Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing

Introduction

What is Cloud Computing?

A style of computing where massively scalable IT-enabled capabilities are delivered as a service

Factors boosting cloud growth

Cheaper and powerful processors SaaS technology transforms data centres to pools of computing service Increasing network bandwidth, reliability and flexibility

Challenges

Data Integrity

Failures at storage provider hidden from user CSPs may delete rarely accessed data

How to efficiently check integrity of data without having a local copy ? Stateless verification. Unbounded use of queries

Challenges

Private Auditability

Higher efficiency Sacrifice computational cost Uses a third party auditor without devotion of their computation resources Either client or TPA can check integrity.

Public Auditability

Challenges

Data might not only be accessed but also updated by clients State of art technologies support only static data. Block-less verification

System Model

System Model

Client

An entity which has large data files to be stored in cloud for maintenance and computation An individual or organisation An entity which is managed by CSP Has significant storage space & computational resource An entity which has expertise and capabilities in auditing Trusted to assess and expose risk of CSS.

Cloud Storage Server

Third Party Auditor

Key Idea

Use Merkle Hash Tree

A well studied authentication structure to prove a set of elements is unaltered and undamaged

A challenge is given to cloud provider To compute response, cloud provider need to have original blocks

Merkle Hash Tree

MHT Construction Based on set of ordered value x 1 , x 2 ....... x n . Build tree based on elements in ordered set Leaves corresponds to h ( x ) where h () corresponds to cryptographic one-way hash function. Proceed to next level by concatenating hash values of two adjacent leaves Continue till root node is formed Root node is digitally signed.

Merkle Hash Tree

Merkle Hash Tree

Querying MHT

To verify existence of an attribute of value v. Server will return co-path from specific leaf up to root node. Client can recompute the signature values If it matches the root tag then the data stored is valid.

Merkle Hash Tree

Bilinear Mapping

Let G1 , G 2 be two groups of prime order p. Let P and Q be generators of G1 Now consider mapping e
e : G 1G 1 G 2 P ,Q G 1 ,a , b Z p *

e ( aP ,bQ )= e ( P ,Q )ab

Identity Based Encryption

G 1 and G 2 with

a bilinear mapping

e : G1 G G2 1

g a generator
s R Z q*

S is secret

Public key is P pub= g s

Identity Based Encryption

Encryption

E ( g , g , BOB , m )

= ( g , m xor h2 ( e ( h1 ( BOB ) , g s))r )

r r

=( Where r is random element

r Z p

g , m xor h2 ( e ( h1 ( BOB ) , g ))rs

Identity Based Encryption

Decryption

Private Key w = h1 ( BOB)

(u , v) =

g , m xor h2 ( e ( h1 ( BOB ) , g ))rs )

D ( u , v , w )= v xor h2 ( e ( w , u ))

= m xor h2 ( e ( h1 ( BOB ) , g ))rs xor h2 ( e ( h1 ( BOB )s , g r )) =m

Setup

Given F =( m1 , m2 , m3 , ...... mn ) Choose a random element u Let t=name||n||u File tag for F be SSig ssk (name||n||u) Compute signature mi for all
i

= ( H ( mi ) . u )

mi s

= i for 1i n

Setup

Root of MHT is created using H ( mi ) Client signs the root under private key H ( R )s Client sends {F,t,, SSig sk ( H ( R ))} and deletes {F,t, SSig sk ( H ( R )) } from its local storage

Default Integrity Verification

TPA picks a c-element subset I = s1 , s2 , s3 , ...... sc of set [1,n] for each i I v i B Z p TPA chooses random element Verifier sends chal ( i , v i )s is to CSP
1 c

According to the values in chal CSP responds with a proof.

Default Integrity Verification

CSP calculates
= =
sc i = s1 i i sc vi i = s1 i

v m Z p G
1 c

Co-path { ()s i s } CSP responds with P={ , , H ( mi ) , i , Sig sk ( H ( R )) }

Default Integrity Verification

Verification

Verifies e ( Sig sk ( H ( R ) , g ))= e ( H ( R ) , g s ) s v s Verifies e ( , g )= e (i = s H ( mi ) . u , g )

c i 1

Dynamic Data Operation

Modification

Client modifies mi mi ' Client generates i ' =( H ( mi ' ) . u m ' )s Send above information to CSP.
i

CSP replace block mi mi ' . Sends new co-path ' to client. Client verifies H(R) using m. If it matches, calculate H(R') and update tree.

Dynamic Data Operation

Insertion

Client have to add new value mi ' Client generates i ' =( H ( mi ' ) . u ) Send mi ' , i ' to CSP CSP updates MHT and replies H ( mi ) , i , H ( R ) , R ' Client generate root R and verifies. Generate new root R' and send back Sig sk ( H ( R ' ))
mi ' s

Dynamic Data Operation

Dynamic Data Operation

Conclusion

Its critical to enable TPA to evaluate service quality in an independent perspective. Achieved dynamic data verification Blockless verification is achieved Stateless verification is achieved

References
(1)Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou, Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing, IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 22, NO. 5, MAY 2011 (2)G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z.Peterson, and D. Song, Provable Data Possession at UntrustedStores,Proc. 14th ACM Conf. Computer and Comm. Security (CCS07), pp. 598-609, 2007 (3)Lecture notes by Einar Mykletun on Using Merkle hash trees on ODB (4)Lecture notes by John Bethencourt Intro to Bilinear Maps