Ensuring Security in On-demand File Replication System

Durgesh Bajpai, Manu Vardhan, Dharmender Singh Kushwaha Computer Science and Engineering Department

MNNIT Allahabad Allahabad, India

{is1023, rcs1002, dsk}@mnnit.ac.in

Abstract—File replication in distributed environment has been discussed by many researchers, but the issues like confidentiality and integrity of files during replication are rarely focused, when deployed in the cloud environment. Distributed computing started with the cluster followed by the grid and is now era of cloud computing, where most of the services are accessed, by few clicks. In cloud, services are invoked on demand and there is no need of dedicated resources. It demands the availability of resources (i.e. logical resources), in order to fulfil the user requirements. To make this feasible, on-demand availability of Logical Resources (LR) is preferred. This work proposes security mechanisms to fully secure the on-demand logical resource (file) replication scheme through the use of symmetric and asymmetric keys as they are required for fulfilling the confidentially, integrity, availability requirements of the system efficiently. It is also responsible for replicating the file, from one peer server to the other peer server, having the trust level above the predefined threshold value.

Keywords-Confidentiality; cloudcomputing; encryption; hash function;integrity; message digest; replication

I. INTRODUCTION Growth of large network infrastructures have led to

several systems that design large scale distributed systems supporting efficient, secure, and available services. With time, the technology is moving towards the cloud where one can use a service on the basis of “Pay as you go”. Cloud Computing eliminates the need of having efficient hardware resources and infrastructure requirements by providing the user the services he needs. While using the cloud technology security of the user’s data is a major concern now days. For a system to work securely and efficiently basically one used to define one trusted central server which takes care of all the measures to be maintained in the system. This arise the problem of central point of failure, scalability, degradable performance on high load and the major threat for security of overall system if compromised.

Data storage is an on demand service today in cloud. The user’s data is stored as file on the server’s end which provides the data storage functionality to the user. For security reasons a file is usually stored at one node only at the servers end. If the file is of great importance for an enterprise and is used frequently by the enterprise in various applications, the file stored at the cloud should be available and accessible at high rate to increase the system performance. To use the same file simultaneously, for different applications, one has to replicate the file at the location near to the user, as the cloud service provider

provides its service through its servers located at different locations to fulfill the demands of various users. An approach that will enable the replication of the files at different nodes of the distributed system as per the users need maintaining the security, consistency and availability of the system is tried to propose. The scenario for which the approach is tried to propose is depicted in Figure 1.

Figure 1 shows the set of peer servers called the File Replicating Servers (FRS), responsible for providing the replication service in the cloud environment. To fulfill the demand of distributed users the file replicating servers are also distributed. When a requested file is not present at the node the file is to be replicated by the FRS on that node. FRS also behaves like a simple requesting node. FRS’s can communicate with each other for fulfilling the on-demand file replication requirement.

Figure 1. Scenario Files have to be encrypted to maintain the confidentiality

of the data stored in the file during replication. Hash function is used to check the integrity of the file by the help of message digest. Simultaneous use of the symmetric and asymmetric keys in the system provides the benefits of both approaches, as symmetric and asymmetric keys are having their different benefits according to the purpose for which they are applied. Nodes taking part in the replication system

2012 Third International Conference on Computer and Communication Technology

978-0-7695-4872-2/12 $26.00 © 2012 IEEE

DOI 10.1109/ICCCT.2012.70

315

are trusted based on the threshold value they posses according to their behavior with time.

Rest of the paper is organized as follows. The next section discusses various related work done in the context of file replication followed by the proposed approach for securing the on-demand file replication system. The final section concludes the work followed by the references.

II. RELATED WORK Replication in cloud environment is done to achieve high

availability of resources. Resources can be replicated dynamically or on-demand to minimize the overhead of maintaining the consistency of the replicated files, to some extent. Similar kind of work is carried out by the authors in distributed environment considering the various performance issues that can arise and affect the overall system performance. Hurley and Yeap [2] have proposed file replication and migration policy, by which the total mean response time for a requested file at a particular site can be reduced. To avoid and restrict the issue of consistency and overhead of maintaining too many copies of the files, in dynamic file replication, the concept of de-replication is proposed. It is based on the concept of “least recently used file”, where the file is selected for de-replication, if it is not requested for the longest period of time at the storage site. Similarly Cabri et al. [1], proposed an adaptive file replication policy, which is capable of reacting to changes, in the pattern of file access, by dynamically creating or deleting replicas. To facilitate logical resource (file, service) replication in cloud environment, a replication mechanism is required which aims at facilitating replication considering the issues related with replication in cloud and distributed computing. Tsai et al. [3] has proposed a replication scheme for services. Whenever there is an increase in number of request a service can handle, additional resources are acquired by replicating the service. Two types of service replication are proposed, Active and Passive Service Level Map Reduce Approach (SLMR) for replication. According to authors, the traditional service replication is passive, that does not participate in the decision on when to replicate, where to replicate and number of copies to replicate. Concern with cloud computing is, how to deploy the application on cloud and in what manner should the deployed application, be delivered as a service. Pengzhi et al. [17] presented a prototype named POSIX cloud, which is designed to deliver general purpose cloud storage via standard POSIX interface and provides support for the traditional applications which are based on standard file system interface. This storage can enhance the performance, if optimized for special purpose storage and customized interface, which can be used by dedicated application and services. Potop et al. [4] tried to propose a fault tolerant, peer to peer replication network for synchronizing files across multiple hosts. There was no central authority to coordinate the

