# Introduction

LOUD computing is undoubtedly the new era of computing. Industry experts believe that notion of perceiving cloud computing as a new technology Cloud computing services fall into three major categories-Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software-as-a-Service (SaaS). The software applications which are deployed from the cloud infrastructure provided by the cloud providers are accessed by the Software-as-a-Service (SaaS).The cloud providers manage and control the application so that the user does not need to own the software but rather pay for its use through a web API. Platform as a Service (PaaS) lets the users deploy their applications on the provider's cloud infrastructure using programming languages and tools supported by the provider. Finally, Infrastructure as a Service (IaaS) authorizes the deployment and the execution of an environment fully controlled by the user, typically a Virtual Machine (VM) -on the Cloud resources. Typically, the user should purchase the infrastructure such as software, data resource, server, network accessories in order to operate. But here, the user can directly purchase all these resources as outsourced services from directly from the cloud on "pay-as-youuse" basis. Thus, providing efficiency. Here, we focus on the security aspects of the third category of cloud services, i.e., IaaS platforms and more precisely on confidentiality and integrity issues. The problem arises when the user has to preserve the data confidential on the shared platform. Also, care must be taken that once deployed, the integrity of the environment is not corrupted by the mischievous acts.

A novel approach to protect IaaS platforms that confide on the approach established from the Trusted Computing Group (TCG) whichoffer a secured and reassuring environment with the hardware device called the Trusted Platform Module (TPM). TPM designates both the name of a specification detailing a secure crypto processor as well as the implementation of that specification, often called the TPM chip. TPM asserts the virtue of remote authentication and gets interacted with the symmetric key which can be used for various cryptographic purposes, from the protection of network communications to data encryption. In the IaaS context, it ensures that only the remote resource with which the user is communicating using the TCG protocol can interact with the ciphered data.

Zhidong et. al. [6] address the cloud computing security challenges by proposing a solution called the Trusted Computing Platform (TCP). Trusted cloud computing system is built using TCP as the hardware for cloud computing and it ensures privacy and trust. By design, TPMs offer a hardware root of trust bound to a single, standalone device. TPMs come equipped with encryption keys whose private parts never leave the TPM hardware chip, reducing the possibility those keys may be compromised. Assessing security protocols requires more than showing their robustness against a few use cases. Recent advances in automatic protocol analysis tools [4] allow to scale up the attack complexity against the analyzed protocol and detect design errors.

A TPM is a small tamper proof hardware chip embedded in most recent motherboards. This paper presents TPM with the portability, an extension of the TCG's model which possess an additional secret key to the TPM and shares the secret key with the cloud. Therefore, with this, the cloud can create and share the secret keys of TPM and data over multiple platforms which belongs to a single user.

The research mechanism is organized as follows. Section two discusses the related work. Our proposed work is discussed in section three. The experimental results and comparisons are presented in section four. Section four proves the experimental results of our proposed system. The concluding remarks are discussed in the last section of the paper.


# II.


# Related Work

Much work has been done in concern with security issues in Cloud Computing sector. Let us look into some of the survey which exists. [1] presentsc TPM, an extension of the TPM's design that adds an additional root key to the TPM and shares that root key with the cloud. As a result, the cloud can create and share TPM-protected keys and data across multiple devices owned by one user. Further, the additional key lets the cTPM allocate cloud-backed remote storage so that each TPM can benefit from a trusted real-time clock and high performance, non-volatile storage. This paper shows that cTPM is practical, versatile, and easily applicable to trusted mobile applications. By avoiding a clean-slate redesign, we sidestep the difficult challenge of re-verifying the security properties of a new TPM design. Here it demonstrates cTPM's versatility with two case studies: extending Pasture with additional functionality, and re-implementing TrInc without the need for extra hardware. Re-implementing TrInc without the need for extra hardware again causes with the core security issues.

The paper [3] present a novel secure auditing scheme for cloud computing systems. One major problem with auditing schemes is that they are vulnerable to the transient attack (also known as the timed scrubbing attack). This secure auditing scheme is able to prevent the transient attack via modification of the Linux auditing daemon -audit, which creates attestable logs. This scheme utilizes the System Management Mode (SMM) for integrity checks and the Trusted Platform Module (TPM) chip for attestable security. Specifically, it modifies the auditing daemon protocol such that it records a hash of eachaudit log entry to the TPM's Platform Configuration Register (PCR), which gives an attestable history of every command executed on the cloud server. Different from the existing auditing schemes, this scheme is capable of preventing the transient attack. It has achieved this by modifying the existing Linux auditing daemon as well as making use of existing software and hardware. This scheme can provide clients with greater assurance and trust in cloud computing services. System with Trusted Platform Module (TPM) [14] provides secure boot via the Core Root of Trust for Measurement as well as secure storage for the log file hashes via the Platform Configuration Registers. The CRTM is anextension of the BIOS which will be initialized first, measure parts of the BIOS block, and then pass control back over to the BIOS. Once the BIOS, boot loader, and OS kernel run and pass control to the OS, the expected configuration by examining the TPM's Platform Configuration Register. The main issue here is, any change to the code between CRTM and the OS running will result in anunseen PCR value. The SMRAM is to be properly setup by the BIOS at boot time and to remain tamper-proof from cache poisoning attacks as in [7]. To prevent these attacks, proper hardware configurations, such as System Management Range Register (SMRR) [9], should be used.

A key technology of cloud computing is virtualization, which can lead to reduce the total cost and increase the application flexibility. However along with the se benefits come added security challenges. The extension of Trusted Computing to virtual environments can provide secure storage and ensure system integrity. In [4], it describes and analyse several existing virtualization of TPM (vTPM) designs: softwarebased vTPM, hardware-based vTPM, para-virtualized TPM and property-based vTPM and analyse each of their limitations. Concerning about security is an important factor that affect the popularity of cloud computing. Incorporation of trusted computing into virtualized systems should significantly enhance cloud computing system security. In this paper, it briefly reviews the concepts virtualization and trusted computing, and proposal the requirements on a virtual TPM facility. It describes and analyse some existing vTPM designs. Finally, it discusses some open issues of the vTPM, using property-based attestation and secure VMvTPM migration protocols are the key research area sofvTPM in the future.

In [5], it proposes DF Cloud, a secure data access control method of cloud storage services to handle these problems found in the typical cloud storage service Drop box. DF Cloud relies on Trusted Platform Module (TPM) [19] to manage all the encryption keys and define a key sharing protocol among legal users. It assumes that each client is mobile device using ARM Trust Zone [13] technology. The DF Cloud server prototype is implemented using ARM Fast model 7. TPM is able to provide strong secure storage for sensitive data such as passwords. Although several commercial password managers have used TPM to cache passwords, they are not capable of protecting passwords during verification. This [8] proposes a new TPM-based password caching and verification method called Pwd CaVe. In addition to using TPM in password caching, Pwd CaVe also uses TPM during password verification. In Pwd CaVe, all password-related computations are performed in the TPM. Pwd CaVe guarantees that once a password is cached in the TPM, it will be protected by the TPM through the rest of its lifetime, thus eliminating the possibility that passwords might be attacked in memory. Pwd CaVe eliminates the time that passwords stay in the memory during verification, and therefore keep passwords from attacks in memory. Once a password is cached in the TPM, it will never be released out of the TPM, even in later password verification. Again which proves, the user himself cannot be able to change the password even in emergency situations, in which the password is compromised. Thus, not efficient.

