Enhanced Survey and Proposal to secure the data in Cloud Computing Environment



Similar documents
Data Integrity for Secure Dynamic Cloud Storage System Using TPA

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Data Integrity Check using Hash Functions in Cloud environment

EFFICIENT AND SECURE DATA PRESERVING IN CLOUD USING ENHANCED SECURITY

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

Secured Storage of Outsourced Data in Cloud Computing

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

Public Auditing for Shared Data in the Cloud by Using AES

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Improved Storage Security Scheme using RSA & Twofish Algorithm at Window Azure Cloud

Privacy Preserving Public Auditing for Data in Cloud Storage

A Survey on Cloud Computing

A Study of Infrastructure Clouds

Introduction to Cloud Computing

International Journal of Advanced Research in Computer Science and Software Engineering

CLOUD COMPUTING: A NEW VISION OF THE DISTRIBUTED SYSTEM

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

ADVANCE SECURITY TO CLOUD DATA STORAGE

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Understanding the Cloud: Towards a Suitable Cloud Service

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

Keywords-- Cloud computing, Encryption, Data integrity, Third Party Auditor (TPA), RC5 Algorithm, privacypreserving,

Security issues for Cloud Computing

International Journal of Computer Engineering and Technology (IJCET), ISSN (Print), INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &

Security and Privacy in Cloud Computing

AN EFFICIENT STRATEGY OF THE DATA INTEGRATION BASED CLOUD

SECURING CLOUD DATA COMMUNICATION USING AUTHENTICATION TECHNIQUE

How To Understand Cloud Computing

How To Understand Cloud Computing

Proof of Retrivability: A Third Party Auditor Using Cloud Computing

Layered Mapping of Cloud Architecture with Grid Architecture

International Journal of Advanced Research in Computer Science and Software Engineering

The Hidden Extras. The Pricing Scheme of Cloud Computing. Stephane Rufer

Survey Paper on Integrity Auditing of Storage

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

Cloud computing security using encryption technique

A REVIEW PAPER ON CRYPTOGRAPHIC APPROACH FOR LICENSE MANAGEMENT SYSTEM IN CLOUD COMPUTING

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

How To Design A Cloud Data Storage Service For A Cloud Computer System

A Survey on Cloud Computing Security, Challenges and Threats

Geoprocessing in Hybrid Clouds

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

An Overview on Important Aspects of Cloud Computing

Implementing Efficient Monitoring And Data Dynamics For Data Storage Security in Cloud Computing

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

DEFINING CLOUD COMPUTING: AN ATTEMPT AT GIVING THE CLOUD AN IDENTITY.

SECURE AND TRUSTY STORAGE SERVICES IN CLOUD COMPUTING

Optimized and Secured Educlouds by Implementing Virtualization

CLOUD COMPUTING SECURITY CONCERNS

Security Considerations for Public Mobile Cloud Computing

Customer Security Issues in Cloud Computing

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

Cloud Template, a Big Data Solution

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

Verifying Correctness of Trusted data in Clouds

Keyword: Cloud computing, service model, deployment model, network layer security.

Public Auditing & Automatic Protocol Blocking with 3-D Password Authentication for Secure Cloud Storage

An Efficient data storage security algorithm using RSA Algorithm

What Is It? Business Architecture Research Challenges Bibliography. Cloud Computing. Research Challenges Overview. Carlos Eduardo Moreira dos Santos

Security Issues In Cloud Computing and Countermeasures

Dynamic Query Updation for User Authentication in cloud Environment

SECURITY THREATS TO CLOUD COMPUTING

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

How To Ensure Correctness Of Data In The Cloud

An Efficient Secure Multi Owner Data Sharing for Dynamic Groups in Cloud Computing

Privacy preserving technique to secure cloud

Information Security Management System for Cloud Computing

Preserving Data Integrity and Public Auditing for Data Storage in Cloud Computing

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Reallocation and Allocation of Virtual Machines in Cloud Computing Manan D. Shah a, *, Harshad B. Prajapati b

Cloud Security through Key Agreement

Third Party Auditor: An Integrity Checking Technique for Client Data Security in Cloud Computing

