Achieving Mutual Trust and Empowering Dynamic Data in Cloud Storage

International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 1 Achieving Mutual Trust and Empowering Dynamic Data in Cloud Storage S.Sandhiya, D.Saranya, S.Archana, M.Jayasudha University College of Engineering Villupuram, India, Department of Information Technology Abstract- The management of vast amount of data is quite expensive due to the requirements of high storage capacity and qualified personnel. Storage-as-a-Service (SaaS) offered by cloud service providers (CSPs) is a paid facility that enables organizations to outsource their data to be stored on remote servers. Thus, SaaS reduces the maintenance cost and mitigates the burden of large local data storage at the organization's end. A data owner pays for a desired level of security and must get some compensation in case of any misbehavior committed by the CSP. On the other hand, the CSP needs a security from any false accusations that may be claimed by the owner to get dishonest compensations. In this paper, a cloud-based storage scheme is proposed that allows the data owner to benefit from the facilities offered by the CSP and enables indirect mutual trust between them. The proposed scheme has four important features: (i) it allows the owner to outsource sensitive data to a CSP, and perform full block-level dynamic operations on the outsourced data, i.e., block modification, insertion, deletion, and append, (ii) it ensures that authorized users (i.e., those who have the right to access the owner’s file) receive the latest version of the outsourced data, (iii) it enables indirect mutual trust between the owner and the CSP, and (iv) it allows the owner to grant or revoke access to the outsourced data. We discuss the security issues of the proposed scheme. Index Terms- Storage-as-a-Service mutual trust, access control, Cloud storage, Data outsourcing I. INTRODUCTION C loud computing is based on the fundamental principle of reusability of IT capabilities. It is a large-scale distributed computing paradigm in which a pool of computing resources is available to users (cloud consumers) via the Internet Computing resources, e.g., processing power, storage, software, and network bandwidth, are represented to cloud consumers as the accessible public utility services. Distributed processing, parallel processing and grid computing together emerged as cloud computing. Cloud computing is a distributed computational model over a large pool of shared-virtualized computing resources (e.g., storage, processing power, memory, applications, services, and network bandwidth). Cloud service providers (CSPs) offer different classes of services (Storage-as-a-Service (SaaS), Application-asa-Service, and Platform-as-a-Service) that allow organizations to concentrate on their core business and leave the IT operations to experts. The users can access the stored data at any time by using Application Programming Interface (API) provided by cloud providers through any terminal equipment connected to the internet. Though cloud computing is targeted to provide better utilization of resources using virtualization techniques and to take up much of the work load from the client, it is fraught with security risks. Cloud computing is the long dreamed vision of different organizations produce a large amount of sensitive data including personal information, electronic health records, and financial data. While there is an observable drop in the cost of storagehardware, the management of storage has become more complex and represents approximately 75% of the total ownership cost SaaS offered by CSPs is an emerging solution to mitigate the burden of large local data storage and reduce the maintenance cost via the concept of outsourcing data storage. Since the owner physically releases sensitive data to a remote CSP, there are some concerns regarding confidentiality, integrity, and access control of the data. For example, in e-Health applications inside the USA the usage and disclosure of protected health information should meet the policies admitted by Health Insurance Portability and Accountability Act (HIPAA) , and thus keeping the data private on the remote storage servers is not just an option, but a demand. The confidentiality feature can be assured by the owner via encrypting the data before outsourcing to remote servers. The proposed model provides trusted computing environment by addressing important issues related to outsourcing the storage of data, namely confidentiality, integrity, access control and mutual trust between the data owner and the CSP. This means that the remotely stored data should be accessed only by authorized users (i.e., those who have the right to access the owner's file) and should remain confidential. The CSP needs to be safeguarded from any false accusation that may be claimed by a data owner to get illegal compensations. The access control techniques assume the existence of the data owner and the storageservers in the same trust domain. This assumption, however, no longer holds when the data is outsourced to a remote CSP, which takes the full charge of the outsourced data management, and resides outside the trust domain of the data owner. A feasible solution can be presented to enable the owner to enforce access control of the data stored on a remote untrusted CSP. Through this solution, the data is encrypted under a certain key, which is shared only with the authorized users. The unauthorized users, including the CSP, are not capable to access the data since they do not have the decryption key. This general solution has been widely incorporated into existing schemes], which aim at providing data storage security on untrusted remote servers. Another class of solutions utilizes attribute-based encryption (ABE) to achieve fine-grained access control. ABE is a public key cryptosystem for one-to-many communications that enables fine-grained sharing of encrypted data. The ABE associates the ciphertext with a set of attributes, and the private key with an access www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 structure (policy). The ciphertext is decrypted if and only if the associated attributes satisfy the access structure of the private key. Different approaches have been investigated that encourage the owner to outsource the data, and offer some sort of guarantee related to the confidentiality, integrity, and access control of the outsourced data. These approaches can prevent and detect (with high probability) malicious actions from the CSP side. On the other hand, the CSP needs to be safeguarded from a dishonest owner, who attempts to get illegal compensations by falsely claiming data corruption over cloud servers. This concern, if not properly handled, can cause the CSP to go out of business. In this work, we propose a scheme that addresses some important issues related to outsourcing the storage of data, namely data dynamic, newness, mutual trust, and access control. One of the core design principles of data outsourcing is to provide dynamic scalability of data for various applications. This means that the remotely stored data can be not only accessed by authorized users, but also updated and scaled by the owner. After updating, the authorized users should receive the latest version of the data (newness property), i.e., a technique is required to detect whether the received data is stale. This issue is crucial for applications in which critical decisions are taken based on the received data. For example, in e-Health applications a physician may write a prescription based on a patient’s medical history received from remote servers. If such medical data is not up-todate, the given prescription may conflict with the patient’s current circumstances causing severe health problems. Mutual trust between the data owner and the CSP is another imperative issue, which is addressed in the proposed scheme. A mechanism is introduced to determine the dishonest party, i.e., misbehavior from any side is detected and the responsible party is identified. Last but not least, the access control is considered, which allowsthe data owner to grant or revoke access rights to the outsourced data. II. MAIN CONTRIBUTIONS Our contributions can be summarized in two main points. 