IPASJ International Journal of Information Technology (IIJIT)

Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm

A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 7, Issue 1, January 2019 ISSN 2321-5976

A SURVEY ON AUDITING SYSTEMS FOR

BIG DATA STORAGE
Ajitha1, Mythili2
1
Research Scholar, SCSVMV University, Enathur, Tamilnadu - 631561
2
Assistant Professor, SCSVMV University, Enathur, Tamilnadu - 631561

ABSTRACT
The cloud computing requires the new approach on computing services that described the produced and utilized. The cloud
computing can accomplish the various types of services can attract the many users in today’s scenario. The most attractive service
related to the service of cloud computing requires the data outsourcing the data owners can require the host any size of data on the
cloud server with the users may access the data from cloud server that required. Any new prototype of data outsourcing can face the
new security challenges. There are many users not fully trust the cloud service providers (CSPs) sometimes they may dishonest. The
difficult in determining the CSPs meets the customer’s expectations for data security. The successful maintenance in the integrity of
cloud data can auditing schemes has been proposed. There may exist some integrity methods used for the statically archived data
with the some auditing techniques might be used for the dynamically updated data. In this paper try to analysis various existing data
integrity auditing schemes along with their consequences.

Keywords:— Third Party Auditor (TPA), Cloud Service Providers (CSPs), Data Outsourcing, Proof of Retrievability (POR),
Provable data Possession (PDP).

1. INTRODUCTION
The cloud offering the different services to the users. The data sharing between two organizations can commonly used
for the application areas. The current data sharing with the integration among various organizations requires the
central and trusted authority to collect data from all data sources with the integration needed for the data collection.
The current trend used for the necessary condition can defines the data sharing process in preserving privacy in cloud.
The cloud computing requires the mandatory for data can store in the cloud shared across multiple users. The purpose
defined in different data sharing techniques can develop in cloud environment. The cloud resolve the information
assurance with the network security, data protection, and privacy concerns. The computing process can describes the
combination of a set of software infrastructure, framework, and middleware services. They can allow the sharing and
selection of resources.
The privacy describes the person to be free from all interfaces. The present network with the privacy control allows the
person to maintain a degree of intimacy. The privacy can termed as uses to protect the truthful information can contains
the personal information regards the cloud user. The privacy breaches can create a lot of troubles to cloud users. The
security issues relating to standardization, multi-tenancy and federation must be addressed in depth for cloud
computing to overcome its security hurdles and progress towards widespread adoption. The concept of privacy may
differ among the countries cultures, and jurisdictions. The shape of the public expectations and the legal
interpretations; a concise definition can exclusive if not impossible. The privacy rights and obligations can relate to the
collection, use, disclosure, storage, and destruction of personal data. The privacy about the accountability of
organizations to data subjects with the transparency to an organization practice around the personal information.
RELATED WORK
The cloud storage has been studied in recent years for one of the hot spots in cloud computing. The many branches
of cloud storage such as data auditing, privacy preservation, and dynamic updating, are the subject of intense discussion
as well. The data auditing in a cloud, many protocols proposed for the past few years then divided into private
protocols and public protocols. The private auditing protocols can make the participating entities are the data owner
with the Cloud Service Provider. The data owners possesses the the private key with the entire auditing process

Volume 7, Issue 1, January 2019 Page 13

 IPASJ International Journal of Information Technology (IIJIT)
Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm
A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 7, Issue 1, January 2019 ISSN 2321-5976