THE CLOUD AND ITS EFFECTS ON WEB DEVELOPMENT

Cloud Computing For Distributed University Campus: A Prototype Suggestion

How To Secure Cloud Computing, Public Auditing, Security, And Access Control In A Cloud Storage System

Cloud Computing and its Security in Higher Education

Dynamic Resource Pricing on Federated Clouds

CLOUD COMPUTING: THE EMERGING COMPUTING TECHNOLOGY. Feng-Tse Lin and Teng-San Shih. Received May 2010; accepted July 2010


Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

Enhancing Accountability for Distributed Data Sharing in the Cloud

SHARED DATA & INDENTITY PRIVACY PRESERVING IN CLOUD AND PUBLIC AUDITING

[Sudhagar*, 5(5): May, 2016] ISSN: Impact Factor: 3.785

Analysis of Cloud Computing Vulnerabilities

Enhancing Data Availability of large Cloud Storage keys

Third Party Auditing For Secure Data Storage in Cloud through Trusted Third Party Auditor Using RC5

Near Sheltered and Loyal storage Space Navigating in Cloud

Mobile Cloud Computing Security Considerations

Enable Public Audit ability for Secure Cloud Storage

Cloud Computing: Technical Challenges and CloudSim Functionalities

Security in Data Storage and Transmission in Cloud Computing

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS

Cloud Based E-Government: Benefits and Challenges

Data Security in Cloud Using Elliptic Curve Crytography

RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

Transcription:

Enhanced Survey and Proposal to secure the data in Cloud Computing Environment MR.S.SUBBIAH, Research Scholar PRIST University Thanjvur, Tamil Nadu. subbussp2007@gmail.com DR.S.SELVA MUTHUKUMARAN, Director, Department of Computer Applications A.V.C.College of Engineering Mayiladuthurai, Tamil Nadu. smksmk@gmail.com DR.T.RAMKUMAR, Professor, Department of Computer Applications A.V.C.College of Engineering Mayiladuthurai, Tamil Nadu. ramood@yahoo.com Abstract: Cloud computing have the power to eliminate the cost of setting high end computing infrastructure. It is a promising area or design to give very flexible architecture, accessible through the internet. In the cloud computing environment the data will be reside at any of the data centers. Due to that, some data center may leak the data stored on there, beyond the reach and control of the users. For this kind of misbehaving data centers, the service providers should take care of the security and privacy of the data stored in the data centers through the cloud computing environment. This survey paper try to elaborate and analyze the various unresolved issues in the cloud computing environment and try to propose an alternate method which can be useful to the various kind of users who are willing to get into the new era of cloud computing. Moreover this paper try to give some suggestions in the area of Securing the data while storing the data in the cloud server, implement new Data displacement strategies, Service Level Agreement between the user and the Cloud Service Provider and finally how to improve the Quality of Service. Keywords: Cloud computing, Trusted third party, Service level agreements. 1. INTRODUCTION NIST Definition to Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. B. Kepes to Cloud Put simply Cloud Computing is the infrastructural paradigm shift that enables the ascension of SaaS. It is a broad array of web based services aimed at allowing users to obtain a wide range of functional capabilities on a pay-as-you-go basis that previously required tremendous hardware/software investments and professional skills to acquire. Cloud Computing is a long standing dream of Computing people, because it provide all the things as a service, it will be more user friendly to use. It also reduce the CapEx of the IT industry. Due to this technology the industry will use the balance amount into the innovative and promotional uses. Due to the development of Internet, various kinds of technologies are evolved. One among the technology is Cloud Computing Era. This technology is evolved as a modern technology and all the software companies are trying to enter into the world of Cloud Computing. In the upcoming years the market share of cloud computing will be increased massively. The combination of Hardware service and Software service is called as Cloud. The user of the cloud computing environment will have the following advantages. Elimination of the upfront commitment, if they are in a need they go for the cloud provisioning. Avoidance of infinite computing resources. Ability to pay per use model for the short term or long term basis. ISSN : 0975-5462 Vol. 5 No.01 January 2013 49