1) The design and implementation of a cloud-based storage scheme that has the following features:  It allows a data owner to outsource the data to a remote CSP, and perform full dynamic operations at the block-level, i.e., it supports operations such as block modification, insertion, deletion, and append  It ensures the newness property, i.e., the authorized users receive the most recent version of the data  It establishes indirect mutual trust between the data owner and the CSP since each party resides in a different trust domain  It enforces the access control for the outsourced data 2) We discuss the security features of the proposed scheme. Besides, we justify its performance through theoretical analysis and experimental evaluation of storage, communication, and computation overheads. 2. LITERATURE REVIEW Existing research close to our work can be found in the areas of reliability verification of outsourced data, access control of 2 outsourced data, and cryptographic file systems in distributed networks. In 1999, sales- force.com was established by Parker Harris, Marc Benioff. They applied many technologies of consumer web sites like Google and Yahoo! to business applications. They also provided the concept’s like ‘‘On demand’’ and ‘‘SaaS’’ with their real business and successful customers. Cloud data storage (Storage as a Service) is an important service of cloud computing referred as Infrastructure as a Service (IaaS). Amazon’s Elastic Compute Cloud (EC2) and Amazon Simple Storage Service(S3) are well known examples of cloud data storage. Cloud users are mostly worried about the security and reliability of their data in the cloud. Amazon’s S3 is such a good example. Kallahalla et al designed a cryptography-based file system called Plutus for secure sharing of data on untrusted servers. Some authorized users of the data have the privilege to read and write, while others can only read the data. In Plutus, a file-group represents a set of files with similar attributes, and each filegroup is associated with a symmetric key called file-lockbox key. A data file is fragmented into blocks, where each block is encrypted with a unique symmetric key called a file-block key. The file-block key is further encrypted with the file-lockbox key of the file-group to which the data file belongs. If the data owner wants to share a file-group with a set of users, the file-lockbox key is just distributed to them. Plutus supports two operations on the file blocks: read and write/modify. Delete operation can be supported by overwriting an existing block with null. Goh et al. have presented SiRiUS, which is designed to be layered over existing file systems such as NFS (network file system) to provide end-to-end security. To enforce access control in SiRiUS, each data file (d-file) is attached with a metadata file (md-file) that contains an encrypted key block for each authorized user with some access rights (read or write). More specifically, the md-file represents the d-file’s access control list (ACL). The d-file is encrypted using a file encryption key (FEK), and each entry in the ACL contains an encrypted version of the FEK under the public key of one authorized user. For large-scale sharing, the authors in presented SiRiUS-NNL that uses NNL (Naor-Naor-Lotspiech) broadcast encryption algorithm to encrypt the FEK of each file instead of encrypting using each authorized user’s public key. SiRiUS supports two operations on the file blocks: read and write/modify. Based on proxy re-encryption Ateniese et al. have introduced a secure distributed storageprotocol. In their protocol, a data owner encrypts the blocks with symmetric data keys, which are encrypted using a master public key. The data owner keeps a master private key to decrypt the symmetric data keys. Using the master private key and the authorized user’s public key, the owner generates proxy re-encryption keys. A semitrusted server then uses the proxy re-encryption keys to translate a ciphertext into a form that can be decrypted by a specific granted user, and thus enforces access control for the data. Vimercati et al. have constructed a scheme for securing data on semi-trusted storage servers based on key derivation methods of In their scheme, a secret key is assigned to each authorized user, and data blocks are grouped based on users that can access these blocks. One key is used to encrypt all blocks in the same group. Moreover, the data owner generates public tokens to be used along with the user’s secret key to derive decryption keys of www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 specific blocks. The blocks and the tokens are sent to remote servers, which are not able to drive the decryption key of any block using just the public tokens. The approach in allows the servers to conduct a second level of encryption (over-encryption) to enforce access control of the data. Repeated access grant and revocation may lead to a complicated hierarchy structure for key management. Wang et al. designed an over-encryption to enforce access control has also been used by In their scheme, the owner encrypts the data block-by-block, and constructs a binary tree of the block keys. The binary tree enables the owner to reduce the number of keys given to each user, where different keys in the tree can be generated from one common parent node. The remote storage server performs over-encryption to prevent revoked users from getting access to updated data blocks. Popa et al. have introduced a cryptographic cloud storage system called CloudProof that provides read and write data sharing. CloudProof has been designed to offer security guarantees in the service level agreements of cloud storage systems. It divides the security properties in four categories: confidentiality, integrity, read freshness, and write-serializability. CloudProof can provide these security properties using attestations (signed messages) and chain hash. Besides, it can detect and prove to a third party that any of these properties have been violated. Read freshness and write-serializability in CloudProof are guaranteed by periodic auditing in a centralized manner. The time is divided into epochs, which are time periods at the end of each the data owner performs the auditing process. The authorized users send the attestations – they receive from the CSP during the epoch – to the owner for auditing. Like Plutus and SiRiUS, CloudProof supports two operations on the file blocks: read and write/modify. Discussion. Some aspects related to outsourcing data storage are beyond the setting of both PDP and POR, e.g., enforcing access control, and ensuring the newness of data delivered to authorized users. Even in the case of dynamic PDP, a verifier can validate the correctness of data, but the server is still able to cheat and return stale data to authorized users after the auditing process is done. The schemes have focused on access control and secure sharing of data on untrusted servers. The issues of full block-level dynamic operations (modify, insert, delete, and append), andachieving mutual trust between the data owners and the remote servers are outside their scope. Although have presented an efficient access control technique and handled full data dynamic over remote servers, data integrity, newness property, and mutual trust are not addressed. Authorized users in CloudProofare not performing immediate checking for freshness of received data; the attestations are sent at the end of each epoch to the owner for completing the auditing task. Instantaneous validation of data freshness is crucial before taking any decisions based on the received data from the cloud. CloudProof guarantees write-serializability, which is outside the scope of our current work as we are focusing on owner-write-users-read applications. 