• No results found

Review on A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "Review on A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014)

438

Review on A Business Model for Cloud Computing Based on a

Separate Encryption and Decryption Service

Gauravsinha Thakur

1

, V Kala

2

1

M. Tech Scholar, 2Assistant Professor, Department of Computer Science & Engineering, Maharashtra Institute of Technology (MIT), Aurangabad, Maharashtra, India

Abstract— Many Organization, Institute or Enterprises store data on internal storage and secure them by the help of Firewall from unwanted users, they provide a standard way to access the data so as to prevent from insiders to access data

without allowing such as authentication and

encryption/decryption. Cloud service provider is able to provide the authentication, editing, Storage and encryption/decryption, but if this services are provided by a single service provider than chances of miss use of data is more by top level authority’s or administrator . This paper gives an idea of providing security to data by separating Storage service, Encryption/Decryption service and Authentication and auditing service. This paper also proposes, storage service must store encrypted data and the encryption/decryption; authentication service must delete all the data after the computation is over. An Multi Party service level agreement is to be made between this service providers to make an hand in hand successful process.

Keywords— cloud computing, service level agreements, encryption and decryption cloud service, data privacy protection.

I. INTRODUCTION

The cloud computing service is becoming very used and provided service for Storage, Infrastructure, Software and Providing Platform [1]. The cloud computing service needs an Internet connection and a basic computer configuration to be provided to the user applying for it. In cloud computing, user is served with service as and when demanded for, Service may be a Software, a hardware device needed for personal use or industrial(professional) use or a Storage needed for storing data. This services provided are secured by various tactics and methods, as data on storage service is secured by firewall to be protected from internal user access. The cloud service provider, adjust according to need of user on storage, transmission speed, no. of applications use, data encryption, data privacy etc as stated in Agreement. The Agreement includes service items, service scope, scope of privacy and protection, client responsibility etc.

By signing Service Level Agreements (SLA)[2] the client gives confirmation to understanding and agree to those services provided by service provider. This paper proposes a model that is secure for cloud computing based storage by separating the service provider for different service as storage service provided by one service provider and Encryption/Decryption, Auditing service is provided by the other cloud service provider. In this proposal, Storage system will be unable to access the Encryption/Decryption keys table, password table provided by different cloud provider system. The Encryption/Decryption server has to delete all the temporary data when transmission is complete.

Separating Storage service and Encryption/Decryption service requires a very unique model of Cloud computing that are provided by different service providers. This service provider must sign an conventional and compromising Service level agreement for better performance, trustworthy performance and providing services to clients.

II. LITERATURE REVIEW

Cloud computing provides seemingly unlimited “virtualized” resources to users as services cross the whole Internet. Cloud provides different services (Storage, Hardware etc) for low cost. As cloud computing becomes prevalent, an increasing amount of data is being stored in the cloud. Cloud computing entrusts remote services with a user's data, software and computation.

(2)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014)

[image:2.612.71.276.144.350.2]

439 Figure 1: Cloud Computing Layer Architecture.

Figure shows the layer structure with platform as a service as the value-added infrastructure service. SaaS reduces the cost required to outsourcing Hardware and Software for maintenance. Cloud has provided a high speed, high performance and a large storage space for storing and at the time of retrieval also. Cloud computing is depended on sharing of resources to achieve coherence and economics scale similar to a utility (like the electricity grid[4] over a network)

A. User Data Privacy Concern in Cloud Computing In Cloud computing service, the devices used for providing services to user can be taken from one service provider but in this service provider if responsibility for storing and encrypting/decrypting data is with same service provider than there is a huge risk for miss use of rights of administrator to use the data for its personal use or for others.

B. Existing methods for protection of client data

In existing Cloud computing system, User is authenticated before allowing it for any process and if user is authenticated user then only he/she can interact with the further services. After the authentication of user the data of client is encrypted and stored at storage of cloud. Mostly used data encryption technology are symmetric and asymmetric cryptography algorithms. In symmetric cryptography a secret key is used for encryption and decryption and in asymmetric cryptography two keys are used „Public key‟ for encryption and „Private key‟ for decryption.

Symmetric cryptography are Data Encryption Standard(DES), Triple Data Encryption Standard(3-DES), Advance Encryption Standard(AES) [5] etc. Asymmetric key algorithm are RSA cryptography [6] and Elliptic curve Cryptography(ECC) [7]. Authentication by help of password is done commonly by every cloud service provider, for this every user has to register himself/herself with the provider and a unique UserId and Password is allocated to user and directly stored at the password file of database and This file is encrypted and protected from other system files of the cloud.

When a client logs in to cloud, client enters his UserId and Password. These are encrypted to form digest and then digest sends it to server side. Server encrypts the stored password and compares with digest of client and if both are same then client is an authorized user , access is given to him but if administrator having high privileges can decrypt the file which can make an unauthorized access to clients data.

