Design of Secured Storage System for Multi-Cloud Environment

Delivered By:
Mr. Manoj V. Bramhe
Research Scholar

Department of Computer Science & Engineering

G.H Raisoni College of Engineering, Nagpur.

Under Supervision of
Dr. M.V Sarode
HOD,CE Dept., Govt. Polytechnic, Yavatmal
OSD, Government Engineering College, Yeotmal

Number of Publications on Research Area

Patent: 01 IJ : 05 (One SCI Index Accepted ), IC: 2 (One eSCI)

Name of RPC Members:

1.Dr. Bhaskaran Raman IIT, Bombay, 2.Dr. U.A.Deshpande VNIT Nagpur
 Outline
• Introduction
• Motivation
• Problem Definition
• Literature Review
• Analysis and Research Gap
• Objective of Study
• Work Done
• Proposed System Architecture
• Upload and Download Process
• Result Analysis
• Hidden Ownership Mechanism
• Conclusion
• Publications
• References
2
 Introduction

 In today’s world individuals and organizations are creating huge

amount of data everyday through professional and social
platform .
 There is need of storage system which allows users to transmit,
store and access their data securely.
 Local / Client-Server based storage system model is not
sufficient to manage such huge data.
 Cloud based storage system in distributed environment is most
suitable options because of its “pay-as-you-go” nature.
 Cloud computing allows convenient unlimited storage and on-
demand access to stored cloud customer data at low cost.
3
 Introduction
 Cloud based storage has made a situation where data handling
and ownership is being transferred from original data owner to
third part cloud service provider.
 There is big concern about security of data in cloud storage for
each individual / organizations.

4
 Motivation

 The NIST (USA), Cloud Security Alliance and ITU in their

recommendation ( ITU-T X.1641) has specified need for cloud
service customer data security.

 Cloud end user (Organization / Individual) must get

Confidentiality, Integrity, Availability and Privacy-Preser
vability for their stored data.

5
 Problem Definition

Every big organization having web identity and have huge amount
of data created every day.

They prefers to store their information in cloud due to unlimited

capacity, any time access, low cost and scalability .

 Basic cloud storage model has use of single cloud service.

 Single cloud storage model has many disadvantages like loss of

control , data integrity loss, data intrusion problem, untrusted
cloud provider and service unavailability due to cloud outage.
6
 Problem Definition

 Even though cloud service provider supports many security

solutions but biggest problem is of malicious system administrator
who has full access to users data.
There is need of such system who will removes drawbacks of
single cloud storage and also keep the data out of reach of a malicious
system user.
 Multi-cloud based system can be probable solution . Till now 80 %
of work was carried in single cloud model

7
 Literature Review (Multi-Cloud)
Proposed Method Technique Merits/Demerits/gap
CHARM
IEEE Transaction on Cost Efficient multi-cloud data • Focus on only saving cost
hosting With High availability of storage. 20 % saving
Cloud Computing
Use Replication and erasure coding • Focus on only 1 parameter
Sept. 2015
in multi-cloud of security : Integrity
[23]
RACS
Int. conference for Redundant Array of Cloud storage • Resolves Cloud outage and
Internet technology system economic failure problem.
and Secured It is proxy which stores data in • Does not have support for
Transaction multiple cloud. Similar to RAID confidentiality and
December 2012 systems Integrity of data.
[26]
Tahoe-LAFS
• Simple and easy to use
IEEE symposium on Uses open source distributed file
system
intelligent signal system Tahoe-LAFS for storing data
processing and comm. in multiple nodes
• System was tested on 4
systems, November
nodes and not in actual 8
2012
multi-cloud environment
 …cont.
Proposed Method Technique Merits/Demerits/gap

HAIL High-Availability and Integrity Layer • Supports low overhead,

for Cloud Storage static file
16th ACM conference
Remote file integrity checking • No support for
on Comp. and comm. protocol confidentiality and integrity
security
November 2009
[27]
DEPSKY Dependable and Secure Storage in a
ACM Transaction on Cloud-of-Clouds • Improves confidentiality,
Integrity and Availability
Storage, Vol. 9,No. 4,
• Requires more cost for
November 2013 Using encryption, encoding and
data storage
replication techniques in multiple
• Store Metadata in cloud
clouds .
[24]

9
 …cont.
Method Technique Merits/Demerits/gap

Hybris Robust hybrid cloud storage • Better performance and less

ACM Transactions on Us cost
Storage, Vol. 13, Issue • Takes more storage space
3, October 2017 as it stores whole copy of
[28] data in multiple cloud s
Division and Replication of Data in
Cloud for Optimal Performance and
DROPS Security • Have controlled replication
IEEE Transactions on It divides data into multiple chunks (Only 1 copy)
and stored them on n cloud nodes • Tested system only on
Cloud Computing, Vol.
which are separated from each multiple nodes of single
6, Issue 2, June 2018 other by specific distance cloud not in multiple cloud
[29]

10
 Analysis and research gap

 Existing systems are mostly based on single cloud storage

services having security issues as cloud outage, loss of data
control, integrity issues, inside system user attacks.