3 III. CURRENT DATA STORAGE CHALLENGES IN CLOUD A cloud storage service provider should base its pricing on how much storage capacity a business has used, how much bandwidth was used to access its data, and the value-added services performed in the cloud such as security. Unfortunately, all the CSPS are not functioning in equal manners‟. Data storage paradigm in “Cloud” brings about many challenging design issues because of which the overall performance of the system get affected. Most of the biggest concerns with cloud data storage are: 3.1 Data integrity verification at un-trusted servers For example, the storage service provider, which experiences Byzantine failures occasionally, may decide to hide the data errors from the clients for the benefit of their own. What is more serious is that for saving money and storage space the service provider might neglect to keep or deliberately delete rarely accessed data files which belong to an ordinary client. Consider the large size of the outsourced electronic data and the client’s constrained resource capability, the core of the problem can be generalized as how can the client find an efficient way to perform periodical integrity verifications without the local copy of data files. 3.2 Data accessed by unauthorized users The confidentiality feature can be guaranteed by the owner via encrypting the data before outsourcing to remote servers. For verifying data integrity over cloud servers, researchers have proposed provable data possession technique to validate the intactness of data stored on remote sites. 3.3 Location Independent Services The very characteristics of the cloud computing services are the ability to provide services to their clients irrespective of the location of the provider. Services cannot be restricted to a particular location but may be requested from any dynamic location as per the choices of the customer. 3.4 Infrastructure and security The infrastructure that is used for these services should be secured appropriately to avoid any potential security threats and should cover the life time of component. 3.5 Data recovery /Backup For data recovery in cloud the user must concern the security as well as the bandwidth issue in consideration. IV. SYSTEM AND ASSUMPTIONS 4.1 System Components and Relations The cloud computing storage model considered in this work consists of four main components as illustrated in Fig. 1: (i) a data owner that can be an organization generating sensitive data to be stored in the cloud and made available for controlled external use; (ii) a CSP who manages cloud servers and provides paid storage space on its infrastructure to store the owner’s files and make them available for authorized users; (iii) authorized users – a set of owner’s clients who have the right to access the remote data; and (iv) a trusted third party (TTP), an entity who is trusted by all other system components, and has capabilities to detect/specify dishonest parties. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 4 leakage of data towards the TTP must be prevented to keep the outsourced data private. The TTP and the CSP are always online, while the owner is intermittently online. The authorized users are able to access the data file from the CSP even when the owner is offline. Fig. 1, Cloud data storage system model In Fig. 1, the relations between different system components are represented by double-sided arrows, where solid and dashed arrows represent trust and distrust relations, respectively. For example, the data owner, the authorized users, and the CSP trust the TTP. On the other hand, the data owner and the authorized users have mutual distrust relations with the CSP. Thus, the TTP is used to enable indirect mutual trust between these three components. There is a direct trust relation between the data owner and the authorized users. Statement 1: The idea of using a third party auditor has been used before in outsourcing data storage systems, especially for customers with constrained computing resources and capabilities .The main focus of a third party auditor is to verify the data stored on remote servers, and give incentives to providers for improving their services. The proposed scheme in this work uses the TTP in a slightly different fashion. The auditing process of the data received from the CSP is done by the authorized users, and we resort to the TTP only to resolve disputes that may arise regarding data integrity or newness. Reducing the storage overhead on the CSP side is economically a key feature to lower the fees paid by the customers. Moreover, decreasing the overall computation cost in the system is another crucial aspect. To achieve these goals, a small part of the owner’s work is delegated to the TTP. 4.2 Block-Level operations The data owner has a file F consisting of m blocks to be outsourced to a CSP, where storage fees are pre-specified according to the used storage space. For confidentiality, the owner encrypts the data before sending to cloud servers. After data outsourcing, the owner can interact with the CSP to perform block-level operations on the file. These operations includes modify, insert, append, and delete specific blocks. In addition, the owner enforces access control by granting or revoking access rights to the outsourced data. An authorized user sends a dataaccess request to the CSP, and receives the data file in an encrypted form that can be decrypted using a secret key generated by the authorized user. The TTP is an independent entity, and thus has no incentive to collude with any party in the system. However, any possible 4.3 Risk model The CSP is untrusted, and thus the confidentiality and integrity of data in the cloud may be at risk. For economic reasons and maintaining a reputation, the CSP may hide data loss (due to hardware failure, management errors, various attacks), or reclaim storage by discarding data that has not been or is rarely accessed. To save the computational resources, the CSP may totally ignore the data update requests issued by the owner, or execute just a few of them. Hence, the CSP may return damaged or stale data for any access request from the authorized users. Furthermore, the CSP may not honor the access rights created by the owner, and permit unauthorized access for misuse of confidential data. On the other hand, a data owner and authorized users may collude and falsely allege the CSP to get a certain amount of reimbursement. They may dishonestly claim that data integrity over cloud servers has been violated, or the CSP has returned a stale file that does not match the most recent modifications issued by the owner. 4.4 Requirements for Secure Storage 4.4.1 Confidentiality: Outsourced data must be protected from the TTP, the CSP, and users that are not granted access. 