Integrity Verification in Multiple Cloud Storage Using Cooperative PDP Method

International Journal of Engineering Trends and Technology (IJETT) Volume 4 Issue 9- Sep 2013
ISSN: 2231-5381 http://www.ijettjournal.org Page 4272

Integrity Verification In Multiple Cloud Storage
Using Cooperative PDP Method

*
Usha Sundari Dara
1
M. Swetha Chandra
2

1
PG Student (M. Tech) Dept. of CSE, TRR College of Engineering, Hyderabad, AP, India
2
Assistant Professor, Dept. of CSE, TRR College of Engineering, Hyderabad, AP, India

Abstract: In this paper we propose Provable data possession (PDP), a probabilistic proof
method for CSPs to prove the data integrity without downloading the whole data. In recent
years, cloud computing has rapidly expanded as an alternative to conventional computing
model since it can provide a flexible, dynamic, resilient and cost effective infrastructure. When
multiple internal and/ or external cloud services are incorporated, we can get a distributed
cloud environment, i.e., multicloud. Multicloud is the extension of hybrid cloud. When
multicloud is used to store the clients data, the distributed cloud storage platforms are
indispensable for the clients data management. Of course, multicloud storage platform is also
more vulnerable to security attacks. In this Paper, We prove the security of our scheme based
on multi-prover zero-knowledge proof system, which can satisfy completeness, knowledge
soundness, and zero-knowledge properties and we also present the performance optimization
mechanisms for our scheme.
Keywords: Interactive Protocol, Zero-knowledge, Multiple Cloud, Cooperative, Integrity
Verification, Multi-Prover, cloud service providers.

1. Introduction
Cloud computing has become a faster
profit growth point in recent years by
providing a comparably low-cost,
scalable, position-independent platform
for clients' data. Although commercial
cloud services have revolved around
public clouds, the growing interest of
building private cloud on open-source
cloud computing tools forces local users
to have a flexible and agile private
infrastructure to run service workloads
within their administrative domains.
Private clouds are not exclusive for being
public clouds, and they can also support
a hybrid cloud model by supplementing a
local infrastructure with computing
capacity from an external public cloud.
By using virtual infrastructure
management (VIM) [1], a hybrid cloud can
allow remote access to its resources over
the Internet via remote interfaces, such as
the Web services interfaces that Amazon
EC2 uses.
In recent years, cloud storage service
has become a faster profit growth point by
providing a comparably low-cost,
scalable, position-independent platform
for clients data. Since cloud computing
environment is constructed based on

open architectures and interfaces, it has
the capability to incorporate multiple
internal and/ or external cloud services
together to provide high interoperability.
Such a distributed cloud environment is
called as a multi-Cloud (or hybrid cloud).
Often, by using virtual infrastructure
management (VIM), a multi-cloud allows
clients to easily access his/ her resources
remotely through interfaces such as Web
services provided by Amazon EC2. There
exist various tools and technologies for
multi cloud, such as Platform VM
Orchestrator, VMware vSphere, and Ovirt.
These tools help cloud providers
construct a distributed cloud storage
platform (DCSP) for managing clients
data.
However, if such an important
platform is vulnerable to security attacks,
it would bring irretrievable losses to the
clients. For example, the confidential data
in an enterprise may be illegally accessed
through a remote interface provided by a
multi-cloud, or relevant data and archives
may be lost or tampered with when they
are stored into an uncertain storage pool
outside the enterprise.
Therefore, it is indispensable for cloud
service providers (CSPs) to provide
security techniques for managing their
storage services. Provable data possession
(PDP) (or proofs of retrievability (POR)) is
such a probabilistic proof technique for a
storage provider to prove the integrity and
ownership of clients data without
downloading data.
The proof-checking without
downloading makes it especially
important for large-size files and folders
(typically including many clients files) to
check whether these data have been
tampered with or deleted without
downloading the latest version of data.

