• No results found

SURVEY PAPER ON SECURITY IN CLOUD COMPUTING

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SURVEY PAPER ON SECURITY IN CLOUD COMPUTING"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

©Copyright to IJASPM, 2015 IJASPM.org 27

SURVEY PAPER ON SECURITY IN CLOUD

COMPUTING

Jasleen Kaur

Research Scholar, RIMT, Mandi Gobindgarh Dr. Sushil Garg

Principal, RIMT, Mandi Gobindgarh

ABSTRACT:

Cloud Computing provides resources to the users over internet on demand. Service on demand is an important feature of cloud computing as it enables the user to choose the relevant resources while excluding the irrelevant ones. There are many Cloud Service Providers (CSP) such as Google, IBM, Oracle Corporation, Amazon Web Services, etc. which provide cloud services to users. CSPs are third parties who agree to lease out the resources to the users as per their demand and provide the users with various options of cloud deployment models (private, public, hybrid or community) and services (IaaS, PaaS and SaaS) too. Since cloud computing involves internet for data access, third party involvement and multi-tenancy, security stands as a major concern since every organization uploads their very sensitive data onto the cloud. There are ongoing researches to improve security of data in the cloud and in this paper, effort has been made to study the same.

Keywords: Cloud Computing, Deployment Models, Cloud Services, Security concerns. I. INTRODUCTION

Cloud Computing is internet based technology which has evolved in the field of IT over the past few years. Cloud computing makes the transfer or storage of bulk data easy to be transferred and maintained for usage. Organizations need not buy special hardware for deploying different applications since cloud computing provides on demand service to the user which means that all the resources like firewall, server, database and so on that are required by an organization for the deployment of an application may be leased out by some other organization which deals in providing those resources. The latter organizations are known as Cloud Service Providers (CSP). Hence leasing of resources does not levy high cost on the users and at the same time it gives business to other organizations as well. So, cloud

(2)

©Copyright to IJASPM, 2015 IJASPM.org 28 computing is fast becoming popular in the field of IT and is gaining attention of various organizations.

Figure 1: Cloud Computing [4]

There are different deployment models and cloud services which the user can choose from depending on the usage. These are discussed further.

1.1 Cloud Services:

A.) Infrastructure as a Service (IaaS): This is the bottom-most layer of cloud computing stack and provides the consumers with various hardware facilities like that of storage, processors, servers, and networking and as well as some software facilities like virtualization and file system. It allows the consumers to equip resources on demand.

B.) Platform as a Service (PaaS): It is the layer that lies above the IaaS in the stack. It deals with providing development as well as deployment options to the consumers. It basically provides an environment for developing the application with some built-in tools which have some pre-defined functions which help the user to build the application as per requirement. Also, once the application is developed, it may be deployed within the same environment. It also supports renting of resources and the consumers have to pay as per the usage.

C.) Software as a Service (SaaS) : It is the topmost layer in the stack and lies above the PaaS layer. It provides deployment of the end product or software or some web application on the IaaS and PaaS services and provides access to different consumers through some network, probably Internet nowadays. The services of this layer are perceived and manipulated by the consumers. The license to these services may be subscription based or usage based. The consumer may extend the services (subscription as well as scalability) based on the demand.

(3)

©Copyright to IJASPM, 2015 IJASPM.org 29

1.2 Deployment Models

There are different deployment models in cloud computing. These are:

A.) Private Cloud: It is the one in which cloud infrastructure is established within the organization and provides limited access to the users. Since, only privileged users can access the resources on the cloud, it is considered as most secure of all other deployment models. It is deployed where the number of users accessing the information is small.

B.) Public Cloud: It is the one in which cloud infrastructure is shared among different organizations. The public cloud is managed by some third party who lease out the resources to the organizations as per their demand. Hence, the public cloud supports the feature pay per usage. Public clouds are vulnerable to data tampering as there are multiple organizations accessing the applications on sharing basis and hence, it may give easy access to some intruder.

C.) Hybrid Cloud: It is the combination of different clouds. As it is the combination of models, it offers the advantages of multiple deployment models. It provides ability to maintain the cloud as recovery of data is easy in this cloud. It offers more flexibility than both public and private clouds.[3]

D.) Community Cloud: It is the one in which the cloud infrastructure is shared between different organizations with same interests or concerns. The organizations having same requirements (like security, policy, etc.) agree to share the resources from the same party or CSP. Hence, community cloud is basically a public cloud with enhanced security and privacy just like that in private cloud. The infrastructure may be maintained within the organization or outside the organization.

