Вы находитесь на странице: 1из 10

IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 2, NO.

1, FEBRUARY 2018 3

A Three-Layer Privacy Preserving Cloud Storage


Scheme Based on Computational Intelligence
in Fog Computing
Tian Wang , Jiyuan Zhou, Xinlei Chen , Guojun Wang , Anfeng Liu , and Yang Liu, Member, IEEE

Abstract—Recent years witness the development of cloud com- and Technology) [1]. Since it was proposed, cloud computing
puting technology. With the explosive growth of unstructured data, has attracted great attention from different sectors of society.
cloud storage technology gets more attention and better develop- Cloud computing has gradually matured through so many peo-
ment. However, in current storage schema, user’s data is totally
stored in cloud servers. In other words, users lose their right of ple’s efforts [2]. Then there are some cloud-based technologies
control on data and face privacy leakage risk. Traditional privacy deriving from cloud computing. Cloud storage is an important
protection schemes are usually based on encryption technology, part of them.
but these kinds of methods cannot effectively resist attack from the With the rapid development of network bandwidth, the vol-
inside of cloud server. In order to solve this problem, we propose a ume of user’s data is rising geometrically [3]. User’s requirement
three-layer storage framework based on fog computing. The pro-
posed framework can both take full advantage of cloud storage and cannot be satisfied by the capacity of local machine any more.
protect the privacy of data. Besides, Hash-Solomon code algorithm Therefore, people try to find new methods to store their data.
is designed to divide data into different parts. Then, we can put a Pursuing more powerful storage capacity, a growing number
small part of data in local machine and fog server in order to pro- of users select cloud storage. Storing data on a public cloud
tect the privacy. Moreover, based on computational intelligence, server is a trend in the future and the cloud storage technology
this algorithm can compute the distribution proportion stored in
cloud, fog, and local machine, respectively. Through the theoretical will become widespread in a few years. Cloud storage is a cloud
safety analysis and experimental evaluation, the feasibility of our computing system which provides data storage and management
scheme has been validated, which is really a powerful supplement service. With a cluster of applications, network technology and
to existing cloud storage scheme. distributed file system technology, cloud storage makes a large
Index Terms—Cloud computing, cloud storage, fog computing, number of different storage devices work together coordinately
privacy protection. [4], [5]. Nowadays there are a lot of companies providing a va-
riety of cloud storage services, such as Dropbox, Google Drive,
I. INTRODUCTION
iCloud, Baidu Cloud, etc. These companies provide large ca-
INCE the 21st century, computer technology has developed
S rapidly. Cloud computing, an emerging technology, was
first proposed in SES 2006 (Search Engine Strategies 2006) by
pacity of storage and various services related to other popular
applications, which in turn leads to their success in attracting hu-
morous subscribers. However, cloud storage service still exists
San Jose and defined by NIST (National Institute of Standards a lot of security problems. The privacy problem is particularly
significant among those security issues. In history, there were
Manuscript received June 14, 2017; revised September 25, 2017; accepted some famous cloud storage privacy leakage events. For exam-
October 7, 2017. Date of current version January 19, 2018. This work was ple, Apples iCloud leakage event in 2014, numerous Hollywood
supported in part by the National Natural Science Foundation of China under actresses private photos stored in the clouds were stolen. This
Grants 61672441, 61472451, and 61632009, in part by the Guangdong Provin-
cial Natural Science Foundation under Grant 2017A03030800, in part by the event caused an uproar, which was responsible for the users’
High Level Talents Program of Higher Education in Guangdong Province un- anxiety about the privacy of their data stored in cloud server.
der Grant 2016ZJ01, and in part by the Foster Project for Graduate Student As shown in Fig. 1, user uploads data to the cloud server
in Research and Innovation of Huaqiao University under Grant 1611414016.
(Corresponding author: Guojun Wang.) directly. Subsequently, the Cloud Server Provider (CSP) will
T. Wang, J. Y. Zhou, and X. L. Chen are with the Department of Computer take place of user to manage the data. In consequence, user do
Science and Technology, Huaqiao University, Xiamen 361021, China (e-mail: not actually control the physical storage of their data, which
cs_tianwang@163.com; zhoujiyuan1994@foxmail.com; adamwt@163.com).
G. Wang is with the School of Computer Science and Educational Soft- results in the separation of ownership and management of data
ware, Guangzhou University, Guangzhou 510006, China (e-mail: wsnman@ [6]. The CSP can freely access and search the data stored in
gmail.com). the cloud. Meanwhile the attackers can also attack the CSP
A. F. Liu is with the School of Information Science and Engineering, Cen-
tral South University, Changsha 410083, China (e-mail: afengliu@mail.csu. server to obtain the user’s data. The above two cases both make
edu.cn). users fell into the danger of information leakage and data loss.
Y. Liu is with the State Key Laboratory of Networking and Switching Tech- Traditional secure cloud storage solutions for the above prob-
nology, Beijing University of Posts and Telecommunications, Beijing 100876,
China (e-mail: liu.yang@bupt.edu.cn). lems are usually focusing on access restrictions or data encryp-
Digital Object Identifier 10.1109/TETCI.2017.2764109 tion. These methods can actually eliminate most part of these

2471-285X © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.
4 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 2, NO. 1, FEBRUARY 2018

