International Journal of Computer Trends and Technology- volume4Issue3- 2013

A Comprehensive Security Model for Image Storage in Cloud

Ravi Shankar V, Ms. A. Jagadeswari
M-Tech, Computer Science and Engineering, Dr.MGR Educational and Research Institute University. Chennai-600095, India. Assistant Professor, Department of Information Technology, Dr.MGR Educational and Research Institute University. Chennai-600095, India.
Abstract Cloud Storage is one of the most widely used service offered by cloud. There is a huge amount of data resides on cloud at any given moment. However their security is still inadequate. And it is proving to be the deciding factor for its adoption. We need specialized security model for different data types. There is relatively little amount of work done for securing Images on cloud. In this paper, we propose Image Security Framework (ISF) to secure Images on the cloud. We hugely rely on the concept of Self Defending Object (SDO) and the capabilities of JAAS framework. Because of the distributed nature of the cloud a highly decentralized approach is needed. The SDO is best suited for this scenario. We also provide security to the travelling content, provision of ACL and Tracking mechanism. Keywords Cloud Storage, SDO, Access Control.

I. INTRODUCTION Cloud Computing lets us use Files or Applications over Internet from anywhere. Its main feature is its ability to scale up to serve as many as millions of simultaneous users or scale down to very few users. This feature enables small organisations to compete with giants in terms of quality of service and cost. It has reduced a major part of their Fixed Capital. Another feature of cloud is Virtualization. This leads to abstraction of details from users. Particularly in Cloud Storage the whereabouts of data remains secret to users. And outsourcing of data processing is also common. Cloud Storage is an emerging service model for remote data backup and synchronization. The data here is spread across multiple cloud servers and has no geographical barrier. The details of who can access the data and its physical location remains unknown. Storing sensitive data on such a virtualised and outsourced environment brings inherent loss of control to users data. To alleviate the users concern we proposed Image Security Framework. It focuses on the security of the image data. In particular it focuses on protecting sensitive images where its loss would incur huge financial loss or render a creative work pirated. To date there has been very little work done for securing images on cloud. The images could be Photographs or digitalised Art work.

There are different kinds of cloud storage available for photographers/Artists today. Popular websites like Smugmug and Flickr use Public Web-based cloud Storage where the images are uploaded via browser and the files become available through Web Interface. Services like Dropbox and LiveMesh uses local folder synchronization method that monitors content change on a configured folder to initiate synchronization. Differing from the approaches of many of those websites we use the concept of Self Defending Object (SDO) to secure the image. SDO is an extension to the Object-Oriented Programming Paradigm. It is used to enhance the security provided by OOP approach. As defined by John Holford SDO can be any object in an Object-Oriented program that encapsulates securitysensitive resources, made aware of, and take responsibility of defending those resources from access by unauthorised entity. We support distributed Access Control List to specify which group of users can access the image and the level of access. We maintain 3 levels of access. Restricted, Free and Paid Access. Images with restricted access will be available only to certain countries. Free access will be given to anyone who registers. Paid access will be given only to paid users and resized quality reduced image will be displayed before buying. We also log the usage of the data for auditing purpose. II. RELATED WORK PeerReview: In a related paper an author has described Peer Review, a system that provides accountability in distributed system. PeerReview ensures that Byzantine faults whose effects are observed by a correct node are eventually deleted and irrefutably linked to a faulty node. At the same time, PeerReview ensures that a correct node can always defend itself against false accusations. Another author has proposed Privacy Manager for cloud, reduces the risk to the cloud computing user of their private data being stolen or misused, and also assists the cloud service

