GRD Journals | Global Research and Development Journal for Engineering | International Conference on Innovations in Engineering and Technology

(ICIET) - 2016 | July 2016

e-ISSN: 2455-5703

Security and Privacy Enhancing in Multi-Cloud

Architecture with Data De-Duplication
1N.

R. Anitha Rani 2P. Prem Kumar

1
P. G Student 2Associate Professor
1,2
Department of Computer Science & Engineering
1,2
K.L.N College of Engineering Pottapalayam, Sivagangai 630612, India
Abstract
Cloud computing makes IT more efficient and cost effective in todays world. Cloud computing act as a virtual server that the user
can access via internet on a needed basis and this eliminates the need for the companies to host their own servers and purchase of
expensive software. On the other hand there arise many new types of cyber theft. The main concerns in cloud computing are data
integrity, security and enhancement of storage space in the cloud. This paper focuses on maintaining data integrity and security
from a users perspective and also provides clear understanding of achievable security merits by using multiple distinct clouds
simultaneously and enhancing storage space of public cloud by DE duplication from a cloud service providers perspective.
Symmetric key encryption is used to prevent unauthorized user from accessing data. Convergent encryption is used to maintain
data confidentiality.
Keyword- Data DE duplication, Data Confidentiality, Security, Data Integrity, Multi-Cloud
__________________________________________________________________________________________________

I. INTRODUCTION
In the current IT environment every organization is need to invest time and budget to scale up the IT infrastructure such as
hardware, software and services. Cloud computing provides computing over the internet. Cloud services consist of highly
optimized virtual Data Center that provides various software, hardware and information resource to the needful users. The
organization can simply connect to the cloud and use the available resource on pay per user basis. This helps the company to avoid
capital expenditure on additional on premise Infrastructure resource and instantly scale up or scale down according to business
requirements[1].
Data DE duplication [Fig 1.] is very essential in todays world to achieve bandwidth optimization and to lower the storage
space by eliminating redundant data copies[2].

Fig. 1: Data DE duplication

Data DE duplication can be performed at two levels:

1) File Level DE duplication: eliminates duplicate copies of identical files.
2) Block Level DE duplication: eliminates duplicate data blocks in non-identical files
The first and foremost challenge in the current IT world is to prevent sensitive data from being accessed by unauthorized
users. In conventional encryption different users use their own key to encrypt data and as a result different cipher text is generated
for the same file which belongs to different users. This makes DE duplication highly impossible. To overcome this symmetric key
encryption is used to generate same key to encrypt and decrypt identical file of different users. Convergent key encryption provides
data confidentiality and checks for redundant copies of data. Secure proof of ownership prevents unauthorized users to access
data[3].

All rights reserved by www.grdjournals.com

145

Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication

(GRDJE / CONFERENCE / ICIET - 2016 / 024)

II. RELATED WORK

A. A Secure DE duplication With Efficient and Reliable [17] Convergent Key Management
The elimination of redundant data within the existing environment is called Data DE duplication. It is mainly used in cloud storage
environment to reduce both bandwidth and storage space. The proposed system aims at achieving proficient and trustworthy
convergent key management through convergent key DE duplication and to reduce enormous number of key generation with
increase in number of users[4].
1) Methodology Used in This System
1) Convergent Encryption [14]: ensures protection against unauthorized users in DE duplication.
2) Dekey: It creates secret shares on original convergent key and sends the shares across multiple key management cloud service
providers. The multiple users who share the same block can access the same corresponding convergent keys.
2) Characteristics
1) Increase the storage in cloud by applying DE duplication on convergent key[5] and ensures reliable key management.
2) File Level and Block Level DE duplication is supported by Dekey.
B. Secure Distributed DE duplication Systems with Improved Reliability [19]
Data DE duplication is the process of eliminating redundant copies of data in cloud storage. The main aim data deduplication is to
reduce [12] storage space and upload bandwidth. When the data is outsourced their arise confrontation regarding privacy of sensitive
data. In the proposed system the data chunks are distributed across multiple cloud [6] servers with higher reliability and uses
deterministic secret sharing scheme in distributed storage for data confidentiality.
1)
1)