II. RELATED WORKS


The importance of security in cloud storage has attracted a
lot of attention no matter in academe or industry. There are a lot
of researches about secure cloud storage architectures in recent
years. In order to solve the privacy issue in cloud computing,
paper [10] proposed a privacy-preserving and copy-deterrence
CBIR scheme using encryption and watermarking techniques.
This scheme can protect the image content and image features
well from the semi-honest cloud server, and deter the image
user from illegally distributing the retrieved images. Shen et al.
think cloud is semi-trusted and propose a framework for urban
data sharing by exploiting the attribute-based cryptography. The
scheme they proposed is secure and can resist possible attacks
[11]. Fu et al. propose a content-aware search scheme, which
can make semantic search more smart. The experiments results
show that their scheme is efficient [12].
In paper [13], Hou, Pu and Fan consider that in traditional
situation, user’s data is stored through CSP, even if CSP is
trustworthy, attackers can still get user’s data if they control the
cloud storage management node. To avoid this problem, they
Fig. 1. Traditional cloud storage structure. propose an encrypted index structure based on an asymmetric
challenge-response authentication mechanism. When user
problems. However, all of these solutions cannot solve the inter- requests data from cloud server, the user sends a password to
nal attack well, no matter how the algorithm improves. There- the server for identification. Taking it into consideration that
fore, we propose a TLS scheme based on fog computing model the password may be intercepted, the structure uses asymmetric
and design a Hash-Solomon code based on Reed-Solomon code response mode. Hou, Wu, Zhen and Yang point out that the se-
[7], [8]. Fog computing is an extended computing model based cure core of cloud storage is security and privacy in distributed
on cloud computing which is composed of a lot of fog nodes. system. So they propose a secure virtual protection scheme
These nodes have a certain storage capacity and processing ca- based on SSL and Daoli in paper [14], [15]. By transferring data
pability. In our scheme, we split user’s data into three parts and over SSL and deploying Daoli on the cloud server, the system
separately save them in the cloud server, the fog server and the encrypts data before it is written into the hard disk. In paper
user’s local machine. Besides, depending on the property of the [16], Feng points out that in paper [14], the burden of server
Hash-Solomon code, the scheme can ensure the original data will increase and data may leak during transmission in cloud
cannot be recovered by partial data. On another hand, using servers. Feng proposes a more concise scheme: encrypting
Hash-Solomon code will produce a portion of redundant data data in closed cloud environment. Besides, it can achieve
blocks which will be used in decoding procedure. Increasing multi-point secure storage with one time encrypting. However,
the number of redundant blocks can increase the reliability of these encryption make search in cloud more difficult. Currently,
the storage, but it also results in additional data storage. By searchable encryption is a hot topic in the field of cloud com-
reasonable allocation of the data, our scheme can really protect puting. Paper [17]–[20] give different solutions to this problem.
the privacy of user’ data. The Hash-Solomon code needs com- Each of them achieves high accuracy, security and efficient.
plex calculation, which can be assisted with the Computational In paper [21], Seny and Kristin concern that the service
Intelligence (CI). Paradigms of CI have been successfully used provider is not complete trusted, so they design a virtual pri-
in recent years to address various challenges, for example, the vate storage service based on recent developed cryptographic
problems in Wireless sensor networks (WSNs) field. CI pro- techniques. Such a service achieves the best of both worlds by
vides adaptive mechanisms that exhibit intelligent behavior in providing the security of a private cloud and the functionality
complex and dynamic environments like WSNs [9]. Thus in our and cost saving of a public cloud. In paper [22], Wang et al.
paper, we take advantage of CI to do some calculating works in point out that users no longer have physical possession of the
the fog layer. Compared with traditional methods, our scheme outsourced data and it makes the data integrity protection in
can provide a higher privacy protection from interior, especially cloud computing a formidable task. Thus, enabling public audit
from the CSPs. The remainder of this paper is organized as ability for cloud storage is of critical importance so that user
follows: Section II reviews related research work, Section III can resort to a third-party auditor (TPA) to check the integrity
detailedly elaborates the TLS architecture, the Implementation of outsourced data. They propose a secure cloud storage sys-
detail of work flow, the theoretical safety analysis of the stor- tem supporting privacy-preserving public auditing and further
age scheme and the efficiency analysis proposed in this paper, extend our result to enable the TPA to perform audits for mul-
Section IV evaluates the scheme by different experiments and tiple users simultaneously and efficiently. Shen et al. propose
Section V concludes this paper at last. an efficient public auditing protocol with global and sampling
WANG et al.: THREE-LAYER PRIVACY PRESERVING CLOUD STORAGE SCHEME BASED ON COMPUTATIONAL INTELLIGENCE 5

