A New Distributed Accountability and Auditability for Data Storage in Cloud Computing

Download Full-Text PDF Cite this Publication

Text Only Version

A New Distributed Accountability and Auditability for Data Storage in Cloud Computing

P. Vanisha Bai

MCA Year Department of C.S.E SVU CM&CS, Tirupati

Dr. E. Kesavulu Reddy Asst. Professor Department of C.S.E SVU CM & CS, Tirupati

Abstract: Considering the openness and cross-domains of cloud computing, the normal privacy preserving technology cannot be applied in cloud computing expeditiously. In this, inspired by the accountability idea, we planned an accountable privacy- preserving mechanism supported Identity-Based Encryption (IBE) for cloud computing, which focuses on constraining the illegal network behavior by performing answerability to guard the privacy for cloud participants. Firstly, based on the description logic, we have a tendency to defined the basic privacy concepts about the privacy guarantee (PG), privacy request(PR), privacy attribute(PA), privacy exposure condition(PEC) for cloud system, at an equivalent time, the system architecture for the proposed responsible privacy- preserving mechanism is presented; secondly, combining the planned accounting and auditing approaches, the integrated accountable privacy-preserving mechanism for cloud computing is proposed; and so, based on the possible two types adversary attacks against the projected mechanism, the elaborate security analysis and proof for the projected mechanism are given; finally, we provide intensive experimental results and potential irresponsibleness implementation to demonstrate the efficiency of the projected mechanism.

Keywords: Privacy Preserving, Security, Accountability, Trusted Cloud Computing, IBE.


    Cloud computing is the on-demand availability of PC system resources, especially data accumulating and figuring power, without direct unique organization by the customer. The term is regularly used to depict server ranches available to various customers over the Internet. Colossal fogs, extraordinary today, as often as possible have limits appropriated over various territories from central servers. In case the relationship with the customer is tolerably close, it may be appointed an edge server. Cloud may be compelled to a single affiliation adventure fogs, or be available to various affiliations open cloud.

    Cloud computing relies upon sharing of advantages for achieve comprehensibility and economies of scale. Supporters of open and creamer fogs note that disseminated registering empowers associations to avoid or restrain ahead of time IT system costs. Safeguards in like manner ensure that circulated figuring empowers attempts to get their applications completely operational speedier, with improved sensibility and less upkeep, and that it engages IT gatherings

    to even more rapidly adjust advantages for fulfill fluctuating and capricious need. Cloud providers ordinarily use a compensation all the more just as expenses emerge model, which can provoke astonishing working expenses if administrators are not familiar with cloud-assessing models. The availability of high-limit frameworks, negligible exertion PCs and limit contraptions similarly as the expansive gathering of hardware virtualization, organization arranged plan and autonomic and utility handling has provoked improvement in disseminated processing. In order to attract the cloud customers anyway numerous as would be reasonable, it needs to give the customers guaranteed nature of organizations which should be dynamic, reliable, secure and movable. It is extraordinary that, inside the cloud condition, the customers reliably can achieve adequate virtual resources, and no convincing motivation to have a complete perception of the system establishment and resource scattering. In such situation, cloud customers are all around required to recognize the essential explanation of assurance and security ensure idly when they search for the organizations from disseminated registering. Starting at now, various Internet customers still postponement to accept circulated processing since they figure it can't ensure the security of their data. To finish everything off, the continuous veritable assurance issue uncovered by Network World site make the cloud security gives logically certifiable. Till now, some related research on assurance putting something aside for circulated figuring have been performed, yet by far most of the flow works red generally based on the standard security sparing development. Equivalent with the customary web organizations, circulated processing are powerless against various sorts of framework ambushes as well, for instance, passed on refusal of organization attacks, worm ambush, mastermind sniffing and sinkhole attacks, especially, there exist some excellent security issue that solitary dispersed figuring must face to, and these are .Data reliability issue disseminated registering will delete data reliably to guarantee the determined accumulating organization, and the data eradication may be disastrous from a customer perspective, on the contrary side, extra copies of data are unavailable or appropriated capacity medias breakdown will in like manner brief this issue. Data affirmation issue circulated registering speaks to a couple of data security risks on cloud customers and providers. Every