2)

Methodology Used in This System

Secret Sharing Scheme: It consist of two algorithms Share and Recover
Share: The secret key is divided and shared
Recover: With enough shares the secret key can be extracted and recovered.
Tag Generation Algorithm: Maps the original data copy and the tag which is used by the user to perform duplicate check with
the server.
3) Proof Of Ownership[11]: Takes inputs as file and an index then generate tag[7] as output which is used for proof of ownership.
4) Message Authentication Code[8]: It is a short piece of information used to authenticate message and provides integrity.
2) Characteristics
1) Minimize network and storage overhead by detecting and eliminating [10] redundancy among data blocks.
2) Ensures fault tolerance even if certain number of node fails [9].
C. Secure Auditing and DE duplicating Data in Cloud [15]
In outsourced cloud storage, data maintenance is not highly reliable. The main aim of this project is to resolve the problem of
integrity auditing and enhance DE duplication along with data reliability in the outsourced cloud storage. In this system two secure
systems, are constructed (i.e.) SecCloud and SecCloud+, which helps to achieve both data integrity[16] and secure deduplication.
1) Methodology Used in This System
1) SecCloud
SecCloud initiates an auditing entity with a preservation of a MapReduce cloud. It generates set of data tags and sends these tags
while uploading the files to the cloud server by the client. Further it also audit the integrity of data stored in cloud. The SecCloud[20]
system supports file level DE duplication and intercept the leakage of side channel information.
2) SecCloud+:
SecCloud+ system grants integrity auditing and data DE duplication on encrypted files. The client with of the key server generates
convergent key to encrypt the file before uploading to the cloud server. This system permits the guarantee of file confidentiality.
The convergent key to encrypt the uploading file is generated and controlled by a secret key. It supports file level DE duplication
and sector level DE duplication.
2) Characteristics
1) It provides the integrity auditing by clustering the files with removing the duplicate.
2) The duplicate files are detected with a single copy of the file by mapping with the existing file in the cloud.
D. Security and Privacy Enhancing Multicloud Architecture [13]
Security issues in cloud computing technology seems to increase day by day and this results in many new novel security approaches
and techniques. This paper focuses on maintaining data integrity and providing security merits by using multiple distinct clouds
simultaneously.

All rights reserved by www.grdjournals.com

146

Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication

(GRDJE / CONFERENCE / ICIET - 2016 / 024)

1) Methodology Used in This System

1) Partition of Application Data into Fragments by Searchable encryption:
The application data is partitioned and distributed to distinct cloud by cryptographic data splitting by using Searchable encryption
which allows keyword search on encrypted data if an authorized token for the keyword is provided. The keys are stored in a private
cloud whereas the data resided in the public cloud which is not trustworthy.
E. Characteristics
1) The application data is fragmented and stored in multiple clouds which improve the Data Confidentiality.
2) The fragmented data[21] is stored in encrypted format which prevent malicious users from accessing data.

III. EXISTING SYSTEM

Aiming at efficiently solving the problem of DE duplication with differential privileges in cloud computing, a hybrid cloud
architecture is considered consisting of a public cloud and a private cloud. Private cloud is involved as a proxy to allow data
owner/users to securely perform duplicate check with differential privileges. Such architecture is practical and has attracted much
attention from researchers. The data owners only outsource their data storage by utilizing public cloud while the data operation is
managed in private cloud. A DE duplication system supporting differential duplicate check is proposed under this hybrid cloud
architecture where the S-CSP resides in the public cloud. The user is only allowed to perform the duplicate check for files marked
with the corresponding privileges. An advanced scheme to support stronger security by encrypting the file with differential
privilege keys. The users without corresponding privileges cannot perform the duplicate check .In the existing system, the actual
file is stored in public cloud and there is a possibility of security breach for the data stored. The efficiency of the existing system
is low when using a single Public cloud for storage. Uploading and retrieval of huge data takes more time.