In this [10], it address the issues by incorporating a hardware-based Trusted Platform Module (TPM) mechanism called the Trusted Extension Device (TED) together with the security model and protocol to allow stronger privacy of data compared to software-based security protocols. It demonstrates the concept of using TED for stronger protection and management of cryptographic keys and how the secure data sharing protocol will allow a data owner (e.g., author) to securely store data via untrusted Cloud services. Here, it prevents keys to be stolen by outsiders and dishonest authorised consumers. As part of our future work, this work has to improve the performance of this protocol to the extent that it will be feasible in the real-world scenario. It should also aim to incorporate larger data sizes. Furthermore, it must extend the current work to incorporate further data sharing control. In addition to security, most of the hardware that is being shipped today is equipped with the TPM which can be used for realization of trusted platforms. Recently several TPM attestation techniques such as binary attestation and property based attestation techniques have been proposed but there are some fundamental issues that need to be addressed for using these techniques in practice. In [11], it considers an architecture where different services are hosted on the cloud infrastructure by multiple cloud customers (tenants). Then it considers an attacker model that is specific to the cloud and some of the challenges with the current TPM based attestation techniques. In this model, the cloud service provider is used as the Certification Authority (CA) for the tenant virtual machines. The CA only certifies the basic security properties which are the assurance on the traffic originating from the tenant virtual machine and validation of the tenant virtual machine transactions. The components of the CA monitor the interactions of the tenant virtual machine for the certified properties. Since the tenant virtual machines are running on the cloud service provider infrastructure, it is aware of the dynamic changes to the tenant virtual machine. The CA can terminate the ongoing transactions and/or dynamically isolate the tenant virtual machine if there is a variation in the behaviour of the tenant virtual machine from the certified properties. Hence this model is used to address the challenges with the current TPM based attestation techniques and efficiently deal with the attacks in the cloud. This model still need to get extended with the functionality of the CA to certify the behaviour of the tenant virtual machines. Since the Node Controller is aware of the dynamic changes to the tenant virtual machine, it has to ensure that the certified properties are satisfied by the tenant virtual machines.

Group signatures have recently become important for enabling privacy-preserving attestation in projects such as Microsoft's NGSCB effort (formerly Palladium). Revocation is critical to the security of such systems. [15] construct a short group signature scheme that supports Verifier Local Revocation (VLR). In this model, revocation messages are only sent to signature verifiers (as opposed to both signers and verifiers). Consequently there is no need to contact individual signers when some user is revoked. This model is appealing for systems providing attestation capabilities. The signatures are as short as standard RSA signatures with comparable security. Security of our group signature (in the random oracle model) is based on the Strong Diffie Hellman assumption and the Decision Linear assumption in bilinear groups. Here, a precise model for VLR group signatures and discussed its implications. It has described a short group signature scheme where user revocation only requires sending revocation information to signature verifiers, a setup we call verifier-local revocation. Here, the signatures are short: only 141 bytes for a standard security level. They are shorter than group signatures built from the Strong-RSA assumption and are shorter even than BBS short group signatures [8], which do not support verifier-local revocation. There are still a number of open problems related to VLR signatures. Most importantly, is there an efficient VLR group signature scheme where signature verification time is sub-linear in the number of revoked users, without compromising user privacy.

Employs a TPM based method to providea minimum Trusted Code Base (TCB) in [12], which can be used to detect the modification of the kernel. It requires advanced hardware features such as Dynamic Root of Trust Measurement (DRTM) and late launch. The scheme is also directly vulnerable to the scrubbing attack because the measurement target is responsible for invoking the integrity measurement.

To overcome all these issues, we have proposed a portable hardware based security preserving model. Our scheme is different from theirs in that, our scheme offers more revocation capabilities than other schemes, and our scheme is built from the strong public key cryptographic assumptions whereas their scheme is constructed using bilinear maps. Thus, a high performance security model is proposed.


# III.


# Proposed System

Let us consider a case where a cloud provider, cloud users, a blacklisting controller and the cloud verifiers are concerned. The membership certificates for the cloud users are issued by the cloud provider. Membership certificates are blacklisted by the blacklisting controller. The cloud users in the system may vary and also users may access their data according to their need. Let us consider a hardware based authentication key in an ideal system. The operation carried out by the authentication keyKare initialize, register, membership approval and blacklisting.

In initialize phase, every entity is controlled by the controller which is indicated by the authentication key. Users are need to be registered. A user requests the authenticator with K and the authenticator asks the cloud provider whether the user can get registered. If the cloud provider agrees, the authenticator notifies the user that he can become a member.

In the membership approval phase, the authenticator sends a request that he wants to contact the verifier. With ??, it informs the verifier that user wants to perform the membership approval without revealing to the verifier who the authenticator is. The verifier chooses a message?? andsends ?? to the authenticator. If the authenticator is not a member,?? aborts. Otherwise, ?? tellsthe authenticator whether he has been blacklisted and asks him whether to proceed. If the authenticator does not abort, ?? lets the verifier know that a blacklisted user has signed the message ?? .Otherwise, ?? informs the verifier that ?? has been signed by a legitimate member.

Blacklist revokes the membership authentication. The blacklisting controller tells the authenticator to blacklist a user. If the user is not a group member, ?? denies the request. Otherwise, ?? marks the user as blacklisted.

A user who is not a member or is a member but has been blacklisted cannot succeed in membership approvaltoany verifiers. The verifier cannot identify who is the authenticator in a membership approval operation, thus proving anonymity. Blacklist causes verifiers to reject message assigned by a blacklisted user in an ideal system. In our protocol, if a user's private key is exposed and the cloud user is blacklisted, the signatures from this blacklisted cloud user become link able to an honest verifier. As a result, corrupted users who reveal their private keys and are blacklisted deliberately lose their privacy. Thus, an authenticator can check whether the user has been blacklisted from on the blacklist, before the user signs asignature and sends it to the verifier. If the authenticator finds out that the user has been blacklisted, he can choose to not proceed.

The security of our scheme relies on the public key cryptographic protocol and the Diffie-Hellman assumption. The public key cryptographic protocol is established as follows.

It is computationally infeasible, on input of a random modulus ?? and a random element ?? ? ð?"¸ð?"¸ ?? * compute values ?? > 1 and ?? such that ?? ?? ? ??(?????? ??) . In other words, for every probabilistic polynomial-time algorithm ??,
?[?? ? ??(1 ?? ), ?? ? ð?"¸ð?"¸ ?? * , (??, ??) ? ??(??, ??) ? ?? ?? ? ??(?????? ??)?1 < ?? < ??] = ??(??)(1)
where ??(1 ?? ) is an algorithm that generates a public keymodulusand??(??) is a negligible function.

Let ?? be an ?? ?? -bit prime and ?? is an?? ?? -bit prime such that??|?? ? 1 . Let ?? ? ð?"¸ð?"¸ ?? * be arandom element of order ??. Then, for sufficiently large values of ?? ?? and ?? ?? , the distribution {(?? ?? , ?? ?? , ?? ?? )} is computationally indistinguishable from the distribution {(?? ?? , ?? ?? , ?? ???? )} where ??, ?? and ?? are random elements fromð?"¸ð?"¸ ?? . It can beformally stated as, for every probabilistic polynomialtime algorithm ??, the Diffie-Hellman assumption is given by:
|B[??(??, ??, ??, ?? ?? , ?? ?? , ?? ???? ) = 1] ? B[??(??, ??, ??, ?? ?? , ?? ?? , ?? ?? ) = 1]| = ??(??)(2)
Where ??(??) a negligible function and the probabilities is are taken over the choice of ??, ??, ?? according to some generation function ??(1 ?? ) and the random choice of ??, ??, ??in ð?"¸ð?"¸ ?? .