 Proposed solution for single cloud does not resolves problem

malicious system administrator

 Proposed multi-cloud based system were focused on specific

security concerns like storage cost, integrity , confidentiality,
service failure but majority of these solutions lacks to ensure
effective solutions for all challenges .
11
 Objective of the Study

To study cloud storage services for single and multi-cloud

environment.

To study vulnerabilities and threats, and their mitigation in cloud

storage.

To overcome trade-off in single cloud based storage systems.

Design and development of secure cloud storage for multi-cloud

environment.

To improve data confidentiality in multi-cloud storage

To provide data integrity to users data at cloud storage

12
 Objective of the Study

To ensure any time availability of data through backup and failure
management.

To avoid important threat of malicious system user by keeping partial

data at cloud.

To proposed and implement novel hidden ownership mechanism

using index table for ensuring no entity have complete information of
data at any time for hiding details about original .

 To implement and compare results with similar systems for

improvement

13
 Proposed System Architecture

• User Interface at SaaS level

will pass multiple file
chunks to cloud based DFS
at PaaS level, which will
distribute data securely
among multiple clouds
 Proposed System architecture

• Vendor dependent implementation

Implementation

Reusable Packages
 Work Flow

Registration

Verification

Authentication

File selection

Provide Key

Collect Files Upload

Merge Encrypt

Decrypt Split

Download Distribute
Upload / Write File Process

Upload
Client
File
Algorithm: Read
Provide / Download file 1.

Input file (F) Key

2. Key (k) 3.Application
For(i=0 Serverto
‘n’) 4. Connect.Server[i] Conn 5.
F[i] Conn.Download((Fk)e[i]) 6. Next
7. CreateFile(Fp,TempDir/(getGUID
)) F[0] 8. Fp.AppendFile(F[1])
Stored on 9.
Local
Fp.AppendFile(F[2]) 10.
Dec(Fp,k) Connect
OriFileName
to
11.
ftp and Split
Download(OriFileName)
Upload 12. Close File Fp
Ftp Server

Connect to
ftp and
Upload

Ftp Server
 Download / Read File Process
Get
Client Filename
and Key

Server Local
Disk

Get First
Part A
Download
Connect to Get Second
File
ftp 1 Part B

Connect to Get Third

ftp 2 Part C

Decrypt
Ecry Key
file

Merge File

Queue it For
Download
 Sequence Diagram
Data Owner Application Server Cloud Storage

Register Register

Login Verify

Allow Access

Select File

Provide Key
Upload File

Encrypt File

Split File

Connect Server

Allow Conn.

Upload File

Save File
 Test bed setup for comparison

– Our system is tested on local and public cloud

– Windows Azure Cloud API are used for testing
– System was tested on following configuration
• Intel i3 dual core processor 2.13 GHZ
• 6GB RAM , 64 bit Windows 7 OS
• Mobile Internet (Airtel Asia-Singapore SG server)
• Upload Speed : 2.86 Mbps
• Download Speed : 17.06 Mbps
 Point of consideration
• In order to generate result need to consider
following points which takes different processing
time.
– Network Transfer Speed: This will allow application to
transfer data in specific speed.
– File Type: Depending upon the file type it will take
vary processing time.
– Disk Read/Write Speed: If file size is large disk reading
time must be keep in consideration.
– Processor Speed: It decides encryption performance
Result Analysis- Progress w.r.t. network parameters
 Encryption with symmetric key
• Various files of
different size
were encrypted
with symmetric
key algorithms in
the cloud
environment
• AES is found to
be fastest among
all symmetric
key algorithms
tested
 Encryption with Asymmetric key

• Various files of
different size
were encrypted
with asymmetric
key algorithm in
the cloud
environment
• Diffie-Hellman is
found to be
fastest among
asymmetric key
algorithms tested
 Upload & Download Compare
14
12.1
12

10
8.5
8.1 7.9
Time (sec)