4.4.2 Integrity: Outsourced data is required to remain intact on cloud servers. The data owner and authorized users must be enabled to recognize data corruption over the CSP side. 4.4.3 Newness: Receiving the most recent version of the outsourced data file is an imperative requirement of cloud-based storage systems. There must be a detection mechanism if the CSP ignores any data-update requests issued by the owner. 4.4.4 Access control: Only authorized users are allowed to access the outsourced data. Revoked users can read unmodified data, however, they must not be able to read updated/new blocks. 4.4.5 CSP’s defense: The CSP must be safeguarded against false accusations that may be claimed by dishonest owner/users, and such a malicious behavior is required to be revealed. Combining the confidentiality, integrity, newness, access control, and CSP’s defense properties in the proposed scheme enables the mutual trust between the data owner and the CSP. Thus, the owner can benefit from the wide range of facilities offered by the CSP, and at the same time, the CSP can mitigate the concern of cheating customers. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 4.5 System Preliminaries 4.5.1 Lazy Revocation The data owner can revoke the rights of some authorized users for accessing the outsourced data, the user can access the unmodified data block he cannot access the updated or new block. 4.5.2 Key Rotation Key rotation is the technique user can generate a sequence of key by using initial key and a master secret key it has to property (i) the owner of the master secret key can generate next key in sequence (ii) Authorized users knowing the sequence of key can generate the previous keys. 4.5.3 Broadcast Encryption (bENC) bENC is to enforce the access control over the outsourced data. This allows the broadcaster to encrypt the data for a set of arbitrary user, the set of user only can decrypt the message. V. PROPOSED STORAGE SCHEMA 5.1 Existing scheme Once the data has been outsourced to a remote CSP, which may not be trustworthy, the owner loses the direct control over the sensitive data. This lack of control raises the data owner’s concerns about the integrity of data stored in the cloud. Conversely, a dishonest owner may falsely claim that the data stored in the cloud is corrupted to get some compensation. This mutual distrust between the data owner and the CSP, if not properly handled, may hinder the successful deployment of cloud architecture. A straightforward solution to detect cheating from any side(data owner or CSP) is through using authentication tags (digital signatures). For a file F = {bj}1≤j≤m, the owner attaches a tag OWNσj with each block before outsourcing. The tags are generated per block not per file to enable dynamic operations at the block level without retrieving the whole outsourced file. The owner sends {bj,OWNσj}1≤j≤m to the CSP, where the tags {OWNσj}1≤j≤m are first verified. In case of failed verification, the CSP rejects to store the data blocks and asks the owner to resend the correct tags. If the tags are valid, both the blocks and the tags are stored on the cloud servers. The tags {OWNσj}1≤j≤m achieve non-repudiation from the owner side. When an authorized user (or the owner) requests to retrieve the data file, the CSP sends {bj,OWNσj,CSPσj}1≤j≤m, where CSPσj is the CSP’s signature/tag on bj||OWNσj. The authorized user first verifies the tags {CSPσj}1≤j≤m. In case of failed verification, the user asks the CSP to re-perform the transmission process. If {CSPσj}1≤j≤m are valid tags, the user then verifies the owner’s tag OWNσj on the block bj∀j. If any tag OWNσj is not verified, this indicates the corruption of data over the cloud servers. The CSP cannot repudiate such corruption for the owner’s tags {OWNσj}1≤j≤m are previously verified and stored by the CSP along with the data blocks. Since the CSP’s signatures {CSPσj}1≤j≤m are attached with the received data, a dishonest owner cannot falsely accuse the CSP regarding data integrity. Although the previous straightforward solution can detect cheating from either side, it cannot guarantee the newness property of the outsourced data; the CSP can replace the new blocks and tags with old versions 5 without being detected (replay attack). The above solution increases the storage overhead – especially for large files in order of gigabytes – on the cloud servers as each outsourced block is attached with a tag. Moreover, there is an increased computation overhead on different system components; the data owner generates a signature for each block, the CSP performs a signature verification for each outsourced block, and the authorized user (or the owner) verifies two signatures for each received block from the cloud servers. Thus, for a file F containing m blocks, the straightforward solution requires 2m signature generations and 3msignature verifications, which may be computationally a challenging task for large data files. For example, if the outsourced file is of size 1GB with 4KB block size, the straightforward solution requires 219 signature generations and 3× 218 signature verifications. If the CSP receives the data blocks from a trusted entity (other than the owner), the block tags and the signature operations are not needed since the trusted entity has no incentive for repudiation or collusion. Therefore, delegating a small part of the owner’s work to the TTP reduces both the storage and computation overheads. However, the outsourced data must be kept private and any possible leakage of data towards the TTP must be prevented. 5.2 Overview Logic The proposed scheme in this work addresses important issues related to outsourcing data storage: data dynamic, newness, mutual trust, and access control. The owner is allowed to update and scale the outsourced data file. Validating such dynamic data and its newness property requires the knowledge of some metadata that reflects the most recent modifications issued by the owner. Moreover, it requires the awareness of block indices to guarantee that the CSP has inserted, added, or deleted the blocks at the requested positions. To this end, the proposed scheme is based on using combined hash values and a small data structure, which we call block status table (BST). The TTP establishes the mutual trust among different system components in an indirect way. For enforcing access control of the outsourced data, the proposed scheme utilizes and combines three cryptographic techniques: bENC, lazy revocation, and key rotation. The bENC enables a data owner to encrypt some secret information to only authorized users allowing them to access the outsourced data file. Through lazy revocation, revoked users can read unmodified data blocks, while updated/new blocks are encrypted under new keys generated from the secret information broadcast to the authorized users. Using key rotation, the authorized users are able to access both updated/new blocks and unmodified ones that are encrypted under older versions of the current key. 5.3 Representations  F is a data file to be outsourced composed of a sequence of m blocks, i.e., F ={b1, b2, . . . , bm}  h is a cryptographic hash function  DEK is a data encryption key  EDEKis a symmetric encryption algorithm under DEK, e.g., AES (advanced encryption standard)  E-1DEK is a symmetric decryption algorithm under DEK  F-1 is an encrypted version of the file blocks  FHTTPis a combined hash value for F-1, and is computed and stored by the TTP www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153     THTTP is a combined hash value for the BST, and is computed and stored by the TTP ctr is a counter kept by the data owner to indicate the version of the