A Secure Erasure Code-Based Cloud Storage System with data forwarding

   December 9, 2017    Comments Off on A Secure Erasure Code-Based Cloud Storage System with data forwarding    Posted in: .Net, IEEE 2017

A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding

ABSTRACT:

A cloud storage system, consisting of a collection of storage servers, provides long-term storage services over the Internet. Storing data in a third party’s cloud system causes serious concern over data confidentiality. General encryption schemes protect data confidentiality, but also limit the functionality of the storage system because a few operations are supported over encrypted data. Constructing a secure storage system that supports multiple functions is challenging when the storage system is distributed and has no central authority. We propose a threshold proxy re-encryption scheme and integrate it with a decentralized erasure code such that a secure distributed storage system is formulated. The distributed storage system not only supports secure and robust data storage and retrieval, but also lets a user forward his data in the storage servers to another user without retrieving the data back. The main technical contribution is that the proxy re-encryption scheme supports encoding operations over encrypted messages as well as forwarding operations over encoded and encrypted messages. Our method fully integrates encrypting, encoding, and forwarding. We analyze and suggest suitable parameters for the number of copies of a message dispatched to storage servers and the number of storage servers queried by a key server. These parameters allow more flexible adjustment between the number of storage servers and robustness.

 

ARCHITECTURE:

 

SCOPE OF THE PROJECT:

 

Designing a cloud storage system for robustness, confidentiality and functionality. The proxy re-encryption scheme supports encoding operations over encrypted messages as well as forwarding operations over encoded and encrypted messages. To provide data robustness is to replicate a message such that each Storage server stores a copy of the message. It is very robust because the message can be retrieved as long as one storage server survives.

 

The number of failure servers is under the tolerance threshold of the erasure code, the message can be recovered from the codeword symbols stored in the available storage servers by the decoding process. This provides a tradeoff between the storage size and the tolerance threshold of failure servers.

A decentralized erasure code is an erasure code that independently computes each codeword symbol for a message. A decentralized erasure code is suitable for use in a distributed storage system.

 

A storage server failure is modeled as an erasure error of the stored codeword symbol.

 

We construct a secure cloud storage system that supports the function of secure data forwarding by using a threshold proxy re-encryption scheme. The encryption scheme supports decentralized erasure codes over encrypted messages and forwarding operations over encrypted and encoded messages. Our system is highly distributed where storage servers independently encode and forward messages and key servers independently perform partial decryption.

 

EXISTING SYSTEM:

 

In Existing System we use a straightforward integration method. In straightforward integration method Storing data in a third party’s cloud system causes serious concern on data confidentiality. In order to provide strong confidentiality for messages in storage servers, a user can encrypt messages by a cryptographic method before applying an erasure code method to encode and store messages. When he wants to use a message, he needs to retrieve the

Codeword symbols from storage servers, decode them, and then decrypt them by using cryptographic keys.

 

General encryption schemes protect data confidentiality, but also limit the functionality of the storage system because a few operations are supported over encrypted data.

 

A decentralized architecture for storage systems offers good scalability, because a storage server can join or leave without control of a central authority.

 

DISADVATAGES OF EXISTING SYSTEM:

 

  • The user can perform more computation and communication traffic between the user and storage servers is high.
  • The user has to manage his cryptographic keys otherwise the security has to be broken.
  • The data storing and retrieving, it is hard for storage servers to directly support other functions.

 

 

PROPOSED SYSTEM:

 

In our proposed system we address the problem of forwarding data to another user by storage servers directly under the command of the data owner. We consider the system model that consists of distributed storage servers and key servers. Since storing cryptographic keys in a single device is risky, a user distributes his cryptographic key to key servers that shall perform cryptographic functions on behalf of the user. These key servers are highly protected by security mechanisms.

 

The distributed systems require independent servers to perform all operations. We propose a new threshold proxy re-encryption scheme and integrate it with a secure decentralized code to form a secure distributed storage system. The encryption scheme supports encoding operations over encrypted messages and forwarding operations over encrypted and encoded messages.

 

ADVANTAGES OF PROPOSED SYSTEM:

  • Tight integration of encoding, encryption, and forwarding makes the storage system efficiently meet the requirements of data robustness, data confidentiality, and data forwarding.
  • The storage servers independently perform encoding and re-encryption process and the key servers independently perform partial decryption process.
  • More flexible adjustment between the number of storage servers and robustness.

 

 

METHODOLOGY USED:

 

PROXY RE-ENCRYPTION SCHEME WITH MULTIPLICATIVE HOMOMORPHIC PROPERTY:

 

                    In the proxy Re-encryption key the messages are first encrypted by the owner and then stored in a storage server. When a user wants to share his messages, he sends a re-encryption key to the storage server. The storage server re-encrypts the encrypted messages for the authorized user. Thus, their system has data confidentiality and supports the data forwarding function.

An encryption scheme is multiplicative homomorphic if it supports a group operation   on encrypted plaintexts without decryption. The multiplicative homomorphic encryption scheme supports the encoding operation over encrypted messages. We then convert a proxy re-encryption scheme with multiplicative homomorphic property into a threshold version. A secret key is shared to key servers with a threshold value t. To decrypt for a set of k message symbols, each key server independently queries 2 storage servers and partially decrypts two encrypted codeword symbols. As long as t key servers are available, k codeword symbols are obtained from the partially decrypted cipher texts.

In order to preserve privacy, the clients will encrypt their data when they out- source it to the cloud. However, the encrypted form of data greatly impedes the utilization due to its randomness. Many efforts have been done for the purpose of data usage but without undermining the data privacy.  Homomorphism: Given two cipher texts c1 and c2 on plaintexts m1 and m2 respectively, one can obtain the cipher text on the plaintext m1 +m2 and/or m1 ·m2 by evaluating c1 and c2 without decrypting cipher texts. Proxy re-encryption: Given a proxy re-encryption key, the proxy can transform a cipher text of one user to a cipher text of the target user. Threshold decryption: By dividing the private key into several pieces of secret shares, all clients can work together to decrypt the cipher text – the output of the function.

 

  

Comments are closed.