����������

�����������

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 1

CHAPTER – 1

������������

1.1. Overview

Cloud computing is an internet based computing. It is evolved from grid

computing, utility computing, parallel computing, distributed computing and

virtualization [Raj, 09]. It has more powerful computing infrastructure with a pool of

thousands of computers and servers [Bor, 10]. It provides computational resources like

server, storage, software, memory, network etc., as on-demand services [Pet, 11]. It

helps to reduce the computational infrastructure investment and maintenance cost of IT

requisite for Small and Medium scale Enterprises (SME) [Ali, 10]. It provides

Everything (X) as a Service (XaaS) where ‘X’ denotes software, OS, server,

hardware, storage, etc [Daw, 11]. Cloud services are scaling up and down based on

the users’ demand [Raj, 08]. Cloud has multiple datacentres placed in different

geographical locations in the world to provide reliable services to the users [Sud, 12].

It provides unlimited service provisioning without any human intervention. Cloud

automates the service provisioning by way of running a number of Application

Programming Interface (API) in the cloud storage environment.

The major feature of cloud computing is that it allows sharing and scalable

deployment of services as needed by the users from any location. Cloud computing

saves time and money during software up-gradation; cloud services are updated by the

provider; so users are always working on the latest platform [Arm, 09]. Cloud

minimizes the amount of wasted computing resources and can also reduce energy

consumption significantly.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 2

The main core area of Cloud computing is Virtualization [Zha, 10].

Virtualization empowers the cloud as a scalable and elastic service environment. It

enables a dynamic datacentre where servers provide a pool of resources that are

connected as needed, where the relationship of applications to compute, storage, and

network resources changes dynamically in order to meet both workload and business

demands.

1.1.1. Essential Characteristics

Cloud has five essential characteristics which provide unique features to the

cloud than other computing [Ila, 10].

On-Demand Self-Service: It enables users to use cloud computing resources

without human intervention between the users and the Cloud Service Providers (CSP).

Instant usage of resources and elimination of human intervention provide efficiencies

and cost savings to both the users and the CSPs.

Broad Network Access: Cloud computing is an efficient and effective

replacement for in-house data centres. High-bandwidth communication links must be

available to connect to the cloud services. High-bandwidth network communication

provides access to a large pool of computing resources.

Location-Independent and Resource Pooling: Computing resources are

pooled to serve multiple users using a multi-tenant model, with different physical and

virtual resources dynamically assigned and reassigned according to users’ demand.

Applications require resources. However, these resources can be located anywhere in

the geographic locations physically and assigned as virtual components whenever

they are needed. There is a sense of location independence that the users generally

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 3

have no control or knowledge over the exact location of the provided resources. At the

same time, this helps to specify location at a higher level of abstraction (e.g., country,

state, or datacentre).

Scalability: It enables new nodes to be added or dropped from the network

like physical servers, with limited modifications to infrastructure set up and software.

Cloud architecture can scale horizontally or vertically, according to users’demand.

Measured Service: The usage of cloud resources by the users are monitored

by APIs in the cloud. Users are billed automatically based on the usage of cloud

resources. Cloud systems automatically control and optimize resource usageby

leveraging a metering capability at some level of abstraction appropriate to the type of

service (e.g., storage, processing, bandwidth, and active user accounts). Resource

usage can be monitored, controlled, and reported by providing transparency for both

the CSPs and the users of the utilized service.

1.1.2. Cloud Services

The cloud computing services are broadly divided into three categories

namely, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software

as a Service (SaaS) [Chu, 10].

IaaS is the delivery of huge computing resources such as the capacity for

processing, storage and network. For example, when users use the storage service of

cloud computing, they just pay the consuming part without buying any storage disks

or even knowing nothing about the location of the data they deal with the cloud.

Sometimes the IaaS is also called Hardware as a Service (HaaS). The top level

infrastructure providers are Amazon EC2, Rack Space, etc.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 4

PaaS generally abstracts the infrastructures and supports a set of API to cloud

applications. It is the bridge between hardware and application. Because of the

importance of platform, many big companies want to grasp the chance of predominating

the platform of cloud computing as Microsoft does in personal computer time. The

well-known cloud platform providers are Google App Engine (GAE) and Microsoft’s

Azure Services Platform (MASP).

