Data security framework for cloud computing networks

  • Published on

  • View

  • Download

Embed Size (px)




  • 1. INTERNATIONALComputer EngineeringCOMPUTER ENGINEERING International Journal of JOURNAL OF and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 6375(Online) Volume 4, Issue 1, January- February (2013), IAEME & TECHNOLOGY (IJCET)ISSN 0976 6367(Print)ISSN 0976 6375(Online)Volume 4, Issue 1, January- February (2013), pp. 178-181 IJCET IAEME: Impact Factor (2012): 3.9580 (Calculated by GISI) DATA SECURITY FRAMEWORK FOR CLOUD COMPUTING NETWORKS ABHISHEK PANDEY1, R.M.TUGNAYAT2, A.K.TIWARI3 1 (Computer Science and Engineering, Dr.C.V.Raman University, Kota Road Bilaspur Chhattisgarh, India, 2 (Information Technology, Jawaharlal Darda Institute of Engineering & Technology, Yavatmal Maharashtra,INDIA, 3 (Information Technology, Disha College Raipur, Chhattisgarh,INDIA, ABSTRACT Cloud Computing is used for management of resources applications and information as services over the cloud. The resources used in Cloud Computing are the resources that are usually distributed as services. The cloud allows its services as a utility and because of the flexibility in its architecture, exposes it to various security threats. Cloud allows the flow of data to different environments which may not be trustworthy and hence opens up to various security challenges. In this work we concentrate on the security issues related to cloud data storage and provide an efficient way to secure the same. Keywords : Cloud, Encryption, Security Model, Storage. I. INTRODUCTION The Cloud computing is highly scalable, dynamic and easily configurable more over it can handle multitenant request simultaneously. The existence of the cloud environment has provided an ease of deployment of large scale distributed systems for utilization of various resources and services. The services in cloud (Service Models) is classified as Software as Service (SaaS) where in the user is provided with an application or service that exists in the cloud, secondly Platform as Service (PaaS) which provides the user an access to the platform and third is Infrastructure as Service (IaaS) which leases the processing storage and other computing resources to the user[1]. The primary ways in which the cloud can be deployed 178
  • 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 6375(Online) Volume 4, Issue 1, January- February (2013), IAEME(Deployment Models) are Public Cloud, which allows the user to utilize all the resources(service and applications) available. The second way of deployment is Private cloud whereinthe user has complete control over the data and security. The third is Hybrid cloud which is acombination of Private and Public cloud .The cloud environment allocates the resources dynamically in response to the users requestand predesigned quality of service (QoS). With the adoptability of various technologies bythe cloud which includes various networks, operating systems, and databases opens it up tovarious security threats. These issues can be abuse, malicious insiders, data loss and riskprofile [2,3].II. THREATS TO CLOUD COMPUTING Information security is a critical issue in cloud computing environments. Clouds haveno borders and the data can be physically located anywhere in any data centre across thenetwork geographically distributed. So the nature of cloud computing raises serious issuesregarding user authentication, information integrity and confidentiality. Applicationsdeployed on cloud undergo same kind of attacks as that on client-server model. SaaS basedapplications are vulnerable to the virus . SaaS applications depend on web services and webbrowser to deliver their services to user. They face security challenges arising out of networkinfrastructure and web services .IaaS and PaaS services are hardware dependent and facemore, challenges arising out of characteristics of cloud computing, than SasS applications. Tohandle these issues related with the security we can use Public key cryptography. Our majorconcern in this work is deal with the security of the data storage in cloud.The basic idea in cloud data storage is to protect the information/data from an unauthorizedaccess which may raise the possibility of various threats to it. The data stored in the cloud inmany ways is exposed to various threats which may result to data loss, corrupt data and alsothere is a possibility that it may be disclosed. The scheme proposed focuses on these issuesand with the help of various cryptographic techniques we will try to secure the data in cloudenvironment. This can be achieved by securing the storage when the data is in securedenvironment before transferring it to an unsecured environment. This can be achieved byvarious encryption algorithms available like asymmetric and symmetric algorithms but as theperformance of asymmetric is slow as compared to the later symmetric algorithms are mostlypreferred for the same [4]. The usage of encryption as a technique to secure data guaranteesthe confidentiality of data and helps to detect any corruption in data [10,11,12].The existingsolution provided to overcome these issues either lack in scalability or generality [3].III. DATA SECURITY MODEL To overcome the problems stated above we propose a multi tier cloud architecturewhere in we deploy two/more clouds for securing the data stored in an effective manner. Inthis approach one cloud is deployed as a Secured Cloud which will be responsible for allthe security concerns and the operations related to it whether it be encrypting the data orproviding a secured access to the data stored. The data stored in the Secured Cloud is thenmoved to an unsecured environment where it is open for access to all. This 2-tier architecturewill help us to achieve enhanced performance in less computational power that a cloud offers. 179
