Crypto Cloud Computing The C3 model

International Journal of Emerging Technology and Advanced Engineering

448

Crypto Cloud Computing The C3 model

Akash Awasthi

, Aastha Vajpayee

, Pradeep Yadav

1, 2_{B.Tech (Computer Science), IITM ,Gwalior} 3

M.Tech (Software Engineering), PCE, Jaipur

Abstract - Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network. The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and computation. While, Cryptography is the practice and study of techniques for secure communication in the presence of third parties. More generally, it is about constructing and analyzing protocols that overcome the influence to various aspects in information security such as CIA model.

Crypto Cloud Computing technology helps us to protect our online privacy. Crypto cloud serves robust, open source security technology to protect all of our internet applications from surveillance. Route around censorship and limitations packet shaping, content filtering, protocol limits make your own ‘net neutrality’.

Keywords - Cloud, Cloud Computing, CSM, Cryptography, CIA model, RSA & Diffie Hellman’s Algorithm.

I. INTRODUCTION

The Cloud is a platform where all users not only store their data but also used the software and services provided by Cloud Service Provider (CSP). The service provided by the cloud is very economical. The user pay only for what

he used. While, Cloud computing is Internet ("cloud")

based development and use of computer technology ("computing"). It is a style of computing in which dynamically scalable and often virtualized resources are

provided as a service over the Internet. This is a platform

where data owner remotely store their data in the cloud to enjoy the high quality applications and services. The user

can access the data, use the data and store the data.

Nowadays, when hacking and computer data robbery and theft are common phenomena, it is very important to protect data and information that is sent over a particular network. And that is where the need for cryptography arises. This security issue also arises on clouds, to ensure the trust between data owner and TPA; cryptography is

used and applied on cloud.

Cryptography is the science of writing the data or information in a secret code. It involves encryption and decryption. The data that can be understood without any special efforts is called as the plaintext. This data can be converted into the secret code and this processes called as the encryption. This encrypted data is called as the cipher text. This encrypted text can be converted back into the plaintext by a key and this process is called as the decryption. Thus, cryptography consists of both, the encryption and the decryption process.

A). Origin of the term Cloud Computing

 Comes from the early days of the Internet where we

drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us‖ – Kevin Marks, Google

 First cloud around networking (TCP/IP abstraction)

 Second cloud around documents (www data

abstraction)

 The emerging cloud abstracts infrastructure

complexities of servers, applications, data.

II. WHAT WORKS

International Journal of Emerging Technology and Advanced Engineering

449

Fig: 1 with cloud computing, other companies hosts your applications. [1]

III. WEAK LINKS

So it all sounds great, right? Not so fast. As with everything in IT, there are pros and cons. Cloud computing is not exempt. Let’s take a quick look at a few areas of potential trouble.

The following illustration shows potential points of failure. While an Internet outage or problems with your Internet service provider (ISP) are rare, you may not be able to access your applications and do your work. Not that everyone sits in

One office much anymore, but if you currently have the application on your own local servers, and all those who access it are not remote, you’d be at least somewhat assured that an Internet outage wouldn’t affect your application.

But it isn’t your connection to the Internet that can be prone to outages. What if the site you’re accessing has problems? It’s happened already. In July 2008, Amazon’s S3 cloud storage service went down for the second time that year. A lot of applications were hosted by the company and all those services could not be accessed until techs could fix the problem. Some applications were down for eight hours. Also, there may simply be applications or data that you want located on-site. If you have sensitive or proprietary information, your IT security group may simply

mandate that you not store it on someone else’s

machines. [1]

Fig: 2 weak link of cloud [1]

IV. CLOUD COMPONENTS

In a simple, topological sense, a cloud computing solution is made up of several elements:

Clients, the Data center, and distributed servers these components make up the three parts of a cloud computing solution. Each element has a purpose and plays a specific role in delivering a functional cloud based application, so let’s take a closer look.

A. Clients

Clients are, in a cloud computing architecture, the exact same things that they are in a plain, old, everyday local area network (LAN). They are, typically, the computers that just sit on your desk. Clients generally fall into three categories:

 Mobile devices include PDAs or smartphones, like a

Blackberry, Windows Mobile Smartphone or an iPhone.

 Thin Clients are computers that do not have internal

hard drives, but rather let the server does all the work, but then displays the information.

 Thick type of client is a regular computer, using a

web browser like Firefox or Internet Explorer to connect to the cloud.

Thin clients are becoming an increasingly popular solution, because of their price and effect on the environment. Some benefits to using thin clients include:

Lower hardware costs-Thin clients are cheaper than thick clients because they do not contain as much hardware. They also last longer before they need to be upgraded or become obsolete.

International Journal of Emerging Technology and Advanced Engineering

450 Security-Since the processing takes place on the server and there is no hard drive, there’s less chance of malware invading the device. Also, since thin clients don’t work without a server, there’s less chance of them being physically stolen.

Data security-Since data is stored on the server, there’s less chance for data to be lost if the client computer crashes or is stolen.

Less power consumption-Thin clients consume less power than thick clients. This means you’ll pay less to power them, and you’ll also pay less to air-condition the office. Ease of repair or replacement-If a thin client dies, it’s easy to replace.

B. Datacenter

The data center is the collection of servers where the application to which you subscribe is housed. It could be a large room in the basement of your building or a room full of servers on the other side of the world that you access via the Internet. A growing trend in the IT world is virtualizing servers. In this way, you can have half a dozen virtual servers running on one physical server.

