A Survey on Data Storage Security in Cloud Computing

Transcription

1 ISSN: X Karpagam Journal of Engineering Research (KJER) Vol: 5, 1, Special Issue on A Survey on Data Storage Security in Cloud Computing A.Amali Angel Punitha M.E 1, G.Indumathi M.E,Ph.D 2 1 Assistant Professor,Dept of CSE,[email protected],ULTRA College of Engg & Tech for Women,Madurai, India 2 Professor,Dept of ECE,[email protected],Mepco Schlenk Engg College,Sivakasi, India Abstract The Cloud computing is a latest technology which provides various services through internet. The Cloud server allows user to store their data on the cloud without worrying about correctness & integrity of data. Cloud data storage has many advantages over local data storage, User can upload their data on cloud and can access those data anytime anywhere without any additional burden. But the major issue for cloud is its security. Cloud Computing enables various users to send the data over internet which is then stored at data centers, but there is less chance of data loss. Hence Cloud Security is becoming a major concern for organizations. This Paper discusses the security issues i.e risks, attacks that arise in cloud computing. The aim of the paper is to analyze the various cryptographic techniques and to discuss the various security techniques over cloud which is most helpful and useful in the information security. Keywords: Cloud Security,CPDP,HVR,HIH,ECIES,ECC. 1. Introduction Cloud computing is the most enticing technology due to its flexibility and cost efficiency. There is a extensive scope of cloud computing as many of the organizations have adopted it. Use of cloud computing in organizations can increase the capacity and capabilities of the software by many folds. Security is a necessary component for strong privacy safeguards in all online computing scenarios, but security alone is not enough. Consumers and businesses are ready to use online computing only if they have the reliance that their data will stay private and secure. So to create a trusted environment for customers, we need to develop software, services, and processes with privacy in mind. NIST definition of cloud computing: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud storage is a model of networked online storage in which the data is stored in virtualized pools of storage that are generally being hosted by the third parties. Cloud storage allows data stored remotely to be temporarily cached on mobile phones, desktop computers, or other Internet-linked devices. Security and cost are the top issues in this field and vary greatly, depending on the vendor one choose. Cloud service providers such as Microsoft, Oracle Amazon, Google etc. are able to provide huge clouds which are nothing but computing resources that are provided on demand through Internet. The main focus depends upon the data security and privacy. The rest of the paper is organized as follows. Section II Presents the Cloud Architecture, The notion of privacy in cloud storage is presented in section III and the security risks are presented in Section IV. The Section V gives a brief Literature survey about the security risks in cloud storage presents the possible Encryptions techniques in section VI. The section VII gives a brief comparative study of the existing privacy-preserving methodologies. Finally, the paper concludes in Section VIII. 101

2 2.Cloud Architecture In general, geographical distribution works to promote low cost, scalability, flexibility, homogeneity, advanced security technology and service-orientation, Computing architecture is classified based on the type of cloud service. There are three main categories of model. 2.1.Software-as-a-Service (SaaS) SaaS is a set of IT applications run in the cloud and is used to deliver applications through a browser to thousands of customers, using a multiuser architecture. SaaS focuses on the end user/client as opposed to managed services. Basically, a managed service is an application that is accessible to an organization s IT infrastructure, rather than to end users. Examples include Gmail from Google, and Microsoft Office Live. 2.2.Platform-as-a-Service (PaaS) PaaS is closely related to SaaS, but delivers a platform on which to work, rather than an application to work with. It provides the capability to build or deploy applications on top of an infrastructure layer. PaaS delivers development environments to analysts, programmers and software engineers as a service. A provider of cloud computing offers multiple application components that align with specific development models and programming tools. Examples: Google s Apps Engine, Microsoft- Windows Live. Open shift, etc 2.3. Infrastructure-as-a-Service (IaaS) IaaS is a model in which an organization outsources the equipment used to support operations, including hardware, servers and networking components. IaaS is similar to the managed services offered in the Internet era Examples include Elastic Compute Cloud, Amazon, Microsoft Windows Azure Fig 1.1 Cloud Architecture 2.4.Cloud Deployment Models There are four deployment models according to the modes of Cloud Service Delivery:[1] a. Public cloud, where the cloud infrastructure is available to a group of organizations; b.private cloud, where the cloud infrastructure is available to a single organization; c.community cloud, where the cloud infrastructure shares a set of characteristics in the cloud, and is shared between many organizations. d.hybrid cloud, can be defined as the form of two or more clouds like private and public or public and hybrid. 3. Privacy In Cloud Storage Newly, many services in the cloud, e.g., healthcare, online marketing, banking & payment, and social media depend on the use of personal information. Those privacy-sensitive data are residing in the other side of the globe. This movement highlights concerns on privacy in the cloud like how privacy of users is perceived and protected 102

