You are on page 1of 14

CONTENTS 1: Abstract................................................................................................................................. 5 2: Introduction.........................................................................................

.................................. 6 3: Literature Survey....................................................................................................................7 3.1 Managing the Risk of an Extreme Form of IT Outsourcing............................................7 3.2 Cloud Hooks: Security and Privacy Issues in Cloud computing......................................8 3.3 Verifiable Computation with Two or More Clouds..................................................... 8-9 3.4 Secure Outsourced Computation in a Multi-tenant Cloud...............................................9 3.5 Harnessing the Cloud for Securely Outsourcing Large-scale Systems of Linear Equations............................................................................................................ ........................10 3.6 An Efficient and Secure Nonlinear Programming Outsourcing in Cloud Computing.......................................................................................................................10-11 3.7 Work on Secure Computation Outsourcing.................................................................... 11 3.8 Work on Secure Multiparty Computation..................................................................11-12 3.9 Conclusion........................................................................................................................12 4: Existing System.................................................................................................................. ...13 5: Proposed System.................................................................................................................... 14 6: Methodology..................................................................................................................... 14-15 7: Hardware Requirements..........................................................................................................15 8: Software Requirements............................................................................................................16 9: References................................................................................................................................17

1|Page

ABSTRACT
Cloud computing is a model for enabling ubiquitous, convenient, on demand network access to a shared pool of configurable computing resources (e.g. .networks, servers, storage, applications, and services). Cloud computing enables an economically promising paradigm of computation outsourcing. However, how to protect customer’s confidential data processed and generated during the computation is becoming the major security concern. Treating the cloud as an intrinsically insecure computing platform from the viewpoint of the cloud customers, we must design mechanisms that not only protect sensitive information by enabling computations with encrypted data, but also protect customers from malicious behaviours by enabling the validation of the computation result. Focusing on engineering computing and optimization tasks, this project investigates secure outsourcing of widely applicable linear programming (LP) computations. In order to achieve practical efficiency, our mechanism design explicitly decomposes the LP computation outsourcing into public LP solvers running on the cloud and private LP parameters owned by the customer. The resulting flexibility allows us to explore appropriate security/efficiency trade-off via higher-level abstraction of LP computations than the general circuit representation. In particular, by formulating private data owned by the customer for LP problem as a set of matrices and vectors, we are able to develop a set of efficient privacy-preserving problem transformation techniques, which allow customers to transform original LP problem into some arbitrary one while protecting sensitive input/output information. To validate the computation result, I further explore the fundamental duality theorem of LP computation and derive the necessary and sufficient conditions that correct result must satisfy. Such result verification mechanism is extremely efficient and incurs close-tozero additional cost on both cloud server and customers. Using static keys we gets security issues like forgery attacks malicious attacks. Now, I introduce dynamic key generation that reduces attacks and consume energy levels.

2|Page

INTRODUCTION
With the emergence of cloud computing, and the universal collaboration of network-based devices, internet has become a important part in many aspects of people’s life and their work. Users want their data to be accessible from every- where and anywhere. In fact, many projects and industries are set up such that different people are not geospatially co-located, but rather distributed around the globe. Projects range from simple asynchronous discussions on certain topics of interest, to the creation of books or articles, to the development of multipurpose software. Cloud computing is defined in [1] as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”. Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing is such an extreme form of outsourcing that it appears to raise new concerns. Researchers or data collectors can outsource their massive data as well as data processing tasks or computational tasks to grid resources or the enormous data centres offered by cloud providers. Such a computing paradigm also creates an increasing challenge for automatically and dynamically placing the data in the globally distributed computers or data centres in order to optimally utilize the resources while minimizing user-perceived latency. This challenge is further complicated by the security and privacy constraints on the data. Cloud computing model provides data outsourcing that it appears to raise new concerns. Owner or clients sends data processing tasks or computational tasks to grid resources or the large data centres offered by cloud providers. Such a computing model also creates an increasing challenge for automatically and dynamically placing the data in the globally distributed computers or data centres in order to achieve scalability over cloud. There are some designs on secure outsourcing of scientific computations, sequence comparisons, and matrix multiplication etc. have been proposed but it is still hardly possible to apply them directly in a practically efficient manner. In those approaches, either heavy cloud-side cryptographic computations, or multi-round interactive protocol executions, or huge communication complexities, are involved.

