Abstract. 1. Introduction

Transcription

1 Asia-pacific Journal of Multimedia Services Convergence with Art, Humanities and Sociology Vol.2, No.2 (2012), pp Byeong Ho Knag 1), Tai-hoon Kim 2) Abstract Ensuring the security of cloud computing is a major factor in the cloud computing environment which has many benefits in terms of low cost and accessibility of data, as users often store sensitive information with cloud storage providers, unaware that these providers may be compromised. Dealing with single cloud providers is predicted to become less popular with customers due to risks of service availability failure and the possibility of malicious insiders in the single cloud. A movement towards multi-clouds or in other words, inter clouds or cloud-of-clouds has emerged recently and a system that employs Byzantine protocol for secret sharing has been constructed. We aim to equip Depsky framework to supply a secure cloud database that will guarantee to prevent security risks facing the cloud computing community. In relation to data intrusion and data integrity, like depsky we distribute the data and metadata into different cloud providers, and we apply the Software-as-a-Service (SaaS) on the stored data in the cloud provider. Instead of using plain secret sharing using public key ciphers we employ Software-as-a-Service (SaaS). Hence, replicating data into multi-clouds by using a multi-share technique may reduce the risk of data intrusion and increase data integrity. This work aims to promote the use of multi-clouds due to its ability to reduce security risks that affect the cloud computing user. Keywords : Cloud computing, single cloud, multi-clouds, dep sky architecture, Software-as-a-Service. 1. Introduction Cloud computing is computing that includes a large number of computers associated through a communication network such as the Internet, similar to utility computing [4]. In science, cloud computing is a synonym for distributed computing over a network, and means the ability to run a program or application on many connected computers at the same time. Network-based services, which appear to be delivered by real server hardware and are in fact served up by virtual hardware simulated by software running on one or more real machines, is often called cloud computing. Such simulated servers do not physically exist and can therefore be relocated around and scaled up or down on the fly without disturbing the end user, somewhat like a cloud Received(September 28, 2012), Review request(september 29, 2012), Review Result(1st: October 14, 2012) Accepted(December 31, 2012) ISSN: AJMSCAHS Copyright 2012 SERSC 87

2 becoming larger or smaller without being a physical object [3]. In common usage, the term "the cloud" is fundamentally a metaphor for the Internet [5]. Marketers have further made popular the phrase "in the cloud" to refer to software, platforms and infrastructure that are sold "as a service", i.e. remotely through the Internet. Typically, the seller has actual energy-consuming servers which host products and services from a remote location, so end-users don't have to; they can simply log on to the network without installing anything. The major models of cloud computing service are known as software as a service, platform as a service, and infrastructure as a service [3]. Cloud computing relies on sharing of resources to achieve coherence and economies of scale, similar to a utility (like the electricity grid) over a network [6]. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. The cloud also focuses on maximizing the effectiveness of the shared resources. Cloud resources are usually not only shared by multiple users but are also dynamically reallocated per demand. This can work for allocating resources to users. Security in cloud computing: As cloud computing is achieving increased popularity, concerns are being voiced about the security issues introduced through adoption of this new model [4][7]. The effectiveness and efficiency of traditional protection mechanisms are being reconsidered as the characteristics of this innovative deployment model can differ widely from those of traditional architectures [8]. An alternative perspective on the topic of cloud security is that this is but another, although quite broad, case of "applied security" and that similar security principles that apply in shared multi-user mainframe security models apply with cloud security [9]. Cloud computing offers many benefits, but is vulnerable to threats. As cloud computing uses increase, it is likely that more criminals find new ways to exploit system vulnerabilities. Many underlying challenges and risks in cloud computing increase the threat of data compromise. To mitigate the threat, cloud computing stakeholders should invest heavily in risk assessment to ensure that the system encrypts to protect data, establishes trusted foundation to secure the platform and infrastructure, and builds higher assurance into auditing to strengthen compliance. Security concerns must be addressed to maintain trust in cloud computing technology. 2. Related work H. Abu-Libdeh [11] stated that the increasing popularity of cloud storage is leading organizations to consider moving data out of their own data centers and into the cloud. As it became very expensive to switch storage providers a case for applying RAID-like techniques used by disks and file systems, but at the cloud storage level reduce the cost of switching providers, and better tolerate provider outages or failures. So we introduce RACS, to overcome the drawbacks in the existing system. 88 Copyright 2012 SERSC