SaaS aims at replacing the applications running on PC. There is no need to

install and run the special software on users’ computer if users use the SaaS in the

cloud. Instead of buying the software at a relatively higher price, users just follow the

pay-per-use pattern which would reduce their total cost. The concept of SaaS is

attractive, and softwares run well as cloud computing, but the delay of network is fatal

to real time or half real-time applications. The top level software providers are

Google, Microsoft, Salesforce.com, etc.

1.1.3. Deployment Models

Cloud is deployed in four types of deployment models as defined by NIST

such as Public, Private, Community and Hybrid cloud [Pet, 11].

Private cloud infrastructure is operated solely for a single organization and

managed by that organization or a third party. It is also known as internal cloud.

Private clouds are hosted by third parties, rather than being hosted on dedicated

servers. Hosting companies operate large datacentres and people who require their

data to be hosted, buy or lease storage capacity from providers and use it for their

storage.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 5

Public cloud or external cloud describes cloud computing in the traditional

mainstream, whereby resources are dynamically provisioned on a fine-grained, self-

service basis over the Internet, via web applications or web services. The resources

are provisioned from an off-site third-party CSPs who bill on a utility computing

basis.

Community cloud may be established where several organizations have

similar requirements and seek to share infrastructure so as to realize some of the

benefits of cloud computing, with the costs spread over fewer users than a public

cloud. This option of deployment is more expensive but may offer a higher level of

privacy, security and/or policy compliance.

Hybrid cloud is understood as two separate clouds joined together (public,

private, internal or external), or a combination of virtualized cloud server instances

used together with real physical hardware. By integrating multiple cloud services,

users may be able to ease the transition to public cloud services. A hybrid storage

cloud uses a combination of public and private storage clouds. Hybrid storage clouds

are often useful to backup functions, allowing data to be replicated to a public cloud.

1.2. Need for Cloud Data Outsourcing

The new concept introduced by the cloud is data outsourcing. Data

outsourcing in the public cloud is becoming increasingly popular and introducing a

new paradigm, called Database as a Service, where users’ data are stored at an

external CSP [Car, 11]. This scenario presents new research challenges on which the

usability of the system is based [Ric, 09].

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 6

The main advantage of outsourcing is related to the cost of on-premises versus

outsourced hosting; outsourcing provides,

• Significant cost savings and service benefits and

• Higher availability and more effective disaster protection than on-premises

operation.

Users could outsource data to cloud and retrieve the same when they are

needed. Cloud service providers should store the users’ data in the database server and

provide maximum availability of data and efficient disaster recovery. The data

outsourcing scenario in public cloud is represented in Figure 1.1 and Figure 1.2. Cloud

users may be the enterprise users or general users [Fat, 11].

Outsourced data could be accessed in following two schemes. In the first

scheme, data owners and data users are same, where as in the second scheme, data

owners and data users are different. Figure 1.1 represents the first scheme and Figure 1.2

represents the second scheme.

Figure 1.1. Data Outsourcing in Public Cloud Storage –

Owners and Users are Same

�

����������

��������� �������������������

����������������

��������������

��������� ������������

��

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 7

As an advantage of this development toward outsourcing, highly sensitive data

are now stored on systems which run in locations that are not under the control of data

owners. Therefore, data confidentiality is to be put at risk.

There is a possibility of potential unacceptable use of database information

that can be achieved by the provider itself. The traditional access control techniques

may prevent data access by external users, and not by internal administrators.

1.3. Data Management in Cloud Storage

The data management is a critical aspect for Enterprises [Wal, 13]. The

Enterprises are interested in getting the benefits from the cloud paradigm, to

outsource their data to cloud database service providers and to access their data via

internet. This data management model is referred to as Database as a Service (DaaS)

[Car, 11]. DaaS is one of the most important applications of SaaS delivery model.

DaaS model provides many benefits to enterprises as it saves the cost of database

administration, and offers reliable storage.

�

��

����������

�������������������

����������������

���������

��������� ������������

�����

��������

Figure 1.2. Data Outsourcing in Public Cloud Storage –

Owners and Users are Different

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 8

In DaaS model, enterprises store data through internet into the database that is

managed by Data Base Administrators (DBA) of the Service providers. DBA sought

to have full control over the database to perform responsibilities of DBA like database

backup, database restore, and recovery of database in case it is crashed and also to

achieve performance and tuning of the database [Ram, 03]. This situation results in

two types of attacks on the cloud data; attacks are either by CSP or other users of

cloud services. Although DaaS model is attractive, it is not successful since the DBA

can look into the data and can transfer business sensitive information to the

competitors [Sha, 11].

