data security framework for cloud computing networks
DESCRIPTION
TRANSCRIPT
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME
178
DATA SECURITY FRAMEWORK FOR CLOUD COMPUTING
NETWORKS
ABHISHEK PANDEY1, R.M.TUGNAYAT
2, A.K.TIWARI
3
1(Computer Science and Engineering, Dr.C.V.Raman University, Kota Road Bilaspur
Chhattisgarh, India, [email protected]) 2(Information Technology, Jawaharlal Darda Institute of Engineering & Technology,
Yavatmal Maharashtra,INDIA, [email protected]) 3(Information Technology, Disha College
Raipur, Chhattisgarh,INDIA, [email protected]
ABSTRACT
Cloud Computing is used for management of resources applications and information
as services over the cloud. The resources used in Cloud Computing are the resources that are
usually distributed as services. The cloud allows its services as a utility and because of the
flexibility in its architecture, exposes it to various security threats. Cloud allows the flow of
data to different environments which may not be trustworthy and hence opens up to various
security challenges. In this work we concentrate on the security issues related to cloud data
storage and provide an efficient way to secure the same.
Keywords : Cloud, Encryption, Security Model, Storage.
I. INTRODUCTION
The Cloud computing is highly scalable, dynamic and easily configurable more over
it can handle multitenant request simultaneously. The existence of the cloud environment has
provided an ease of deployment of large scale distributed systems for utilization of various
resources and services. The services in cloud (Service Models) is classified as Software as
Service (SaaS) where in the user is provided with an application or service that exists in the
cloud, secondly Platform as Service (PaaS) which provides the user an access to the platform
and third is Infrastructure as Service (IaaS) which leases the processing storage and other
computing resources to the user[1]. The primary ways in which the cloud can be deployed
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING
& TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 4, Issue 1, January- February (2013), pp. 178-181 © IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2012): 3.9580 (Calculated by GISI) www.jifactor.com
IJCET
© I A E M E
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME
179
(Deployment Models) are Public Cloud, which allows the user to utilize all the resources
(service and applications) available. The second way of deployment is Private cloud wherein
the user has complete control over the data and security. The third is Hybrid cloud which is a
combination of Private and Public cloud .
The cloud environment allocates the resources dynamically in response to the user’s request
and predesigned quality of service (QoS). With the adoptability of various technologies by
the cloud which includes various networks, operating systems, and databases opens it up to
various security threats. These issues can be abuse, malicious insiders, data loss and risk
profile [2,3].
II. THREATS TO CLOUD COMPUTING
Information security is a critical issue in cloud computing environments. Clouds have
no borders and the data can be physically located anywhere in any data centre across the
network geographically distributed. So the nature of cloud computing raises serious issues
regarding user authentication, information integrity and confidentiality. Applications
deployed on cloud undergo same kind of attacks as that on client-server model. SaaS based
applications are vulnerable to the virus . SaaS applications depend on web services and web
browser to deliver their services to user. They face security challenges arising out of network
infrastructure and web services .IaaS and PaaS services are hardware dependent and face
more, challenges arising out of characteristics of cloud computing, than SasS applications. To
handle these issues related with the security we can use Public key cryptography. Our major
concern in this work is deal with the security of the data storage in cloud.
The basic idea in cloud data storage is to protect the information/data from an unauthorized
access which may raise the possibility of various threats to it. The data stored in the cloud in
many ways is exposed to various threats which may result to data loss, corrupt data and also
there is a possibility that it may be disclosed. The scheme proposed focuses on these issues
and with the help of various cryptographic techniques we will try to secure the data in cloud
environment. This can be achieved by securing the storage when the data is in secured
environment before transferring it to an unsecured environment. This can be achieved by
various encryption algorithms available like asymmetric and symmetric algorithms but as the
performance of asymmetric is slow as compared to the later symmetric algorithms are mostly
preferred for the same [4]. The usage of encryption as a technique to secure data guarantees
the confidentiality of data and helps to detect any corruption in data [10,11,12].The existing
solution provided to overcome these issues either lack in scalability or generality [3].
III. DATA SECURITY MODEL
To overcome the problems stated above we propose a multi – tier cloud architecture
where in we deploy two/more clouds for securing the data stored in an effective manner. In
this approach one cloud is deployed as a “Secured Cloud” which will be responsible for all
the security concerns and the operations related to it whether it be encrypting the data or
providing a secured access to the data stored. The data stored in the “Secured Cloud” is then
moved to an unsecured environment where it is open for access to all. This 2-tier architecture
will help us to achieve enhanced performance in less computational power that a cloud offers.
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME
180
Fig.1- Two Tier Cloud Architecture
In the proposed scenario we use a fully Homomorphic encryption scheme as it allows any
party to publicly transform ciphertexts for some plaintexts π1,……..πn into a ciphertext for
some function f(π1, …………πn) of the plaintexts, without the party being aware of the
plaintexts. These schemes are useful for constructing privacy-preserving protocols which is
the basic requirement in cloud environment where in a user can store encrypted data on a
server, and allow the server to process the encrypted data without revealing the data to the
server. Homomorphic encryption schemes supported only a limited set of functions f, which
restricted their applicability. The theoretical problem of constructing a fully homomorphic
encryption scheme supporting arbitrary functions f, was only recently solved by the
breakthrough work of homomorphic Gentry [5,6,7,8].