3 Asia-pacific Journal of Multimedia Services Convergence with Art, Humanities and Sociology Vol.2, No.2 (2012) G. Ateniese[10] stated that introducing a model for provable data possession (PDP) that allows a client that has stored data at an untrusted server to verify that the server possesses the original data And there will be a drastic change in I/O costs So, they presented two provably-secure PDP schemes that are more efficient than previous solutions. H. Abu-Libdeh stated that by introducing HAIL a distributed cryptographic system that permits a set of servers to prove to a client that a stored file is intact and retrievable. So, author introduced a strong, formal adversarial model for HAIL, and rigorous analysis and parameter choices to overcome the drawbacks in the esisting system. C. Cachin in his paper stated that there is a problem of efficient distributed storage of information in a message-passing environment where both less than one third of the servers, So to overcome these problem author introduced first implementation of non-skipping timestamps which provides optimal resilience and withstands Byzantine clients; it is based on threshold cryptography. KuiRen Stated in his paper cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. So to overcome the drawbacks author used a flexible distributed storage integrity auditing mechanism, utilizing the homomorphic token and distributed erasure-coded data. 3. Existing System Multi-Clouds: Preliminary: The term multi-clouds is similar to the terms inter clouds or cloud-of-clouds. These terms suggest that cloud computing should not end with a single cloud. Using their illustration, a cloudy sky incorporates different colors and shapes of clouds which lead to different implementations and administrative domains. Recent research has focused on the multi-cloud environment which control several clouds and avoids dependency on any one individual cloud. Identify two layers in the multi-cloud environment: the bottom layer is the inner-cloud, while the second layer is the inter-cloud. In the inter cloud, the Byzantine fault tolerance finds its place. We will first summarize the previous Byzantine protocols over the last three decades. Byzantine Protocols In cloud computing, any faults in software or hardware are known as Byzantine faults that usually relate to inappropriate behavior and intrusion tolerance. In addition, it also includes arbitrary and crash faults. Much research has been dedicated to Byzantine fault tolerance (BFT) since its first introduction. Although BFT research has received a great deal of attention, it still suffers from the limitations of practical adoption and remains peripheral in distributed systems. The relationship between BFT and cloud computing has been ISSN: AJMSCAHS Copyright 2012 SERSC 89

4 investigated, and many argue that in the last few years, it has been considered one of the major roles of the distributed system agenda. Furthermore, many describe BFT as being of only purely academic interest for a cloud service. This lack of interest in BFT is quite different to the level of interest shown in the mechanisms for tolerating crash faults that are used in large-scale systems. Multi-Clouds Model: This will explain the recent work that has been done in the area of multi-clouds. Present a virtual storage cloud system called DepSky which consists of a combination of different clouds to build a cloud-of-clouds. The DepSky system addresses the availability and the confidentiality of data in their storage system by using multi-cloud providers, combining Byzantine quorum system protocols, cryptographic secret sharing and erasure codes. DepSky Architecture: The DepSky architecture consists of four cloud sand each cloud uses its own particular interface. The DepSky algorithm exists in the clients machines as a software library to communicate with each cloud. These four clouds are storage clouds, so there are no codes to be executed. The DepSky library permits reading and writing operations with the storage clouds. [Fig. 1] DepSky Architecture DepSky Data model: As the DepSky system deals with different cloud providers, the DepSky library deals with different cloud interface providers and consequently, the data format is accepted by each cloud. The DepSky data model consists of three abstraction levels: the conceptual data unit, a generic data unit, and the data unit implementation. 90 Copyright 2012 SERSC

