CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Transcription

1 CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY Varun Gandhi 1 Department of Computer Science and Engineering, Dronacharya College of Engineering, Khentawas, Farukhnagar, Gurgaon, India Sanchit Bansal 2, Raveesh Kapoor 3, Aakarsh Dhawan 4 Department of Computer Science and Engineering, University of Petroleum and Energy Studies, Dehradun, India ABSTRACT: The Cloud Computing offers service over internet with dynamically scalable resources. Cloud Computing services provides benefits to the users in terms of cost and ease of use. Cloud Computing services need to address the security during the communication of sensitive data and critical applications to shared and public cloud environments. The cloud environments are scaling large for data processing and storage needs. Cloud computing environment have various advantages as well as disadvantages on the data security of service consumers. This paper aims to emphasize the main security issues existing in cloud computing environments. The security issues at various levels of cloud computing environment is identified in this paper and categorized based on cloud computing architecture. This paper also focuses on the usage of Cloud services and security issues to build these cross-domain Internet-connected collaborations. Keywords: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a- Service (SaaS), Virtual Machine (VM). INTRODUCTION: Cloud computing is a hot topic in IT industry. Cloud computing is internet based development and is used in computer technology. Cloud computing manages and schedules the computing resources through network, and constitutes a large computing resources pool which can provide service to users on their demand.the network is called cloud. Resources in cloud is seems that can be extended unlimitedly, got anytime, used on-demand and paid according to apply. It dynamically delivers everything as a service over the internet based on user demand, such as network, operating system, storage, hardware, software, and resources. These services are classified into three types: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Overview of High-level Cloud Architecture: 11

2 We provide an architectural view of the security issues to be addressed in cloud computing environment for providing security for the customer. We have defined four layers based on cloud computing services. The cloud computing categorization based on services as Software-as-a- Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS). This section elaborates the four layers shown in figure 1 and mapping the different security issues in each layer. Some of the important components of User layer are Cloud Applications, Programming, Tools and Environments. Some of the popular examples for these applications are B2B, Facebook, MySpace, Enterprise, ISV, CDNs, Web 2.0 Interfaces, Aneka, Map Reduce, Dryad, Workflows and libraries. Some of the security issues related to the user layer are Security as a Service, Browser security, and Authentication are elaborated in the next sections. FIGURE 1: Security Architecture of Cloud Computing 12

3 THERE ARE FOUR MAIN TYPES OF CLOUD: Public Cloud: The cloud computing resource is pooled outside, anyone can use it and some amount of charges will be required for the same. Private Cloud: It is opposite to public cloud, private cloud s resource is limit to a group of people, like employees of an organization etc. Hybrid Cloud: This is a mixture of previous two clouds, some cloud computing resource is shared outside but the others aren t. Community Cloud: This is a special cloud to make use of cloud computing features. More than one community shares a cloud to share and reduce the cost of computing system. FIGURE 2: Deployment models operated by Cloud Computing Data storage in cloud offers so many benefits to users: a. It provides unlimited data storage space for storing user s data. b. Users can access the data from the cloud provider via internet anywhere in the world not on a single machine. c. We do not buy any storage device for storing our data and have no responsibility for local machines to maintain data. Within the cloud computing world, the virtual environment lets users access computing power that exceeds that contained within their own physical worlds. To enter this virtual environment, it does not require the exact location of their data nor the other sources of the data collectively stored with theirs. To ensure 13

