How To Secure Cloud Computing

Transcription

1 Volume 2, Issue 1, Jan - Feb, 2015 International Journal of Emerging Technology & Research ( ISSN (E): 2347 A New Trusted Security System For Cloud Computing Infrastructure K N V Satya Naresh,Divya Vani.Y Shri Vishnu Engineering College for Women Bhimavaram, Andhra Pradesh, India ISSN (E): ISSN (P): In today s era, cloud computing has captured the software market quite nicely. As the age growing cloud computing has become pure ubiquitous which has several services which contains a large infrastructure with large no of platforms and a lot of software. With all these things, here come the security issues because this freedom, dynamic platform and flexibility make it vulnerable to cyber attacks. Basically if we consider there are five main security concerns in cloud computing they are security myths about private cloud, lack of security visibility and risk awareness, security for storage, less secure apps and authentication and authorization. A lot of security techniques were developed for resolving these issues. Here in this paper we are doing survey on the techniques and propose a new model for cloud security system. 1. Introduction: Abstract: Today cloud computing is the most enticing technology due to vast growth in software and hardware resources. Many enterprises including from big to very small enterprises are willing to store and access services in cloud computing. As all work can be done easily without much burden, many users are willing and using services provided by cloud. Cloud computing provides storage facility, fast computing facility by doing computations parallel in distributed environment, reduces cost and burden of individuals. In this there are many advantages like storage, cost, computing in cloud but we can say a cloud computing is a good technology only if the services stored and accessed in cloud are secure, So security is the most challenging and important issue in cloud computing. We cannot use or just follow one strategy for resolving security issues in cloud computing as there are many security issues in cloud computing and these issues must be first analyzed, classified and should be solved by following different strategies. There are a lot of benefits with cloud computing but concentration should be on security issues while storing services in cloud by clients, accessing services by users, performing computations parallel in distributed environment and while using virtual machines in cloud. The main concerned security issues of today s market are people who are inheriting the private cloud thinks that there cloud are secure because they have built it inside it s firewall, but this is not the case it requires only bad apple to spoil the barrel. The second problem is companies lack security visibility and risk awareness. Of course it is a significant issue because lack of security visibility diminished inished the awareness of risk in a particular situation and also if the information is sensitive it needs a safer storage now the question is how safe that should totally depend on the data. Another problem with cloud security is there are a lot of apps coming in Copyright reserved by IJETR (Impact Factor: 0.997) 62

2 the market everyday as per the user requirement but they are not safe enough towards attacks and when we come to authentication and authorization, it should be more robust like every company should verify that whether the system works in the most secure and reliable way. These are the main security issues that we are facing now days. A lot of techniques are discussed here like divide and conquer at virtualization level. But we haven t achieved the security nirvana yet. So here we are proposing a new strategy which is based on the mechanism of security under human supervision. Our basic assumption is that whenever a system is facing a cyber attack it should act in its most normal way or we can say we are developing an agent based security system. This agent based security system supervises the network security system like a human monitoring system. Here some security issues are analyzed. Many users from different places involve in performing computations in cloud computing, the users will all share data, perform computations in parallel and aggregate result. While sharing data and performing computations parallel, users may leak data or values of computation or can do some malfunctions and by this the final result will be wrong. This is the one big security issue in cloud computing because of distrusted people. Cloud computing provide great storage facility but there are many security issues while storing data in cloud. If data we store is less, it can be managed easily but in cloud computing very large or vast amount of data is stored it is very difficult to manage this vast data, so data is stored in multiple layers in cloud. The user data that is stored in cloud must be confidential but it can be leaked by some users or attackers causing privacy issue for user data which is very dangerous. Data which is frequently used is stored in higher layers i.e. secure layers and data which is not frequently used is stored in lower layers i.e. insecure layers. But the data that is not frequently used contains some important information which can accessed easily by attackers as it is stored in lower layers where security is not that much provided. If the data is not stored properly in secured way unauthenticated or unauthorized people will access the information and create many problems.so all these storage issues should be solved by implementing appropriate techniques. Virtualization is one of the most important concept in cloud computing. The users can use the virtual machines and due to this virtualization many security problems like cross-vm attacks, data leaks and much vulnerability can be occurred and this security issued must be solved. As we mostly use NoSQL database in cloud computing more security problems will arise while using NoSQL database than using normal RDBMS and this security issues by NoSQL database in cloud must be solved. Data privacy is very important security issues in cloud. For this proper authentication, authorization and encryption mechanism must be used which allows resolving unnecessary privacy issues in cloud computing. While any user want to access the service provided by a cloud first proper safe connection should be established and as huge network is involved in accessing resource in cloud by client, many network problems may arise and all these issues should be solved. If safety connection is established than proxy user may request the resources or services of cloud, so proper identification and authorization is need to access services of cloud. If the user or client is not accessing the cloud without any authentication than user may access resources or services that should not be accessed.this may cause leakage of important data or information that should not viewed by users, which is a security problem for data stored in cloud, So all these security issues regarding storage of data in cloud must be solved. Copyright reserved by IJETR (Impact Factor: 0.997) 63

