SURVEY PAPER ON SECURITY IN CLOUD COMPUTING



Similar documents
Survey on Enhancing Cloud Data Security using EAP with Rijndael Encryption Algorithm

Implementing Cloud Data Security by Encryption using Rijndael Algorithm

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

Security Analysis of Cloud Computing: A Survey

A Survey on Cloud Security Issues and Techniques

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

Monitoring Data Integrity while using TPA in Cloud Environment

Security Considerations for Public Mobile Cloud Computing

CLOUD COMPUTING SECURITY CONCERNS

Hybrid Cryptographic Framework for Multimedia Data Storage over Cloud

INCREASING THE CLOUD PERFORMANCE WITH LOCAL AUTHENTICATION

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1

Cryptographic Data Security over Cloud

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Keyword: Cloud computing, service model, deployment model, network layer security.

Keywords : audit, cloud, integrity, station to station protocol, SHA-2, third party auditor, XOR. GJCST-B Classification : C.2.4, H.2.

ADVANCE SECURITY TO CLOUD DATA STORAGE

ISSN: (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies

Cloud Computing. Karan Saxena * & Kritika Agarwal**

HARNESSING THE POWER OF THE CLOUD

Data Integrity Check using Hash Functions in Cloud environment

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Verifying Correctness of Trusted data in Clouds

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

(C) Global Journal of Engineering Science and Research Management

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

CLOUD COMPUTING. A Primer

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

Analysis of Cloud Computing Vulnerabilities

A Security Integrated Data Storage Model for Cloud Environment

Fundamental Concepts and Models

Cloud-Testing vs. Testing a Cloud

SaaS, PaaS & TaaS. By: Raza Usmani

A Survey on Data Integrity of Cloud Storage in Cloud Computing

Cloud Computing. Cloud computing:

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

SECURING CLOUD DATA COMMUNICATION USING AUTHENTICATION TECHNIQUE

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 1, Jan-Feb 2015

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Session 3. the Cloud Stack, SaaS, PaaS, IaaS

Cloud Courses Description

An Intelligent Approach for Data Fortification in Cloud Computing

EMPOWER DATA PROTECTION AND DATA STORAGE IN CLOUD COMPUTING USING SECURE HASH ALGORITHM (SHA1)

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Cloud Computing: Provide privacy and Security in Databaseas-a-Service

Secure Key Exchange for Cloud Environment Using Cellular Automata with Triple-DES and Error-Detection

An Efficient data storage security algorithm using RSA Algorithm

Secure cloud access system using JAR ABSTRACT:

Cloud Computing Security Framework for Banking Industry

A Survey on Scalable Data Security and Load Balancing in Multi Cloud Environment

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING

A Proposed Secure Framework for Safe Data Transmission in Private Cloud

Computer System Management: Hosting Servers, Miscellaneous

THE BLUENOSE SECURITY FRAMEWORK

NCTA Cloud Architecture

Cloud Computing Technology

DEFINING CLOUD COMPUTING: AN ATTEMPT AT GIVING THE CLOUD AN IDENTITY.

CLOUD COMPUTING OVERVIEW

A survey on cost effective multi-cloud storage in cloud computing

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

Survey on Security Attacks and Solutions in Cloud Infrastructure

Data Security & Privacy Protection: Primary Inhibitor for Adoption of Cloud Computing Services

International Journal of Advanced Research in Computer Science and Software Engineering

SECURITY STORAGE MODEL OF DATA IN CLOUD Sonia Arora 1 Pawan Luthra 2 1,2 Department of Computer Science & Engineering, SBSSTC

Security Issues in Cloud Computing

Data Security and Privacy in Cloud using RC6 Algorithm for Remote Data Back-up Server

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Cloud Security Who do you trust?

Module 1: Facilitated e-learning

Security Issues In Cloud Computing and Countermeasures

Mobile Cloud Computing Security Considerations

Data Security in Cloud Storage and Computing Using the Schmidt-Samoa Public Key Encryption Cryptosystem

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

Data Storage Security in Cloud Computing

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Cloud Computing Architecture: A Survey

Transcription:

SURVEY PAPER ON SECURITY IN CLOUD COMPUTING Jasleen Kaur Research Scholar, RIMT, Mandi Gobindgarh Dr. Sushil Garg Principal, RIMT, Mandi Gobindgarh ABSTRACT: Cloud Computing provides resources to the users over internet on demand. Service on demand is an important feature of cloud computing as it enables the user to choose the relevant resources while excluding the irrelevant ones. There are many Cloud Service Providers (CSP) such as Google, IBM, Oracle Corporation, Amazon Web Services, etc. which provide cloud services to users. CSPs are third parties who agree to lease out the resources to the users as per their demand and provide the users with various options of cloud deployment models (private, public, hybrid or community) and services (IaaS, PaaS and SaaS) too. Since cloud computing involves internet for data access, third party involvement and multi-tenancy, security stands as a major concern since every organization uploads their very sensitive data onto the cloud. There are ongoing researches to improve security of data in the cloud and in this paper, effort has been made to study the same. Keywords: Cloud Computing, Deployment Models, Cloud Services, Security concerns. I. INTRODUCTION Cloud Computing is internet based technology which has evolved in the field of IT over the past few years. Cloud computing makes the transfer or storage of bulk data easy to be transferred and maintained for usage. Organizations need not buy special hardware for deploying different applications since cloud computing provides on demand service to the user which means that all the resources like firewall, server, database and so on that are required by an organization for the deployment of an application may be leased out by some other organization which deals in providing those resources. The latter organizations are known as Cloud Service Providers (CSP). Hence leasing of resources does not levy high cost on the users and at the same time it gives business to other organizations as well. So, cloud Copyright to IJASPM, 2015 IJASPM.org 27

