1 OPEN JOURNAL OF MOBILE COMPUTING AND CLOUD COMPUTING Volume 1, Number 1, August 2014 OPEN JOURNAL OF MOBILE COMPUTING AND CLOUD COMPUTING Data Security Issues in Cloud Computing Neha Rawat*, Ratnesh Srivastava, Binay Kumar Pandey, Poonam Rawat, Shikha Singh and Awantika Sharma Department of Information Technology, Govind Ballabh Pant University of Agriculture and Technology, India *Corresponding author: Abstract: Cloud computing is an enticing technology which is a combination of many existing technologies such as parallel computing, grid computing, distributed computing and others. It offers services like data storage, computing power, shared resources at low cost to its users over internet at anytime from anywhere. Costing model on cloud computing is based on pay as you go method, hence companies are saving millions by adopting this technology. As more and more individuals and companies are relying on cloud for their data, the question arises here is how secure cloud environment is? Though cloud computing has many advantages, it also have some security problems. Data security issue is the major concern in cloud computing because after shifting clients data to cloud, service provider is responsible for the security and privacy of data. Hence data security issue is the major challenge which is hampering the growth of cloud computing and therefore it is needed to be resolved in order to make it widely acceptable and to accelerate its growth. In this paper data security problems of cloud are discussed. Here we presented an overview of cloud computing, its benefits and data security challenges in cloud computing model. Keywords: Cloud Computing; Data Security Issues 1. INTRODUCTION Cloud computing has given a new dimension to internet. It has changed internet into a computing platform where computing power, storage, network etc. are provided to users. Cloud computing has transformed IT industry completely. It has a great impact on the development of IT by enhancing its existing capabilities and increasing flexibility. In the recent years, cloud computing has made significant changes in IT industry and has become a promising part of IT world. Being a promising business model it provides on demand provisioning of resources to its consumers. It attracts not only large enterprises but also medium and small size companies. Clients can access service provided by cloud only through internet and can also scale up and down resources according to their need, hence it is a cost effective, efficient and flexible alternative. Thus by adopting cloud computing companies can achieve more by paying less. There are many cloud providers such as Google, Amazon, Microsoft, IBM, and Rackspace. Cloud computing is a technology which saves user data on remote location (i.e. at data center) rather 9
2 OPEN JOURNAL OF MOBILE COMPUTING AND CLOUD COMPUTING Figure 1. NIST model of Cloud Computing than saving it locally . So users do not have to worry about managing hardware and software but at the same time cloud computing increases the responsibility of cloud vendors because now users totally depends on cloud for their data. To ensure access to cloud anytime from anywhere cloud should provide several features like availability, data integrity, accessibility etc. Since data is shifted outside the control of data owner and is maintained by third party, it invites security issues too, so cloud computing must ensure security. There are many issues in cloud computing that should be addressed by cloud provider to convince individuals or companies to use this technology. The most important concern is to guarantee that user data integrity and confidentiality is attained while data is stored in the cloud system. Therefore data security issue is the major concern in cloud computing. 2. CLOUD COMPUTING Cloud computing is about the delivery of computing to users from a remote location. Using cloud computing a user can store his data on cloud, which get centrally stored in the cloud and can be accessed anytime from anywhere through internet. National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous, convenient, on demand network access to shared pool of resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models and five deployment models . 10
3 Data Security Issues in Cloud Computing 3. CLOUD COMPUTING DEPLOYMENT MODELS Cloud computing service models are classified as: A. Private Cloud Private clouds are built specifically for a single organization. It is owned and operated by specific organization and all cloud resources are also dedicated to that organization only. It offers greater control on data security, which lacks in public cloud. Organizations build private cloud to deal with their business critical applications. B. Public Cloud Public cloud is a cloud environment which is made available to public users by a service provider. It is owned and operated by cloud service providers. Resources in this cloud are available to public users on demand over the internet. User can rent resources and can scale resources up or down on the basis of their need. Examples of public cloud providers are Google, Amazon, Microsoft and Rackspace. C. Community Cloud It is analogous to private cloud. A private cloud is dedicated for a particular group, while community cloud is dedicated to a closed community which includes people of similar interest. With community cloud, organization having similar objectives can work together. Example of community cloud is Media Cloud. D. Hybrid Cloud Hybrid clouds are combination of two or more clouds (private, public or community cloud). With hybrid cloud, organizations can realize the benefit of multiple cloud deployment models. It provides augmentation of private cloud with resources of public cloud in order to handle any unexpected surges in workload. 