executes the owner. The suitable relationship regards the doubly linked info table and the location array makes the
protocol perform both interms of effective dynamic support and compact overhead. The certain basic experiments in
cloud auditing regards the batch auditing, block less verification and indolent update have been overcome by our
protocol. The third party auditor can evaluate the service quality from an objective with the self-governing
perspective [7].
Qian Wang et. al., uses the well-known classification technique which classify the auditing in cloud computing. The
run for the method on an apache Hadoop environment course use the Map Reduce paradigm to works on the big data.
The public adaptability also permits clients in detecting the integrity proof tasks to third party auditing themselves
need un reliable commit necessary computation resources performing the continuous verifications. The additional
major concern relates the confirmation protocols put up accommodate dynamic data files. The explorer needs the
problem in providing simultaneous public audit ability and data dynamics for remote data integrity check.
The construction intentionally designed get together two important goals. The efficiency kept closely in mind attain a
well-organized data dynamics can improve the current proof of storage models by employing the classic Merkle hash
tree construction for block tag authentication [1]. Jian Liu et. al.,, uses a public auditing scheme intended for the
regenerating-code-based cloud storage system. The data owners may privileged to delegate third party auditor for their
data validity checking. The checking for the auditing scheme in the regeneration code-based cloud storage system. The
data owners are privileged to delegate Third party auditing for their data validity checking. The original data privacy
against third party auditors the randomize their coefficients in the commencement. The application for the original data
privacy against third party auditors, they randomize their coefficients in the commencement applying the blind
technique during the auditing process. The data owner cannot always stay online in practice, practice, in order to keep
the storage available and verifiable after a malicious corruption. They introduced a semi-trusted proxy into the system
model and provide an honour for the proxy to handle the compensation of the coded blocks and authenticators [3].
Zhihua Xia et. al., used a safe, effective and dynamic search system is proposed in which supports not only the correct
multi-keyword ranked search but also the dynamic deletion and insertion of documents. They build an extraordinary
keyword balanced binary tree as the index, and propose a Greedy Depth-First Search algorithm to obtain better
efficiency than linear search. It Give parallel search process can be carried out to reduce time cost. The security of the
scheme is protected against two threat models by using the secure k-nearest neighbour’s algorithm. The data owner
needs to store the unencrypted index tree and the information that is necessary to recalculate the inverse document
frequency values. Such an active data owner may not be very suitable for the cloud computing model. It could be a
meaningful, but difficult future work to design a dynamic, searchable encryption scheme whose updating operation can
be completed by a cloud server only, meanwhile reserving the ability to support multikeyword ranked search process
[4].
Zhangjie Fu et. al., used a statement of problem of personalized address the problem of personalized, multikeyword
ranked search over encrypted cloud data. By seeing the user search history, we build a user interest model for individual
users with the help of semantic ontology word net. They have studied and solved the problem of personalized multi-
keyword ranked search over encrypted data while preserving privacy in cloud computing. With the help of semantic
ontology word net, we build a user interest model for individual user by analysing the user’s search history, and adopt a
scoring mechanism to express user interest smartly. They have been addressed the limitations of the model of one size
fit all and keyword precise search. They proposed two personalized multi-keyword ranked search over encrypted
schemes for different search intentions [15]. Wide experiments on their real-world dataset authenticate their analysis
and show that our proposed solution is very efficient and effective. The proposed personalized search goals at
exploiting user information to permit search results better to meet the individual user’s search purpose. The overall
method is to build a user profile, which labels the user’s interests or preferences that can directly set by the user or
collected during the search history [5].
Yan Zhu et. al., Implemented a dynamic audit facility for confirming the integrity of an untrusted and outsourced
storage. Their audit service is based on the techniques, fragment structure, random sampling, and index-hash table,
supporting verifiable updates to outsourced data and timely anomaly detection. They proposed a technique based on
probabilistic query and periodic verification for enlightening the performance of audit services. Their experimental
results not only authenticate the effectiveness of our approaches, but also show our audit system verifies the integrity
with lower computation overhead and the needful less extra storage for audit metadata process [2].
SECURITY ISSUES
The security is a major issue in cloud computing. It is a sub domain of computer security, network security or else data
security. The cloud computing security refers to a broad set of policies, technology & controls deployed to protect data,

Volume 7, Issue 1, January 2019 Page 14

 IPASJ International Journal of Information Technology (IIJIT)
Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm
A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 7, Issue 1, January 2019 ISSN 2321-5976

