1 Vinuvinod79@gmail.com 2 mj_prasad@yahoo.com Abstract( )owaays% many organi*ations outsource ata storage to the clou such that a mem+er of an organi*ation ,ata owner- can easily share ata with other mem+ers ,users-" Due to the e.istence of security concerns in the clou% +oth owners an users are suggeste to verify the integrity of clou ata with Prova+le Data Possession ,PDP- +efore further utili*ation of ata" /owever% previous metho outsourcing the ata an application to a group mem+er causes the security an privacy issues to +ecome a critical concern" 0n that system security an privacy attri+utes are not fully analy*e"" 1e have ientifie five most representative security an privacy attri+utes ,i"e"% confientiality% integrity% availa+ility% accounta+ility% an privacy- preserva+ility-" 2eginning with these attri+utes% we present the relationships among them% the vulnera+ilities that may +e e.ploite +y attackers% the threat moels% as well as e.isting efense strategies in a clou scenario" Security analyses prove that our scheme is secure
Keywords Attack% Clou Computing% Data Sharing% 3evocation% 4racing. INTRODUCTION Cloud computing is transforming business by offering new options for businesses to increase efficiencies while reducing costs !". It lets user can access all applications and documents from anywhere in the world# freeing from the confines of the des$top and ma$ing it easier for group members in different locations to collaborate. It is a model for enabling con%enient# on&demand networ$ access to a shared pool of configurable and reliable computing resources 'e.g.# networ$s# ser%ers# storage# applications# ser%ices( that can be rapidly pro%isioned and released with minimal consumer management effort or ser%ice pro%ider interaction. Cloud computing pro%ides computation# software# data access# and storage resources without re)uiring cloud users to $now the location and other details of the computing infrastructure. *ome of the sourcing models used in the cloud computing are +ri%ate cloud# +ublic cloud# ,ybrid cloud !". - pri%ate cloud is entirely dedicated to the needs of a single organi.ation. It can be on or off premises. - public cloud is a multitenant cloud that is owned by a company that typically sells the ser%ices it pro%ides to the general public. /here as in ,ybrid cloud the customer uses a combination of pri%ate and public clouds to meet the specific needs of their business. In this approach# some of the organi.ation0s IT ser%ices run on&premises while other ser%ices are hosted in the cloud to sa%e costs# simplify scalability# and increase agility. 1irst# identity pri%acy2" is one of the most significant obstacles for the wide deployment of cloud computing. /ithout the guarantee of identity pri%acy# users may be unwilling to 3oin in cloud computing systems because their real identities could be easily disclosed to cloud pro%iders and attac$ers. On the other hand# unconditional identity pri%acy may incur the abuse of pri%acy. 1or e4ample# a misbeha%ed staff can decei%e others in the company by sharing false files without being traceable. Therefore# traceability# which enables the group 1 manager 'e.g.# a company manager( to re%eal the real identity of a user# is also highly desirable. *econd# it is highly recommended that any member in a group2" should be able to fully en3oy the data storing and sharing ser%ices pro%ided by the cloud# which is defined as the multiple&owner manner. Compared with the single&owner manner# where only the group manager can store and modify data in the cloud# the multiple&owner manner is more fle4ible in practical applications. 5ore concretely# each user in the group is able to not only read data# but also modify his6her part of data in the entire data file shared by the company. 7ast issue is that efficient membership re%ocation mechanism2" should be achie%ed without updating their secret $eys of the remaining users and it is also desired to reduce the comple4ity of the $ey management *ome of the issues related to the e4isting system are2. +ropose a secure multi&owner data sharing scheme. It implies that any user in the group can securely share data with others by the untrusted cloud. !. Our e4isting scheme is able to support dynamic groups efficiently. *pecifically# new granted users can directly decrypt data files uploaded before their participation without contacting with data owners. User re%ocation can be easily achie%ed through a no%el re%ocation list without updating the secret $eys of the remaining users. The si.e and computation o%erhead of encryption are constant and independent with the number of re%o$ed users. 8. It pro%ides secure and pri%acy& preser%ing access control to users# which guarantees any member in a group to anonymously utili.e the cloud resource. 5oreo%er# the real identities of data owners can be re%ealed by the group manager when disputes occur. 