International journal of scientific and technical research in engineering (IJSTRE)

www.ijstre.com Volume 1 Issue 1 April 2016.

Multi Cloud Data Storage System With High Level Authorized

Deduplication
SHOBANA.K

Mrs.GOKILAVANI.A

DR.RAJALAKSHMI

M.E (CSE)
Jay Sriram Group of
Institution
shobijayam@gmail.com

Assistant Professor
Jay Sriram Group of
Institution
gokisubbu@gmail.com

HOD(CSE)
Jay Sriram Group of
Institution
mrajislm@gmail.com

ABSTRACT Cloud computing is a climbing technology that as of late has drawn essential consideration from
each one exchange and academe. There is high amount of data stored in cloud from various clients,
deduplication is useful and efficient technique to make data management more scalable. Data deduplication is a
specialized data compression method for removing duplicate copies of repeating data in cloud storage. Data
deduplication removes the duplicate copies of repeating data. To encrypt the sensitive data, the convergent
encryption method has been proposed. It is first official attempt to address the issue of secure authorized data
deduplication. Our work is to propose new data deduplication construction supporting system which authorizes
data duplicate check in public multi cloud architecture.The result outcome shows that proposed authorized data
duplicate check scheme incurs minimal overhead in public multi cloud architecture as compared to normal
operations.

KEYWORDS Proof Of Ownership, Storage Cloud Service Provider, Data Sharing Scheme, Oblivious Pseudo
Random Function, Management Console Security.

I. INTRODUCTION
Cloud computing, or something being in the cloud, is an expression used to describe a variety of
different types of computing concepts that involve a large number of computers connected through a real-time
communication network such as the internet. In science, cloud computing is a synonym for distributed
computing over a network and means the ability to run a program on many connected computers at the same
time. The phrase is also more commonly used to refer to network-based services which appear to be provided by
real server hardware, which in fact is served up by virtual hardware, simulated by software running on one or
more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled
up (or down) on the fly without affecting the end userarguably, rather like a cloud.
To make data management scalable in cloud computing, deduplication has been a well-known technique and has
attracted more and more attention recently. Data deduplication is a specialized data compression technique for
eliminating duplicate copies of repeating data in storage. The technique is used to improve storage utilization
and can also be applied to network data transfers to reduce the number of bytes that must be sent. Instead of
keeping multiple data copies with the same content, deduplication eliminates redundant data by keeping only
one physical copy and referring other redundant data to that copy. Deduplication can take place at either the file
level or the block level. For file-level deduplication, it eliminates duplicate copies of the same file.
Deduplication can also take place at the block level, which eliminates duplicate blocks of data that occur in nonidentical files. Traditional deduplication systems based on convergent encryption, although providing
confidentiality to some extent, do not support the duplicate check with differential privileges. In other words, no
differential privileges have been considered in the deduplication based on convergent encryption technique. It
seems to be contradicted if we want to realize both deduplication and differential authorization duplicate check
at the same time.

II. Data Deduplication :

A. DupLESS: Server-Aided Encryption for Deduplicated Storage
Cloud storage service providers such as Google Drive, Dropbox, Mozy, and others perform data
deduplication to save space by only storing one copy of each data uploaded. Should users conventionally
encrypt their datas, thus, savings are lost. Message-locked encryption (the most prominent manifestation of
which is convergent encryption) determines this tension. Thus it is inherently subject to brute-force attacks that

Manuscript id. 626565474

www.ijstre.com

Page 1

Multi Cloud Data Storage System With High Level Authorized Deduplication
can recover datas falling into a known set. This proposed an architecture that provides secure deduplicated
storage resisting brute-force attacks, and realizes it in a system called DupLESS. In DupLESS, users encrypt
under message-based keys attained from a key-server via an unaware PRF protocol. It enables users to store
encrypted data/content with an existing service, have the service perform data deduplication on their behalf, and
yet achieves strong confidentiality guarantees.
However, previous deduplication systems cannot support differential authorization duplicate check,
which is important in many applications.
In existing data deduplication systems, the private cloud is involved as a proxy to allow data owner/users
to securely perform duplicate check with differential privileges.
Existing prototype overhead is high in file upload operations.

Fig.1. The definition of multicloud Architecture for Data Deduplication

B. Proofs of Ownership in Remote Storage Systems

Cloud storage systems introduce the notion of proofs-of - ownership (PoWs), which lets a user
efficiently prove to a server that that the user holds a data, rather than just some short information about it. This
formalizes the theory of proof-of-ownership, under accurate security definitions, and rigorous efficiency
requirements of Peta byte scale storage systems. This then present solutions based on Merkle trees and specific
encodings, and analyze their security. This implemented one variant of the approach. These performance
measurements indicate that the approach incurs only a small overhead compared to naive user-side data
deduplication.
In this work this put forward the notion of proof-of-ownership, by which a user can prove to a server
that it has a copy of a data without actually sending the data. This can be used to counter attacks on data-data
deduplication systems where the attacker obtains a short summary of the data and uses it to fool the server
into thinking that the attacker owns the entire data.