3 3.1.What is Privacy? Privacy means that the person to be free from all interference. Privacy control allows the person to maintain a degree of intimacy. Privacy is the protection for the truthful use of personal information of cloud user. Privacy breaches may create a lot of troubles to cloud users. The American Institute of Certified Public Accountants (AICPA) and Canadian Institute of Charted Accountants (CICA) define that, Privacy is the right and obligation of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information Privacy Issues in Cloud Storage When considering privacy risks in the cloud context, it is very important as privacy threats differ according to the type of cloud scenario. The papers [2][21] presents some of those issues in privacy which is as follows: lack of user control, lack of training and expertise, unauthorized secondary usage, complexity of regulatory compliance, addressing transponder data flow restrictions, litigation, legal uncertainty, compelled disclosure to the government, data security and disclosure of breaches, data accessibility, location of data, transfer and retention. 4. Security Risks 4.1.Data integrity The major security issue associated to cloud security risk is its data integrity. In the case of transition operations from or to the providers, the data stored may get effected. There are certain characteristics of risk of attacks from both outside and inside the cloud. It was difficult to manage the data corruption, when many clients and devices are synchronized by a single user. Many researchers says that by using Byzantine fault-tolerant replication protocol within the cloud, the data corruption problem can be solved.the cloud is most trusted among users because they trust cloud as a single reliable domain without the knowledge of the protection protocols. 4.2 Data Intrusion Data intrusion is the other security risk associated with a cloud provider; there is an example of data intrusion, If someone can hack the account password of cloud users, then the person can access all information s and the resources from the user s account. Thus, with a stolen password, a hacker can delete all information s from the virtual machine. If the user tries to modify the account or even disable the account services, then there is a possibility for the hacker to hack the too. As cloud allows to reset a lost password by , so a hacker can also visit to hack the new password. 4.3 Service Availability The other issue related to security risk is service availability. Service Provider has clearly mentioned in their licensing agreement that there might be a situation of service unavailability time to time. It was earlier stated that if any user s file will break the cloud storage policy, then the user s web service will be terminated at any time. Moreover, if there would be any loss to Cloud web service and the service fails, the service provider is not going to pay any charge. If the company wants to secure the services from such failure, needs measures such as backups or use of multiple providers. If there is any delay of payment from the user for cloud storage, then the user not be capable of getting access of their data. 5. Related Work In Ref [3] Wang et al proposed to combine BLS-based HLA with MHT to support both public audit ability and full data dynamics, none of them meet all the requirements for privacy preserving public auditing in cloud computing. In Ref [5] considered the public audit ability in their provable data possession (PDP) model for ensuring possession of data files on untrusted storages. In Ref [6] proposed a TPA to keep online storage honest by first encrypting the data then sending a number of pre computed symmetric-keyed hashes over the encrypted data to the auditor. The auditor verifies the integrity of the data file and the server s possession of a previously committed decryption key. In Ref [7] Juels et al presented a proof of retrievability (POR) model, where spot-checking and error-correcting codes are used to ensure both possession and retrievability of data files on remote archive service systems. In Ref [8] Schwarz and Miller et al. proposed the first study of checking the integrity of the remotely stored data across multiple distributed servers. Their approach is based on erasure-correcting code. In Ref [9] Bowers et al utilized a two-layer erasure-correcting code structure on the remotely archived data and extend their POR model to distributed scenario with high-data availability assurance. In Ref [10] proposed a new technique in 103