IV. PROPOSED SYSTEM

In the proposed system multiple distinct clouds are used in order to bring down the risk of malicious data manipulation and
maintain data integrity. The partition of application data and store them in multiple distinct cloud makes difficult for cloud service
provider to gain access to all data and make strong hold for data confidentiality. Further in this model an authorized data DE
duplication is achieved with minimal overhead when compared with traditional DE duplication in a secured manner.
A. Proposed Modules
1) Data Owners Module
An owner is an entity that wants to outsource data to the S-CSP (Storage Cloud Service Provider) and access the data later. In a
storage system supporting DE duplication, only unique data is uploaded and avoid uploading any duplicate data which may be
owned by the same owner or different owners. In the authorized DE duplication system, each file is protected with the convergent
encryption key[18] and privilege keys to realize the authorized DE duplication with differential privileges.
2) Private Cloud Module
This is a new entity introduced for facilitating owners secure usage of cloud service. Private cloud is able to provide data owner
with an execution environment and act as an interface between owner and the public cloud. The privileges for owners are managed
by the private cloud.
3) Multi Cloud Service Provider Module
This is an entity that provides a data storage service for multi cloud. The S-CSP (Storage Cloud Service Provider) provides the
data outsourcing service and stores data on behalf of the owners. To reduce the storage cost, the S-CSP eliminates the storage of
redundant data via DE duplication and keeps only unique data. The file is fragmented into blocks [Fig 2.] and only the encrypted
data blocks are sent across multiple cloud servers to enhance data security.

All rights reserved by www.grdjournals.com

147

Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication

(GRDJE / CONFERENCE / ICIET - 2016 / 024)

Fig. 2: Multi-Cloud System

4) Data Integrity Module

This module informs the Private Cloud about the modified block while being updated by the owner. It enhances data integrity
check and acts as an auditor. This module provides an additional support to the private server while achieving data DE duplication
and data integrity.

V. RESULT AND DISCUSSION

10
9
8
7
6

Existing Model

Proposed Model

4
3
2
1

om
pl
ia
nc
e

os
t

In
te
gr
i ty

Se
cu
rit
y
Ea
se
of
U
se

on
fi d
en
ti a
li t
y

Fig. 3: Comparison chart of Existing and Proposed System

From these results [Fig 3.] the data integrity and security is enhanced further in hybrid cloud with data stored in an encrypted
format. The partition of application data into fragments allows sharing fine grained fragments of data in multi cloud. The ease of
accessibility is highly increased by deploying the model in a hybrid cloud environment. The cost incurred in maintaining the data
integrity is high.

VI. CONCLUSION
The notion of authorized data DE duplication was proposed to protect the data security by including differential privileges of users
in the duplicate check. Several new DE duplication constructions supporting authorized duplicate check in hybrid cloud
architecture, in which the duplicate-check tokens of files are generated by the private cloud server with private keys. The private
cloud act as an interface between the public cloud and the user. The data is encrypted and send across multiple cloud servers to
enhance data security. Data integrity check is done by private cloud server and make the system more secure.

All rights reserved by www.grdjournals.com

148

Security and Privacy Enhancing in Multi-Cloud Architecture with Data De-Duplication

(GRDJE / CONFERENCE / ICIET - 2016 / 024)

