditor to audit files owned by different users, and in case of disputes, the
auditor can run the auditing protocol to provide convincing judicial witnesses
without requiring disputing parties to be corporative. Not only the integrity of the
outsourced file, but also the log information about the origin, type and consistence
of the outsourced files should be verifiable by the auditors. The integrity auditing
ensures that the outsourced files have been kept intact; the other general log
information auditing ensures that the file has been outsourced in the designated
way. With comprehensive auditing, an IBDO system can provide convincing
judicial witnesses to address disputes.
Strong security guarantee

Our IBDO scheme achieves strong security in the sense that: (1) it can detect any
unauthorized modification on the outsourced files and (2) it can detect any
misuse/abuse of the delegations/authorizations. These security properties are
formally proved against active colluding attackers. To the best of our knowledge,
this is the first scheme that simultaneously achieves both goals. An IBDO system
confronts two types of active attacks. The cloud client may impersonate others,
specifically, she may impersonate an owner or another authorized proxy, or abuse
a delegation, and in this way she can process a file and outsource it to the storage
server in an unwanted way. On the other hand, a malicious storage server may
modify or even remove the outsourced files (for example, for saving storage space
or due to hardware failures), especially for the rarely accessed files.

Dedicated delegation Module

A delegation issued by a fileowner can only be used by the specific authorized


proxy to outsource specified files in a designated way. Even the authorized proxy
cannot abuse it to outsource unspecified files, and multiple proxies cannot
cooperatively deduce a valid delegation for a new warrant to outsource an
unspecified file. In each query, the adversary submits a warrant W to C. Note that
W contains a delegator identity IDo and a delegatee identity IDp. If the private key
of IDo has not been queried before, the challenger will first generate it. Then, the
challenger answers with a delegation w. This query implies that the attacker can
obtain any normal delegations.
Architecture diagram

System Requirements

H/W System Configuration:-

Processor - Pentium –III


Speed - 1.1 Ghz

RAM - 256 MB(min)

Hard Disk - 20 GB

Key Board - Standard Windows Keyboard

Mouse - Two or Three Button Mouse

Monitor - SVGA
S/W System Configuration

 Operating System :Windows95/98/2000/XP

 Application Server : Tomcat5.0/6.X

 Front End : HTML, Java, Jsp

 Scripts : JavaScript.

 Server side Script : Java Server Pages.

 Database Connectivity : Mysql.

Algorithm implementation

Diffie–Hellman

Diffie–Hellman key exchange (D–H) [nb 1] is a specific method of securely


exchanging cryptographic keys over a public channel and was one of the
first public-key protocols as originally conceptualized by Ralph Merkle and named
after Whitfield Diffie and Martin Hellman.[1][2] D–H is one of the earliest practical
examples of public key exchange implemented within the field of cryptography.
Traditionally, secure encrypted communication between two parties required that
they first exchange keys by some secure physical channel, such as paper key lists
transported by a trusted courier. The Diffie–Hellman key exchange method allows
two parties that have no prior knowledge of each other to jointly establish a shared
secret key over an insecure channel. This key can then be used to encrypt
subsequent communications using a symmetric key cipher.
Diffie–Hellman is used to secure a variety of Internet services. However, research
published in October 2015 suggests that the parameters in use for many D–H
Internet applications at that time are not strong enough to prevent compromise by
very well-funded attackers, such as the security services of large governments.[3]
The scheme was first published by Whitfield Diffie and Martin Hellman in 1976,
[2]
 but in 1997 it was revealed that James H. Ellis,[4] Clifford Cocks and Malcolm J.
Williamson of GCHQ, the British signals intelligence agency, had previously
shown how public-key cryptography could be achieved.[5]
Although Diffie–Hellman key agreement itself is a non-authenticated key-
agreement protocol, it provides the basis for a variety of authenticated protocols,
and is used to provide forward secrecy in Transport Layer
Security's ephemeral modes (referred to as EDH or DHE depending on the cipher
suite).
The method was followed shortly afterwards by RSA, an implementation
of public-key cryptography using asymmetric algorithms.
K Means algorithm
k-means clustering is a method of vector quantization, originally from signal
processing, that is popular for cluster analysis in data mining. k-means clustering
aims to partition n observations into k clusters in which each observation belongs
to the cluster with the nearest mean, serving as a prototype of the cluster. This
results in a partitioning of the data space into Voronoi cells.
The problem is computationally difficult (NP-hard); however, there are
efficient heuristic algorithms that are commonly employed and converge quickly to
a local optimum. These are usually similar to the expectation-maximization
algorithm for mixtures of Gaussian distributions via an iterative refinement
approach employed by both algorithms. Additionally, they both use cluster centers
to model the data; however, k-means clustering tends to find clusters of
comparable spatial extent, while the expectation-maximization mechanism allows
clusters to have different shapes.
The algorithm has a loose relationship to the k-nearest neighbor classifier, a
popular machine learning technique for classification that is often confused with k-
means because of the k in the name. One can apply the 1-nearest neighbor
classifier on the cluster centers obtained by k-means to classify new data into the
existing clusters. This is known as nearest centroid classifier or Rocchio algorithm.
Conclusion
In this paper, we investigated proofs of storage in cloud in a multi-user setting. We
introduced the notion of identity based data outsourcing and proposed a secure
IBDO scheme. It allows the file-owner to delegate her outsourcing capability to
proxies. Only the authorized proxy can process and outsource the file on behalf of
the file-owner. Both the file origin and file integrity can be verified by a public
auditor. The identity-based feature and the comprehensive auditing feature make
our scheme advantageous over existing PDP/PoR schemes. Security analyses and
experimental results show that the proposed scheme is secure and has comparable
performance as the SW scheme.

Future Enhancement

We presented the first efficient Identity-Based Encryption scheme that is secure in


the full model without random oracles. We proved our the security of our scheme
by reducing it to the decisional Bilinear Diffie-Hellman problem. Additionally, we
showed how our Identity-Based encryption scheme can be converted to an efficient
signature scheme that depends only upon the computational Diffie-Hellman
assumption in the standard model. This work motivates two interesting open
problems. The first is to find an efficient IdentityBased Encryption system (without
random oracles) that has short public parameters. The second, is to find an IBE
system with a tight reduction in security. Such a solution would also likely permit
an efficient reduction for an analogous HIBE scheme.

You might also like