4 which the burden of cloud user from the tedious and possibly privacy auditing task, but also alleviates the users terror of their outsourced data security. Taking into account TPA may concurrently handle multiple audit sessions from dissimilar users for their outsourced data files, he further extend this privacy-preserving public auditing protocol into a multi-user scenario, where the TPA can perform multiple auditing tasks in a batch manner for better effectiveness. In Ref [11] Zhu,Yan et al suggested the efficient provable data possession for hybrid clouds. They focused on the construction of PDP scheme for hybrid clouds, supporting privacy protection and dynamic scalability. They first provide an effective construction of Cooperative Provable Data Possession (CPDP) using Homomorphic Verifiable Responses (HVR) and Hash Index Hierarchy (HIH). This construction uses homomorphic property, such that the responses of the client s challenge computed from multiple CSPs can be combined into a single response as the final result of hybrid clouds. By using this mechanism, the clients can be con-vinced of data possession without knowing what machines or in which geographical locations their files reside. More prominently a new hash index hierarchy is proposed for the clients to seam-lessly store and manage the resources in hybrid clouds. Their ex-perimental results also validate the effectiveness of their construction. In Ref [12] suggested the Trusted Cloud Computing with Secure Resources and Data Coloring,. This technique safeguard multi-way authentications, enable single sign-on in the cloud, and tighten access control for sensitive data in both public and private cloud. In Ref [13] proposed the An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing, It deals with An efficient and secure dynamic auditing protocol is desired to convince data owners that the data are correctly stored in the cloud. It said that the auditing protocols are secure and efficient. In Ref [14] proposed the encryption of a few bits per data block. It Checking the integrity of the uploaded data in a light approach, It reduced the computation, network bandwidth and storage overhead. In Ref [15] proposed hash functions and error correcting code techniques, It checking the integrity and correcting errors. It supports the security application of power cloud computing. In Ref [16] suggested multilayered architecture and agents, It offered the backup of the data. In Ref [17] proposed Anonymization techniques employed, It ensure the confidentiality by protecting user data from service providers using HPAE Architecture. It provides and effective practical solution since it can handle large volume of data. In Ref[18] presented the 3D ring each weighted according to CIA.It preventing the data leakage and ensuring the data privacy and confidentiality and availability. In Ref [19] presented multilayered architecture for enhancing the security of data storage by using an effective scheme called Defense in Depth. This layered architecture was more secure against various attacks. In Ref [20] suggested separation model for ensuring the confidentiality of stored data in the cloud by using RAIN Approach. It achieved without depending on heavy cryptographic operations. 6. Encryption Techniques 6.1. ECIES The Elliptic Curve Integrated Encryption Scheme is a public key encryption scheme based on ECC. It is designed to be se-mantic ally secure in the presence of an adversary capable of launching chosen-plaintext and chosen-cipher text attacks.the advantage of the ECIES is that on one hand it is meanwhile quite well investigated and thus considered secure while on the other hand just a very short bit length is needed as compared to other asymmetric systems ECC Elliptical curve cryptography is a public key encryption technique based on elliptic curve theory that can be used to make faster, less significant and more competent cryptographic keys. ECC produces keys during the properties of the elliptic curve equation as an alternative of the conventional method of creation as the produce of very huge prime numbers. The technology can be used in coincidence with most public key encryption methods, such as RSA, and Diffie-Hellman. 104

5 6.3. AES It is stand for Advanced Encryption Standard. It is a specification of the electronic data encryption. The Advanced Encryption Standard comprises three block ciphers, AES-128, AES-192 and AES-256. AES as a fixed block size of 128 bits and a key size of 128, 192, or 256 bits. The block-size has a maximum of 56 bits, but the keysize has no theoretical maximum. The cipher uses number of encryption rounds which converts plain text to cipher text DES It stands for Data encryption standard. It is a widely-used method of data encryption with the help of private or secrete key. DES uses 56-bit key to each 64-bit block of data. It can run in various modes and involves 16 rounds or operations. Although this is considered strong" encryption, many companies used triple DES that uses three keys in succession. 7. Conclusion Fig 1.2 Block diagram for Encrypted Cloud Data & its Models This paper, discussed about various Data Security techniques for data storage in cloud computing. But some security techniques are too costly to implement in real time. Apart from this, to increase the security level in the cloud environment there are still too many areas which require further enhancements to improve the efficient of algorithms for encryption will develop. Acknowledgements I thank LORD ALMIGHTY for His immense grace and my parents and my Supervisor for incessant encouragement and sustained support for this research work. References Journal & Conferences [1] Noha Alsulami, Eman Alharbi, Muhammad Mostafa Monowar,A Survey on Approaches of Data Confidentiality and Integrity Models in Cloud Computing Systems, Journal of Emerging Trends in Computing and Information Sciences,Vol. 6, No. 3 ISSN , March [2] Mohammed, A., AlSudiari, T., & Vasista, T. G. K Cloud Computing And Privacy Regulations: An Exploratory Study On Issues And Implications. Advanced Computing: An International Journal (ACIJ), 3 (2),

