Enhancing Data Availability of large Cloud Storage keys

Transcription

1 Enhancing Data Availability of large Cloud Storage keys Deepika S M. Tech., Computer Network Engg., BMS College of Engineering Bangalore, India deepikasmce@gmail.com Dr. M. Dakshayini Professor (ISE) BMS College of Engineering Bangalore, India dakshayini.ise@bmsce.ac.in Abstract Cloud computing is the most popular concept in the present technology. Storage-as-Service is one of the best feature of cloud computing. Cloud users are allowed to store and access their data anywhere and at anytime. Usually data will be stored in encrypted form. And security of these keys is a major problem. Becasuse, if the keys are compromised then whole data get compromised. Along with security, availability also plays very important role. So taking back up of keys and using the same to restore is usual and essential process. In this paper we are proposing and implementing a method to backup and restore the large amount of keys in JAR file by overcoming the limitation of JAR file which finally results in easy and transparent restoration 1. Introduction Defining the word cloud computing is a difficult task. Cloud computing generally involves a large number of computers connected through a communication network such as the Internet and sharing the available resources. According to the definition given by the US National Institute of Standards and Technology (NIST) [1]: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing users are allowed to access the data stored, applications, platforms, and computing services anywhere and at anytime in secured way and pay for exactly what they used. Cloud computing providers offer their services according to three fundamental models [4]: Infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) where IaaS is the most basic and each higher model abstracts from the details of the lower models.[7] One among the three different service models of cloud computing is: Infrastructure-as-a-service (IaaS) where the server s computational and storage infrastructure [12] are allowed to be accessed by cloud users [2][10][14]. Thus it is very important to carry out the communication and storage in secured way which is done using different encryption schemes. The keys used for encryption are very important and securing these keys from third party is also a important task in cloud computing. And making these keys available all time as soon as the user request for data is of higher priority. This paper is organized as follows: Section 2 gives the idea about necessity of backup, followed by Section 3 which explains the problem, in Section 4 we propose a solution to the problem, which is followed by implementation and result details in Section 5 & Issues in cloud security According to the research report, KPMG's 2010 Cloud Computing Survey, 2010, [5] security is the biggest obstacle to cloud adoption [9] (as shown in the figure.1), followed closely by legal, compliance, and privacy issues Figure 1: Concern regarding cloud computing 983

2 The three main issues related to security of cloud are [2][6]: Confidentiality: It is the assurance that the data is protected from the unauthorized access. Integrity: The assurance that data received exactly as sent by an authorized entity without any modification. Availability: It is the assurance that the data stored in cloud will be available in the requested format to the user whenever he requests which is ensured by authentication, fault tolerance, backup and restore. Figure 2: The CIA triad Cryptography involves security-related transformation [8] on the information to be sent or stored in unsecured medium. Usually confidentiality is provided by encrypting the data which is either in storage medium or in transmission channel [13]. As a result many keys will be present and those should be maintained in secured way. If these keys are not secured, then the whole data can be compromised. These keys will be large in number and backup of these are also very important to provide efficient availability. 3. Problem Statement The usual way followed by many is to backup the required data as a single entry (in this case the keys) in a JAR file, so that everything will be in a single file in secured way. Usually the backup JAR file consists of keys as a single entry which is extracted from the database, keystore items and configuration items which helps for proper restoration. The JAR content is shown in figure 3 [ 3] : MANIFEST.MF KEYS CONFIGURATION PROPERTIES OTHERS Figure 3: JAR content The JAR file has the following advantage: All related information like backup data, system state information ie properties, configuration in a single file. The data in JAR file will be automatically compressed so occupying comparatively lesser space either for storage or transmission. The JAR file comprises a manifest file which gives metadata information about the data in JAR that is date of creation, size, format and many other where all these can be used for determining whether any the selected fields have been modified or not. Checksum of each entry in JAR can be used for determining any modification. But the limitation of jar in java 6 is that an entry size cannot be more than 4GB[11].In cloud as the data is large and in turn the keys used will be more. As the keys will be large in number the overall size of keys may exceed 4GB. 4. Proposed Solution To overcome this limitation of JAR the entry which exceeds the threshold size is split into many of desired size and each are made as separate entry in the JAR. The keys are encrypted and compressed for better security and utilization, while making them as an entry. So care must be taken while splitting. Parameters used in algorithm: Name Description backupdir Directory which contains data which should be backed up FILE_MAXSIZE_LIMIT Maximum single file size allowed in JAR SPLIT_FILE_MAXSIZE Maximum size of split file s Split file es Encrypted split file ces Compressed encrypted split file 984

