A Paper Review On

Secure Storage & Practical Outsourcing of Linear Programming

in Cloud Computing Through Tag Definition

Jayant Ghorpade Sneha Mane Prajakta Ingle

Student Student Student

Department of Computer Engineering

Nutan Maharashtra Institute of Engineering & Technology, Talegaon–Pune, India

Abstract

Cloud Computing enables customers to

outsource their large workloads to the cloud

with limited computational resources, and

gives economical benefits of computational

power, bandwidth, storage, and appropriate

software that can be shared in a pay-per-use

manner. Though there are tremendous

benefits, security is the primary obstacle that

many potential users of cloud services lack

confidence that cloud providers will

adequately protect their data and deliver

safe and predictable computing results.

From the customer’s point of view,

depending upon a single service provider for

outsourcing his data is not very promising.

In order to provide better privacy as well as

to ensure data availability can be achieved

by dividing the user’s data block into data

pieces and distributing them among the

available service providers.

In this paper, we are focusing to

securely outsource the linear programming

in cloud computing in pay-per-use strategy

through Service Selector Service, Data

Distribution Service using Tag Definition to

outsource customer’s confidential data

among several service providers. Encryption

is carried out using RSA algorithm before

outsourcing data to the service providers

and while retrieving the data, decryption

also carried out using RSA algorithm.

Keywords: Cloud Computing, Linear

Programming, pay-per-use, Service Selector

Service, Data Distribution Service, Tag

Definition.

1. Introduction

Cloud computing is the use of

computing resources such as hardware and

software that are delivered as a service over a

network. Cloud computing is a practical

approach to experience direct cost benefits

and it has potential to transform a data center

from a capital intensive set up to a variable

priced environment [2]. In business planning

cloud computing promises greater flexibility

along with significant cost savings by

influencing economies of scale in the

Information Technology infrastructure. It

also offers a simplified capital and

expenditure model for compute services as

well as increased moving ability for cloud

customers who can easily expand and

contract their IT services as business needs

change. Yet many enterprise customers are

uncertain to buy into cloud offerings due to

governance and security concerns. Many

potential users of cloud services lack

confidence that cloud providers will

adequately protect their data and deliver safe

and predictable computing results [3].

1.1 Cloud Delivery Models

Cloud computing basically consists of

three service model that are used by any

cloud service provider to provide the

services to the clients, we called it as cloud

delivery models and they are [5] [6]:

1.1.1 Software as a Service (SaaS)

The consumer uses an application,

without controlling the hardware or network

infrastructure, operating system on which it

is running [5]. In this model, cloud providers

install and operate application software in

the cloud and cloud users access the software

from cloud clients. The cloud users do not

manage the cloud infrastructure and platform

on which the application is running. This

eliminates the need to install and run the

application on the cloud user's own

computers simplifying maintenance and

support.

Examples of SaaS include: Google Apps,

innkeypos, Quick books Online, Success

factors Bizx, Limelight Video Platform,

Salesforce.com and Microsoft Office 365.

1.1.2 Platform as a Service (PaaS)

The consumer can use a hosting

environment for their applications. The

consumer controls the applications that run

in the environment and possibly has some

control over the hosting environment, but

cannot control the operating system,

hardware or network infrastructure on which

they are running. The platform is typically an

application framework [5]. In PaaS model,

cloud providers deliver a computing platform

typically including operating system,

database, web server, and programming

language execution environment. Without

the cost and complexity of buying and

managing the underlying hardware and

software layers, application developers can

develop and run their software solutions on a

cloud platform.

Examples of PaaS include: Amazon Elastic

Beanstalk, Cloud Foundry, Heroku,

Force.com, EngineYard, Mendix, Google

App Engine, Windows Azure Compute and

OrangeScape.

1.1.3 Infrastructure as a Service (IaaS)

Infrastructure as a service delivers

basic storage and compute capabilities as

standardized over the network. Instead of

physically deploying servers, storage, and

network resources to support applications,

developers specify how the same virtual

components are configured and

interconnected, including how data is stored

and retrieved from storage cloud. The

consumers are able to use "fundamental

computing resources" such as processing

power, storage, networking components or

middleware as well as can control the

operating system, storage, deployed

applications and possibly networking

components such as firewalls and load

balancers, but not the cloud infrastructure

beneath them [5].

Examples of IaaS include: Amazon Cloud

Formation and underlying services such as

Amazon EC2, Rackspace Cloud, Terremark,

Windows Azure Virtual Machines and

Google Compute Engine.

