Data sharing with sensitive information hiding for secure cloud storage

Abstract

With cloud storage services, users can remotely store their data to the cloud and realize the data sharing with others. Remote data integrity auditing is proposed to guarantee the integrity of the data stored in the cloud. In some common cloud storage systems such as the Electronic Health Records (EHRs)system, the cloud file might contain some sensitive information. The sensitive information should not be exposed to others when the cloud file is shared. Encrypting the whole shared file can realize the sensitive information hiding, but will make this shared file unable to be used by others. How to realize data sharing with sensitive information hiding in remote data integrity auditing still has not been explored up to now. In order to address this problem, a remote data integrity auditing scheme that realizes data sharing with sensitive information hiding was proposed. In this scheme, a sanitizer is used to sanitize the data blocks corresponding to the sensitive information of the file and transforms these data blocks’ signatures into valid ones for the sanitized file. These signatures are used to verify the integrity of the sanitized file in the phase of integrity auditing. As a result, our scheme makes the file stored in the cloud able to be shared and used by others on the condition that the sensitive information is hidden, while the remote data integrity auditing is still able to be efficiently executed. Meanwhile, the proposed scheme is based on identity-based cryptography, which simplifies the complicated certificate management. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient.

Existing System

In cloud services, deduplication technology is commonly used to reduce the space and bandwidth requirements of services by eliminating redundant data and storing only a single copy. Deduplication is most effective when multiple users outsource the same data to the cloud storage, but it raises issues relating to security and ownership. Proof-of ownership schemes allow any owner of the same data to prove to the cloud storage server that he owns the data in a robust way. However, if encrypted data is outsourced into the cloud storage and the ownership changes dynamically, deduplication would be hampered. Thus, we propose a secure deduplication scheme that supports dynamic ownership management based on randomized convergent encryption. Convergent encryption encrypts an input file with the hash value of the input file as an encryption key. Since convergent encryption is deterministic, identical files are always encrypted into identical ciphertext, regardless of who encrypts them. Thus, the cloud storage server can perform deduplication over the ciphertext, and all owners of the file can download the ciphertext and decrypt it later. Convergent encryption has long been studied in commercial systems and has different encryption variants for secure deduplication, which was formalized as message-locked encryption later in . However, they suffer from security flaws with regard to tag consistency and ownership revocation.

Proposed System

In the proposed system, the Remote Data Integrity Auditing Scheme with Sanitizer Method is used. In this Scheme, the sensitive information can be protected and the other information can be published. The ID was generated by the user it verifies the private key of user ID. If user ID want to retrieve the file F, it send request to the user. A sanitizer is used to sanitize the data blocks corresponding to the sensitive information of the file .It also transforms the corresponding signatures into valid ones for the sanitized file. Finally the sanitized file was verified and stored in the cloud storage which the sensitive information cannot be accessed. In this project, three packages (i.e : Data owner, Cloud server, Third Party Auditing) were used. In remote data integrity auditing schemes, the data owner firstly needs to generate signatures for data blocks before uploading them to the cloud. These signatures are used to prove the cloud truly possesses these data blocks in the phase of integrity auditing. And then the data owner uploads these data blocks along with their corresponding signatures to the cloud. The data stored in the cloud is often shared across multiple users in many cloud storage applications, such as Google Drive, Dropbox and I Cloud. Data sharing as one of the most common features in cloud storage, allows a number of users to share their data with others. However, these shared data stored in the cloud might contain some sensitive information. For instance, the Electronic Health Records (EHRs) stored and shared in the cloud usually contain patients’ sensitive information (patient’s name, telephone number and ID number, etc.). In remote data integrity auditing schemes, the data owner firstly needs to generate signatures for data blocks before uploading them to the cloud. These signatures are used to prove the cloud truly possesses these data blocks in the phase of integrity auditing. And then the data owner uploads these data blocks along with their corresponding signatures to the cloud. The data stored in the cloud is often shared across multiple users in many cloud storage applications, such as Google Drive, Dropbox and I Cloud. Data sharing as one of the most common features in cloud storage, allows a number of users to share their data with others. However, these shared data stored in the cloud might contain some sensitive information. For instance, the Electronic Health Records (EHRs) stored and shared in the cloud usually contain patients’ sensitive information (patient’s name, telephone number and ID number, etc.). If these EHRs are directly uploaded to the cloud to be shared for research purposes, the sensitive information of patient and hospital will be inevitably exposed to the cloud and the researchers. Besides, the integrity of the EHRs needs to be guaranteed due to the existence of human errors and software/hardware failures in the cloud. Therefore, it is important to accomplish remote data integrity auditing on the condition that the sensitive information of shared data is protected. A potential method of solving this problem is to encrypt the whole shared file before sending it to the cloud, and then generate the signatures used to verify the integrity of this encrypted file, finally upload this encrypted file and its corresponding signatures to the cloud. This method can realize the sensitive information hiding since only the data owner can decrypt this file. However, it will make the whole shared file unable to be used by others. For example, encrypting the EHRs of infectious disease patients can protect the privacy of patient and hospital, but these encrypted EHRs cannot be effectively utilized by researchers any more. Distributing the decryption key to the researchers seems to be a possible solution to the above problem. It is infeasible to adopt this method in real scenarios due to the following reasons. Firstly, distributing decryption key needs secure channels, which is hard to be satisfied in some instances. Furthermore, it seems very difficult for a user to know which researchers will use his/her EHRs in the near future when he/she uploads the EHRs to the cloud. As a result, it is impractical to hide sensitive information by encrypting the whole shared file. Thus, how to realize data sharing with sensitive information hiding in remote data integrity auditing is very important and valuable.

Architecture

ARCHITECTURE DIAGRAM