C. Cloud Deduplication
ClouDedup, a secure and efficient storage service which assures block-level data deduplication and
data/content confidentiality at the same time. Even though based on convergent encryption, ClouDedup remains
secure thanks to the definition of a component that implement an additional encryption operation and an access
control mechanism. Furthermore, as the requirement for data deduplication at block-level lifts an problem with
respect to key management, This suggest to include a new component in order to execute the keys management
for each block together with the actual data deduplication operation.
This designed a system which achieves confidentiality and enables block-level data deduplication at
the same time. This system is built on top of convergent encryption. This showed that it is worth performing
block-level data deduplication instead of data level data deduplication since the gains in terms of storage
space are not affected by the overhead of metadata management, which is minimal. Additional layers of
encryption are added by the server and the optional HSM. Thanks to the features of these components, secret
keys can be generated in a hardware dependent way by the device itself and do not need to be shared with
anyone else. As the additional encryption is symmetric, the impact on performance is negligible. This also
showed that this design, in which no component is completely trusted, prevents any single component from
compromising the security of the whole system. This solution also prevents curious cloud storage providers
from inferring the original content of stored data/content by observing access patterns or accessing metadata.

Manuscript id. 626565474

www.ijstre.com

Page 2

Multi Cloud Data Storage System With High Level Authorized Deduplication
Furthermore, this showed that this solution can be easily implemented with existing and widespread
technologies.

III. PROPOSED WORK

Hybrid clouds offer a greater flexibility to businesses while offering choice in terms of keeping control
and security. Hybrid clouds are usually deployed by the organizations willing to push part of their workloads to
Cloud Severs either for cloud convulsive purposes or for project requiring faster implementation.
Secure Data deduplication mechanism over multi-cloud architecture, where Private Cloud is integrated
as an intermediary to permit privileges to securely perform the data duplications check with differential
benefits. Our proposed work focuses on to reduce overhead by extern the hybrid cloud architecture for data
deduplication in terms of multi cloud integration system. Thus multi public clouds are integrating each other
and apply deduplication in each and every public cloud under receiving duplication check user request.
Through the proposed architecture reduce the overhead and execute the deduplication efficiently. The idea of
data deduplication with secured manner is the foremost objective of the proposed system, in this connection we
proposed secure data deduplication mechanism by distinguish sensitive and non-sensitive data at data uploading
into cloud level and apply the crypto algorithm for sensitive data by applying this data get secured and
authorized .Finally our system proves that our system has secured data deduplication mechanism with improved
storage space, reduced request/response load of public cloud and bandwidth.
Data Deduplication eradicates the redundant data by storing only the single copies of data. It uses the
convergent encryption technique to encrypt the data with Authorized duplicate check, so that only authorized
user with specified privileges can perform the duplicate check. The concept de-duplications save the bandwidth
and reduce the storage space. It also eradicates the duplicates of data in the cloud storage. It does not allow the
unauthorized user to steal information. Thus it provides lots of benefits based on the confidentiality, authorized
duplicate check also the cloud storage space as well as the healing information is prevented. We also present
several new data deduplication constructions supporting authorized duplicate check in a multi-cloud
architecture.
A. PUBLIC USER REGISTRATION AND LOGIN ACCESS
Private cloud takes charge of system parameters generation, user registration, proof of ownership, and
maintain the user privilege keys. In the given example, the private cloud is acted by the administrator of the
users and deduplication process. Therefore, we assume that the private cloud is fully trusted by the other parties.
Users are registered under private cloud for to upload, download or access datas in the cloud. Private cloud
distributes login access for every registered user which is used for connecting public cloud. Users details with
specific privilege keys periodically revoke to the cloud system for proof of ownership request member
authorization.
B. PRIVATE CLOUD SETUP
Maintain Users Privilege Keys
As cloud computing becomes prevalent, an increasing amount of data/content is being stored in the
cloud system and shared by users/clients with specified privileges, which define the access rights of the stored
data. So the private keys for the privileges are managed by the private cloud, who answers the file token
requests from the users/clients. The interface offered by the private cloud system allows user/client to submit
files and requested queries to be securely stored and computed respectively. The private keys for privileges
will not be delivered to users/clients directly, which will be kept and managed by the private cloud server
system.