4. CLOUD COMPUTING SERVICE MODELS Cloud computing service models are classified as: A. Software as a Service (SaaS) It is the delivery of application. In SaaS a complete application is provided to user which is running on cloud infrastructure. As software is hosted by provider, users do not need to buy, install or manage hardware for it. In SaaS instances of a software application are shared as a service. Examples of SaaS are Google Docs, Cloud Drive, and Salesforce.com CRM application. B. Platform as a Service (PaaS) PaaS enables developers to deploy their application on the cloud. The consumer can control their application but do not have any control over underlying infrastructure. It provides user an integrated set of software through the internet. PaaS is a delivery of computing platform as a service. Examples of PaaS are Google App Engine, Amazon Web Services, and Microsoft Azure. C. Infrastructure as a Service (IaaS) Using IaaS user get access to resources like storage, server, networks, data center space. It shares pool 11
4 OPEN JOURNAL OF MOBILE COMPUTING AND CLOUD COMPUTING Figure 2. Cloud Deployment Models  of computing resources. User can deploy and run both application and operating system on IaaS. It frees user from buying or managing underlying software and hardware. Example of IaaS is Amazon EC2. 5. CLOUD SECURITY STANDARD ORGANIZATIONS Many standard bodies are developing standards for cloud environment. Users want the freedom to move between cloud providers for many reasons. For example, other vendors offer better prices, relationship with a provider may not be working. The community of cloud computing has already developed many standards by various forums. These standards are developed to provide interoperatibility between clouds and to develop a healthy environment in cloud computing industry . Some cloud security standard organizations are: National Institute of Standards and Technology (NIST) Open Cloud Consortium (OCC) 12 Open Grid Forum (OGF)
5 Data Security Issues in Cloud Computing The Object Management Group (OMG) Storage Networking Industry Association (SNIA) Cloud Computing Interoperability Forum (CCIF) Distributed Management Task Force (DMTF) Cloud Security Alliance (CSA) 6. RELATED WORK Several researches have been done in the literature for cloud computing and its security issues. Here we presented a brief review of some recent researches. Harauz et al.  discuss the regulatory and legal concerns associated with security issues. Encryption schema, scheduled data backups and strict access control mechanism should be offered by storage provider in order to avoid unauthorized access and to ensure data integrity, confidentiality and availability of the data. For interoperability among service providers, adaptation of a universal standard is recommended. Data Availability, Data Location and Data Transmission, and Data Security are the major issues related to data security in the cloud computing environment, identified by Z. Mahmood . Data Location and Data Transmission cloud customers may wish that data should reside on a specific location based on data polices and legislations of country. Similarly, cross country transition of data may cause potential risks due to varying policies and regulations. Data Availability - the unavailability of data may lead to service outages. Data Security- security risks become the major concern, particularly, when data is transferred to another country, because different countries may have different regulatory frameworks. In his paper, Wentao Liu  illustrates cloud concepts and security problems in the cloud system. The key security problems in cloud computing are data privacy and service availability and single security method cannot solve the cloud computing security problem. He recommends many traditional and new technologies must be used together for protecting the total cloud computing system. Jinguang Han et al.  proposed an identity-based proxy re-encryption scheme to outsource sensitive data from owner to an external party. This scheme supports both inter-domain and intra-domain queries, therefore it is suitable for cloud computing scenario. In the proposed scheme, the access key can be computed by the owner independently without using private key generator (PKG), and is bound not only to the requesters identity but also to the requested cipher text. This scheme is also secured against collusion attacks. In the past few years, cloud computing has grown from being a promising business concept to one of the fast growing segments of the IT industry. Security is the major issue, as it has lot of loose ends which scares a lot of cloud users. Cloud service users need to be vigilant in understanding the risks of data breaches in this new environment. S. Subashini et al.  presents a survey of the different security issues in service delivery models that pose a threat to the cloud. Sandeep K. Sood  proposed a framework that can efficiently protect the data from beginning to end, i.e., from the owner to the cloud and then to the user. The strategy used to protect the data utilizes various cryptographic measures such as Message Authentication Code (MAC) is used for integrity check of data, Secure Socket Layer (SSL) 128 bit or 256 bit encryption, searchable encryption and division of data into three different sections in cloud for storage. Proposed scheme achieves the integrity, availability 13