8 7.1

6
4.6 4.8
4.2
4

0
AWS Azure GoDaddy D-HOM
1 MB File @ 512KB/s (High NT Priority)

Upload Download

Tot Time= Conn. Time + HS Time + Actual Transfer Time + NT Load

 Upload & Download Compare
16
14.2 14.3
14
12.1
12 11.6

10
Time (sec)

8 7.2 6.9
6.3 6
6

0
AWS Azure GoDaddy D-HOM
2 MB File @ 512KB/s (High NT Priority)

Upload Download

Tot Time= Conn. Time + HS Time + Actual Transfer Time + NT Load

 Upload & Download Compare
450
395 398
400
340 330
350
300

Time (sec)
250
203 198 210
196
200
150
100
50
0
Hybris Dep-Sky Tahoe-LAFS D-HOM
16
14.2 14.3 50 MB File @ 1024KB/s (High NT Priority)
14
12.1 11.6
12 Upload Download

10
Time (sec)

8 7.2 6.9
6.3 6
6
4
2
0
Hybris Dep-Sky Tahoe-LAFS D-HOM
10 MB File @ 1024KB/s (High NT Priority)

Upload Download
 Candlestick Comparison
14

12

10
Time (Sec)

0
DepSky Hybris Tahoe-LAFS D-HOM

Min Time, Max Time, Normal Low Time, Normal High Time
 Transfer Methods Compare

RPC

FTP

Azure API

HTTP

0 50 100 150 200 250 300

Time (Secs)
100 MB File @ 512 KB/s (High NT Priority)
 Parametric Comparison
Cost

D-HOM

Hybris
Cost
DepSky

0 1 2 3 4 5
Overall
Security
D-HOM
D-HOM
Hybris
Overall
Hybris
Security DepSky
DepSky
0 5 10 15
0 1 2 3 4 5

Dependency

D-HOM

Hybris
Dependency
DepSky

0 1 2 3 4 5
 Comparison with Similar Systems
Sr.No. Parameter Proposed Hybris DepSky Tahoe-LAFS RACS
System
1 Confidentiality Yes Yes Yes Yes No

2 Integrity Yes Yes Yes No No

3 Storing of Locally with Cloud Cloud Cloud No

Encryption Keys Client
4 Metadata In In Cloud cloud NO
storage Application Application
Server Server

5 Storage of file Application Public Cloud Public Public Public

Chunk Server and Cloud Cloud Cloud
Public cloud
 Comparison with Similar Systems
Sr.No. Parameter Proposed Hybris DepSky Tahoe-LAFS RACS
System
6 Type of Cloud Hybrid Hybrid Public Private Public
Stores Stores
sensitive sensitive
info on info on
private private
cloud) cloud)
7 Storage Cost Less More More More More
Application
server used Complete Using Using Using
for storage copy of public public public
data is cloud for cloud for cloud for
stored storage storage storage

8 Access time for Lowest Medium High High High

Metadata and
chunk retrieval
 Comparison with Similar Systems

Sr.No. Parameter Proposed Hybris DepSky Tahoe-LAFS RACS

System

9 Dependency on Low Medium High High High

Public cloud

10 Security High Medium Low Low Low

11 Hidden Available
Ownership
Mechanism
Typical FTP Based File Management
FTP Drawback overcome
 Hidden Ownership Mechanism

Proposed New Method /Algorithm for improving FTP

services
Proposed system will dynamically create naming
convention ambiguity by renaming each file
New name is generated using Filename, security key and
timestamp
 Hidden Ownership Mechanism

D-HOM Service
Write New file to index
Directory Listing Request
Read File From Index
 Patent Claims

• 1. We claim to have system & method for secure file storage using hidden owner
identity mechanism, where no entity having file location and its contents details to
access file.

a. As claim in 1, no exposure of stored file name and its content information to

any entity.

b. As claim in 1, system doesn’t required to have multiple users directory/folders

in storage media as it is storing all file at single location.

c. As claim in 1, system reduces indexing mechanism information overheads.

d. As claim in 1, system protects user data in storage from malicious user.

 Patent Claims

2. We claim to have novel index table which holds only partial information about file
storage location.

a. As claim in 2, system holds partial information about file storage location

hence no entity get access over file and its content.

b. As claim in 2, information about files actual location need to regenerate from

partial information on user end and storage service end using decoding
mechanism.

c. As claim in 2, complete information from user end and storage service end are
only exposed to decoding mechanism for temporary basis as a buffer.
 Patent Claims

3. We claim to have a novel decoding mechanism to generate original filename from

user security code and secure file name entry in index table.

a. As claim in 3, index table holds memory location, secure filename, timestamp

and security key only.

b. As claim in 3, secure filename is secondary filename which is generated by

decoding mechanism using original filename and user security code.