ISSN: 2231-2803

http://www.internationaljournalssrg.org

Page 387

International Journal of Computer Trends and Technology- volume4Issue3- 2013

provider to conform to privacy law. There is a risk of data theft from machines in the cloud, by rogue employees of cloud service providers or by data thieves breaking into service providers machines, or even by other customers of the same service if there is inadequate separation of different customers data in a machine that they share in the cloud. As explained by author Anne Anderson JAAS provided for the first time an authenticated way of determining what person was executing code. Using JAAS ACL, Authentication and Authorization can be plugged to an application. Another work by Yu Guo has presented FPCC. Todays software systems often use many different computation features and span different abstraction levels. To build foundational certied systems, it is hard to have a single verication system supporting all computation features. In that paper they present an open framework for foundational proofcarrying code (FPCC). It allows program modules to be specied and certied separately using different type systems or program logics. Certied modules (i.e., code and proof) can be linked together to build fully certied systems. III. IMAGE SECURITY FRAMEWORK Our Proposed Framework provides comprehensive security from most of the attacks and an efficient way to share images through the cloud. The target user of the framework is mainly Photographers and Artists who wish to sell/share their work securely on cloud. A. Data Flow: The framework starts with users interaction with SDO builder tool which encrypts the image and puts into SDO. After the creation of SDO, both the Cloud Service Provider (CSP) and the User establishes a secured connection to authenticate the CSP. Upon authentication the data is transferred to the cloud storage maintaining the integrity. Confidentiality and Accountability are ensured by the SDO. SDO differs from the normal object by virtue of containing Signed and Sealed objects. The purpose of the signed object is to create runtime authentic object whose integrity cannot be violated without getting caught. Sealed object provide confidentiality to an object. Once the SDO has reached the cloud, an acknowledgement is sent to the user. While on cloud the Encrypted Image can be accessed only with a valid password. It is encrypted using Password based Encryption. The private key to decrypt the image is computed based on the Password, Random Number stored on Database and Iteration Count (Number of times the password is computed). An action performed on SDO is logged and sent to the user with enough information about the Entity and Access. Our Framework supports Access Control and Strong Authentication mechanisms. The Data Owner is allowed to mention the kind of access to be given to his Image. We maintain 3 kinds of access. Restricted, Free and Paid Access. Images with restricted access will be available only to certain countries. Free access will be given to anyone who registers. Paid access will be given only to paid users. Before payment user is allowed to have a glance of the Quality reduced, Resized and Water Marked image of the original copy. Every view-only image will have creators name watermarked on it. And he is allowed to view it for few seconds enough to make purchase decision. To avoid caching of the images on temp files, we do not store it anywhere outside the protected SDO. On the fly the image is decrypted and drawn on to the Image Viewer of SDO. To further enhance the security of the SDO we use JAAS Framework. It takes care of the Authentication and Authorisation required to avoid unauthorised entity executing the code. The logger logs all the actions performed on the SDO and despatches the log data to the user via email instantly. In case any dispute raises regarding the access to his art work, he would have the proof to offend the culprit. IV. STRUCTURE AND IMPLEMENTATION OF SDO The SDO is implemented using JAR option in Java Programming Language. JAR provides Encapsulation and Execution capabilities along with the robustness of Java Programming Language. Rather than using JAR as a container to pack the Objects and Users Data, we have included appropriate security features to make it a Self Defending Object. Inside the jar we have included Encrypted Image, Decryption object, Log Dispatcher object and Swing based GUI and Image Viewer.
Fig. 1 Overview of Image Security Framework

ISSN: 2231-2803

http://www.internationaljournalssrg.org

Page 388

International Journal of Computer Trends and Technology- volume4Issue3- 2013

To preserve the Confidentiality of the object java.crypto.SealedObject class can be used. Java.security.SignedObject can be used to protect the integrity of the travelling content. When required to add additional library files for advanced features like mailing, a third party tool called One-Jar can be used to make a single jar file.

Fig. 3 Image Viewer Displaying Resized and Watermarked Image.

V. CONCLUSIONS Security is never a destination it is a continuous journey. Every day we find a huge amount of data go missing around the globe. With the advent of Cloud, more sensitive data have started to come out of personal desktops and gets stored in a relatively untrusted environment. In this paper, we have presented a solution to safeguard the images on cloud and how the Self Defending Object can be used to enhance the existing security models. SDO remains immune against a wide range of attacks and provides comprehensive protection. It can be used in a wide range of security sensitive applications. A good amount of time invested on researching SDOs can bring a lot more to the field of information security. REFERENCES
[1] R. Bose and J. Frew, Lineage Retrieval for Scientific Data Processing: A Survey, ACM Computing Surveys, vol. 37, pp. 128, Mar. 2005 P.T. Jaeger, J. Lin, and J.M. Grimes, Cloud Computing and Information Policy: Computing in a Policy Cloud?, J. Information Technology and Politics, vol. 5, no. 3, pp. 269-283, 2009. R. Jagadeesan, A. Jeffrey, C. Pitcher, and J. Riely, Towards a Theory of Accountability and Audit, Proc. 14th European Conf. Research in Computer Security (ESORICS), pp. 152-167, 2009. J. Park and R. Sandhu, Towards Usage Control Models: Beyond Traditional Access Control, SACMAT 02: Proc. Seventh ACM Symp. Access Control Models and Technologies, pp. 57-64, 2002.