process, hosts are connected in a peer to peer fashion, thus avoiding a single point of failure. Pietro et al. [12] considered new issues in building secure peer to peer file sharing systems, defined a powerful adversary model and consequently present the requirement to address when implementing a threat adaptive secure file sharing system. Secret sharing and erasure coding based approaches have been used in distributed storage systems to ensure the confidentiality, integrity and availability of critical information. To achieve performance goals in data accesses, these data fragmentation approaches can be combined with dynamic replication. Tu et al. [5] considered data partitioning and dynamic replication in data grids, in which security and data access performance are critical issues. Mei et al. [7] presented a distributed algorithm for file allocation that guarantees high assurance, availability, and scalability in a large distributed file system. The file confidentiality and integrity are preserved, even in the presence of a successful attack that compromises a subset of the file servers. Garcia et al. [6] tried to propose a hybrid solution i.e. partial replication where every file is allocated to a small number of nodes. It proposed a modified architecture: the web cluster with distributed web switch. Reliability of web clusters is evaluated for different replication strategies. Sato et al. [10] proposed an automated replication algorithm that allows most of I/O accesses to be performed within a given time threshold and various system parameters, while the objective function being to minimize file replication costs. Xu et al. [8] proposed a two layer replica management method based on memory and disk to improve write performance. It can e used for disk based or memory based data storage system. Liu et al. [9] tried to propose a new replacement strategy called low replacement during data replication to eliminate the inability of LRU (Least Recently Used) to cope with access patterns with weak locality.

III. PROPOSED APPROACH On-demand replication of logical resources (file or

service), is achieved by replicating resources, when the number of requests for a specific resource reaches the threshold value. It increases the performance of the overall system and makes it capable of handling faults in case of failure. On-demand replication reduces the utilization of network resources by minimizing the message passing overhead for a particular operation namely replication, thus ensuring the consistent system performance. At the same time to make the on–demand replication secure and efficient various security issues have to be considered pertaining to:

• The channel through which the file is replicating is secure or not?

• The node at which the file is to be replicated is secure or not?

• Authorized users only get access to the file or not? • The integrity of a file is maintained or not while

replicating?

316

• Confidentiality of a file is maintained or not while replicating a file from one node to another node?

• The node from which the file is replicated is the trusted source of the file or not?

A. Architecture The architecture proposed, implements on-demand

logical resource replication scheme, which consists of loosely coupled systems, capable of providing various kind of services like replication, storage, I/O specific, computation specific and discovery of resources in the cloud environment. Based on the application requirement, the resources are made available to the client.

As shown in Figure 1 shows the File Replicating Servers (FRS), replicates the file, based on the number of request received for a particular file, the resource (File) is replicated when the total number of request reaches a threshold value.

As the number of nodes increases in a system, the issues of maintaining the system efficiency also increases. To make the system more efficient divide and rule approach is used. Divide the whole system into group of certain number of nodes. In each group there will be an FRS responsible for replicating the files in the group. FRS of different groups are also allowed to communicate and replicate file with each other if a file is not present in a particular group. To maintain the security i.e. the confidentiality and integrity of the files while replication use of keys has to be made. FRS is responsible for key generation and key distribution. Here FRS also acts as a simple resource (file) requesting node with some more functionalities due to which it is able to work as a file replicating server and is able to manage the keys.

