Bidirectional and Malleable Proof-of-Ownership for Large File in Cloud Storage
Abstract : Cloud storage is a cost-effective platform to accommodate massive data at low cost. However, advances of cloud services propel data generation, which pushes storage servers to its limit. Deduplication is a popular technique enjoyed by most current cloud servers, which detects and deletes redundant data to save storage and bandwidth. For security concerns, proof-of-ownership (PoW) can be used to guarantee ownership of data such that no malicious user could pass deduplication easily or utilize such mechanism for malicious purposes. Generally, PoW is implemented in static data archive where the data file is supposed to be read-only. However, to satisfy users' needs for dynamical manipulation on data and support real-time data services, it is required to devise efficient PoW for dynamic archive. In this work, we propose the notion of bidirectional and malleable proof-of-ownership (BM-PoW) for the above challenge. Our proposed BM-PoW consists of bidirectional PoW (B-PoW), malleable PoW (M-PoW) and dispute arbitration protocol DAP. We provide the security analysis of our proposal, and performance evaluation that suggests our proposed B-PoW is secure and efficient for large file in static data archive. In addition, our proposed M-PoW achieves acceptable performance under dynamic setting where data is supposed to be outsourced first and updated later in dynamic data archive.
? The existing model stores data files in the public cloud and keys in the private cloud.
? User need to request the respective keys from the private cloud to access the files from the public cloud .
? As the request is processed by the private cloud and the keys are given to the user, after retrieving keys from the private cloud the user access the filespresent in the public cloud by using the private keys.
? To provide confidentiality and proof of ownership for the data, some encryption technique is used to convert the plain text to cipher text before uploading into the cloud server.
? The problem illustrated above stems from the fact that by learning just a small piece of information about the file, namely its hash value, an attacker is able to get the entire file from the server.
? We thus view a solution to this problem as an enabler for the creation of advanced open storage APIs.
? To solve the problem of using a small hash value as a proxy for the entire file, we want to design a solution where a client proves to the server that it indeed has the file.
? The problem with using the generic solution from the previous section is that good erasure codes for very large files are expensive to compute.
• The security of the file is not compromised by having the hash value and the encrypted text. So, to make it complete we are generating one time password(OTP).
• To generate this OTP, we use random number generator. The OTP is generated and stored in data base until the verification is done. As the user need to login into their account.
• To download the file by their request, the user is required to enter the hash value as input and the encrypted data text for accessing it. After the user enters the hash value and encrypted text, the user is required to submit the one-time password to the server.
• This method provides confidentiality and reliability to the user data.
? We implemented this streaming scheme and measured its expected effect on performance of the system.
? Our performance measurements indicate that the scheme incurs only a small overhead compared to naive client-side deduplication.
? The small constant is significant for performance, but it means that we have poor diffusion.
? This trick greatly improves performance, since the mapping can now be computed from the file using quantities that we have anyway.
? Note that we are using a different set of pseudorandom choices for different files, which heuristically could help security, but we are using it here as a performance optimization trick rather than a security enhancement mechanism.
|