6 OPEN JOURNAL OF MOBILE COMPUTING AND CLOUD COMPUTING and reliability of data. In addition to this it also enable to retrieve files from cloud by searching over an encrypted data. 7. CRITICAL REVIEW Table 1. Summary of surveyed literature Author Harauz et al.  Problem discussed/ Proposed Method Different regulatory and legal concerns associated with data security issues Z. Mahmood  Outlined the major security issues in cloud computing Wentao Liu  Jinguang Han et al.  Illustrates cloud concepts and security problems in the cloud system Proposed identity based proxy re-encryption scheme S. Subashini et al.  Security issues in service delivery models that pose a threat to the cloud. Sandeep K. Sood  Proposed a framework utilizing various cryptographic measures that can efficiently protect the data from beginning to end. 8. DATA SECURITY ISSUES IN CLOUD Cloud computing provides efficient, flexible and cost effective services. However this model is not 100% secure. The major concerns in cloud computing are privacy and security. There are various security issues in cloud computing. Of many security issues, data security seems to be the major obstacle towards the adaption of cloud computing. Data security in cloud is must, in order to ensure that the data has not been accessed by any unauthorized person. The different key data security issues of cloud computing are discussed as follows. A. Data Integrity It is one of the most critical issues in cloud security. Data integrity describes the wholeness or completeness of dat. It can easily be achieved in standalone system by using ACID properties. But it is not easy to achieve data integrity in cloud environment because transaction management is the biggest problem with web services. Although standards like WS-Reliability and WS-Transaction are available to manage data integrity with web services but these are not matured yet . Damage to the data stored in cloud may occur during transaction as a result of lack of integrity control in cloud. Cachin et al.  suggests to use Byzantine fault-tolerant replication protocol as a solution. B. Data Location Consumers store their data on cloud without knowing where their data is getting stored. Data locality is of utmost importance because some enterprises do not want to get stored their data at the location outside of their country. In this case an agreement is signed between the cloud provider and the consumer who want to store data at a particular location or server. Cloud model should ensure security and reliability of the location of the data. Data location of stored data on cloud is a very big issue from the point of view of clients trust and security of data. Location of data stored in cloud can be prioritized according to users wish or requirement. It will be defined by user which data of user is sensitive and non-sensitive. An interface should be 14
7 Data Security Issues in Cloud Computing provided to user during the data storage which contains the checks of data sensitivity level and store the data according to users data sensitivity wish . C. Data Confidentiality Cloud provides an environment to users where they can host their data. Unauthorized access to critical data of an enterprise can cause disaster. Therefore it is cloud providers responsibility to guarantee that data can be accessed by only legitimate user. Data confidentiality is achieved by encryption. Cloud provider should implement suitable authentication and accounting mechanism to achieve confidentiality and should assure cloud user that their data is safe and confidential. In june 2009 IBM proposed a fully homomorphic encryption scheme that supports arbitrary computations on encrypted data . In his paper Krishna P. N. Puttaswamy et al.  proposed a data confidentiality solution silverline, a set of techniques that calls for end-to-end encryption of data by its owner (the organization) and its consumers (the users). D. Data Leakage Although adoption of cloud computing is providing significant benefits to enterprises, but because of data leakage fear, they are holding back. Data leakage has become one of the major concerns from security standpoint. Cloud is an outside party where customers data is hosted, and it has potential to access customers data. Cloud environment provides resource sharing, so it seems to be risky to move data in hands of cloud provider. Data in cloud stored in a shared environment, so it could be hacked easily either due to malicious hacker attack or accidentally. To mitigate the effects of this problem a sensible data encryption technique should be used. Encryption should be performed at client side and user should have control over the keys used for decryption. Furthermore, encryption should not be performed at any intermediary place before transmission to cloud. E. Data Availability Another important concern of the cloud computing is availability of services. Data availability is a term used by some computer storage manufacturers and storage service providers (SSPs) to describe products and services that ensure that data continues to be available at a required level of performance in situations ranging from normal through disastrous. In general, data availability is achieved through redundancy involving where the data is stored and how it can be reached . The unavailability of data may lead to service outages. Incidents of such cloud outages include Amazon S3 (over seven-hour downtime on July 20, 2008) , Gmail (services unavailable for almost 1 hour on April 2012). Thus strong data recovery policies are required. Two increasingly popular approaches to providing data availability are the storage area network (SAN) and network-attached storage (NAS) . F. Backup Cloud provider should ensure that all of its clients data is backed up across multiple servers in multiple copies regularly to provide recovery in case of disaster like hardware failure. And to prevent accidental leakage of backed up data, a strong encryption scheme should be used. High Security Distribution and Rake Technology (HS-DRT), Parity Cloud Service Technique (PCS), and Cold and Hot Backup Service Replacement Strategy (CBSRS) are some backup and recovery techniques that have been developed in cloud domain . 15