9. It pro%ides rigorous security analysis# and performs e4tensi%e simulations to demonstrate the efficiency of our scheme in terms of storage and computation o%erhead. The main disad%antage associated with the e4isting system is that: 2. 7ess security and pri%acy !. -ttac$ +re%ention is not considered. The drawbac$ of the e4isting system can be o%ercome using this proposed system. The main contribution of this paper is that +roposed system to identified fi%e most representati%e security and pri%acy attributes 'i.e.# confidentiality# integrity# a%ailability# accountability# and pri%acy&preser%ability(. ;eginning with these attributes# we present the relationships among them# the %ulnerabilities that may be e4ploited by attac$ers# the threat models# as well as e4isting defense strategies in a cloud scenario. /e consider the cloud en%ironment as a new computing platform to which the classic methodology of security research can be applied as well 8". Therefore# we determine to employ an attribute&dri%en methodology to conduct our re%iew. /e employ the ecosystem of cloud security and pri%acy in %iew of fi%e security6pri%acy attributes 'i.e.# confidentiality# integrity# a%ailability# accountability# and pri%acy&preser%ability( that are the most representati%e ones in current research ad%ances. *ome researchers regard pri%acy as one component of security# while in this paper# we separate pri%acy from security due to its importance and specialty in cloud en%ironments. +ri%acy is considered as highly rele%ant to security# as well as other security attributes that ha%e positi%e or negati%e influences on pri%acy. The security ecosystem is generic and is applicable to any computer and networ$ed systems. The main ad%antage of the proposed system is that: 2. +roposed system is more secure and pri%acy# its concentrate on all attributes of security and pri%acy pre%ents information lea$age< !. It uses the present three&tier data protection architecture to offer different le%els of pri%acy to cloud customers. 2 =ROU+ *I=N-TUR> Chaum and ?an ,eyst introduced the concept called group signature @".In this paper we present a new type of signature for a group of person called a group signature which has the following properties: -ny members of the group can sign messages. Aeeps the identity secret from the %erifiers. Only the group manager can re%eal the real identity# when the dispute occurs which is called as traceability. DBN-5IC ;RO-DC-*T >NCRB+TION ;roadcast encryption allows a user to distribute message securely to a set6group of users in an in secure en%ironment so that only a pri%ileged subset of users can decrypt the data. -part from this Dynamic broadcast encryption C" also allows the group manager to dynamically include new members while preser%ing pre%iously computed information# i.e.# user decryption $eys need not be recomputed# the morphology and si.e of cipher te4ts are unchanged and the group encryption $ey re)uires no modification. The first formal definition and construction of dynamic broadcast encryption are introduced based on the bilinear pairing techni)ue# which will be used as the basis for file sharing in dynamic groups -RC,IT>CTUR> A. Data Confidentiality: Data confidentiality re)uires that unauthori.ed users including the cloud are incapable of learning the content of the stored data . -n important and challenging issue for data confidentiality is to maintain its a%ailability for dynamic groups. New users should decrypt the data stored in the cloud before their participation# and re%o$ed users is unable to decrypt the data mo%ed into the cloud after the re%ocation 1) Threat! "n clo#$ conf"$ent"al"t%& 5alicious *ys-dmin: The Cross&?5 attac$ D" discusses how others may %iolate confidentiality cloud customers that co& residing with the %ictim# although it is not the only threat. +ri%ileged sysadmin of the cloud pro%ider can perform attac$s by accessing the memory of a customer0s ?5s. 1or instance# enables a sys admin to directly access the ?5 memory at run time by running a user le%el process in DomainE. ) Defen!e Strateg"e!& Co Trusted Cloud Computing +latform: It present a trusted cloud&computing platform 'TCC+(# which offers a closed bo4 e4ecution en%ironment for Iaa* ser%ices. TCC+ guarantees confidential e4ecution of guest %irtual machines. It also enables customers to attest to the Iaa* pro%ider and to determine if the ser%ice is secure before their ?5s are launched into the cloud. The design goals of TCC+ are: 2( to confine the ?5 e4ecution inside the secure perimeter< !( that a sysadmin with root pri%ileges is unable to access the memory of a ?5 hosted in a physical node. TCC+ le%erages e4isting techni)ues to build trusted cloud computing platforms. This focuses on sol%ing confidentiality problems for clients0 data and for computation outsourced to the cloud. /ith TCC+# the sysadmin is unable to inspect or tamper with the content of running ?5s B. Data Integrity: Data integrity implies that data should be honestly stored on cloud ser%ers# and any %iolations 'e.g.