data security framework for cloud computing networks

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-

6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 1, January- February (2013), © IAEME

178

DATA SECURITY FRAMEWORK FOR CLOUD COMPUTING

NETWORKS

ABHISHEK PANDEY1, R.M.TUGNAYAT

2, A.K.TIWARI

3

1(Computer Science and Engineering, Dr.C.V.Raman University, Kota Road Bilaspur

Chhattisgarh, India, [email protected]) 2(Information Technology, Jawaharlal Darda Institute of Engineering & Technology,

Yavatmal Maharashtra,INDIA, [email protected]) 3(Information Technology, Disha College

Raipur, Chhattisgarh,INDIA, [email protected]

ABSTRACT

Cloud Computing is used for management of resources applications and information

as services over the cloud. The resources used in Cloud Computing are the resources that are

usually distributed as services. The cloud allows its services as a utility and because of the

flexibility in its architecture, exposes it to various security threats. Cloud allows the flow of

data to different environments which may not be trustworthy and hence opens up to various

security challenges. In this work we concentrate on the security issues related to cloud data

storage and provide an efficient way to secure the same.

Keywords : Cloud, Encryption, Security Model, Storage.

I. INTRODUCTION

The Cloud computing is highly scalable, dynamic and easily configurable more over

it can handle multitenant request simultaneously. The existence of the cloud environment has

provided an ease of deployment of large scale distributed systems for utilization of various

resources and services. The services in cloud (Service Models) is classified as Software as

Service (SaaS) where in the user is provided with an application or service that exists in the

cloud, secondly Platform as Service (PaaS) which provides the user an access to the platform

and third is Infrastructure as Service (IaaS) which leases the processing storage and other

computing resources to the user[1]. The primary ways in which the cloud can be deployed

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING

& TECHNOLOGY (IJCET)

ISSN 0976 – 6367(Print)

ISSN 0976 – 6375(Online)

Volume 4, Issue 1, January- February (2013), pp. 178-181 © IAEME: www.iaeme.com/ijcet.asp

Journal Impact Factor (2012): 3.9580 (Calculated by GISI) www.jifactor.com

IJCET

© I A E M E



179

(Deployment Models) are Public Cloud, which allows the user to utilize all the resources

(service and applications) available. The second way of deployment is Private cloud wherein

the user has complete control over the data and security. The third is Hybrid cloud which is a

combination of Private and Public cloud .

The cloud environment allocates the resources dynamically in response to the user’s request

and predesigned quality of service (QoS). With the adoptability of various technologies by

the cloud which includes various networks, operating systems, and databases opens it up to

various security threats. These issues can be abuse, malicious insiders, data loss and risk

profile [2,3].

II. THREATS TO CLOUD COMPUTING

Information security is a critical issue in cloud computing environments. Clouds have

no borders and the data can be physically located anywhere in any data centre across the

network geographically distributed. So the nature of cloud computing raises serious issues

regarding user authentication, information integrity and confidentiality. Applications

deployed on cloud undergo same kind of attacks as that on client-server model. SaaS based

applications are vulnerable to the virus . SaaS applications depend on web services and web

browser to deliver their services to user. They face security challenges arising out of network

infrastructure and web services .IaaS and PaaS services are hardware dependent and face

more, challenges arising out of characteristics of cloud computing, than SasS applications. To

handle these issues related with the security we can use Public key cryptography. Our major

concern in this work is deal with the security of the data storage in cloud.

The basic idea in cloud data storage is to protect the information/data from an unauthorized

access which may raise the possibility of various threats to it. The data stored in the cloud in

many ways is exposed to various threats which may result to data loss, corrupt data and also

there is a possibility that it may be disclosed. The scheme proposed focuses on these issues

and with the help of various cryptographic techniques we will try to secure the data in cloud

environment. This can be achieved by securing the storage when the data is in secured

environment before transferring it to an unsecured environment. This can be achieved by

various encryption algorithms available like asymmetric and symmetric algorithms but as the

performance of asymmetric is slow as compared to the later symmetric algorithms are mostly

preferred for the same [4]. The usage of encryption as a technique to secure data guarantees

the confidentiality of data and helps to detect any corruption in data [10,11,12].The existing

solution provided to overcome these issues either lack in scalability or generality [3].

III. DATA SECURITY MODEL

To overcome the problems stated above we propose a multi – tier cloud architecture

where in we deploy two/more clouds for securing the data stored in an effective manner. In

this approach one cloud is deployed as a “Secured Cloud” which will be responsible for all

the security concerns and the operations related to it whether it be encrypting the data or

providing a secured access to the data stored. The data stored in the “Secured Cloud” is then

moved to an unsecured environment where it is open for access to all. This 2-tier architecture

will help us to achieve enhanced performance in less computational power that a cloud offers.



180

Fig.1- Two Tier Cloud Architecture

In the proposed scenario we use a fully Homomorphic encryption scheme as it allows any

party to publicly transform ciphertexts for some plaintexts π1,……..πn into a ciphertext for

some function f(π1, …………πn) of the plaintexts, without the party being aware of the

plaintexts. These schemes are useful for constructing privacy-preserving protocols which is

the basic requirement in cloud environment where in a user can store encrypted data on a

server, and allow the server to process the encrypted data without revealing the data to the

server. Homomorphic encryption schemes supported only a limited set of functions f, which

restricted their applicability. The theoretical problem of constructing a fully homomorphic

encryption scheme supporting arbitrary functions f, was only recently solved by the

breakthrough work of homomorphic Gentry [5,6,7,8].