1.4. Confidentiality of Outsourced Data

Data sent to the cloud are not stored in a single cloud storage server. It is

replicated to different cloud data centers located in different places in the world. Data

centers are controlled and maintained by different experts from CSPs. The data can be

hacked from any data center [Ram, 10]. In cloud storage, maintaining the confidentiality

of the data is the primary issue.

In [Wil, 05], confidentiality is defined as the assurance that sensitive information

is not disclosed to unauthorized persons, processes, or devices. Hence, it must make

sure that the users' confidential data, which the users do not want to be accessed by

CSPs, are not disclosed to CSPs in the cloud computing systems, including applications,

platforms, CPU and physical memories.

It is noted that users' confidential data are disclosed to a CSP only if all the

following three conditionsare satisfied simultaneously [Yau, 10]:

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 9

1) The CSPs know where the users' confidential data are located in cloud

computing systems.

2) The CSPs have the privilege to access and to collect the users' confidential

data in cloud computing systems.

3) The CSPs can understand the meaning of the users' data.

The above three conditions arise from the following reasons, in order to

collect users' data. The CSPs must know the location of the data in cloud systems and

have the privilege to access the data. Even if the CSPs could collect users' data

successfully, they may not be able to understand the meaning of the data unless the

CSPs have at least some of the following information to understand the meanings of

the data:

• Types of data

• Functionalities and interfaces of the application using the data

• Format of the data.

Hence, it is needed to prevent the CSPs from satisfying all the above three

conditions, and then protect the confidentiality of users' data in cloud storage.

1.5. Cloud Computing System Architecture

The current cloud computing system consists of three layers: software layer,

platform layer and infrastructure layer, as shown in Figure 1.3 [Ila, 10]. The software

layer provides the interfaces for users to use CSPs’ applications running on a cloud

infrastructure. The platform layer provides the operating environment for the software

to run using system resources. The infrastructure layer provides the hardware resources for

computing, storage and networks [Ari, 13].

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 10

Figure 1.3. Current Cloud Computing Architecture

Platforms or infrastructures could be provided as virtual machines. The

following are the major problems of current cloud computing system:

• Each CSP has a software layer, a platform layer and a infrastructure layer.

When users use a cloud application from a CSP, then the users are forced to

use the platform and infrastructure provided by the same CSP. Hence the CSP

knows where the users' data are located and has full access privilege to the

data.

• The users are forced to use the interfaces provided by the CSP, and users' data

have to be in a fixed format specified by the CSP. Hence, the CSP knows all

the information required for understanding the data.

Therefore, it is difficult to avoid CSPs from satisfying all the three conditions

in Section 1.4.

Software as a Service

Platform as a Service

Infrastructure as a Service

Public

Cloud

Private

Cloud

Community

Cloud

HybridCloud�

�

Cloud

Users

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 11

1.6. Need for Data Security in Cloud Storage

Data protection is a crucial security issue for most of the enterprises [Ram, 13].

The main issue focused in cloud computing is data security. However, users are more

concerned about the security ofthe data in the cloud. Enterprises’ critical data are

moved to geographically dispersed cloud infrastructure, not under the direct control of

the enterprises. Moreover, data are stored in a multitenant environment and they are

always in a decrypted form when used. Given the large number of issues concerning

data security, many organizations want clear answers regrading security before

migrating into the cloud. Data security in the cloud includes the following [Shu, 12].

Security of data-at-rest: Users’ data stored on the physical storage should not

be modified. Encrypting the data may be the solution for this but in case of PaaS and

SaaS, encryption of data are not always feasible and hence the probability of

unauthorized access is very high.

Security of data–in-transit: Data must be secured, while transferring

between servers. It should not be viewed or changed by other user. So it requires an

appropriate encryption algorithm as well as a secure protocol.

Security of data during process: Users’ data should not be viewed or

changed by other user at runtime.

Security of data lineage: It deals with maintaining the origin and custody of

data in order to prevent tampering or to assure integrity of data. However, this is time-

consuming job. Trying to provide accurate reporting on data lineage for public cloud

servicesis not possible [Tim, 09].

