Tees- An Efficient Search Scheme Over Encrypted Data On Mobile Cloud

ABSTRACT:

Cloud storage provides a convenient, massive, and scalable storage at low cost, but data privacy is a major concern that prevents users from storing files on the cloud trustingly. One way of enhancing privacy from data owner point of view is to encrypt the files before outsourcing them onto the cloud and decrypt the files after downloading them. However, data encryption is a heavy overhead for the mobile devices, and data retrieval process incurs a complicated communication between the data user and cloud. Normally with limited bandwidth capacity and limited battery life, these issues introduce heavy overhead to computing and communication as well as a higher power consumption for mobile device users, which makes the encrypted search over mobile cloud very challenging. In this paper, we propose TEES (Traffic and Energy saving Encrypted Search), a bandwidth and energy efficient encrypted search architecture over mobile cloud. The proposed architecture offloads the computation from mobile devices to the cloud, and we further optimize the communication between the mobile clients and the cloud. It is demonstrated that the data privacy does not degrade when the performance enhancement methods are applied. Our experiments show that TEES reduces the computation time by 23% to 46% and save the energy consumption by 35% to 55% per file retrieval, meanwhile the network traffics during the file retrievals are also significantly reduced.

AIM

The aim of this paper is TEES (Traffic and Energy saving Encrypted Search), a bandwidth and energy efficient encrypted search architecture over mobile cloud

SCOPE

The Scope of this paper is to the data privacy does not degrade when the performance enhancement methods are applied.

EXISTING SYSTEM

In this existing file encryption schemes and it cannot deal with compressing data. After that many methods of keyword search showed up. In Information Retrieval, F-IDF (term frequency-inverse document frequency) is a statistic which reflects how important a word is to a document in a collection or corpus. It is often used as a weighting factor in keyword-based retrieval and text mining. The TF-IDF algorithm proposed by Salton and McGill’s book is one of the most popular schemes, among other schemes as encrypted search includes Boolean keyword search and ranked keyword search. In Boolean keyword search the server sends back files only based on the existence or absence of the keywords, without looking at their relevance. It provided a scheme of keyword search, but it does not send back the most relevant files. In ranked encrypted search, the server sends back the top-k ranked files. Most of the previous schemes used OPE to encrypt the index of the file set, although the fully homomorphic encryption method could also be used.

DISADVANTAGES:

1.  Data  encryption is a heavy overhead for the mobile devices, and data retrieval process incurs a complicated communication between the data user and cloud
2. Limited  bandwidth capacity and limited battery life, these issues introduce heavy overhead to computing and communication as well as a higher power consumption for mobile device users, which makes the encrypted search over mobile cloud very challenging.

PROPOSED SYSTEM

Currently, many researches focus on improving the encrypted search accuracy with multi-keywords ranking. Wang et al. proposed a one round trip search scheme which could search the encrypted data. It worth noticing that multi-keyword ranked search may incur more serious Keywords-files Association Leak problem (mentioned in Section If attackers observed the keywords and the return files to learn some relationships between keywords and files, especially through wireless communication channels for mobile cloud. Cao et al. proposed privacy preserving method for multi-keyword encrypted search with a way to control the ‘double key leak”. In a fuzzy multi-keyword fuzzy search scheme was presented, but it suffers from inefficient search time with two round-trip communications. Note that multi-keyword is potentially the future main stream encrypted search scheme with higher searching accuracy, but current on-going research cannot provide an authoritative method. Therefore, we will employ the single keyword with OPE TF-IDF encryption method as a basis to establish a more power and traffic efficient encrypted data search architecture.

ADVANTAGES

1. TEES reduces the computation time by 23% to 46% and save the energy consumption by 35% to 55% per file retrieval.
2.  The network traffics during the file retrievals are also significantly reduced.

SYSTEM ARCHITECTURE

SYSTEM CONFIGURATION

HARDWARE REQUIREMENTS:-

·       Processor                    -   Pentium –III

·      Speed            -    1.1 Ghz

·      RAM             -    256 MB(min)

·      Hard Disk              -   20 GB

·      Floppy Drive         -    1.44 MB

·      Key Board             -    Standard Windows Keyboard

·      Mouse           -    Two or Three Button Mouse

·      Monitor                 -    SVGA

SOFTWARE REQUIREMENTS:-

·      Operating System          : Windows  7                                  

·      Front End                      : JSP AND SERVLET

·      Database                       : MYSQL

REFERENCE:

Ma, R. ; Guan, H. Li, J. “TEES: An Efficient Search Scheme over Encrypted Data on Mobile Cloud” IEEE/ACM Transactions on Cloud Computing Volume PP,  Issue 99 FEBRUARY  2015.