5 Asia-pacific Journal of Multimedia Services Convergence with Art, Humanities and Sociology Vol.2, No.2 (2012) DepSKy System model: The DepSky system model contains three parts: readers, writers, and four cloud storage providers, where readers and writers are the client s tasks. Explain the difference between readers and writers for cloud storage. Readers can fail arbitrarily (for example, they can fail by crashing, they can fail from time to time and then display any behavior) whereas, writers only fail by crashing. Cloud storage providers in the DepSky system model: The Byzantine protocols involve a set of storage clouds (n) where n = 3 f +1, and f is maximum number of clouds which could be faulty. In addition, any subset of (n f) storage cloud creates byzantine quorum protocols. 4. Proposed system Software as a service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted on the cloud by independent software vendors (ISVs) or application service providers (ASPs). It is sometimes referred to as "service(s) as a software substitute" (SaaSS) or "on-demand software. SaaS is typically accessed by users using a thin client via a web browser. SaaS applications similarly support what is traditionally known as application customization. In other words, like traditional enterprise software, a single customer can alter the set of configuration options (a.k.a., parameters) that affect its functionality and look-and-feel. Each customer may have its own settings (or: parameter values) for the configuration options. The application can be customized to the degree it was designed for based on a set of predefined configuration options. SaaS applications are often updated more frequently than traditional software [17], in many cases on a weekly or monthly basis. This is enabled by several factors: The application is hosted centrally, so an update is decided and executed by the provider, not by customers. The application only has a single configuration, making development testing faster. The application vendor has access to all customer data, expediting design and regression testing. The solution provider has access to user behavior within the application (usually via web analytics), making it easier to identify areas worthy of improvement. 5. Experimental Results In our results we mainly show that there is vast difference in security provided by existing approach and ISSN: AJMSCAHS Copyright 2012 SERSC 91

6 proposed system. [Fig. 2] Graph showing the difference between two approaches Here in the above graph we will be observing that our proposed approach will be giving high security when compared native approach. We will be taking different stages that will be occurring in cloud computing while transferring the data from one system to other. We show that in each stage we will observing that proposed system will be giving high security. 6. Conclusion We aim to provide a framework to supply a secure cloud database that will guarantee to prevent security risks facing the cloud computing community. This framework will apply multi-clouds and the secret sharing algorithm to reduce the risk of data intrusion and the loss of service availability in the cloud and ensure data integrity. In relation to data intrusion and data integrity, like depsky we distribute the data and metadata into different cloud providers, and we apply the secret sharing algorithm on the stored data in the cloud provider. Instead of using plain secret sharing using public key ciphers we employ Software as a service. An intruder needs to retrieve at least three values to be able to find out the real value that we want to hide from the intruder. This depends on Software as a service with a polynomial function technique which claims that even with full knowledge of (k 1) clouds, the service provider will not have any knowledge of vs (vs is the secret value). In other words, hackers need to retrieve all the information from the cloud providers to know the real value of the data in the cloud. Therefore, if the attacker hacked one cloud provider s password or even two cloud provider s passwords, they still need to hack the third cloud provider (in the case where k = 3) to know the secret which is the worst case scenario. Hence, replicating data into multi-clouds by using a multi-share technique may reduce the risk of data intrusion and increase data integrity. 92 Copyright 2012 SERSC

7 Asia-pacific Journal of Multimedia Services Convergence with Art, Humanities and Sociology Vol.2, No.2 (2012) References [1] M. A. AlZain, E. Pardede, B. Soh and J. A. Thom, Cloud Computing Security: From Single to Multi-Clouds. [2] Shamir s secret sharing from Wikipedia. [3] Cloud computing from wimkipedia. [4] I. Ivanov, Securing Virtual and Cloud Environments. [5] NetLingo, Cloud Computing entry. [6] National Institute of Standards and Technology, The NIST Definition of Cloud Computing. [7] M. Carroll, P. Kotzé and A. van der Merwe, Secure virtualization: benefits, risks and constraints, (2011). [8] Zissis, Dimitrios and Lekkas Addressing cloud computing security issues, (2010). [9] Waltham, Securing the Cloud: Cloud Computer Security Techniques and Tactics. [10] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L.Kissner, Z. Peterson and D. Song, Provable data possession at untrusted stores. [11] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, RACS: a case for cloud storage diversity, [12] S. Chan, S. Lau slau and A. Wong, One Time Password Authentication for Open High Performance Computing Environments. ISSN: AJMSCAHS Copyright 2012 SERSC 93

8 94 Copyright 2012 SERSC