Remote authentication of the hardware based authentication key is enabled in the cryptographic protocols. Here, it preserves the privacy of the cloud user which contains the key ??. This protocol consists of the cloud provider, authenticator who provides access issued by the cloud provider and the verifier who verifies with the authenticator. The authenticator consists of the portable key ?? which preserves the privacy for the cloud user. The protocol is constructed by the Camenisch-Lysyanskaya signature scheme, where it has two secret messages ?? 0 and ?? 1 , and attains the CLsignature (membership of the user)on ?? 0 and ?? 1 from the cloud provider through a secure protocol, and thus the user is verified by the verifier. Here, the authenticator chooses two random ?? ?? -bit secret messages ?? 0 and ?? 1 , then interacts with the cloud provider, and inthe end obtains (??, ??, ??) from the protocol such that ?? ?? ?? 0 ?? 0 ?? 1 ?? 1 ?? ?? ? ??(?????? ??) . The authenticator will check with verifier that the user is verified and possess the CL-signature on the values of ?? 0 and ?? 1 . This can be done by values (?? 0 , ?? 1 , ??, ??, ??) such that
?? ?? ?? 0 ?? 0 ?? 1 ?? 1 ?? ?? ? ??(?????? ??) .Let ?? = ?? 0 + ?? 1 2 ?? ?? the
authenticator also computes ?? ?= ?? ?? ?????? ??where?? is a generator of an algebra group wherecomputing discrete logarithms is infeasible, and proves to the verifier that the exponent ?? is related to?? 0 and ?? 1 . In this protocol, it can choose??: the value of ?? can be chosenrandomly by the authenticator, or can be derived from theverifier's name by using an appropriate hash function. If authentication key?? was found comprised and its private key ??, ??, ?? 0 , ?? 1 , ?? was exposed, the values ?? 0 and ?? 1 are extracted and put on a blacklist. The verifier can then check the public key ?? in thesignature against this blacklist by comparing it with ?? ?? 0 +?? 1 2 ?? ?? for all pairs?? 0 and ?? 1 on the black list. In our scheme, there are several types of entities: a cloud provider, cloud users, a blacklisting controller and verifiers. The cloud provider and blacklisting controller could be the same entity or separate entities. Our scheme builds in concern with the cryptographic protocol scheme and uses the Camenisch-Lysyanskaya signature scheme as underlying building block. To simplify our presentation, we modified the cryptographic protocol scheme in the following ways: 1) each user chooses a single secret ?? instead of two secrets, and 2) the signature operation is performed solely by the user (along with authentication key ?? ), instead of split by two separate entities (authentication key ?? and host in the cryptographic protocol scheme).

In the register phase, a cloud user chooses a secret message ?? and sends the cloud providera commit mentto ??, i.e., ?? ?= ?? ?? ?? ?? ? where?? ? is a value chosen randomly by the user to blind the ??. Also, the usercomputes ?? ?= ?? ?? ?? ?????? ?? , where ?? ?? is a number derivedfrom the cloud provider's basename. The user sends (??, ??) to the cloud provider. The provider then issues a membership for the user based on ?? . The cloud provider chooses a random integer ?? ?? and a random prime ?? , then computes?? such that?? ?? ???? ?? ?? ? ??(?????? ??) , and sends the user (??, ??, ?? ?? ) . The cloud provider also proves to the user that he computed ?? correctly.The CL signature on ?? is then??, ??, ?? ?= ?? ? + ?? ?? . The user'sprivate key is set to be(??, ??, ??, ??).A user can now prove that he is a valid memberby proving that he has a CL signature on the value ??.This can be done by values of ??, ??, ?? and ?? such that?? ?? ?? ?? ?? ?? ? ?? (?????? ??). Also, theuser computes ?? ?= ?? ?? ?????? ?? where ?? is a random basepicked up by the user, reveals ??and ?? , and proves thatlog ?? ?? is the same as the one in his private key. The value?? serves the purpose of blacklist. Same as in the cryptographic scheme, if a user's private key(??, ??, ??, ??) is compromisedand gets exposed to the public, ?? is put in the blacklist. The verifier can then check ?? in the signature against the blacklist by comparing it with ?? ?? ? for all?? ? in the blacklist. We refer this type of blacklist as private key-based blacklist and use?? ???????? to denote the blacklist of this type.

This scheme supports two additional blacklist methods, one is signature-based blacklist and the other is cloud provider-based blacklist. In signature-based blacklist, suppose a verifier received a signature from an authenticator and then decided that the authenticator was compromised. The verifier reports the signature to the blacklisting controller who later places(??, ??) of the signatureto the signature-based blacklist, where log ?? ?? is thesecret of the compromised authenticator. To prove membership, auser with private key (??, ??, ??, ??) now needs not only toprove the (??, ??, ??, ??) such that?? ?? ???? ?? ?? ? ??(?????? ??) but also to prove that ?? in his private key isdifferent fromlog ?? ?? ? for each??? ? , ?? ? ? pair in the signature-based blacklist. We use?? ???????? to denote the blacklist of this type. In the cloud provider-based blacklist, the provider obtained(??, ??)from a user when the user registers and laterdecided to revoke this user from some reason. The cloud provider sends(??, ??) to the blacklisting controller who places ?? to the cloud provider-based blacklist, where log ?? ?? ?? is the secret of the blacklisted user. To prove the membership of the user, a user needs to prove that ?? in his private keyis different from log ?? ?? ?? ? for each?? ? in the cloud providerbased blacklist. We use cloud provider ?? ???? to denote the blacklist of this type.


# a) Security

Let us consider the security parameters ?? ?? ?? ?? ?? ?? ?? ?? ? ?? ?? ?? ?? ?? ð??"ð??" ?? ?? ?? ?? and ?? ?? where?? ?? (2048) is the size of the public-key modulus, ?? ?? (208) isthe size of the ?? 's (user's secret, part of membership privatekey), ?? ?? (576) is the size of ??'s (exponent, part of membership private key), ?? ?? ? (128) is the size of the interval the ?? ? 's are chosen from, ?? ?? (2720) is the size of the ?? 's (random value, part of membership private key), ?? ?? (80) is the security parameter controlling the statistical property, ?? ð??"ð??" (256) is the output length of the hash function used for Fiat-Shamir heuristic, ?? ?? (80) is the security parameter needed for the reduction in the proof of security, ?? ?? (1632) is the size of the modulus ??, and ?? ?? (208) is the size of the order?? of the subgroup ofð?"¸ð?"¸ ?? * that is used for blacklist checking. We require that
?? ?? +?? ð??"ð??" + 2 + ??????{?? ?? , ?? ?? ? } < ?? ?? ?? ?? + ?? ?? ?? ð??"ð??" + ????????? ?? + ?? ?? + 3, ?? ?? + 2} < ?? ?? , ?? ?? = ?? ??(3)
The parameters ?? ?? and ?? ?? should be chosen such that the discrete logarithm problem in the sub group ofð?"¸ð?"¸ ?? * of order ?? with ?? and ?? being primes such that ?? ? [2 ?? ?? ?1 , 2 ?? ?? ? 1] and ?? ? [2 ?? ?? ?1 , 2 ?? ?? ? 1] , has about the same difficulty as factoring?? ?? -bit public-key modulus.