Figure 1.1 Delivery Models in Cloud Computing

1.3 Pay per Use

Cloud computing enables customers

to outsource their large amount of data or

information on the cloud with limited

computational resources that can be shared

in a pay-per-use manner [1]. One of the

important services offered in cloud

computing is the data storage on cloud. A

concept called as the Cloud Service Provider

in which instead of storing data on own

server, subscriber can store their data on the

cloud service provider‟s servers. For storing

data on cloud service provider‟s server a

subscribers have to pay the service providers

for this storage service. The advantage of

this service is nothing but the customer can

only pay for the amount of data he need to

store for certain amount of time period along

with the benefit of flexibility and scalability

for the data storage. In addition to these

benefits, customers can easily access their

data from any geographical location where

the Internet or Cloud Service Provider‟s

network can be accessed. It does not cause

any maintainability issues of large amount of

data storage [4].

1.4 Linear Programming

Linear programming i.e. LP or linear

optimization is a mathematical method for

determining a way to achieve the best

outcome (such as maximum profit or lowest

cost) in a given mathematical model for

some list of requirements represented as

linear relationships. Linear programming is a

specific case of mathematical programming.

More formally, linear programming is a

technique for the optimization of a linear

objective function, subject to linear equality

and linear inequality constraints. It‟s feasible

region is a convex polyhedron, which is a set

defined as the intersection of finitely many

half spaces, each of which is defined by a

linear inequality [2]. Linear programming

can be applied to various fields of study. It is

used in business and economics, but can also

be utilized for some engineering problems.

Industries that use linear programming

models include transportation, energy,

manufacturing and telecommunications. It

has proved useful in modelling diverse types

of problems in planning, scheduling,

assignment, routing, and design.

2. Problem Description

From the cloud customer‟s

viewpoint, treating the cloud as an intrinsic

insecure computing platform, we are

designing a mechanism that protects

sensitive information as well as protect

customers from malicious behaviours. We

are protecting the sensitive information by

enabling linear computations with encrypted

data, also protecting customers by enabling

the validation of the computation result.

Recently such mechanisms of securely

outsourcing the various computations was

shown to be suitable in theory only, but to

design such mechanism that are practically

efficient have remained very challenging

problem. For this we are considering two

different entities involving in securely

outsourcing computation architecture, the

cloud customer, who has large amount of LP

computation problem to be outsourced to the

cloud; and the cloud server, which provides

significant computation resources and

services such as hosting the public linear

programming solvers in pay/use manner [1].

Figure 2.1 Architecture of Secure outsourcing Linear Programming Problems in Cloud Computing

The customer may have large amount

of linear programming problem to be solved.

But due to lack of computing resources, like

storage capacity, memory, processing power,

etc., it is difficult for customer to carry out

such expensive computations locally. To

avoid this, customer forces Cloud Servers for

solving the LP computations by controlling

its computations in pay/use manner. Here the

encryption and decryption can be carried out

in such a manner that instead of sending

original problem directly, customer first uses

a key to map original problem into encrypted

form. The key used by customer is nothing

but the secrete key. After the mapping of

original problem into encrypted form the

problem get outsourced to cloud server. This

overall process gets carried out using RSA

algorithm for encryption and decryption.

2.1 Audience

Users in our proposed application are:

2.1.1 Service Provider Admin

Root user for the entire infrastructure.

Scope: Access to all cloud instances within

the service provider domain, access to all

customers.

2.1.2 Cloud admin

Root user for a particular cloud within the

service provider infrastructure. There could

be multiple clouds in a service provider

environment. For each cloud there should be

a cloud admin.

Scope: Has visibility to own cloud infra

resources, not the entire service provider

infrastructure.

2.1.3 End user

End consumer. Regular user without any

administration privileges. Can use resources,

see utilization reports, but cannot select

reports outside privilege scope.

Scope: Very limited scope down to the

virtual machine level access.

Figure 2.2 Users in application

2.2 RSA algorithm

RSA is a public key algorithm

invented in 1977 by 3 scientists Ron Rivest,

Adi Shamir, Leonard Adleman (RSA).

Today RSA is used worldwide to encrypt the

data which is confidential and RSA gives

best security policy that‟s why all the service

providers such as Gmail, hotmail, media fire

etc. are using RSA algorithm to ensure their

users full of confidentiality [7].

The RSA algorithm is based on the

mathematical fact that it is easy to find and

multiply large prime numbers together, but it

is extremely difficult to factor their product.

The private and public keys in RSA are

based on very large i.e., made up of 100 or

more digits prime numbers. The algorithm

itself is quite simple. However, the real

challenge in the case of RSA is the selection

and generation of public and private keys

[8].