# data is lost# altered# or compromised( are to be detected. Computation integrity implies the notion that programs are e4ecuted without being distorted by malware# cloud pro%iders# or other malicious users# and that any incorrect computing will be detected. 1) Threat! to Clo#$ Integr"t% Data 7oss65anipulation& In cloud storage# applications deli%er storage as a ser%ice. *er%ers $eep large amounts of data that ha%e the capability of being accessed on rare occasions D" . The cloud ser%ers are distrusted in terms of both security and reliability# which means that data may be lost or modified maliciously or accidentally. -dministration errors may cause data loss 3 'e.g.# bac$up and restore# data migration# and changing 1ig 2 -RC,IT>CTUR> 1ig2. -rchitecture 4 User Revocation User Registration File Generation File Deletion File Access Traceability Group Manager Group Members lou! on"i!entiali ty #ntegrity Availability Accountabilit y $rivacy% $reservabilit y Data &'ner memberships in +!+ systems(. -dditionally# ad%ersaries may initiate attac$s by ta$ing ad%antage of data owners0 loss of control o%er their own data. ) Defen!e Strateg"e! The goal of Dynamic +D+ 'D+D+( is to support full dynamic operations 'e.g.# append# insert# modify# and delete(. The purpose of dynamic operations is to enable authenticated insert and delete functions with ran$&based authenticated directories that are built on a s$ip list. The e4periment result shows that# although the support of dynamic updates costs certain computational comple4ity# D+D+ is practically efficient. B. Clou Availa+ility -%ailability is crucial since the core function of cloud computing is to pro%ide on&demand ser%ice of different le%els. If a certain ser%ice is no longer a%ailable or the )uality of ser%ice cannot meet the *er%ice 7e%el -greement '*7-(# customers may lose faith in the cloud system 1) Threat! to Clo#$ '(a"la)"l"t% 1looding -ttac$ %ia ;andwidth *tar%ation: In a flooding attac$# which can cause Deny of *er%ice 'Do*(# a huge amount of nonsensical re)uests are sent to a particular ser%ice to hinder it from wor$ing properly. In cloud computing# there are two basic types of flooding attac$s: * Direct DO* F the attac$ing target is determined# and the a%ailability of the targeting cloud ser%ice will be fully lost. * Indirect DO* F the meaning is twofold: 2( all ser%ices hosted in the same physical machine with the target %ictim will be affected< !( the attac$ is initiated without a specific target. ) Defen!e !trateg% Defending the new DO* attac$: This new type of DO* attac$ differs from the traditional DO* or DDO* attac$s in that traditional DO* sends traffic to the targeting application6host directly while the new DO* attac$ does not< therefore# some techni)ues and counter&measures for handling traditional DO*s are no longer applicable. - DO* a%oidance strategy called ser%ice migration has been de%eloped to deal with the new flooding attac$. - monitoring agent located outside the cloud is set up to detect whether there may be bandwidth star%ation by constantly probing the cloud applications. /hen bandwidth degradation is detected# the monitoring agent will perform application migration# which may stop the ser%ice temporarily# with it resuming later. The migration will mo%e the current application to another subnet of which the attac$er is unaware. B. Cloud Accountability -ccountability implies that the capability of identifying a party# with undeniable e%idence# is responsible for specific e%ents. /hen dealing with cloud computing# there are multiple parties that may be in%ol%ed< a cloud pro%ider and its customers are the two basic ones# and the public clients who use applications 'e.g.# a web application( outsourced by cloud customers may be another party. - fine&grained identity# howe%er# may be employed to identify a specific machine or e%en the faulty6 malicious program that is responsible. 1) Threat! to Clo#$ 'cco#nta)"l"t% *7- %iolation: -. ,aeberlen addresses the importance of accountability in cloud computing# where the loss of data control is problematic when something goes awry. 1or instance# the following problems may possibly arise: i( The machines in the cloud can be mis& configured or defecti%e and can conse)uently corrupt the customer0s data or cause his computation to return incorrect results< ii( The cloud pro%ider can accidentally allocate insufficient resources for the customer# an act which can degrade the performance of the customer0s ser%ices and then %iolate the *7-< ) Defen!e Strateg"e! Collaborati%e 5onitoring: - solution that is similar to -?5 was de%eloped by maintaining an e4ternal state machine whose 3ob is to %alidate the correctness of the data and the ( e4ecution of business logic in a multi&tenancy en%ironment. It defines the ser%ice endpoint as the interface through which the cloud ser%ices are deli%ered to its end users. It is assumed that the data may only be accessed through endpoints that are specified according to the *7- between the cloud pro%ider and the users. The basic idea is to wrap each endpoint with an adapter that is able to capture the input6output of the endpoint and record all the operations performed through the endpoint. The log is subse)uently sent to the e4ternal state machine for authentication purpose. C. Cloud Privacy +ri%acy is yet another critical concern with regards to cloud computing due to the fact that customers0 data and business logic reside among distrusted cloud ser%ers# which are owned and maintained by the cloud pro%ider. Therefore# there are potential ris$s that the confidential data 'e.g.