Selcsp: A Framework To Facilitate Selection Of Cloud Service Providers

 Abstract

With rapid technological advancements, cloud marketplace witnessed frequent emergence of new service providers with similar offerings. However, service level agreements (SLAs), which document guaranteed quality of service levels, have not been found to be consistent among providers, even though they offer services with similar functionality. In service outsourcing environments, like cloud, the quality of service levels are of prime importance to customers, as they use third-party cloud services to store and process their clients’ data. If loss of data occurs due to an outage, the customer’s business gets affected. Therefore, the major challenge for a customer is to select an appropriate service provider to ensure guaranteed service quality. To support customers in reliably identifying ideal service provider, this work proposes a framework, SelCSP, which combines trustworthiness and competence to estimate risk of interaction. Trustworthiness is computed from personal experiences gained through direct interactions or from feedbacks related to reputations of vendors. Competence is assessed based on transparency in provider’s SLA guarantees. A case study has been presented to demonstrate the application of our approach. Experimental results validate the practicability of the proposed estimating mechanisms

Aim

The aim of this paper proposes a framework, SelCSP, which combines trustworthiness and competence to estimate risk of interaction.

Scope:

The scope of this paper tends to validate the practicability of the proposed estimating the risk of interaction.

Existing System

In most cases, it has been observed that the failover time is quite long and customers’ businesses were hugely affected owing to lack of recovery strategy on vendor side. Moreover, in some instances, customers were not even intimated about the outage by providers. Cloud providers may use the high-quality first replication (HQFR) strategy proposed in to model their recovery mechanism. In this work, authors propose algorithms to minimize replication cost and the number of QoS-violated data replicas. Hence, it is desirable from customer’s point of- view to avoid such loss, rather than getting guarantees of service credits following a cloud outage. Avoidance of data loss requires reliable identification of competent service provider. As customer does not have control over its data deployed in cloud, there is a need to estimate risk prior to outsourcing any business onto a cloud. This motivated us to propose a risk estimation scheme which makes a quantitative assessment of risk involved while interacting with a given service provider.

 Disadvantages

1.  Lack of assurances and violations for SLA guarantees
2. Multi-tenancy, lack of customer’s control over their data and application
3. Non-transparency with respect to security profiles of remote datacenter locations

 Proposed System

In this paper estimation of risk of interaction in cloud environment has not been addressed. Hence, in this respect, the current work is significant as it proposes a framework, SelCSP , which attempts to compute risk involved in interacting with a given cloud service provider. The framework estimates perceived level of interaction risk by combining trustworthiness and competence of cloud provider. Trustworthiness is computed from ratings obtained through either direct interaction or feedback.

 Advantages

1.  The framework estimates trustworthiness in terms of context-specific, dynamic trust and reputation feedbacks.
2.  Both these entities are combined to model interaction risk, which gives an estimate of risk level involved in an interaction

 System Architecture

System Configuration

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

References

Ghosh, N.,Ghosh, S.K.,  Das, S.K. “SelCSP: A Framework to Facilitate Selection of Cloud Service Providers” IEEE Transactions on Cloud Computing, Volume 3 ,  Issue 1 JULY 2014.

Secure Auditing and Deduplicating Data in Cloud

Abstract

As the cloud computing technology develops during the last decade, outsourcing data to cloud service for storage becomes an attractive trend, which benefits in sparing efforts on heavy data maintenance and management. Nevertheless, since the outsourced cloud storage is not fully trustworthy, it raises security concerns on how to realize data deduplication in cloud while achieving integrity auditing. In this work, we study the problem of integrity auditing and secure deduplication on cloud data. Specifically, aiming at achieving both data integrity and deduplication in cloud, we propose two secure systems, namely SecCloud and SecCloud+. SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. Compared with previous work, the computation by user in SecCloud is greatly reduced during the file uploading and auditing phases. SecCloud+ is designed motivated by the fact that customers always want to encrypt their data before uploading, and enables integrity auditing and secure deduplication on encrypted data.

Aim

The project is aiming at achieving both data integrity and deduplication in cloud.

Scope

The scope of this project is to generate two secure systems, SecCloud and SecCloud+ for achieving both data integrity and deduplication in cloud.

Existing System

Cloud storage is a model of networked enterprise storage where data is stored in virtualized pools of storage which are generally hosted by third parties. Cloud storage provides customers with benefits, ranging from cost saving and simplified convenience, to mobility opportunities and scalable service. These great features attract more and more customers to utilize and storage their personal data to the cloud storage: according to the analysis report, the volume of data in cloud is expected to achieve 40 trillion gigabytes in 2020.

 Disadvantages

Even though cloud storage system has been widely adopted, it fails to accommodate some important emerging needs such as the abilities of auditing integrity of cloud files by cloud clients and detecting duplicated files by cloud servers. We illustrate both problems below.