The algorithm carried out in 3 steps:

1. Key generation

2. Encryption

3. Decryption

2.3 Proposed Algorithm

Step 1. Declaration

Declare e as encryption exponent and d as

decryption exponent. p,q ← Integer numbers

n ← Modulus for keys.

Ø (n) ← Euler‟s Totient.

e ← Public key exponent.

d ← Private key exponent.

Step 2. Key Generation

2.1 Choose two large prime numbers p and

q.

2.2 Calculate n = p*q.

2.3 Calculate Ø (n) = (p-1) * (q-1).

2.4 Select integer „e‟ should be prime

number such that „e‟< Ø (n).

2.5 Select „d‟ such that (d*e mod Ø (n)) = 1.

2.6 Public key PU = [e,n].

2.7 Private key PR = [d,n].

Step 3. Encryption

3.1 Sender A obtain receiver B‟s public key

PU.

3.2 Plaintext message as integer M.

3.3 Compute cipher text C = Me mod n.

3.4 Sends this message (cipher text) to B.

Step 4. Decryption

4.1 Uses his private key PR to compute M =

Cd mod n.

4.2 Extract plain text

3. Proposed Mechanism

3.1 Service Selector Service (SSS)

Here in this paper, we are introducing a

new concept called SSS i.e. Service Selector

Service. It is used for temporary or

communicative purpose. Multiple users can

run one application in Cloud as User1,

User2…..User n from various locations Loc

1, Loc 2….Loc n. User1 of location1 &

user2 of location2 interacts with application,

which works on Service Selector Service.

SSS will decide whether the

requesting data is for Encryption Service or

Decryption Service. Firstly SSS will

recognize the request message coming from

Application and will decide to which service

the request should get forwarded either

Encryption Service or Decryption Service. If

a user wants to write any data then SSS will

forward request message to Encryption

Service whereas in case of reading any

particular data, a SSS will forward request to

Decryption Service.

Consider an example if User1 wants

to write the data then SSS will forward that

request to Encryption Service and if User2

wants to read the data then SSS will forward

that request to Decryption Service. By using

SSS the workload gets divided.

3.2 Encryption Service (ES)

An Encryption Service receives the data

from SSS which is for data encryption

purpose. ES will encrypt the plain text to

cipher text. If any user wants to write the

data then SSS transmits the data to

encryption service.ES service communicates

with Distributed Database System for data

distribution.

3.3 Data Distribution Service (DDS)

DDS coordinates with encryption service

and works on multiple strategies. Here the

basic strategy used is Tag Definition. Tag

Definition refers to use of database

according to the user interaction that means

using tag definition strategy DDS will divide

requested data into High Level entities and

Low level entities form and then data will be

passed to ES for encryption.

Consider user is performing banking

operation &database contains table attributes

as ID, Date, Bank_Name, Account and

Amount etc. DDS with Tag Definition will

decide the high level entities & low level

entities from these attributes.

3.4 Outsourcing Service (OS)

The Outsourcing Service will

perform the task of outsourcing the data from

encryption service to service providers and

from decryption service back to the

application. Whenever the data is transferred

from encryption service to outsourcing

service, outsourcing service will decide,

which service provider to be select to store

or outsource the data. Then it will transfer

the data to appropriate service provider

depending on its quality factor. After sending

the data to the service provider, outsourcing

service will check whether service providers

have received the data or not.

3.5 Decryption Service (DS)

Decryption service is used to convert

the encrypted cipher text into plain text using

keys. If the application user wants to read the

data then SSS will transmit that data to

Decryption service. Decryption service then

communicates with the master database

server which contains tables having

encryption keys and then decryption service

will fetch the data from the appropriate

service provider with the help of keys and

decrypt it.

3.6 Service Provider (SP)

Basically service provider does two

main tasks that‟s nothing but the hosting and

the resource selection. Whatever data have

been transferred from ES and received from

DS gets stored into Service Provider.

Providing better privacy as well as ensuring

data availability can be achieved by dividing

the user‟s data block into data pieces and

distributing them among the available

Service Providers [4]. A service provider that

offers customers storage or software services

available via a private or public network

cloud. Usually, it means the storage and

software is available for access via the

Internet.

Figure 3.1 Proposed System Architecture

4. Mechanism Design Framework

In this framework, the process on cloud

server can be represented by ProofGen

algorithm and the process on customer can

be represented by three algorithms

KeyGeneration, ProbEncryption,

ProofGeneration, ResultDecryption.

4.1 KeyGeneration Key generation is the process of

generating keys for cryptography. A key is

used to encrypt and decrypt whatever data is

being encrypted/decrypted [1]. Modern

cryptographic systems include symmetric-

key algorithms (such as DES and AES)

and public-key algorithms (such as RSA).