c. As claim in 3, system utilized the combination of logical ‘AND’ process and

right bit shifting process to regenerate the original filename and vice versa
 Conclusion

• We have developed D-HOM (Distributed

Hidden Ownership Mechanism) which
provides multi-cloud based secure storage
system with focus on malicious system
administrator
• System gives better performance for security,
cost, dependency parameters using novel
index table mechanism
 List of Publications – Int. Conference

• Secured Cloud Storage using Multi-Clouds , M.V.Bramhe,

Dr. M.V.Sarode, Dr. L.G.Malik, International Conference on
Science Engineering and Technology (ICSET-2015) Dubai,
November 2015.
• Multi Cloud based Secured Storage System,
M.V.Bramhe, Dr. M.V. Sarode, International Conference on
Emerging Trends in Engineering and Technology on
Information Security and Analytics (ICETET-ISA -2018) in
association with e-SCI journal Helix, The Scientific Explorer
List of Publications - Patent & Int. Journals

 Patent on Hidden Owner Identity Mechanism for File

Storage Server (No. 201921003302A Indian Patent office
Journal No. 06/2019 dated 8th Feb. 2019
 D-HOM: A Novel Approach Towards Multilayer Security for
Cloud Storage Services , Accepted for
Ciencia e Tecnica Vitivinicola Journal (SCI Indexed)
 Invisible Ownership System for Secure File Storage Server,
Journal of Emerging Technologies and Innovative Research,
Vol. 6, Issue No. 2, February 2019
List of Publications - Patent & Int. Journals