III. PROPOSED MODEL

[image:2.612.335.563.434.534.2]

Basic concept: This paper propose a secure model for cloud computing based on two separate cloud service providers that is separating data and encryption/decryption service

Figure 2: Storage as an independent service

Above figure shows that Authentication and Encryption/Decryption service is provided by one cloud service provider and Storage service is provided by another cloud service provider. A CSP that provides storage stores the data in encrypted format and has no control over the cloud that provides authentication and Encryption/Decryption service. The service provider has to delete the temporary data when the computation is done so as admin can be restricted from unauthorized use of it.

The paper concept can be shown as given in the following figure

Client

(Web Browser, Mobile application, terminals)

Software as a Service (SaaS)

(Email, CRM, Virtual Desktop etc)

Platform as a Service (PaaS)

(Compiler, Database , Web Server etc)

Infrastructure as a Service (IaaS)

(Storage, Network, Processor Speed etc)

Encryption/De cryption and Authentication Storage as a

(3)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014)

[image:3.612.28.310.140.270.2]

440 Figure 3: Model of cloud computing with separate storage and

authentication, encryption/decryption, auditing services

Above figure illustrates the concept of paper, in this client uses the storage and encryption/decryption & authentication service separately. The Storage service provider and Encryption/decryption, Authentication service provider are independent from each other. Storage service provider is Cloud Service Provider 1 (CSP1) and Encryption/Decryption Service Provider is Cloud Service Provider 2 (CSP2).

Both the service provider has to work in cooperative manner, this can be achieved it by signing a Service Level Agreement (SLA).

A. Operation of Authentication and Encryption/ Decryption as a Service

The authentication of user is done by UserId and Password. They are generated and stored in the database from first. This can be used single time or multiple times. That is why it‟s not a secure one as discussed above. This approach, limitation is if client generates password at login time then it can make denial of service attack (DOS) [8].This paper propose a solution to avoid this type of limitation by separating authentication as a service.

Figure 4: Authentication as a service

[image:3.612.333.567.461.591.2]

In cloud computing when a client wants to access the service, client must have to go through the process of authentication and if the client is a new client then he has to register to get the cloud service as given in step 1. E-commerce application is used for registration/login process by this step. The data of client while the time of registration is stored in cloud service provider (CSP2) for its authentication. Once the client has registered then he has to go through the login process to get into the cloud, then authentication server will check whether client is authorized or not and if it is the case then authorization is provided as shown in step 2. As shown in step 3 After authorization if client wants access of data that is stored before, then request for accessing the data is generated from client to CSP1 server. In step 4 & 5 CSP1 will check whether client is valid or not and if client is authorized client request is granted and the requested data is transferred as in step 6. Two factor authentication with symmetric key encryption which is proposed by some scientists is a way to overcome the limitations of two factor authentication with symmetric key that is admin as given in review. These factors/keys are from something the user knows (e.g. Password, pin, pattern), something the user has (e.g. ATM card, smart card) and something the user is (e.g. biometric characteristic such as a fingerprints). Working model of two factor authentication mechanisms with symmetric key encryption is as shown in below figure.

Figure 5: Two factor authentication mechanism with symmetric key encryption

Except storing the password, digest is stored in database. While authentication, digest created by client side is compared with digest stored in database, in this AES algorithm with key factor is used by point of security. Encryption/Decryption as a service concept is proposing separation of storage and encryption/decryption of user data and it is shown in figure.

Encryption/Decrypti on and

Authentication

[image:3.612.50.284.566.703.2]
(4)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014)

[image:4.612.53.282.138.449.2]

441 Figure 6: Data storage diagram

Figure 7: Data Retrieval diagram

This above figure shows data retrieval process, in this process when client wants to access the data which is encrypted and stored at cloud storage server(CSP1) then the data is transferred to Encryption/Decryption server (CSP2) for decryption and after decryption of data ,it is transferred to client(user).

Encryption/Decryption and storage services are provided in this model. Unencrypted user data may not be stored in software as a service(SaaS). In this concept , if encryption/decryption cloud service provider encrypts the user data the service provider must delete all encrypted and decrypted data.

When a client logins the system successfully than suppose if he sends request a file from storage, UserId will be send to encryption/decryption server as given in step 1. In step 2 Storage server sends encrypted data to encryption/decryption server for decryption.

Now encryption/decryption server fetch the clients private key and decrypt the file, decrypted file is send to client and temporary data is deleted to secure the encrypted data.

Data storage is shown in above figure. When a client store the data in Storage server of cloud(CSP1) data is first transferred to Encryption/Decryption server(CSP2) for encryption. Data is encrypted first and after encryption at encryption/decryption server(CSP2) data is send to Storage server(CSP1) for storage. After storage of data a Success message is send to client.

Likewise, if login is successful then a client sends data to store it with UserId to encryption/decryption server(CSP2). Depending upon the UserId, will fetch encryption/public key by using this it can encrypt all clients data and this encrypted data is transferred to storage server. At last After storing the data successfully ,a message of success is send to user. Private and Public keys are handled and saved by Encryption/Decryption server. SSL protocol implementation can secure keys from sniffing attacks.