# b) Generating authentication keys

The key generation program also produces a noninteractive proof that the public key was formed correctly. Here we describe how the cloud provider chooses the public key and the user issuing private key. The later will guarantee the security properties, i.e., that privacy and anonymity of signatures will hold. 

It produces a non-interactive proof that??, ??, ??, ?? and ?? are computed correctly, i.e., ??, ?? ? ??? ? ? and ??, ??, ?? ? ????. This can be proved using the standard cutand-choose technique. The cloud provider generates a group of prime order as follows:it chooses random primes ?? and ?? such that ?? = ???? + 1 for some ?? with ??| ??, ?? ? [2 ?? ?? ?1 , 2 ?? ?? ? 1], and ?? ? [2 ?? ?? ?1 , 2 In addition to generating the user public key and user issuing private key, the cloud provider generates also a long term public private key pair (?? ?? , ?? ?? ?1 ). The cloud provider publishes the public key ??. This key is used for authentication between the cloud provider and any user who wants to become a registered member. Analogously, the blacklisting controller has long term public/private key pair(?? ?? , ?? ?? ?1 ). The blacklisting controller uses its key to sign the blacklist. c) Verification of the Cloud Provider's Public Key The user's public key is (??, ?? ? , ??, ??, ??, ??, ??, ??, ??, ??) and the proof that ??, ??, ??, ??, ?? are formed properly. Any user inthe system can verify the correctness of the group public key are as follows. Firstly, it verify the proof that??, ??, ?? ? ????and ??, ?? ? ??? ? ?. Then check whether ?? and ?? are primes,??| (?? ? 1), ?? ? ???1 ?? and ?? ?? ? 1(?????? ??). Later check whether all public key parameters have the required length.

If ??, ??, ??, ??, ?? are not formed correctly, it couldpotentially mean that the security properties for the usersdo not hold. However, it is sufficient if the users verify theproof that ??, ??, ??, ??, ?? are computed correctly only once. Also, if ?? does not generate a subgroup ofð?"¸ð?"¸ ?? * , the cloud provider could potentially use this to link different signatures. As argued in, it is not necessary to prove that ?? is a productof two safe primes for the anonymity of the users. In fact, itwould be very expensive for the cloud provider to prove that ?? is a safe-prime product.


# d) Registration

This is a protocol which runs between the cloud provider and auser. The public input to this protocol is the user public key (??, ?? ? , ??, ??, ??, ??, ??, ??, ??, ??) and the cloud provider's long-termpublic key ?? ?? and the cloud provider's basename ???????? ?? . The privateinput of the cloud provider is the user issuing private key. We assume that the user and the cloud provider have established an authentic channel, i.e., the user needs to make sure that he talks to the right cloud provider and the cloud provider needs to be sure that the user is allowed to register for the membership. Note that we do not require secrecy of the communication channel. Let ð??"ð??"(?) and ð??"ð??" ?? (?) be two collision-resistant hash functions: ð??"ð??"(?) ? {0,1} * ? {0,1} ?? ð??"ð??" and ð??"ð??" ?? ? {0,1} * ? {0,1} ?? ?? +?? ?? . In the register protocol, the user verifies that the user public key (??, ?? ? , ??, ??, ??, ??, ??, ??, ??, ??)is signed by ?? ?? . Then both the user and cloud provider computes ?? ?? ?= ð??"ð??" ?? (???????? ?? ) (???1)/?? ?????? ?? .The user chooses at random ?? ? ð?"¸ð?"¸ ?? * ; ?? ? ? {0,1} ?? ?? +?? ?? then computes ?? ?= ?? ?? ?? ?????? ?? and ?? ?= ?? ?? ?? ?? ? ?????? ?? . The user sends (??, ??) to the cloud provider. Therefore, the user proves to the cloud provider the knowledge of ?? and?? ? . He runs as the authenticator of the protocol with the cloud provider as the verifier.
?? = ?(??, ?? ? ) ? ?? ?= ?? ?? ?? ?? ? ?????? ?? ? ?? ? = ?? ?? ?? ?????? ?? ? ?? ? {0,1} ?? ?? +?? ?? + ?? ð??"ð??" +1 ? ?? ? ? {0,1} ?? ?? +?? ?? + ?? ð??"ð??" +1 ? Thus, ??????{??}(?? ?? )(5)
The cloud provider chooses a random ?? ?? ? [2 ?? ?? ?1 , 2 ?? ?? ? 1] and a random prime?? ? [2 ?? ?? , 2 ?? ?? + 2 ?? ?? ? ] and computes
?? ?= ? ?? ???? ?? ?? ? 1 ?? ? ?????? ??(6)
To convince the user that ?? was correctly computed,the cloud provider as authenticator runs the protocol
?????? ?(ð??"ð??") ? ?? ? ? ?? ???? ?? ?? ? ð??"ð??" ?????? ??? (?? ?? )(7)
with the host so that, a. The user chooses a random integer ?? ?? ? {0,1}  (10) and sends ?? ? , ?? ?? and (??, ??, ?? ?? ) to the user.

c. The user verifies whether ?? is a prime and lies
in[2 ?? ?? , 2 ?? ?? + 2 ?? ?? ? ], computes ?? ? ?= ?? ??? ? ? ?? ???? ?? ?? ? ?? ?? ?????? ??(11)
and checks whether
?? ? = ð??"ð??"??? ? ?? ? ?? ? ?? ? ?? ?? ? ?? ? ?? ?? ?? ?? ).
The user sets?? ?= ?? ?? + ?? ? and stores(??, ??, ??, ??) as itsmembership private key.

Same as in the cryptographic protocol scheme, the cloud provider proves to the user that ?? was formed correctly, i.e., ?? lies in ????. In above procedure, the cloud provider proves that ?? ? ????? ?1 ?? ??? ?? ? ð??"ð??" (?????? ??) for some value ð??"ð??" .Inthesetupprogram, the cloud provider proves that ?????? ? ???? .Since ?? ?= ?? ?? ?? ?? ? ?????? ?? , the user can conclude that ?? ? ???? . Thereason for requiring ?? ? ???? is to assure that later, in the membership approval protocol, ?? can be statistically hiddenin ????. Otherwise, an adversarial cloud provider could link signatures generated by users whose ?? does not lie in ????. Notethat schemes such as have prevented this byensuring that ?? is a safe-prime product and then made surethat all elements are members of ???? ?? . However, provingthat a modulus is a safe-prime product is rather inefficientand hence the setup of these schemes is not practical asour scheme.


