PREVENTING DATA LOSS EVEN WHEN THE SECURITY SYSTEM COMPROMISE

Storage as a service will diminish the risk of data storage but it leads to the era of data storage security. Studies show that multi cloud or inter cloud or clouds of cloud storage are eminent techniques which reduce the traditional risk of storage cloud. Replicating all data into numerous clouds will lead to monetary detriment as well as gigantic growth of electronic data. Inorder to overcome this horrible situation we have proposed a clouds tree to store ﬁ les into multiple locations. Clouds tree is a hierarchical arrangement of public CSPs. There is no interconnection or conﬁ guration be-tween CSPs but the relation is depends on ﬁ le storage. The ﬁ les which are more sensitive and capable to achieve business continuity are needed to store multiple locations. File splitting, encryption and storing different CSPs are the technique behind this work. Double or triple authentication schemes are provided to access sensitive or private data.


INTRODUCTION
Low cost and high availability are the key circumstances to magnetize the customers into storage cloud.The facilities of the cloud increase rapidly and the security threads and challenges growing exponentially [06].Studies and researches are conducted all over the world to overcome these uncertainties.The  A few countries introduce new frameworks to standardize the level of protection against threats and vulnerabilities unique to cloud computing.FedRAMP and C5 are the frameworks implemented in US and Germany respectively [01] .Authorization is a major issue while we store our private information into the cloud environment.Mobile based continuous user authentication system is introduced to ensure the protection of cloud service users [03].The cloud service providers also offer different levels of security to user's data.As the cloud users have lost the control over the data, it is necessary to exhibit its security mechanisms to increase the trust and transparency of the cloud consumers.Data auditing and monitoring mechanisms help to detect and demonstrate security fl aws [04].The security fl aws [14] are always a nightmare to outsource data [15].Researchers have addressing all the security issues related to data security.Some of the researches include work fl ow scheduling [09]; secure data sharing [10] , privacy preserving storage and retrieval in multi cloud [11] etc is focusing cloud data security in single and multi cloud environments.We can't make a single framework to focus all issues.The only solution is to manage available technologies in a hasty manner.Here, we have address the major security factors such as confi dentiality, integrity and availability.

RELATED WORKS
M. A. Aman and E.K.Cetinkaya in 2017 proposed [02] a cloud security system which addresses the performance of cloud based backup services.This system focuses three dimensional services to the backup data.The services include selection of encryption intensity, safe duplication and querying on encrypted data.The user has a facility to select the strength of encryption standard of their fi les. A. F.Barsoum and M.A. Hassa in 2015 proposed [05] a model describing multicopy dynamic data procession.Most of the cloud consumers opted data outsourcing is to ensure the availability and business continuity.The cloud services are using pay -as-you-go model, monetary loss is less compared with the data processing, handling and storing charges.More consumers were demanded to store their data into multiple data centers to increase the level of scalability, durability and availability.The customers have to be trusted to the CSP that the service contract will be followed.The map-based provable multicopy dynamic data possession (MB-PMDDP) scheme ensures by replicating data into number of locations, outsourcing and updating of dynamic data and authorized users can seamlessly access the fi le copies in different locations.Y.Chen et.al in 2015 proposed [07] network coding system to ensure data recovery with high reliability compared to the existing erasure coding and replication methods.As the cloud data centers are located all over the world, it easy to eavesdropped repaired data anywhere in the network from local datacenter to its remote backup site.This process is called link eavesdropping and is clearly mentioned here.The network coded cloud storage system uses a small repair bandwidth and a symmetric design methodology to identify the data recovery system parameters for specifi c security level.S.Namasudra and P.Roy in 2017 proposed [08] a cloud security model which focuses data security and access control issues in cloud computing.Access control means that user can avail any type of resources from the server.The key issues addressed to improve the effi ciency of data access control models are high searching time for providing public key of the data owner, high data accessing time, maintenance of database, etc. A. Bessani et.al in 2013 proposed [13] a novel storage system DEPSKY, Dependable and secures storage in a cloud-of-clouds.It is a combination of individual commercial clouds for the purpose of data storage.DEPSKY can be accessed by invoking equivalent operations in a group of individual clouds.It addresses the major limitations of single cloud such as loss of availability, loss and corruption of data [16],loss of privacy and vendor lock-in.DEPSKY is an application of multi cloud which helps to improve the availability, integrity and confi dentiality of the data stored in the cloud through encryption, encoding and replication of the data on various clouds that form a cloud-of-clouds.The deployed system has four commercial clouds and used a Planet Lab to support client's usage from different countries.The performance of DEPSKY is very high compared to single cloud service providers but the monetary costs of using DEPSKY is twice the cost compared with single cloud.M. A. AlZain et.al in 2012 has conducted a paper survey [17] related to the security and performance of single cloud and multi clouds such as cloud-of-clouds.This survey concludes that as the performance and security of the multi cloud is high compared with single cloud but it receives less attention from research community.This paper focused to promote the use of multi-clouds due to its capability to diminish security threats that affect the users.Bowers et.al in 2009 proposed [18] a protocol named High Availability and Integrity (HAIL) to controls multiple clouds.It is a distributed cryptographic system which allows a set of servers to ensure that the client's stored data is retrievable and integral.HAIL provides a software layer which concentrates on availability and integrity of the stored data in an inter-cloud but it does not offers an assurance of confi dentiality.

