Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation.

Transcription

1 An Secure Data Storage Multi Cloud Architecture Mr. Gajendrasing Chandel, Mr.Rajkumar R. Yadav Assistant Professor, Student M.Tech 2 nd Year Computer Science & Engineering, SSSIST, Sehor ABSTRACT In recent years use of Cloud computing in different mode like cloud storage, cloud hosting, cloud servers are increased in industries and other organization as per requirements. While considering the power, stability and the security of cloud one can t ignore different threats to user s data on cloud storage. Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and un-trusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Malicious user at cloud storage is become most difficult attacks to stop. In proposed system we are implementing the concept of multiple cloud storage along with enhanced security using encryption techniques where rather storing complete file on single cloud system will split the file in different chunks then encrypt and store it on different cloud and the meta data required for decrypting and rearranging a file will be stored in metadata management server. Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation. I. INTRODUCTION Traditionally, having a monolithic system run across multiple computers meant splitting the system into separate client and server components. In such systems, the client component handled the user interface and the server provided back-end processing, such as database access, printing, and so on. As computers proliferated, dropped in cost, and became connected by ever-higher bandwidth networks, splitting software systems into multiple components became more convenient, with each component running on a different computer and performing a specialized function. This approach simplified development, management, administration, and often improved performance and robustness, since failure in one computer did not necessarily disable the entire system. Cloud computing is a general term for anything that involves delivering hosted services over the internet. Cloud computing enables companies to consume compute resources as a utility just like electricity rather than having to build and maintain computing infrastructures in-house. Simply cloud computing offers the delivery of on-demand computing resources everything from applications to data centers over the Internet on a pay-for-use basis. Cloud offers three types of services as they are IasS, PasS, SasS. Cloud provides all this services virtually, So we can say that cloud is an virtual environment , IJAFRSE All Rights Reserved

2 In many cases the system appears to the client as an opaque cloud that performs the necessary operations, even though the distributed system is composed of individual nodes, as illustrated in the following figure. Figure 1. Distributed System The opacity of the cloud is maintained because computing operations are invoked on behalf of the client. As such, clients can locate a computer (a node) ) within the cloud and request a given operation; in performing the operation, that computer can invoke functionality on other computers within the cloud without exposing the additional steps, or the computer on which they were carried out, to the client. With this paradigm, the mechanics of a distributed, cloud-like like system can be broken down into many individual packet exchanges, or conversations between individual nodes. Traditional client-server systems have two nodes with fixed roles and responsibilities. Modern-distributed distributed systems can have more than two nodes, and their roles are often dynamic. In one conversation a node can be a client, while in another conversation the node can be the server. In many cases, the ultimate consumer of the exposed functionality is a client with a user sitting at a keyboard, watching the output. In other cases the distributed system functions unattended, performing background operations. The distributed system may not have dedicated clients and servers for each particular packet exchange, but it is important to remember there is a caller, (or initiator, either of which is often referred to as the client). There is also the recipient of the call (often referred to as the server). It is not necessary to have two-way way packet exchanges in the request-reply reply format of a distributed system; often messages are sent only one way. As use of cloud computing is growing rapidly in every for m of organization, to provide security to the data in cloud computing is the main issue to deal with.[13] Some security issues like data loss and malicious insiders are reasons to fear for customers using cloud computing services. In a cloud , IJAFRSE All Rights Reserved

3 computing environment, individuals and businesses work with applications and data stored and/or maintained on shared machines in a internet environment rather than physically located in the home of a user or as corporate [13] environment. Vulnerabilities in a particular cloud service or cloud computing environment can potentially be exploited by criminals and actors with malicious intent [14]. II. LITERATURE SURVEY Cloud computing creates a large number of security issues and challenges. A list of security threats to cloud computing is presented in [6]. These issues range from the required trust in the cloud provider and attacks on cloud interfaces to misusing the cloud services for attacks on other systems. The main problem that the cloud computing paradigm implicitly contains is that of secure outsourcing of sensitive as well as business-critical data and processes. When considering using a cloud service, the user must be aware of the fact that all data given to the cloud provider leave the own control and protection sphere. Even more, if deploying data-processing applications to the cloud (via IaaS or PaaS), a cloud provider gains full control on these processes. Hence, a strong trust relationship between the cloud provider and the cloud user is considered a general prerequisite in cloud computing. Depending on the political context this trust may touch legal obligations. For instance, Italian legislation requires that government data of Italian citizens, if collected by official agencies, have to remain within Italy. Thus, using a cloud provider from outside of Italy for realizing an e-government service provided to Italian citizens would immediately violate this obligation. Hence, the cloud users must trust the cloud provider hosting their data within the borders of the country and never copying them to an off-country location nor providing access to the data to entities from abroad. An attacker that has access to the cloud storage component is able to take snapshots or alter data in the storage this might be done once, multiple times, or continuously. An attacker that also has access to the processing logic of the cloud can also modify the functions and their input and output data. Even though in the majority of cases it may be legitimate to assume a cloud provider to be honest and handling the customers affairs in a respectful and responsible manner, there still remains a risk of malicious employees of the cloud provider, successful attacks and compromisation by third parties, or of actions ordered by a subpoena. In [7], an overview of security flaws and attacks on cloud infrastructures is given. Some examples and more recent advances are briefly discussed in the following. Ristenpart et al. [8] presented some attack techniques for the virtualization of the Amazon EC2 IaaS service. In their approach, the attacker allocates new virtual machines until one runs on the same physical machine as the victim s machine. Then, the attacker can perform cross-vm side channel attacks , IJAFRSE All Rights Reserved

