ABSTRACT
Cloud computing is a service delivery model whereby its rich shared resources are provided to clients electronically as a utility over an internet. Security of internally stored sensitive data has been challenging due to some known risks posed to these data such as internal risks like fire and liquid hazards, conflicts of interest, political intent, and others. This research proposes outsourcing of these data that are managed locally to the cloud where it will be devoid of these risks. Cloud computing services do provide huge amounts of storage space and customizable cheap and easily adaptable computing resources, and further eliminate the responsibility of local machines for data maintenance at the same time. As a result, the availability and integrity of clients’ data are solely determined by cloud service providers (CSP). This research develops an Enhanced Model for Hybrid Dynamic Remote Data Auditing to mitigate these identified threats. The developed system hashes data to be outsourced into blocks using Merkle Hash Tree (MHT). Improved Revester Code Version 6 (IRC6) cryptosystem was also developed in this research to secure the MHT root key which is the main auditing key. The hybrid model was formed by combining MHT and IRC6. Object-oriented analysis and design methodology (OOADM), together with MHT and IRC6 techniques were used in this research in order to achieve the research goal. The security of the main auditing key was equally achieved in this new system at little or no cost, which has been a major challenge in the existing systems. The developed IRC6 was evaluated to be sustain transparent ciphertext and thereby found to survive any crypto analytical attack. The new system further strengthens the data integrity assurance to the Data Owners (DOs) by eliminating the services of vulnerable Third Party Auditor (TPA) and allowing the auditing to DOs. Triangular Security Handshake (TSH) with timestamp was implemented to improve access control. An adversary data authentication model was also developed and used to ascertain the effectiveness of the developed model. An intrusion detection mechanism was equally implemented through access log for access control. The new system implemented was able to ascertain the authenticity of the outsourced data to the cloud thereby restoring the integrity of cloud storage services, and has boost the confidence of prospective clients, especially the Nigerian Federal Universities (as the case study).
CHAPTER ONE
INTRODUCTION
1.1 Background to the Study
Cloud computing is a service delivery model whereby shared resources such as hardware, software, platforms, and information are provided to consumers electronically as a utility over an internet (Wang et al, 2009). Several trends are opening up the era of cloud computing. These trends include ever cheaper and more powerful processors, together with the mainstream computing architectures such as Software-as-a-Service (SaaS), Platform-as-a Service (PaaS) and Infrastructure-as-a-Service (IaaS). These trends are transforming data centers into pools of computing service on a huge scale.
The increasing network bandwidth and reliable, yet flexible network connections make it even possible that users can now subscribe for high quality services from data and software that reside solely on remote data centers. Moving data into the cloud offers great convenience to users since they do not have to care about the complexities of direct hardware management. Examples of such well known services include Amazon Simple Storage Service (S3), and Amazon Elastic Compute Cloud (EC2).
While these internet-based online services do provide huge amounts of storage space and customizable computing resources, these computing platform shifts, however, are eliminating the responsibility of local machines for data maintenance at the same time. As a result, users are at the mercy of their cloud service providers (CSP) for the availability and integrity of their data (Wang et al, 2009).
This research focuses on sensitive data generated from organizations globally such as IT industries, banks, private and corporate organizations, and higher institutions. Academic data generated from a university for example, which are the life wire of such organization and other sensitive records such as students and staff records are being generated from different departments and units to be stored and managed internally. Due to some known risks posed to these data such as internal risks like fire and liquid hazards, conflicts of interest, political intent, and financial baits, this research proposed outsourcing of these data to the cloud where it will be devoid of these risks.
Successful data outsourcing to the cloud requires some facilities and logistics that are to be provided which include: Internet facilities with required network equipments and technologies, acquisition of bandwidth from an Internet Service Provider (ISP) of its choice. Logistics include organizational policies to determine which Cloud Service Provider (CSP) to outsource to. Moreover, there has to be a service level agreement between the CSP and the Organization to be able to determine the quality of service that the CSP will provide for the organization. This service level agreement contains the type of services the provider renders to its client and the amount of money the clients pay for the services with legal backing.
