8-SECURE DISTRIBUTED DATA STORAGE IN CLOUD COMPUTINGCloud ComputingPrinciples and Paradigms2 December 2012Cloud Computing - Part II1Presented by Majid Hajibaba1Migration into a cloudIntroductionData StorageDistributed StorageConsiderationsunique issuesspecific security requirements not been well-defined
Concerns about data in cloudPrivacyIntegrity
2 December 2012Cloud Computing - Part II2Presented by Majid HajibabaOne of the core services provided by cloud computing is data storage. This poses new challenges in creating secure and reliable data storage and access facilities over remote service providers in the cloud.
The benefits of network-based applications have led to the transition from server-attached storage to distributed storage.
One consideration is that the unique issues associated with cloud computing security have not been recognized.Another consideration is that the specific security requirements for cloud computing have not been well-defined within the community.
There are at least two concerns when using the cloud. One concern is that the users do not want to reveal their data to the cloud service provider. For example, the data could be sensitive information like medical records. Another concern is that the users are unsure about the integrity of the data they receive from the cloud. Therefore, within the cloud, more than conventional security mechanisms will be required for data security.
Migration into a cloud2
Cloud StorageDistributed StorageTypesSANNASReliabilitySecurityIntegrityLANsame authorityWANdifferent authorities
2 December 2012Cloud Computing - Part II3Presented by Majid HajibabaMost designs of distributed storage take the form of either storage area networks (SANs) or network-attached storage (NAS) on the LAN level
For SANs and NAS, the distributed storage nodes are managed by the same authority.
The reliability of such systems is often achieved by redundancy, and the storage security is highly dependent on the security of the system against the attacks and intrusion from outsiders. The confidentiality and integrity of data are mostly achieved using robust cryptographic schemes.----------------------------------In WANnetworks under different authorities.the activity of the medium owner is not controllable to the data owner.
In normal network-based applications, user authentication, data confidentiality, and data integrity can be solved through IPSec proxy using encryption and digital signature.
Migration into a cloud3Amazons Web Service2 December 2012Cloud Computing - Part II4
Presented by Majid HajibabaThe user creates a manifest and signature file, e-mails the manifest file, and ships the storage device attached with signature file. When Amazon receives these two files, it will validate the two files, copy the data into the storage device, ship it back, and e-mail to the user with the status including the MD5 checksum of the data. Amazon claims that the maximum security is obtained via SSL endpoints.
Storage services that accept a large amount of data (>1 TB) normally adopt strategies that help make the shipment more convenient, just as the Amazon AWS does.
Migration into a cloud4Microsoft Windows Azure2 December 2012Cloud Computing - Part II5
Presented by Majid HajibabaTo use Windows Azure Storage service, a user needs to create a storage account, which can be obtained from the Windows Azure portal web interface. After creating an account, the user will receive a 256-bit secret key. Each time when the user wants to send the data to or fetch the data from the cloud, the user has to use his secret key to create a HMAC SHA256 signature for each individual request for identification. Then the user uses his signature to authenticate request at server. The signature is passed with each request to authenticate the user requests by verifying the HMAC signature.
smaller data amount (