MCDB:

USING MULTI CLOUDS TO ENSURE

SECURITY

IN

ATHULYA RAJ

S7 CSE

NO:16

OVERVIEW

INTRODUCTION

SINGLE CLOUD MODEL

SOME SECURITY RISKS

WHY MOVING TO MULTI

CLOUD

SECRET SHARING

MULTI CLOUD DATABASE

MODEL

THE MCDB DATA FLOW

WHAT MAKES MCDB

DIFFERENT

EVALUATION

CONCLUTION

REFERENCES

“ A Style of Computing where massively scalable IT enabled capabilities are delivered ‘as a service’ to external customers using

internet technologies ”

Basic Cloud

Characteristic

“no-need-to-know”

“flexibility and elasticity”

“pay as much as used and needed”

“always on!, anywhere and any place”

Types of Clouds

Public Cloud –Available to the general public or large industry group and is owned by an organisation selling cloud services

Community Cloud –Shared by several organisations and supports a specific community that has shared concerns

Private Cloud –Operated solely for an organisation or company

Hybrid Cloud –Combination of two of the above, they remain unique entities but are bound together by standardised technologies

CLOUD

3 Approaches to Cloud Computing

access to software and its functions remotely through internet browsers.

computing platform is being delivered as a service, eg. purchase and manage hardware remotely.

defined as computer infrastructure, such as virtualization, being delivered as a service.

Benefits of Using Cloud

cloud

High productivity

Less deployment

Time

Increased Moblity

Environmently Friendly

High Availability

Easy to manage

shared resources

Pay as you do

SINGLE CLOUD MODEL

SOME SECURITY RISKS

Data integrity

Data security

Service Availability

WHY MOVING TO MULTI

CLOUD??

Avoids the dependency on single cloud

The main purpose of moving to inter cloud is to improve what was offered in single cloud by distributing the reliability,trust and security among multiple cloud providers

What is "Secret

Sharing"?

In cryptography, a secret sharing scheme is a method for distributing a

secret amongst a group of participants, each of which is allocated a share

of the secret. The secret can only be reconstructed when the shares are

combined together; individual shares are of no use on their own.

in a secret sharing scheme there is one dealer and n players. The dealer

gives a secret to the players.

The dealer accomplishes this by giving each player a share in such a way

that any group of t (for threshold) or more players can together

reconstruct the secret but no group of less than t players can. Such a

system is called a (t,n)-threshold scheme.

Shamir's Secret Sharing

• Suppose we want to use (k,n) threshold scheme to share our secret S where k < n.

• Choose at random (k-1) coefficients a1,a2,a3…ak-1 , and let S be the a0

1

1

2

210 .....)(

k

kaxaxaaxf

• Construct n points (i,f(i)) where i=1,2…..n• Given any subset of k of these pairs, we can

find the coefficients of the polynomial by interpolation, and then evaluate a0=S , which is the secret

Example

• Let S=1234• n=6 and k=3 obtain random integers a1=166

and a2=94

2941661234)( xxxf

• Secret share points(1,1494),(2,1942)(3,2598)(4,3402)(5,4414)(6,5614)

• We give each participant a different single point (both x and f(x) ).

Reconstruction

• In order to reconstruct the secret any 3 points will be enough

• Let us consider

2

2222

0

2

1210202

2

2120101

2

2021010

221100

941661234)(

)3/2223/1(4414)52/312/1(3402)3/312/116/1(1942)()(

3/2223/145/4*25/2/*/

52/312/154/5*24/2/*/

3/312/116/152/5*42/4/*/

sin

)4414,5(),(),3402,4(),(),1924,2(),(

xxxf

xxxxxxxlyxf

xxxxxxxxxxxxl

xxxxxxxxxxxxl

xxxxxxxxxxxxl

olynomialsgLagrangepU

yxyxyx

j

jj

MULTI CLOUD

DATABASE MODEL

DBMS is responsible for rewriting the user's query (one for each CSP), generating polynomial values handling the user's query to each CSP and then receiving the result from CSP.

CSP is responsible for storing the data in its cloud storage that is divided into n shares and then returning the relevant shares to the DBMS that consists of the user's query result

The Servlet Engine communicates with the data source through the JDBC protocol.

HTTP server is responsible for managing the communication between the application and the browser..

MULTI CLOUD DATABASE

MODEL

THE MCDB LAYERS

THE MCDB MODEL DATA FLOW

Sending Data Procedure

User sends a request through user interface and web browser through an HTTP request

User query will be sent to servlet engine Servlet engine and DBMS communicates through

JDBC protocol DBMS manage the query and send to CSP Result is send to DBMS and it returns the result to

servlet Servlet returns the result to HTTP server and it

returns to user

Procedure between DBMS and CSP

• DBMS divides the data into n shares and stores it into CSP• DBMS Generates a random polynomial function in the same

degree for each value of the valuable attribute that the client wants to hide from the untrusted cloud provider

• When users query arrives at DBMS it rewrites the polynomial for each CSP

• Relevant shares are retrieved from CSP

WHAT MAKES MCDB

DIFFERENT??

Data Integrity

The stored data may suffer from any damage occur during transition from or to cloud storage provider

Data will be distributed in 3 different providers in MCDB model

If the malicious insider wants to know the hidden information they should have at least three values from different cloud

Data Intrusion

a. If anyone gains access to the account in single cloud ,then they will be able to access all of the accounts instances and resources

b. MCDB replicates the data among three different clouds c. Hackers need to retrieve all information from 3 different

service providers to be able to reconstruct the real datad. Replicating data into multi cloud reduces the risk of data

intrusion

Service Availability

The users web service may terminate for any reason at any time if any users files break the cloud storage policy

There will be no compensation for the service failure MCDB distributes the data into different clouds ,so data

loss risk will be reduced If one cloud provider fails the users can still access there

data live in other service provider

EVALUATION

Data storing

procedure

Data storing involves data distribution from data source to different cloud providers

Multi cloud may suffer from time and cost

The time cost increases with increasing no of shares

Increased no of shares increases the scurity

Data retrieval time

The data retrieval process in MCDB starts from rewriting the users query in the DBMS and then sends these queries,onefor each CSP,after constructing the polynomial and order of secret value

The relevent tuple will be returned to the DBMS to compute the polynomial function

Data retrieval time for exact match query is less than aggregate query

The time to retrieve data increases linearly with increase in no of shares

CONCLUSION

Customers do not want to lose their private

information as a result of malicious insiders in the

cloud.

the loss of service availability has caused many

problems for a large number of customers recently.

Furthermore, data intrusion leads to many

problems for the users of cloud computing.

The purpose of this work is to propose a new model

called MCDB which use Shamir’s secret sharing

algorithm with multi-clouds providers instead of

single cloud.

The main aim of this model reduce the security

risks occurs in cloud computing and addresses the

issues that related to data integrity, data intrusion,

and service availability.

[1] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, RACS: a case for cloud storage diversity, ACM, 2010, pp. 229-240.

[2] D. Agrawal, A. El Abbadi, F. Emekci and A. Metwally, Database Management as a Service: Challenges and Opportunities, Data Engineering, 2009. ICDE '09. IEEE 25th International Conference on, 2009, pp. 1709-1716.

[3] S. Akioka and Y. Muraoka, HPC benchmarks on Amazon EC2, IEEE, 2010, pp. 1029-1034.

REFERENCES

QUESTIONS…..??