4 data confidentiality, integrity and availability (CIA), the storage provider must offer capabilities that, at a minimum, include: a tested encryption schema to ensure that the shared storage environment safeguards all data; harsh access controls to prevent unauthorized access to the data; and Scheduled data backup and safe storage of the backup media. SECURITY ISSUES FACED BY CLOUD COMPUTING: When it comes to security, cloud really suffers a lot. The vendor for Cloud must make sure that the customer does not face any problem such as loss of data or data theft. There is also a possibility where a malicious user can penetrate the cloud by impersonating a legitimate user, there by infecting the entire cloud thus affecting many customers who are sharing the infected cloud. Some of the problem which is faced by the Cloud computing are: 1. Data Integrity 2. Data Theft 3. Privacy issues 4. Infected Application 5. Data loss 6. Data Location 7. Security on Vendor level 8. Security on user level Data Integrity:0 When a data is on a cloud anyone from any location can access those data s from the cloud. Cloud does not differentiate between a sensitive data from a common data thus enabling anyone to access those sensitive data s. Thus there is a lack of data integrity in cloud computing. Data Theft: Most of the cloud Vendors instead of acquiring a server tries to lease a server from other service providers because they are cost affective and flexible for operation. The customer doesn t know about those things, there is a high possibility that the data can be stolen from the external server by a malicious user. Privacy Issues: The Vendor must make sure that the Customer Personal information is well secured from other operators. As most of the servers are external, the vendor should make sure who is accessing the data and who is maintaining the server thus enabling the vendor to protect the customer s personal information. Infected Application: 14

5 Vendor should have the complete access to the server for monitoring and maintenance, thus preventing any malicious user from uploading any infected application onto the Cloud which will severely affect the customer. Data Loss: Data loss is a very serious problem in Cloud computing. If the vendor closes due to financial or legal problems there will be a loss of data for the customers. The customers won t be able to access those data s because data is no more available for the customer as the vendor shut down. Data Location: When it comes to location of the data nothing is transparent even the customer don t know where his own data is located. The Vendor does not reveal where all the data is stored. The Data s won t even be in the same country of the Customer, it might be located anywhere in the world. Security on Vendor level: Vendor should make sure that the server is well secured from all the external threats it may come across. A Cloud is good only when there is a good security provided by the vendor to the customers. Security on User level: Even though the vendor has provided a good security layer for the customer, the customer should make sure that because of its own action, there shouldn t be any loss of data or tampering of data for other users who are using the same Cloud. Security issues faced by cloud providers : Infrastructure as a Service (IaaS): Infrastructure as a Service is a running model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. Platform as a Service (PaaS): Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones. Platform as a Service (PaaS) is an outgrowth of Software as a Service (SaaS), a software distribution model in which hosted software applications are made available to customers over the Internet. PaaS has several advantages for developers. With PaaS, operating system features can be changed and upgraded frequently. Geographically distributed development teams can work together on software development projects. Services can be obtained from diverse sources that cross international boundaries. Initial and ongoing costs can be reduced by the use of infrastructure services from a single vendor rather than maintaining multiple hardware facilities 15

6 that often perform duplicate functions or suffer from incompatibility problems. Overall expenses can also be minimized by unification of programming development efforts. Software as a Service (SaaS): Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. SaaS is becoming an increasingly prevalent delivery model as underlying technologies that support Web services and service-oriented architecture (SOA) mature and new developmental approaches, such as Ajax, become popular. Meanwhile, broadband service has become increasingly available to support user access from more areas around the world. SaaS is closely related to the ASP (application service provider) and on demand computing software delivery models. IDC identifies two slightly different delivery models for SaaS. The hosted application management (hosted AM) model is similar to ASP: a provider hosts commercially available software for customers and delivers it over the Web. In the software on demand model, the provider gives customers network-based access to a single copy of an application created specifically for SaaS distribution. DIFFERENT SECURITY ALGORITHMS : RSA: RSA is an algorithm for public-key cryptography, involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. User data include encryption prior to storage, user authentication procedures prior to storage or retrieval, and building secure channels for data transmission. MD5- (Message-Digest algorithm 5) A widely used cryptographic hash function with a 128-bit hash value, processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks. The message is padded so that its length is divisible by 512. In this sender use the public key of the receiver to encrypt the message and receiver use its private key to decrypt the message. AES- (Advanced Encryption Standard) In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption standard. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. AES algorithm ensures that the hash code is encrypted in a highly secure manner. AES has a fixed block size of 128 bits and uses a key size of 128 in this paper. Its algorithm is as follows: 1. Key Expansion - 2. Initial Round - 3.Add Round Key - 4.Rounds - 5.Sub Bytes a non-linear substitution step where each byte is replaced with another according to a lookup table. 6. Shift Rows a transposition step where each row of the state is shifted cyclically a certain number of steps. 7. Mix Columns a mixing operation which operates on the columns of the state, combining the four bytes in each column 8. Add Round Key each byte of the state is 16