# financial data# health record( or personal information 'e.g.# personal profile( is disclosed to public or business competitors. +ri%acy has been an issue of the highest priority. 1) Threat! to Clo#$ Pr"(ac% Computation +ri%acy ;reach: In some sense# pri%acy&preser%ability is a stricter form of confidentiality# due to the notion that they both pre%ent information lea$age. Therefore# if cloud confidentiality is e%er %iolated# pri%acy& preser%ability will also be %iolated. *imilar to other security ser%ices# the meaning of cloud pri%acy is twofold: data pri%acy and computation pri%acy. ) Defen!e Strateg"e! =entry proposed 1ully ,omomorphic >ncryption '1,>( to preser%e pri%acy in cloud computing. 1,> enables computation on encrypted data# which is stored in the distrusted ser%ers of the cloud pro%ider. Data may be processed without decryption. The cloud ser%ers ha%e little to no $nowledge concerning the input data# the processing function# the result# and any intermediate result %alues. Therefore# the outsourced computation occurs 0under the co%ers0 in a fully pri%acy&preser%ing way. 1,> has become a powerful tool to enforce pri%acy preser%ing in cloud computing. ,owe%er# all $nown 1,> schemes are too inefficient for use in practice. /hile researchers are trying to reduce the comple4ity of 1,># it is worthwhile to consider alle%iating the power of 1,> to regain efficiency. It has proposed somewhat homomorphic encryption# which only supports a number of homomorphic operations# which may be much faster and more compact than 1,>. CO)C56S0O) /e design a secure data sharing scheme# 5ona# for dynamic groups in an untrusted cloud. In 5ona# a user is able to share data with others in the group without re%ealing identity pri%acy to the cloud. -dditionally# 5ona supports efficient user re%ocation and new user 3oining. 5ore specially# efficient user re%ocation can be achie%ed through a public re%ocation list without updating the pri%ate $eys of the remaining users# and new users can directly decrypt files stored in the cloud before their participation. Our proposed system e4tends the mona system o%ercomes the security and pri%acy issues in cloud computing based on an attribute&dri%en methodology. /e ha%e identified the most representati%e security6pri%acy attributes 'e.g.# confidentiality# integrity# a%ailability# accountability# and pri%acy&preser%ability(# as well as discussing the %ulnerabilities# which may be e4ploited by ad%ersaries in order to perform %arious attac$s. 3eferences 2" G. 7iu# B. Hhang# ;. /ang and I. Ban# J5ona: *ecure 5ulti&Owner Data *haring for Dynamic =roup in the Cloud#K I>>> Tran. On +arallel and Distributed *ystem#%ol. !9# no. @ Iune !E28. !" 5. -rmbrust# -. 1o4# R. =riffith# -.D. Ioseph# R., Aat.#-. Aonwins$i# =. 7ee# -.D. +atterson# -. Rab$in# I *toica# and 5. Haharia# J - ?iew of Cloud Computing#K comm.-C5# %ol. D8# no. 9# pp. DE&DL# -pril !E2E ) 8" *. Bu# C. /ang# A. Ren# and /. 7ou# J-chie%ing *ecure *calable# and 1ine&=rained Data -ccess Control in Cloud Computing#K +roc. I>>> IN1OCO5# pp. D89&D9!# !E2E 9" *. Aamara and A. 7auter# JCryptographic Cloud *torage#K proc. Int0l Conf. 1inancial Cryptography and Data *ecurity '1C(# pp. 28@&29M# Ian. !E2E D" -.5. 7onea# D.>. +opescu# ,. Tianfield KDetecting DDo* -ttac$s in Cloud Computing >n%ironmentK INT I CO5+UT CO55UN# I**N 2L92&ML8@ L'2(:CE&CL# 1ebruary# !E28. @" 5. Aallahalla# >. Riedel# R. *waminathan# N. /ang# and A. 1u# J+lutus: *calable *ecure 1ile *haring on Untrusted *torage#K proc. U*>NIG Conf. 1ile and *torage Technologies# pp. !M&9!# !EE8 C" D. Chaum and >. %an ,eyst# J=roup *ignatures#K +roc Int0l Conf.Theory and -pplications of Cryptographic Techni)ue '>UROCRB+T(#p p. !DC&!@D# 2MM2. L" -. 1iat and 5. Naor# J;roadcast >ncryption#K +roc. Int Cryptology Conf. -d%ances in Cryptology 'CRB+TO(# pp. 9LE&9M2# 2MM8 M" D. Naor# 5. Naor# and I.;. 7otspiech# JRe%ocation and Tracing schemes for *tateless Recei%ers#K +roc. -nn. Int0l Cryptology 'CRB+TO(# pp. 92&@!# !EE2. 2E" ;. /ang# ;. 7i# and ,. 7i# JAno4: +ri%acy&+reser%ing -uditing for *hared Data with 7arge =roups in the Cloud +roc. 2Eth Int. Conf. -pplied Cryptography and Networ$ 22" ;. /aters# JCipherte4t&+olicy -ttribute&;ased >ncryption: -n >4pressi%e# >fficient# and +ro%ably *ecure Reali.ation#K proc. Int0l Conf. +ratice and Theory in +ublic