B. Data Structures The data structures used for maintaining the security i.e. the confidentiality and integrity of the on-demand file replication system are maintained at the File Replicating Server (FRS). Table 1 shows the format of the table used to store the symmetric keys assigned to different nodes in a group by the FRS. TABLE 1. SYMMETRIC KEYS OF DIFFERENT NODES IN AGROUP

STORED AT FRS Node id Node key Id of different nodes

256 bit symmetric key assigned to the node by the FRS

When a node joins the group, a 256 bit symmetric key is assigned to it by the FRS which is produced by taking help of the random number generator. This symmetric key is only known to the FRS and the particular node joined the group. By using the Diffie Hellman Algorithm of asymmetric key cryptography:

• The FRS chooses a random prime number, let q and a be the primitive root of q, such that a < q.

• The FRS transmit q and a to the node joined the group by encrypting q and a by the symmetric key assigned to the joined node by the FRS.

• The FRS selects a random private key, let Xa such that Xa<q and calculates the public key, let Ya i.e. Ya=aXamod q.

• The joined node select a random private key, let Xb such that Xb<q and calculates the public key, let Yb i.e. Yb=aXbmod q.

• The FRS and joined node exchange the public keys Ya and Yb with each other through encrypting public keys with the symmetric key assigned by FRS to the joined node.

• The FRS and the joined node will now calculate the secret key Secret key generated at the FRS

K=(Yb)Xamod q Secret key generated at the joined node

K=(Ya)Xbmod q This secret key K is used for encrypting the file during replication between FRS and the requesting node for maintaining the confidentiality of the file. Now, the FRS will have a table as shown in table 2. having the public keys of the different nodes in its group and the secret key K built up with different nodes. These keys are generated for a predefined time, after this time again the same procedure will apply starting from defining new random prime number q and primitive root a.

TABLE 2.TABLE STORED AT FRS STORING DATA RELATED TO OTHER NODES IN A GROUP

Node id

Random prime no

Primitive root

Public key

Secret key

Time

Id of a node

Prime number chosen by the FRS

Primitive root chosen by the FRS

Public key calculated by the node

Secret key calculated by FRS by public key of the node

Time at which all these parameters are calculated

Every node in the group now also hold the symmetric key assigned to it by the FRS, the random no, the primitive root, the public key of the FRS, the secret key and the time at which the random no and primitive root are chosen by the FRS. So that after the predefined time again the process of calculating the secret key has to be repeated from the scratch. FRS also acts as a simple file requesting node. When a file is not present in a group the FRS can request the other group FRS having the requested file. Thus security measures have to be taken into account during replication between two FRS. Thus every FRS will have a table storing the symmetric keys shared with FRS of other groups as shown in table 3.

317

TABLE 3.SYMMETRIC KEYS A FRS SHARES WITH FRS OF OTHER GROUPS.

FRS id FRS key Id of different group FRS

256 bit symmetric key shared with requesting FRS, chosen by the requesting FRS only.

Now, again by taking help of the Diffie Hellman

Algorithm of asymmetric key cryptography, a private, public, and secret key is generated by using a random prime number and a primitive root of that chosen prime number.

• The prime number and the primitive root are chosen by the FRS who first sends the request for file to the other FRS.

• The file requesting FRS chooses a random prime number, let p and a primitive root of p, let s such that s<p.

• The file requesting FRS transmit p and s to the file providing FRS by encrypting p and s with the symmetric key shared with file providing FRS.

• The file requesting FRS select a random private key, let Za such that Za<p and calculates the public key, let Va i.e.Va=sZamod p.

• The file providing FRS select a random private key, letZb such that Zb<p and calculates the public key, let Vb i.e.Vb=sZbmod p.

• The file requesting FRS and file providing FRS exchange the public keys Va and Vb with each other by encrypting Va and Vb through the symmetric key shared between them.

• The file requesting FRS and the file providing FRS will now calculate the secret key. Secret key generated at the file requesting FRS

K1=(Vb)Zamod p Secret key generated at the file providing FRS

K1=(Va)Zbmod p The secret key K1 is used for encrypting the files

during replication between different groups FRS to maintain the confidentiality of the file. Thus every FRS will have a table as shown in table 4.having the public keys of FRS of different groups and the secret key K shared with FRS of different groups. This secret key is generated for a predefined time, after this time again the same procedure will apply starting from defining new random prime number p and primitive root s. Since the keys are renewed after a certain period of time, the keys are trusted more, as the chances of their compromise are less. If some third person is able to capture the secret key after its valid active time, the key will be of no use for the third person.

C. Achieving Security Measures Let Ek () symbolizes encryption of message with key k and Dk1 () symbolizes decryption of message with key k1

1) Confidentiality of the on-demand file replication system.

When there is a demand for a service (file) not available at the requested node, then the FRS of the requested node group will replicate the file to the requesting node, if the file is present in the group. The file is replicated between the FRS and the requesting node by encrypting the file with the secret key calculated between the FRS and the requesting node as discussed in section B data structures.