3 2. Literature Survey: In this we are perambulating some security issues that are existing in cloud like data privacy, data storage, parallel computing, NoSQL Databases issues etc and we percolated the solutions of different people for solving some security problems. Data Access and Privacy Issues: Cloud is very useful in providing services via internet, many users will access the services provided by cloud but among these users some may corrupt the data or leak the data or attack the resources of the cloud that access cloud through a network [3,6,7]. Because of this proper access control should be involved while user accessing the cloud. While accessing the services of cloud, first the client should request for the service and then safe connection should be established between client and front end server with the support of data security transfer module. After the connection establishment, the app server should identify and authorize the client by receiving the client request. After users identification and authorization of the client relevant application program is used by app server to process the request under the restriction of sandbox isolation module. This sandbox isolation module is useful for protecting applications confidentiality and integrity that is deployed in platform. If in the memory cache data is stored, app server uses the data directly otherwise data is obtained from the data memory securely with the help of data security storage module. Relevant HTML page is submitted to the user by processing the data collected by app server. If any abnormal situation occurs during the above process log audit module is helpful in sending alert messages and perform preventive measures by continuously monitoring. For the data that is kept by client in the cloud to be secure both at cloud side provider and client side, key management should be done and also intrusion detection and intrusion prevention must be deployed by the server logs. For avoidance of information leakage at client and service provider must use shared key [4]. Users who want to access data must be authenticated by not only user id and password but also digital ids, Policy based framework and XACML access control languages should be used for control access of data to provide security [5]. For data security a fully homomorphism encryption method is implemented by using IBM and without decryption data can be processed in this scheme. To provide data security effectively encryption methods like key-based encryption and lazy re-encryption can be used combined [8]. A cryptographic approach called cloud HKA can be used for access control in cloud computing which provides data security [9] Data Storage Issues: In cloud computing through multiple tier storage media data and transaction logs are stored. Even data is moving between tiers the IT manager can control what, where and when data is moved. But in cloud computing as the data size exponentially grows and to manage the data, auto-tiring is used for big data storage and auto-tiring imposes new challenges to security issues in data storage as information about data where the data is stored is not maintained in auto-tiring. In auto-tier system the data which is frequently used is kept in upper layers which are secure and the data which is not frequently used is kept in lower layer which is insecure layer. Even though lower layers data is not frequently used, it may consist of significant information. The significant information that is in lower layer is insecure because lower layer is provided with low security. Similarly confidentiality, integrity, provenance, consistency, Copyright reserved by IJETR (Impact Factor: 0.997) 64

