Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation.



Similar documents
International Journal of Advance Research in Computer Science and Management Studies

Service and Data Security for Multi Cloud Environment

Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment

Security and Privacy-Enhancing Multi Cloud Architectures

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

CLOUD computing offers dynamically scalable resources

Study of Secure Data in Multi-Cloud Using DROPS Techniques

PRIVACY PRESERVING PUBLIC AUDITING FOR MULTIPLE CLOUD SERVICE PROVIDERS

Security Issues In Cloud Computing and Countermeasures

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

CLOUD COMPUTING SECURITY CONCERNS

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

IMPLEMENTING DATA SECURITY IN MULTI CLOUD

Analysis of Cloud Computing Vulnerabilities

SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR DATA STORAGE SECURITY IN CLOUD

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

AEIJST - June Vol 3 - Issue 6 ISSN Cloud Broker. * Prasanna Kumar ** Shalini N M *** Sowmya R **** V Ashalatha

SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Cloud Security Risk Agreements for Small Businesses

Cloud Computing Security Issues And Methods to Overcome

Top 10 Cloud Risks That Will Keep You Awake at Night

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Security Considerations for Public Mobile Cloud Computing

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

AN ENHANCED ATTRIBUTE BASED ENCRYPTION WITH MULTI PARTIES ACCESS IN CLOUD AREA

How To Secure Cloud Computing

Verifying Correctness of Trusted data in Clouds

ADVANCE SECURITY TO CLOUD DATA STORAGE

Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System

Design and Implement Enhancing Security in Multi Cloud Storage System using Distributed File System

Security Issues in Cloud Computing

Cloud Database Storage Model by Using Key-as-a-Service (KaaS)

Cloud Courses Description

Multi Tenancy Access Control Using Cloud Service in MVC

Cloud-Security: Show-Stopper or Enabling Technology?

Data Storage Security in Cloud Computing

Keyword: Cloud computing, service model, deployment model, network layer security.

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Secure Cloud Service Management and its Resource Utilization of Server Using Volunteer Computing

FACING SECURITY CHALLENGES

A survey on cost effective multi-cloud storage in cloud computing

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

[Sudhagar*, 5(5): May, 2016] ISSN: Impact Factor: 3.785

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

ISSN Index Terms Cloud computing, outsourcing data, cloud storage security, public auditability

AN APPROACH TOWARDS FUNCTIONING OF PUBLIC AUDITABILITY FOR CLOUD ENRICHMENT

Cloud Courses Description

IJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN:

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

An Efficient Data Correctness Approach over Cloud Architectures

Providing Flexible Security as a Service Model for Cloud Infrastructure

Secure Cloud Transactions by Performance, Accuracy, and Precision

Addressing Data Security Challenges in the Cloud

SECURITY THREATS TO CLOUD COMPUTING

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

Customer Security Issues in Cloud Computing

Effective Service Security Schemes In Cloud Computing

Improving data integrity on cloud storage services

Patterns for Secure Boot and Secure Storage in Computer Systems

A SURVEY PAPER ON ENSURING SECURITY IN CLOUD COMPUTING

CLOUD COMPUTING SECURITY ISSUES

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Identifying Data Integrity in the Cloud Storage

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

A REVIEW PAPER ON CRYPTOGRAPHIC APPROACH FOR LICENSE MANAGEMENT SYSTEM IN CLOUD COMPUTING

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Near Sheltered and Loyal storage Space Navigating in Cloud

Fully homomorphic encryption equating to cloud security: An approach

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Cloud SQL Security. Swati Srivastava 1 and Meenu 2. Engineering College., Gorakhpur, U.P. Gorakhpur, U.P. Abstract

Chapter 1: Introduction

Managing Cloud Computing Risk

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Selective dependable storage services for providing security in cloud computing

A Review of Cloud Environment and Recognition of Highly Secure Public Data Verification Architecture using Secure Public Verifier Auditor

Indexed Terms: attacks, challenges, cloud computing, countermeasures, hacker, security

Evripidis Paraskevas (ECE Dept. UMD) 04/09/2014

Security and Privacy in Cloud Computing

An Intelligent Approach for Data Fortification in Cloud Computing

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

Security Issues On Cloud Computing

Cloud Computing, and REST-based Architectures Reid Holmes

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Cryptographic Data Security over Cloud

The Private Cloud Your Controlled Access Infrastructure

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing

Cloud Server Storage Security Using TPA

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Securing Elastic Applications for Cloud Computing. Many to One Virtualization

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Privacy Preserving Public Auditing for Data in Cloud Storage

A Novel Approach for Efficient Load Balancing in Cloud Computing Environment by Using Partitioning

February. ISSN:

Transcription:

