SURVEY PAPER ON SECURITY IN CLOUD COMPUTING

Transcription

1 SURVEY PAPER ON SECURITY IN CLOUD COMPUTING Jasleen Kaur Research Scholar, RIMT, Mandi Gobindgarh Dr. Sushil Garg Principal, RIMT, Mandi Gobindgarh ABSTRACT: Cloud Computing provides resources to the users over internet on demand. Service on demand is an important feature of cloud computing as it enables the user to choose the relevant resources while excluding the irrelevant ones. There are many Cloud Service Providers (CSP) such as Google, IBM, Oracle Corporation, Amazon Web Services, etc. which provide cloud services to users. CSPs are third parties who agree to lease out the resources to the users as per their demand and provide the users with various options of cloud deployment models (private, public, hybrid or community) and services (IaaS, PaaS and SaaS) too. Since cloud computing involves internet for data access, third party involvement and multi-tenancy, security stands as a major concern since every organization uploads their very sensitive data onto the cloud. There are ongoing researches to improve security of data in the cloud and in this paper, effort has been made to study the same. Keywords: Cloud Computing, Deployment Models, Cloud Services, Security concerns. I. INTRODUCTION Cloud Computing is internet based technology which has evolved in the field of IT over the past few years. Cloud computing makes the transfer or storage of bulk data easy to be transferred and maintained for usage. Organizations need not buy special hardware for deploying different applications since cloud computing provides on demand service to the user which means that all the resources like firewall, server, database and so on that are required by an organization for the deployment of an application may be leased out by some other organization which deals in providing those resources. The latter organizations are known as Cloud Service Providers (CSP). Hence leasing of resources does not levy high cost on the users and at the same time it gives business to other organizations as well. So, cloud Copyright to IJASPM, 2015 IJASPM.org 27

2 computing is fast becoming popular in the field of IT and is gaining attention of various organizations. Figure 1: Cloud Computing [4] There are different deployment models and cloud services which the user can choose from depending on the usage. These are discussed further. 1.1 Cloud Services: A.) Infrastructure as a Service (IaaS): This is the bottom-most layer of cloud computing stack and provides the consumers with various hardware facilities like that of storage, processors, servers, and networking and as well as some software facilities like virtualization and file system. It allows the consumers to equip resources on demand. B.) Platform as a Service (PaaS): It is the layer that lies above the IaaS in the stack. It deals with providing development as well as deployment options to the consumers. It basically provides an environment for developing the application with some built-in tools which have some pre-defined functions which help the user to build the application as per requirement. Also, once the application is developed, it may be deployed within the same environment. It also supports renting of resources and the consumers have to pay as per the usage. C.) Software as a Service (SaaS) : It is the topmost layer in the stack and lies above the PaaS layer. It provides deployment of the end product or software or some web application on the IaaS and PaaS services and provides access to different consumers through some network, probably Internet nowadays. The services of this layer are perceived and manipulated by the consumers. The license to these services may be subscription based or usage based. The consumer may extend the services (subscription as well as scalability) based on the demand. Copyright to IJASPM, 2015 IJASPM.org 28

3 1.2 Deployment Models There are different deployment models in cloud computing. These are: A.) Private Cloud: It is the one in which cloud infrastructure is established within the organization and provides limited access to the users. Since, only privileged users can access the resources on the cloud, it is considered as most secure of all other deployment models. It is deployed where the number of users accessing the information is small. B.) Public Cloud: It is the one in which cloud infrastructure is shared among different organizations. The public cloud is managed by some third party who lease out the resources to the organizations as per their demand. Hence, the public cloud supports the feature pay per usage. Public clouds are vulnerable to data tampering as there are multiple organizations accessing the applications on sharing basis and hence, it may give easy access to some intruder. C.) Hybrid Cloud: It is the combination of different clouds. As it is the combination of models, it offers the advantages of multiple deployment models. It provides ability to maintain the cloud as recovery of data is easy in this cloud. It offers more flexibility than both public and private clouds.[3] D.) Community Cloud: It is the one in which the cloud infrastructure is shared between different organizations with same interests or concerns. The organizations having same requirements (like security, policy, etc.) agree to share the resources from the same party or CSP. Hence, community cloud is basically a public cloud with enhanced security and privacy just like that in private cloud. The infrastructure may be maintained within the organization or outside the organization. Figure: Cloud Deployment Model [7] Copyright to IJASPM, 2015 IJASPM.org 29

4 II. LITERATURE SURVEY 2.1 Security Concerns According to Kazi and Susan[2], Security in cloud computing, the next generation architecture of IT Enterprises is cloud computing. They have classified the security threats as external and internal. External threats are related to large data centers. So, in order to ensure security to software or configurations, the cloud users, the CSPs and the third party vendor involved must take the responsibility for ensuring the same. According to Keiko David, Eduardo and Eduardo [10], An analysis of security issues for cloud computing, the risk areas that require security concerns are external data storage, use of public internet for communication purposes, inability of the user to control the privacy of the data, multi-tenancy and integration with internal security. According to Saurin and Nishant[7], A Review on Hybrid Techniques of Security In Cloud Computing, since data is stored out of sight and control of the users, there have been speculations to use the cloud computing services due to improper application. So, this arise questions related to privacy, confidentiality, integrity and so on and demands a trusted environment where data can be secured efficiently. According to Rohit and Sugata[13], Survey on security issues in cloud computing and associated mitigation techniques, it is convenient to access our hard drives mounted on our own systems, but access to cloud system is not that convenient as the data is stored at some other physical location and if the internet goes down, it will deny any kind of access to the data. According to Nagaraju and Sridaran, A survey on security threats for cloud computing, a recent survey by International Data Corporation (IDC), 87.5% of the masses belonging to varied levels starting from IT executives to CEOs have said that security is the top most challenge to be dealt with in every cloud service.[15] 2.2 Related Work A.) Sanjoli and Jasmeet [12], Cloud data security using authentication and encryption technique, propose blend of two different algorithms for ensuring security: Extensible Authentication Protocol-CHAP and Rijndael Encryption Algorithm. EAP(Extensible Authentication Protocol) is implemented for authentication purpose. Challenge-Handshake Authentication Protocol (CHAP), a method of EAP, is used for authentication. Rijndael is used for encryption purpose. Client side security has been focused in this paper. Rijndael makes the system secure. Copyright to IJASPM, 2015 IJASPM.org 30