8 OPEN JOURNAL OF MOBILE COMPUTING AND CLOUD COMPUTING 9. CONCLUSION In this paper we elucidate cloud computing and major security issues of cloud computing. By utilizing various facilities and services provided by cloud one can increase performance, agility and efficiency in addition to reduce cost and management responsibilities of an enterprise. Though there are lots of advantages of cloud, there are yet numerous challenges to be faced by cloud computing such as privacy issues and data security. In this paper we have tried to address most critical data security challenges of cloud. Many standard organizations such as National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA) and Cloud Computing Interoperability Forum (CCIF) are trying to develop standards to resolve various security issues of cloud. Cloud computing has the potential to provide a secure and economically viable IT solution in the future. References 16  K. R. C. Wang, Q. Wang and W. Lou, Ensuring data storage security in cloud computing, in Proc. 17th International Workshop on Quality of Service (IWQoS 09), pp. 1 9,  N. I. of Standards and Technology(NIST).  A. Reed, C. Rezek, and P. Simmonds, Security guidance for critical areas of focus in cloud computing v3. 0, Cloud Security Alliance,  M. K. F. H. Judith Hurwitz, Robin Bloor, Cloud computing for dummies, cloud-computing-standards-organizations.html.  J. Han, W. Susilo, and Y. Mu, Identity-based data storage in cloud computing, Future Generation Computer Systems, vol. 29, no. 3, pp ,  Z. Mahmood, Data location and security issues in cloud computing, in Emerging Intelligent Data and Web Technologies (EIDWT), 2011 International Conference on, pp , IEEE,  W. Liu, Research on cloud computing security problem and strategy, in Consumer Electronics, Communications and Networks (CECNet), nd International Conference on, pp , IEEE,  L. M. Kaufman, Data security in the world of cloud computing, Security & Privacy, IEEE, vol. 7, no. 4, pp ,  S. Subashini and V. Kavitha, A survey on security issues in service delivery models of cloud computing, Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1 11,  S. K. Sood, A combined approach to ensure data security in cloud computing, Journal of Network and Computer Applications, vol. 35, no. 6, pp ,  C. Cachin, I. Keidar, and A. Shraer, Trusting the cloud, Acm Sigact News, vol. 40, no. 2, pp ,  P. Kumar and H. S. Arri, Data location in cloud computing, International Journal for Science and Emerging Technologies with Latest Trends, vol. 5, no. 1, pp ,  IBM-Uncovers-Encryption-Scheme-That-Could-Improve-Cloud-Security, http: //www.eweek.com/c/a/security/ibm-uncovers-encryption-scheme-/ That-Could-Improve-Cloud-Security-Spam-Filtering  K. P. Puttaswamy, C. Kruegel, and B. Y. Zhao, Silverline: toward data confidentiality in storageintensive cloud applications, in Proceedings of the 2nd ACM Symposium on Cloud Computing, p. 10, 2011.
9 Data Security Issues in Cloud Computing   A. S. Team et al., Amazon s3 availability event: July 20, 2008, See: aws. amazon. com/s html,  K. Sharma and K. R. Singh, Online data back-up and disaster recovery techniques in cloud computing: A review, International Journal of Engineering and Innovative Technology (IJEIT), vol. 2, no. 5, pp ,
10 About This Journal MCCC is an open access journal published by Scientific Online Publishing. This journal focus on the following scopes (but not limited to): Autonomic Business Process and Workflow Management in Clouds Cloud Composition, Federation, Bridging and Bursting Cloud Computing Consulting Cloud Configuration, Performance and Capacity Management Cloud DevOps Cloud Game Design Cloud Migration Cloud Programming Models and Paradigms Cloud Provisioning Orchestration Cloud Quality Management and Service Level Agreement (SLA) Cloud Resource Virtualization and Composition Cloud Software Patch and License Management Cloud Workload Profiling and Deployment Control Cloud Video and Audio Applications Economic, Business and ROI Models for Cloud Computing Green Cloud Computing High Performance Cloud Computing Infrastructure, Platform, Application, Business, Social and Mobile Clouds Innovative Cloud Applications and Experiences Security, Privacy and Compliance Management for Public, Private and Hybrid Clouds Self-service Cloud Portal, Dashboard and Analytics Storage, Data and Analytics Clouds Welcome to submit your original manuscripts to us. For more information, please visit our website: You can click the bellows to follow us: Facebook: https://www.facebook.com/scipublish Twitter: https://twitter.com/scionlinepub LinkedIn: https://www.linkedin.com/company/scientific-online-publishing-usa Google+: https://google.com/+scipublishsop
11 SOP welcomes authors to contribute their research outcomes under the following rules: Although glad to publish all original and new research achievements, SOP can t bear any misbehavior: plagiarism, forgery or manipulation of experimental data. As an international publisher, SOP highly values different cultures and adopts cautious attitude towards religion, politics, race, war and ethics. SOP helps to propagate scientific results but shares no responsibility of any legal risks or harmful effects caused by article along with the authors. SOP maintains the strictest peer review, but holds a neutral attitude for all the published articles. SOP is an open platform, waiting for senior experts serving on the editorial boards to advance the progress of research together.