application & the associated infrastructure of cloud computing. Some security and privacy issues that need to be
considered are as follows
1) Authentication: Only authorized user can access data in the cloud
2) Correctness of data: This is the way through which user will get the confirmation that the data stored in the cloud is
secure
3) Availability: The cloud data should be easily available and accessible without any burden. The user should access the
cloud data as if he is accessing local data
4) No storage Overhead and easy maintenance: User doesn’t have to worry about the storage requirement &
maintenance of the data on a cloud
5) No data Leakage: The user data stored on a cloud can accessed by only authorize the user or owner. So all the
contents are accessible by only authorize the user.
6) No Data Loss: Provider may hide data loss on a cloud for the user to maintain their reputation.
In cloud computing, cloud data storage contains two entities as cloud user and cloud service provider/ cloud server.
Cloud user is a person who stores large amount of data on cloud server which is managed by the cloud service provider.
User can upload their data on cloud without worrying about storage and maintenance. A cloud service provider will
provide services to cloud user. The major issue in cloud data storage is to obtain correctness and integrity of data stored
on the cloud. Cloud Service Provider (CSP) has to provide some form of mechanism through which user will get the
confirmation that cloud data is secure or is stored as it is. No data loss or modification is done
CHALLENGING ISSUES IN INFORMATION REPOSITORY AUDITING
Dynamic auditing
As the outsourced information is dynamic by nature, it is essential to construct a verifying convention that supports for
dynamic operations on outsourced information. Homomorphic authenticators are utilized in a public verification
method to accomplish a constant transmission overhead. In the earlier homomorphic authenticated procedures, the
chunk value was utilized in the course of authenticator estimation to prohibit distributed server to accomplish proof of
possession of proprietor’s information by adopting same authenticator. However the limitation of utilizing token value
is that they develop complexity in chunk insertion operations. Insertion of an information chunk needs to update
authenticated tags of all the subsequent information chunks, that is extremely idealistic in real cloud scenario. As a
result, to thoroughly accomplish dynamic operations token value has to be prevented in tag estimation. To realize this
condition, the classic Merkle Hash Tree (MHT) can be utilized. Leaf nodes of MHT are hashes of information file
chunks. All of the information chunks can be validated by verifying root value and utilizing auxiliary information.
Erway and his colleagues [9] introduced continued version of PDP framework namely vital provable information
possession advocating updating on the owner’s information. They discussed two mechanisms namely skiplist based and
MHT based authenticated dictionary.
Collaborative auditing
Numerous information sincerity verifying conventions that are relevant for a single cloud scenario has been recently
proposed (Ateniese and his colleagues [6]; Juels and Kaliski, [7]; Shacham and Waters, [8]) and they do not support
multi cloud environments. Today’s distributed repository frameworks support new Distributed File Systems (DFS) in
order to offer low cost and location independence to proprietor’s information. The benefit of such cooperative
frameworks is the repository and processing of enormous amount of proprietor’s information. Hence, highly efficient
auditing mechanisms are required for such systems. Collaborative auditing is the verification of proprietor’s
information over multi clouds. The challenging problems for the collaborative verification are
 The data transfer between distributed servers play an important role in cooperative verification. These
homomorphic verifiable responses decreases transmission costs considerably and also reveals the tangible
location of information outsourced in a multi-cloud surroundings. The advantage of using homomorphic
verifiable responses is that it reduces transmission costs considerably and also reveal the physical location of
information deployed in a multi cloud neighborhood
 Task assignment: The cooperative verifying conventions comprises of a TPA for verification and are
appropriate to multi-cloud environment. For an adept cooperative verifying convention, a candid third party
auditor is necessary.
 Security guarantee: information disclose assault and tag counterfeit assault are the two potential attacks in
collaborative auditing. These assaults may also pose threat to secrecy of information and also to ownership of
information. This verifying convention must present security guarantee for proprietor’s information. In
addition, in cooperative verification, the issues such as estimation complexity, repository overhead and system
applicability need to be addressed.

Volume 7, Issue 1, January 2019 Page 15

 IPASJ International Journal of Information Technology (IIJIT)
Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm
A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 7, Issue 1, January 2019 ISSN 2321-5976