User Token Request

To get a file token, the users/clients send a request to the private cloud server. To perform the
duplicate check for some file, the user/client needs to get the file token from the private cloud server system.
To support authorized deduplication, the tag of a request file will be determined by the request file and the
user privilege. To show the dissimilarity with traditional notation of tag, call it file token as an alternative. To
sustain authorized access, a secret key will be bounded with a requested user/client privilege to generate a file
token.
File Token Response
The private cloud server will also check the users/clients identity once receives request form
user/client before issuing the corresponding file token to the user/client. Users have access to the private cloud
server, a semi-trusted third party which will aid in performing data deduplicable encryption by generating file
tokens for the requesting users/clients. The right to use a file is defined based on a set of privileges.

Manuscript id. 626565474

www.ijstre.com

Page 3

Multi Cloud Data Storage System With High Level Authorized Deduplication
C. MULTI PUBLIC CLOUD SETUP
Authorized Deduplication (Token verification)
The authorized duplicate check for this file can be performed by the user with the public cloud
system before uploading this file/data. Based on the results outcome of data duplicate check, the user either
uploads this file or runs PoW. So after receiving the tag from private cloud, the user will send file duplication
request tag to the S-CSP. If a file/data duplicate is found, the user/client needs to run the protocol POW (proof
of ownership) with the SCSP (public cloud) to prove the file ownership. Otherwise, if no duplicate is found, a
proof from the S-CSP will be returned.
File Upload Request/Response
After no duplication response from the public cloud then, the user computes the encryption to the
upload file with key using a symmetric encryption algorithm. Then the user computes the encrypted file with
the convergent key and uploads to the cloud server. The convergent key is stored by the user locally.
File Download Request/Response
Suppose a user wants to download a file. It first sends a request and the file name to the S-CSP.
Upon receiving the request and name of the file, the S-CSP will check whether the user/client is eligible to
download. If failed, the S-CSP sends back a signal to the user/client to indicate the download failure or else,
the S-CSP returns the corresponding cipher text. Upon receiving the encrypted data/content from the S-CSP,
the user uses/clients the key stored locally to recover the original file i.e the user can recover the original file
with the convergent key after receiving the encrypted data from the S-CSP.

IV. CONCLUSION
In this project, the notion of authorized data deduplication was proposed to protect the data security by
including differential privileges of users in the data duplicate check. Also presented several new data
deduplication methods supporting authorized data duplicate check in hybrid cloud architecture, in which the
data duplicate-check tokens of files are generated by the private cloud server system with private keys. Security
analysis demonstrates that our approaches are secure in terms of insider and outsider intruders specified in the
proposed security architecture. As a proof of concept, implemented a prototype of our proposed authorized data
duplicate check method and executed on our prototype. Results showed that our authorized data duplicate check
method incurs low overhead compared to convergent encryption and network transfer.

REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]

OpenSSL Project, (1998). [Online]. Available: http://www.openssl.org/

P. Anderson and L. Zhang, Fast and secure laptop backups with encrypted de- duplication, in Proc. 24th Int. Conf. Large
Installation Syst. Admin., 2010, pp. 2940.
M. Bellare, S. Keelveedhi, and T. Ristenpart, Dupless: Serveraided encryption for deduplicated storage, in Proc. 22nd
USENIX Conf. Sec. Symp., 2013, pp. 179194.
M. Bellare, S. Keelveedhi, and T. Ristenpart, Message-locked encryption and secure deduplication, in Proc. 32nd Annu. Int.
Conf. Theory Appl. Cryptographic Techn., 2013.
M. Bellare, C. Namprempre, and G. Neven, Security proofs for identity-based identification and signature schemes, J. Cryptol.,
vol. 22, no. 1, pp. 161, 2009.
M. Bellare and A. Palacio, Gq and schnorr identification schemes: Proofs of security against impersonation under active and
concurrent attacks, in Proc. 22nd Annu. Int.Cryptol. Conf. Adv. Cryptol., 2002, pp. 162177.
S. Bugiel, S. Nurnberger, A. Sadeghi, and T. Schneider, Twin clouds: An architecture for secure cloud computing, in Proc.
Workshop Cryptography Security Clouds, 2011.
J. R. Douceur, A. Adya, W. J. Bolosky, D. Simon, and M. Theimer, Reclaiming space from duplicate files in a serverless
distributed file system, in Proc. Int. Conf. Distrib. Comput. Syst., 2002, pp. 617624.
D. Ferraiolo and R. Kuhn, Role-based access controls, in Proc. 15th NIST-NCSC Nat. Comput. Security Conf., 1992, pp.
554563.

Manuscript id. 626565474

www.ijstre.com

Page 4