blockless verification as well as batch auditing, where data dy- vantages as follows: broader geographical distributions, higher
namics are substantially more efficiently supported than is the real-time and low latency. In considering of these characters, fog
case with the state of the art [23]. In paper [24], Wei et al. point computing is more suitable to the applications which are sensi-
out that most of the previous works on the cloud security fo- tive to delay. On another hand, compared to sensor nodes, fog
cus on the storage security rather than taking the computation computing nodes have a certain storage capacity and data pro-
security into consideration together. Thus they propose a pri- cessing capability, which can do some simple data processing,
vacy cheating discouragement and secure computation auditing especially those applications based on geographical location.
protocol, also named SecCloud which is a first protocol bridg- Thus we can deploy CI on the fog server to do some calculating
ing secure storage and secure computation auditing in cloud works.
and achieves privacy cheating discouragement by designated Fog computing is usually a three-level architecture, the up-
verifier signature, batch verification and probabilistic sampling most is cloud computing layer which has powerful storage ca-
techniques. In paper [25], Atan R et al. propose a secure frame- pacity and compute capability. The next level is fog computing
work, consisting of two main layers: agent layer and cloud data layer. The fog computing layer serves as the middle layer of the
storage layer. The architecture includes five types of agents: fog computing model and plays a crucial role in transmission
User Interface Agent, User Agent, DER Agent, Data Retrieval between cloud computing layer and sensor network layer. The
Agent and Data Distribution Preparation Agent. fog nodes in fog computing layer has a certain storage capacity
The researches above are all improvements of privacy pro- and compute capability. The bottom is wireless sensor network
tection in cloud storage in different aspects. Some of them use layer [28]. The main work of this layer is collecting data and
variety encryption policies in different positions. Others solve uploading it to the fog server. Besides, the transfer rate between
the privacy problem with the help of auditing or building their fog computing layer and other layers is faster than the rate di-
own secure framework. However, there is a common defect in rectly between cloud layer and the bottom layer [29]–[31]. The
these researches. Once the CSP is untrusted, all of these schemes introduction of fog computing can relief the cloud computing
are invalid. They cannot resist internal attacks or prevent the CSP layer, improving the work efficiency. In our scheme, we take
from selling user’s data to earn illegal profit. The private data advantage of the fog computing model, adopt three-layer struc-
will be decoded once malicious attackers get it no matter how ture. Furthermore, we replace the WSNs layer by user’s local
advanced the encryption technologies are because user’s data machine.
was integrally stored in cloud server. Therefore, we propose a
new secure cloud storage scheme in this paper. By dividing file
with specific code and combining with TLS framework based B. Three-Layer Privacy Preserving Cloud Storage Scheme
on fog computing model, we can achieve high degree privacy Based on Fog Computing Model
protection of data. It does not means that we abandon the en- In order to protect user’s privacy, we propose a TLS frame-
cryption technology. In our scheme encryption also help us to work based on fog computing model. The TSL framework can
protect fine-grained secure of the data. give user a certain power of management and effectively protect
user’s privacy. As mentioned, the interior attack is difficult to
III. SECURE CLOUD STORAGE BASED ON FOG COMPUTING resist. Traditional approaches work well in solving outside at-
tack, but when CSP itself has problems, traditional ways are all
The security degree is an important metric to measure the
invalid. Different from the traditional approaches, in our scheme,
quality of cloud storage system. Furthermore, data security is
user’s data is divided into three different-size parts with encod-
the most important part in cloud storage security and it includes
ing technology. Each of them will lack a part of key information
three aspects: data privacy, data integrity and data availability.
for confidentiality. Combining with the fog computing model,
Ensuring data privacy and integrity has always been the focus
the three parts of data will be stored in the cloud server, the
of relevant researches [26]. On another hand, data privacy is
fog server and user’s local machine according to the order from
also the most concerned part of the users. From a business per-
large to small. By this method, the attacker cannot recover the
spective, company with high security degree will attract more
user’s original data even if he gets all the data from a certain
users. Therefore improving security is an crucial goal no mat-
server. As for the CSP, they also cannot get any useful informa-
ter in academia or business. In this section, we will detailedly
tion without the data stored in the fog server and local machine
elaborate how the TLS framework protects the data privacy, the
because both of the fog server and local machine are controlled
implementation details of work flow and the theoretical safety
by users.
and efficiency analysis of the storage scheme.
As shown in Fig. 2, the TLS framework makes full use of fog
server’s storage and data processing capability. The architecture
A. Fog Computing
includes three layers, the cloud server, the fog server and the
Our scheme is based on fog computing model, which is an ex- local machine. Each server saves a certain part of data, the
tension of cloud computing. Fog computing was firstly proposed storage proportion is determined by users’ allocation strategy.
by Ciscos Bonomi in 2011 [27]. In Bonomi’s view, fog comput- Firstly, user’s data will be encoded on user’s local machine.
ing is similar to the cloud computing, the name of fog computing Then, for example, let 1% encoded data be stored in the machine.
is very vivid. Compared to highly concentrated cloud comput- Then upload the remainder 99% data to the fog server. Secondly,
ing, fog computing is closer to edge network and has many ad- on the fog server, we do similar operations to the data which
6 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 2, NO. 1, FEBRUARY 2018

Fig. 2. Illustration of Three-Layer storage framework based on fog computing.