computing is fast becoming popular in the field of IT and is gaining attention of various organizations. Figure 1: Cloud Computing [4] There are different deployment models and cloud services which the user can choose from depending on the usage. These are discussed further. 1.1 Cloud Services: A.) Infrastructure as a Service (IaaS): This is the bottom-most layer of cloud computing stack and provides the consumers with various hardware facilities like that of storage, processors, servers, and networking and as well as some software facilities like virtualization and file system. It allows the consumers to equip resources on demand. B.) Platform as a Service (PaaS): It is the layer that lies above the IaaS in the stack. It deals with providing development as well as deployment options to the consumers. It basically provides an environment for developing the application with some built-in tools which have some pre-defined functions which help the user to build the application as per requirement. Also, once the application is developed, it may be deployed within the same environment. It also supports renting of resources and the consumers have to pay as per the usage. C.) Software as a Service (SaaS) : It is the topmost layer in the stack and lies above the PaaS layer. It provides deployment of the end product or software or some web application on the IaaS and PaaS services and provides access to different consumers through some network, probably Internet nowadays. The services of this layer are perceived and manipulated by the consumers. The license to these services may be subscription based or usage based. The consumer may extend the services (subscription as well as scalability) based on the demand. Copyright to IJASPM, 2015 IJASPM.org 28

1.2 Deployment Models There are different deployment models in cloud computing. These are: A.) Private Cloud: It is the one in which cloud infrastructure is established within the organization and provides limited access to the users. Since, only privileged users can access the resources on the cloud, it is considered as most secure of all other deployment models. It is deployed where the number of users accessing the information is small. B.) Public Cloud: It is the one in which cloud infrastructure is shared among different organizations. The public cloud is managed by some third party who lease out the resources to the organizations as per their demand. Hence, the public cloud supports the feature pay per usage. Public clouds are vulnerable to data tampering as there are multiple organizations accessing the applications on sharing basis and hence, it may give easy access to some intruder. C.) Hybrid Cloud: It is the combination of different clouds. As it is the combination of models, it offers the advantages of multiple deployment models. It provides ability to maintain the cloud as recovery of data is easy in this cloud. It offers more flexibility than both public and private clouds.[3] D.) Community Cloud: It is the one in which the cloud infrastructure is shared between different organizations with same interests or concerns. The organizations having same requirements (like security, policy, etc.) agree to share the resources from the same party or CSP. Hence, community cloud is basically a public cloud with enhanced security and privacy just like that in private cloud. The infrastructure may be maintained within the organization or outside the organization. Figure: Cloud Deployment Model [7] Copyright to IJASPM, 2015 IJASPM.org 29

II. LITERATURE SURVEY 2.1 Security Concerns According to Kazi and Susan[2], Security in cloud computing, the next generation architecture of IT Enterprises is cloud computing. They have classified the security threats as external and internal. External threats are related to large data centers. So, in order to ensure security to software or configurations, the cloud users, the CSPs and the third party vendor involved must take the responsibility for ensuring the same. According to Keiko David, Eduardo and Eduardo [10], An analysis of security issues for cloud computing, the risk areas that require security concerns are external data storage, use of public internet for communication purposes, inability of the user to control the privacy of the data, multi-tenancy and integration with internal security. According to Saurin and Nishant[7], A Review on Hybrid Techniques of Security In Cloud Computing, since data is stored out of sight and control of the users, there have been speculations to use the cloud computing services due to improper application. So, this arise questions related to privacy, confidentiality, integrity and so on and demands a trusted environment where data can be secured efficiently. According to Rohit and Sugata[13], Survey on security issues in cloud computing and associated mitigation techniques, it is convenient to access our hard drives mounted on our own systems, but access to cloud system is not that convenient as the data is stored at some other physical location and if the internet goes down, it will deny any kind of access to the data. According to Nagaraju and Sridaran, A survey on security threats for cloud computing, a recent survey by International Data Corporation (IDC), 87.5% of the masses belonging to varied levels starting from IT executives to CEOs have said that security is the top most challenge to be dealt with in every cloud service.[15] 2.2 Related Work A.) Sanjoli and Jasmeet [12], Cloud data security using authentication and encryption technique, propose blend of two different algorithms for ensuring security: Extensible Authentication Protocol-CHAP and Rijndael Encryption Algorithm. EAP(Extensible Authentication Protocol) is implemented for authentication purpose. Challenge-Handshake Authentication Protocol (CHAP), a method of EAP, is used for authentication. Rijndael is used for encryption purpose. Client side security has been focused in this paper. Rijndael makes the system secure. Copyright to IJASPM, 2015 IJASPM.org 30