An Secure Data Storage Multi Cloud Architecture Mr. Gajendrasing Chandel, Mr.Rajkumar R. Yadav Assistant Professor, Student M.Tech 2 nd Year Computer Science & Engineering, SSSIST, Sehor ABSTRACT In recent years use of Cloud computing in different mode like cloud storage, cloud hosting, cloud servers are increased in industries and other organization as per requirements. While considering the power, stability and the security of cloud one can t ignore different threats to user s data on cloud storage. Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and un-trusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Existing access control schemes are no longer applicable to cloud storage systems, because they either produce multiple encrypted copies of the same data or require a fully trusted cloud server. Malicious user at cloud storage is become most difficult attacks to stop. In proposed system we are implementing the concept of multiple cloud storage along with enhanced security using encryption techniques where rather storing complete file on single cloud system will split the file in different chunks then encrypt and store it on different cloud and the meta data required for decrypting and rearranging a file will be stored in metadata management server. Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation. I. INTRODUCTION Traditionally, having a monolithic system run across multiple computers meant splitting the system into separate client and server components. In such systems, the client component handled the user interface and the server provided back-end processing, such as database access, printing, and so on. As computers proliferated, dropped in cost, and became connected by ever-higher bandwidth networks, splitting software systems into multiple components became more convenient, with each component running on a different computer and performing a specialized function. This approach simplified development, management, administration, and often improved performance and robustness, since failure in one computer did not necessarily disable the entire system. Cloud computing is a general term for anything that involves delivering hosted services over the internet. Cloud computing enables companies to consume compute resources as a utility just like electricity rather than having to build and maintain computing infrastructures in-house. Simply cloud computing offers the delivery of on-demand computing resources everything from applications to data centers over the Internet on a pay-for-use basis. Cloud offers three types of services as they are IasS, PasS, SasS. Cloud provides all this services virtually, So we can say that cloud is an virtual environment. 25 2015, IJAFRSE All Rights Reserved

In many cases the system appears to the client as an opaque cloud that performs the necessary operations, even though the distributed system is composed of individual nodes, as illustrated in the following figure. Figure 1. Distributed System The opacity of the cloud is maintained because computing operations are invoked on behalf of the client. As such, clients can locate a computer (a node) ) within the cloud and request a given operation; in performing the operation, that computer can invoke functionality on other computers within the cloud without exposing the additional steps, or the computer on which they were carried out, to the client. With this paradigm, the mechanics of a distributed, cloud-like like system can be broken down into many individual packet exchanges, or conversations between individual nodes. Traditional client-server systems have two nodes with fixed roles and responsibilities. Modern-distributed distributed systems can have more than two nodes, and their roles are often dynamic. In one conversation a node can be a client, while in another conversation the node can be the server. In many cases, the ultimate consumer of the exposed functionality is a client with a user sitting at a keyboard, watching the output. In other cases the distributed system functions unattended, performing background operations. The distributed system may not have dedicated clients and servers for each particular packet exchange, but it is important to remember there is a caller, (or initiator, either of which is often referred to as the client). There is also the recipient of the call (often referred to as the server). It is not necessary to have two-way way packet exchanges in the request-reply reply format of a distributed system; often messages are sent only one way. As use of cloud computing is growing rapidly in every for m of organization, to provide security to the data in cloud computing is the main issue to deal with.[13] Some security issues like data loss and malicious insiders are reasons to fear for customers using cloud computing services. In a cloud 26 2015, IJAFRSE All Rights Reserved

computing environment, individuals and businesses work with applications and data stored and/or maintained on shared machines in a internet environment rather than physically located in the home of a user or as corporate [13] environment. Vulnerabilities in a particular cloud service or cloud computing environment can potentially be exploited by criminals and actors with malicious intent [14]. II. LITERATURE SURVEY Cloud computing creates a large number of security issues and challenges. A list of security threats to cloud computing is presented in [6]. These issues range from the required trust in the cloud provider and attacks on cloud interfaces to misusing the cloud services for attacks on other systems. The main problem that the cloud computing paradigm implicitly contains is that of secure outsourcing of sensitive as well as business-critical data and processes. When considering using a cloud service, the user must be aware of the fact that all data given to the cloud provider leave the own control and protection sphere. Even more, if deploying data-processing applications to the cloud (via IaaS or PaaS), a cloud provider gains full control on these processes. Hence, a strong trust relationship between the cloud provider and the cloud user is considered a general prerequisite in cloud computing. Depending on the political context this trust may touch legal obligations. For instance, Italian legislation requires that government data of Italian citizens, if collected by official agencies, have to remain within Italy. Thus, using a cloud provider from outside of Italy for realizing an e-government service provided to Italian citizens would immediately violate this obligation. Hence, the cloud users must trust the cloud provider hosting their data within the borders of the country and never copying them to an off-country location nor providing access to the data to entities from abroad. An attacker that has access to the cloud storage component is able to take snapshots or alter data in the storage this might be done once, multiple times, or continuously. An attacker that also has access to the processing logic of the cloud can also modify the functions and their input and output data. Even though in the majority of cases it may be legitimate to assume a cloud provider to be honest and handling the customers affairs in a respectful and responsible manner, there still remains a risk of malicious employees of the cloud provider, successful attacks and compromisation by third parties, or of actions ordered by a subpoena. In [7], an overview of security flaws and attacks on cloud infrastructures is given. Some examples and more recent advances are briefly discussed in the following. Ristenpart et al. [8] presented some attack techniques for the virtualization of the Amazon EC2 IaaS service. In their approach, the attacker allocates new virtual machines until one runs on the same physical machine as the victim s machine. Then, the attacker can perform cross-vm side channel attacks 27 2015, IJAFRSE All Rights Reserved