 Design and Implementation of Secure File Storage using

Distributed Cloud Mechanism, International Journal of
Research and Analytical Reviews, Vol. 6, Issue 1, Jan-March
2019
 Multi-Cloud Secure Data storage using Cryptographic
Techniques, International Journal of Research in Advent
Technology, Vol. 7, Issue 1, January 2019
 Secure Cloud Data Storage :From Single to Multi-Cloud
Environment, International Journal of Research in Advent
Technology, Vol. 7, Issue 2, February 2019
 References
• [1] Lee Badger, Tim Grance, Robert Patt-Corner, Jeff Voas DRAFT Cloud Computing
Synopsis and Recommendations, NIST Special Publication 800-146, May 2011
• [2] Cloud Security Alliance (CSA). “Security Guidance for Critical Areas of Focus in Cloud
Computing V3.0,” (Released September 2011),
http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf.
• [3] Zhifeng Xiao and Yang Xiao, “Security and Privacy in Cloud Computing”, IEEE
Communications Surveys & Tutorials, March 2012
• [4] Mohammed A. AlZain, Eric Pardede, Ben Soh, James A. Thom, “Cloud Computing
Security: From Single to Multi-Clouds”, IEEE 45th Hawaii International Conference on
System Sciences, 2012
• [5] Singhal M., Chandrasekhar S., Tingjian Ge., Sandhu R., Krishnan R., Gail-Joon Ahn.,
Bertino E., “Collaboration in Multicloud Computing Environments: Framework and Security
Issues”, IEEE computer society journal, Vol. 46, Issue 2, pp. 76-84, Feb 2013
• [6] Bohli J., Gruschka N., Jensen M., Lo Iacono L., Marnau N, “Security and Enhancing
Multi-Cloud Architectures,” IEEE Transaction on Dependable and secure computing, Vol PP,
Issue 99, 2013
 References
• [7] Tran Doan Thanh, Subaji Mohan, Eunmi Choil, SangBum Kim, Pilsung Kim “A
Taxonomy and Survey on Distributed File Systems,” IEEE Fourth International Conference
on Networked Computing and Advanced Information Management, 2008
• [8] Paval Bzoch, Jiri Safarik, “Security and reliability of distributed file systems,” 6th IEEE
international con. on intelligent data acquisition and advanced computing systems, Sep 2011
• [9] Dalibor Peric, Thomas Bocek, Fabio Victora Hecht, David Hausheer, Burkhard Stiller, “
The design and evaluation of a distributed reliable file system,” Int. Conference of parallel
and distributed computing, application and technologies, 2009
• [10] Jumpei Arakawa, Koichi Sasada, “A decentralised access control mechanism using
authorization certificate for distributed file systems,” 6th Int. Conference on internet
technology and secured transactions, UAE, December 2011
• [11] Hung-Chang Haiao, Hsueh –Yi Chung, Haiying Shen, Yu-Chang Chao, “Load
rebalancing for distributed file systems in clouds,” IEEE transactions on parallel and
distributed systems, Vol. 24, No. 5, May 2013
• [12] Hadoop Distributed File System, http://hadoop.apache.org/hdfs/2012
• [13] Satyanarayanan, M., "A Survey of Distributed File Systems," Technical Report CMU-
CS-89- 116, Department of Computer Science, Carnegie Mellon University, 1989
• [14] Sandesh Uppoor, Michail D. Flouris, Angelos Bilas, “Cloud-based synchronization of
distributed file system hierarchies,” IEEE , 2010
 References
• [15] Paval Bzoch, Distributed File Systems, Technical Report no. DCSE/TR-2012-02,
University of West Bohemia, June 2012
• [16] Su Chen, Yi Chen, Hai Jiang, Laurence T Yang, Kuan-Ching Li, “ A secure distributed
file system based on revised Blakely’s secret sharing scheme,” 11th IEEE international
conference on trust, security and privacy in computing and communications, 2012
• [17] Fan-Hsun Tseng, Chi-Yuan Chen, Li-Der Chou, Han-Chieh Chao, “Implement a reliable
and secure cloud distributed file system,” IEEE international symposium on intelligent signal
processing and communication systems, November 2012
• [18] Shushant Shrivastava, Vikas Gupta, Rajesh Yadav, Krishna Kant, “Enhanced Distributed
storage on the cloud,” IEEE 3rd international conference on computer and Communication
technology, 2012
• [19] Kheng Kok Mar, “Secured virtual diffused file system for the cloud,” 6th International
IEEE conference on internet technology and secured transactions, UAE, December 2011
• [20] Monali Shrawankar, Ashish K. Shrivastava , “Comparative Study of Security
Mechanisms in Multi-Cloud Environment,” International Journal of Computer
Applications,Vol. 77, No. 6, September 2013
• [21] Nitesh Shrivastava, Ganesh Kumar, “A Survey on cost effective multi-cloud storage in
cloud Computing, “ International Journal of Advanced Research in Computer Engg. and
Technology, Volume 2, Issue 4, April 2013
• [22] Nasheet el-Khameesy, Hossam Abdel Rahman, “A Proposed Model for Enhancing Data
Storage Security in Cloud Computing Systems, “ Journal of Emerging Trends in Computing
and Information Sciences, Vol. 3 , No. 6, June 2012
 References
• [22] Nasheet el-Khameesy, Hossam Abdel Rahman, “A Proposed Model for Enhancing Data
Storage Security in Cloud Computing Systems, “ Journal of Emerging Trends in Computing
and Information Sciences, Vol. 3 , No. 6, June 2012
• [22] Chien-An Chen, Myounggyu Won, RaduStoleru, GeofferyXie, “Energy-Efficient fault-
tolerant data storage and processing in mobile cloud,” IEEE Transactions on Cloud
Computing, Vol. 3, No. 1, January 2014
• [23] Quanlu Zhang, Shenglong Li, Zhenhua Li, Yuanjian Xing, Zhi Yang, Yafei Dai, “ CHARM: A
Cost-efficient multi cloud data hosting scheme with high availability,” IEEE Transactions on
Cloud Computing, Vol. 3, Issue 3, July-September 2015
• [24] Alysson Bessani Miguel Correia Bruno Quaresma Fernando Andre Paulo Sousa, "
DEPSKY: Dependable and Secure Storage in a Cloud-of-Clouds", ACM Transaction on
Storage, Vol. 9,No. 4, Article 12. November 2013
• [25] Sancha Pereira, Andre Alves, Nuno Santos, Ricardo Chaves , "Storekeeper: A Security-
Enhanced Cloud Storage Aggregation Service", IEEE 35th Symposium on Reliable Distributed
Systems, 2016
 References

• [26] Hussam Abu-Libdeh, Lonnie Princehouse, Hakim Weatherspoon, " RACS: A Case for
Cloud Storage Diversity", International conference for Internet technology and Secured
Transaction, December 2012
• [27] Kevin D. Bowers, Ari Juels, Alina Oprea, "HAIL: A High-Availability and Integrity
Layer for Cloud Storage", 16th ACM conference on Computer and communications security,
November 2009.
• [28] Dan Dobre, Paolo Viotti, Marko Vukolic, " Hybris: Robust Hybrid Cloud Storage",
• ACM Transactions on Storage, Vol . 13, Issue 3, October 2017
• [29] Mazhar Ali, Kashif Bilal, Samee U. Khan, Bharadwaj Veeravalli, Keqin Li, Albert Y.
Zomaya, " DROPS: Division and Replication of Data in Cloud for Optimal Performance and
Security", IEEE Transactions on Cloud Computing, Vol. 6, Issue 2, June 2018
•
THANK YOU