3|Page

LITERATURE SURVEY
A. Managing the Risk of an Extreme Form of IT Outsourcing Obtaining cloud computing services can be viewed as a form of outsourcing, and as such it shares the essential risk profile of all outsourcing contracts concerning opportunistic behaviour, shirking, poaching, and opportunistic renegotiation. Developing cloud computing is also an advanced technological development effort, and as such it shares all of the risks of large and uncertain development efforts and the essential risk profile of all development efforts where for a variety of reasons success cannot be ensured, including functionality, political, project, technical, and financial risks. Standards for cloud computing may reduce many of the risks of opportunistic behaviour on the part of vendors. Cloud computing is a form of outsourcing, and it shares the essential risk profile of all outsourcing contracts concerning opportunistic behaviour. Standards for cloud computing may reduce many of the risks of opportunistic behaviour on the part of vendors. Despite the enormous concerns of potential cloud customers for lock-in, hold-up, and opportunistic reprising, almost no significant standardization efforts under way today are aimed at ensuring interoperability or portability. Cloud computing is an advanced technological development effort and shares the risks of large and uncertain development efforts. They Clemons, E. K. et al. [10] and others do not found how some of these risks can be addressed. Standards efforts cannot mitigate most of the development risks of cloud computing. No amount of legislation or standardization can make it possible for firms to do that which they could not have done, or that which is indeed algorithmically or computationally infeasible. A good outsourcing contract is probably even more important in the cloud computing environment than it is for traditional outsourcing. Given the magnitude of the losses that can occur due to loss of intellectual property or breach of security, it’s also essential that the contract protect the client’s rights to litigate in a forum that is likely to be fair and unbiased, and likely provide fair and accurate valuation of any losses. The best contract, of course, is meaningless if the vendor is both unable to perform in accordance with the terms of the contract and unable to make adequate restitution. In cloud computing, like any other critical form of outsourcing, the vendor must be both technically and financially qualified. Clemons, E. K. et al. [10], mentions the different future research aspects that

addresses the evolving status of the standards, their ability to protect clients, especially

4|Page

from risks caused by limited interoperability, the contracting mechanisms available to manage risks as standards evolve. B. Cloud Hooks: Security and Privacy Issues in Cloud computing In emphasizing the cost and performance benefits of the cloud, some fundamental security problems have receded into the background and been left unresolved. Several critical pieces of technology, such as a solution for federated trust, are not yet fully realized, impinging on successful deployments. Determining the security of complex computer system is also a long-standing security problem that overshadows large scale computing in general. Attaining the high assurance qualities in implementations has been an elusive goal of computer security researchers and practitioners, and is also a work in progress for cloud computing. Security of the cloud infrastructure relies on trusted computing and cryptography. Organizational data must be protected in a manner consistent with policies, whether in the organization’s computing centre or the cloud. No standard service contract exists that covers the ranges of cloud services available and the needs of different organizations. Having a list of common outsourcing provisions, such as privacy and security standards, regulatory and compliance issues, service level requirements and penalties, change management processes, continuity of service provisions, and termination rights, provides a useful starting point [9]. The migration to a cloud computing environment is in many ways an exercise in risk management. Both qualitative and quantitative factors apply in an analysis. The risks must be carefully balanced against the available safeguards and expected benefits with the understanding that accountability for security remains with the organization. Too many controls can be inefficient and ineffective, if the benefits outweigh the costs and associated risks. An appropriate balance between the strength of controls and the relative risk associated with particular programs and operations must be ensured. C. Verifiable Computation with Two or More Clouds The current move to Cloud Computing raises the need for verifiable delegation of computations, where a weak client delegates his computation to a powerful cloud, while maintaining the ability to verify that the result is correct. Although there are prior solutions to this problem, none of them is yet both general and practical for real-world use. Ran Canetti et al. [12] propose to extend the model as follows. Instead of using one cloud, the client uses two or more different clouds to perform his computation. The client can verify the correct result of the computation, as long as at least one of the clouds is honest. Ran Canetti et al.
5|Page