Outsourcing of organizational data to the cloud should not be done without being cautious of both the internal and external security threats to the outsourced data. An example of external security threat considered in this research is man in the middle intercepting the data during transmission. For mitigation of this threat, the research hashed the data into blocks using adapted Merkle Hash Tree (MHT) (Qian et al, 2008), and encrypting the MHT root hash using improved RC6 (IRC6) cryptosystem before outsourcing to the cloud. A broad range of internal threats to data integrity still exist for outsourced data to the cloud. Examples of these internal threats include; services failure or server failure and data loss incidents. These threats occur from time to time and are worth noting. Again, since users may not retain a local copy of outsourced data, there exist various incentives for a CSP to behave unfaithfully toward the cloud users regarding the status of their outsourced data. For example, to increase the profit margin by reducing cost, it is possible for CSP to discard rarely accessed data without being detected in a timely fashion. Similarly, CSP may even attempt to hide data loss incidents so as to maintain a reputation. Therefore, there is need for regular remote auditing of data outsourced to the cloud to ensure data integrity and availability. This serves as a check to internal cloud data storage threats (Cong et al, 2012).
A Merkle Hash Tree (MHT) is a well-studied authentication structure, which is intended to efficiently and securely prove that a set of elements are undamaged and unaltered using homomorphic tokens. It is constructed as a binary tree where the leaves in the MHT are the hashes of authentic data values (Qian et al, 2008).
IRC6 cryptosystem is an improvement on RC6 which was developed in the course of this research to guard against crypto-analytical attack. This is achieved by doubling its security at little or no computational cost. RC6 is an improvement on RC5, and RC5 was an improvement
on RC4. IRC6 is designed to meet the requirements of increased security and better performance. IRC6 makes use of data dependent rotations. Another good feature of IRC6 is the use of four working registers instead of two. RC5 is a fast block cipher, it acts on 128-bit blocks using two 64-bit working registers. IRC6 modified its design to use four 32-bit registers rather than two 64- bit registers. This has the advantage of performing two rotations per round rather than the one found in a half-round of RC5. The improved cryptosystem (IRC6), is used in this research to secure the MHT root hash before data outsourcing to the cloud.
For the purpose of achieving the aim of this study, this research has developed an enhanced hybrid auditing model using MHT and IRC6 cryptosystem that will enable on-demand data correctness verification. The verification of cloud storage correctness is conducted without explicit knowledge of the whole data files on the cloud. The data stored in the cloud may not only be accessed but also be frequently updated by the data owners. The updates include insertion, deletion, modification and appending. These updates are dynamic operations that need to be integrated into the cloud storage correctness assurance (Ren & Wang, 2012).
1.2 Statement of the Problems
From the viewpoint of data security/integrity, which has always been an important aspect of quality of service, cloud computing certainly poses new challenges for a number of reasons:
- Many organizations are yet to adopt and enjoy the rich advantages of cloud data storage management capabilities due to fear of losing their data integrity.
- Formal Remote Data Auditing (RDA) models‟ rootkey which is the main audit parameter, has been left unsecured.
- Direct application of traditional or symmetric cryptosystem for data auditing is not adequate due to the users‟ loss of control of data outsourced to the cloud. There is need for additional techniques to verify the correctness of data storage in the cloud without explicit knowledge of the whole data.
- Data stored in the cloud may be frequently updated. Hence, the assurance of storage correctness under dynamic data update is of paramount importance. However, this dynamic feature also makes traditional integrity assurance techniques ineffective and this requires new solutions.
- Cloud computing deployment is composed of many data centers running in a simultaneous, cooperated and distributed manner. Clients‟data are stored in multiple physical locations of these distributed data centers to further reduce the data integrity threats. Therefore, outsourced data should be in blocks to support these distributed protocols for various data centers for effective remote data integrity check.