4 collusion attacks, rollback attacks, disputes are all possible attacks in auto-tier storage system [16,7 ]. To store data securely in private cloud security layer is used which is in between session layer and transport layer. So at the server end by using some authentication protocols data is secured if client transfers data. A security algorithm is used when client want keep data in the cloud based on the document privacy level. Strong security algorithm can be used if it wants more security. The security server will save the document in the database by providing security [17]. Another architecture which is having XACML policy builder and evaluator can be used for secure storage of data [18]. As third party is involved in storing and accessing the services provided by cloud between client and cloud service provider RSA algorithm can be used for data security where client can encrypt and decrypt and SHA-512 can be used to create message digest [19]. Open CA public key Infrastructure, data partitioning approach, public audit ability can be implemented which potentially increases security in storing data in cloud [22, 21] Issues in Computations of Cloud Computing: As cloud computing is a distributed environment, distributed parallel computations are performed for storing data and this data which can be used by users [15]. Malfunctioning compute worker nodes, infrastructure attacks, rouge data nodes all these comes to security issues in the parallel computation of cloud computing distributed environment. For example consider a map reduce framework which is used in cloud computing where we map divide the computations to the mappers. In the first step the mappers produce key or value. In the second step, the reducers collect the values, produced by mappers and combine them by outputting the result [10,11,12]. But because of faulty node in network or incorrect ion configuration the workers could malfunction or leak the data. The worker who malfunctions will give wrong values finally when values are aggregated. The users profile can be modified or can be leaked by the workers. The worker may compromise and tap the information of the other workers and leak the information which may create malfunction the computations. Some data nodes in network receive replicate data and may also deliver the data by altering which finally gives wrong result when data is aggregated [20]. All these above issues are security issues in performing computations in cloud computing. This security issues can be solved in two ways i.e. by ensuring trust worthiness of workers and despite of the distrusted workers securing the data [13]. The trust worthiness of employees can be ensured by either trust establishment or mandatory access control. Trust can be established by authenticating the workers by the master and after the initial authentication the workers are checked periodically. By a predefined security policy Mac Account ensures access to the files but Mac cannot prevent data leakage from the mapper so data-de identification techniques used and it is the notion of differential privacy [14]. 2.4 NoSql Database Issues: NoSql databases are mostly used in cloud computing which used in cloud computing which we is good for analyzing data but security becomes a major problem in NoSql databases than RDBMS. Application developers have to be aware of security vulnerabilities when using NoSql data stores. Illegal access to data, weak authentication, insecure communication, Insufficient and ineffective input validations are vulnerabilities that should be aware while using NoSql data base[2]. Sometimes the ACID properties of RDBMS are also not satisfied and should be notified by all these issues when using NoSql databases. In RDBMS Virtual private database provides built in security but there is no tool found for providing security for NoSql databases, however creating new namespace can be used to offer Copyright reserved by IJETR (Impact Factor: 0.997) 65

5 security in the NoSql world. Authentication acess control and authorization can be supported in NoSql databases by using middle software. The JAAS framework, Apache Shiro framework, J2EE framework can provide security. Additionally HTTP as a transport in NoSql clusters can provide security in the middle way by validating on proxy servers as well as load-balancers. The current best approach is at the middle ware level we need to place security. For security purpose porting Hadoop to windows and to cloud Azure are been intended by Microsoft. 2.5Multi cloud Data Base Model for Security: Multi cloud data base model provides data security effectively than using single cloud service provider[1]. In multi cloud data base model user interface, HTTP server, Servlet engine, Data source (DBMS) and Cloud Service Providers with data storage are used for storing and managing data securely. The client can send a query via user interface and through HTTP request to web browser. HTTP Server plays vital role in managing communication between the application and browser. Through an application request HTTP Server user will send query to Servlet engine. Communication between Servlet engine and Data Source (DBMS) can be done via JDBC protocol. When query is passed to DBMS, DBMS process the query and collect the data from different data stores of cloud service providers. The result is passed back to HTTP Server when servlet engine is return with result to DBMS and then the user interface get result from HTTP Server. In this model there is data flow between DBMS and multi cloud provider where the DBMS store the data in each cloud service providers by dividing data into shares. If the client wants to store data in cloud DBMS generates a random polynomial function so that the data can be hidden from the distrusted user. Whenever query is arrived at the data source then data source rewrites the query for each cloud service provider and from each cloud service provider, data store relevant share is retrieved. This is secret sharing method in multi cloud service provider model which gives better security in storing and accessing data than single cloud service[1]. 3. Proposed Work: We are working here on developing a self healing cloud security system. Generally cyber attack causes the close down of the whole system whether it is a personalized computer, a business enterprise, a company or a cloud framework which is actually fatal. So here our aim is to build a smart, self handling and self healing cloud computing infrastructure which can actually work under a cyber attack. Now we will see how the system works. The system monitors the cloud computing infrastructure in normal situations and then maintains a graph in each in every situation with respect to the load. Then it calculates how the system should look and function under normal situations. Fig no 1 Graph Database Copyright reserved by IJETR (Impact Factor: 0.997) 66

6 This system proposes a model which tries to conserve the cloud infrastructure in the case of cyber attack. The portion which has been attacked only that will crash, rest of the system will work as naturally as it can. Generally human intervention is necessary for monitoring the performance of a system that s why we call it an agent based security system. Just like human body can interpret whether the system is working normally or not, this system helps the cloud infrastructure to work properly and preserve the system. Whenever a malicious attack happens the system recognizes by seeing the graph that something out of ordinary has happened and it tries to keep the system in normal mode as far as possible. 4. Design and architecture: The proposed architecture as we have already discussed works on the principle of human monitoring system. Where cloud is safe, we are not touching the cloud infrastructure we are just attaching an additional system which will observe, analyze and maintain the performance of the system. The architecture for the discussed process is given below. Fig no. 2 Proposed Architecture Here we can see that the system observes the performance of cloud infrastructure and construct a table and converts the data from tabular form to graph data and maintain a graph database and whenever a cyber attack is happened, it tries to keep the performance as according to the graph. In short it tries to keep the cloud performance as normal as possible. 5. Conclusion and Future Work: Cloud security gained attention now days because of the increasing usage of cloud computing in various areas. A lot of models have been proposed for increasing the security and developing the trust. But those were not suitable in Copyright reserved by IJETR (Impact Factor: 0.997) 67