most recent key Rot=<ctr,bENC(Kctr)>is a rotator, where bENC(Kctr) is a broadcast encryption of the key K. ⊕ is anXOR Operator 5.4 Block Status table (BST) To reduce the computational task in the owner and CSP side, the trusted third party (TTP) is introduced to reduce generation of block tags and signature verification. Now validation of outsourced dynamic data and newness property are addressed in proposed schema, this is based on combined hash value and a small data structure called block status table (BST). The TTP established mutual trust among different system component. To enforce access control of outsourced data, this schema use cryptographic techniques: bENC, Key rotation and Lazy revocation. Block status table (BST) is a small dynamic data structure used to reconstruct and access the file blocks outsourced to the CSP. This table consist of the columns Serial Number(SN) is an index to the file blocks. It shows the physical locations of each blocks in the data file. Block Number(BN) is a counter to make logical numbering to each file blocks. Key Version(KV) is to indicate the version of the key used to encrypt the blocks in the data file. The BST is implemented as a linked list to simplify the insertion and deletion of table entity. SN is a simple index to the table so it is not needed. Where BN and KV is an integer of 8m bytes, where m is the number of blocks in the file. When a data file is created initially counter (ctr) and KVis set to 1. When a block level modifications is performed then ctr is increased by 1 and KV of the modified/new block is set to ctr. Fig 2 shows some examples on changes made in BST due to different dynamic operation on file F = {bj}1≤j≤8. (Fig2.a) ctr is set to 1, SNj = BNj =j, andKVj = 1: 1 ≤ j ≤ 8.(Fig 2.b) shows no change for updating the block at position 5 since no revocation is performed. (Fig 2.c) inserting new block after position 3 for a file F with new entry (4, 9, 1) here 4 is the physical position of newly created block and 9 is the logical number and the version number of key used to encrypt the file block is 1. The first revocation in the system increment the ctr by 1, now ctr =2, (Fig 2.d) now modify the block at the position five, new key is used for encryption of block number 4 now the table entity in the position five is (5, 4, 2). (Fig 2.e) shows new block is inserted in position 7 and the second revocation is done, which increments ctr by 1 and the table entity is (7, 10, 3) (Fig 2.f) shows the deleting the 6 block at position 2 from the data file all the sub sequent entity are pop up by 1 step upward. Fig.2,Changes in the BST due to different dynamic operations on a file F = {bj}1≤j≤8. 5.5 System Setup and File Preparation The setup is done only once during the life time of the data storage system, which may be for tens of years. The system setup has two parts: one is done on the owner side, and the other is done on the TTP side. 5.5.1 Owner Role The data owner initializes ctr to 1, and generates an initial secret key Kctr/K1. Kctr can be rotated forward following user revocations, and rotated backward to enable authorizedusers to access blocks that are encrypted under older versions of K ctr. For a fileF = {bj}1≤j≤m, the owner generates a BST with SNj = BNj =j, and KVj = ctr. To achieve privacy-preserving, the owner creates an encrypted file version bj}1≤j≤mMoreover, the owner creates a rotator Rot=<ctr,bENC(Kctr)>, where bENC enables only authorized users to decrypt Kctr and access the outsourced file. The owner sends , ST,Rot to the TTP, and deletes the data file from itslocal storage. Embedding BN j with the block bj during the encryption process helps in reconstructing the file blocks in the correct order. If the encrypted blocks are not corrupted over cloud servers, but randomly delivered to an authorized user, the latter can utilize the embedded BNjand the BST to orderly reconstruct the data file F. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 5.5.2 TTP Role A small part of the owner’s work is delegated to the TTP toreduce the storage overhead and lower the overall system computation. For the TTP to resolvedisputes that may arise regarding data integrity/newness, it computes and locally stores combinedhash values for the encrypted file and the ST. The TTP computes FHTTP = ⊕mj=1 h(bj) and THTTP = ⊕mj=1 h(BN j || KV j) ,then sends , ST to the CSP. The TTP keeps only FHTTPand THTTP on its local storage. Statement 2: The BST is used by the authorized users to reconstruct and access the outsourced data file. The proposed scheme in this work assumes that the data owner is intermittently online and the authorized users are enabled to access the data file even when the owner is offline. To this end, the CSP stores a copy of the BST along with the outsourced data file. When an authorized user requests to access the data, the CSP responds by sending both the BST and the encrypted file e F. Moreover, the BST is used during each dynamic operation on the outsourced data file, where one table entry is modified/inserted/deleted with each dynamic change on the block level. If the BST is stored only on the CSP side, it needs to be retrieved and validated each time the data owner wants to issue a dynamic request on the outsourced file. To avoid such communication and computation overheads, the owner keeps a local copy of the BST, and thus there are two copies of the BST: one is stored on the owner side referred to as BST O, and the other is stored on the CSP side referred to as BSTC. Recall that the BST is a small dynamic data structure with a table entry size = 8 bytes. For 1GB file with 4KB block size, the BST size is only 2MB (0.2% of the file size). Table 1 summarizes the data stored by each component in the proposed scheme. Owner ctr, Kctr, BSTO TTP Rot, FHTTP , THTTP CSP F, BSTC 7 5.6 Dynamic Tasks on the Outsourced Data The dynamic operations in the proposed scheme are performed at the block level via a request in the general form (BlockOp,TEntryBlockOp , j ,KVj , h( bj), Rev lag , b⃰⃰ ) where BlockOp corresponds to block modification (denoted by BM), block insertion(denoted by BI), or block deletion (denoted by BD). TEntryBlockOp indicates an entry in BSTO correspondingto the issued dynamic request. The parameter j indicates the block index on which thedynamic operation is to be performed, KVj is the value of the key version at index j of BST Obefore running a modification operation, and h(bj) is the hash value of the block at index j beforemodification/deletion. RevFlag is a 1-bit flag (true/false and is initialized to false) to indicatewhether a revocation has been performed, and b⃰ is the new block value. 5.6.1 Modification Data modification is one of the most frequently used dynamic operations in theoutsourced data. For a fileF = {b1, b2, . . . ,bm}, suppose the owner wants to modify a block bjwith a block b'j .The owner uses the technique of one-sender-multiplereceiver(OSMR) transmission to send the modify request to both the CSP and the TTP.The TTP updates the combined hash value FHTTPfor through the step FHTTP = FHTTP h(bj)⊕ h(b j), which simultaneously replaces the hash of the old block h(bj) with the new one h(b j). This is possible due to the basic properties of the ⊕operator. The same idea is used whenRevFlag = true to update the combined hash value THTTP on the TTP side by replacing thehash of the old table entry at index j with the hash of the new value. 5.6.2 Insertion In a block insertion operation, the owner wants to insert a new block b after indexj in a fileF = {b1, b2, . . . , bm} i.e., the newly constructed file F' = {b1, b2, . . . bj,b,…….,bm+1},where bj+1 b. The block insertion operation changes the logical structure of the file, whileblock modification does not. TABLE 1: Data stored by each component in the system. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 5.6.3 Append Block append operation means adding a new block at the end of the outsourced data.It can simply be implemented via insert operation after the last block of the data file. 5.6.4 Deletion Block deletion operation is the opposite of the insertion operation. When one block isdeleted all subsequent blocks are moved one step forward. The step FHTTP =FHTTP⊕h(bj) is used to delete the hash value of the bj from the combined hash FHTTP(properties of ⊕operator). The same idea is used with the THTTP value. 5.7 Data Access and Cheating Detection An authorized user sends a data-access request to both the CSP and the TTP to access the outsourced file. The user receives , STC σF, σT} from the CSP, and {FHTTP, THTTP , Rot} from the TTP. For achieving non-repudiation, the CSP generates two signatures F and T for and STC,respectively. 5.7.1 Verification of encrypted data file The authorized user verifies the signatures, and proceeds with the data access procedure only if both signatures are valid. The authorized user verifies the contents of BST C entries by computing THU = ⊕mj=1h(BNj||KVj), and comparing it with the authentic value THTTP received from the TTP. If the user claims that THU ≠ THTTP, a report is issued to the owner and the TTP is invoked to determine the dishonest party. In case of TH U = THTTP , the user continues to verify the contents of the file by computing FHU = ⊕mj=1 h(bj) and comparing with FHTTP . If there is a dispute that FHU ≠ HTTP , the owner is informed and we resort to the TTP to resolve such a conflict. For the authorized user to access the encrypted file bj}1≤j≤m, BSTC and Rot are used to generate the key DEK that decrypts the block bj. The component bE C( ctr) of Rot is decrypted to get the most recent key Kctr. Using the key rotation technique, the user rotates Kctr backward with each block until it reaches the version that is used to decrypt the block bj. Both ctrand the key version KVj can determine how many rotation steps for Kctrwith each block bj. Decrypting the block bj returns (BNj||bj). Both BNj and BSTC are utilized to get the physical block position SNj into which the block bj is inserted, and thus the file F is reconstructed in plain form. Optimization The backward key rotation done can be highly optimized by computing a set of keys Q = {Ki} from Kctr. Each Kiin Q is the result of rotating Kctr backward ctr−I times. For 8 example, if ctr= 20, a set Q = {K1,K5,K10,K15}can be computed from Kctr. To decrypt a block bj, the authorized user chooses one key Ki from Q, which has the minimum positive distance i− KVj. Then, Ki is rotated backward to get the actual key that is used to decrypt the block bj. A relatively large portion of the outsourced data is kept unchanged on the CSP, and thus K1 from Q can be used to decrypt many blocks without any further key rotation. The size of Q is negligible compared with the size of the received data file. 5.7.2 Cheating Detection Procedure Fig. 4 shows how the TTP determines the dishonest party in the system. The TTP verifies the signatures σT and σF, which are previously verified and accepted by theauthorized user. If any signature is invalid, this indicates that the owner/user is dishonest for corrupting either the data or the signatures. In case of valid signatures, the TTP computes temporary combined hash values THtemp= ⊕mj=1 h(BNj||KVj) and FHtemp= ⊕mj=1 h(bj). If THtemp≠THTTP or FHtemp≠ HTTP , this indicates that the CSP is dishonest for sending corrupted data, otherwise the owner/user is dishonest for falsely claiming integrity violation of received data. VI. PERFORMANCE ANALYSIS 6.1 Settings and Overheads The data file F used in our performance analysis is of size 1GB with 4KB block size. Without loss of generality, we assume that the desired security level is 128-bit. Thus, we utilize a cryptographic hash h of size 256 bits (e.g., SHA-256), an elliptic curve defined over Galois field GF(p) with |p| = 256 bits (used for bENC), and BLS (Boneh-Lynn-Shacham) signature of size 256 bits (used to compute σFandσT). Here we evaluate the performance of the proposed scheme by analyzing the storage, communication, and computation overheads. We investigate overheads that the proposed scheme brings to a cloud storage system for static data with only confidentiality requirement. This investigation demonstrates whether the features of our scheme come at a reasonable cost. The computation overhead is estimated in terms of the used cryptographic functions, which are notated . Let m and n denote the number of file blocks and the total number of system users, respectively. It presents a theoretical analysis for the storage, communication, and computation overheads of the proposed scheme. It summarizes the storage and communication overheads for our data file F (1GB with 4KB block size) and 100,000 authorized users. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 Observations Storage overhead It is the additional storage space used to store necessary information other than the outsourced file . The 9 overhead on the owner side is due to storing BST O. An entry of BSTOis of size 8 bytes (two integers), and the total number of entries equals the number of file blocks m. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 During implementation SN is not needed to be stored in BSTO; SN is considered to be the entry/table index (BST Ois implemented as a linkedlist). The size of BST Ofor the file F is only2MB (0.2% of F). BST O size can be further reducedif the file F is divided into larger blocks (e.g., 16KB). Like the owner, the storage overhead on the CSP side comes from the storage of BSTC. To resolve disputes that may arise regarding data integrity or newness property, the TTP stores FHTTP and THTTP , each of size 256 bits. Besides, the TTP stores Rot =<ctr, bENC(Kctr)>that enables the data owner to enforce access control for the outsourced data. The ctr is 4 bytes, and bENC has storage complexity O(√n), which is practical for an organization (data owner) with n = 100,000 users. A point on the elliptic curve used to implement bENC can be represented by 257 bits (≈ 32 bytes) using compressed representation .Therefore, the storage overhead on the TTP side is close to 10KB, which is independent of the outsourced file size. Overall, the storage overhead for the file F is less than 4.01M (≈ 0.4% of ). Communication overhead It is the additional information sent along with the outsourced data blocks. Duringdynamic operations, the communication overhead on the owner side comes from the transmission of a block operation BlockOP (can be represented by 1 byte), a table entry TEntryBlockOP (8 bytes), and a block index j (4bytes). If a block is to be modified following a revocation process, KVj(4 bytes) is sent to the TTP. Moreover, incase of a block modification/deletion, the owner sendsa hash (32 bytes) of the block to be modified/deleted to the TTP for updating FHTTP . Recall that the owner also sends Rot (4 + 32 √n bytes) to the TTP if block modifications/ insertions are to be performed following user revocations. Therefore, in the worst case scenario (i.e., block modifications following 10 revocations), the owner’s overhead is less than 10 . The Rot represents the major factor in the communication overhead, and thus the overhead is only 45 bytes if block modification/deletion operations are to be performed without revocations (only 13 bytes for insertion operations). In practical