7 combined with the round key; each round key is derived from the cipher key using a key schedule. 9. Final Round (no Mix Columns) 10. Sub Bytes 11. Shift Rows 12. Add Round Key IMPLEMENTING DES Algorithm IN CLOUD FOR DATA SECURITY: In Cloud computing, we have problem like security of data, files system, backups, network traffic, and host security. Here we are proposing a data security using encryption decryption with DES algorithm while we are transferring it over the network. The Data Encryption Standard (DES) is the name of the Federal Information Processing Standard (FIPS) 46-3, Which Describes the data encryption algorithm (DEA). The DES has been extensively studied since its publication and is the most widely used symmetric algorithm in the world. The DES has a 64-bit block size key during execution. DES is a symmetric cryptosystem, specifically a 16-round Feistel Cipher. When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a Message Authentication Code (MAC). The DES can also be used for Single user encryption, such as to store files on a hard disk in encrypted form.the DES has a 64-bit block size and uses a 56 bit key during execution. In Cipher Block Chaining mode of operation of DES, each block of ECB encrypted cipher text is XORed with the next plain text block to be encrypted, thus making all the blocks dependent on all the previous blocks.this means that in order to find the plaintext of a particular block, you need to know the cipher text, the key and the cipher text for the previous block. The first block to be encrypted has no previous cipher text, so the plaintext is XORed with a 64- bit number called the initialization vector (referred as IV).So if data is transmitted over network or phone line and there is a transmission error, the error will be carried forward to all the subsequent blocks since each block is dependent upon the last.this mode of operation is more secure than ECB (electronic code book) because the extra XOR step adds one more layer to the encryption process. FIGURE3 17

8 FIGURE4 Compositions of Encryption and Decryption : Encryption E = el1 o el2 o el16 Decryption D = dl16 o dl15 o o dl1 Leader L is derived from the Password. Here we have 16 rotations. So we need 16 Leaders (L1 to L16) from Password. L1 = First two bits of Password. L2 = Second two bits of Password L3 = Third two bits of Password and so on Steps: Get the Plain text. Get the Password. Convert the Characters into binary form. Derive the Leaders (L1 to L16) from the Password. Apply the Formula to get the encrypted and decrypted message. Encryption: x1 x2 x3 L y1 y2 y3 Decryption: y1 y2 y3 L x1 x2 x3 CONCLUSION: Among the many IT hulks driven by trends in cloud computing, it seems almost everyone has brought good news in this field of research. For enterprises, cloud computing is worthy of consideration and try to build business systems as a way for businesses. Cloud computing undoubtedly brings about lower costs, higher profits and more choices for large scale industry, Data security has become the most important issue of cloud computing security. Though many results have been proposed, many of them only consider one side of security. We proposed that the cloud data security must be considered to analyze the data security risk, the 18

9 data security requirements, deployment of security functions and the data security process through encryption. The main contribution of this paper is the fresh view of data security solution with encryption, which is significant and can be used as reference for designing the complete security solution. FUTURE EXPECTATIONS: In future work, we believe that data storage security in Cloud Computing, an area full of challenges and of dominant importance, are still in its infancy now, and many research problems are yet to be identified to enhance the security structures by using enhanced techniques of data security through cryptosystems and other procedures. REFERENCES: 1) 2) 3) 4) 5) 19