REFERENCES
[1] Ahamed K.Elmagarmid, Panagiotis G. Ipeirotis, Vassilios S. Verykios. (2007), Duplicate Record Detection: A Survey, IEEE
Transactions on Knowledge and Data Engineering, Vol. 19, No. 1, pp.1-16.
[2] Anderson P and Zhang L. (2010), Fast and secure laptop backups with encrypted de-duplication, In Proc. of USENIX LISA.
[3] Bellare M,Keelveedhi S, and Ristenpart T. (2013), Dupless: Server Aided encryption for deduplicated storage, In USENIX
Security Symposium, pp. 179-194.
[4] Bellare M,Keelveedhi S, and Ristenpart T. (2013), Message-locked encryption and secure deduplication, In EUROCRYPT,
pp.296 312.
[5] Bellare M, Namprempre C, and Neven G. (2008),Security proofs for identity-based identification and signature schemes,
Journal of Cryptology, Vol. 22, No. 1, pp. 161.
[6] Bugiel S, Nurnberger S, Sadeghi A, and Schneider T. (2011), Twin clouds: An architecture for secure cloud computing, In
Workshop on Cryptography and Security in Clouds, pp. 32-44.
[7] Chang Liu, Rajiv Ranjan, Chi Yang ,Xuyun Zhang.(2015),MuR-DPA: Top-Down Levelled Multi-Replica Merkle Hash Tree
Based Secure Public Auditing for Dynamic Big Data Storage on Cloud,IEEE Transactions on Computers, Vol. 64 , No 9, pp
2609 2622.
[8] Cheng-Kang Chu, Sherman S.M. Chow, Wen-Guey Tzeng, Jianying Zhou, Robert H. Deng.(2014),KeyAggregatecryptosystem for Scalable Data Sharing in Cloud Storage, IEEE Transactions on Parallel and Distributed Systems,
Vol. 25, No 2, pp. 468 477.
[9] Douceur J R , Adya A, Bolosky W J, Simon D, and Theimer M. (2002), Reclaiming space from duplicate files in a serverless
distributed file system, In ICDCS, pp 617624.
[10] Ferraiolo D and Kuhn R. (1992), Role-based access controls, In 15th NIST-NCSC National Computer Security Conf.,.
[11] Halevi S,Harnik D,Pinkas B,Ra Shulman-peleg. (2011), Proof of ownership in remote storage systems, ACM Conference
on Computer and Communications Security, pp. 491-500.
[12] Huang, Ming Xian, Shaojing Fu, Jian Liu. (2014), Securing the cloud storage audit service: defending against frame and
collude attacks of third party auditor , IET Communications, Vol. 8, No 12, pp. 2106 2113.
[13] Jens-Matthias Bohli, Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, and Ninja Marnau. (2013), Security and Privacy
Enhancing Multicloud Architectures, IEEE Transaction on Dependable and Secure Computing, Vol. 10, No. 4, pp. 212
224.
[14] Jia Yu, Kui Ren, Cong Wang. (2016),Enabling Cloud Storage Auditing with Verifiable Outsourcing of Key Updates, IEEE
Transactions on Information Forensics and Security, Vol. PP , No 99, pp. 1.
[15] JingweiLi, Xie, D.,Cai, Z. (2015), Secure Auditing and Deduplicating data in Cloud, IEEE Transaction on Computers, Vol.
PP, No. 99, pp. 1.
[16] Jin Li, Xiaofeng Chen, Fatos Xhafa, Leonard Barolli. (2015), Secure Deduplication storage systems supporting keyword
search, Journal of Computer and System Sciences-ACM, Vol. 81, No. 8, pp.1532- 1541.
[17] Jin Li, Xiaofeng Chen, Mingqiang Li, Jingwei Li, Patrick P.C, Lee and Wenjing Lou.(2014). Secure Deduplication with
Efficient and Reliable Convergent Key Management, IEEE Transactions on Parallel and Distributed Systems, Vol. 25, No.
6, pp.1615-1625.
[18] Jin Li, Yan Kit Li, Xiaofeng Chen, Patrick P. C. Lee, Wenjing Lou. (2015), A Hybrid Cloud Approach for Secure Authorized
Deduplication, IEEE Transactions on Parallel and Distributed Systems, Vol. 26, No. 5, pp.1206 1216.
[19] Li J., Chen X., Huang X., Tang S., Xiang Y., Hassan M, Alelaiwi. (2015), Secure Distributed Deduplication Systems with
Improved Reliability, IEEE Transactions on Computers, Vol. PP, No. 99, pp.1.
[20] Li Chaoling, Chen Yue, Zhou Yanzhou. (2014), A Data assured deletion scheme in cloud storage, IEEE Transactions on
Communications, Vol.11, No.4, pp 98-110.
[21] Seung-Hyun Seo, Mohamed Nabeel, Xiaoyu Ding, Elisa Bertino. (2014), An Efficient Certificate less Encryption for Secure
Data Sharing in Public Clouds ,IEEE Transactions on Knowledge and Data Engineering, Vol. 26, No. 9, pp 2107 2119.

All rights reserved by www.grdjournals.com

149