(4)

©Copyright to IJASPM, 2015 IJASPM.org 30

II. LITERATURE SURVEY 2.1 Security Concerns

According to Kazi and Susan[2], “Security in cloud computing”, the next generation architecture of IT Enterprises is cloud computing. They have classified the security threats as external and internal. External threats are related to large data centers. So, in order to ensure security to software or configurations, the cloud users, the CSPs and the third party vendor involved must take the responsibility for ensuring the same.

According to Keiko David, Eduardo and Eduardo [10], “An analysis of security issues for cloud computing”, the risk areas that require security concerns are external data storage, use of public internet for communication purposes, inability of the user to control the privacy of the data, multi-tenancy and integration with internal security.

According to Saurin and Nishant[7] , “A Review on Hybrid Techniques of Security In Cloud Computing”, since data is stored out of sight and control of the users, there have been speculations to use the cloud computing services due to improper application. So, this arise questions related to privacy, confidentiality, integrity and so on and demands a trusted environment where data can be secured efficiently.

According to Rohit and Sugata[13], “Survey on security issues in cloud computing and associated mitigation techniques”, it is convenient to access our hard drives mounted on our own systems, but access to cloud system is not that convenient as the data is stored at some other physical location and if the internet goes down, it will deny any kind of access to the data.

According to Nagaraju and Sridaran, “A survey on security threats for cloud computing”, a

recent survey by International Data Corporation (IDC), 87.5% of the masses belonging to varied levels starting from IT executives to CEOs have said that security is the top most challenge to be dealt with in every cloud service.[15]

2.2 Related Work

A.) Sanjoli and Jasmeet [12], “Cloud data security using authentication and encryption technique”, propose blend of two different algorithms for ensuring security: Extensible Authentication Protocol-CHAP and Rijndael Encryption Algorithm. EAP(Extensible Authentication Protocol) is implemented for authentication purpose. Challenge-Handshake Authentication Protocol (CHAP), a method of EAP, is used for authentication. Rijndael is used for encryption purpose. Client side security has been focused in this paper. Rijndael makes the system secure.

(5)

©Copyright to IJASPM, 2015 IJASPM.org 31 B.) Shirole and Sanjay[17], “Data Confidentiality in Cloud Computing with Blowfish Algorithm”, propose a system that uses encryption technique to provide reliable and easy way to secure data for resolving security challenges. Scheduler performs encryption on plain data into cipher data followed by uploading of ciphered data on the cloud. When the data is to be retrieved from the cloud, it is obtained in plain data format and is stored on the system. This preserves data internally. And hence, this builds a relationship of cooperation between operator and service provider. This model uses OTP(One-Time Password) for authentication purpose and Blowfish algorithm for encryption purpose.

C.) Garima and Naveen [16], “Triple Security of Data in Cloud Computing”, proposed a

system for securing the cloud by using three algorithms: DSA (Digital Signature Algorithm), AES (Advanced Encryption Standard) and Steganography step by step. In order to encrypt the data, DSA is applied for authentication purpose followed by AES for encryption and then finally concealing data within audio file using Steganography for utmost security. Once encryption is complete, the receiver may decrypt the data by applying reverse of the applied algorithms. But, it is found that the time complexity is high because it is a one by one process.

D.) Sunita and Ambrish[18], “Cloud Security with Encryption using Hybrid Algorithm and

Secured Endpoints”, propose a hybrid algorithm for securing the cloud. In order to encrypt

the message, in the first place the password is encrypted using Ceaser cipher followed by

encryption using RSA substitution algorithm and then further final encryption by the mono alphabetic substationmethod. Once the encryption process is over, the password is sent to the server with the plaintext user name and then user get access to the system on successful matching. This makes the system secure and increases the speed of correction of critical issues along with determining the root causes of vulnerability and software security assurance processes.

III. CONCLUSION

From the above survey, it is learnt that cloud computing is definitely the buzzword in the market nowadays, grabbing attention of IT people and also giving business to numerous companies.

But, just as a coin has two sides, so does cloud computing has its own advantages and pitfalls. Amongst the pitfalls, security is area of major concern as every organization handovers their very sensitive data to CSPs. Security of data is something that may affect the quality of service (QoS) of CSPs. So, the CSPs must make sure that they use appropriate techniques and methods to secure the data.

