New Hybrid Approach for Secure Data Storage in Cloud Computing Environment

El-Booz, Sheren A.; Attiya, Gamal M.; El-Fishawy, Nawal

doi:10.21608/mjeer.2017.63449

New Hybrid Approach for Secure Data Storage in Cloud Computing Environment

Document Type : Original Article

Authors

Dept. of Computer Science and Eng., Faculty of Elect., Eng., Menoufia University

10.21608/mjeer.2017.63449

Abstract

"> Cloud storages in cloud data centers are used for enterprises and individuals to store and access their data remotely anywhere anytime without any additional burden. By data outsourcing, users can relieve the burden of local data storage and maintenance. However, one of the major problems of cloud environment is data storage security. Therefore, data auditing is introduced to verify the data in the cloud storages with the aid of Third Party Auditor (TPA). However, the TPA is leased by cloud service provider and after a time the provider may contract with the TPA to conceal the loss of data from the user to prevent the defamation. This paper presents a new hybrid approach for data storage security in cloud computing to protect organizations’ data from the cloud provider, the third party auditor and some users who may use their old accounts to access the data stored on the cloud. The hybrid approach enhances the authentication level of security by combining two efficient authentication techniques; Time-based One Time Password (TOTP) for cloud users verification and Automatic Blocker Protocol (ABP) to fully protect the system from unauthorized TPA. The experimental results demonstrate the effectiveness and efficiency of the proposed approach when auditing shared data integrity.

References

t-stroke-width: 0px; "> [1] George SUCIU, Simona HALUNGA, Anca APOSTU, Alexandru VULPE,
Gyorgy TODORAN, “Cloud Computing as Evolution of Distributed
Computing – A Case Study for SlapOS Distributed Cloud Computing
Platform,” Informatica Economică, Vol. 17, No. 4, pp. 109-122, 2013.
[2] P. Mell and T. Grance, "The NIST Definition of Cloud Computing,"
National Institute of Standards and Technology, Information Technology
Laboratory, October 7 2009. http://www.nist.gov/itl/cloud/
[3] Mohamed Abu Sharkh, Manar Jammal, Abdallah Shami, and Abdelkader
Ouda, “Resource Allocation in a Network-Based Cloud Computing
Environment: Design Challenges,” IEEE Communications Magazine, Vol.
51, Issue 11, pp 46-52, November 2013.
[4] C. Wang, Q. Wang, K.Ren, and W. Lou, “Privacy-Preserving Public
Auditing for Secure Cloud Storage,” IEEE Transactions on Computers, Vol.
62, No. 2, pp. 1-12, 2013.
[5] M. Venkatesh, M. R. Sumalatha and C. SelvaKumar, “Improving public
auditability, data possession in data storage security for cloud computing,”
Proc. of the International Conference on Recent Trends in Information
Technology, pp. 463-467, 19-21 April 2012.
[6] S. Bhagyashri and Y. B. Gurave, “A Survey on Privacy Preserving
Techniques for Secure Cloud Storage”, International Journal of Computer
Science and Mobile Computing, Vol. 3, Issue. 2, pp. 675-680, Feb. 2014.

t-text-size-adjust: auto; -webkit-text[7] T. Paigude, T. A. Chavan, “A survey on Privacy Preserving Public Auditing
for Data Storage Security”, International Journal of Computer Trends and
Technology, Vol. 4, Issue 3, pp. 412-418, 2013.
[8] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Paterson, and
D. Song, “Provable Data Possession at Untrusted Stores”, Proc. of the ACM
Conference on Computer and Communications Security (CCS’07), pp. 598-
610, October 29–November 2, 2007.
[9] G. Ateniese, R. D. Pietro, L. v. Mancini, and G. Tsudik, “Scalable and
Efficient Provable Data Possession”, Proceedings of the 4th International
Conference on Security and Privacy in Communication Networks,
SecureComm, pp. 1–10, 2008.
[10] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, “Dynamic
Provable Data Possession”, Proc. of the 16th ACM conference on Computer
and communications security, pp. 213-222, 2009.
[11] C. Wang, Q. Wang, K. Ren and W. Lou, “Privacy Preserving Public
Auditing for Secure Cloud Storage”, IEEE Transactions on Computers, Vol.
62, Issue 2, pp. 362-375, 2011.
[12] C. Wang, Q. Wang, K. Ren, and W. Lou, “Towards Secure and Dependable
Storage Services in Cloud Computing,” IEEE Trans. on Services
Computing, Vol. 5, No. 2, pp. 220-232, Apr-Jun 2012.
[13] A. Juels, J. Burton, and S. Kaliski, “Proofs of Retrievaliability for Large
Files”, Proceedings of the 14th ACM Conference on Computer and
Communications Security, pp. 584-597, 2007.
[14] H. Shecham, and B. Wates, “Compact Proofs of Retrievliablilty”, Advances
in Cryptology-ASIACRYPT, Vol. 5350, pp. 90–107, Dec 2008.
[15] M. A. Shah, M. Baker, J. C. Mogul, and R. Swaminathan, “Auditing to
Keep Online Storage Services Honest,” Proceedings of the 11th workshop
on hot topics in operating systems (HotOS'07), 'HotOS', USENIX
Association, pp. 1-6, 2007.
[16] Q. Wang, C. Wang, J. Li, K. Ren and W. Lou, “Enabling Public
Verifiability and Data Dynamics for Storage Security in Cloud Computing”,
Proc. 14th European Symp. Research in Computer Security (ESORICS
'09), pp. 355-370, 2009.
[17] P. Prasadreddy, T. Srinivasa and S.Phani, “A Threat Free Architecture For
Privacy Assurance in Cloud Computing” Proc. of the IEEE World Congress
on Services, pp. 564-568, Jul.4-9, 2011, USA. IEEE Xplore Press,
DOI:10.1109/SERVICES.2011.11.
[18] D. M'Raihi, S. Machani, M. Pei, J. Rydell, “TOTP: Time-Based One-Time
Password Algorithm", Request for Comments (RFC) 6238, July 13, 2011.
[19] K. Kiran, K. Padmaj, and P. Radha, “Automatic Protocol Blocker for
Privacy–Preserving Public Auditing in Cloud Computing”, IJCST, Vol. 3,
Issue 1, Jan-March, 2012.
[20] www.owasp.org/index.php/Top_10. Accessed on April 2015.