An Efficient Privacy Preserving Scheme over Encrypted Data in Cloud

Cloud computing is developing and deliberated next generation architecture for computing. Cloud computing is a combination of computing resources accessible via internet. Historically the client or organizations store data in data centers with firewall and other security methods used to defend data against intrudes to access the data. Since the data was confined to data centers in limits of organization, the control over the data was more and well defined measures could be taken for retrieving its own data. On the other hand in cloud computing, the data is warehoused anywhere across the globe, the client organization has minimum control over the stored data. To form the conviction for the development of cloud computing the cloud providers must defend the user data from unauthorized access and disclosure. Encryption technique could be used on the data on client side before storing it in cloud storage, but this technique has too much affliction from client side in terms of key management, maintenance etc. Divide and rule can be other techniques, it means distributing the task among various cloud services providers can profit the client. A TPA (Third Party Auditor) is used to provide security services, while the other cloud provider would be data storage provider. TPA would not store any data at its end, and its only concerned for providing security service. The application will provide data integrity verification by using hashing algorithm like SHA-1, encryption/decryption will be done by using MD5 algorithm, and defining group of people who can access the shared data can be reached by describing access list. The application is liable for encryption/decryption, computing the hash data and does not store any data in TPA system. The encrypted data and original data hash are stored in Separate Cloud. Therefore even if the cloud system administrator has access user data, the data is in encrypted form, hence it will be tough for the system administrator to recognize the encrypted data. When the user downloads the data from Storage Cloud, it is decrypted first and then new hash is calculated which is then equated with hash of original data stored in Security Cloud. This application provides the user with the ability to store the encrypted data in the cloud and hash and encryption/decryption keys in security cloud service, and no single cloud service provider has access to both. Further benefit of assigning responsibility to TPA is that it aids the client from any kind of key management or maintenance of any important information related to data, because of which it allows the client to use any browser enabled devices to access such service.