# e) Membership Approval Protocol

The membership approval protocol is a protocol run by an authenticator and a verifier. It consists of login and verify. In the login step, the authenticator initializes the interaction with the verifier by sending a request to the verifier. There are three types of blacklist: privatekey-based blacklist, signature-based blacklist, and cloud provider-based blacklist. Therefore, the blacklist ?? contains three sublists, i.e.,?? = ??? ???????? , ?? ???????? , ?? ???? ? Let?? ???????? be the blacklist for private-key-based blacklist, in which each element is a value in ???? . Let ?? ???????? be the blacklistforsignature-based blacklist, in which each element is a pairof values in????. Let cloud provider ?? ???? be the blacklist for cloud provider-based blacklist, in which each element is a value in????. The blacklisting controller maintains the blacklist and regularly publishes the newest blacklisttoeveryone in the system, signed using his private key. Thatis, the blacklisting controller publishes ??? ???????? ? Let (??, ??, ??, ??) be the authenticator's private key. For each element (?? ?? , ?? ?? )in ??? ???????? ? , the authenticator checks whether ?? ?? ?? ? ?? ?? (?????? ??) . If there exists some ?? such that ?? ?? ?? ? ?? ?? (?????? ??), it means that the authenticator has been blacklisted, the authenticator aborts the membership protocol. Analogously, for each item ?? ?? in ?? ???? , the authenticator checks whether ?? ?? ?? ? ?? ?? (?????? ??) where ?? ?? is the base derived from the cloud provider's basename ???????? ?? . The authenticator quits the membership protocol if the check fails. Note that the authenticator can directly obtain ?? from the blacklisting controller and checks whether he has been blacklisted. However, it is not required for the authenticator to conduct such operation. Also note that it is the verifier's responsibility to obtain the latest blacklist from the blacklisting controller. If ?? ???????? and ?? ???? in the verifier's challenge are not the latest ones, then there is a chance that some blacklisted users may successfully perform membership proof to the verifier without being detected.

i. Login This step is run by the authenticator. The input to this program is the group public key,(??, ?? ? , ??, ??, ??, ??, ??, ??, ??, ??) the authenticator's private key (??, ??, ??, ??), the verifier's message ?? and nonce?? ?? , the signature-based blacklist ?? ???????? and the blacklist-based blacklist ?? ???? . The output to this program is a signature ?? produced by the authenticator. Firstly, the authenticator picks a random ?? ? ???? and two integers ??, ?? ? {0,1} ?? ?? +?? ?? and computes ? 1 ?= ???? ?? ?????? ?? , ? 2 ?= ?? ?? ?? ?? (?? ? ) ?? ?????? ??, ?? ?= ?? ?? ?????? ?? Then, the authenticator produces a signature of knowledge that ? 1 and ? 2 are commitments to the authenticator's private key and ?? was computed using the authenticator's secret ??. That is, the authenticator computes the signature of knowledge ?????????, ??, ??, ??, ??, ????, ????, ???? ? ??
? ? 1 ?? ?? ?? ?? ?? ?? ????? (?????? ??) ? ? 2 ? ?? ?? ?? ?? (?? ? ) ?? (?????? ??) ? 1 ? ? 2 ??? ?? ???? ?? ???? (?? ? ) ???? (?????? ??) ? ?? ? ?? ?? (?????? ??) ? ?? ? (0,1) ?? ?? +?? ?? +?? ð??"ð??" +1 ? (?? ? 2 ?? ?? ) ? {0,1} ?? ?? ? +?? ?? +?? ð??"ð??" +1 ???? ?? ? ???(12)
with the following steps: a. The authenticator picks random integers
?? ?? ? {0,1} ?? ?? +?? ?? +?? ð??"ð??" , ?? ?? ? {0,1} ?? ?? +?? ?? +?? ð??"ð??" ?? ?? ? {0,1} ?? ?? ? +?? ?? +?? ð??"ð??" , ?? ???? ? {0,1} ?? ?? +?? ?? +?? ð??"ð??" +1 ?? ?? , ?? ?? ? {0,1} ?? ?? +2?? ?? +?? ð??"ð??" , ?? ???? , ?? ???? ? {0,1}2 ?? ?? +?? ?? +2?? ?? +?? ð??"ð??" +1 b. The authenticator computes ? 1 ? ?= ? 1 ?? ?? ?? ?? ?? ?? ?? ?? ?? ??? ???? (?????? ??) ? 2 ? ?= ?? ?? ?? ?? ?? ?? (?? ? ) ?? ?? (?????? ??) ? 3 ? ?= ? 2 ??? ?? ?? ?? ???? ?? ?? ???? (?? ? ) ?? ???? (?????? ??) ?? ? ?= ?? ?? ?? ?????? ?? c. The authenticator computes ?? 1 ?= ð??"ð??"??? ? ?? ? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ? 1 ? ? 2 ? ? 1 ? ? ? 2 ? ? ? 3 ? ? ?? ? ? ?? ? ?? ?? ? d.
The authenticator computes(over the integers)  The authenticator produces a signature of knowledge that his private key has not been blacklisted in cloud provider ?? ???? . Let cloud provider ?? ???? = ??? 1 , ?? 1 , ? ?? ?? 3 ? . The authenticator computes the signature of knowledge
?? ?? ?= ?? ?? + ?? 1 ? ??, ?? ?? ?= ?? ?? + ?? 1 ? ??, ?? ?? ?= ?? ?? + ?? 1 ? (?? ? 2 ?? ?? ), ?? ?? ?= ?? ?? + ?? 1 ? ??, ?? ?? ?= ?? ?? + ?? 1 ? ??, ?? ???? ?= ?? ???? + ?? 1 ? ?? ? ??, ?? ???? ?= ?? ???? + ?? 1 ? ?? 2 , ?? ???? ?= ?? ???? + ?? 1 ? ?? ? ?? e. The?? 2 ?= ð??"ð??"??? ? ?? ? ?? ? ?? ? ?? ? ?? ? ? ?? 1 ? ?? 1 ? ?? 1 ? ?? ?1 ? ?? ? 1 ? ?? ? 1 ? ? ? ?? ?? 2 ? ?? ?? 2 ? ?? ?? 2 ? ?? ???2 ? ?? ? ?? 2 ? ?? ? ?? 2 ? ?? ? ?? ???????? ? ?? ?? ? d. For ?? = 1??????{(??) ? ?? ? ?? ?? (?????? ??) ? ?? 1 ? ?? 1 ?? (?????? ??) ? ? ? ?? ??3 ? ?? ?? ?? (?????? ??)}??? ?? ? ???
The authenticator outputs the signature ?? ?= (?? 1 , ?? 2 , ?? 3 ) and sends ?? to the verifier.

Observe that in the sign process, the authenticator proves the knowledge of ?? such that ?? ?? ? ?? (?????? ??) three times, one in each signature of knowledge. We could merge all three signatures of knowledge together such that the authenticator only needs to prove the knowledge of ?? once, thus couldimprove the performance of membership approvalslightly. When we present the above sign process, we choose to have three separate proof of knowledge protocols to make our protocol easier to read.