Thus, it is able to replace traditional
hash and signature functions in storage
outsourcing. Various PDP schemes have
been recently proposed, such as Scalable
PDP and Dynamic PDP. However, these
schemes mainly focus on PDP issues at
un-trusted servers in a single cloud
storage provider and are not suitable for a
multi-cloud environment.
With the growing popularity of clouds,
the tools and technologies for hybrid
clouds are emerging recently, such as the
platform VM Orchestrator, VMware
vSphere , and Ovirt . They help users
construct a comparably low-cost,
scalable, location-independent platform
for managing clients' data. However, if
such an important platform is vulnerable
to security attacks, it would bring
irretrievable losses to the clients, for
example, the confidential data in an
enterprise may be illegally accessed by
using remote interfaces, or the relevant
data and archives are lost or tampered
with when they are stored into an
uncertain storage pool outside the
enterprise. Therefore, it is indispensable
for cloud service providers (CSP s) to
provide secure management techniques to
ensure their storage services.

There exist various tools and
technologies for multi cloud, such as
Platform VM Orchestrator,
VMwarevSphere, and Ovirt. These tools
help cloud providers construct a
distributed cloud storage platform for
managing clients data. However, if such
an important platform is vulnerable to
security attacks, it would bring
irretrievable losses to the clients. For
example, the confidential data in an
enterprise may be illegally accessed
through a remote interface provided by a
multi-cloud, or relevant data and archives
may be lost or tampered with when they
are stored into an uncertain storage pool
outside the enterprise. Therefore, it is
indispensable for cloud service providers
to provide security techniques for
managing their storage services.
To check the availability and integrity
of outsourced data in cloud storages,
researchers have proposed two basic
approaches called Provable Data
Possession and Proofs of Retrievability.
Ateniese et al. first proposed the PDP
model for ensuring possession of files on
un-trusted storages and provided an
RSA-based scheme for a static case that
achieves the communication cost. They
also proposed a publicly verifiable
version, which allows anyone, not just the
owner, to challenge the server for data
possession. They proposed a lightweight
PDP scheme based on cryptographic hash
function and symmetric key encryption,
but the servers can deceive the owners by
using previous metadata or responses
due to the lack of randomness in the
challenges. The numbers of updates and
challenges are limited and fixed in
advance and users cannot perform block
insertions anywhere.

2. Architecture of proposed Multi-
Cloud for Data Integrity
Although existing PDP schemes offer a
publicly accessible remote interface for
checking and managing the tremendous
amount of data, the majority of existing
PDP schemes are incapable to satisfy the
inherent requirements from multiple
clouds in terms of communication and
computation costs. To address this
problem, we consider a multi-cloud
storage service as illustrated in Figure 1.
In this architecture, a data storage service
involves three different entities: Clients
who have a large amount of data to be
stored in multiple clouds and have the
permissions to access and manipulate
stored data; Cloud Service Providers
(CSPs) who work together to provide data
storage services and have enough
storages and computation resources; and
Trusted Third Party (TTP) who is trusted
to store verification parameters and offer
public query services for these
parameters.

Figure 1 Architecture for data integrity Model.
In this architecture, we consider the
existence of multiple CSPs to
cooperatively store and maintain the
clients data. Moreover, a cooperative PDP
is used to verify the integrity and
availability of their stored data in all
CSPs. The verification procedure is
described as follows: Firstly, a client (data
owner) uses the secret key to pre-process
a file which consists of a collection of
blocks, generates a set of public
verification information that is stored in
TTP, transmits the file and some
verification tags to CSPs, and may delete
its local copy; Then, by using a
verification protocol, the clients can issue
a challenge for one CSP to check the
integrity and availability of outsourced
data with respect to public information
stored in TTP.
In hybrid clouds, a collaborative work
model provides some mutual channels
among individual clouds. This kind of
channels will no doubt increase the
possibility of malicious attacks. For
example, existing PDP schemes could
provide an efficient integrity checking for
outsourced data, however, most of these
schemes ignore the problem of
information leakage among the interactive
processes. Thus, as a public verification
service without a strong security
mechanism for data protection, a
malicious attacker could easily exploit
such a service to obtain private data. This
attack is extremely dangerous to the
confidential data of an enterprise. Even
though existing PDP schemes have
addressed various aspects such as public
verifiability [2], dynamics [4], scalability
[3], and privacy preservation [10], we still
need a careful consideration to the
following attacks, which are more easily
compromise the security of storage
services in hybrid environments than
those in public clouds.
Data leakage attack: Through the
interfaces of public clouds, various
applications in hybrid clouds are allowed
to access data in private clouds, so a PDP
service (considered as a Daemon)
undoubtedly provides a covert channel to
access the secret data in private clouds.
Therefore, if a PDP scheme cannot resist
against the data leakage attacks, an
adversary can easily obtain the entire
data through the interactive proof
process. For instance, Attack I and Attack
3 described in Appendix A and B
demonstrates that a verifier can get the
stored data after running or wiretapping
sufficient verification communications. It
is obvious that such an attack could
significantly impact the privacy of
outsourced data in clouds.
Tag forgery attack: In hybrid clouds,
an untrusted CSP has more opportunities