    so often, it may be hard for the cloud customers to satisfactorily check whether their data are set up in a legal way. Lock in issue: at this moment, there is scarcely any capable frameworks or programming which are open for could enrolling to guarantee data, application and organization, and subsequently it is hard for the cloud customers to move their data among cloud pro associations; and Governance issue In appropriated registering systems, the customers are wild to the Cloud Service Providers (CSP) and in like manner some security risk will appear.


    1. Privacy-Preserving Public Auditing Protocol for Low-Performance End Devices in Cloud:

      Cloud storage gives enormous stockpiling assets to both individual and endeavor clients. In a distributed storage framework, the information claimed by a client are never again had locally. Consequently, it isn't skilled to guarantee the uprightness of the redistributed information utilizing customary information respectability checking techniques. A security protecting open evaluating convention enables an outsider reviewer to check the trustworthiness of the redistributed information in the interest of the clients without abusing the security of the information. In any case, existing security protecting open evaluating conventions expect that the end gadgets of clients are incredible enough to figure every single exorbitant activity progressively when the information to be re-appropriated are given. Indeed, the end gadgets may likewise be those with low calculation abilities.

    2. The Strategic Management of Information Systems: Building a Digital Strategy:

      The Strategic Management of Information Systems: Building a Digital Strategy (fourth Edition) is a completely refreshed modification of a book viewed by numerous individuals as one the main and legitimate titles for specialists, scholastics and understudies in the area of data frameworks and innovation (IS/IT) procedure. It unites the ramifications of the critical advances in IT and the most valuable momentum thinking, research and encounters concerning the business sway and key open doors made by IS/IT. Management IS/IT effectively is getting progressively troublesome in the present unique business and innovation situations, where vulnerability, unpredictability and fast business change are joined with the consistently broadening cpacities of advanced advances and the different decisions in its stock administrations and foundation.

    3. A secure cloud computing based framework for big data information management of smart grid

    Smart grid is a technological innovation that improves efficiency, reliability, economics, and sustainability of electricity services. It assumes an essential job in present day vitality foundation. The principle difficulties of keen lattices, be that as it may, are the way to oversee various kinds of front-end savvy gadgets, for example, control resources and brilliant meters effectively; and how to process a gigantic measure of information got from these gadgets. Distributed computing, an innovation that gives computational assets on requests, is a decent contender to

    address these difficulties since it has a few decent properties, for example, vitality sparing, cost sparing, deftness, adaptability, and adaptability.


    Most of the existing works specially awareness at the conventional privacy-retaining generation and schemes, meanwhile, some protocols, mechanisms, approach and schemes are designed for privacy-retaining beneath one-of- a-kind application scenarios. Use the probabilistic public key encryption algorithm to encrypt the cloud statistics earlier than uploading, after which search the encrypted facts primarily based on a few ranked keyword to retrieve the documents from the cloud. In to defense in opposition to the node compromise assaults in cloud computing, a unique threshold credit-based totally incentive mechanism (TCBI) is proposed based on the changed version of populace dynamics, the problem of the mechanism lies in how to determine and set the credit score price, in order to have an effect on the accuracy of the mechanism.

    1. Proposed System

      In the proposed mechanism, each cloud participant registers in cloud gadget the usage of their identity statistics, and generates personal key using his/her identification facts, then they can be authenticated every other based on the Auth-Encrypt and Auth-Decrypt procedures, which we redesigned from the corresponding process of IBE. Combining with the unique privacy definition for cloud members and system modeling, we proposed the accounting and auditing methods to deal with the community log documents and choose whether one positive cloud participant has violated the privateers regulation. Finally, the cloud device will carry out responsibility on the associated cloud members according to the auditing privateers exposure consequences. The proposed privacy preserving mechanism specifically specializes in regulating the network conduct of the contributors in cloud computing to realize privacy-keeping.

