Cloud computing is a subscription-based service where one can obtain networked storage space and computer resources .Cloud computing is the long dreamed vision of computing as a utility, where data owners can remotely store their data in the cloud to enjoy on-demand highquality applications and services from a shared pool of configurable computing resources. Cloud computing is about moving services, computation and/or data—for cost and business advantage—off-site to an internal or external, location-transparent, centralized facility or contractor.

By making data available in the cloud, it can be more easily and ubiquitously accessed, often at much lower cost, increasing its value by enabling opportunities for enhanced collaboration, integration, and analysis on a shared common platform. Considering the installation of network infrastructure a cloud environment can be broadly categorized into three types- public cloud, private cloud and hybrid cloud. Though from operation and maintenance point-of-view cloud computing is a great cost-effective IT solution for business of any magnitude, it has at least two major concerns-technical developments, security and privacy. Since cloud computing is relatively a new technology in comparison to other existing computing solutions, it still has lots of scope of becoming a mature system as a reliable and cost-effective computing technology, where downloading a file provide content to other clients interested in the same file. Figure 1 of Cloud Computing.

The users require that their data remain secure and they need to have a strong assurance from the cloud servers to store their data correctly without tampering or partially deleting because the internal operation details of service providers may not be known to the cloud users. In this paper, an efficient and secure scheme for cloud data storage has to be in a position to ensure the data integrity and confidentiality. From the perspective of data security, which has always been an important aspect of quality of service, Cloud Computing inevitably poses new challengingsecurity threats for number of reasons.Considering various kinds of data for each user stored in the cloud and the demand of long term continuous assurance of their data safety, the problem of verifying correctness of data storage in the cloud becomes even more challenging.

The main goal is to provide security and reduce the bulky data for the user data application in the cloud.

2. Related Work

2.1. Data Storage On Cloud

Cloud storage (Figure 2) is a model of networked enterprise storage where data is stored in virtualized pools of storage which are generally hosted by third parties. Hosting companies operate large data centers, and people who require their data to be hosted buy or lease storage capacity from them. The data center operators, in the background, virtualize the resources according to the requirements of the customer and expose them as storage pools, which the customers can themselves use to store files or data objects. Physically, the resource may span across multiple servers and multiple locations. The safety of the files depends upon the hosting companies, and on the applications that leverage the cloud storage.

Figure 2. Cloud Storage

When data is distributed it is stored at more locations increasing the risk of unauthorised physical access to the data. For example, in cloud based architecture, data is replicated and moved frequently so the risk of unauthorised data recovery increases dramatically. (e.g. disposal of old equipment, reuse of drives, reallocation of storage space). The manner that data is replicated depends on the service level a customer chooses and on the service provided. Different cloud vendors offer different service levels. Risk of unauthorized access to data can be mitigated through the use of encryption, which can be applied to data as part of the storage service or by on-premises equipment that encrypts data prior to uploading it to the cloud.
The number of people with access to the data who could be compromised (i.e. bribed, or coerced) increases dramatically. A single company might have a small team of administrators, network engineers and technicians, but a cloud storage company will have many customers and thousands of servers and therefore a much larger team of technical staff with physical and electronic access to almost all of the data at the entire facility or perhaps the entire company. Encryption keys that are kept by the service user, as opposed to the service provider limit the access to data by service provider employees.
It increases the number of networks over which the data travels. Instead of just a Local Area Network (LAN) or Storage Area Network (SAN), data stored on a cloud requires a WAN (wide area network) to connect them both.
By sharing storage and networks with many other users/customers it is possible for other customers to access the data, sometimes because of erroneous actions, faulty equipment, a bug and sometimes because of criminal intent. This risk applies to all types of storage and not only cloud storage. The risk of having data read during transmission can be mitigated through encryption technology. Encryption in transit protects data as it is being transmitted to and from the cloud service. Encryption at rest protects data that is stored at the service provider. Encrypting data in an on-premises cloud service on-ramp system can provide both kinds of encryption protection.

2.2 Content Distribution

A cloud provider provides two cloud-based services: storage and content delivery. A content provider utilizes these two services to store and distribute her content to multiple subscribers. The content provider and subscribers can access content via a cloud-based application service, which reads and manages the content stored in the storage service via cloud storage APIs. The application service is an application deployed in the cloud by the content provider or a third party. The content provider can use multiple cloud-based services from different cloud service providers to host her application service, content storage service, and content delivery service. The problem is identified in the systems with a Minimum distributed peer-to- peer systems. To achieve an MDT objective for a group of client requires judicious use of client uplink and downlink capacities, which are typically highly asymmetric as offered to their clients and download speeds that are significantly larger than upload speeds. In this paper we investigate the potential benefit from the on- demand deployment of cloud resources to upload capacity, we propose the use of Bit Torrent in receiving the entire content[6]. The major aspects of Content distribution are,

Integrity and Authenticity: Safeguarding the accuracy and typically completeness of data and processing methods. Unauthorized single entities cannot change data; adversaries cannot substitute a forged document for a requested one.
Availability and Persistence: Ensuring that authorized users have access to data and associated assets when required. For a content distribution system this often means always. This property entails stability in the presence of failure or changing node populations.
Performance: The time required for performing the operations allowed by the system, typically publication, searching and retrieval of documents.

