AMDS: Attack Prevention for Multi-Owner Data

Sharing for Dynamic Groups in the Clou

!ino S"#
$
% Dr"M"&ayaPrasa
'
1
M.Tech(PG Scholar), Dept of CSE, RGIT, Bangalore-3

Rector, Dept of CSE, RGIT, Bangalore-3

1
Vinuvinod79@gmail.com
2
mj_prasad@yahoo.com
Abstract( )owaays% many organi*ations
outsource ata storage to the clou such that a
mem+er of an organi*ation ,ata owner- can easily
share ata with other mem+ers ,users-" Due to the
e.istence of security concerns in the clou% +oth
owners an users are suggeste to verify the
integrity of clou ata with Prova+le Data
Possession ,PDP- +efore further utili*ation of ata"
/owever% previous metho outsourcing the ata
an application to a group mem+er causes the
security an privacy issues to +ecome a critical
concern" 0n that system security an privacy
attri+utes are not fully analy*e"" 1e have
ientifie five most representative security an
privacy attri+utes ,i"e"% confientiality% integrity%
availa+ility% accounta+ility% an privacy-
preserva+ility-" 2eginning with these attri+utes% we
present the relationships among them% the
vulnera+ilities that may +e e.ploite +y attackers%
the threat moels% as well as e.isting efense
strategies in a clou scenario" Security analyses
prove that our scheme is secure

Keywords Attack% Clou Computing% Data
Sharing% 3evocation% 4racing.
INTRODUCTION
Cloud computing is transforming business
by offering new options for businesses to
increase efficiencies while reducing costs !". It
lets user can access all applications and
documents from anywhere in the world# freeing
from the confines of the des$top and ma$ing it
easier for group members in different locations
to collaborate. It is a model for enabling
con%enient# on&demand networ$ access to a
shared pool of configurable and reliable
computing resources 'e.g.# networ$s# ser%ers#
storage# applications# ser%ices( that can be
rapidly pro%isioned and released with minimal
consumer management effort or ser%ice pro%ider
interaction. Cloud computing pro%ides
computation# software# data access# and storage
resources without re)uiring cloud users to $now
the location and other details of the computing
infrastructure.
*ome of the sourcing models used in the
cloud computing are +ri%ate cloud# +ublic cloud#
,ybrid cloud !". - pri%ate cloud is entirely
dedicated to the needs of a single organi.ation. It
can be on or off premises. - public cloud is a
multitenant cloud that is owned by a company
that typically sells the ser%ices it pro%ides to the
general public. /here as in ,ybrid cloud the
customer uses a combination of pri%ate and
public clouds to meet the specific needs of their
business. In this approach# some of the
organi.ation0s IT ser%ices run on&premises while
other ser%ices are hosted in the cloud to sa%e
costs# simplify scalability# and increase agility.
1irst# identity pri%acy2" is one of the most
significant obstacles for the wide deployment of
cloud computing. /ithout the guarantee of
identity pri%acy# users may be unwilling to 3oin
in cloud computing systems because their real
identities could be easily disclosed to cloud
pro%iders and attac$ers. On the other hand#
unconditional identity pri%acy may incur the
abuse of pri%acy. 1or e4ample# a misbeha%ed
staff can decei%e others in the company by
sharing false files without being traceable.
Therefore# traceability# which enables the group
1
manager 'e.g.# a company manager( to re%eal the
real identity of a user# is also highly desirable.
*econd# it is highly recommended that any
member in a group2" should be able to fully
en3oy the data storing and sharing ser%ices
pro%ided by the cloud# which is defined as the
multiple&owner manner. Compared with the
single&owner manner# where only the group
manager can store and modify data in the cloud#
the multiple&owner manner is more fle4ible in
practical applications. 5ore concretely# each
user in the group is able to not only read data#
but also modify his6her part of data in the entire
data file shared by the company.
7ast issue is that efficient membership
re%ocation mechanism2" should be achie%ed
without updating their secret $eys of the
remaining users and it is also desired to reduce
the comple4ity of the $ey management *ome of
the issues related to the e4isting system are2.