7 the new generation of cloud computing as well as in the new generation of cyber attacks. So here we proposed a model which will keep the system trusted and in normal working pace. This system can also been further enhanced in multi cloud. This application can be used in health management, business management and E-commerce. References: [1] Ben Soh, Eric Pardede, Mohammed A. AlZain: MCDB: Using Multi-Clouds to Ensure Security in Cloud Computing, 2011 Ninth IEEE International Conference on Dependable Autonomic and Secure computing. [2] Xu Xiaoping, Yan Junhu: Research on Cloud Computing Security Platform, 2012 Fourth International Conference on Computational and Information Science. [3] Mike Hogan: Database Virtualization and the Cloud, Cloud databases, white paper December [4] Hyo-Jin Shin, Young-Hwan Bang, Young-Gi Min: Cloud Computing Security Issues and Access Control Solution, Journal of Security Engineering,2012. [5] Lokendra Singh Umrao, Subhash Chandra Patel, Dr. Ravi Shankar Singh : Policy-based Framework for Access Control in Cloud Computing,International Conference on Recent Trends in Engineering & Technology (ICRTET2012). [6] Deyan Chen, Hong Zhao: Data Security and Privacy Protection Issues in Cloud Computing, 2012 International Conference on Computer Science and Electronics Engineering. [7] UttamThakore: Survey of Security Issues in Cloud Computing, University of Florid, Journal of Undergraduate Research. [8] Cong Wang, KuiRen, Shucheng Yu and Wenjing Lou: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. [9] Cheng-Kang Chu2, Jianying Zhou, Wen-Guey Tzeng3 and Yi-Ruei Chen1: CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing,11 th International conference on cryptography and network security. [10] Yang Xiao and ZhifengXiao: Accountable Map Reduce in Cloud Computing, The first international conference on security in computers, networking and communication. [11] Ahmed bendahmane, Ahmed el moussaoui, Ali youne Mohammad essaaidi: A New Mechanism to Ensure Integrity for MapReduce in Cloud Computing. [12] Ahmed bendahmane, Ahmed el moussaoui, Ali youne Mohammad essaaidi: Result Verification Mechanism for Map Reduce Computation Integrity in Cloud Computing,IEEE [13] Jing Deng, Julia H. Deng, Scott C.-H. Huang, Yunghsiang S. Han: Fault-Tolerant and Reliable Computation in Cloud Computing, IEEE Globecom 2010 Workshop on Web and Pervasive Security. Copyright reserved by IJETR (Impact Factor: 0.997) 68

8 [14] Cong Wang, Jia Wang, KuiRen: Secure and Practical Outsourcing of Linear Programming in Cloud Computing, IEEE TRANSACTIONS ON CLOUD COMPUTING April 10-15, [15] SashankDara: Cryptography Challenges for Computational Privacy in Public. [16] Compuqup technologies : Cloud Storage The Issues and Benefits, white paper. [17] PradnyeshBhisikar: Security in Data Storage and Transmission in Cloud Computing, International Journal of Advanced Research in Computer Science and Software Engineering. [18] Anuj Gupta, BhavaniThuraisingham, LatifurKhan,, Murat Kantarcioglu, Vaibhav Khadilkar,: Secure Data Storage and Retrieval in the Cloud. [19] AbhishekMohta, Lalit Kumar Awasthi, Ravi Kant Sahu: Robust Data Security for Cloud while using Third Party Auditor, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 2, Issue 2, February [20] G.Sireesha, P.Radha Krishna Reddy, S.Pavan Kumar Reddy and U.Seshadri: The Security Issues of Cloud Computing Over Normal & IT Sector, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 2, Issue 3, March [21] FarokhBastani, I-Ling Yen, Liangliang Xiao, Yunqi Ye: Cloud Storage Design Based on Hybrid of Replication and Data Partitioning, th international conference on Parallel and Distributed Systems. [22] Cong Wang, Jin Li, KuiRen, Qian Wang, Wenjing Lou : Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing, IEEE Transactions On Parallel And Distributed Systems, VOL. 22, NO. 5, MAY Copyright reserved by IJETR (Impact Factor: 0.997) 69