[12] believe that such extension suits the world of cloud computing where cloud providers have incentives not to collude, and the client is free to use any set of clouds he wants. The results are twofold. First, it shows two protocols in this model: first, computationally sound verifiable computation for any efficiently computable function, with logarithmically many rounds, based on any collision-resistant hash family and second ,a 1-round (2-messages) unconditionally sound verifiable computation for any function computable in log-space uniform N C. Second, Ran Canetti et al. [12] show that first protocol works for essentially any sequential program, and Ran Canetti et al. [12] can present an implementation of the protocol, called QUIN, for Windows executables. It describes its architecture and experiment with several parameters on live clouds. D. Secure Outsourced Computation in a Multi-tenant Cloud Seny Kamara et al. [15] present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n - 1 machines can recover any information about the client's input or output. The protocol makes black-box use of multi-party computation (MPC) and secret sharing and inherits the security properties of the underlying MPC protocol (i.e., passive vs. adaptive security and security in the presence of a semi-honest vs. malicious adversary). Using this protocol, a client can securely delegate any computation to a multi-tenant cloud so long as the adversary is not co-located on at least one machine in the cloud. Alternatively, a client can use our protocol to securely delegate its computation to multiple multi-tenant clouds so long as the adversary is not co-located on at least one machine in one of the clouds. E. Harnessing the Cloud for Securely Outsourcing Large-scale Systems of Linear Equations Cong Wang et al. [14] investigated the problem of securely outsourcing large-scale LE in cloud computing. Different from previous study, the computation outsourcing framework is based on iterative methods, which has the benefits of easy-to-implement and less memory requirement in practice. This is especially suitable for the application scenario, where computational constrained customers want to securely harness the cloud for solving large-scale problems. They also investigated the algebraic property of the matrix-vector multiplication and developed an efficient and effective cheating detection scheme for robust result verification. Thorough security analysis and extensive experiments on the real cloud platform demonstrate the validity and practicality of the proposed mechanism.
6|Page

F. An Efficient and Secure Nonlinear Programming Outsourcing in Cloud Computing R.Santosh et al. [16] proposed approach they are dealing with explicitly decomposes the NLP computation outsourcing into public NLP solver. It provides a practical mechanism design which fulfils input/output privacy, cheating resilience, and efficiency. In the proposed approach practical efficiency is achieved by explicit decomposition of NLP into NLP solvers running on the cloud and private NLP parameters owned by the customer. When compared to the general circuit representation the resulting flexibility allows exploring appropriate security/efficiency trade-off via higher-level abstraction of NLP computations. It is possible to construct a set of effective privacy-preserving transformation techniques for any problem, by framing a private data possessed by the client for NLP problem as a combination of matrices and vectors, which allow customers to transform original NLP problem into some arbitrary value while defending sensitive input or output information. To confirm the computational result, the fundamental duality theorem of NLP computation should be explored and then derive the essential and adequate constraints that a accurate result must satisfy. Such a result verification mechanism is very competent and suffers close-to-zero extra cost on both cloud server. G. Work on Secure Computation Outsourcing General secure computation outsourcing that fulfils all aforementioned requirements, such as input/output privacy and correctness/soundness guarantee has been shown feasible in theory by Gennaro et al. [17]. However, it is currently not practical due to its huge computation complexity. Instead of outsourcing general functions, in the security community, Atallah et al. explore a list of work [18], [19], [21], [23] for securely outsourcing specific applications. The customized solutions are expected to be more efficient than the general way of constructing the circuits. In [18], they give the first investigation of secure outsourcing of numerical and scientific computation. A set of problem dependent disguising techniques are proposed for different scientific applications like linear algebra, sorting, string pattern matching, etc. However, these disguise techniques explicitly allow information disclosure to certain degree. Besides, they do not handle the important case of result verification, which in our work is bundled into the design and comes at close-to-zero additional cost. Later on in [20] and [21], Atallah et al. give two protocol designs for both secure sequence comparison outsourcing and secure algebraic computation outsourcing. However, both protocols use heavy cryptographic primitive such as homomorphism encryptions [24] and/or oblivious
7|Page