2.3 Bit Torrent Application

A BitTorrent client is a computer program that manages downloads and uploads using the Bit Torrent protocol. Bit Torrent is for distributing large amounts of data over the Internet. Bit Torrent is one of the most common protocols for transferring large files and it has been estimated that networks collectively have accounted for roughly 43% to 70% of all Internet Traffic[2]. The Bit Torrent protocol can be used to reduce the server and network impact of distributing large files. Rather than downloading a file from a single source server, the Bit Torrent protocol allows users to join a file of hosts to download and upload from each other simultaneously.

2.4 Dynamic Broadcast Encryption Algorithm

Broadcast Encryption (BE) schemes enable the sender of a message to specify a subset of the registered (the target set or privileged set), who will be able to decrypt the ciphertext sent to all users via a broadcast channel. The complement of the target set (in the set of the registered users) is called the revoked set[3]. To accomplish user revocation when sending a message, a BE generally generates three parts: the ID Header, that is a bit-string that unambiguously identifies the target set/revoked set; the Key Header, that encapsulates a session key for the privileged users; and the Message Body, that contains the payload encrypted under the session key.

Broadcast encryption is the cryptographic problem of delivering encrypted content (e.g. TV programs or data on DVDs) over a broadcast channel in such a way that only qualified users can decrypt the content. The challenge arises from the requirement that the set of qualified users can change in each broadcast emission, and therefore revocation of individual users or user groups should be possible using broadcast transmissions, only, and without affecting any remaining users. 26

Figure 3. Digital Signature

Figure 4. Group Signature

Simulated graph

A Group Signature scheme GS = (GKg, GSig, GVf, Open) consists of four polynomial-time algorithms:

The randomized group key generation algorithm GKg takes input 1k , 1n , where k ∈N is the security parameter and n ∈ N is the group size (ie. the number of members of the group), and returns a tuple (gpk, gmsk, gsk), where gpk is the group public key, gmsk is the group manager's secret key, and gsk is an n-vector of keys with gsk[i] being a secret signing key for player i ∈ [n].
The randomized group signing algorithm GSig takes as input a secret signing key gsk[i] and a message m to return a signature of m under gsk[i] (i ∈ [n]).
The deterministic group signature verification algorithm GVf takes as input the group public key gpk, a message m, and a candidate signature σ for m to return either 1 or 0.
The deterministic opening algorithm Open takes as input the group manager secret key gmsk, a message m, and a signature σ of m to return an identity i or the symbol ⊥to indicate failure. Figure 3 shows the Digital Signature and Figure 4 shows Group Signature.

Conclusion

The overarching goal of this setting is to get minimizing the maximum time of bulk synchronous content distribution where it takes any client in a set to download content of the required file. In the paper, the authors have developed a formulation of Bit Torrent to split the content over the file, through the cloud resources. In future work the authors would use another content distribution algorithm by implementing RSA algorithm along with dynamic broadcast encryption algorithm to provide security in the cloud.

References

[1]. Raymond sweha., Vatche Ishakian., Azer Bestavros. th (2011). Angels in the Cloud, IEEE 4 International Conference.

[2]. M. Piatek., T. Isdal., T. Anderson., A. Krishnamurthy., and Venkataramani. (2007) “Do incentives build robustness in BitTorrent,” in NSDI. International Conference on Cloud Computing.

[3]. Qian Wang., Cong Wang., Kui Ren., Wenjing Lou., Jin L (2011). “Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing", IEEE Transactions On Parallel And Distributed Systems, Vol. 22, No. 5.

[4]. Robert Gellman and World Privacy Forum. (2009). “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing”, February 23.

[5]. K. D. Bowers., A. Juel.s, and A. Oprea. (2008). “HAIL: A High-Availability and Integrity Layer for Cloud Storage,” C r y p t o l o g y e P r i n t A r c h i v e , a v a i l a b l e a t http://eprint.iacr.org/489.

[6]. Reducing upload and Download Time on Cloud using Content Distribution Algorithm published at International Journal on Recent and Innovation Trends in Computing and Communication ,ISSN 2321 – 8169 .

[7]. D. Chaum and E. van Heyst, (1991). Group signatures. In EUROCRYPT'91, Volume 54of LNCS, pages 257–265 Springer-Verlag.

[8]. J. Dean and S. Ghemawat, (2004). MapReduce: Simplified Data Processing on Large Clusters. In USENIX OSDI.

[9]. Metri P. and Sarote G., (2011). “Privacy Issues and Challenges in Cloud computing,” International Journal of Advanced Engineering Sciences and Technologies, Vol. 5, No. 1, pp. 5-6.

[10]. Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou, (2009). Ensuring Data Storage Security in Cloud Computing. in 17th International Workshop on IWQoS, pages 1-7.

Enhancing Security In Cloud Computing By Combining Dynamic Broadcast Encryption And Group Signature

Abstract

Keywords :

Introduction

1. Problem Statement

Objectives