to induce a forgery attack, in which the
CSP can cheat a verifier by generating a
valid tag for the tampered data. For
example, Attack 2 and Attack 4 given in
Appendix A and B shows that a
successful forgery attack can occur only if
one of the following cases is happened:
Clients modify data blocks in a file;
Clients insert and delete blocks
repeatedly in a file;
Clients reuse the same file name to
store multiple different files.
Some security mechanisms, such as
client-side encryption and access
control, can be implemented in clouds to
enhance the security of existing PDP
schemes, but they will undoubtedly
increase the computation and
communication overheads of PDP
services.
In summary, it is essential to develop
an efficient verification method for the
data security in hybrid cloud
environments. Furthermore, from the
above-mentioned challenges, our
objectives for checking integrity of
outsourced data in hybrid clouds are as
follows:
Security aspect: Our scheme should
provide adequate security features to
resist some existing attacks, such as data
leakage attack and tag forgery attack;
Usability aspect: In the way of
collaboration, a client should make use of
the integrity check via a cloud service
provider. Our scheme should conceal the
details of the storage to reduce the
burden on clients; and
Performance aspect: Our scheme should
have a higher performance for anomaly
detection and only introduce lower
communication and computation
overheads.
3. Frame Work and Main Architecture
Although PDP schemes evolved
around public clouds offer a publicly
accessible remote interface to check and
manage the tremendous amount of data,
the majority of today's PDP schemes is
incapable of satisfying such an inherent
requirement of hybrid clouds in terms of
bandwidth and time. To solve this
problem, we consider a hybrid cloud
storage service as illustrated in Figure 2.
In this architecture, we consider a data
storage service involving three different
entities: Granted clients, who have a large
amount of data to be stored in hybrid
clouds and have the permissions to
access and manipulate these stored data;
Cloud service providers (CSP s), who work
together to provide data storage services
and have enough storage space and
computation resources; and Trusted third
parties (TTP s), who are trusted to store
the verification parameters and offer the
query services for these parameters.

Figure 2 Architectural Verification for data integrity in
hybrid clouds

To support this architecture, a cloud
storage provider also needs to add
corresponding modules to implement
collaborative PDP services. For example,
OpenNebula is an open source, virtual
infrastructure manager that integrated
with multiple virtual machine managers,
transfer managers, and external cloud
providers. In Figure 3, we describe such a
cloud computing platform based on
OpenNebula architecture [1], in which a
service module of collaborative PDP is
added into cloud computing management
platform (CCMP). This module is able to
response the PDP requests of TTP
through cloud interfaces. In addition, a
hash index hierarchy (HIH) , which is
described in details in Section III-C, is
used to provide a uniform and
homogeneous view of virtualized
resources in virtualization components.
For the sake of clarity, we use yellow color
to indicate the changes from original
OpenNebula architecture.
In this architecture, we consider the
existence of multiple CSP s to
collaboratively store and maintain the
clients' data. Moreover, a collaborative
PDP is used to verify the integrity and
availability of their stored data in CSP s.
The verification flowchart is described as
follows: Firstly, the client (data owner)
uses the secret key to pre-processes the
file, which consists of a collection of n
blocks, generates a set of public
verification information that is stored in
TTP, transmits the file and some
verification tags to CSP s, and may delete
its local copy; At a later time, by using a
verification protocol for collaborative PDP,
the clients can issue a challenge for one
CSP to check the integrity and availability
of outsourcing data in terms of public
verification information stored in TTP.