TABLE 4.TABLE STORED AT FRS STORING DATA RELATED TO OTHER GROUPS FRS IN THE SYSTEM

FRS id Random

prime no Primitive root

Public key

Secret key Time

Id assigned to the requesting FRS

Prime number chosen by the requesting FRS

Primitive root chosen by the requesting FRS

Public key calculated for the FRS

Secret key calculated by FRS by public key of the requesting FRS

Time when these param eters are calculated

Esecretkey(file) File providing FRS Requesting node

If the file is not present in the requested node group, the requested node group FRS will take help of other group FRS where the file is present to replicate the file at the requested node. The file is replicated between different FRS of different groups by encrypting the file with the secret key calculated between different FRS as discussed in section B data structures. Esecretkey(file) File providing FRS File requesting FRS Based on the importance of the confidentiality of the file, the FRS generates a session key for particular session (time period). This session key will be generated by the secret key, secret key will act as the master key. Now the file will be encrypted by the session key during replication. This increases the confidentiality of the on-demand file replication system.

2) Integrity of the on-demand file replication system. The integrity of the file while replicating, is a major

concern. To check the integrity of the file the concept of hash function and message digest is used.

While replicating the files the hash function is used to calculate the message digest of the file. After the message digest is calculated it is encrypted by the public key of the requesting node to which the file is to be replicated.

Thus now the message to be transmitted while replicating the file will become:

File|| Epublic key_of_requesting node (message digest of the file)

318

Finally the above message is encrypted using the secret key shared between the file requesting node and file providing FRS.

Esecret key (File|| Epublickey_of_requesting node (message digest of the file)) At the requesting node as the encrypted message

comes, first it will decrypt the message with the shared secret key.

Dsecret key (File|| Epublickey_of_requesting node(message digest of the file))

Message digest is extracted by decrypting it with its private key.

Dprivatekey_of_requesting node(message digest of the file)

Then the message digest of the file is calculated by the requested node using the hash function. This message digest is compared with the received message digest. If both the message digest are same it proves the integrity of the replicated file. Encrypting the message digest with the public key of the requesting node ensures that the requesting node can only decrypt the message digest. No other node can decrypt it.

3) The node from which the file is replicating is the

trusted source of the file. The secret key is shared between the file providing FRS

and the requesting node, the message encrypted with the secret key shows that this is the trusted source. Man in the middle attack is handled as the message is encrypted with a secret key. Digital Signature concept is used for more confirmation, the message is encrypted by the help of the private key of the file providing FRS and later on it is decrypted by the public key of the file providing FRS known to the file requesting node. If the message is properly decrypted it shows that the file providing FRS is the trusted source of the file.

Esecretkey(Eprivatekey_of_fileprovidingnode(File||Epublickey_of_requestingnode(message digest of the file)))

4) Authorized users only get access to the file. When any user requests a file from a node in a group,

before providing the requested file to the user, the access rights of the user are checked according to the role assigned to the user by the enterprise. The access rights of the user are checked at the initial level by the help of the table stored at the service provider about the users who have the access right of the file. The access rights table is shared between the service provider and the enterprise.

5) The node at which the file is replicating is secure.

Trust values are assigned to nodes by checking their behavior with time. The trust level of the requested node is checked before replicating a file to it. File is replicated at the requested node if it has the trust value above the predefined threshold value for trust; to prevent the malicious

use of the requested file at requested node. To achieve this database is maintained of the frequency the files present in a particular node are accessed. If any file is accessed beyond its normal access ratio, the cause of its usage is checked. If the cause of file usage is found valid, the node trust level doesn’t decreases, but if solid justification of usage of the file is not found out the node could be suspected as the malicious node and its trust level decreases. The replication of the files at nodes having trust value less than threshold is prohibited until their trust value reach the threshold.

6) The channel through which the file is replicating is

secure. File security is ensured while replicating it through a

channel by making the transmitting message fully secure by encrypting it with the help of the symmetric key, private key, public key and secret key of the respective nodes taking part in the replication.

Limitation: Limitation of the proposed system is that it is

dependent on the FRS for much functionality, as FRS is responsible for maintaining, assigning the keys and for the file replication capabilities. Thus FRS can prove as a single point of failure in a group.

IV. CONCLUSION The on-demand file replication strategy is made secure

by the inclusion of symmetric and asymmetric cryptography. Confidentiality of a file during replication is achieved by encrypting the files. Integrity of a file during replication is checked out by using the hash function. Malicious nodes in the system are found out by the help of the trust value the node posses. Trust values are assigned to nodes by checking their behavior with time. Replicating file origin source prove is achieved by the help of the digital signature, using private and public keys of the file providing node. In proposed work the validation of the FRS to other group FRS is done by symmetric keys shared between them. It can prove as a drawback in scalability of the proposed approach as maintaining trust between different FRS become cumbersome as their number increases beyond a limit in the system.