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 12

1.7. Security Requirements for Cloud Storage

Security measures assumed in the cloud must be made available to the users to

gain their trust [Hyu, 12]. There is always a possibility that the cloud infrastructure is

secured with respect to some requirements and the users are looking for a different set

of security mechanisms [Mas, 10]. The reason why users are very anxious for the

safety of their data being saved in the cloud is that they don’t know who is managing

it in the server of the CSP. Typical users, who use the cloud service like storing their

files on the server to access it anywhere they want through internet, don’t bother

much about the security of their files. Those documents are common files that don’t

need to be secured. But in the case of big companies which have very important data

to be taken care of need to have secured cloud computing system. In order to have

secured cloud system, the following aspects of security parameters are considered for

data protection.

1.7.1. Authentication

Authentication is the process of verifying a user’s or other entity’s identity.

This is typically done to permit someone or something to perform a task. A strong

authentication system ensures that the authenticators and messages of the actual

authentication protocol are not exchanged in a manner that makes them vulnerable to

being hijacked by an intermediate malicious node or person. That is, the information

used to generate a proof of identity should not be exposed to anyone other than the

person or machine it is intended for.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 13

1.7.2. Authorization

Authorization is when the system decides whether or not a certain entity is

allowed to perform a requested task. This decision is made after authenticating the

identity of users. When considering an authentication system for a particular application,

it is crucial to understand the type of identifier required to provide a certain level of

authorization.

1.7.3. Confidentiality

Confidentiality is needed when the message sent or stored in the cloud contains

sensitive data which should not be read by others. Hence it must not be sent in a

comprehensible format. A loss of confidentiality is the unauthorized disclosure of

information. Confidentiality relates to security and encryption techniques can be obtained

by encrypting messages so that only intended recipients have access to read them.

1.7.4. Integrity

Integrity is ensuring that the data presented are true and valid. It also includes

guarding against improper data modification. A loss of integrity is the unauthorized

modification, insertion, or destruction of information. One way of ensuring data

integrity is using simple checksums which prevent an attacker from forging or

replaying messages.

1.7.5. Non-Repudiation

Non-repudiation is a process of ensuring that a traceable legal record is kept

and has not been changed by a malicious entity. A loss on non-repudiation would

result in the questioning of the transaction that has occurred. A simple example of

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 14

non-repudiation is signing a contract. The signers cannot claim that they did not agree

a contract, because there is an evidence that they did agree.

1.8. Motivations

Cloud storage is widely popular and it is used by millions of people in the

world. The users are eager to adopt the cloud storage by outsourcing their IT

requisites. Cloud computing has numerous advantages such as easy to use and

maintain, low power consumption for operation and reductions in the overhead for

storing the data. Despite several advantages, cloud also suffers from different security

threats and risks. Protecting from security threats and attacks is the primary concern

for the enhancement of a more secured cloud infrastructure. Traditional techniques for

data security are not enough for protecting data in the cloud, because they become

obsolete with respect to ever-evolving security threats. Moreover data stored in cloud

are not just stored, also it gets accessed by a large number of times and changes in the

form of insertion, deletion or updation that take place from time to time.

Security with traditional information systems has become difficult to satisfy

the data security in cloud environment, and this is also a challenging job for the public

cloud storage. Hence, it is imperative to ensure the confidentiality of the data in cloud

storage. Moreover, the CSPs do not clearly answer till now, some of the questions

related to security.

1. Where are the data stored?

2. Are the data encrypted or not?

3. Is any encryption technique used for data security?

4. How to maintain the key for different data users?

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 15

5. How are the data retrieved from cloud storage?

6. Who are responsible for accessing the data from cloud provider?

Motivated by this fact, this research work aims at ensuring the confidentiality

of the outsourced data by achieving the following goals.

• To propose a security service mechanism as a cloud service for protecting data

in cloud storage.

• To ensure that the data stored in the cloudare accessed only by the data owners.

• To propose security service algorithms suitable for cloud environment using

encryption and obfuscation.

• To reduce the size of data being stored in the cloud storage.

• To design a framework to provide security by ensuring the confidentiality of

outsourced data stored in the public cloud storage.