If a user willing to use the cloud environment they need not be a over provisioning infrastructure. If they are in a need of things they can adopt and accept the services from the Cloud and pay for the usage and return back the provisioning they had. It is very easy to adopt or use. The advantage of cloud computing environment are (i) We can reduce the Hardware and Maintenance cost (ii) Accessibility around the globe (iii) Flexibility (Cloud computing is an Elasticity Computing by nature itself). By using the cloud computing the customer need not worry about software up gradation and software licensing. 2. COMPARING CLOUD WITH GRID In this section we are going to compare the Cloud Computing Environment with Grid Computing Architecture. In Grid Computing the Resource Sharing is fair, it provides ability to Virtualizes, Security services and Credential delegation to access all the resources available, Scalable is mainly by increasing the number of working nodes, Payment is done by public funding, It uses fixed payment per service, and they are committed to a concrete in Quality of Service. On the other hand the Cloud Computing Environment it provides the Resource on demand, it also provides virtualizes hardware, in Security services each user has unique access to its individual users, it offers automatic resizing for scalability, by dynamic reconfiguration. So it will be more comfort in cloud, it has been driven for commercial offers, it is a pay per use model, Quality of service is internet feature based. Both model Supports heterogeneous hardware and software resources. However, what distinguishes Cloud Computing from Grid Computing is being web-centric, despite some of its definitions being conceptually similar. 3. SERVICES AND TYPES OF CLOUD By cloud computing the customer can have anything as a service. The various kinds of services provided by the cloud computing environment are (i) Software as a Service (SaaS), (ii) Platform as a Service (PasS), (iii) Infrastructure as a Service (IaaS) and more over the customer can have, (iv) anything as a service (XaaS). The Customer will be free from investing more for hardware and software. The customer has to pay only for the use. The various kinds of basic cloud architecture are as follows 3.1 Public Cloud: The cloud which is made available to public as pay per use model. Ex: Amazon Web Services, Google App Engine and Microsoft Azure. 3.2 Private Cloud: If the Cloud which is provisioned only for the use of particular people, this kind of cloud environment will not be allow the public uses. Ex: Data Centers for private companies. 3.3 Community Cloud: The Community Cloud is as much a social structure as a technology paradigm, because of the community ownership of the infrastructure. Carrying with it a degree of economic scalability. 3.4 Hybrid Cloud : A hybrid cloud is a combination of public and private clouds. The definition from the National Institute of Standards and Technology (NIST), a hybrid cloud is a combination of public and private clouds bound together by either standardized or proprietary technology that enables data and application portability. Utility computing is getting new by various number of service providers. They offer storage and virtual servers based on demand. By this kind of service the user can have Flexible and Elastic services by on demand By the increase of on demand application through the growth of the internet, the potential of cyber attacks also increases. Due to this we are going to discuss the risk factors, current system architecture, proposed system and conclusion in following sections of this paper. 4. RISK FACTORS WHEN GET INTO THE CLOUD When a person or a company wants to get into the cloud computing environment they have to care about the following things like privacy, security, reliability, performance and portability. In this security is the major threat to the cloud computing because of the multi tenancy architecture. So the service providers are also give the comfort of trust us to the users who are willing to move into the cloud environment.the service provider have to take the responsibility of the security issues at the following levels. ISSN : 0975-5462 Vol. 5 No.01 January 2013 50

4.1 SQL Injection attacks This technology is used to attack the database through website. It is a code injection method that exploits a security in a website. 4.2 Cross site Scripting attacks It can be called as XSS, it is also a type of security vulnerability found in web applications. 4.3 Man in middle attacks In this kind of attack the attacker makes a independent connection between the persons and watching the happenings without the knowledge of them. 4.4 Denial of Service attacks In this kind of attack the server or the system will not be available when the request from the intended users. 4.5 Sniffer attacks In this attack, if the packet is not encrypted a sniffer can read all the content of the packet. Sniffer can be a application or a device. 4.6 Security concern with the virtual machine Manager The service provider must be very care, on the service given to their users because they are running on the VM technology. Hyperviser or Virtual Machine Manager plays an important role in the cloud environment. That allows multiple operating systems to run on the system at a same time. The users mainly prefer the cloud environment for the storage purpose. That is the data centers. In this purpose there is no 100 percent surety for the security of the data stored in the data centers. In the next portion we are going to discuss the current architecture of the security model in the cloud computing environment. 5. CURRENT SYSTEMS ARCHITECTURE Fig.1: Existing system architecture The entities available with the current architecture are users, cloud service providers, cloud storage servers and the optional third party. The data will be stored in various data centers through the CSP. The user have to know the correctness of the data at equal feasible time interval. If the user have no enough time to verify the correctness of the data, then the user will request and the delegate the work to the optional TPA to ensure the correctness of the data. In this method we should not sure about the issue of the data privacy. Because the data will be audited by TPA. In current system architecture the data flow will be done directly from the users and the CSP directly. From the CSP the data will be stored in the data centers which one having the available facilities. This model lacks the support of the public audit to ensure the data stored in the remote data centers because they are placed as optional only. In some papers the TPA can be defined as an entity, that have more capable and expertise than the clients and is trusted to assess the risk of cloud storage services for the clients upon request. ISSN : 0975-5462 Vol. 5 No.01 January 2013 51