comes from user’s machine. There will be about 4% data stored invalid data blocks, the upper server can’t recover the complete
in the fog server and then upload the remainder data to the cloud data anymore.
server. The above operations are based on Hash-Solomon code. In Hash-Solomon code, the Maximal Invalid Ratio can be
m
Hash-Solomon code is a kind of coding methods based on Reed- expressed as k +m . For convenience, we just consider two layers
Solomon code. After being encoded by Hash-Solomon code, situation. Assuming that there is x MB data which is prepared
the data will be divided into k parts and generates m redundant to save. After encoding, there will be k +m
m ∗ x data. We prepare
data. Hash-Solomon code has such property, in these k+m parts to save r% in the lower server.
of data, if someone has at least k parts, he can recover the In order to avoid the upper server recovers the data, the value
complete data. In other word, nobody can recover the complete of k, m and r must satisfy the relationship:
data with less than k parts of data. According to this property
m k+m
of Hash-Solomon code, in our scheme, we let no more than ≤ ∗r (1)
k-1 parts of data be stored in higher server which has larger k+m k
storage capacity and let the remainder be stored in the lower Through functional transformation, the relationship between
server. In this way, the stealer cannot recover the complete data k m and r can be expressed as formula (2). We can see that if
even if one of the three layers’ data was stolen. Thus we can the parameter r is determined, the parameter k can be expressed
ensure the privacy of user’s data. Then we consider the value by m. So we can only consider the ratio and the number of data
of k and m. Assuming that we want to save r% data on the blocks when we use our scheme.
fog server. In the Hash-Solomon code, we have definitions as 
follows: (m − 2mr) + (2mr − m)2 − 4m2 r2
k= (2)
Definition 1 Invalid Ratio: the ratio of the number of failure 2r
data blocks to the number of data blocks which will be used in
The parameter k is the number of blocks after data being di-
encoding. In other words, the ratio of the number of data blocks
vided, the parameter m is the number of redundant data blocks
stored in lower server to the number of data blocks stored in
and the parameter r is the storage ratio of different servers. Be-
the upper server. For example, the ratio of the number of data
sides, the fog server includes Computational Intelligence which
blocks stored in the local machine to the number of data blocks
can help the system with calculating the results of the values of
stored in the fog server. In the same way, the ratio of the number
k and m, because of the nodes in the fog server having its own
of data blocks stored in the fog server to the number of data
computing power.
blocks stored in the cloud server.
Definition 2 Maximal Invalid Ratio: the maximal invalid ra-
tio is the ratio of the number of invalid data to the number of all C. Implementation Detail of Workflow
data blocks when the upper server can just recover the complete 1) Stored Procedure: When user wants to store his file to the
data by the data blocks stored in them. If there was one more cloud server, the procedure is shown as Fig. 3. First of all, user’s
WANG et al.: THREE-LAYER PRIVACY PRESERVING CLOUD STORAGE SCHEME BASED ON COMPUTATIONAL INTELLIGENCE 7

Fig. 3. Diagram of stored procedure. Fig. 4. Diagram of download procedure.

file will be encoded with Hash-Solomon code. And then, the


file will be divided into several data blocks and the system will
also feedback encoding information simultaneously. Assuming
that 1% data blocks and the encoding information will be stored
locally. The remainder 99% data blocks will be uploaded to the
fog server. Secondly, after receiving the 99% data blocks from
user’s machine, these data blocks will be encoded with Hash-
Solomon again. These data blocks will be divided into smaller
data blocks and generates new encoding information. Similarly,
assuming that 4% data blocks and encoding information will
be stored in the fog server. The remainder 95% data blocks
will be uploaded to the cloud server. Thirdly, after cloud server
received the data blocks form fog side, these data blocks will
be distributed by cloud manage system [32]. Finally, the storage
procedure ends when all the related information be recorded in
different servers.
2) Download Procedure: When user wants to download his Fig. 5. Diagram of download procedure.
file from the cloud server, the procedure is shown in Fig. 4.
Firstly, cloud server receives user’s request and then integrates
the data in different distributed servers. After integration, cloud
storage structure can really improve the capability of privacy
server sends the 95% data to the fog server. Secondly, the fog
protection.
server receives the data from the cloud server. Combining with
Based on the Reed-Solomon code algorithm, we propose a
the 4% data blocks of fog server and the encoding information,
Hash-Solomon code algorithm. The Hash-Solomon encoding
we can recover 99% data. Then the fog server returns the 99%
process is actually a matrix operation. As shown in Fig. 5,
data to the user. Thirdly, the user receives the data from fog
firstly we should do mapping transformation on the file which is
server. User can get the complete data by repeating the above
prepared to be stored, so that each word of the file corresponds
steps.
to a number in GF (2ω ) [33]. After mapping transformation we
get file matrix O. Secondly we do hash transform on matrix O
D. Theoretical Safety Analysis
and get matrix X. Then we multiply the transformed matrix X
This section will provide theoretical safety analysis of the by the encoding matrix A. The multiplication will generate k
structure proposed in our research and prove that the secure data blocks X1 to X6 and m redundant data blocks C (k = 6, m
8 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 2, NO. 1, FEBRUARY 2018

TABLE I
CRACKING DIFFICULTY DEGREE

Galois Field m k Times of exhaustion

GF (2 4 ) 1 6 256 3
GF (2 4 ) 2 6 256 6
GF (2 8 ) 1 6 256 6
GF (2 8 ) 2 6 256 1 2
GF (2 1 6 ) 1 6 256 1 2
GF (2 1 6 ) 2 6 256 1 4
Fig. 6. Original transform vs. Hash Transform.