applications, the frequency of dynamic requests to the outsourced data is higher than that of user revocations. Hence, the communication overhead due to dynamic changes on the data is about 1% of the block size (the block is 4KB in our analysis). As a response to access the outsourced data, the CSP sends the file along with σF(32 bytes), σT(32 bytes), and BST C (8m bytes). Moreover, the TTP sends FHTTP(32 bytes), THTTP (32 bytes), and Rot. Thus, the communication overhead due to data access is 64 + 8m bytes on the CSP side, and 68 + 32 √n bytes on the TTP side. Overall, to access the file F, the proposed scheme has communication overhead close to 2.01M (≈ 0.2% of ). Computation overhead: A cloud storage system for static data with only confidentiality requirement has computation cost for encrypting the data before outsourcing and decrypting the data after being received from the cloud servers. For the proposed scheme, the computation overhead on the owner side due to dynamic operations (modification/insertion) comes from computing DEK = h(Kctr) and encrypting the updated/inserted block, i.e., the overhead is one hash and one encryption operations. If a block modification/insertion operation is to be performed following a revocation of one or more users, the owner performs FR to roll Kctr forward, and bENC to generate the Rot. Hence, the computation overhead on the owner side for the dynamic operations is h + EDEK + FR + bEnc(worst case scenario). Updating BSTO and BSTC is done without usage of cryptographic operations (add, remove, or modify a table entry). www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 To reflect the most recent version of the outsourced data, the TTP updates the values FHTTP and THTTP .If no revocation has been performed before sending a modify request, only FH TTP is updated on the TTP side. Therefore, the maximum computation overhead on the TTP side for updating both FH TTP and THTTP is 4h. Before accessing the data received from the CSP, theauthorized user verifies two signatures (generated by the CSP), BSTC entries, and the data file. These verifications cost 2Vσ+ 2mh. Moreover, the authorized user decrypts bENC(Kctr) part in the Rot to get Kctr. For each received block, Kctris rotated backward to obtain the actual key that is used to decrypt the data block. The optimized way of key rotation (using the set Q) highly affects the performance of data access; many blocks need a few or no rotations. Moreover, one hash operation is performed per block to compute DEK. Overall, the computation overhead due to data access is 2 Vσ+ 3mh + bENC−1 + [BR] on the owner side, and 2Sσon the CSP side. For determining a dishonest party, the TTP verifies σTandσF. In case of valid signatures, the TTP proceeds to compute THtemp and FHtemp. The values THtemp and FHtempare compared with THTTP and FHTTP ,respectively. Hence, the maximum computation overhead on the TTP side due to cheating detection is 2Vσ+ 2mh. VII. ENACTMENT AND EXPERIMENTAL VALUATION 7.1 Enactment We have implemented the proposed scheme on top of Amazon Elastic Compute Cloud (Amazon EC2) andAmazon Simple Storage Service (Amazon S3) cloud platforms. Our implementation of the proposed scheme consists of four modules: OModule(owner module), CModule (CSP module), UModule(user module), and TModule (TTP module). OModule, which runs on the owner side, is a library to be used by the owner to perform the owner role in the setup and file preparation phase. Moreover, this library is used by the owner during the dynamic operations on the outsourced data. CModule is a library that runs on Amazon EC2 and is used by the CSP to store, update, and retrieve data from Amazon S3. UModuleis a library to be run at the authorized users’ side, and include functionalities that allow users to interact with the TTP and the CSP to retrieve and access the outsourced data. TModuleis a library used by the TTP to perform the TTP role in the setup and file preparation phase. Moreover, the TTPuses this library during the dynamic operations and todetermine the cheating party in the system. 7.2 Implementation settings In our implementation we use a ”large” Amazon EC2 instance to run CModule. This instance type provides total memory of size 7.5GB and 4 EC2 Compute Units (2 virtual cores with 2 EC2 Compute Units each). One EC2 Compute Unit provides the equivalent CPU capacity of a 1.0 - 1.2GHz 2007 Opteron or 2007 Xeon processor. A separate server in the lab is used to run TModule. This server has Intel(R) Xeon(TM) 3.6GHz processor, 2.75GB RAM, and Windows XP operating system. The OModule is executed on a desktop computer with Intel(R) Xeon(R) 2GHz processor and 3GB RAM running Windows XP. A laptop with Intel(R) Core(TM) 2.2GHz processor and 4GB RAM running Windows 7 is used to execute the UModule. We outsource a data 11 file of size 1GB to Amazon S3. Algorithms (hashing, broadcast encryption, digital signatures, etc.) are implemented using MIRACL library version 5.5.4. For a 128-bit security level, bENCuses an elliptic curve with a 256-bit group order. In the experiments, we utilize SHA-256, 256-bit BLS signature, and Barreto- Naehrig (BN) curve defined over prime field GF(p) with |p| = 256 bits and embedding degree = 12. 7.3 Experimental Valuation Here we describe the experimental evaluation of the computation overhead the proposed scheme brings to a cloud storage system that has been dealing with static data with only confidentiality requirement. Owner computation overheadTo experimentally evaluate the computation overhead on the owner side due to the dynamic operations, we have performed 100 different block operations (modify, insert, append, and delete) with number of authorized users ranging from 20,000 to 100,000. We have run our experiment three times, each time with a different revocation percentage. In the first time, 5% of 100 dynamic operations are executed following revocations. We increased the revocation percentage to 10% for the second time and 20% for the third time. ig. 8 shows the owner’s average computation overhead per operation. For a large organization (data owner) with 100,000 users, performing dynamic operations and enforcing access control with 5% revocations add about 63milliseconds of overhead. With 10% and 20% revocation percentages, which are high percentages than an average value in practical applications, the owner overhead is 0.12 and 0.25 seconds, respectively. Scalability (i.e., how the system performs when more users are added) is an important feature of cloud storage systems. The access control of the proposed scheme depends on the square root of the total number of system users. Fig. 8 shows that for a large organization with 105 users, performing dynamic operations and enforcing access control for outsourced data remains practical. TTP computation overhead In the worst case, the TTP executes only 4 hashes per dynamic request to reflect the change on the outsourced data. Thus, the maximum computation overhead on the TTP side is about 0.04 milliseconds, i.e., the proposed scheme brings light overhead on the TTP during the normal system operations. To identify the dishonest party in the system in case of disputes, the TTP verifies two signatures (σF and σT), computes combined hashes for the data (file and table), and compare the computes hashes with the authentic values (THTTP and FHTTP ). Thus, the computation overhead on the TTP side is about 3.59 seconds. Through our experiments, we use only one server to simulate the TTP and accomplish its work. The TTP may choose to split the work among a few devices or use a single devicewith a multi-core processor which is