6. PROPOSED SYSTEM Fig.2: Proposed system architecture In the proposed model, we are going to introduce the Trusted Third Party (TTP). Because the biggest problem faced by the computer technology is data security, due to the users works with very sensitive information. For that we are going to make a new model called Trusted Computing Technology (TCT) using TTP. In the cloud environment various numbers of users want to join, it means join into the cloud computing environment, due to the elastic nature of the architecture. The proposed system consists of the following four directions to improve the quality of the Cloud Environment 6.1 Enhanced Security 6.2 New Data Displacement Strategies 6.3 User oriented Service Level Agreement 6.4 Improving the Quality of Service 6.1 Enhanced Security: Proposal 1: Here we try to introduce a Trusted Third Party (TTP) like a ticket granting server. If a user want to access the data stored in a cloud server or a data center the user must get authentication key from the TTP, then the user first interact with the Cloud Server, the authentication key will be verified then only the user will be allowed to access the data which is stored in the cloud server or the datacenter. The user must get the authentication key for each and every time. By this we can avoid the misbehaved nodes. If a user wants to join into the cloud, first step the user have to prove their identity. In this system the user first communicate with the TTP and reveal their identity. Then the TTP check with the identity provided by the user and verify for the trust worthy of the user. If found the trustworthy then it will give a secure key. The key may be combined with the system IP address, and the key given to the user will also be informed to the CSP and Cloud Data Center. Then the user has to enter into the cloud data center through the CSP with the secret key which was given by the TTP. If the key match with the key given by TTP to the CSP, then the user will be allowed to access the Data Center. Proposal 2: In this proposal we try to implement a new strategy like SSS scheme for the encryption key (Secret Sharing Scheme). This scheme will be work on the base of Onion Routing method. By this the Encryption key will be split into number of pieces and will be stored among the various systems which are connected to the network, due to this if anyone node alone cannot get the data from the cloud server. For this kind of operation we have to introduce more number of TTP s. Proposal 3: Try to implement new enhanced methods for encryption use Polynomial Advanced Encryption Standard for Authentication phase and Elliptical Curve Cryptography for the encryption phase. Also try to add digital signature pattern to more secure. Proposal 4: Analyze the new enhanced standard with already existing algorithms like DES, Triple DES and Blow fish. 6.2 New Data Displacement Strategies: By data displacement strategy the user will be allowed to choose the data centers were he wants to store the data. The cloud service provider will also use the pattern matching technology to make decision in the storage area. 6.3 User Oriented Service Level Agreement: In this area here we try to impose new user oriented service level agreement which will give more safer to user side like The service provider will provide Availability of the service to customer needs. ISSN : 0975-5462 Vol. 5 No.01 January 2013 52