the

non-linear

programming approach. In order to achieve practical efficiency, their mechanism design

transfer [25] and do not scale well for large problem set. In addition, both designs are built upon the assumption of two non-colluding servers and thus vulnerable to colluding attacks. Based on the same assumption, Hohenberger et al. [6] provide protocols for secure outsourcing of modular exponentiation, which is considered as prohibitively expensive in most public-key cryptography operations. Very recently, Atallah [23] et al. give a provably secure protocol for secure outsourcing matrix multiplications based on secret sharing [26].While this work outperforms their previous work [21] in the sense of single server assumption and computation efficiency (no expensive cryptographic primitives),the drawback is the large communication overhead. Namely, due to secret sharing technique, all scalar operations in original matrix multiplication are expanded to polynomials, introducing significant amount of overhead. Considering the case of the result verification, the communication overhead must be further doubled, due to the introducing of additional pre-computed “random noise” matrices. H. Work on Secure Multiparty Computation Another large existing list of work that relates to (but is also significantly different from) ours is Secure Multi-party Computation (SMC), first introduced by Yao [27] and later extended by Goldreich et al. [28] and many others. SMC allows two or more parties to jointly compute some general function while hiding their inputs to each other. As general SMC can be very inefficient, Du and Atallah et. al. have proposed a series of customized solutions under the SMC context to a spectrum of special computation problems, such as privacy-preserving cooperative statistical analysis, scientific computation, geometric computations, sequence comparisons, etc. [29]. However, directly applying these approaches to the cloud computing model for secure computation outsourcing would still be problematic. The major reason is that they did not address the asymmetry among the computational powers possessed by cloud and the customers, i.e., all these schemes in the context of SMC impose each involved parties comparable computation burdens, which we specifically avoid in the mechanism design by shifting as much as possible computation burden to cloud only. Another reason is the asymmetric security requirement. In SMC no single involved party knows all the problem input information, making result verification a very difficult task. But in our model, we can explicitly exploit the fact that the customer knows all input information and thus design efficient result verification mechanism. Recently, Li and Atallah [30] give a study for secure and collaborative computation of linear programming under the SMC framework. Their solution is based on the additive split of the constraint matrix between two involved parties, followed by a series of interactive (and arguably heavy) cryptographic protocols collaboratively executed in each iteration step of the Simplex

8|Page

Algorithm. This solution has the computation asymmetry issue. Besides, they only consider honestbut-curious model and thus do not guarantee that the final solution is optimal.

I. Conclusion
After literature survey we found that secure outsourcing of computational data with cryptography only is not feasible and with hardware only has large online latency. We also found that there is lack of secure and practical computational cloud model for secure outsourcing. One of the tentative solutions is to provide dynamic key every time, when a user logged in for cloud service for linear programming computational work in cloud service provider and clients. cloud environment. This task secure cloud services from malicious or unwanted access. It provides more secure environment for

EXISTING SYSTEM
Despite the tremendous benefits, outsourcing computation to the commercial public cloud is also depriving customers’ direct control over the systems that consume and produce their data during the computation, which inevitably brings in new security concerns and challenges towards this promising computing model. On the one hand, the outsourced computation workloads often contain sensitive information, such as the business financial records, proprietary research data, or personally identifiable health information etc. To combat against unauthorized information leakage, sensitive data have to be encrypted before outsourcing. so as to provide end to end data confidentiality assurance in the cloud and beyond. However, ordinary data encryption techniques in essence prevent cloud from performing any meaningful operation of the underlying plaintext data, making the computation over encrypted data a very hard problem. On the other hand, the operational details inside the cloud are not transparent enough to customers. As a result, there do exist various motivations for cloud server to behave unfaithfully and to return incorrect results, i.e., they may behave beyond the classical semi honest model. For example, for the computations that require a large amount of computing resources, there are huge financial incentives for the cloud to be “lazy” if the customers cannot tell the correctness of the output. Besides, possible software bugs, hardware failures, or even outsider attacks might also affect the quality of the computed results. Thus, we argue that the cloud is intrinsically not secure from the viewpoint of customers. Without providing a mechanism for secure computation outsourcing, i.e., to protect the sensitive input and output information of the workloads and to validate the integrity of the computation result, it would be hard to expect cloud customers to turn over control of their workloads from local
9|Page