Figure 3 Cloud computing platformfor CPDP service
based on OpenNebula
Table 1 Signal Representation
Signal Representation
n No. of blocks in a file
s No. of Sectors in each block
t No. of index coefficients in a
query
c No of clouds to store in a file
Q Set of index coefficients pairs
The response for a challenge Q

A representative architecture for data
storage in hybrid clouds is illustrated as
follows: this architecture is a hierarchical
structure 1l on three layers to represent
the relationship among all blocks for
stored resources.
This kind of architecture is a nature
representation of file storage. We make
use of this simple hierarchy to organize
multiple CSP services, which involves
private clouds or public clouds, by
shading the differences between these

clouds. In this architecture, the resources
in Express Layer are split and stored into
three CSP s , that have different colors, in
Service Layer. In turn, each CSP
fragments and stores the assigned data
into the storage servers in Storage Layer.
We also make use of colors to distinguish
different CSP s. Moreover, we follow the
logical order of the data blocks to organize
the Storage Layer.
This architecture could provide some
special functions for data storage and
management. For example, there may
exist overlap among data blocks (as
shown in dashed line) and skipping (as
shown on a non-continuous color). But
these functions would increase the
complexity of storage management.
Def: A response is called homomorphic
verifiable response in PDP protocol, if
given two responses ei and ej for two
challenges Qi and Qj from two CSPs,
there exists an efficient algorithm to
combine them into a response e
corresponding to the sum o{the
challenges Qi U Qj.
Homomorphic verifiable response is
the key technique of collaborative PDP
because it not only reduces the
communication bandwidth, but also
conceals the location of outsourcing data
in hybrid clouds.
SECURITY AND PERF ORMANCE
ANALYSIS
The collaborate integrity verification
for distrusted outsourcing data, in
essence, is a multi-prover interactive
proof system (IP S), so that the
correspondence construction should
satisfy the security requirement of IP S.
Moreover, in order to ensure the security
of verified data, this kind of construction
is also a Multi-Prover Zero-knowledge
Proof (MPZKP) system [5], [ I I], which can
be considered as an extension of the
notion of an interactive proof system (IP
S). Roughly speaking, the scenario of
MPZKP is that a polynomial-time bounded
verifier interacts with several provers
whose computational power is unlimited.
Given an assertion L, such a system
satisfies three following properties:
(1) Completeness: whenever x E L, there
exists a strategy for provers that
convinces the verifier that this is the case;
(2) Soundness: whenever x tt L, whatever
strategy the provers employ, they will not
convince the verifier that x E L;
(3) Zero-knowledge: no cheating verifier
can learn anything other than the veracity
of the statement. Since this construction
is directly derived from MPZKP model, the
soundness and zero-knowledge properties
can protect our construction from various
attacks as follows:
Security for tag forging attack: The
soundness means that it is infeasible to
fool the verifier into accepting false
statements. It is also regarded as a
stricter notion of unforgeability for the file
tags. To be exact, soundness is defined as
follows: for every "invalid" tag (J * tt
TagGen(sk, F), there doesn't exists an
interactive machine P* can pass
verification with any verifier V* with
noticeable probability.

Security for data leakage attack: In
order to protect the confidentiality of the
checked data, we are more concerned
about the leakage of private information
in the verification process.
In actual practice, we introduce the
collaborative PDP scheme to construct an
audit system architecture for outsourcing
data in hybrid clouds by replacing TTP
with a third party auditor (TPA) in Figure
2. In this architecture, data owner and
granted clients need to dynamically
interact with CSP to access or update
their data for various application
purposes. However, we neither assume
that CSP is trusted to guarantee the
security of the stored data, nor assume
that data owner has the ability to collect
the evidence of the CSP's fault after errors
have been found. Hence TPA, as a trust
third party (TTP), is used to ensure the
storage security of their outsourcing data.
We assume the TPA is reliable and
independent, and thus has no incentive
to collude with either CSP s or users
during the auditing process.
4. Conclusions
In this paper, we addressed the
construction of collaborative integrity
verification mechanism for distributed data
outsourcing in hybrid clouds. Based on
homomorphic verifiable responses and hash
index hierarchy, we proposed a collaborative
provable data possession scheme to support
dynamic scalability on multiple storage
servers. Our performance analysis indicated
that our proposed solution only incurs a
small constant amount of communications
overhead. As part of future work, we would
extend our work to explore more effective
CPDP constructions. First, from our
experiments we found that the performance
of CPDP scheme, especially for large files, is
affected by the bilinear mapping operations
due to its high complexity. To solve this
problem, RSAbased constructions may be a
better choice, but this is still a challenging
task because the existing RSAbased
schemes have too many restrictions on the
performance and security.
Acknowl edgements
The authors would like to thank the
anonymous reviewers for their comments
which were very helpful in improving the
quality and presentation of this paper.
References:
[1] G. Ateniese, R. Dipietro, L. V.
Mancini, G. Tsudik, Scalable and Efficient
Provable Data Possession SecureComm
2008, 2008.
[2] S. Y Ko, T. Hoque, B. Cho, and T.
Gupta, "On availability o f intermediate
data in cloud computations," in Proc. 12th
Usenix Workshop on Hot Topics in
Operating Systems (HotOS Xll) , 2009, pp.
1-10.
[3] S. Pallickara, I. Ekanayake, and G.
Fox, "Granules: A lightweight, streaming
runtime for cloud computing with support,
for map-reduce," in CLUSTER, 2009, pp.
1-10.
[4] C. C. Erway, A. Kupcu, C.
Papamanthou, R. Tamassia, Dynamic
Provable Data Possession, CCS09, 2009,
213-222.