Fig. 2 SDO Authentication process an Overview.

To store the Image Information, Authentication Data and Access Log a centralized database is used. However, the password required to decrypt the image requires information from Database as well as the users Password. The password is not saved anywhere. We use JAAS to improve overall security of the SDO. JAAS is a pluggable security framework best suited for Self Defending Object in a distributed environment such as cloud.

[2]

[3]

[4]

ISSN: 2231-2803

http://www.internationaljournalssrg.org

Page 389

International Journal of Computer Trends and Technology- volume4Issue3- 2013

[5] P. Ammann and S. Jajodia, Distributed Timestamp Generation in Planar Lattice Networks, ACM Trans. Computer Systems, vol. 11, pp. 205-225,Aug.1993. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z.Peterson, and D. Song, Provable Data Possession at Untrusted Stores, Proc. ACM Conf. Computer and Comm. Security, pp. 598609,2007. M. Xu, X. Jiang, R. Sandhu, and X. Zhang, Towards a VMMBased Usage Control Framework for OS Kernel Integrity Protection,SACMAT 07: Proc. 12th ACM Symp. Access Control Models and Technologies, pp. 71-80, 2007. [9] T.J.E. Schwarz and E.L. Miller, Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage, Proc. IEEE Intl Conf. Distributed Systems, p. 12, 2006. S. Pearson, Y. Shen, and M. Mowbray, A Privacy Manager for Cloud Computing, Proc. Intl Conf. Cloud Computing (CloudCom),pp. 90106, 2009. S. Pearson and A. Charlesworth, Accountability as a Way Forward for Privacy Protection in the Cloud, Proc. First Intl Conf. Cloud Computing, 2009.

[6]

[10]

[7]

[11]

[8]

D.J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigen-baum, J. Hendler, and G.J. Sussman, Information Accountability, Comm.ACM, vol. 51, no. 6, pp. 82-87, 2008. [12] M.C. Mont, S. Pearson, and P. Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, Proc. Intl Workshop Database and Expert Systems Applications (DEXA), pp. 377-382, 2003. [13] F. Martinelli and P. Mori, On Usage Control for Grid Systems, Future Generation Computer Systems, vol. 26, no. 7, pp. 1032-1042,2010. [14] JAR Files Revealed http://www.ibm.com/developerworks/library/jjar/ [15] The Conept of Self-Defending Objects and the Development of Security Aware Applications. By John William Holford. [16] Radha Jagadeesan, Alan Jeffrey, Corin Pitcher, James Riely. "Towards a theory of accountability and audit".School of Computing, DePaul University Bell Labs, AlcatelLucent. [17] [18] Anne Anderson, "Java Access Control Mechanisms". Xinyu Feng, Zhaozhong Ni, Zhong Shao, Yu Guo, "An Open Framework for Foundational Proof-Carrying Code".

[19] Flickr, http://www.flickr.com/, 2012. [20] J.W. Holford, W.J. Caelli, and A.W. Rhodes, Using SelfDefending Objects to Develop Security Aware Applications in Java, Proc. 27th Australasian Conf. Computer Science, vol. 26,pp. 341-349, 2004. [21] R. Corin, S. Etalle, J.I. den Hartog, G. Lenzini, and I. Staicu, A Logic for Auditing Accountability in Decentralized Systems, Proc. IFIP TC1 WG1.7 Workshop Formal Aspects in Security and Trust,pp. 187-201, 2005. [22] R. Kailar, Accountability in Electronic Commerce Protocols, IEEE Trans. Software Eng., vol. 22, no. 5, pp. 313-328, May 1996.

ISSN: 2231-2803

http://www.internationaljournalssrg.org

Page 390