The service provider should follow the NIST standards and security practices. The CSP will provide confidentiality agreement. The CSP will disclose the contract termination date and policies of termination, and open strategies to move from one service provider to another one. The CSP will provide the details of the storage where the customer data is stored on the request by this the user will be know the position of their data, it gives safest mind set to the user. 6.4 Improving the Quality of Service: By the implementation of the above sections, we are going to analyze current improvement in the Quality of the service both the view of user side as well as in the service provider side. 7. CONCLUSION By this paper we are proposing a new architecture to secure the data stored in cloud data center. More over in this paper we try to implement data displacement strategy, user oriented Service Level Agreement and Improve the Quality of the service. In future the system can be more improvised using more number of TTP to authenticate the users. Some kind of latest algorithms can be implemented. This method will provide more security to the cloud computing environment to achieve the trusted computing technology. The integration of architecture in the cloud based environment is some what challenging than other areas. So, we will make the actual design and implementation in the near future by using the various kinds of algorithms and get the result through the simulation environment. 8. REFERENCES: [1] http://www.nist.gov/itl/cloud/ [2] M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, Above the Clouds: A Berkeley view of Cloud Computing, University of California, Berkeley, 2009. http://d1smfj0g31qzek.cloudfront.net/ abovetheclouds.pdf [3] I. Foster, Y. Zhao, I. Raicu, and S. Lu, Cloud Computing and Grid Computing 360-degree compared, in Grid Computing Environments Workshop, 2008, pp. 1 10. [4] G. Gruman and E. Knorr, What Cloud Computing really means, InfoWorld Inc., Tech. Rep., 2008. http://www.infoworld.com/article/08/04/07/15fe-cloud-computing-reality 1.html [5] Gartner, Cloud Computing will be as influential as e business, Gartner, Tech. Rep., 2008. http://www.gartner.com/it/page.jsp?id=707508 [6] Amazon, Amazon Elastic Compute Cloud (EC2), Amazon Web Services LLC, Tech. Rep., 2009. http://aws.amazon.com/ec2/ [7] Environmental Protection Agency, EPA report to congress on server and data center energy efficiency, US Congress, Tech. Rep., 2007 [8] Ayman Kayssi, Ali Chehab, and Wassim Itani Privacy as a service:privacy - Aware Data Storage and Processing in Cloud Computing Architectures in 2009 IEEE International Conference on dependable, Autonomic and Secure Computing,pp 711-716 [9] Khalid Al-zamil, Najib A.Kofahi, and Turki Al-Somani, Performance Evaluation of Three Encryption / Decryption Algorithms, in IEEE 2004 pp 790-793 [10] Bhaskar Prasad Rimal, Eumni Choi and Ian Lumb, A Taxonomy and Survey of Cloud Computing Systems, 2009 5 th International Conference on INC, IMS and IDC pp 44-51 [11] Richard Chow, Philippe Golle, Markus Jakobsson, Controlling Data in the Cloud Outsourcing Computation without Outsourcing Control. [12] Jorg Schwenk, Luigi Lo Iacono, Meiko Jensen and Nils Gruschka, On Technical Security Issues in Cloud Computing, 2009 IEEE International Conference on cloud computing, pp 109-116 [13] Aamer Nadeem and Dr.M.Younus Javed, A Performance Comparison of Data Encryption Algorithms, IEEE 2005 pp 84-89 [14] Cong Wang, Kui Ren, Qian Wang andn Wenjing Lou, Ensuring Data Storage Security in Cloud Computing, 2009 IEEE [15] Michael Cobb, Founder, Cobweb Applications Ltd., Network data encryption security a key to cloud computing requirements [16] Michael Cobb, Founder, Cobweb Applications Ltd., Building a secure cloud computing infrastructure: The case for single sign on. Profile of Authors: Mr.S.Subbiah is currently working as Head, Department of Computer Science and Engineering, Trichy Engineering college. He received his M.E., Degree in Computer Science and Engineering from Anna University and Pursuing is part time research in PRIST University, Thanjavur in the field of Cloud Computing. He is a fellow member of CSI, ISTE. Dr.S.Selvamuthukumara is currently working as Director at Dept.of Computer Applications, A.V.C.College of Engineering, Tamilnadu,India. He received his Ph.D degree in Computer Science in the field of Computer Vision. He has published more than 25 technical papers in national and international conferences and journals. Presently he is guiding scholars in the field of Computer Vision and Big Clouds. He is the Fellow Member of IEEE,CSI,ISTE. Dr. T. Ramkumar is currently working as professor in the Department of Computer Applications, A.V.C.College of Engineering, Mayiladuthurai, Tamilnadu, India. He has received Ph.D degree in Computer Science during the year December 2010 from Anna University, Chennai. His area of specialization includes Knowledge discovery from multiple databases and Object Computing. He is the fellow member of ISTE.He is presently guiding research scholars in the areas of Bio-Informatics and Data Mining. ISSN : 0975-5462 Vol. 5 No.01 January 2013 53

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information