machines to cloud solely based on its economic savings and resource flexibility. For practical consideration, such a design should further ensure that customers perform fewer amounts of operations following the mechanism than completing the computations by themselves directly. Otherwise, there is no point for customers to seek help from cloud. Recent researches in both the cryptography and the theoretical computer science communities have made steady advances in “secure outsourcing expensive computations”

PROPOSED SYSTEM
The outsourced computation workloads often contain sensitive information, such as the business financial records, proprietary research data, or personally identifiable health information etc. To combat against unauthorized information leakage, sensitive data have to be encrypted before outsourcing so as to provide end to end data confidentiality assurance in the cloud and beyond. However, ordinary data encryption techniques in essence prevent cloud from performing any meaningful operation of the underlying plaintext data, making the computation over encrypted data a very hard problem. On the other hand, the operational details inside the cloud are not transparent enough to customers. As a result, there do exist various motivations for cloud server to behave unfaithfully and to return incorrect results, i.e., they may behave beyond the classical semi honest mode. In short, practically efficient mechanisms with immediate practices for secure computation outsourcing in cloud are still missing. In my proposed system, I provide dynamic key every time, when a user logged in for cloud service for linear programming computational work in cloud environment. This task secure cloud services from malicious or unwanted access. It provides more secure environment for cloud service provider and clients.

METHODOLOGY
I summarize the methodologies used for my proposed system as follows: 1) Firstly, a dynamic key generation mechanism is developed for security at client’s end. 2) KeyGen(1k) → {K}. This is a randomized key generation algorithm which takes a system security parameter k, and returns a secret key K that is used later by customer to encrypt the target LP problem. 3) ProbEnc(K,ɸ) → {ɸk}. This algorithm encrypts the input tuple ɸ into ɸk with the secret key K. According to problem transformation, the encrypted input ɸk has the same form as ɸ, and thus defines the problem to be solved in the cloud.
10 | P a g e

4) ProofGen(ɸk) → {(y, Γ)}. This algorithm augments a generic solver that solves the problem ɸk to produce both the output y and a proof Γ. The output y later decrypts to x, and Γ is used later by the customer to verify the correctness of y or x. 5) ResultDec(K, ɸ, y, Γ) → {x,⊥}. This algorithm may choose to verify either y or x via the proof Γ. In any case, a correct output x is produced by decrypting y using the secret K. The algorithm outputs ⊥ when the validation fails, indicating the cloud server was not performing the computation faithfully.

Block Diagram For Proposed System

11 | P a g e

HARDWARE REQUIRNMENTS

System Hard Disk Floppy Drive Monitor Mouse Ram

Pentium IV 2.4 GHz. 40 GB. 1.44 Mb. 15 VGA Color. Logitech. 512 MB.

• • • • •

SOFTWARE REQUIRNMENTS
• • •

Operating System Language Technology Back End

Windows xp, Linux Jdk 1.6 Jsp, Servlet Oracle 10g

12 | P a g e

REFERENCES
[1] P. Mell and T. Grance, “The NIST definition of cloud computing,”National Institute of Standards and Technology, vol. 53, no. 6, p. 50,2009. [2] J. Viega, "Cloud computing and the common man”, Computer, 42, 2009, pp. 106-108.