PROPOSED SYSTEM
The traditional security concerns which are stay alive with 126 Renu S -Preventing data loss even when the security system compromise different names that are unauthorized disclosure, unauthorized modifi cation, unauthorized access, and data loss.The entire security threats are related to these features with varying proportions.It is not possible to ensure analogous security to all the fi les which are outsourced from the organization.We have concentrated a security system which ensures protection from data loss even when the security system or the CSPs get compromise.A complete security package needs proper solution for Data classifi cation, Encryption, Data Storage and Data Access.We can use an automated fi le classifi er to classify organizational data into four main categories such as Sensitive, Private, Protected and Public was proposed by Renu.S and Dr.S H Krishnaveni in 2017 [12].The loss of Sensitive and Private Files may cause the existence, reputation, fi nancial loss etc of the organization.An effective encryption scheme, Key management and integrity check are the necessary requirement of ensuring confi dentiality of the fi le.A combined encryption scheme is effective to encrypt different fi les with same security.Combined approach means combining different encryption schemes make a crypto structure for each fi le and map structure with fi le-ids.As the numbers of sensitive fi les are less, developing crypto structure to each fi le is effortless.An intelligent cryptographic approach may reduce the risk of data replication, insider attack, outside attack, business continuity etc.A dummy fi le is also encrypted and combines with the encrypted sensitive fi le blocks.Let F be a sensitive fi le with security code 111 and K1 be a key for encryption.The cipher texts C1 and C2 contains number of small blocks, Combine fi le blocks by using any one of the available function.Create a mapping table which contains fi le id, security code, keywords for searching the fi le blocks and user permissions.Let 'key' be a variable used to be searched for fi le searching.A Hash function is applied to the key value and is appended with the data blocks before sending to the cloud storage.

Figure 4: Appending a hash function with Cipher blocks
Let S be a fi le which contains cipher texts of original fi le, dummy fi le and hash value of keywords used for fi le searching.It will be more secure to send each fi le block into separate CSPs.Studies show that multi cloud or inter cloud or clouds of cloud storage are eminent techniques which reduce the traditional risk of storage cloud.Storing fi les into multiple locations will enhance the availability, business continuity, integrity, data backup etc.As the cloud systems are pay -as-you-go model, replicating the entire data into number of storage clouds will leads to monetary loss.Replicating every fi le into number of clouds is superfl uous and futile.Replicating essential and available fi les is a must to highlight availability and business.

CLOUD TREE
Cloud tree is an arrangement of number of single CSPs in a hierarchical order.Before arranging clouds in a tree we have to execute a detailed study about the security features, pricing, SLA, and all other functions related to storage.The most suitable cloud is set as the root of the tree.Here, we have set a cloud tree with seven individual CSPs.