6 [3] Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li, Enabling Public Audit ability and Data Dynamics for Storage Security in Cloud Computing, IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 5, pp [4] Srinivas, D. "Privacy-Preserving Public Auditing In Cloud Storage Security." International Journal of computer science and Information Technologies, vol. 2, no. 6, pp , 011, ISSN: [5] Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song,Provable Data Possession at Untrusted Stores, Proc. 14th ACM Conf. Computer and Comm. Security (CCS 07), pp ,2011. [6] M.A. Shah, R. Swaminathan, and M. Baker,Privacy-Preserving Audit and Extraction of Digital Contents, Cryptology eprint Archive, Report 2008/186 [7] A. Juels and J. Burton, S. Kaliski, PORs: Proofs of Retrievability for Large Files, Proc. ACM Conf. Computer and Comm. Security (CCS 07), pp [8] T. Schwarz and E.L. Miller,Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage, Proc. IEEE Int l Conf. Distributed Computing Systems (ICDCS 06). [9] K.D. Bowers, A. Juels, and A. Oprea,HAIL: A High-Availability and Integrity Layer for Cloud Storage, Proc. ACM Conf. Computer&Comm. Security (CCS 09), pp [10] Srinivas, D. "Privacy-Preserving Public Auditing In Cloud Storage Security." International Journal of computer science and Information Technologies, vol. 2, no. 6, pp , 011, ISSN: [11] Zhu, Yan, Huaixi Wang, Zexing Hu, Gail-Joon Ahn, Hongxin Hu, and Stephen S. Yau."Efficient provable data possession for hybrid clouds."in Proceedings of the17th ACM Conference on Comp & comm security, pp ,2010 [12] K. Hwang and D. Li, Trusted Cloud Computing with Secure Resources and Data Coloring, IEEE Internet Computing, vol. 14,no. 5, pp , Sept./Oct [13] K. Yang and X. Jia, An Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud Computing, IEEE Trans. Parallel and Distributed Systems, vol. 24, no. 9,pp [14] R. Sravan Kumar and A. Saxena, Data integrity proofs in cloud storage, in 2011 Third International Conference on Communication Sys& Networks (COMSNETS), 2011, pp.1-4. [15] Y. Yang and Y. Yan, "Fine-Grained Data Integrity Check for Power Cloud Computing",5 th International Conference on Biomedical Engineering and Informatics,2012. [16] A.M. Talib, R. Atan, R. Abdullah and M. Azrifah, CloudZone: Towards an integrity layer of cloud data storage based on multi agent system architecture, IEEE Conference on Open Systems(ICOS), September [17] V.Ayala-Rivera, D. Nowak and P. McDonagh Protecting Organizational Data Confidentiality in the Cloud using a High-Performance Anonymization Engine,pp 1-8,2013. [18] P.Prasad, B. Ojha, R. R. Shahi, R. Lal, A. Vaish,and U. Goel, 3 Dimensional security in cloud computing, ICCRD 2011 (3), pp [19] N.el-Khameesy and H. Abdel Rahm, "A Proposed Model for Enhancing Data Storage Security in Cloud Computing Systems, Journal of Emerging Trends in Computing and Information Sciences, June 2012, pp [20] M. G. Jaatun, A. A. Nyre, S. Alapnes, and G.Zhao, A Farewell to Trust : An Approach to Confidentiality Control in the Cloud, in Proceedings of the 2nd International Conference on Wireless communications, Vehicular Technology Book [21] Pearson, S Privacy, Security and Trust in Cloud Computing. Privacy and Security for Cloud Computing,