Secure Auditing and Deduplicating Data in Cloud

Abstract

As the cloud computing technology develops during the last decade, outsourcing data to cloud service for storage becomes an attractive trend, which benefits in sparing efforts on heavy data maintenance and management. Nevertheless, since the outsourced cloud storage is not fully trustworthy, it raises security concerns on how to realize data deduplication in cloud while achieving integrity auditing. In this work, we study the problem of integrity auditing and secure deduplication on cloud data. Specifically, aiming at achieving both data integrity and deduplication in cloud, we propose two secure systems, namely SecCloud and SecCloud+. SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. Compared with previous work, the computation by user in SecCloud is greatly reduced during the file uploading and auditing phases. SecCloud+ is designed motivated by the fact that customers always want to encrypt their data before uploading, and enables integrity auditing and secure deduplication on encrypted data.

Aim

The project is aiming at achieving both data integrity and deduplication in cloud.

Scope

The scope of this project is to generate two secure systems, SecCloud and SecCloud+ for achieving both data integrity and deduplication in cloud.

Existing System

Cloud storage is a model of networked enterprise storage where data is stored in virtualized pools of storage which are generally hosted by third parties. Cloud storage provides customers with benefits, ranging from cost saving and simplified convenience, to mobility opportunities and scalable service. These great features attract more and more customers to utilize and storage their personal data to the cloud storage: according to the analysis report, the volume of data in cloud is expected to achieve 40 trillion gigabytes in 2020.

 Disadvantages

Even though cloud storage system has been widely adopted, it fails to accommodate some important emerging needs such as the abilities of auditing integrity of cloud files by cloud clients and detecting duplicated files by cloud servers. We illustrate both problems below.

·      The first problem is integrity auditing

 How can the client efficiently perform periodical integrity verifications even without the local copy of data files. The second problem

·      The second problem is secure deduplication

How can the cloud servers efficiently confirm that the client (with a certain degree  assurance) owns the uploaded file (or block) before creating a link to this file (or block) for him/her.

Proposed System

SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. This design fixes the issue of previous work that the computational load at user or auditor is too huge for tag generation. For completeness of fine-grained, the functionality of auditing designed in SecCoud is supported on both block level and sector level. In addition, SecCoud also enables secure deduplication. Notice that the “security” considered in SecCoud is the prevention of leakage of side channel information. In order to prevent the leakage of such side channel information,  the tradition of and design a proof of ownership protocol between clients and cloud servers, which allows clients to prove to cloud servers that they exactly own the target data. Motivated by the fact that customers always want to encrypt their data before uploading, for reasons ranging from personal SecCloud as with [4] and propose the SecCloud+ schema. Besides supporting integrity auditing and secure deduplication, SecCloud+ enables the guarantee of file confidentiality. Specifically, thanks to the property of deterministic encryption in convergent encryption, we propose a method of directly auditing integrity on encrypted data. The challenge of deduplication on encrypted is the prevention of dictionary attack. As with, we make a modification on convergent encryption such that the convergent key of file is generated and controlled by a secret “seed”, such that any adversary could not directly derive the convergent key from the content of file and the dictionary attack is prevented.

Advantages

·      The computation by user in SecCloud is greatly reduced during the file uploading and auditing phases.

·      SecCloud+ is an advanced construction motivated by the fact that customers always want to encrypt their data before uploading, and allows for integrity auditing and secure deduplication directly on encrypted data.

System Architecture

System specification

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

References

Jingwei Li, Jin Li, Dongqing Xie and Zhang Cai “SECURE AUDITING AND DEDUPLICATING DATA IN CLOUD”, IEEE Transactions on Computers Volume: PP ,  Issue: 99,  26 January 2015.