ENSURING DATA STORAGE SECURITY IN CLOUD COMPUTING
Submitted By:
Sheth M.Ovesh
Under the Guidance of: Asist.Prof. Ajay Kumar Sharma M.Tech
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
5 Essential Cloud Characteristics
• On-demand self-service • Broad network access• Resource pooling–Location independence
• Rapid elasticity• Measured service
Cloud Objectives
-Correctness -Integrity -Flexibility -Maintainability -Accessibility -Availability
SYSTEM ARCHITECTURE
Existing System Traditional cryptographic primitives for the purpose of data
security protection can not be directly adopted due to the users’ loss control of data under Cloud Computing.
Therefore, verification of correct data storage in the cloud must be conducted without explicit knowledge of the whole data.
The data stored in the cloud may be frequently updated by the users, including insertion, deletion, modification, appending, reordering, etc. To ensure storage correctness under dynamic data update is hence of paramount importance.
None of the distributed schemes is aware of dynamic data
operations. As a result, their applicability in cloud data storage can be drastically limited.
Proposed System we propose an effective and flexible distributed scheme with
explicit dynamic data support to ensure the correctness of users’ data in the cloud.
We rely on ensure correcting code in the file distribution preparation to provide redundancies and guarantee the data dependability.
By utilizing the homomorphic token with distributed verification
of ensure-coded data, our scheme achieves the storage correctness insurance as well as data error localization.
Unlike most prior works for ensuring remote data integrity, the new scheme supports secure and efficient dynamic operations on data blocks, including: update, delete and append.
Windows Azure• Windows Azure is a foundation of Microsoft’s Cloud
Platform for Developers • Operating System for the Cloud
– Runs applications in the cloud– Provides Storage– Application Management– Developer SDK
• Windows Azure ideal for applications needing– Scalability– Availability– Fault Tolerance
Windows Azure Storage• Storage in the Cloud– Scalable, durable, and available– Anywhere at anytime access– Only pay for what the service uses
• Exposed via RESTful Web Services– Use from Windows Azure Compute– Use from anywhere on the internet
• Various storage abstractions– Tables, Blobs, Queues, Drives
Windows Azure Service Architecture
StorageTables
LB
Blobs
Worker Service
Worker Service
Worker Role
Managed Interface Call
Web Site(ASPX, ASMX,
WCF)
Web Site(ASPX, ASMX,
WCF)
Web Role
IIS as Host
Queues
Windows Azure Data Center
LBL
B
The InternetThe Internet via TCP or HTTP
Windows Azure Storage Abstractions
• Blobs – Simple named files along with metadata for the file.
• Tables – Structured storage. A Table is a set of entities; an entity is a set of properties
• Queues – Reliable storage and delivery of messages for an application
Blob Storage Concepts
BlobContainerAccount
user
images
PIC01.JPG
videos VID1.AVI
Pages/Blocks
Block/Page
Block/Page
PIC02.JPG
Table Storage Concepts
EntityTableAccount
user
customers
Name =…Email = …
Name =…EMailAdd= …
photos
Photo ID =…Date =…
Photo ID =…Date =…
Queue Storage Concepts
MessageQueueAccount
order processing
customer ID order ID http://…
customer ID order ID http://…
user
Cloud Computing Security
Security is the Major Issue
Key Server
Server
Message=Message + Key
K1
K2
Msg=Msg-Key
Client
Client
Module1:Ensuring Cloud Data Storage
RC4 Algorithm• RC4 is a stream cipher, symmetric key algorithm. The same algorithm is
used for both encryption and decryption as the data stream is simply XORed with the generated key sequence. The key stream is completely independent of the plaintext used.
• Stream cipher is one of the simplest methods of encrypting data where each bit of the data is sequentially encrypted using one bit of the key
Keystreamgenerator
Kc
Ciphering Key
Kc[i]m[i]
C[i]
One bit of cipher text
One bit of Plain textOne bit of Ciphering Key
The steps for RC4 encryption algorithm is as follows:• Get the data to be encrypted and the selected key.• Create two string arrays.• Initiate one array with numbers from 0 to 255.• Fill the other array with the selected key.• Randomize the first array depending on the array of the key.• Randomize the first array within itself to generate the final
key stream.• XOR the final key stream with the data to be encrypted to
give cipher text.
Steps of RC4 Algorithm
Initial with numberFrom 0 to 255
Fill with chosen key
Sbox1 Sbox2
Systematic Randomization
Final Key Stream
XOR Plain/Cipher TextCipher/Plain Text
Systematic Randomization
Error
ClientServer
Encoding Decoding
Module 2:Correctness Verification and Error Localization
CRC Algorithm for Encoding and Decoding
• The cyclic redundancy check, or CRC, is a technique for detecting errors in digital data, but not for making corrections when errors are detected.
• It is used primarily in data transmission. In the CRC method, a certain number of check bits, often called a checksum, are appended to the message being transmitted. The receiver can determine whether or not the check bits agree with the data, to ascertain with a certain degree of probability whether or not an error occurred in transmission.
• If an error occurred, the receiver sends a “negative acknowledgement” (NAK) back to the sender, requesting that the message be retransmitted.
Encoder and decoder for simple cyclic Redundancy Check
insert
update
view Server
Module3:Providing Dynamic Data Operation Support
CONCLUSION To ensure the correctness of users’ data in cloud data storage,
we proposed an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append.
By utilizing the homomorphic token with distributed verification of erasure coded data, our scheme achieves the integration of storage correctness insurance and data error localization, i.e., whenever data corruption has been detected during the storage correctness verification across the distributed servers, we can almost guarantee the simultaneous identification of the misbehaving server(s).
THANK YOU FOR
YOUR TIME