= 1). In Fig. 5, we prepare to save X1 to X5 in the Cloud and


Fog, and store X6 and C in the local machine. The next step
is similar to the above operations, we do hash transform on X 
and get file matrix Y. Then we multiply the transformed matrix
Y by the encoding matrix B. At last, we store Y1 to Y4 in the
cloud server and store Y5 and R in the fog server (k = 5, m = 1).
The encoding matrix usually consists of an identity matrix and
a Vandermonde matrix or a Cauchy matrix.
It is worth noting that Hash-Solomon code has the following
properties: in the k+m data blocks, if we have at least k data
blocks, we can recover the original data combining with the
encoding matrix. But once the number of data blocks is less
than k, it cannot be recovered. Using the above properties in our
scheme, after each encoding, we store less than k parts of data Fig. 7. Diagram of relationship of the number of data blocks (k), redundant
blocks in the higher server and store the remainder parts of data data blocks (m) and storage ratio (r).
blocks in the lower server. With such reasonable allocation, the
cloud server, the fog server and user’s local machine indepen-
dently store a certain percentage of data blocks. It is impossible E. Efficiency Analysis
to recover the original data with any single server’s data. The
TLS framework largely solves the leakage of user’s privacy. Fur- In Section III-B, we have discussed the relationship of k and
ther considering a worse case, if the attacker is brilliant enough, m. As shown in the Fig. 7, we find that the ratio of k and m is
he steals data blocks from two servers so that he owns more decided once the storage ratio is decided. It means that if we set
than k parts of data blocks. Is the attacker able to recover the the storage ratio as 20%, k = 3m. Then we set k = 3, m = 1.
user’s original data? Here is the encoding problem. Assuming In the real scenario, data blocks cannot be stored partly. In the
that the attacker steals enough data, but if he doesn’t have the above example, the lower server must store at least 2 blocks, so
information contained in the encoding matrix, he can hardly that the real storage ratio is 50%, which is far from the 20%.
recover user’s original data from the scattered data blocks. If he In order to reduce error, we can let k or m be a large number.
wants to crack the encoding matrix, the degree of difficulty is However, with the increasing of k, the encoding and decoding
shown in the Table I. efficiency will decrease, which will be proved by experiments in
As can be seen from the Table I, attacker can hardly crack the next section. In this section, we will discuss how to balance
the encoding matrix. In the real scenario, the values of m and k the storage efficiency and the coding efficiency. At last, we
are usually very large, so it is impossible to crack the encoding propose a comprehensive index of the whole efficiency of the
matrix in theory. But using encoding technology cannot ensure scheme.
the privacy of each data block especially for document file. For The storage efficiency is an important index for a storage-
example, after a document is encoded, each part of data blocks related algorithm. A good system with high storage efficiency
still contains the information of the document. For some high can save storage capacity as much as possible. Storage Industry
privacy demanding documents, it is obviously not available. So Networking Association defines the storage efficiency as:
we add a hash transform before encoding to disrupt the sequence DataSpace
of original data and save the relevant hash information in the StorageEf f iciency = (3)
DataSpace + CheckSpace
local server. As shown in Fig. 6, the original code divides a sen-
tence into different fragments according to original sequence. In our scheme, storage efficiency can be expressed as Es =
k
However, the hash code divides the sentence into different frag- k +m . Then we can get the following formulas (4, 5).We can see
ments according to random sequence. Thereby Hash-Solomon that the storage efficiency will increase with the increment to
code improves the privacy protection and prevents the attacker the ratio of k and m. From Fig. 7 we know that when the ratio
from getting fragmentary information. of k and m increase, the number of data blocks (k) also increase,
WANG et al.: THREE-LAYER PRIVACY PRESERVING CLOUD STORAGE SCHEME BASED ON COMPUTATIONAL INTELLIGENCE 9

Fig. 9. Diagram of the influence of the number of data blocks (k) to the
Fig. 8. Diagram of the influence of the number of data blocks (k) to the efficiency of storage and coding.
efficiency of storage and coding.

TABLE II
EXPERIMENTS ENVIRONMENT
which influences the coding efficiency.
Items Parameter value
k
k m
Es = = k
(4) Operating system Linux
k+m m +1 Programming language C
k
CPU Intel Core i7 2.50 GHz
m Memory 8 GB
lim = k
=1 (5) Hard Disk 1TB
k +1
m →∞ m