+ropose a secure multi&owner data sharing
scheme. It implies that any user in the group can
securely share data with others by the untrusted
cloud. !. Our e4isting scheme is able to support
dynamic groups efficiently. *pecifically# new
granted users can directly decrypt data files
uploaded before their participation without
contacting with data owners. User re%ocation
can be easily achie%ed through a no%el
re%ocation list without updating the secret $eys
of the remaining users. The si.e and
computation o%erhead of encryption are constant
and independent with the number of re%o$ed
users. 8. It pro%ides secure and pri%acy&
preser%ing access control to users# which
guarantees any member in a group to
anonymously utili.e the cloud resource.
5oreo%er# the real identities of data owners can
be re%ealed by the group manager when disputes
occur. 9. It pro%ides rigorous security analysis#
and performs e4tensi%e simulations to
demonstrate the efficiency of our scheme in
terms of storage and computation o%erhead.
The main disad%antage associated with the
e4isting system is that:
2. 7ess security and pri%acy
!. -ttac$ +re%ention is not
considered.
The drawbac$ of the e4isting system can be
o%ercome using this proposed system. The main
contribution of this paper is that +roposed
system to identified fi%e most representati%e
security and pri%acy attributes 'i.e.#
confidentiality# integrity# a%ailability#
accountability# and pri%acy&preser%ability(.
;eginning with these attributes# we present the
relationships among them# the %ulnerabilities
that may be e4ploited by attac$ers# the threat
models# as well as e4isting defense strategies in
a cloud scenario. /e consider the cloud
en%ironment as a new computing platform to
which the classic methodology of security
research can be applied as well 8". Therefore#
we determine to employ an attribute&dri%en
methodology to conduct our re%iew. /e employ
the ecosystem of cloud security and pri%acy in
%iew of fi%e security6pri%acy attributes 'i.e.#
confidentiality# integrity# a%ailability#
accountability# and pri%acy&preser%ability( that
are the most representati%e ones in current
research ad%ances. *ome researchers regard
pri%acy as one component of security# while in
this paper# we separate pri%acy from security
due to its importance and specialty in cloud
en%ironments. +ri%acy is considered as highly
rele%ant to security# as well as other security
attributes that ha%e positi%e or negati%e
influences on pri%acy. The security ecosystem is
generic and is applicable to any computer and
networ$ed systems. The main ad%antage of the
proposed system is that:
2. +roposed system is more secure
and pri%acy# its concentrate on all
attributes of security and pri%acy
pre%ents information lea$age<
!. It uses the present three&tier data
protection architecture to offer
different le%els of pri%acy to cloud
customers.
2
=ROU+ *I=N-TUR>
Chaum and ?an ,eyst introduced the concept
called group signature @".In this paper we
present a new type of signature for a group of
person called a group signature which has the
following properties: -ny members of the group
can sign messages. Aeeps the identity secret
from the %erifiers. Only the group manager can
re%eal the real identity# when the dispute occurs
which is called as traceability.
DBN-5IC ;RO-DC-*T >NCRB+TION
;roadcast encryption allows a user to distribute
message securely to a set6group of users in an in
secure en%ironment so that only a pri%ileged
subset of users can decrypt the data. -part from
this Dynamic broadcast encryption C" also
allows the group manager to dynamically
include new members while preser%ing
pre%iously computed information# i.e.# user
decryption $eys need not be recomputed# the
morphology and si.e of cipher te4ts are
unchanged and the group encryption $ey
re)uires no modification. The first formal
definition and construction of dynamic broadcast
encryption are introduced based on the bilinear
pairing techni)ue# which will be used as the
basis for file sharing in dynamic groups
-RC,IT>CTUR>
A. Data Confidentiality:
Data confidentiality re)uires that
unauthori.ed users including the cloud are
incapable of learning the content of the
stored data . -n important and challenging
issue for data confidentiality is to maintain
its a%ailability for dynamic groups. New
users should decrypt the data stored in the
cloud before their participation# and re%o$ed
users is unable to decrypt the data mo%ed
into the cloud after the re%ocation
1) Threat! "n clo#$ conf"$ent"al"t%&
5alicious *ys-dmin: The Cross&?5 attac$
D" discusses how others may %iolate
confidentiality cloud customers that co&
residing with the %ictim# although it is not
the only threat. +ri%ileged sysadmin of the
cloud pro%ider can perform attac$s by
accessing the memory of a customer0s ?5s.