·      The first problem is integrity auditing

 How can the client efficiently perform periodical integrity verifications even without the local copy of data files. The second problem

·      The second problem is secure deduplication

How can the cloud servers efficiently confirm that the client (with a certain degree  assurance) owns the uploaded file (or block) before creating a link to this file (or block) for him/her.

Proposed System

SecCloud introduces an auditing entity with a maintenance of a MapReduce cloud, which helps clients generate data tags before uploading as well as audit the integrity of data having been stored in cloud. This design fixes the issue of previous work that the computational load at user or auditor is too huge for tag generation. For completeness of fine-grained, the functionality of auditing designed in SecCoud is supported on both block level and sector level. In addition, SecCoud also enables secure deduplication. Notice that the “security” considered in SecCoud is the prevention of leakage of side channel information. In order to prevent the leakage of such side channel information,  the tradition of and design a proof of ownership protocol between clients and cloud servers, which allows clients to prove to cloud servers that they exactly own the target data. Motivated by the fact that customers always want to encrypt their data before uploading, for reasons ranging from personal SecCloud as with [4] and propose the SecCloud+ schema. Besides supporting integrity auditing and secure deduplication, SecCloud+ enables the guarantee of file confidentiality. Specifically, thanks to the property of deterministic encryption in convergent encryption, we propose a method of directly auditing integrity on encrypted data. The challenge of deduplication on encrypted is the prevention of dictionary attack. As with, we make a modification on convergent encryption such that the convergent key of file is generated and controlled by a secret “seed”, such that any adversary could not directly derive the convergent key from the content of file and the dictionary attack is prevented.

Advantages
·      The computation by user in SecCloud is greatly reduced during the file uploading and auditing phases.
·      SecCloud+ is an advanced construction motivated by the fact that customers always want to encrypt their data before uploading, and allows for integrity auditing and secure deduplication directly on encrypted data.

System Architecture

System specification

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

References

Jingwei Li, Jin Li, Dongqing Xie and Zhang Cai “SECURE AUDITING AND DEDUPLICATING DATA IN CLOUD”, IEEE Transactions on Computers Volume: PP ,  Issue: 99,  26 January 2015.

A SECURE ANTI-COLLUSION DATA SHARING SCHEME FOR DYNAMIC GROUPS IN THE CLOUD

ABSTRACT:

Benefited from cloud computing, users can achieve an effective and economical approach for data sharing among group members in the cloud with the characters of low maintenance and little management cost. Meanwhile, we must provide security guarantees for the sharing data files since they are outsourced. Unfortunately, because of the frequent change of the membership, sharing data while providing privacy-preserving is still a challenging issue, especially for an untrusted cloud due to the collusion attack. Moreover, for existing schemes, the security of key distribution is based on the secure communication channel, however, to have such channel is a strong assumption and is difficult for practice. In this paper, we propose a secure data sharing scheme for dynamic members. Firstly, we propose a secure way for key distribution without any secure communication channels, and the users can securely obtain their private keys from group manager. Secondly, our scheme can achieve fine-grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud again after they are revoked. Thirdly, we can protect the scheme from collusion attack, which means that revoked users cannot get the original data file even if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we can achieve a secure user revocation scheme. Finally, our scheme can achieve fine efficiency, which means previous users need not to update their private keys for the situation either a new user joins in the group or a user is revoked from the group.

AIM

The aim of this paper is to propose a secure data sharing scheme for dynamic members.

SCOPE

The scope of this paper tends to our scheme can achieve fine efficiency, which means previous users need not to update their private keys for the situation either a new user joins in the group or a user is revoked from the group.

EXISTING SYSTEM

A secure access control scheme on encrypted data in cloud storage by invoking role-based encryption technique. It is claimed that the scheme can achieve efficient user revocation that combines role-based access control policies with encryption to secure large data storage in the cloud. Unfortunately, the verifications between entities are not concerned, the scheme easily suffer from attacks, for example, collusion attack. Finally, this attack can lead to disclosing sensitive data   files presented a practical and flexible key management mechanism for   trusted collaborative computing. By leveraging access control polynomial, it is designed to achieve efficient access control for dynamic groups. Unfortunately, the secure way for sharing the personal permanent portable secret between the user and the server is not supported and the private key will be disclosed once the personal permanent portable secret is obtained by the attackers.  proposed a privacy preserving policy-based content sharing  scheme in public clouds. However, this scheme is not secure because of the weak  protection of commitment in the phase of identity token issuance.

DISADVANTAGES

1. Unfortunately, because of the frequent change of the membership, sharing data while providing privacy-preserving is still a challenging issue, especially for an untrusted cloud due to the collusion attack.
2.  The security of key distribution is based on the secure communication channel, however, to have such channel is a strong assumption and is difficult for practice.