- The practice of employing the services of the Third Party Auditor (TPA) for periodic remote data integrity check is faced with vulnerabilities which include interception of the original data main auditing tokens, hacking of TPA server or data compromise by TPA itself.
- Aside the vulnerabilities associated with adopting TPA services, hiring and maintaining a TPA is rather costly.
1.3 Aim and Objectives of the Study
The main aim of this research is to develop a hybrid model for dynamic remote data auditing model on cloud computing. The specific objectives of the study are to:
- present the design of an Enhanced Model for Dynamic remote Data Auditing;
- develop an enhanced hybrid system to support dynamic remote data auditing and data dynamic operations in the cloud by maintaining data integrity and availability even if users modify, delete, insert or update their data files in the cloud;
- build and apply an adversary data authentication model to evaluate the effectiveness of the system;
- compare performance of the new system with the existing system.
1.4 Significance of the Study
Broader knowledge of cyber attack mitigation and required techniques to chackemate cyber activities against remote data stored on the cloud is established through this research. This model helps to checkmate the wide spread of cyber-attacks in Internet environments tending to attack and compromise data over a cloud network. The work will potentially restore the confidence that organizations, both large and small, have on cloud services they engaged and use as most data stored on the cloud can be critical to the enterprise. It will also lead to improved economy as
organization and individuals use the cloud services to maximize their profits by utilizing more secured cloud services.
Development of an improved RC6 (IRC6) cryptosystem in this research also has great siginificance to improved security of the main auditing parameter with respect to existing system, as organizations focused more on profits making while using the cloud with less risk. This research also helps organizations to adopt data management principle that is devoid of internal data insecurity such as internal data threats.
The research develops an enhanced hybrid auditing scheme that adopts effective and flexible distributed data preprocessing scheme with explicit dynamic data support such as insertion, modification, deletion and appending; to ensure the correctness of users‟ file in the cloud. It relies on MHT and IRC6 encryption techniques in the file distribution preparation to guarantee data integrity and dependability. This hybrid technique will drastically reduce the communication and storage overhead as compared to the traditional replication-based file distribution techniques. By utilizing the homomorphic token with distributed verification blocks of data, this scheme will achieve the storage correctness assurance during RDA, as well as data error localization. It will also eliminate the vulnerabilities that are posed to the outsourced data by bypassing the TPA services.
The developed IRC6 in this research was implemented to double the security of the main auditing key with little or no cost. Encryption module, decryption module and key generation module were properly evaluated agaist their time lags and it was discovered that their time lags were very negligible which shows a good significant economic and security improvement over the previous models.
It was equally observed that its cipher text is not transparent during crypto-analysis thereby survives any crypto-analytical attack.
Organizations and individuals that outsource data to the cloud and employs this new enhance hybrid dynamic remote data auditing model for periodic data integrity check achieves great economic importance over their business with little or no security challenges.
The main significant of the new auditing model lie on auditing outsourced big-data which is a great task with great economic importance as it take few Auxilary Authentication Information (AAI) or audit path to achieve effective audit results when compare to other replica base models.
1.5 Scope of the study
This research is based on cloud data security. It uses two techniques which are MHT and IRC6 to remotely audit the outsourced data on cloud. RC6 cryptosystem is improved fundamentally to yield IRC6 cryptosystem which doubles the level of data security. The developed IRC6 and adapted MHT authentication techniques are used to produce a hybrid model which has the capability of carrying out dynamic remote data auditing on cloud. The developed IRC6 was used to secure the security limitation in existing RDA models.
The implementation is done on a Java platform. The research adopts both real and adversary authentication modes as test cases during testing and validation.
1.6 Limitations of the study
The cost (in terms of transportation and access honorarium and time) of acquiring data for analysis from different universities and other organizations during feasibility study was rather high. Implementation of this hybrid remote dynamic data auditing system requires extra expertise experience and steady power availability which was a challenge. In creating Java applets, it has to be written in Java Language (because MHT is built on Java) which is more difficult but must be done for possible integration with IRC6.