The coding efficiency is related to the operation on Galois


field. We consider the influence of different bits of coding which IV. EXPERIMENT AND ANALYSIS
is related to the ω of the Galois field. The relationship of ω, k
In this section, we evaluate the performance and feasibility of
and m satisfy the equation 2ω > k + m. When ω increases, the the TLS framework based on fog computing model through a
consume of RAM increases. Therefore, we let the reciprocal of series of tests, including encoding, decoding and test of different
ω to present the coding efficiency and it can be expressed as
sizes of data.
ln(k + m)
Ec = (6) A. Experimental Environment
ln 2
Fig. 8 shows the change of storage efficiency and the coding All of the experiments in this paper were conducted by simu-
efficiency when the number of k increases. The value of m is set lation and the environmental parameters are shown as Table II.
to 2. Apparently, the tendency of storage efficiency is contrary There are three types files which are listed as flows: picture
to the tendency of coding. It means there must be a value of k (.NEF, 24.3 MB), audio (.MP3, 84.2 MB) and video (.RMVB,
which can achieve a best efficiency of the whole system. 615 MB).
Therefore we should design a new index to take both of the All the experiments in this paper use ’one more block’ prin-
storage efficiency and coding efficiency into consideration. The ciple which means the lower server only saving m + 1 data
comprehensive efficiency of the scheme can be expressed as blocks. In this way, the scheme can ensure the privacy of data
and reduce the storage pressure of the lower servers at the same
ln(k + m) k time.
Ew = C1 + C2 (7)
ln 2 k+m
The parameter C1 and C2 are related to the storage ratio. For B. Experiment Results
example, we set the value of m to 2, then the value of C1 is set Fig. 10 shows the relationship between data storage in user’s
as 0.6, the value of C2 is set as 0.4. As shown in Fig. 9, the machine and the number of blocks while using different kinds
comprehensive efficiency of the scheme increases at first and of data. The parameter m represents the number of redundant
decreases after it achieve the summit of the functional graph. data blocks while the parameter k represents the number of data
We can consider the value of k which corresponds to the summit blocks which we want the original data be divided into. Note
is the most suitable value for the whole efficiency of the scheme. that the value of m is set as 2 in this part. As we can see, when
10 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 2, NO. 1, FEBRUARY 2018

Fig. 12. Relationship between time of decoding and the number of k.


Fig. 10. The local storage volume of different files.

Fig. 13. Relationship between time of decoding and the number of removed
Fig. 11. Relationship between time of encoding and the number of k. data.

the number of data blocks k increases, the data volume stored of removed data is set as 2. When the number of data blocks
in user’s local machine decreases. It means that the more the k increases from 100 to 600, the decoding time increases at
number of data blocks is, the smaller the local storage pressure express speed. As we can see, the decoding process costs more
is. On another hand, our method performs differently when using time than the encoding process does, so we should pay more
different volume of data. The larger the volume of the data is, the attention to enhance decoding efficiency in real scenario.
better effect our method performs in the experiment. Therefore, In the Fig. 13, we present the tendency of decoding time
in the real scenario, it is of vital importance to increase the with different number of removed data from 1 to 5. The value
value of k to alleviate user’s storage pressure. As for small files, of k is set as 100 and the value of m is set as 5. In the real
merging files before uploading is necessary. scenario, the ratio of m and k should be very small to relieve the
Fig. 11 shows the tendency of encoding time with different user’s storage pressure. What’s more, the number of removed
number of data blocks. The value of m is also set as 2. When data should be smaller than m, otherwise, system will be error-
the number of data blocks k increases, the encoding time grows reporting. On another hand, the decoding time increases with
exponentially. Accordingly, in the real scenario, we should con- the increment of the number of removed data, which means that
sider delay degree that user can endure and adjust the value of we should download all of the data from the upper server as
k according to the user’s machine performance dynamically. much as possible to maximize the decoding efficiency.
The relationship between decoding time and number of data The Hash-Solomon code is the key to the whole efficiency
blocks is shown in Fig. 12. Both the value of m and the value of our scheme. Therefore, find a better coding matrix is of vital
WANG et al.: THREE-LAYER PRIVACY PRESERVING CLOUD STORAGE SCHEME BASED ON COMPUTATIONAL INTELLIGENCE 11

in the Fig. 15, we set the value of ω as 8, 16 and 32. As we can


see, no matter Vandermonde or Cauchy, the cost of encoding
time increases with the increase of ω.

V. CONCLUSION
The development of cloud computing brings us a lot of bene-
fits. Cloud storage is a convenient technology which helps users
to expand their storage capacity. However, cloud storage also
causes a series of secure problems. When using cloud storage,
users do not actually control the physical storage of their data
and it results in the separation of ownership and management of
data. In order to solve the problem of privacy protection in cloud
storage, we propose a TLS framework based on fog computing
model and design a Hash-Solomon algorithm. Through the the-
oretical safety analysis, the scheme is proved to be feasible.
By allocating the ratio of data blocks stored in different servers
Fig. 14. Cauchy matrix vs. Vandermonde matrix.
reasonably, we can ensure the privacy of data in each server.
On another hand, cracking the encoding matrix is impossible
theoretically. Besides, using hash transformation can protect
the fragmentary information. Through the experiment test, this
scheme can efficiently complete encoding and decoding with-
out influence of the cloud storage efficiency. Furthermore, we
design a reasonable comprehensive efficiency index, in order
to achieve the maximum efficiency, and we also find that the
Cauchy matrix is more efficient in coding process.