Support for blockless verification

A verification scheme without the adoption of certification labels and signature aggregation mechanisms depends upon
the server to send the challenged chunks to assure the integrity. The drawback of this scheme is that there is more
transmission overhead at the server and also the effectiveness of verification scheme is affected. Although blockless
verification can improve adeptness of verification scheme and lower transmission overhead considerably, it may also let
the server to deceive. Assume the information proprietor desires to carry out any update operation say the information
proprietor desires to alter a chunk. It is viable that after the update operation the server is preserving prior information
and its signatures. As both the information and signatures are genuine, so the verifier may not be capable of
recognizing whether the information is updated precisely or not.
Privacy preserving
When information proprietor deploy information to the distant cloud or delegate the verification job to the trustworthy
third party, it is essential for them that the verifiers or cloud not be given the freedom to acquire intelligence of the
information content or be able to create a duplicate of the primary information. That is, most of the information
verification mechanisms for the cloud servers generally believe that the public verifier is a reliable delegate; however
such an irrelevant inference additionally leads to information leakage. Randomization of information chunks and labels
is a trivial mechanism to address the security problem to avoid label or information leakage throughout the auditing
phase.
Error localization
As per the survey of existing mechanisms, most of them yields binary results about verification of information
(Ateniese and his colleagues [6]; Juels and Kaliski, [7]; Shacham and Waters, [8]). The proprietor’s information is
appropriated over numerous servers; one realizes the repository status of information across multiple servers but no
information about the misconducting server.
Accountability
Usually, the distributed server is considered as semi-trusted party. The public verifier discloses the sincerity of
distributed server only. The verification record need to identify not only the correctness of information but also account
for the entity that is authoritative if any complication arises, including information proprietor, public verifier and
distributed server. There is a need to achieve accountability when all the entities are malignant.
Public honesty verification with group client repudiation
With information repository and distribution administration supplied by the cloud, customers can conveniently work
together as a cluster by distributing information with each other. For security reasons, when a customer quits the cluster
or misbehaves, the customer ought to be repudiated from the cluster. As a result, this repudiated customer need no
longer be able to retrieve and alter combined information, and the signatures created by this repudiated customer are no
longer legitimate to the cluster. Therefore, even though the content of collective information is not modified during
customer repudiation, the chunks, that were apriori signed by the repudiated customer, still needs to be re-signed by the
current customer in the cluster. Hence the sincerity of the entire information can still be proved with the public keys of
existent customers only. In this section we study the Public Honesty Verification with Group Client Repudiation.
CONCLUSION
Cloud Computing increases the ease of usage any service by giving access through any kind of internet connection. As
with these increased ease of usage followed drawbacks too. Data security is a key issue for cloud storage and is to be
considered very important. To ensure that the risks of data security have been mitigated a variety of techniques that
may be used in order to achieve security. This paper has addressed some secure approaches for overcoming the issues in
security on untrusted data servers in cloud computing.This paper categories the methodologies in the literature as
auditability schemes,auditing. This approach is fully sophisticated to give a secure and auditing framework by
considering all pros and cons to achieve highly security of data stored on cloud server that overcomes all the other
privacy concerns.
REFERENCES
[1] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, “Enabling public auditability and data dynamics for storage security
in cloud computing,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 5, pp. 747–859, 2011.
[2] yan zhu, gail-joon ahn, hongxin hu, stephen s. yau, ho g. an, and chang-jun hu” Dynamic audit services for
outsourced storages in clouds”, IEEE Transactions On Services Computing, vol. 6, no. 2, april-june 2013.
[3] J. Liu, K. Huang, H. Rong, and H. Wang, “Privacy-preserving public auditing for regenerating-code-based cloud
storage,” Information Forensics and Security IEEE Transactions on, vol. 10, no. 7, pp. 1513–1528, 2015.
[4] Z. Xia, X. Wang, X. Sun, and Q. Wang, “A secure and dynamic multi-keyword ranked search scheme over
encrypted cloud data,” IEEE Transactions on Parallel and Distributed Systems, vol. 27, no. 2, pp. 1–1, 2015.

Volume 7, Issue 1, January 2019 Page 16

 IPASJ International Journal of Information Technology (IIJIT)
Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm
A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 7, Issue 1, January 2019 ISSN 2321-5976

[5] Z. Fu, K. Ren, J. Shu, and X. Sun, “Enabling personalized search over encrypted outsourced data with efficiency
improvement,” IEEE Transactions on Parallel and Distributed Systems, pp. 2546–2559, 2016.
[6] G. Ateniese, R. Di Pietro, L. V. Mancini, and G. Tsudik, “Scalable and Efficient Provable Data Possession,” in
Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 1–9,
ACM, 2008.
[7] A. Juels and B. S. Kaliski Jr, “PORs: Proofs of Retrievability for Large Files,” in Proceedings of the 14th ACM
Conference of Computer and Communications Security, pp. 584–597, 2007.
[8] H. Shacham and B. Waters, “Compact Proofs of Retrievability,” Journal of Cryptology, vol. 26, no. 3, pp. 442–483,
2013.
[9] C. C. Erway, A. K¨upc¸ ¨u, C. Papamanthou, and R. Tamassia, “Dynamic Provable Data Possession,”
[10] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable Data Possession
at Untrusted Stores,” in Proceedings of the 14th ACM Conference on Computer and Communications Security,
pp. 598–609, 2007.
[11] Y. Zhu, H. Hu, G.-J. Ahn, and M. Yu, “Cooperative Provable Data Possession for Integrity Verification in
Multicloud Storage,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 12, pp. 2231–2244,
2012.
[12] C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public Auditing for Data Storage Security in Cloud
Computing,” in INFOCOM Proceedings, pp. 1–9, IEEE, 2010.
[13] K. Yang and X. Jia, “Data Storage Auditing Service in Cloud Computing: Challenges, Methods and
Opportunities,” World Wide Web, vol. 15, no. 4, pp. 409–428, 2012.
[14] T. Jiang, X. Chen, and J. Ma, “Public Integrity Auditing for Shared Dynamic Cloud Data with Group User
Revocation,” IEEE Transactions on Computers, vol. 65, no. 8, pp. 2363–2373, 2016.
[15] Z. Shen, J. Shu, and W. Xue, “Preferred keyword search over encrypted data in cloud computing,” In Proc. of 21st
International Symposium on Quality of Service (IWQoS’13), 2013.

Volume 7, Issue 1, January 2019 Page 17