PROPOSED SYSTEM

In this paper, propose a secure data sharing scheme for dynamic members. Firstly, we propose a secure way for key distribution without any secure communication channels, and the users can securely obtain their private keys from group manager. Secondly, our scheme can achieve fine-grained access control, any user in the group can use the source in the cloud and revoked users cannot access the cloud again after they are revoked. Thirdly, we can protect the scheme from collusion attack, which means that revoked users cannot get the original data file even if they conspire with the untrusted cloud. In our approach, by leveraging polynomial function, we can achieve a secure user revocation scheme. Finally, our scheme can achieve fine efficiency, which means previous users need not to update their private keys for the situation either a new user joins in the group or a user is revoked from the group.

ADVANTAGES

1.  Our scheme is able to support dynamic groups efficiently, when a new user joins in the group or a user is revoked from the group, the private keys of the other users do not need to be recomputed and updated.
2. Our scheme can achieve secure user revocation, the revoked users can not be able to get the original data files once they are revoked even if they conspire with the untrusted cloud.

SYSTEM ARCHITECTURE

  

SYSTEM CONFIGURATION:-

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

REFERENCE:

Jian Li, Ruhui Ma, Haibing Guan, “TEES: AN EFFICIENT SEARCH SCHEME OVER ENCRYPTED DATA ON MOBILE CLOUD”

Psmpa: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributed M-Healthcare Cloud Computing System

 ABSTRACT

Distributed m-healthcare cloud computing system significantly facilitates efficient patient treatment for medical consultation by sharing personal health information among healthcare providers. However, it brings about the challenge of keeping both the data confidentiality and patients’ identity privacy simultaneously. Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited. To solve the problem, in this paper, a novel authorized accessible privacy model (AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute-based designated verifier signature, a patient self controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. The directly authorized physicians, the indirectly authorized physicians and the unauthorized persons in medical consultation can respectively decipher the personal health information and/or verify patients’ identities by satisfying the access tree with their own attribute sets. Finally, the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead.

AIM

The main aim of this paper is a novel authorized accessible privacy model (AAPM) is based on devised by  a new technique of attribute-based designated verifier signature, a patient self controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed.

SCOPE

The scope of this paper is the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead.

EXISTING SYSTEM

The security facet, one of the main issues is access control of patients’ personal health information, namely it is only the authorized physicians or institutions that can recover the patients’ personal health information during the data sharing in the distributed m-healthcare cloud computing system. In practice, most patients are concerned about the confidentiality of their personal health information since it is likely to make them in trouble for each kind of unauthorized collection and disclosure. Therefore, in distributed m-healthcare cloud computing systems, which part of the patients’ personal health information should be shared and which physicians their personal health information should be shared with have become two intractable problems demanding urgent solutions. There has emerged various research results focusing on them.

DISADVANTAGES

·      The challenge of keeping both the data confidentiality and patients identity privacy simultaneously

·      Many existing access control and anonymous authentication schemes cannot be straightforwardly exploited

PROPOSED SYSTEM

In this paper, a novel authorized accessible privacy model (AAPM) is established. Patients can authorize physicians by setting an access tree supporting flexible threshold predicates. Then, based on it, by devising a new technique of attribute-based designated verifier signature, a patient self controllable multi-level privacy-preserving cooperative authentication scheme (PSMPA) realizing three levels of security and privacy requirement in distributed m-healthcare cloud computing system is proposed. The directly authorized physicians, the indirectly authorized physicians and the unauthorized persons in medical consultation can respectively decipher the personal health information and/or verify patients’ identities by satisfying the access tree with their own attribute sets. Finally, the formal security proof and simulation results illustrate our scheme can resist various kinds of attacks and far outperforms the previous ones in terms of computational, communication and storage overhead.

 ADVANTAGES

1.  PSMPA can resist various kinds of malicious attacks and far outperforms previous schemes in terms of storage, computational and communication overhead
2.  A patient self-controllable multilevel privacy-preserving cooperative authentication scheme (PSMPA) in the distributed m-healthcare cloud computing system is proposed, realizing three different levels of security and privacy requirement for the patients.

System Configuration

Hardware Requirements

• Speed                  -    1.1 Ghz
• Processor              -    Pentium IV
• RAM                    -    512 MB (min)
• Hard Disk            -    40 GB
• Key Board                    -    Standard Windows Keyboard
• Mouse                  -    Two or Three Button Mouse
• Monitor                -     LCD/LED

 Software requirements

• Operating System              : Windows 7             
•  Front End                           : ASP.Net and C#
• Database                             : MSSQL
• Tool                                    : Microsoft Visual studio

References

Xiaodong Lin , Xiaolei Dong ,Zhenfu Cao,Jun Zhou,“PSMPA: Patient Self-Controllable and Multi-Level Privacy-Preserving Cooperative Authentication in Distributedm-Healthcare Cloud Computing System” IEEE Transactions on Parallel and Distributed Systems Volume 26, Issue 6 March 2014.