4 to learn or modify the victim s data. The authors present strategies to reach the desired victim machine with a high probability, and show how to exploit this position for extracting confidential data, e.g., a cryptographic key, from the victim s VM. Finally, they propose the usage of blinding techniques to fend cross-vm side-channel attacks. In [10], a flaw in the management interface of Amazon s EC2 was found. The SOAP-based interface uses XML Signature as defined in WS-Security Security for integrity protection and authenticity verification. Gruschka and Iacono [10] discovered that the EC2 implementation for signature verification is vulnerable to the Signature Wrapping Attack. In this attack, the attacker who eavesdropped a legitimate request message can add a second arbitrary operation to the message while keeping the original signature. Due to the flaw in the EC2 framework, the modification of the message is not detected and the injected operation is executed on behalf of the legitimate user and billed to the victim s account. A major incident in a SaaS cloud happened in 2009 with Google Docs. Google Docs allows users to edit documents online and share these documents with other users. However, this system had the following flaw: Once a document was shared with anyone, it was accessible for everyone the document owner has ever shared documents with before. For this technical glitch, not even any criminal intent was required to get unauthorized access to confidential data. Recent attacks have demonstrated that cloud systems of major cloud providers may contain severe security flaws in different types of clouds (see [12], [10]).As can be seen from this review of the related work on cloud system attacks, the cloud computing paradigm contains an implicit threat of working in a compromised cloud system. If an attacker is able to infiltrate the cloud system itself, all data and all processes of all users operating on that cloud system may become subject to malicious actions in an avalanche manner. Hence, the cloud computing paradigm requires an in-depth reconsideration on what security requirements might be affected by such an exploitation incident. For the common case of a single cloud provider hosting and processing all of its user s data, an intrusion would immediately affect all security requirements: Accessibility, integrity, and confidentiality of data and processes may become violated, and further malicious actions may be performed on behalf of the cloud user s identity. These cloud security issues and challenges triggered a lot of research activities, resulting in a quantity of proposals targeting the various cloud security threats. Alongside with these security issues, the cloud paradigm comes with a new set of unique features that open the path toward novel security approaches, techniques, and architectures. One promising concept makes use of multiple distinct clouds simultaneously. Cloud computing data security refers to the set of procedures, processes and standards designed to provide information security of data in a cloud computing environment. Cloud computing data security , IJAFRSE All Rights Reserved

5 addresses both physical and logical security issues across all the different service models and delivery models. While data of the customer need to be secured in cloud, both the data backup and data recovery methods should be efficient. The data recovery and backup process has various successful techniques. The techniques are lagging behind some critical issues like implementation of complexity, low cost, security and time related issues presented in [1]. III. PROBLEM IDENTIFICATION & PROPOSED METHODOLOGY There are different architectural patterns for distributing resources to multiple cloud providers. This model is used to discuss the security benefits and also to classify existing approaches. In proposed model system distinguish the following four architectural patterns. Replication of Applications allows to receive multiple results from one operation performed in distinct clouds and to compare them within the own premise. This enables the user to get evidence on the integrity of the result. Partition of Application System into Tiers allows separating the logic from the data. This gives additional protection against data leakage due to flaws in the application logic. Partition of Application Logic into Fragments allows distributing the application logic to distinct clouds. This has two benefits. First, no cloud provider learns the complete application logic. Second, no cloud provider learns the overall calculated result of the application. Thus, this leads to data and application confidentiality. Partition of Application Data into Fragments allows distributing fine-grained fragments of the data to distinct clouds. None of the involved cloud providers gains access to all the data, which safeguards the data s confidentiality. Each of the introduced architectural patterns provides individual idual security merits, which map to different application scenarios and their security needs. Obviously, the patterns can be combined resulting in combined security merits, but also in higher deployment and runtime effort. The following sections present the four patterns in more detail and investigate their merits and flaws with respect to the stated security requirements under the assumption of one or more compromised cloud systems. IV. PROPOSED WORK: In proposed system we are implementing the concept of multiple cloud storage along with enhanced security using encryption techniques where we Split the file in different chunks then encrypt and store it , IJAFRSE All Rights Reserved