3 Algorithm: for each item in backupdir if(file_size >FILE_MAXSIZE_LIMIT) splitfile s into distinct file of size SPLIT_FILE_MAXSIZE for each split file s encrypt(s) compress(es) add(ces) into JAR updatemanifest(ces) make necessary updation in manifest file else encrypt(f) compress(ef) add(cef) into JAR updatemanifest(cef) make necessary updation in manifest file The procedure followed during backup is: a. Split: The entry which exceeds the FILE_MAXSIZE_LIMIT will be split into many of size SPLIT_FILE_MAXSIZE. b. Encrypt: Each split part will be encrypted separately. c. Compress: Each encrypted part is compressed separately. d. Make JAR entry: each separate part is added into jar. e. Update Manifest entry: Corresponding details are entered into manifest All these processes are transparent to user and user who opts for backup need not worry about all this and he selects the option of backup in the way usual he was doing before. The procedure followed during restore is: a. Read Manifest entry: Each entry in manifest file is read separately. b. Extract JAR entry: Corresponding JAR entry is extracted. c. Decompress: The extracted content are decompressed. d. Decrypt: Following the decompression, the decompressed content is decrypted. e. Combine: Accordingly in the same order the content are combined. split encrypt compress Jar entry Update manifest y Figure 4: During Backup and Restore This content resembling the whole backup data (collection Jar of entry keys) which is same before splitting is given as input to restore. Thus there is no requirement to make changes in the restore part of coding and it remains as before. 5. Implementation Read manifest Extract jar decompress sssess decrypt Combine The proposed system is implemented by modifying the existing code of backup, only in the write part of JAR where it follows the below procedure: While adding up the data (collection of keys) to the JAR, the size of data is checked. If the size exceeds 4GB before making entry into the JAR the data is split into desired size parts. Split module: In split module to avoid the over usage of memory, data is continuously written into temporary file until it reaches the desired size. When it reaches, that file is encrypted and compressed using any of the existing encryption schemes and compression techniques for security and space better utilization purpose. Then that temporary file is written into JAR that is making that as an entry. Accordingly the manifest file is updated with the proper filename which will be of our convenience which makes the combining process during restoration easier, JAR entry size, creation time, JAR entry format. 985

4 And during restoration the procedure follows as below: Combine module: Manifest file is read one by one and if the name indicates that it is a split file then corresponding entry is extracted the JAR file. That is decompressed followed by decryption using corresponding algorithm used during compression and encryption process. Then that is written into the single file looping over the manifest file for the other entries following the same procedure. At last it end up in getting a single file which is similar to the one which is not split during backup. Thus the restore coding need not to be changed and finally results in successful restoration using the configuration and properties file. 6. Results Experiment carried out with backupdir of size 33MB by setting up the FILE_MAXSIZE_LIMIT to 10MB and SPLIT_FILE_MAXSIZE also 10 MB. Fig 5 shows the snapshot of backup JAR file. 8. References [1] Joshi, J.B.D., Gail-Joon Ahn. Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy Magazine, Vol 8, IEEE Computer Society, 2010, p [2] Ashish Agarwal, Aparna Agarwal. The Security Risks Associated with Cloud Computing. International Journal of Computer Applications in Engineering Sciences [VOL I, SPECIAL ISSUE ON CNS, JULY 2011] [ISSN: ]. [3] Karan Singh, Steven Hart, William C. Johnston, Lynda Kunz, Irene Penney IBM Tivoli Key Lifecycle Manager for z/os [4] R. Agarwal, H. Lucas, The information systems identity crisis: focusing on highvisibility and highimpact research, MIS Quarterly 29 (3) (2005) [5] /ArticulosyPublicaciones/Documents/2010-Cloud- Computing-Survey.pdf [6] William Stallings, Cryptography and Network Security- Principles and Practices, 3rd Edition, Prentice Hall of India, [7] Shyam Patidar, Dheeraj Rane and Pritesh Jain, "A Survey Paper on Cloud Computing," 2012 Second International Conference on Advanced Computing & Communication Technologies." [8] Figure 5: Snapshot of backup JAR 7. Conclusion Following this proposed model allows the backup and restore of the large files to be successful using the same traditional JAR file by overcoming the size limitation. Usage of same JAR file format allows easy portability, better storage and transmission space utilization, security in terms of checksum verification. And also it does not need any modification in the backup and restore coding as only the changes are made during writing to and extracting from the JAR. [9] Joshi, J.B.D., Gail-Joon Ahn. Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy Magazine, Vol 8, IEEE Computer Society, 2010, p [10] Farzad Sabahi. Cloud Computing Security Threats and Responses. Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference. [11] [12] Gurudatt Kulkarni, Ramesh Sutar and Jayant Gambhir, "Cloud Computing-Storage as Service," International Journal of Engineering Research and Applications (IJERA), ISSN: , Vol. 2, Issue 1, Jan-Feb 2012, pp

5 [13] Towards Secure and Dependable Storage Services in Cloud Computing Cong Wang, Student Member, IEEE, Qian Wang, Student Member, IEEE, Kui Ren, Member, IEEE,Ning Cao, Student Member, IEEE, and Wenjing Lou, Senior Member, IEEE-2011 [14] M.Venkatesh, M.R.Sumalatha, Mr.C.SelvaKumar. Improving Public Auditability, Data Possession in Data Storage Security for Cloud Computing. Recent Trends In Information Technology (ICRTIT), 2012 International Conference, April

6 988