Figure 5: Cloud tree
There is no internal or external confi guration with the selected CSPs, but the relationship is resided in storage management.We can use different information management technique to store fi les into number of locations.Mapping tables keep the information for entire sensitive fi les.Cloud trees are focused to prevent internal attacks.The arrangements of cloud tree kept secret and use path values or cloud id to store fi les into public clouds.

FILE SEARCHING
We wouldn't permit fi le searching outside the organization.A hash value of the fi le searching keyword is appended with the cipher text blocks.User request is processed and the hash value is send to the corresponding cloud storage.Direct searching is performed at the cloud service provider and the link is enabled to download the corresponding fi le.A link which includes an encryption application to encrypt the corresponding fi le is also enabled for the user.We use different combinations of encryption techniques for each fi le.

ACCESS CONTROL MECHANISMS
Each cloud has different access control mechanisms.CSPs having confi dential data have executed compact access control mechanisms.Sensitive and protected data have high confi dentiality, a double or triple authentication method is a must to access these types of data.User name and password and fi le permissions are kept in advance.
A triple authentication method is used to access critical data from the cloud storage.No fi le searching or key searching is permitted at the cloud.User having permission to access critical data has previously obtains a user name and password for logged in and a separate password for fi le access.User sends username and password to logging his account.After a successful verifi cation send an OPT to users available mobile number.User resends his access password with OTP for next level authentication.Data manager check the fi le access permission to the user and after a successful authentication a link is enabled and user can download the fi le through this link.A single authentication is enough to ac-cess fi le having low confi dentiality.Data Manager is a person who has the authority to send and retrieve fi les from and to the cloud server.

Analysis
Petri net tools are enough to analyze the workfl ow of fi le process and fi le access techniques.

WORKFLOW ANALYSIS
Analysis of the processing of fi le before outsourcing is analyses with Petri net tools.We can calculate the percentage of data loss if our CSP compromise.

Figure 9: % of data loss even when the CSPs compromise
Let us make a security analysis of a fi le of size 1GB, single CSP store complete fi le into one CSP, Multi-cloud store complete fi le into multiple CSPs, However clouds tree divide fi le into two equal halves and stored into two different CSPs.Entire storage techniques use strong encryption techniques and access control methods to ensure complete security.However, we will expect the possibility of breaking the security.Proposed system ensures security even when any of the CSPs compromise.
Figure 15 shows the rate security attack of different storage system even when CSP compromise.As the fi le size of the outsourced fi le increases, data attack\CSP also increases.

DISCUSSIONS
In this section, we can make a functionality analysis of our security system.
• As we are using number of clouds, a through market analysis is possible which helps to identify the functionalities and security services provided by different CSPs.• Data ownership change is a security threat and can be eliminated by multiple storage facilities, i.e., if any CSP is making ownership problem we can update erroneous data and cancel the agreement with them.• The possibility of changing the jurisdiction issues can be reduced.Only critical data is stored into multiple locations and which will not cause huge monetary loss.
• As same data is stored into multiple locations, it is easy to check integrity or unauthorized alteration.• Multiple locations help disaster recoveries which enrich business continuity.• Only available fi les are kept in multiple locations which reduces the gigantic growth of e-data.• Strong encryption technique is executed to data before outsourcing.No decryption is performed outside the organization.

CONCLUSION
This research shows that we can make a secure data storage environment with available resources.Management of technology is a key concept to ensure data security.Strong encryption and fi le access technique guarantee security up to a level.The work shows that data attacks and outsourced fi le size are directly proportional.As the percentage of outsourced fi le increases, the data attacks also increases.Controlling the size of outsourced fi le can make a great impact in data security even when the security system compromise.

Figure1:
Figure1: Encryption Original FileC1 is the cipher text of original sensitive fi le.Let D be a dummy fi le with key K2 and C2 be the cipher text after encryption.

Figure 2 :
Figure 2: Encryption of Dummy fi le

Figure 6 :Figure 7 :
Figure 6: Access control Process with Operator Coloring

Table 1 :
Example File Mapping table