# ii. Verify

The group public key is (??, ?? ? , ??, ??, ??, ??, ??, ??, ??, ??, ), the message ??, the nonce ?? ?? , the corresponding signature ?? ?= (?? 1 , ?? 2 , ?? 3 ) , and the blacklist ?? = ??? ???????? , ?? ???????? , ?? ???? ? . The verifier verifies the signature asfollows:

1. The verifier verifies that ?? and ?? ?? are the message and the nonce he sent to the authenticator in the challenge step. The verifier also verifies (??, ??)in ?? 1 , ?? 2 and ?? 3 all matches. 2. The verifier verifies the correctness of iii.
?? 1 = ? ??, ??, ? 1 , ? 2 ,
The verifier verifies that 
?? 1 ?= ð??"ð??"??? ? ?? ? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ? 1 ? ? 2 ? ? 1 ? ? ? 2 ? ? ? 3 ? ? ?? ? ? ?? ? ?? ?? ?3?? 2 ?= ð??"ð??"??? ? ?? ? ?? ? ?? ? ?? ? ?? ? ? ?? 1 ? ?? 1 ? ?? 1 ? ?? ?1 ? ?? ? 1 ? ?? ? 1 ? ? ? ?? ?? 2 ? ?? ?? 2 ? ?? ?? 2 ? ?? ???2 ? ?? ? ?? 2 ? ?? ? ?? 2 ? ?? ? ?? ???????? ? ?? ?? ?
operation is split between a computationally weak device (denoted as the principal authenticator) and a resource a bundant but less-trusted host. Observe that if the host does not cooperate, then it is a denial of service. Thus, the host platform is trusted for performing its portion of computation correctly. However, the host is not allowed to learn the private key of the authenticator or to forge a signature without the principal authenticator's involvement. This model is used in the original cryptographic protocol scheme with a concrete security model. For our scheme, the same technique from can be applied. Let (??, ??, ??, ??) be the principal authenticator's private key. The principal authenticator sends (??, ??) to the host but keeps(??, ??). The signing operation in the membership approval can be conducted as follows:

1. The principal authenticator picks a random?? ? ???? and computes ?? ? ?? ?? (?????? ??) 2. The principal authenticator sends (??, ??) to the host. c. The host computes Note that the verification operation in the membership approval protocol will change slightly to be consistent with the signing operation. More specifically, the verifier now verifies Also note that the steps 3 and 4 cannot be outsourced to the host, because the host does not know the ?? value. As we shall discuss in the following Section, for implementing our scheme intamperresistant hardware devices, the blacklists (?? ???????? , ?? ???????? , ?? ???? ) expect to be very small, asthese blacklists only grow when there are physical attacks on these devices. g) Using TPM Hardware We could have the following benefits using the TPM hardware: 1) less computational work for trusted hardware device, 2) portability and 3) more efficient blacklist mechanism. The main design principle is that the host and the hardware jointly perform the Thus, the average computational overhead increase is ? 13???? which is very negligible when considering a highly secure cloud environment with the cryptographic protocols.
? ? 1 ?= ? ? 1ð?"?ð?"? ? 1 ?? ?? ?? ??? ???? (?????? ??) ? ? 2 ?= ?? ?? ?? ?? ?? ?? (?? ? ) ?? ?? (?????? ??) ? ? 3 ?= ? 2 ??? ?? ?? ?? ???? ?? ?? ???? (?? ? ) ?? ???? (?????? ??)?? ? ?= ?? ?? ?? ?????? ?? d. The host computes ?? ?? ?= ð??"ð??"??? ? ?? ? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ? 1 ? ? 2 ? ? 1 ? ? ? 2 ? ? ? 3 ? ? ?? ? ?

# Figure 3 : Average Cloud CPU Utilization

There must be the processing time of the virtual machines considered when accessing the cloud services. The average cloud CPU utilization is been depicted in milliseconds which is plotted in the above graph. For every user interaction with the cloud services, the CPU is utilized. Here, users are accessing the cloud with the portable TPM devices and the average cloud CPU utilization is plotted. As the users increase from 10 to 50, the processing time also increases. The average utilization of the CPU is found to be ? 35????.

Therefore from these results, we have established that the proposed model can be an effective, secure and optimum adaptable approach for portable TPM based user attestation architecture for cloud environment.

V.


# Conclusion

There is a growing demand for sharing data with a large number of consumers using the Cloud. One of the main issues with data sharing in such environments is the privacy and security of information. In particular, the issue of preserving confidentiality of the cloud data and also the need to keep the credentials while respecting the policies set out by the cloud provider. We mainly focused on data leakages that can occur in either client-side or server-side [17]. In this paper we have proposed novel property based attestation techniques for the cloud. We have designed a hardware based device which is portable for further security. We propose a portable device which is used in the authentication and verification of the cloud user. We have discussed our secure data sharing protocol, which allows highly confidential data sharing. The portable TPM based user attestation architecture for cloud environments model exploits client-side authentication with encryption technique to mitigate server-side data leakages such as malicious insider attack or exploiting vulnerabilities of server platform. Due to remote attestation protocol for verifying the client, we ensure that malicious behaviors cannot occur. Therefore, a user can access to cloud storage's contents in secure mobile environment and store user data to the remote server in encrypted form using securely created and managed data encryption key. We also developed a set of security models such as public key cryptographic protocols and carried out a security analysis on our protocol.

Asp.Net MVC is lightweight, provide full control over mark-up and support many features that allow fast & agile development. Hence it is best for developing interactive web application with latest web standards. Thus, our future work we will aim to improve the performance of our protocol based on the Asp.Net MVC Cloud architecture and thus providing security for SaaS cloud with the help of the portable TPM which will be feasible for the cloud users.

VI.
2015![Journal of C omp uter S cience and T echnology Volume XV Issue I Version I Year ( Portable Tpm Based User Attestation Architecture for Cloud Environments](image-2.png "Global) 2015 B")
1![The verifier first chooses a message ?? and a nonce ?? ?? ? {0,1} ?? ð??"ð??" . The verifier then sends to the authenticator ?? , ?? ?? , ??? ???????? ? ?? ?? ?1 and ??? ???? ? ?? ?? ?1 as the challenge. After the authenticator receives the challenges from the verifier, the authenticator verifies the content of ??? ???????? ? ?? ?? ?1 and ??? ???? ? ?? ?? ?1 using the blacklisting controller's public key ?? ?? .](image-3.png "1 .")
1![?= ð??"ð??"?ð??"ð??"??? ? ?? ? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ?? ? ? 1 ? ? 2 ? ? 1 ? ? ? 2 ? ? ? 3 ? ? ?? ? ? ?? ?? ? ? ?? ? ? ???](image-4.png "?? 1")
securekeyshareprotocolacrossmultipleusers/devices. There are several security issues in cloudstorage services, among these issues we mainlyfocused on data leakages that can occur in either clientside or server-side. DF Cloud exploit client-sideencryption technique, remote attestation for client platform, and hardware based key management to build asecure access environment. DF Cloud also supportsecure key sharing protocol across the multiple devicesor users. It implemented prototype on ARM Fast modelto emulate ARM Cortex-A15 core and OpenVirtualization's software stack in environment setup. Theperformance overhead is quiet high, but if it adoptssome optimization techniques such as shared memorybetween two World, then we can reduce overheadintroduced in our current implementation.
The cloudproviderchoosesapublic-keycryptographicmodulus ?? = ?? ?? ??? ]and computes?? ?= ?? ? ?? ?? ?????? ??; ?? ?= ?? ?? ?? ?????? ??; ?? ?= ?? ?? ?? ?????? ??;?? ?= ?? ? ?? ?? ?????? ??; ?? ?= ?? ?? ?? ?????? ??.
Portable Tpm Based User Attestation Architecture for Cloud Environments2015Year( ) BFinally, thecloudproviderpublishesthepublickey* suchthat ?? ? (???1)/?? ? 1(?????? ??) and sets ?? ?= ?? ? (???1)/?? ?????? ?? .(??, ?? ? , ??, ??, ??, ??, ??, ??, ??, ??) and the proof, and stores(?? ? ?? , ?? ? ?? ) as the user issuing private key.
? ?? 1 ?? (?????? ??) ? ? ? ?? ??2 ? ?? ??2 ?? (?????? ??)}??? ?? ? ???with the following steps:a. The authenticator chooses a random?? ? ð?"¸ð?"¸ ?? and computes ?? ? ?= ?? ?? ?????? ??.2015 Yearb. For ?? = 1, ? ?? 2 , the authenticator does the following: i. The authenticator chooses a random?? ?? ? ð?"¸ð?"¸ ?? .ii.The authenticator computes12?? ?? ?= ?? ?? ?? ?? ?????? ???? ?? ?= ?? ?? ?? ?? ?????? ??Volume XV Issue I Version I?? ?? ?= ?? ?? ?? ?? ?????? ?? The authenticator chooses a random integer ?? ?? ? ð?"¸ð?"¸ ?? The authenticator computes ?? ??? ?= ?? ?? iii. iv. ?? ?? ?????? ?? ?? ? ?? ?= ?? ?? ?? ?? ?????? ?? ?? ? ?? ?= ?? ?? ?? ?? ?????? ?? c. The authenticator computes( ) BGlobal Journal of C omp uter S cience and T echnology© 2015 Global Journals Inc. (US) 1