1or instance# enables a sys admin to directly
access the ?5 memory at run time by
running a user le%el process in DomainE.
) Defen!e Strateg"e!&
Co Trusted Cloud Computing +latform:
It present a trusted cloud&computing platform
'TCC+(# which offers a closed bo4 e4ecution
en%ironment for Iaa* ser%ices. TCC+
guarantees confidential e4ecution of guest
%irtual machines. It also enables customers to
attest to the Iaa* pro%ider and to determine if
the ser%ice is secure before their ?5s are
launched into the cloud. The design goals of
TCC+ are: 2( to confine the ?5 e4ecution
inside the secure perimeter< !( that a
sysadmin with root pri%ileges is unable to
access the memory of a ?5 hosted in a
physical node. TCC+ le%erages e4isting
techni)ues to build trusted cloud computing
platforms. This focuses on sol%ing
confidentiality problems for clients0 data and
for computation outsourced to the cloud.
/ith TCC+# the sysadmin is unable to
inspect or tamper with the content of running
?5s
B. Data Integrity:
Data integrity implies that data should be
honestly stored on cloud ser%ers# and any
%iolations 'e.g.# data is lost# altered# or
compromised( are to be detected.
Computation integrity implies the notion that
programs are e4ecuted without being
distorted by malware# cloud pro%iders# or
other malicious users# and that any incorrect
computing will be detected.
1) Threat! to Clo#$ Integr"t%
Data 7oss65anipulation& In cloud storage#
applications deli%er storage as a ser%ice.
*er%ers $eep large amounts of data that ha%e
the capability of being accessed on rare
occasions D" . The cloud ser%ers are
distrusted in terms of both security and
reliability# which means that data may be lost
or modified maliciously or accidentally.
-dministration errors may cause data loss
3
'e.g.# bac$up and restore# data migration# and
changing
1ig 2 -RC,IT>CTUR>
1ig2. -rchitecture
4
User Revocation
User Registration
File Generation
File Deletion
File Access
Traceability
Group
Manager
Group
Members
lou!
on"i!entiali
ty
#ntegrity
Availability
Accountabilit
y
$rivacy%
$reservabilit
y
Data
&'ner
memberships in +!+ systems(. -dditionally#
ad%ersaries may initiate attac$s by ta$ing
ad%antage of data owners0 loss of control o%er
their own data.
) Defen!e Strateg"e!
The goal of Dynamic +D+ 'D+D+( is to
support full dynamic operations 'e.g.# append#
insert# modify# and delete(. The purpose of
dynamic operations is to enable authenticated
insert and delete functions with ran$&based
authenticated directories that are built on a s$ip
list. The e4periment result shows that# although
the support of dynamic updates costs certain
computational comple4ity# D+D+ is practically
efficient.
B. Clou Availa+ility
-%ailability is crucial since the core function of
cloud computing is to pro%ide on&demand
ser%ice of different le%els. If a certain ser%ice is
no longer a%ailable or the )uality of ser%ice
cannot meet the *er%ice 7e%el -greement
'*7-(# customers may lose faith in the cloud
system
1) Threat! to Clo#$ '(a"la)"l"t%
1looding -ttac$ %ia ;andwidth *tar%ation: In a
flooding attac$# which can cause Deny of
*er%ice 'Do*(# a huge amount of nonsensical
re)uests are sent to a particular ser%ice to hinder
it from wor$ing properly. In cloud computing#
there are two basic types of flooding attac$s:
* Direct DO* F the attac$ing target is
determined# and the a%ailability of the targeting
cloud ser%ice will be fully lost.
* Indirect DO* F the meaning is twofold: 2( all
ser%ices hosted in the same physical machine
with the target %ictim will be affected< !( the
attac$ is initiated without a specific target.