6 on different cloud. Meta data required for decrypting and rearranging a file will be stored in metadata management server. Developer Interface / SaaS Web Server CLOUD BASED FILE SYSTEM / PaaS Proprietary File System Proprietary File System Proprietary File System Cloud A Cloud B Cloud C Figure 2 System Architecture. Setting up and configuring different cloud server in order to having storage cloud access Using cloud server API develop file accessing method in different cloud. Developing encryption techniques like AES, RSA for file decryption before storing it on cloud. Develop a file management classes in dot net. Develop a web interface to upload and download files in cloud storage. Development Phase File encryption technique design. Remote file split and storing module. Remote file clubbing module. File management module User web access module. V. EXPECTED OUTCOME AND FUTURE WORK: A web portal which let the user manage his data and the managed data should be splitter over the multiple cloud drive as a chunk of file along with encryption. Proposed system will be tested and demonstrate over a local network or on live storage cloud server. VI. CONCLUSION: , IJAFRSE All Rights Reserved

7 By implementing the cloud based storage it solve many business secure and safe storage issues. But on the other side many expert state that it is more risky to put the data over single cloud as it increase the malicious user attack possibilities so it is the responsibility of a good cloud service provider to ensure secure storage of data on the cloud to his customer. We are trying to provide two way security to the data by encrypting the data and by storing data on the multiple servers. Also, the responsibility of storing the sensitive e data about the user accounts is taken by different central server (CSP), which will help in securing the data from attacks hence by designing the proposed system we are extending the storage cloud security by distributing and encrypting the data. VII. REFERENCES [1] M. Sugumaran, BalaMurugan. B, D. Kamalraj, An Architecture for Data Security in Cloud Computing, Proc. IEEE Int l Conf. Web Services (WCCCT ), [2] Chirag and et al, "A Survey on Security issues and Solutions at different layers of Cloud computing", Springer Science Business Media, [3] Asha.D and R.Chitra, "Securing cloud from ddos attacks using intrusion detection system", JREAT International Journal of Research in Engineering & Advanced Technology, Vol 1, No.1, pp.1-6, [4] F. Gens, IT Cloud Services User Survey, pt.2: Top Benefits & Challenges, Blog post on IDC Survey, [Online]. Available: [5] P. Malinverno, Cloud computing in europe, Gartner Application Architecture, Development & Integration Summit,, June [Online]. Available: [6] D. Hubbard and M. Sutton, Top Threats to Cloud Computing V1.0, Cloud Security Alliance, [7] M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, On Technical Security Issues in Cloud Computing, Proc. IEEE Int l Conf. Cloud Computing (CLOUD-II), [8] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Proc. 16th ACM Conf. Computer and Comm. Security (CCS 09), pp , [9] Y. Zhang, A. Juels, M.K.M. Reiter, and T. Ristenpart, Cross-VM Side Channels and Their Use to Extract Private Keys, Proc. ACM Conf. Computer and Comm. Security (CCS 12), pp , [10] N. Gruschka and L. Lo Iacono, Vulnerable Cloud: SOAP Message Security Validation Revisited, Proc. IEEE Int l Conf. Web Services (ICWS 09), [11] S. Bugiel, S. Nu rnberger, T. Po ppelmann, A.-R. Sadeghi, and T. Schneider, AmazonIA: When Elasticity Snaps Back, Proc. 18th ACM Conf. Computer and Comm. Security (CCS 11), pp , , IJAFRSE All Rights Reserved

8 [12] J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, All Your Clouds Are Belong to Us: Security Analysis of Cloud Management Interfaces, Proc. Third ACM Workshop Cloud Computing Security Workshop (CCSW 11), pp. 3-14, [13] Thom, Cloud computing security: From Single to Multi-clouds, Department of Computer Science and Computer Engineering, La Trobe University, Bundoora 3086, Australia. Mohammed A. AlZain, Eric Pardede, Ben Soh, James A. [14] Towards Of Secured Cost Effective Multi Cloud Storage In Cloud Computing, Communication Systems, Bannari Amman Institute of Technology. K.RAJASEKAR1 and C. KAMALANATHAN , IJAFRSE All Rights Reserved