?asfollows:i.The verifier computes ?? ??? ?= ?? ?? + ?? 1 ? 2 ?? ?? andcomputes? ? 1 ?= ?? ??? 1 ? 1?? ?ii.The verifier verifies that??, ?? ? ????,?? ?? ?
,?? ? ?? ?= ?? ????? 1 ?? ?? ?? ?????? ??c. The verifier verifies that
(13)With the following steps:a. The principal authenticator chooses a randomintegers?? ?? ????? , ?? ???? ? {0,1}2 ?? ?? +?? ?? +2?? ?? +?? ð??"ð??" +1

			© 2015 Global Journals Inc. (US)
			© 2015 Global Journals Inc. (US) 1
		
		

			

## Acknowledgment

The authors would like to express their cordial thanks to Mr. Ashutosh Kumar and Mr. Kashyap Dhruve of Planet-I Technologies for their much valued support and advice.

			

			

ii. The verifier computes ?? ? ?= ?? ??? 3 ?? ?? ?? ?????? ?? ?? ??= ?? ??? 3 ?? ?? ?? ?????? ??, ?? ? ?= ?? ??? 3 ?? ?? ?? ?????? ?? 6. If all the verifications succeed, the verifier outputs succeed, otherwise outputs fail.

iii. Blacklist There are three sub lists in the blacklist:?? ???????? , ?? ???????? , and?? ???? . Initially, ?? ???????? and ?? ???????? are set to beempty, and ?? ???? is set to be {?? ?? } , where ?? ?? ? ?? ?? (???????? ?? )

???1 ?? ? ?????? ?? and ???????? is the cloud provider's basename.There are three ways to blacklist a cloud user. Firstly, when a user is compromised and his private key(??, ??, ??, ??) has been exposed (e.g., on the Internet orembedded into some software), the blacklisting controller verifies the correctness of this exposed key by checking ?? ?? ?? ?? ?? ?? ? ?? (?????? ??), then adds ??to ?? ???????? .

Secondly, when a verifier interacts with some compromised authenticator and finds the authenticator suspicious, the verifier reports the authenticator's signature?? ?= (?? 1 , ?? 2 , ?? 3 ) alongwith some other physical evidences to the blacklisting controller. After the blacklisting controllerverifies the evidences and correctness of ?? 1 , he adds (??, ??) in ?? 1 to ?? ???????? . Then finally, when the cloud provider wants to blacklist a cloud user (e.g., because that user leaves the group), the cloud provider sends (??, ??, ?) to the blacklisting controller, where the (??, ??, ?) tuple was obtained from the to-be-blacklisted user during the register protocol. The blacklisting controller verifies that correctness of ?and then adds ?? to cloud provider blacklist ?? ???? .

When the blacklisting controller renounces a user based on the signature of the user, it needs to make sure that the signature is valid. That is, the signature was signed by a group member. This is to prevent a malicious verifier fromadding arbitrary(??, ??) pair to?? ???????? . Similarly, when the blacklisting controller revokes a user based on (??, ??, ?) fromthe cloud provider, he needs to make sure that ? is a correct signature of knowledge. This is to prevent the (malicious) cloud provider from adding arbitrary ?? to?? ???? . Observe that, the cloud provider can always add new members, create new signatures, and later revoke the members that he created by herself. However, even though the malicious cloud provider can choose ?? of his choice, he has to know log ?? ?? in order to create a valid signature ?? or know log ?? ?? ?? to create a valid ?.This is a requirement in our security proof. After the blacklisting controller publishes the blacklist ??and signs using his private key?? ?? ?1 , everyone can verifythe authenticity of this blacklist using the blacklisting controller's public key ?? ?? . In practice, we may assume that the blacklisting controller is trusted. Then, the verifiers trust the blacklisting controller to construct the blacklist in a correct manner. In the model where the blacklisting controller is not completely trusted, the blacklisting controller also needs to publish a compromised private key for each item in ?? ???????? , a signature for each item in ?? ???????? , and a (??, ??, ?) tuple for each element in ?? ???? . The verifiers have to verify the correctness of each element in the blacklist in the same way as the blacklisting controller does. We show that that even if the blacklisting controller or the cloud provider has been corrupted by the adversary, the anonymity of the honest users is still guaranteed.

The initialize and register have the same performance as in the cryptographic protocol scheme. The cost of membership approval protocol has four parts: proof of knowledge of a membership private key, verification that the private key is not in ?? ???????? , proof that the private key does not appear in ?? ???????? ,and proof that the private key does not appear in?? ???? . The first part of the membership approval protocol is the same as the cryptographic protocol scheme and takes constant time for both the authenticator and verifier. The second part is also the same as the cryptographic protocol scheme and takes ?? 1 modular exponentiations for the verifier, where ?? 1 is the size of ?? ???????? . The third andfourth parts together take about 6?? 2 + 2?? 3 + ?? modul are xponentiations for both the authenticator and verifier, where ?? 2 and ?? 3 are the lengths of ?? ???????? and ?? ???? , respectively, and ?? is a small constant.Observe that the cost of membership approval is linear to the size of the blacklist and could be quite expensive if the blacklist becomes large. There are two possible ways to control the size of the blacklist. First, divide into smaller groups. If the group size is too big, the blacklist may become large as well. One way is to control the size of the blacklist is to have multiple smaller groups. If a group size was 10,000, and at most two percent of the users would get blacklisted, then the blacklist would have at most 200 items. The drawback of this method is that the verifier needs to know which group the authenticator is in, thus, learns more information about the authenticator. It is a trade-off between privacy and performance.

Second, issue a new group if the blacklist grows too big. If the size of the blacklist is above certain threshold (e.g., two percent of the group size), then the cloud provider can do a rekey process as follows: The cloud provider first creates a new group. Then, each user in the old group proves to the cloud provider that he is a legitimate member of the old group and has not been blacklisted, then obtains a new membership private key for the new group.