(6)

©Copyright to IJASPM, 2015 IJASPM.org 32

IV. REFERENCES

[1] http://en.wikipedia.org/wiki/Category:Cloud_computing_providers

[2] Zunnurhain, Kazi, and Susan V. Vrbsky. "Security in cloud computing." Proceedings of the 2011

International Conference on Security & Management. 2011.

[3] Kaur, Jasleen, Anupma Sehrawat, and Ms Neha Bishnoi. "Survey Paper on Basics of Cloud Computing and Data Security." International Journal of Computer Science Trends and Technology (IJCSTT) (2014). [4] http://cloudcomputingcafe.com/

[5] Zissis, Dimitrios, and Dimitrios Lekkas. "Addressing cloud computing security issues." Future

Generation computer systems 28.3 (2012): 583-592.

[6] SO, Kuyoro. "Cloud computing security issues and challenges." International Journal of Computer

Networks (2011): 11-14.

[7] Khedia, Saurin, and Nishant Khatri. "A Review on Hybrid Techniques of Security In Cloud Computing." [8] http://www.verio.com/resource-center/articles/cloud-computing-benefits/

[9] http://mobiledevices.about.com/od/additionalresources/a/Cloud-Computing-Is-It-Really-All-That-Beneficial.htm

[10] Hashizume, Keiko, et al. "An analysis of security issues for cloud computing." Journal of Internet

Services and Applications 4.1 (2013): 1-13.

[11] Singh, Palvinder, and Er Anurag Jain. "Survey Paper on Cloud Computing."

[12] Singla, Jasmeet Singh. "Cloud data security using authentication and encryption technique." Global

Journal of Computer Science and Technology 13.3 (2013).

[13] Bhadauria, Rohit, and Sugata Sanyal. "Survey on security issues in cloud computing and associated mitigation techniques." arXiv preprint arXiv:1204.0764 (2012).

[14] Ren, Kui, Cong Wang, and Qian Wang. "Security challenges for the public cloud." IEEE Internet

Computing 16.1 (2012): 69-73.

[15] Nagaraju Kilari, Dr R. Sridaran. "A survey on security threats for cloud computing." International

Journal of Engineering Research and Technology. Vol. 1. No. 7 (September-2012). ESRSA Publications,

2012.

[16] Saini, Garima, and Naveen Sharma. "Triple Security of Data in Cloud Computing." International

Journal of Computer Science & Information Technologies 5.4 (2014).

[17] Subhash, Shirole Bajirao. "Data Confidentiality in Cloud Computing with Blowfish Algorithm."

International Journal of Emerging Trends in Science and Technology 1.01 (2014).

[18] Rani, Sunita, and Ambrish Gangal. "Cloud security with encryption using hybrid algorithm and secured endpoints." International journal of computer science and information technologies 3.3 (2012): 4302-4304.

References

Download now ( PDF - 6 Page - 723.16 KB )

Related documents

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

The cloud provider (CP) is responsible for cloud infrastructure and for control data and operations within cloud.. • Private cloud - operated solely for an organization,

Missouri. onservationist SERVING NATURE & YOU VOLUME 71, ISSUE 8, AUGUST 2010

The area constitutes the largest continuous stretch of forest north of the Missouri River in the state and is sanctuary to a unique wildlife population that includes deer,

OFFICE OF THE KANGRA CENTRAL COOPERATIVE BANK LTD.

4 Tender form must accompany earnest money in shape of Term Deposit Receipt only duly pledge in favour of the General Manager, The Kangra Central Cooperative Bank Limited Dharamshala

Pharmacognosy Handouts [Tannins + Lipids + Oils + Waxes] By, Sir Tanveer Khan

Constituents: Glycerides of;  Palmitic acid  Stearic acid  Arachidic acid  Oleic acid  Linoleic acid  Linolenic acid Uses:  Nutritive SUNFLOWER OIL

Avnet's Guide to Cloud Computing

• Virtual Private Cloud - A virtual private cloud is a model of cloud computing in which a private cloud solution is provided within a public cloud provider’s infrastructure.. •

Journey to the Private Cloud. Key Enabling Technologies

External Cloud Virtualized Data Center Internal Cloud Cloud Computing Private Cloud Security Information Identity Policy-based Management Infrastructure Virtualization

Recent Advances in Cloud Security

criteria and application of platform security evaluation of Cloud Computing; management of users authorized to access to the exotic cloud services and access manners; the security

Cloud Security Certification Guide What certification is right for you?

The CCSK certification was established by the Cloud Security Alliance as a foundation of cloud security knowledge for newcomers to the cloud computing arena.. The CCSK provides