to learn or modify the victim s data. The authors present strategies to reach the desired victim machine with a high probability, and show how to exploit this position for extracting confidential data, e.g., a cryptographic key, from the victim s VM. Finally, they propose the usage of blinding techniques to fend cross-vm side-channel attacks. In [10], a flaw in the management interface of Amazon s EC2 was found. The SOAP-based interface uses XML Signature as defined in WS-Security Security for integrity protection and authenticity verification. Gruschka and Iacono [10] discovered that the EC2 implementation for signature verification is vulnerable to the Signature Wrapping Attack. In this attack, the attacker who eavesdropped a legitimate request message can add a second arbitrary operation to the message while keeping the original signature. Due to the flaw in the EC2 framework, the modification of the message is not detected and the injected operation is executed on behalf of the legitimate user and billed to the victim s account. A major incident in a SaaS cloud happened in 2009 with Google Docs. Google Docs allows users to edit documents online and share these documents with other users. However, this system had the following flaw: Once a document was shared with anyone, it was accessible for everyone the document owner has ever shared documents with before. For this technical glitch, not even any criminal intent was required to get unauthorized access to confidential data. Recent attacks have demonstrated that cloud systems of major cloud providers may contain severe security flaws in different types of clouds (see [12], [10]).As can be seen from this review of the related work on cloud system attacks, the cloud computing paradigm contains an implicit threat of working in a compromised cloud system. If an attacker is able to infiltrate the cloud system itself, all data and all processes of all users operating on that cloud system may become subject to malicious actions in an avalanche manner. Hence, the cloud computing paradigm requires an in-depth reconsideration on what security requirements might be affected by such an exploitation incident. For the common case of a single cloud provider hosting and processing all of its user s data, an intrusion would immediately affect all security requirements: Accessibility, integrity, and confidentiality of data and processes may become violated, and further malicious actions may be performed on behalf of the cloud user s identity. These cloud security issues and challenges triggered a lot of research activities, resulting in a quantity of proposals targeting the various cloud security threats. Alongside with these security issues, the cloud paradigm comes with a new set of unique features that open the path toward novel security approaches, techniques, and architectures. One promising concept makes use of multiple distinct clouds simultaneously. Cloud computing data security refers to the set of procedures, processes and standards designed to provide information security of data in a cloud computing environment. Cloud computing data security 28 2015, IJAFRSE All Rights Reserved

addresses both physical and logical security issues across all the different service models and delivery models. While data of the customer need to be secured in cloud, both the data backup and data recovery methods should be efficient. The data recovery and backup process has various successful techniques. The techniques are lagging behind some critical issues like implementation of complexity, low cost, security and time related issues presented in [1]. III. PROBLEM IDENTIFICATION & PROPOSED METHODOLOGY There are different architectural patterns for distributing resources to multiple cloud providers. This model is used to discuss the security benefits and also to classify existing approaches. In proposed model system distinguish the following four architectural patterns. Replication of Applications allows to receive multiple results from one operation performed in distinct clouds and to compare them within the own premise. This enables the user to get evidence on the integrity of the result. Partition of Application System into Tiers allows separating the logic from the data. This gives additional protection against data leakage due to flaws in the application logic. Partition of Application Logic into Fragments allows distributing the application logic to distinct clouds. This has two benefits. First, no cloud provider learns the complete application logic. Second, no cloud provider learns the overall calculated result of the application. Thus, this leads to data and application confidentiality. Partition of Application Data into Fragments allows distributing fine-grained fragments of the data to distinct clouds. None of the involved cloud providers gains access to all the data, which safeguards the data s confidentiality. Each of the introduced architectural patterns provides individual idual security merits, which map to different application scenarios and their security needs. Obviously, the patterns can be combined resulting in combined security merits, but also in higher deployment and runtime effort. The following sections present the four patterns in more detail and investigate their merits and flaws with respect to the stated security requirements under the assumption of one or more compromised cloud systems. IV. PROPOSED WORK: In proposed system we are implementing the concept of multiple cloud storage along with enhanced security using encryption techniques where we Split the file in different chunks then encrypt and store it 29 2015, IJAFRSE All Rights Reserved