REFERENCES
[1] P. Mell and T. Grance, “The NIST definition of cloud computing,” Nat.
Inst. Stand. Technol., vol. 53, no. 6, pp. 50–50, 2009.
[2] H. T. Dinh, C. Lee, D. Niyato, and P. Wang, “A survey of mobile cloud
computing: Architecture, applications, and approaches,” Wireless Com-
mun. Mobile Comput., vol. 13, no. 18, pp. 1587–1611, 2013.
[3] J. Chase, R. Kaewpuang, W. Yonggang, and D. Niyato, “Joint virtual
machine and bandwidth allocation in software defined network (sdn) and
cloud computing environments,” in Proc. IEEE Int. Conf. Commun., 2014,
pp. 2969–2974.
Fig. 15. Relationship between time of encoding and word size of Galois field. [4] H. Li, W. Sun, F. Li, and B. Wang, “Secure and privacy-preserving data
storage service in public cloud,” J. Comput. Res. Develop., vol. 51, no. 7,
pp. 1397–1409, 2014.
[5] Y. Li, T. Wang, G. Wang, J. Liang, and H. Chen, “Efficient data collection
importance. The code matrix can be chosen from Vandermonde in sensor-cloud system with multiple mobile sinks,” in Proc. Adv. Serv.
Comput., 10th Asia-Pac. Serv. Comput. Conf., 2016, pp. 130–143.
matrix and Cauchy matrix. Different from Vandermonde matrix, [6] L. Xiao, Q. Li, and J. Liu, “Survey on secure cloud storage,” J. Data
Cauchy matrix uses AND operation and XOR logical operation. Acquis. Process., vol. 31, no. 3, pp. 464–472, 2016.
In Cauchy’s way, coding efficiency improves. Besides, the com- [7] R. J. McEliece and D. V. Sarwate, “On sharing secrets and reed-solomon
codes,” Commun. ACM, vol. 24, no. 9, pp. 583–584, 1981.
plexity decrease from O(n3 ) to O(n2 ). As shown in the Fig. 14, [8] J. S. Plank, “T1: Erasure codes for storage applications,” in Proc. 4th
we present the two tendencies of encoding time with different USENIX Conf. File Storage Technol., 2005, pp. 1–74.
number of data blocks k from 100 to 600. The value of m is [9] R. Kulkarni, A. Forster, and G. Venayagamoorthy, “Computational intelli-
gence in wireless sensor networks: A survey,” IEEE Commun. Surv. Tuts.,
set as 2. We can see that the encoding time raises with the in- vol. 13, no. 1, pp. 68–96, First Quarter 2011.
crease of the number of data blocks k, no matter Vandermonde [10] Z. Xia, X. Wang, L. Zhang, Z. Qin, X. Sun, and K. Ren, “A privacy-
or Cauchy. On another hand, the Cauchy matrix has better per- preserving and copy-deterrence content-based image retrieval scheme in
cloud computing,” IEEE Trans. Inf. Forensics Security, vol. 11, no. 11,
formance than Vandermonde matrix. The time cost of Cauchy pp. 2594–2608, Nov. 2016.
always less than the Vandermonde. When the number of k is [11] J. Shen, D. Liu, J. Shen, Q. Liu, and X. Sun, “A secure cloud-assisted
very large, the cost of Vandermonde raises sharply while the urban data sharing framework for ubiquitous-cities,” Pervasive Mobile
Comput., vol. 41, pp. 219–230, 2017.
cost of Cauchy increases slightly. [12] Z. Fu, F. Huang, K. Ren, J. Weng, and C. Wang, “Privacy-preserving smart
In the Section III, the coding efficiency is related to the ω semantic search based on conceptual graphs over encrypted outsourced
in Galois field GF (2ω ). As shown in Fig. 15, we present the data,” IEEE Trans. Inf. Forensics Security, vol. 12, no. 8, pp. 1874–1884,
Aug. 2017.
encoding time with different values of ω. Besides, we also con- [13] J. Hou, C. Piao, and T. Fan, “Privacy preservation cloud storage architec-
sider the comparison of Vandermonde and Cauchy. As shown ture research,” J. Hebei Acad. Sci., vol. 30, no. 2, pp. 45–48, 2013.
12 IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTATIONAL INTELLIGENCE, VOL. 2, NO. 1, FEBRUARY 2018