## Global Journal of C omp uter S cience and T echnology

Volume XV Issue I Version I Year ( )


## 2015


## B

Portable Tpm Based User Attestation Architecture for Cloud Environments membership approval as the authenticator. The host, if corrupted, could break the anonymity of the user but cannot get to know the user's membership private key. Because in any case, the host can pad some identifier to each message sent by the hardware device. Another advantage of using trusted hardware device is to have more efficient blacklist. Thus, a user is blacklisted in the following cases. The user's membership private key was removed from the trusted hardware device, and was published widely so that everyone knows this compromised private key, it's been blacklisted. When the user's membership private key was extracted from the trusted hardware device by the adversary. The cloud provider suspects that the user's hardware device was compromised, but has not obtained the user' sprivate key. Thus, blacklisted. The user's membership private key was extracted from the hardware device by the adversary. The blacklisting controller suspects that the hardware device was corrupted. The blacklisting controller obtains a signature from the corrupted device but has not obtained the private key becomes blacklisted. The cloud provider blacklists the user for some management reason, e.g., the user's membership expired. The user is blacklisted from transactions, more specifically the user abuses his group privilege and is blacklisted by the blacklisting controller after the user conducted a membership approval.


## IV.


## Experimental Study

The portable TPM based user attestation architecture for cloud environments model has been developed for highly authenticated and secured cloud computing environment. The system model presented has been developed on Visual Studio 2012 framework 4.0 with C#. The overall system has been developed and implemented with Microsoft Windows Azure platform.

We mainly focused on data leakages that can occur in the cloud environment. Portable TPM based user attestation architecture supports hardware-based key management by using TPM devices to provide better security and hence device portability is attained. Therefore, a user can access to cloud storage's contents in secure environment and securely store user data to the remote cloud server using this portable devices which provides added security.

The developed system has been simulated on live Microsoft Windows Azure cloud for different performance parameters like cloud memory utilization, user attestation overhead and the ?????? perspective for CPU utilization. The relative study for these all factors has been performed. This system or model performance has been verified for various user size with the assigned authentication devices and the effectiveness as well as performance parameters have been checked for its robustness justification. The above mentioned figure (Figure 1) depicts the cloud memory utilization in megabytes based on the respective set of cloud users from 10 to 50. Here, the memory utilization is computed based on the user which is able to access the cloud service through his credentials along with the additional authenticated device, TPM. Usually for users to access cloud, cloud providers may be concerned about the memory utilization of varied users. From the graph, it can be justified that not much memory is utilized with the additional security parameter. It clearly shows that even though the cloud users are 50, the cloud memory utilization is not differing much. Thus, memory computation is highly adaptive. Based on the simulated data, the graph (Figure 2) is plotted making the comparison of the user attestation overhead of our proposed system with portable TPM device against the user attestation without TPM. The computation overheads with and without TPM [18] is being evaluated in milliseconds. Without the external device it is obvious that the computation is of less value. Therefore, from the figure it is evaluated that the average computation overhead without the TPM device (without added security) is 5.58ms. The average computation overhead with the usage of TPM which provides additional security is evaluated to be 6.35ms.
			
			

				


* 
	
		
			SebastienBenoit Bertholon
		
		
			PascalVarrette
		
		
			Bouvry
		
		CERTICLOUD: a Novel TPM-based Approach to Ensure Cloud IaaS Security
				
			2011
		
	




* 
	
		Cloud Computing Security Threats and Responses
		
			Farzadsabahi
		
		10.1109/ICCSN.2011.6014715
	
	
		IEEE 3488 rd International Conference on Communication software and Networks(ICCSN)
				
			May 2011
			
		
	




* 
	
		An effective auditing scheme for cloud computing
		
			RHoulihan
		
		
			Xiaojiang Du
		
	
	
		Global Communications Conference (GLOBECOM)
				
			2012
		
	




* 
	
		
	
	
		IEEE
		
			1604
			
			Dec. 2012
		
	




* 
	
		
		
			XinWan
		
		
	




* 
	
		
		
			ZhitingXiao
		
		
	




* 
	
		Building Trust into Cloud Computing Using Virtualization of TPM
		
			YiRen
		
	
	
		Fourth International Conference on
				
			2012. 2-4 Nov. 2012
			63
			59
		
	




* 
	
		DFCloud: A TPM-based secure data access control method of cloud storage in mobile devices
		
			JaebokShin
			
				Cloud Com
			
		
		
			; Yungu Kim; Wooram Park; ChanikPark
			
				Cloud Com
			
		
	
	
		2012 IEEE 4th International Conference on
				
			Dec. 2012
			556
			
		
	




* 
	
		The Security of Cloud Computing System enabled by Trusted Computing Technology
		
			ZhidongShen
		
		
			QiangTong
		
		10.1109/ICSPS.2010.5555234
	
	
		2 International Conference on Signal Processing Systems
				Dalian, (ICSPS
		
			July 2010
			2
			
		
	
	Print




* 
	
		Getting into the SMRAM: SMM reloaded
		
			Duflot
		
	
	
		Proc. of the 10thCanSecWest conference
				of the 10thCanSecWest conference
		
			2009
		
	




* 
	
		
		
			HuaWang
		
		
			; Yao Guo; XiaZhao
		
		
	




* 
	
		Keep Passwords Away from Memory: Password Caching and Verification Using TPM
		
			XiangqunChen
		
	
	
		AINA 2008. 22nd International Conference on
				
			2008. March 2008
			762
			
		
	
	Advanced Information Networking and Applications




* 
	
		Software developer's manual
		
			ICorporation
		
		
			June 2009
			3
		
	
	System programming guide




* 
	
		
		
			Danan;Thilakanathan
		
		
			Chen
		
		
			;Shiping
		
		
			SuryaNepal
		
		
	




* 
	
		Secure Multiparty Data Sharing in the Cloud Using Hardware-Based TPM Devices
		
			RafaelACalvo
			
				CLOUD
			
		
		
			Liu
			
				CLOUD
			
		
		
			;Dongxi
			
				CLOUD
			
		
		
			JohnZic
			
				CLOUD
			
		
	
	
		2014 IEEE 7th International Conference on
				
			June 27 2014-July 2 2014
			231
			224
		
	




* 
	
		TREASURE: Trust Enhanced Security for Cloud Environments
		
			VVaradharajan
		
		
			UTupakula
		
	
	
		Trust, Security and Privacy in Computing and Communications (TrustCom)
				
			2012. June 2012
			152
			
		
	
	IEEE 11th International Conference on




* 
	
		Flicker: an execution infrastructure for TCB minimization
		
			JMccune
		
		
			BParno
		
		
			APerrig
		
		
			MReiter
		
		
			HIsozaki
		
	
	
		Proc. of the ACM European Conference on Computer Systems (EuroSys)
				of the ACM European Conference on Computer Systems (EuroSys)
		
			March. April 2008
		
	




* 
	
		ARM Securtiy Technology, Building a Secure System using Trust Zone Technology
		
			2009
		
	




* 
	
		TPM specifications version 1.2. https:llwww.trustedcomputinggroup. org/downloads/specifications/tpm
		
			July 2005
		
		
			Trusted Computing Group
		
	




* 
	
		Group Signatures with Veri fier -Local Revocation
		
			DanBoneh
		
		
			HovavShacham
		
	
	
		Proceeding of the 11th ACM conference on Computer and communications security
				eeding of the 11th ACM conference on Computer and communications securityNY
		
			2004
			
		
	




* 
	
		
		TPM
				
	




* 
	
		Using Data Encryption
		
			S3Amazon
		
		
		
	




* 
	
		Enabling Security in Cloud Storage SLAs with Cloud Proof
		
			RAPopa
		
		
			JRLorch
		
		
			DMolnar
		
		
			HJWang
		
		
			LZhuang
		
	
	
		Proceeding of the 2011 USENIX Annual Technical Conference
				eeding of the 2011 USENIX Annual Technical Conference
		
			June 2011