B.) Shirole and Sanjay[17], Data Confidentiality in Cloud Computing with Blowfish Algorithm, propose a system that uses encryption technique to provide reliable and easy way to secure data for resolving security challenges. Scheduler performs encryption on plain data into cipher data followed by uploading of ciphered data on the cloud. When the data is to be retrieved from the cloud, it is obtained in plain data format and is stored on the system. This preserves data internally. And hence, this builds a relationship of cooperation between operator and service provider. This model uses OTP(One-Time Password) for authentication purpose and Blowfish algorithm for encryption purpose. C.) Garima and Naveen [16], Triple Security of Data in Cloud Computing, proposed a system for securing the cloud by using three algorithms: DSA (Digital Signature Algorithm), AES (Advanced Encryption Standard) and Steganography step by step. In order to encrypt the data, DSA is applied for authentication purpose followed by AES for encryption and then finally concealing data within audio file using Steganography for utmost security. Once encryption is complete, the receiver may decrypt the data by applying reverse of the applied algorithms. But, it is found that the time complexity is high because it is a one by one process. D.) Sunita and Ambrish[18], Cloud Security with Encryption using Hybrid Algorithm and Secured Endpoints, propose a hybrid algorithm for securing the cloud. In order to encrypt the message, in the first place the password is encrypted using Ceaser cipher followed by encryption using RSA substitution algorithm and then further final encryption by the mono alphabetic substation method. Once the encryption process is over, the password is sent to the server with the plaintext user name and then user get access to the system on successful matching. This makes the system secure and increases the speed of correction of critical issues along with determining the root causes of vulnerability and software security assurance processes. III. CONCLUSION From the above survey, it is learnt that cloud computing is definitely the buzzword in the market nowadays, grabbing attention of IT people and also giving business to numerous companies. But, just as a coin has two sides, so does cloud computing has its own advantages and pitfalls. Amongst the pitfalls, security is area of major concern as every organization handovers their very sensitive data to CSPs. Security of data is something that may affect the quality of service (QoS) of CSPs. So, the CSPs must make sure that they use appropriate techniques and methods to secure the data. Also, the users must make sure to choose the CSP wisely and understand their policies. Copyright to IJASPM, 2015 IJASPM.org 31

IV. REFERENCES [1] http://en.wikipedia.org/wiki/category:cloud_computing_providers [2] Zunnurhain, Kazi, and Susan V. Vrbsky. "Security in cloud computing." Proceedings of the 2011 International Conference on Security & Management. 2011. [3] Kaur, Jasleen, Anupma Sehrawat, and Ms Neha Bishnoi. "Survey Paper on Basics of Cloud Computing and Data Security." International Journal of Computer Science Trends and Technology (IJCSTT) (2014). [4] http://cloudcomputingcafe.com/ [5] Zissis, Dimitrios, and Dimitrios Lekkas. "Addressing cloud computing security issues." Future Generation computer systems 28.3 (2012): 583-592. [6] SO, Kuyoro. "Cloud computing security issues and challenges." International Journal of Computer Networks (2011): 11-14. [7] Khedia, Saurin, and Nishant Khatri. "A Review on Hybrid Techniques of Security In Cloud Computing." [8] http://www.verio.com/resource-center/articles/cloud-computing-benefits/ [9] http://mobiledevices.about.com/od/additionalresources/a/cloud-computing-is-it-really-all-that- Beneficial.htm [10] Hashizume, Keiko, et al. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4.1 (2013): 1-13. [11] Singh, Palvinder, and Er Anurag Jain. "Survey Paper on Cloud Computing." [12] Singla, Jasmeet Singh. "Cloud data security using authentication and encryption technique." Global Journal of Computer Science and Technology 13.3 (2013). [13] Bhadauria, Rohit, and Sugata Sanyal. "Survey on security issues in cloud computing and associated mitigation techniques." arxiv preprint arxiv:1204.0764 (2012). [14] Ren, Kui, Cong Wang, and Qian Wang. "Security challenges for the public cloud." IEEE Internet Computing 16.1 (2012): 69-73. [15] Nagaraju Kilari, Dr R. Sridaran. "A survey on security threats for cloud computing." International Journal of Engineering Research and Technology. Vol. 1. No. 7 (September-2012). ESRSA Publications, 2012. [16] Saini, Garima, and Naveen Sharma. "Triple Security of Data in Cloud Computing." International Journal of Computer Science & Information Technologies 5.4 (2014). [17] Subhash, Shirole Bajirao. "Data Confidentiality in Cloud Computing with Blowfish Algorithm." International Journal of Emerging Trends in Science and Technology 1.01 (2014). [18] Rani, Sunita, and Ambrish Gangal. "Cloud security with encryption using hybrid algorithm and secured endpoints." International journal of computer science and information technologies 3.3 (2012): 4302-4304. Copyright to IJASPM, 2015 IJASPM.org 32

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information