becoming prevalent these days, and thus the computation time on the TTP side is significantly reduced in many applications. www.ijsrp.org 12 overhead due to retrieving the data is ≈ 0.2% of the outsourced data size. 0.3 0.25 REFERENCES 0.2 5% Revocation 0.15 [1] [2] 0.1 10% Revocation 0.05 100000 80000 60000 40000 0 20000 Computation Overhead (sec) International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 20% Revocation [3] [4] System Users [5] Fig.5, Owner’s average computation overhead due to dynamic operations TABLE 2: Experimental results of the computation overheads Component Computation Overhead TTP 0.04 ms 3.59s / Users 0.55 s CSP 6.04 s User computation overhead The computation overhead on the user side due to data access comes from five aspects divided into two groups. The first group involves signatures verification and hash operations to verify the received data (file and table). The second group involves broadcast decryption, backward key rotations, and hash operations to compute the DEK. The first group costs about 5.87 seconds, which can be easily hidden in the receiving time of the data (1GB file and 2MB table). To investigate the time of the second group, we access the file after running 100 different block operations (with 5% and 10% revocation percentages). Moreover, we implement the backward key rotations in the optimized way. The second group costs about 0.55 seconds, which can be considered as the user’s computation overhead due to data access. CSP computation overhead. As a response to the data access request, the CSP computes two signatures: σ FandσT. Thus, the computation overhead on the CSP side due to data access is about 6.04 seconds and can be easily hidden in the transmission time of the data (1GB file and 2MB table). [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] VIII. CONCLUSION The proposed schema for cloud based storage which supports outsourcing of dynamic data, updating and scaling of outsourced data in remote server is ensuring the authorized user receiving most recently updated versions of data. TTP can determine the dishonest party. We have investigated the overheads added by our scheme when incorporated into a cloud storage model for static data with only confidentiality requirement. The storage overhead is ≈ 0.4% of the outsourced data size, the communication overhead due to block-level dynamic changes on the data is ≈ 1% of the block size, and the communication [16] [17] [18] [19] Amazon.com, “Amazon Web Services (AWS),” Online at http://aws.amazon.com, 2008. G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, “Scalable and efficient provable data possession,” in Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, 2008, pp. 1–10. Q. Wang, C. Wang, J. Li, . Ren, and W. Lou, “Enabling public verifiability and data dynamics for storage security in cloud computing,” in Proceedings of the 14th European Conference on Research in Computer Security, 2009, pp. 355–370. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and . u, “Plutus: Scalable secure file sharing on untrusted storage,” in Proceedings of the FAST 03 Conference on File and Storage Technologies. USENIX, 2003. E.-J. Goh, H. Shacham, . Modadugu, and D. oneh, “Sirius: Securing remote untrusted storage,” in Proceedings of the etwork and Distributed System Security Symposium, NDSS. The Internet Society, 2003 . G. Ateniese, . u, M. Green, and S. Hohenberger, “Improved proxy reencryption schemes with applications to secure distributed storage,” in Proceedings of the Network and Distributed System Security Symposium, NDSS.The Internet Society, 2005. F. Sebe, J. Domingo-Ferrer, A. Martinez-Balleste, Y. Deswarte, and J.-J. Quisquater, “Efficient remote data possession checking in critical information infrastructures,” IEEE Trans. on nowl. And Data Eng., vol. 20, no. 8, 2008. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proceedings of the 14th ACM Conference on Computer andCommunications Security, ser. CCS ’07, 2007, pp. 598–609. C. Erway, A. upcu, C. Papamanthou, and R. Tamassia, “Dynamic provable data possession,” in Proceedings of the 16th ACM Conferenceon Computer and Communications Security, 2009, pp. 213–222. A. . arsoum and M. A. Hasan, “Provable possession and replication of data over cloud servers,” Centre or Applied Cryptographic Research, Report 2010/32, 2010, http://www.cacr.math.uwaterloo.ca/techreports/2010/cacr2010-32.pdf. A. F. Barsoum and M. A. Hasan, “On verifying dynamic multiple data copies over cloud servers,” Cryptology ePrint Archive, Report 2011/447, 2011, 2011, http://eprint.iacr.org/. H. Shacham and . Waters, “Compact proofs of retrievability,” in ASIACRYPT ’08, 2008, pp. 90–107. S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, “Over-encryption: Management of access control evolution on outsourced data,” in Proceedings of the 33rd InternationalConference on Very Large Data Bases. ACM, 2007, pp. 123–134. V. Goyal, O. Pandey, A. Sahai, and . Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in CCS ’06, 2006, pp. 89–98. S. Yu, C. Wang, . Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in I OCOM’10, 2010, pp. 534–542. M. ackes, C. Cachin, and A. Oprea, “Secure key-updating for lazy revocation,” in 11th European Symposium on Research in Computer Security, 2006, pp. 327–346. D. Boneh, C. Gentry, and B. Waters, “Collusion resistant broadcast encryption with short ciphertexts and private keys,” in Advancesin Cryptology - CRYPTO, 2005, pp. 258–275. D. oneh, . Lynn, and H. Shacham, “Short signatures from the weil pairing,” in ASIACRYPT ’01: Proceedings of the 7th InternationalConference on the Theory and Application of Cryptology andInformation Security, London, UK, 2001, pp. 514–532. P. S. L. M. arreto and M. aehrig, “IEEE P1363.3 submission: Pairingfriendly elliptic curves of prime order with embedding degree 12,” ew Jersey: IEEE Standards Association, 2006. www.ijsrp.org International Journal of Scientific and Research Publications, Volume 4, Issue 3, March 2014 ISSN 2250-3153 [20] D. L. G. ilho and P. S. L. M. arreto, “Demonstrating data possession and uncheatable data transfer,” Cryptology ePrintArchive, Report 2006/150, 2006. [21] D. aor, M. aor, and J. . Lotspiech, “Revocation and tracing schemes for stateless receivers,” in Proceedings of the 21st AnnualInternational Cryptology Conference on Advances in Cryptology, ser. CRYPTO ’01. Springer-Verlag, 2001, pp. 41–62. [22] M. J. Atallah, . . rikken, and M. lanton, “Dynamic and efficient key management for access hierarchies,” in Proceedings of the 12th ACM Conference on Computer and Communications Security,ser. CCS ’05. ACM, 2005, pp. 190–202. [23] J. Feng, Y. Chen, W.-S. u, and P. Liu, “Analysis of integrity vulnerabilities and a non-repudiation protocol for cloud data storage platforms,” in Proceedings of the 2010 39th International Conference on Parallel Processing, 2010, pp. 251–258. [24] J. eng, Y. Chen, and D. H. Summerville, “A fair multi-party nonrepudiation scheme for storage clouds,” in 2011 International Conference on Collaboration Technologies and Systems, 2011, pp. 457–465. 13 AUTHORS First Author – S.Sandhiya, University College of Engineering Villupuram, India, Department of Information Technology, Email: [email protected] Second Author – D.Saranya, University College of Engineering Villupuram, India, Department of Information Technology, Email: [email protected] Third Author – S.Archana, University College of Engineering Villupuram, India, Department of Information Technology, Email: [email protected] Fourth Author – M.Jayasudha, University College of Engineering Villupuram, India, Department of Information Technology www.ijsrp.org