A homomorphic encryption scheme Hom consists of four algorithms:
• KeyGen: Given security parameter λ¸, returns a secret key sk and a public key pk.
• Encryption(Enc): Given plaintext π Є f{0, 1} and public key pk, returns ciphertext Ψ.
• Decryption(Dec): Given ciphertext Ψ and secret key sk, returns plaintext π.
• Eval: Given public key pk, a t-input circuit C (consisting of addition and
multiplication gates modulo 2), and a tuple of ciphertexts (Ψ1….. Ψt) (corresponding
to the t input bits of C), returns a ciphertext Ψ(corresponding to the output bit of C).
Hom is said correct for a family C of circuits with ≤ t = Poly(λ) input bits if for any C Є C
and input bits (πi)i≤t, the following holds with overwhelming probability over the
randomness of KeyGen and Enc:Dec(sk; Eval(pk;C; (Ψ1…… Ψt))) = C(π1…… πt),where
(sk, pk) = KeyGen(λ) and Ψi = Enc(pk, πi) for i = 1….. t. Hom is said compact if for any
circuit C with ≤ t = Poly(λ) input bits, the bit-size of the ciphertext Eval(pk,C,(Ψ1…….Ψt)) is
bounded by a fixed polynomial b(λ).
While using an encryption technique, the key issue is that related to the systematic
management and usage of an encryption key generated to protect the data. These keys are the
vital part of the data being protected. The keys generated to protect the data are generally
stored with the data which provides an opportunity for the attacker to have an access both to
the key and the data being protected. The other approach used is to allow the user to have an
access to these data from any location till they are in trusted environment which again raises
the possibility to security being compromised as here the keys can be shared with the
multiple users [10,13]. In this approach, any existing Managed Private Cloud solution can be
used, but there is no consistency concerning the authenticity and correctness of the result. The
later approach aims to fill bridge this gap which relies on the less computational power that
cloud offers. In place of using only one cloud architecture to render a given service, two or
more clouds are deployed and used so as to verify the correctness of the result and to identify
an incorrect output[14].
Client
Secured
Cloud
Unsecured
Cloud
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME
181
IV. CONCLUSION
With the latest development in cloud computing, security issue has become an area of
great concern. This paper discusses the cloud computing environment safety issues through
analyzing a cloud computing framework i:e a cloud computing model for data security. As
we have shown in the paper, most cryptographic primitives are ready to be deployed for the
security. As a direct generalization of the problem of secure outsourcing one can look at the
case where a group of clients, that trust each other, want to use a cloud based computation
service that they do not fully trust. In this scenario, the proposed fully homomorphic
encryption schemes can be used. It is clear that the design of secure outsourcing computation
schemes is a very challenging research area.
REFERENCES [1] Peter Mell and Tim Grance, “The NIST Definition of Security Alliance (CSA). Cloud
computing”, October 7, 2009, version 15, National Institute of Standards and Technology (NIST).
[2] Jamil,Danish.Zaki ,Hassan. “Cloud Computing Security”. In International Journal of
Engineering Science and Technology.Vol.3 No.4April2011.
[3] Gens, F.New IDC IT Cloud Services Survey: Top Benefits and Challenges. In: IDC
eXchange (2009), http://blogs.idc.com/ie/?p=730.
[4] Narpat,S.Sekhawat et.al.” Cloud Computing Security through Cryptography for Banking
Sector”.In Proc. 2011 5th National Conference.INDIACom-2011.
[5] N. Gama and P. Q. Nguyen. Finding short lattice vectors within Mordell's inequality. In Proc.
of STOC, pages 207_216. ACM, 2008.
[6] N. Gama and P. Q. Nguyen. Predicting lattice reduction. In Proc. of Eurocrypt,volume 4965
of LNCS, pages 31_51. Springer, 2008.
[7] C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University,2009.
Manuscript available at http://crypto.stanford.edu/craig.
[8] C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. of STOC,pages
169_178. ACM, 2009.
[9] Yanpei Chen, Vern Paxson and Randy H. Katz, “What’s New About Cloud Computing
Security?” Technical Report No. UCB/EECS-2010-5,
http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html, Jan. 20, 2010.
[10] RSA, The Role of Security in Trustworthy Cloud Computing.
[11] Ebenezer A. Oladimeji, Security threat Modeling and Analysis: A goal-oriented approach,
2006.
[12] Ristenpart, Thomas and Tromer, Eran and Shacham, Hovav and Savage, Stefan, Hey, you, get
off of my cloud: exploring information leakage in third-party compute clouds, 2009.
[13] Shamir, Adi, How to share a secret Communication. ACM, 1979, 612—613.
[14] J. S. Plank and J. Luo and C. D. Schuman and L. Xu and Z. Wilcox-O'Hearn, A Performance
Evaluation and Examination of Open-Source Erasure Coding Libraries For Storage, 2009 .
[15] Suresh Kumar RG, S.Saravanan and Soumik Mukherjee, “Recommendations For
Implementing Cloud Computing Management Platforms Using Open Source” International journal
of Computer Engineering & Technology (IJCET), Volume 3, Issue 3, 2012, pp. 83 - 93,
Published by IAEME
[16] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security In Cloud Computing”
International journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012,
pp. 258 - 265, Published by IAEME