[5] F. Sebe, J . Domingo-Ferrer, A.
Martinez-balleste, Y. Deswarte, J .
Quisquater, Efficient Remote Data
Integrity checking in Critical Information
Infrastructures, IEEE Transactions on
Knowledge and Data Engineering, 20(8),
2008, 1-6.
[6] G. Ateniese, R. Burns, R. Curtmola, J .
Herring, L. Kissner, Z. Peterson, D. Song,
Provable data possession at untrusted
stores, CCS07, 2007, 598-609.
[7] B. Sotomayor, R . S. Montero, T. M .
Llorente, and T. T. Foster, "Virtual
infrastructure management in private and
hybrid clouds," IEEE Internet Computing,
vol. 1 3 , no. 5, pp. 14-22, 2009.
[8] G. Ateniese, R. C. Burns, R.
Curtmola, I. Herring, L. Kissner, Z. N. I.
Peterson, and D. X. Song, "Provable data
possession at untrusted stores," in ACM
Conference on Computer and
Communications Security, 2007, pp. 598-
609.
[9] G. Ateniese, R. D. Pietro, L. V.
Mancini, and G. Tsudik, "Scalable and
efficient provable data possession," in
Proceedings of the 4th international
conference on Security and privacy in
communication netowrks, SecureComm,
2008, pp. 1-10.
[10] M. Armbrust, A. Fox, R. Griffith, A. D.
J oseph, R. H. Katz, A. Konwinski, G. Lee,
D. A. Patterson, A. Rabkin, 1. Stoica, and
M. Zaharia, "Above the clouds : A berkeley
view of cloud computing," EECS
Department, University of California,
Berkeley, Tech. Rep. UCB/ EECS-2009-28,
Feb 2009. [Online]. Available:
http:/ / www.eecs.berkeley.edu/ Pubs/ Tech
Rpts/ 2009IEECS-2009-28.html
[11] H. Shacham and B. Waters, "Compact
proofs of retrievability," in ASIACRYPT,
2008, pp. 90-1 07.
[12] H. Hu, L. Hu, and D. Feng, On a
class of pseudorandom sequences from
elliptic curves over finite fields, IEEE
Transactions on Information Theory, vol.
53, no. 7, pp. 25982605, 2007.
[13] A. Bialecki, M. Cafarella, D. Cutting,
and O. OMalley, Hadoop: A framework for
running applications on large clusters
built of commodity hardware, Tech. Rep.,
2005. [Online]. Available:
http:/ / lucene.apache.org/ hadoop/
Authors Profi le:
Usha Sundari Dara is pursing her masters
degree (M.Tech in CSE) from TRR College of
Engineering, Hyderabad

M. Swetha Chandra is working as an
Assistant Professor in Computer Science
Department at TRR College of Engineering,
Hyderabad. She a had an Experience of two
years in teaching filed.

Integrity Verification in Multiple Cloud Storage Using Cooperative PDP Method

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Integrity Verification in Multiple Cloud Storage Using Cooperative PDP Method

Загружено:

Авторское право:

Доступные форматы

International Journal of Engineering Trends and Technology (IJETT) Volume 4 Issue 9- Sep 2013

ISSN: 2231-5381 http://www.ijettjournal.org Page 4272

Вам также может понравиться