1.7 Definition of terms
Amazon Elastic Compute Cloud (EC2): Amazon‟s EC2 is a cloud computing service that allows users to deploy and run their applications on rented virtual computers. Users can boot what are called Amazon machine images and create an instance, also known as a virtual machine, and pay for the amount of computing power they need by the hour.
Amazon Simple Storage Service (S3): Amazon‟s S3 is a cloud storage service that provides scalable, unlimited online archiving and backup for Amazon web service users.
Service Provider: This is a company or organization that provides a public or private cloud service.
Byzantine failures: Are defined as arbitrary deviations of a process from its assumed behavior based on the algorithm it is supposed to be running and the inputs it receives. Such failures can occur, e.g., due to a software bug, a (transitional or permanent) hardware malfunction, or a malicious attack.
Cloud computing: This refers to a model of network computing, where a program or application runs on a connected server or servers rather than on a local computing device such as PC, tablet
or smartphone. Like the traditional client-server model or older mainframe computing, a user connects with a server to perform task. The difference with cloud computing is that the computing process may run on one or many connected computers at the same time, utilizing the concept of virtualization.
Cloud Database: This is a database accessible to clients from the cloud and delivered to users on demand via the internet from a cloud database provider‟s servers. Also referred to as Database-as-a-Service (DDaaS), cloud databases can use cloud computing to achieve optimized scaling, high availability, multi-tenancy and effective resource allocation.
Cloud provider: A company that provides cloud-based platform, infrastructure, application, or storage services to other organizations and/or individuals, usually for a fee.
Cloud Storage: This is a service that allows customers to save data by transferring it over the internet or another network, to an offside storage system maintained by a third party.
Data Center: This is a facility built for the purpose of housing cloud-based data resources such as servers and other service-based equipment. Many cloud-based companies own and operate their own data centres which house the data stored for consumers and ensure the on-going availability of their cloud.
Data Integrity: This refers to maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and is a critical aspect of the design, implementation and usage of any system which stores, processes and retrieves data.
DO: Data owner that outsources his data to cloud and employs the services of the TPA for constant auditing.
Homomorphic encryption: Is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.
Infrastructure as a service (IaaS): It is a pay-per-use service where a cloud computing provider offers storage space, software and network equipment as consumable resources. IaaS offerings include Amazon EC2, GoGrid and the Rackspace cloud.
Platform as a service (PaaS): This is a cloud computing model through which a computing platform is delivered to users via the web. PaaS is often used for the development, deployment and hosting of applications. Its offerings include Microsoft Azure, Force.com and google App Engine.
RDA: Remote Data Auditing, this refers to a means of verifying the correctness of data stored in remote cloud server.
Software as a service (SaaS): This is a software distribution model that provides applications to customers via the internet. The most commonly used form of cloud computing, SaaS continues to grow as web service and service-oriented architectures advance. The top sources of SaaS are Netsuite, Adobe and salesforce.com.
Service-level agreements (SLAs): This is a contractual agreement by which a service provider defines the level of service, responsibility, priorities, and guarantees regarding availability, performance, and other aspects of the service.
TPA: Third Party Auditor that constantly audits the remote outsourced data base on some level of agreements with the DO.
This material content is developed to serve as a GUIDE for students to conduct academic research
DEVELOPMENT OF AN ENHANCED HYBRID MODEL FOR DYNAMIC REMOTE DATA AUDITING (DRDA) ON CLOUD COMPUTING>
Project 4Topics Support Team Are Always (24/7) Online To Help You With Your Project
Chat Us on WhatsApp » 09132600555
DO YOU NEED CLARIFICATION? CALL OUR HELP DESK:
09132600555 (Country Code: +234)
YOU CAN REACH OUR SUPPORT TEAM VIA MAIL: [email protected]
09132600555 (Country Code: +234)