In future the X.509 certificates shall be incorporated in this approach. Certificates will be assigned to different FRS by the central trusted authority. Through certificates the FRS will be able to authenticate themselves to other FRS. The inclusion of the certificates will make the system more scalable and secure.

REFERENCES [1] Cabri Giacomo, Corradi Antonio and Zambonelli Franco, “Experience of Adaptive Replication in Distributed File Systems”, IEEE Proc. of 22nd EUROMICRO Conf. on Beyond 2000: Hardware and Software Design Strategies,1996, pp. 459-466. [2] Hurley T Richard and Yea Aun Soon, “File migration and file replication: a symbiotic relationship”, IEEE Trans. On Parallel and Distributed Systems, Vol. 7, No. 6, June 1996, pp. 578-586. [3] Tsai Wei-Tek, Zhong Peide, Elston Jay, Bai Xiaoying and Chen Yinong, “Service Replication with Map Reduce in Clouds”,

319

10th Int. Symp. on Autonomous Decentralized Systems (ISADS), 2011, pp. 381-388. [4] Potop Radu, Iovanici Otto , Bela Genge and Piroska Haller, “A Fault

Tolerant, Peer-To-Peer Replication Network” 9th RoEduNet IEEE International Conference 2010, pp. 196-201

[5] Tu Manghui, Li Peng, Yen I-Ling, Thuraisingham Bhavani and Khan Latifur, “Secure Data Objects Replication in Data Grid”, IEEE Transactions on dependable and secure computing, Vol. 7, No. 1, January-March 2010, pp. 50-64

[6] Garcia Daniel Jose, Carretero Jesus, Fernandez Javier, Garcia Felix, Singh E David and Calderon Alejandro,” On the Reliability of Web Clusters with Partial Replication of Contents”, Proceedings of the First International Conference on Availability, Reliability an Security (ARES’06) 2006 IEEE

[7] Mei Alessandro, Mancini V Luigi, and Jajodia Sushil,” Secure Dynamic Fragment and Replica Allocation in Large-Scale Distributed File Systems”, IEEE Transactions on Parallel and distributed Systems, Vol. 14, No. 9, September 2003, pp. 885-896

[8] Xu Chuncong, Huang Xiaomeng, Yang Guangwen and Zhou Yang,” A Two-Layered Replica Management Method”, 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11, pp. 1431-1436

[9] Liu Wei ,Shi Feiyan, Du Wei ,” An LIRS-based Replica Replacement Strategy for Data-intensive Applications”, 2011 International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11, pp. 1381-1386.

[10] Sato Hitoshi, Matsuoka Satoshi, Endo Toshio and Maruyama Naoya, “Access-Pattern and Bandwidth Aware File Replication Algorithm in

a Grid Environment”, 9th Grid Computing Conference 2008 IEEE, pp. 250-257.

[11] Engelmann C., Scott L.S., Leangsuksun C and He X., ” Symmetric Active/Active Replication for Dependent Services”, The Third International Conference on Availability, Reliability and Security, 2008 IEEE, pp. 260-267.

[12] Pietro Di Roberto, Mancini V Luigi and Mei Alessandro,” Towards threat-adaptive dynamic fragment replication in large scale distributed systems”, IEEE 2007, pp. 1-8

[13] Xiong Kaiqi and Perros. Harry, “Service Performance and Analysis in Cloud Computing”, World Conference onServices-I, 2009, pp. 693-700. [14] Xu Pengzhi, Zheng Weimin, Wu Yongwei, Huang Xiaomeng and Xu Chuncong, “Enabling cloud storage to support traditional applications”, 5th Annual China Grid Conference,2010, pp. 167-172. [15] Cloud Security Alliance (CSA), https://cloudsecurityalliance.org/, accessed on 22 Oct. 2011.I. [16] Ling Zheng, Yanxiang Hu and Chaoran Yang,” Design an Research on Private Cloud Computing Architecture to Support Smart Grid”, Int. Conf. On Intelligent Human-Machine Systems and Cybernetics (IHMSC), 26-27 Aug. 2011, pp.159-161. [17] Xu Pengzhi, Zheng Weimin, Wu Yongwei, Huang Xiaomeng and Xu Chuncong, “Enabling cloud storage to support traditional applications ”, 5th Annual ChinaGrid Conference, 2010, pp. 167- 172.

320