[3] C. Cachin, I. Keidar and A. Shraer, "Trusting thecloud", ACM SIGACT News, 40, 2009, pp. 81-86. [4] Clavister, "Security in the cloud", Clavister White Paper, 2008. [5] H.Mei, J. Dawei, L. Guoliang and Z. Yuan, “Supporting Database Applications as a Service",ICDE'09:Proc. 25thIntl.Conf. on Data Engineering,2009, pp. 832-843 [6] C. Wang, Q. Wang, K. Ren and W. Lou, "Ensuring data storage security in cloud computing",ARTCOM'10: Proc. Intl. Conf. on Advances in Recent Technologies in Communication and Computing, 2010, pp. 1-9.5499 [7] S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing”, Journal of Network and Computer Applications, 34(1), 2011, pp 1-11. [8] G. Brunette and R. Mogull (eds), "Security guidance of critical areas of focus in cloud”, Cloud Security Alliance 2011 [9] S. Overby, How to Negotiate a Better Cloud Computing Contract, CIO, April 21, 2010. [10] Eric K. Clemons,” Making the Decision to Contract for Cloud Services: Managing the Risk of an Extreme Form of IT Outsourcings”, Proceedings of the 44th Hawaii International Conference on System Sciences – 2011 [11] Wayne A. Jansen (NIST, Proceedings of the 44th Hawaii International Conference on System Sciences - 2011) [12] Ran Canetti, Ben Riva, Guy Rothblum Tel Aviv University, Israel and Princeton University, USA [13] Seny Kamara, Mariana Raykova (Microsoft Research and Columbia University, USA, 2011) [14] Cong Wang, Kui Ren,Jia Wang, Member, IEEE, Department of Electrical and Computer Engineering ,Illinois Institute of Technology, Chicago, IL 60616, SA,Email:cong,{ kren, jwang}@ece.iit.edu [15] Seny Kamara, Mariana Raykova, Microsoft Research and Columbia University, USA R.Santosh, Assistant Professor Department of Computer Science and Engineering Karpagam University, INDIA, 2012) [16] R.Santosh, Assistant Professor Department of Computer Science and engineering Karpagam University, INDIA,” An Efficient and Secure Nonlinear Programming Outsourcing in Cloud Computing”
13 | P a g e

[17] R. Gennaro, C. Gentry, and B. Parno, “Non-interactive verifiable computing: Outsourcing computation to untrusted workers,” in Proc. Of CRYPTO’10, Aug. 2010. [18] M. J. Atallah, K. N. Pantazopoulos, J. R. Rice, and E. H. Spafford, “Secure outsourcing of scientific computations,” Advances in Computers, vol. 54, pp. 216–272, 2001. [19] S. Hohenberger and A. Lysyanskaya,“How to securely outsource cryptographic computations,” in Proc. of TCC, 2005, pp. 264–282. [20] M. J. Atallah and J. Li, “Secure outsourcing of sequence comparisons,”Int. J. Inf. Sec., vol. 4, no. 4, pp. 277–287, 2005. [21] D. Benjamin and M. J. Atallah, “Private and cheating-free outsourcing of algebraic computations,” in Proc. of 6th Conf. on Privacy, Security,and Trust (PST), 2008, pp. 240–245. [22] R. Gennaro, C. Gentry, and B. Parno, “Non-interactive verifiable computing:Outsourcing computation to untrusted workers,” in Proc. Of CRYPTO’10, Aug. 2010. [23] M. Atallah and K. Frikken, “Securely outsourcing linear algebra computations,”in Proc. of ASIACCS, 2010, pp. 48–59. [24] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Proc. of EUROCRYPT’99, 1999, pp. 223–238. [25] S. Even, O. Goldreich, and A. Lempel, “A randomized protocol for signing contracts,” Commun. ACM, vol. 28, no. 6, pp. 637–647, 1985. [26] A. Shamir, “How to share a secret,” Commun. ACM, vol. 22, no. 11,pp. 612–613, 1979. [27] A. C.-C. Yao, “Protocols for secure computations (extended abstract),”in Proc. of FOCS’82, 1982, pp. 160–164. [28] W. Du and M. J. Atallah, “Secure multi-party computation problems and their applications: a review and open problems,” in Proc. of New Security Paradigms Workshop (NSPW), 2001, pp. 13– 22. [29] J. Li and M. J. Atallah, “Secure and private collaborative linear programming,”in Proc. of CollaborateCom, Nov. 2006. [30] S. Goldwasser, Y. T. Kalai, and G. N. Rothblum, “Delegating computation: interactive proofs for muggles,” in Proc. of STOC, 2008, pp.113–122.

14 | P a g e