Symmetric-key algorithms use a single

shared key; keeping data secret requires

keeping this key secret. Public-key

algorithms use a public key and a private

key. The public key is made available to

anyone. A sender encrypts data with the

public key; only the holder of the private

key can decrypt this data.

4.2 ProbEncryption This algorithm encrypts the input

with the secrete key. According to problem

transformation, the encrypted input has the

same form as given input [1].

4.3 ProofGeneration This algorithm solves the problem to

produce both the output and a proof. The

output later decrypts and the proof are used

by the customer to verify the correctness of

output [1].

4.4 ResultDecryption

The mechanism must produce an output

that can be decrypted and verified

successfully by the customer [1]. It is also

called as Symmetric-key algorithms. Here, a

correct output is produced by decryption

using the secret .When the validation fails; it

indicates that the cloud server was not

performing the computation faithfully.

Symmetric-key algorithms are a class of

algorithms for cryptography that use the

same cryptographic keys for both encryption

of plaintext and decryption of cipher text.

The keys may be identical or there may be a

simple transformation to go between the two

keys. The keys, in practice, represent a

shared secret between two or more parties

that can be used to maintain a private

information link. This requirement that both

parties have access to the secret key is one of

the main drawbacks of symmetric key

encryption, in comparison to public-key

encryption.

5. Performance Analysis

Whenever SSS transmits the data to

the DDS through ES, using tag definition

DDS will divide the requested data into High

Level entities and Low level entities form

and then data will be passed to ES for

encryption. At the same time DDS gets

connected with each of the SPs parallely

which increases workload over DDS. In our

mechanism this workload is balanced using

task manager by dividing the task into

subtasks. The execution framework takes

care of splitting the job into subtasks [10].

Both customer and cloud server

computations can conduct the same work

station with an Intel Core 2 Duo processor

with 4 GB RAM. In this way, the practical

efficiency of the proposed mechanism can be

assessed without a real cloud environment.

We can also ignore the communication

latency between the customers and the cloud

for this application since the computation

dominates the running time as evidenced by

our mechanism.

According to our mechanism,

customer side computation overhead consists

of key generation, problem encryption, and

result verification operation respectively. For

cloud server, its only computation overhead

is to solve the encrypted computation as well

as generating the result [1]. Security is the

key factor of our experiment. RSA is

strongest public key encryption algorithm

used over the internet now a day. RSA is one

of the algorithms having asymmetric key

encryption policy. Any invalid user

accessing encrypted data then it is hard to

interpret [7]. Security of cloud is enhanced

by storing the confidential data on to the

several SPs.

6. Conclusion

In this paper, we achieve the problem

of securely outsourcing LP computations in

cloud computing, and provide such a

practical mechanism design which fulfills

input/output privacy, cheating resilience, and

efficiency. By explicitly decomposing the

input data, our mechanism design is able to

explore appropriate security and efficiency

tradeoffs. We seeks to provide each customer

with a better cloud data storage decision, by

considering the user budget as well as

providing him with the best quality of

service offered by available cloud service

providers. By dividing and distributing

customer‟s data, our application has shown

its ability of providing a customer with a

secured storage under his affordable budget.

7. Reference

[1] Cong Wang, Kui Ren, and Jia Wang”

Secure and Practical Outsourcing of

Linear Programming in Cloud

Computing” IEEE 2011.

[2] Special Publications 800-145

“National Institute of Standard and

Technology (NIST)”

[3] Sun Microsystems, Inc., “Building

customer trust in cloud computing

with transparent security,” 2009,

[4] https://www.sun.com/offers/

details/sun transparency.xml.

[5] Yashaswi Singh, Farah Kandah, Weiyi

Zhang,”A Secured Cost-effective

Multi-Cloud Storage in Cloud

Computing”, IEEE Infocom 2011

workshop on Cloud Computing.

[6] Cloud Computing Usecase Discussion

Group, “Cloud Computing Use Cases

White Paper”, Version 2.0, Oct 2009.

[7] Anthony T. Velte, Toby J. Velte,

“Cloud Computing: A Practical

Approach”, Tata McGraw Hill

Publications.

[8] Pekka Riikonen, “RSA Algorithm”,

2002.

[9] Atul Kahate “Cryptography and

Network Security” Second Edition.

http://www.webopedia.com/TERM/C/

cloud_provider.html

[10]Daniel Warneke, Odej Kao,

“Exploiting Dynamic Resource

Allocation for Efficient Parallel Data

Processing in the Cloud”, January 2011