) Defen!e !trateg%
Defending the new DO* attac$: This new type
of DO* attac$ differs from the traditional DO*
or DDO* attac$s in that traditional DO* sends
traffic to the targeting application6host directly
while the new DO* attac$ does not< therefore#
some techni)ues and counter&measures for
handling traditional DO*s are no longer
applicable. - DO* a%oidance strategy called
ser%ice migration has been de%eloped to deal
with the new flooding attac$. - monitoring
agent located outside the cloud is set up to detect
whether there may be bandwidth star%ation by
constantly probing the cloud applications. /hen
bandwidth degradation is detected# the
monitoring agent will perform application
migration# which may stop the ser%ice
temporarily# with it resuming later. The
migration will mo%e the current application to
another subnet of which the attac$er is unaware.
B. Cloud Accountability
-ccountability implies that the capability of
identifying a party# with undeniable e%idence# is
responsible for specific e%ents. /hen dealing
with cloud computing# there are multiple parties
that may be in%ol%ed< a cloud pro%ider and its
customers are the two basic ones# and the public
clients who use applications 'e.g.# a web
application( outsourced by cloud customers may
be another party. - fine&grained identity#
howe%er# may be employed to identify a specific
machine or e%en the faulty6 malicious program
that is responsible.
1) Threat! to Clo#$ 'cco#nta)"l"t%
*7- %iolation: -. ,aeberlen addresses the
importance of accountability in cloud
computing# where the loss of data control is
problematic when something goes awry. 1or
instance# the following problems may possibly
arise: i( The machines in the cloud can be mis&
configured or defecti%e and can conse)uently
corrupt the customer0s data or cause his
computation to return incorrect results< ii( The
cloud pro%ider can accidentally allocate
insufficient resources for the customer# an act
which can degrade the performance of the
customer0s ser%ices and then %iolate the *7-<
) Defen!e Strateg"e!
Collaborati%e 5onitoring: - solution that is
similar to -?5 was de%eloped by maintaining
an e4ternal state machine whose 3ob is to
%alidate the correctness of the data and the
(
e4ecution of business logic in a multi&tenancy
en%ironment. It defines the ser%ice endpoint as
the interface through which the cloud ser%ices
are deli%ered to its end users. It is assumed that
the data may only be accessed through endpoints
that are specified according to the *7- between
the cloud pro%ider and the users. The basic idea
is to wrap each endpoint with an adapter that is
able to capture the input6output of the endpoint
and record all the operations performed through
the endpoint. The log is subse)uently sent to the
e4ternal state machine for authentication
purpose.
C. Cloud Privacy
+ri%acy is yet another critical concern with
regards to cloud computing due to the fact that
customers0 data and business logic reside among
distrusted cloud ser%ers# which are owned and
maintained by the cloud pro%ider. Therefore#
there are potential ris$s that the confidential data
'e.g.# financial data# health record( or personal
information 'e.g.# personal profile( is disclosed
to public or business competitors. +ri%acy has
been an issue of the highest priority.
1) Threat! to Clo#$ Pr"(ac%
Computation +ri%acy ;reach: In some sense#
pri%acy&preser%ability is a stricter form of
confidentiality# due to the notion that they both
pre%ent information lea$age. Therefore# if cloud
confidentiality is e%er %iolated# pri%acy&
preser%ability will also be %iolated. *imilar to
other security ser%ices# the meaning of cloud
pri%acy is twofold: data pri%acy and
computation pri%acy.
) Defen!e Strateg"e!
=entry proposed 1ully ,omomorphic
>ncryption '1,>( to preser%e pri%acy in cloud
computing. 1,> enables computation on
encrypted data# which is stored in the distrusted
ser%ers of the cloud pro%ider. Data may be
processed without decryption. The cloud ser%ers
ha%e little to no $nowledge concerning the input
data# the processing function# the result# and any
intermediate result %alues. Therefore# the
outsourced computation occurs 0under the
co%ers0 in a fully pri%acy&preser%ing way. 1,>
has become a powerful tool to enforce pri%acy
preser%ing in cloud computing. ,owe%er# all
$nown 1,> schemes are too inefficient for use
in practice. /hile researchers are trying to
reduce the comple4ity of 1,># it is worthwhile
to consider alle%iating the power of 1,> to
regain efficiency. It has proposed somewhat
homomorphic encryption# which only supports a
number of homomorphic operations# which may
be much faster and more compact than 1,>.