IV. SERVICE LEVEL AGREEMENT

(5)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 4, Issue 12, December 2014)

442 C. Figures and Tables

Figures and tables must be centered in the column. Large figures and tables may span across both columns. Any table or figure that takes up more than 1 column width

V. CONCLUSION

Three services are provided by cloud Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud service can be accessed by a device that can access the internet, the device may be Laptop, PC, Smart Phone etc. A Cloud computing, all users data is encrypted and stored in Cloud service provider.

If storage and encryption/decryption are provided by a single service provider than there may be a more chances for unauthorized access of data from high level authority like System administers, as he has access to Decryption key and Encrypted data that is stored. This paper proposes a Secured cloud computing model based on separating the cloud computing services into two different service providers. Therefore a contract is to be signed for establishing a cooperation model for providing common services to clients. The main aim of this paper is dividing of authority to reduce operational risk due to which unauthorized access of data.

REFERENCES

[1] M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, On

Technical Security Issues in Cloud Computing. IEEE, .

[2] “Service Level Agreement and Master Service Agreement”,

http://www.softlayer.com/sla.html, accessed on April 05, 2009.

[3] S. Berger, R. Caceres, D. Pendarakis, R. Sailer, E. Valdez, R. Perez,

W. Schildhauer, and D. Srinivasan, “Security for the cloud infrastrcture: trusted virtual data center (TVDc).” [Online]. Available: www.kiskeya.net /ramon/work/pubs/ibmjrd09.pdf

[4] G. Frankova, Service Level Agreements: Web Services and Security,

ser. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, vol. 4607

[5] “Sampling issues we are addressing”,

http://cloudsecurityalliance.org/issues.html#15, accessed on April 09, 2009.

[6] MikeKavis,”Real time transactions in the

cloudhttp://www.kavistechnology.com/ blog/?p=789, accessed on April 12, 2009.

[7] “Secure group addresses cloud computing risks”,

http://www.secpoint.com/security-group-addresses-cloudcomputingrisks.html, April 25, 2009.

[8] Wesam Dawoud, Ibrahim Takouna, Christoph Meinel

“Infrastructure as a Service Security: Challenges and solutions”, http://libra.msra.cn/Publication/50879468/infrastructure-as-a-service-security-challenges-and-solutions.

Cloud service Level Agreement

Client………(HereIn after “User”) contractors:

Authentication, Encryption/Decryption Service Provider(CSP2)………(Here In After ”Authentication, Encryption/Decryption Provider”)

Storage Provider(CSP1)……….(HereIn After Storage Provider”)

1. Storage Service Provider‟s rights and obligation

Figure

Figure 1: Cloud Computing Layer Architecture.
Figure 3: Model of cloud computing with separate storage and authentication, encryption/decryption, auditing services
Figure 6: Data storage diagram

References

Download now ( PDF - 5 Page - 393.01 KB )

Related documents

ViVUD: Virtual Server Cluster based View-Upload Decoupling for Multi-Channel P2P Video Streaming Systems

As illustrated in Figure 1, in ViVUD, there are three major streaming components for a channel: the channel source server, VUD Virtual Server Cluster (VSC) formed by bandwidth-

Electric vehicles in Norway - environmental, economic and practical aspects.

REVA EV launched EVS 24 in Stavanger 1500 delegates Permanent access to bus lanes Reduced company car tax Think launch then bankrupt Tesla S VW E-up BMW i3

Methylxanthines enhance the effects of cocoa flavanols on cardiovascular function: randomized, double-masked controlled studies

The fact that cocoa methylxanthines and theobromine and caffeine increased the concentration of SREMs in plasma compared with the concentration that would be reached when CFs or

Beyond health care providers’ recommendations: understanding influences on infant feeding choices of women with HIV in the Eastern Cape, South Africa

Keywords: Exclusive breastfeeding, Infant feeding practice, infant formula feeding, HIV-infected peripartum women, South Africa, WHO guideline.. *

Joline - a modern medical technology company built on tradition. For further information please contact us!

Insertion length Tip-to-Cuff (mm) Catheter shaft lenght Tip-to-Hub (mm) Kit components pressure * mmHg flow PKADS320 ml/min.. Hemodynamic

Bijzondere waardeverminderingen in de jaarrekening

Als de realiseerbare waarde lager is dan de totale boekwaarde van het actief of activa die deel uitmaken van deze kasstroomgenererende een- heid, ontstaat een impairment loss dat

A report on the fauna of the estuaries of the River Tamar and the River Lynher

Membranipora Lacroixii and Bowerbankia imbricata were taken up as far as half a mile above Halton Quay, where the salinity range from high to low water was approximately 210/00to

Is the knowledge of international travel health a legal obligation or a social and personal responsibility?

Considering disease information, vaccination, travel health risks including: environmental risks, infectious disease & poten- tial risks, accidental injury and speed of pan