1.9. Scope of the Research Work

Security is a major challenge in cloud storage owing to the conduct of

outsourced computing. Unless robust security scheme is implemented, cloud storage

will be vulnerable to various attacks by the unauthorized users. Cloud data may be

hacked by either insiders or outsiders. So, the users must be very careful while storing

the data in cloud storage. It is necessary to ensure that even though the data in the

cloud are accessed by hackers, they should not be able to get the actual information.

Data security is ensured by different security parameters namely Authentication,

Authorization, Confidentiality, Integrity and Availability. Out of these, Confidentiality,

Integrity and Authentication are the important areas. Among these security

parameters, confidentiality is the most important parameter for data security in cloud

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 16

storage. Confidentiality ensures that the data can only be accessed by the privileged

cloud users. The scope of this research work concentrates only on confidentiality

parameter to ensure data security and other parameters are out of scope of this

proposed research work. Data in the cloud are categorized into two forms, namely,

Data in Transit and Data at Rest. This research work concentrates on Data at Rest.

The types of data considered for this research work are numerical and non-numerical.

This research work aims at providing a secured confidentiality framework to

cloud users and to service providers in order to protect the data stored in the public

cloud storage environment. This is to improve the usability of cloud and to minimize

the cost of storing and maintaining data by cloud storage.

1.10. Definition of the Problem

Data security is a critical area in cloud computing environment. Cloud has no

limits, and the data can be physically placed at any datacentres which are

geographically distributed. The users are forced to use the platform and infrastructure

provided by the same CSP. Hence the CSP knows where the data are located and have

full access to the data. This scenario of cloud raises several issues regarding

confidentiality of data.

Users’ data sent to the cloud are controlled and monitored by CSPs. CSPs as

privileged administrators have the rights to look into the users’ data. So, there is a

possibility that data are hacked from CSPs. Users do not have any control over the data

in cloud storage. Moreover, cloud is a public environment. Hence, data may have the

chance to be mingled with data of other users.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 17

Users do not know whether the data are encrypted in the cloud storage or not.

Maintaining keys for each user is more difficult for CSPs, and the same key is used

for all users’ data [Tim, 09]. Users’ data have to be in a fixed format specified by the

CSP, and hence the CSP knows all the information required for understanding users'

data. Here are the issue raised up for data protection.

1.11. Significance of the Proposed Research Work

The major problem found in the existing cloud frameworks is data security for

outsourced data. Security for data stored in the cloud is the top most issue in public

cloud environment. Security issue is raised owing to different functionality of existing

cloud framework. Users are forced to use the platform and infrastructure of the same

CSP. Hence, the CSPs have control over the users’ data. CSPs can easily access the

users’ data stored in their infrastructure. Users do not know whether the data are

encrypted in the cloud storage or not. Some CSPs use a single key to hide all the

users’ data. In most of the existing framework, users have to work more for securing

their data and have to maintain the component in the framework in their own

premises. The proposed framework reduces the work burden for the users and

separates the cloud services from different independent CSPs. Security is provided as

a service to the users to secure the data in the cloud storage. The users should decide

which security service mechanism is to be used to secure the data before it is sent to

the cloud. Keys used for data security are generated in the cloud and are provided to

the users as a service.

Cloud provides huge storage resources to the users without any concern about

the place restriction. Users could outsource their data at any time to the cloud. Size of

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 18

the data outsourcing is not a big concern in the cloud environment. Data uploaded to

the clouds are secured by using SSA in the proposed framework. The main

considerations for designing the SSAs is to provide security for data in cloud and

time taken for processing, because in view of the processing time delay of the SSA,

the data uploading may become slow. The proposed SSAs are specially designed for

the cloud environment to process the data without any delay.

Security service algorithms in the proposed framework are more suitable for

the cloud environment due to their minimum execution time and high security (as

shown in the tables and graphs in upcoming chapters) provided to the data in the

cloud storage. Three SSAs are provided from the cloud to the users. These algorithms

are used for a specific type of users’ data.

Many researchers proposed several security frameworks, but, a complete

security framework has not yet been proposed. In this research work, a framework

called, AROMO is developed, and it gives better results during simulation. Three security

services are used for data protection. These services are provided by three independent

CSPs. All security services in the framework are simulated in the cloud environment.