A homomorphic encryption scheme Hom consists of four algorithms:

• KeyGen: Given security parameter λ¸, returns a secret key sk and a public key pk.

• Encryption(Enc): Given plaintext π Є f{0, 1} and public key pk, returns ciphertext Ψ.

• Decryption(Dec): Given ciphertext Ψ and secret key sk, returns plaintext π.

• Eval: Given public key pk, a t-input circuit C (consisting of addition and

multiplication gates modulo 2), and a tuple of ciphertexts (Ψ1….. Ψt) (corresponding

to the t input bits of C), returns a ciphertext Ψ(corresponding to the output bit of C).

Hom is said correct for a family C of circuits with ≤ t = Poly(λ) input bits if for any C Є C

and input bits (πi)i≤t, the following holds with overwhelming probability over the

randomness of KeyGen and Enc:Dec(sk; Eval(pk;C; (Ψ1…… Ψt))) = C(π1…… πt),where

(sk, pk) = KeyGen(λ) and Ψi = Enc(pk, πi) for i = 1….. t. Hom is said compact if for any

circuit C with ≤ t = Poly(λ) input bits, the bit-size of the ciphertext Eval(pk,C,(Ψ1…….Ψt)) is

bounded by a fixed polynomial b(λ).

While using an encryption technique, the key issue is that related to the systematic

management and usage of an encryption key generated to protect the data. These keys are the

vital part of the data being protected. The keys generated to protect the data are generally

stored with the data which provides an opportunity for the attacker to have an access both to

the key and the data being protected. The other approach used is to allow the user to have an

access to these data from any location till they are in trusted environment which again raises

the possibility to security being compromised as here the keys can be shared with the

multiple users [10,13]. In this approach, any existing Managed Private Cloud solution can be

used, but there is no consistency concerning the authenticity and correctness of the result. The

later approach aims to fill bridge this gap which relies on the less computational power that

cloud offers. In place of using only one cloud architecture to render a given service, two or

more clouds are deployed and used so as to verify the correctness of the result and to identify

an incorrect output[14].

Client

Secured

Cloud

Unsecured

Cloud



181

IV. CONCLUSION

With the latest development in cloud computing, security issue has become an area of

great concern. This paper discusses the cloud computing environment safety issues through

analyzing a cloud computing framework i:e a cloud computing model for data security. As

we have shown in the paper, most cryptographic primitives are ready to be deployed for the

security. As a direct generalization of the problem of secure outsourcing one can look at the

case where a group of clients, that trust each other, want to use a cloud based computation

service that they do not fully trust. In this scenario, the proposed fully homomorphic

encryption schemes can be used. It is clear that the design of secure outsourcing computation

schemes is a very challenging research area.

REFERENCES [1] Peter Mell and Tim Grance, “The NIST Definition of Security Alliance (CSA). Cloud

computing”, October 7, 2009, version 15, National Institute of Standards and Technology (NIST).

[2] Jamil,Danish.Zaki ,Hassan. “Cloud Computing Security”. In International Journal of

Engineering Science and Technology.Vol.3 No.4April2011.

[3] Gens, F.New IDC IT Cloud Services Survey: Top Benefits and Challenges. In: IDC

eXchange (2009), http://blogs.idc.com/ie/?p=730.

[4] Narpat,S.Sekhawat et.al.” Cloud Computing Security through Cryptography for Banking

Sector”.In Proc. 2011 5th National Conference.INDIACom-2011.

[5] N. Gama and P. Q. Nguyen. Finding short lattice vectors within Mordell's inequality. In Proc.

of STOC, pages 207_216. ACM, 2008.

[6] N. Gama and P. Q. Nguyen. Predicting lattice reduction. In Proc. of Eurocrypt,volume 4965

of LNCS, pages 31_51. Springer, 2008.

[7] C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University,2009.

Manuscript available at http://crypto.stanford.edu/craig.

[8] C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. of STOC,pages

169_178. ACM, 2009.

[9] Yanpei Chen, Vern Paxson and Randy H. Katz, “What’s New About Cloud Computing

Security?” Technical Report No. UCB/EECS-2010-5,

http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html, Jan. 20, 2010.

[10] RSA, The Role of Security in Trustworthy Cloud Computing.

[11] Ebenezer A. Oladimeji, Security threat Modeling and Analysis: A goal-oriented approach,

2006.

[12] Ristenpart, Thomas and Tromer, Eran and Shacham, Hovav and Savage, Stefan, Hey, you, get

off of my cloud: exploring information leakage in third-party compute clouds, 2009.

[13] Shamir, Adi, How to share a secret Communication. ACM, 1979, 612—613.

[14] J. S. Plank and J. Luo and C. D. Schuman and L. Xu and Z. Wilcox-O'Hearn, A Performance

Evaluation and Examination of Open-Source Erasure Coding Libraries For Storage, 2009 .

[15] Suresh Kumar RG, S.Saravanan and Soumik Mukherjee, “Recommendations For

Implementing Cloud Computing Management Platforms Using Open Source” International journal

of Computer Engineering & Technology (IJCET), Volume 3, Issue 3, 2012, pp. 83 - 93,

Published by IAEME

[16] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security In Cloud Computing”

International journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012,

pp. 258 - 265, Published by IAEME

data security framework for cloud computing networks

Documents