[14] Q. Hou, Y. Wu, W. Zheng, and G. Yang, “A method on protection of user Jiyuan Zhou received the B.S. degree from Tianjin
data privacy in cloud storage platform,” J. Comput. Res. Develop., vol. 48, Polytechnic University, Tianjin, China, in 2016. He
no. 7, pp. 1146–1154, 2011. is currently working toward the Master’s degree from
[15] P. Barham et al., “Xen and the art of virtualization,” ACM SIGOPS Oper. Huaqiao University, Quanzhou, China. His research
Syst. Rev., vol. 37, no. 5, pp. 164–177, 2003. interests include security in wireless networks, fog
[16] G. Feng, “A data privacy protection scheme of cloud storage,” vol. 14, computing, and security in cloud storage
no. 12, pp. 174–176, 2015.
[17] Z. Fu, X. Wu, C. Guan, X. Sun, and K. Ren, “Toward efficient multi-
keyword fuzzy search over encrypted outsourced data with accuracy im-
provement,” IEEE Trans. Inf. Forensics Security, vol. 11, no. 12, pp. 2706–
2716, Dec. 2016.
[18] Z. Fu, K. Ren, J. Shu, X. Sun, and F. Huang, “Enabling personalized
search over encrypted outsourced data with efficiency improvement,”
IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 9, pp. 2546–2559, Sep. Xinlei Chen received the Bachelor’s degree from
2016. Huaqiao University, Xiamen, China, in 2017. His cur-
[19] Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamic multi- rent research interests include cloud computing and
keyword ranked search scheme over encrypted cloud data,” IEEE Trans. cloud storage.
Parallel Distrib. Syst., vol. 27, no. 2, pp. 340–352, Feb. 2016.
[20] Z. Fu, F. Huang, X. Sun, A. Vasilakos, and C.-N. Yang, “Enabling
semantic search based on conceptual graphs over encrypted out-
sourced data,” IEEE Trans. Serv. Comput.. [Online]. Available: http://
doi.ieeecomputersociety.org/10.1109/TSC.2016.2622697
[21] G. Kulkarni, R. Waghmare, R. Palwe, V. Waykule, H. Bankar, and K. Koli,
“Cloud storage architecture,” in Proc. 7th Int. Conf. Telecommun. Syst.,
Serv., Appl., 2012, pp. 76–81. Guojun Wang received the B.Sc. degree in geo-
[22] C. Wang, S. S. Chow, Q. Wang, K. Ren, and W. Lou, “Privacy-preserving physics in 1992, the M.Sc. degree in computer science
public auditing for secure cloud storage,” IEEE Trans. Comput., vol. 62, in 1996, and the Ph.D. degree in computer science in
no. 2, pp. 362–375, Feb. 2013. 2002, all from Central South University, Changsha,
[23] J. Shen, J. Shen, X. Chen, X. Huang, and W. Susilo, “An efficient public China. He is currently the Pearl River Scholarship
auditing protocol with novel dynamic structure for cloud data,” IEEE Distinguished Professor with Guangzhou University,
Trans. Inf. Forensics Security, vol. 12, no. 10, pp. 2402–2415, Oct. 2017. Guangzhou, China. He was a Professor with Cen-
[24] L. Wei et al., “Security and privacy for storage and computation in cloud tral South University, Changsha, China; a Visiting
computing,” Inf. Sci., vol. 258, pp. 371–386, 2014. Scholar at Temple University and Florida Atlantic
[25] R. Atan, A. M. Talib, and M. A. A. Murad, “Formulating a security layer of University, USA; a Visiting Researcher at the Univer-
cloud data storage framework based on multi agent system architecture,” sity of Aizu, Japan, and a Research Fellow at Hong
GSTF J. Comput., vol. 1, no. 1, pp. 121–124, 2014. Kong Polytechnic University. His research interests include cloud computing,
[26] M. Z. A. Bhuiyan, T. Wang, T. Hayajneh, and G. M. Weiss, “Maintaining trusted computing, and information security. He is a distinguished member of
the balance between privacy and data integrity in internet of things,” in the CCF, and a member of the ACM and IEICE.
Proc. Int. Conf. Manage. Eng., Softw. Eng. Serv. Sci., 2017, pp. 177–182.
[27] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing and its
role in the internet of things,” in Proc. 1st Edition MCC Workshop Mobile
Cloud Comput, 2012, pp. 13–16.
[28] J. Yick, B. Mukherjee, and D. Ghosal, “Wireless sensor network survey,”
Comput. Netw., vol. 52, no. 12, pp. 2292–2330, 2008.
[29] T. Wang et al., “Maximizing real-time streaming services based on a
multi-servers networking framework,” Comput. Netw., vol. 93, pp. 199– Anfeng Liu received the M.Sc. and Ph.D degrees
212, 2015. from Central South University, Changsha, China,
[30] T. Wang et al., “Reliable wireless connections for fast-moving rail users 2002 and 2005 respectively, both majored in com-
based on a chained fog structure,” Inf. Sci., vol. 379, pp. 160–176, 2017. puter science. He is a Professor with the School of
[31] J. Zeng, T. Wang, Y. Lai, J. Liang, and H. Chen, “Data delivery from Information Science and Engineering, Central South
WSNs to cloud based on a fog structure,” in Proc. Int. Conf. Adv. Cloud University. His major research interests are cyber-
Big Data, 2016, pp. 104–109. physical systems, service network, wireless sensor
[32] M. D. Dikaiakos, D. Katsaros, P. Mehra, G. Pallis, and A. Vakali, “Cloud network. He is a Member (E200012141M) of China
computing: Distributed internet computing for it and scientific research,” Computer Federation.
IEEE Internet Comput., vol. 13, no. 5, pp. 10–13, Sep./Oct. 2009.
[33] R. Steinberg, “A geometric approach to the representations of the full
linear group over a galois field,” Trans. Amer. Math. Soc., vol. 71, no. 2,
pp. 274–282, 1951.

Yang Liu (M’14) received the B.E. degree in electri-


cal engineering and its automation and the M.E. de-
gree in control theory and control engineering from
Tian Wang received the B.Sc. and M.Sc. degrees Harbin Engineering University, Harbin, China, in
in computer science from Central South University, 2008 and 2010, respectively, and the Ph.D. degree
Changsha, China, in 2004 and 2007, respectively, and in computer engineering from the Center for Ad-
the Ph.D. degree from City University of Hong Kong, vanced Computer Studies, University of Louisiana
Hong Kong, in 2011. He is currently a Professor with at Lafayette, Lafayette, LA, USA, in 2014. He is
the National Huaqiao University of China, Quanzhou, currently an Assistant Professor with Beijing Univer-
China. His research interests include wireless sensor sity of Posts and Telecommunications. His current
networks, fog computing, and mobile computing. research interests include wireless networking and
mobile computing. He is a member of the ACM.

Вам также может понравиться