    2. Algorithms: IBE scheme:

      Identity Based encryption, or character based absolutely encryption (IBE), is a basic crude of ID-principally based cryptography. In that capacity it's far a sort of open key encryption wherein general people key of a customer is some exact records around the ID of the purchaser (for example a shopper's email manage). Along these lines that a sender who has get right of passage to the open parameters of the gadget can scramble a message utilizing for example the printed substance cost of the beneficiary's name or email manage as a key. The beneficiary gets its decoding key from a focal power, which wishes to be relied upon in light of the fact that it produces puzzle keys for each client

      Character principally based structures enable any gathering to produce an open key from a perceived personality cost alongside an ASCII string. A relied upon 1/3 birthday festivity, known as the Private Key Generator (PKG), produces the relating private keys. To work, the PKG first distributes a grip open key, and keeps the relating handle non-open key (known as handle key). Given the ace open key, any birthday festivity can process an open key like

      the recognizable proof with the guide of consolidating the ace open key with the personality cost. To accomplish a relating private key, the gathering approved to utilize the personality ID contacts the PKG, which utilizes the ace individual key to produce the individual key for personality ID.As a final product, occasions may encode messages (or insist marks) without a past conveyance of keys among character benefactors. This is very valuable in examples where pre-dispersion of confirmed keys is badly arranged or infeasible as a result of specialized restrictions. Be that as it may, to unscramble or flag messages, the approved individual need to harvest the right close to home key from the PKG. An admonition of this methodology is that the PKG ought to be very depended on, as it's far equipped for producing any individual's non-open key and can along these lines decode (or sign) messages without approval. Since any individual's private key can be created through the utilization of the outsider's mystery, this gadget has characteristic key escrow. An amount of variation structures were proposed which get rid of the escrow including endorsements based absolutely encryption, loosened up key giving cryptography and declaration less cryptography.

      The most proficient personality based absolutely encryption plans are right now dependent on bilinear pairings on elliptic bends, comprehensive of the Weil or Tate pairings. The first of those plans was advanced through Dan Boneh and Matthew K. Franklin (2001), and performs probabilistic encryption of subjective figure messages the utilization of an Elgamal-like methodology. In spite of the fact that the Boneh-Franklin conspire is provably agreeable, the security proof lays on particularly new suspicions around the hardness of issues in certain elliptic bend businesses. Another strategy to distinguishing proof principally based encryption transformed into proposed by method for Clifford Cocks in 2001. The Cocks IBE plot is principally founded on well-contemplated suspicions (the quadratic residuosity presumption) yet encodes messages each piece in turn with an over the top level of figure content extension. In this way it's far discernibly wasteful and unfeasible for sending everything except the briefest messages, alongside a session key for use with a symmetric figure.

    3. Potential Accountability Implementation on Cloud Participants

    In the proposed mindful system, aside from some unique security thoughts that referred to above, we've characterized some straightforward data assurance and protection oversee approaches of the Service-Level Agreement for its execution. In our proposed contraption, there exists a module to control the Service Level Agreement for all cloud administrations, which details arrangements of the obligations and rights for all cloud members. In the execution, we can characterize the security and protection of the Service-Level Agreement for the proposed obligation framework In the proposed duty gadget, we can punish the cloud administration merchants if their Service-Level Agreements disregard the guaranteed contributions, we respect that Service-Level Agreement satisfied while it has met every one of the necessities of the privateers supplier, else it injured.

    So as to assess the proficiency and adequacy of the proposed responsible protection holding system, in the portion, we will do a radical and exact exploratory appraisal for the proposed plan. We collect the tried through utilizing 64- piece M2 High memory twofold more prominent gigantic Linux servers on Amazon EC2 stage. At the indistinguishable time, we set 42 PCs with Federal 10.0, Intel focus i5-2400 CPU processor and 4G DDR memories to amass computerized individual servers (VPS)


In this paper, centering at the basic trouble of cloud security protecting, we proposed a responsible private ness- saving component dependent on IBE conspire. Right off the bat, we form and blueprint the special protection characteristic for cloud individuals dependent on depction rationale, after which carried two calculations to acknowledge duty joined with the changed IBE plot inside the IBE-AC adaptation. At last, we assessed the proposed private ness-keeping system by means of generous reproduction and test check, on a similar time, we talk about the capacity execution of the proposed mindful private ness- keeping component.