on different cloud. Meta data required for decrypting and rearranging a file will be stored in metadata management server. Developer Interface / SaaS Web Server CLOUD BASED FILE SYSTEM / PaaS Proprietary File System Proprietary File System Proprietary File System Cloud A Cloud B Cloud C Figure 2 System Architecture. Setting up and configuring different cloud server in order to having storage cloud access Using cloud server API develop file accessing method in different cloud. Developing encryption techniques like AES, RSA for file decryption before storing it on cloud. Develop a file management classes in dot net. Develop a web interface to upload and download files in cloud storage. Development Phase File encryption technique design. Remote file split and storing module. Remote file clubbing module. File management module User web access module. V. EXPECTED OUTCOME AND FUTURE WORK: A web portal which let the user manage his data and the managed data should be splitter over the multiple cloud drive as a chunk of file along with encryption. Proposed system will be tested and demonstrate over a local network or on live storage cloud server. VI. CONCLUSION: 30 2015, IJAFRSE All Rights Reserved

By implementing the cloud based storage it solve many business secure and safe storage issues. But on the other side many expert state that it is more risky to put the data over single cloud as it increase the malicious user attack possibilities so it is the responsibility of a good cloud service provider to ensure secure storage of data on the cloud to his customer. We are trying to provide two way security to the data by encrypting the data and by storing data on the multiple servers. Also, the responsibility of storing the sensitive e data about the user accounts is taken by different central server (CSP), which will help in securing the data from attacks hence by designing the proposed system we are extending the storage cloud security by distributing and encrypting the data. VII. REFERENCES [1] M. Sugumaran, BalaMurugan. B, D. Kamalraj, An Architecture for Data Security in Cloud Computing, Proc. IEEE Int l Conf. Web Services (WCCCT.2014.53), 2014. [2] Chirag and et al, "A Survey on Security issues and Solutions at different layers of Cloud computing", Springer Science Business Media, 2012. [3] Asha.D and R.Chitra, "Securing cloud from ddos attacks using intrusion detection system", JREAT International Journal of Research in Engineering & Advanced Technology, Vol 1, No.1, pp.1-6, 2013. [4] F. Gens, IT Cloud Services User Survey, pt.2: Top Benefits & Challenges, Blog post on IDC Survey, 2008. [Online]. Available: http://blogs.idc.com/ie/?p=210 [5] P. Malinverno, Cloud computing in europe, Gartner Application Architecture, Development & Integration Summit,, June 2012. [Online]. Available: http://www.gartner.com/it/page.jsp?id= 2032215 [6] D. Hubbard and M. Sutton, Top Threats to Cloud Computing V1.0, Cloud Security Alliance, http://www.cloudsecurityalliance.org/topthreats, 2010. [7] M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, On Technical Security Issues in Cloud Computing, Proc. IEEE Int l Conf. Cloud Computing (CLOUD-II), 2009. [8] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Proc. 16th ACM Conf. Computer and Comm. Security (CCS 09), pp. 199-212, 2009. [9] Y. Zhang, A. Juels, M.K.M. Reiter, and T. Ristenpart, Cross-VM Side Channels and Their Use to Extract Private Keys, Proc. ACM Conf. Computer and Comm. Security (CCS 12), pp. 305-316, 2012. [10] N. Gruschka and L. Lo Iacono, Vulnerable Cloud: SOAP Message Security Validation Revisited, Proc. IEEE Int l Conf. Web Services (ICWS 09), 2009. [11] S. Bugiel, S. Nu rnberger, T. Po ppelmann, A.-R. Sadeghi, and T. Schneider, AmazonIA: When Elasticity Snaps Back, Proc. 18th ACM Conf. Computer and Comm. Security (CCS 11), pp. 389-400, 2011. 31 2015, IJAFRSE All Rights Reserved

[12] J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, All Your Clouds Are Belong to Us: Security Analysis of Cloud Management Interfaces, Proc. Third ACM Workshop Cloud Computing Security Workshop (CCSW 11), pp. 3-14, 2011. [13] Thom, Cloud computing security: From Single to Multi-clouds, Department of Computer Science and Computer Engineering, La Trobe University, Bundoora 3086, Australia. Mohammed A. AlZain, Eric Pardede, Ben Soh, James A. [14] Towards Of Secured Cost Effective Multi Cloud Storage In Cloud Computing, Communication Systems, Bannari Amman Institute of Technology. K.RAJASEKAR1 and C. KAMALANATHAN2 32 2015, IJAFRSE All Rights Reserved

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information