5 B.) Shirole and Sanjay[17], Data Confidentiality in Cloud Computing with Blowfish Algorithm, propose a system that uses encryption technique to provide reliable and easy way to secure data for resolving security challenges. Scheduler performs encryption on plain data into cipher data followed by uploading of ciphered data on the cloud. When the data is to be retrieved from the cloud, it is obtained in plain data format and is stored on the system. This preserves data internally. And hence, this builds a relationship of cooperation between operator and service provider. This model uses OTP(One-Time Password) for authentication purpose and Blowfish algorithm for encryption purpose. C.) Garima and Naveen [16], Triple Security of Data in Cloud Computing, proposed a system for securing the cloud by using three algorithms: DSA (Digital Signature Algorithm), AES (Advanced Encryption Standard) and Steganography step by step. In order to encrypt the data, DSA is applied for authentication purpose followed by AES for encryption and then finally concealing data within audio file using Steganography for utmost security. Once encryption is complete, the receiver may decrypt the data by applying reverse of the applied algorithms. But, it is found that the time complexity is high because it is a one by one process. D.) Sunita and Ambrish[18], Cloud Security with Encryption using Hybrid Algorithm and Secured Endpoints, propose a hybrid algorithm for securing the cloud. In order to encrypt the message, in the first place the password is encrypted using Ceaser cipher followed by encryption using RSA substitution algorithm and then further final encryption by the mono alphabetic substation method. Once the encryption process is over, the password is sent to the server with the plaintext user name and then user get access to the system on successful matching. This makes the system secure and increases the speed of correction of critical issues along with determining the root causes of vulnerability and software security assurance processes. III. CONCLUSION From the above survey, it is learnt that cloud computing is definitely the buzzword in the market nowadays, grabbing attention of IT people and also giving business to numerous companies. But, just as a coin has two sides, so does cloud computing has its own advantages and pitfalls. Amongst the pitfalls, security is area of major concern as every organization handovers their very sensitive data to CSPs. Security of data is something that may affect the quality of service (QoS) of CSPs. So, the CSPs must make sure that they use appropriate techniques and methods to secure the data. Also, the users must make sure to choose the CSP wisely and understand their policies. Copyright to IJASPM, 2015 IJASPM.org 31

6 IV. REFERENCES [1] [2] Zunnurhain, Kazi, and Susan V. Vrbsky. "Security in cloud computing." Proceedings of the 2011 International Conference on Security & Management [3] Kaur, Jasleen, Anupma Sehrawat, and Ms Neha Bishnoi. "Survey Paper on Basics of Cloud Computing and Data Security." International Journal of Computer Science Trends and Technology (IJCSTT) (2014). [4] [5] Zissis, Dimitrios, and Dimitrios Lekkas. "Addressing cloud computing security issues." Future Generation computer systems 28.3 (2012): [6] SO, Kuyoro. "Cloud computing security issues and challenges." International Journal of Computer Networks (2011): [7] Khedia, Saurin, and Nishant Khatri. "A Review on Hybrid Techniques of Security In Cloud Computing." [8] [9] Beneficial.htm [10] Hashizume, Keiko, et al. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4.1 (2013): [11] Singh, Palvinder, and Er Anurag Jain. "Survey Paper on Cloud Computing." [12] Singla, Jasmeet Singh. "Cloud data security using authentication and encryption technique." Global Journal of Computer Science and Technology 13.3 (2013). [13] Bhadauria, Rohit, and Sugata Sanyal. "Survey on security issues in cloud computing and associated mitigation techniques." arxiv preprint arxiv: (2012). [14] Ren, Kui, Cong Wang, and Qian Wang. "Security challenges for the public cloud." IEEE Internet Computing 16.1 (2012): [15] Nagaraju Kilari, Dr R. Sridaran. "A survey on security threats for cloud computing." International Journal of Engineering Research and Technology. Vol. 1. No. 7 (September-2012). ESRSA Publications, [16] Saini, Garima, and Naveen Sharma. "Triple Security of Data in Cloud Computing." International Journal of Computer Science & Information Technologies 5.4 (2014). [17] Subhash, Shirole Bajirao. "Data Confidentiality in Cloud Computing with Blowfish Algorithm." International Journal of Emerging Trends in Science and Technology 1.01 (2014). [18] Rani, Sunita, and Ambrish Gangal. "Cloud security with encryption using hybrid algorithm and secured endpoints." International journal of computer science and information technologies 3.3 (2012): Copyright to IJASPM, 2015 IJASPM.org 32