1.12. Aim and Objectives

The primary aim of this research work is to propose a security framework to

ensure confidentiality of outsourced data in public cloud storage. The objectives to

achieve primary aim of the proposed research work are as follows:

1. To propose a security service mechanism to store the data in the cloud storage.

2. To propose security service algorithm AROcrypt to ensure the confidentiality

of non-numerical data stored in cloud storage.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 19

3. To propose security service algorithm MONcrypt to ensure the confidentiality

of numerical data stored in the cloud storage.

4. To propose security service algorithm AROMONcrypt to ensure the confidentiality

of non-numerical and numerical data stored in the cloud storage.

5. To design a secured framework AROMO to ensure the confidentiality of data

in cloud by incorporating the proposals.

1.13. Organization of the Thesis

The thesis consists of seven chapters. The format of the thesis is as follows:

In Chapter 1, introduction to the research work is given. It provides fundamental

details of the research work. It gives details about the cloud computing and its

characteristics. The services and nature of cloud storage are explained. The scope of

this research work and the definition of the problem are elucidated. The motivation

behind this research work is also projected. The aim and the objectives of the research

work are stated. Chapter 2 explains the related research works carried out by various

researchers. It carries the information regarding the existing research works and the

reviews.

In chapter 3, a framework called AROMO is proposed to provide security by

ensuring the confidentiality of the data stored in the cloud storage. The framework

comprises three primary services namely, SEaaS, KGMaaS and STaaS. SEaaS

provides security services; KGMaaS generates key and maintains a log for key

management; STaaS provides cloud storage servers for data storage. SEaaS has three

different security service algorithms, namely, AROcrypt, MONcrypt and AROMONcrypt.

These algorithms are used to hide user’s data by use of encryption or obfuscation

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 20

technique before they are uploaded to the cloud storage. Users should select any one

of the security service algorithms to secure the user’s data in the cloud. KGMaaS

generates keys, based on a particular security algorithm selected by the users. Keys

are directly forwarded to the users. The users’ details for forwarding the keys are

received from SEaaS to KGMaaS.

In chapter 4, a security service algorithm, namely, AROcrypt is proposed.

AROcrypt SSA is used to encrypt the non-numerical data uploaded to the cloud.

AROcrypt SSA encrypts the user’s data using four keys. Keys for AROcrypt SSA are

generated in KGMaaS and forwarded to the users. Users apply those generated keys

and data into AROcrypt SSA to encrypt the data. The data are encrypted, and then

they are sent to cloud storage. Keys used for encryption are not communicated to

CSPs; So CSPs could not access data from cloud storage.

In chapter 5, MONcrypt security service algorithm is proposed to obfuscate

the numerical necessary data. MONcrypt security service algorithm is based on

obfuscation technique. It is one of the security service algorithms in SEaaS.

MONcrypt SSA uses different mathematical functions and program logic to obfuscate

the data. A key is used to rotate the digits. The same key is used for de-obfuscation.

MONcrypt SSA not only ensures the confidentiality of the data but also reduces the

size of the data sent to cloud storage.

In chapter 6, a security service algorithm, namely, AROMONcrypt is

proposed to encrypt and obfuscate the non-numerical and numerical data respectively.

Both encryption and obfuscation are applied on the data simultaneously. The users

submit the data to the AROMONcrypt SSA, and then it analyzes the type of data.

���������� � � � ���� ����� ��

������������ ������������������������������������������������������������������ 21

AROMONcrypt starts encrypting the non-numerical type of data and obfuscate the

numerical type of data. The users keep the keys for decryption and de-obfuscation.

CSPs of SEaaS or STaaS are not aware of the keys used by SSAs.

Chapter 7 concludes the thesis. It explains the essence of the proposed security

framework of cloud storage, research findings and interpretations, salient features, and

limitations and future research directions. All these chapters explain the research work

and the results with suitable figures, tables and graphs.

1.14. Chapter Summary

Cloud gains more attention of the IT Enterprises, because of its advantages.

Cloud supports on-demand computing. It reduces the cost of installing and

maintaining storage servers. Though the cloud storage provides many benefits and

advantages to cloud users, it has many security related issues. Hence, it is necessary to

propose a new security framework to protect the outsourced data in public cloud

storage environment. This chapter has provided the fundamentals of the proposed

research work. The motivation behind this research work and the aim and the

objectives are given. The scope of the research work and the security issues related to

Cloud are also given. The next chapter presents the literature review and it lists the

related research works along with the issues of the existing mechanisms.