  1. H. Abu-Libdeh, L. Princehouse, and H. Weatherspoon, RACS: A Case for Cloud Storage Diversity, Proc. ACM First ACM Symp.Cloud Computing (SoCC), 2010.

  2. Y. Tang, P.P.C. Lee, J.C.S. Lui, and R. Perlman, FADE: Secure Overlay Cloud Storage with File Assured Deletion, IEEE Trans. On DEPEN DABLE AND SECURE COMPUTING, VOL. 9, NO. 6, NOVEMBER /DECEMB ER 2012.

  3. Smitha S, Anna C. S. Ensuring Distributed Accountability for Data Sharing in t he Cloud , IEEE TRANSA CTIONS ON DEPEN DABLE AND SECURE COMPUTING, VOL. 9, NO. 4,

    JU LY/AUGUST 2012

  4. Flickr, http://www.flickr.com/, 2012.

  5. Emulab Network Emulation Testbed, www.emulab.net, 2012

  6. Eucalyptus Systems, http://www.eucalyptus.com/, 2012.

  7. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu, Plutus: Scalable Secure File Sharing on Untrusted Storage, Proc.Second USENIX Conf. File and Storage Technologies, 2003.

  8. M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A.Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M.Zaharia, A View of Cloud Computing. Comm. ACM, vol. 53,no. 4, pp. 50-58, Apr. 2010.

  9. G. Ateniese, R.D. Pietro, L.V. Mancini, and G. Tsudik, Scalable and Efficient Provable Data Possession, Proc. Fourth Intl Conf. Security and Privacy in Comm. (SecureComm), 2008.

  10. C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-Preserving Public Auditing for Storage Security in Cloud Computing, Proc.IEEE INFOCOM, Mar. 2010.

  11. J . Bethencourt , A . Sah a i, a nd B. Waters, Ciphertext- Policy At tributeSecurity and Privacy, May 2006.

  12. W. Wang, Z. Li, R. Owens, and B. Bhargava, Secure and Efficient Access to Outsourced Data, Proc. ACM Workshop Cloud Comput-ing Security (CCSW), Nov. 2009

  13. A. Yun, C. Shi, and Y. Kim , On Protecting Integrity and Confidentiality of Cryptographic File System for Outsourced Storage, Proc. ACM Workshop Cloud Computing Security. (ASIACCS), Apr. 2010.

  14. P. Gutmann, Secure Deletion of Data from Magnetic and Solid- State Memory, Proc. Sixth USENIX Security Symp. Focusing on Applications of Cryptography, 1996.

  15. JungleDisk, http://www.jungledisk.com/, 2010.

  16. V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data,Proc. 13th ACM Conf. Computer and Comm. Security (CCS), 2006.

  17. M. Pirretti, P. Traynor, P. McDaniel, and B. Waters, Secure Attribute-Based Systems, Proc. 13th ACM Conf. Computer and Comm. Security (CCS), 2006.

  18. S. Nair, M.T. Dashti, B. Crispo, and A.S. Tanenbaum, A Hybrid PKI-IBC Based Ephemerizer System, Intl Federation for Informa-tion Processing, vol. 232, pp. 241-252, 2007.

  19. A. Boldyreva, V. Goyal, and V. Kumar, Identity-Based Encryp- tion with Efficient Revocation, Proc. 15th ACM Conf. Computer and Comm. Security (CCS), 2008.

  20. R. Geambasu, J.P. John, S.D. Gribble, T. Kohno, and H.M. Levy,

Leave a Reply

Your email address will not be published. Required fields are marked *