  • 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 6375(Online) Volume 4, Issue 1, January- February (2013), IAEME Secured Cloud Client Unsecured Cloud Fig.1- Two Tier Cloud ArchitectureIn the proposed scenario we use a fully Homomorphic encryption scheme as it allows anyparty to publicly transform ciphertexts for some plaintexts 1,..n into a ciphertext forsome function f(1, n) of the plaintexts, without the party being aware of theplaintexts. These schemes are useful for constructing privacy-preserving protocols which isthe basic requirement in cloud environment where in a user can store encrypted data on aserver, and allow the server to process the encrypted data without revealing the data to theserver. Homomorphic encryption schemes supported only a limited set of functions f, whichrestricted their applicability. The theoretical problem of constructing a fully homomorphicencryption scheme supporting arbitrary functions f, was only recently solved by thebreakthrough work of homomorphic Gentry [5,6,7,8].A homomorphic encryption scheme Hom consists of four algorithms: KeyGen: Given security parameter , returns a secret key sk and a public key pk. Encryption(Enc): Given plaintext f{0, 1} and public key pk, returns ciphertext . Decryption(Dec): Given ciphertext and secret key sk, returns plaintext . Eval: Given public key pk, a t-input circuit C (consisting of addition and multiplication gates modulo 2), and a tuple of ciphertexts (1.. t) (corresponding to the t input bits of C), returns a ciphertext (corresponding to the output bit of C).Hom is said correct for a family C of circuits with t = Poly() input bits if for any C Cand input bits (i)it, the following holds with overwhelming probability over therandomness of KeyGen and Enc:Dec(sk; Eval(pk;C; (1 t))) = C(1 t),where(sk, pk) = KeyGen() and i = Enc(pk, i) for i = 1.. t. Hom is said compact if for anycircuit C with t = Poly() input bits, the bit-size of the ciphertext Eval(pk,C,(1.t)) isbounded by a fixed polynomial b().While using an encryption technique, the key issue is that related to the systematicmanagement and usage of an encryption key generated to protect the data. These keys are thevital part of the data being protected. The keys generated to protect the data are generallystored with the data which provides an opportunity for the attacker to have an access both tothe key and the data being protected. The other approach used is to allow the user to have anaccess to these data from any location till they are in trusted environment which again raisesthe possibility to security being compromised as here the keys can be shared with themultiple users [10,13]. In this approach, any existing Managed Private Cloud solution can beused, but there is no consistency concerning the authenticity and correctness of the result. Thelater approach aims to fill bridge this gap which relies on the less computational power thatcloud offers. In place of using only one cloud architecture to render a given service, two ormore clouds are deployed and used so as to verify the correctness of the result and to identifyan incorrect output[14]. 180
  • 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 6375(Online) Volume 4, Issue 1, January- February (2013), IAEMEIV. CONCLUSION With the latest development in cloud computing, security issue has become an area ofgreat concern. This paper discusses the cloud computing environment safety issues throughanalyzing a cloud computing framework i:e a cloud computing model for data security. Aswe have shown in the paper, most cryptographic primitives are ready to be deployed for thesecurity. As a direct generalization of the problem of secure outsourcing one can look at thecase where a group of clients, that trust each other, want to use a cloud based computationservice that they do not fully trust. In this scenario, the proposed fully homomorphicencryption schemes can be used. It is clear that the design of secure outsourcing computationschemes is a very challenging research area.REFERENCES[1] Peter Mell and Tim Grance, The NIST Definition of Security Alliance (CSA). Cloudcomputing, October 7, 2009, version 15, National Institute of Standards and Technology (NIST).[2] Jamil,Danish.Zaki ,Hassan. Cloud Computing Security. In International Journal ofEngineering Science and Technology.Vol.3 No.4April2011.[3] Gens, F.New IDC IT Cloud Services Survey: Top Benefits and Challenges. In: IDCeXchange (2009),[4] Narpat,S.Sekhawat Cloud Computing Security through Cryptography for BankingSector.In Proc. 2011 5th National Conference.INDIACom-2011.[5] N. Gama and P. Q. Nguyen. Finding short lattice vectors within Mordells inequality. In Proc.of STOC, pages 207_216. ACM, 2008.[6] N. Gama and P. Q. Nguyen. Predicting lattice reduction. In Proc. of Eurocrypt,volume 4965of LNCS, pages 31_51. Springer, 2008.[7] C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University,2009.Manuscript available at[8] C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. of STOC,pages169_178. ACM, 2009.[9] Yanpei Chen, Vern Paxson and Randy H. Katz, Whats New About Cloud ComputingSecurity? Technical Report No. UCB/EECS-2010-5,, Jan. 20, 2010.[10] RSA, The Role of Security in Trustworthy Cloud Computing.[11] Ebenezer A. Oladimeji, Security threat Modeling and Analysis: A goal-oriented approach,2006.[12] Ristenpart, Thomas and Tromer, Eran and Shacham, Hovav and Savage, Stefan, Hey, you, getoff of my cloud: exploring information leakage in third-party compute clouds, 2009.[13] Shamir, Adi, How to share a secret Communication. ACM, 1979, 612613.[14] J. S. Plank and J. Luo and C. D. Schuman and L. Xu and Z. Wilcox-OHearn, A Performance Evaluation and Examination of Open-Source Erasure Coding Libraries For Storage, 2009 .[15] Suresh Kumar RG, S.Saravanan and Soumik Mukherjee, Recommendations For Implementing Cloud Computing Management Platforms Using Open Source International journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 3, 2012, pp. 83 - 93, Published by IAEME[16] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, Security In Cloud Computing International journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012, pp. 258 - 265, Published by IAEME 181


View more >