CO)C56S0O)
/e design a secure data sharing scheme# 5ona#
for dynamic groups in an untrusted cloud. In
5ona# a user is able to share data with others in
the group without re%ealing identity pri%acy to
the cloud. -dditionally# 5ona supports efficient
user re%ocation and new user 3oining. 5ore
specially# efficient user re%ocation can be
achie%ed through a public re%ocation list without
updating the pri%ate $eys of the remaining users#
and new users can directly decrypt files stored in
the cloud before their participation. Our
proposed system e4tends the mona system
o%ercomes the security and pri%acy issues in
cloud computing based on an attribute&dri%en
methodology. /e ha%e identified the most
representati%e security6pri%acy attributes 'e.g.#
confidentiality# integrity# a%ailability#
accountability# and pri%acy&preser%ability(# as
well as discussing the %ulnerabilities# which may
be e4ploited by ad%ersaries in order to perform
%arious attac$s.
3eferences
2" G. 7iu# B. Hhang# ;. /ang and I. Ban# J5ona: *ecure
5ulti&Owner Data *haring for Dynamic =roup in the
Cloud#K I>>> Tran. On +arallel and Distributed *ystem#%ol.
!9# no. @ Iune !E28.
!" 5. -rmbrust# -. 1o4# R. =riffith# -.D. Ioseph# R.,
Aat.#-. Aonwins$i# =. 7ee# -.D. +atterson# -. Rab$in# I
*toica# and 5. Haharia# J - ?iew of Cloud Computing#K
comm.-C5# %ol. D8# no. 9# pp. DE&DL# -pril !E2E
)
8" *. Bu# C. /ang# A. Ren# and /. 7ou# J-chie%ing *ecure
*calable# and 1ine&=rained Data -ccess Control in Cloud
Computing#K +roc. I>>> IN1OCO5# pp. D89&D9!# !E2E
9" *. Aamara and A. 7auter# JCryptographic Cloud
*torage#K proc. Int0l Conf. 1inancial Cryptography and Data
*ecurity '1C(# pp. 28@&29M# Ian. !E2E
D" -.5. 7onea# D.>. +opescu# ,. Tianfield KDetecting
DDo* -ttac$s in Cloud Computing >n%ironmentK INT I
CO5+UT CO55UN# I**N 2L92&ML8@
L'2(:CE&CL# 1ebruary# !E28.
@" 5. Aallahalla# >. Riedel# R. *waminathan# N. /ang# and
A. 1u# J+lutus: *calable *ecure 1ile *haring on Untrusted
*torage#K proc. U*>NIG Conf. 1ile and *torage
Technologies# pp. !M&9!# !EE8
C" D. Chaum and >. %an ,eyst# J=roup *ignatures#K +roc
Int0l Conf.Theory and -pplications of Cryptographic
Techni)ue '>UROCRB+T(#p p. !DC&!@D# 2MM2.
L" -. 1iat and 5. Naor# J;roadcast >ncryption#K +roc. Int
Cryptology Conf. -d%ances in Cryptology 'CRB+TO(# pp.
9LE&9M2# 2MM8
M" D. Naor# 5. Naor# and I.;. 7otspiech# JRe%ocation and
Tracing schemes for *tateless Recei%ers#K +roc. -nn. Int0l
Cryptology 'CRB+TO(# pp. 92&@!# !EE2.
2E" ;. /ang# ;. 7i# and ,. 7i# JAno4: +ri%acy&+reser%ing
-uditing for *hared Data with 7arge =roups in the Cloud
+roc. 2Eth Int. Conf. -pplied Cryptography and Networ$
22" ;. /aters# JCipherte4t&+olicy -ttribute&;ased
>ncryption: -n >4pressi%e# >fficient# and +ro%ably *ecure
Reali.ation#K proc. Int0l Conf. +ratice and Theory in +ublic

*