C. Distributed Servers

The servers don’t all have to be housed in the same location. Often, servers are in geographically disparate locations. But to you, the cloud subscriber, these servers act as if they’re humming away right next to each other. This gives the service provider more flexibility in options and security. For instance, Amazon has their cloud solution in servers all over the world. If something were to happen at one site, causing a failure, the service would still be accessed through another site. Also, if the cloud needs more hardware, they need not throw more servers in the safe room—they can add them at another site and simply make it part of the cloud.

D. Infrastructure

Cloud computing isn’t a one-size-fits-all affair. There are several different ways the infrastructure can be deployed. The infrastructure will depend on the application and how the provider has chosen to build the cloud solution. This is one of the key advantages for using the cloud. Your needs might be so massive that the number of servers required far exceeds your desire or budget to run those in-house. Alternatively, you may only need a sip of processing power, so you don’t want to buy and run a dedicated server for the job. The cloud fits both needs.

Grid computing is often confused with cloud computing, but they are quite different. Grid computing is appealing for several reasons:

 Cost-effective way to use computer resources.

 It is a way to solve problems that need a tremendous

amount of computing power.

 The resources of several computers can be shared

cooperatively, without one computer managing the other.

So what do grid computing and cloud computing have to do with one another? Not much directly, as they function in fundamentally different ways. In grid computing, a large project is divided among multiple computers to make use of their resources.

V. CLOUD SERVICE MODELS

Cloud Software as a Service (SaaS) Use provider’s applications over a network Cloud Platform as a Service (PaaS)

Deploy customer-created applications to a cloud Cloud Infrastructure as a Service (IaaS)

Rent processing, storage, network capacity, and other fundamental computing resources to be considered ―cloud‖ they must be deployed on top of cloud infrastructure that has the key characteristics Services

The term services in cloud computing is the concept of being able to use reusable, fine grained components across a vendor’s network. This is widely known as ―as a service.‖

Offerings with as a service as a suffix include traits like

the following:

 Low barriers to entry, making them available to

small businesses

 Large scalability

 Multitenancy, which allows resources to be shared

by many users

 Device independence, which allows users to access

the systems on different hardware

A. Software as a Service

Software as a Service (SaaS) is the model in which an application is hosted as a service to customers who access it via the Internet. When the software is hosted off-site, the customer doesn’t have to maintain it or support it. On the other hand, it is out of the customer’s hands when the hosting service decided to change it. The idea is that you use the software out of the box as is and do not need to make a lot of changes or require integration to other systems. The provider does all the patching and upgrades as well as keeping the infrastructure running.

Software that performs a simple task without much need

to interact with other systems makes them idealcandidates

International Journal of Emerging Technology and Advanced Engineering

451 Customers who are not inclined to perform software development but have need of high-powered applications can also benefit from SaaS. Some of these applications include

 Customer Resource Management (CRM)

 Video conferencing

 IT service management

 Accounting

 Web analytics

 Web content management

Benefits:

One of the biggest benefits of SaaS is, of course, costing less money than buying the application outright. The service provider can offer cheaper, more reliable applications than organizations can by themselves. Some other benefits include the following:

Familiarity with the World Wide Web - Most workers has access to a computer and knows how to use it on the World Wide Web. As such, the learning curve for using external applications can be much smaller.

Smaller staffs - IT systems require the overhead of salaries, benefits, insurance, and building space. The ability to farm out applications reduces the need for as much IT staff. Customization - Older applications were difficult to customize and required tinkering with the code. SaaS applications are much easier to customize and can give an organization exactly what they want.

Better marketing - a provider who had developed an application for a very narrow market might have had problems marketing that application. However, with SaaS, the entire world is open to the providers.

Web reliability - how the World Wide Web can be seen as a source of failure. And while that is sporadically true, the fact of the matter is that the Web is generally quite reliable. Security - Secure Sockets Layer (SSL) is widely used and trusted. This allows customers to reach their applications securely without having to employ complex back-end configurations, like virtual private networks (VPNs). More bandwidth - has increased greatly in recent months and quality of service improvements are helping data flow. This will allow organizations to trust that they can access their applications with low latencies and good speeds. Obstacles like anything, SaaS faces obstacles to its implementation and use.

B. Platform as a Service

Following on the heels of SaaS, Platform as a Service (PaaS) is another application delivery model. PaaS supplies all the resources required to build applications and services completely from the Internet, without having to download or install software.

PaaS services include application design, development, testing, deployment, and hosting. Other services include team collaboration, web service integration, database integration, security, scalability, storage, state management, and versioning.

A downfall to PaaS is a lack of interoperability and portability among providers. That is, if you create an application with one cloud provider and decides to move to another provider, you may not be able to do so—or you’ll have to pay a high price. Also, if the provider goes out of business, your applications and your data will be lost. PaaS generally offers some support to help the creation of user interfaces, and is normally based on HTML or JavaScript. Because PaaS is expected to be used by many users simultaneously, it is designed with that sort of use in mind, and generally provides automatic facilities for concurrency management, scalability, failover, and security.

PaaS also supports web development interfaces such as

Simple Object Access Protocol (SOAP) and

Representational State Transfer (REST), which allow the construction of multiple web services, sometimes called mash ups. The interfaces are also able to access databases and reuse services that are within a private network. PaaS Options PaaS is found in one of three different types of systems:

Add-on development facilities - these allow existing SaaS applications to be customized. Often, PaaS developers and users are required to purchase subscriptions to the add-on SaaS application.

Stand-alone environments - these environments do not include licensing, technical, or financial dependencies on specific SaaS applications and are used for general developments.

International Journal of Emerging Technology and Advanced Engineering

452 Some other factors influencing adoption include the ability of geographically isolated development teams to work together, The ability to merge web services from multiple sources, The ability to realize cost savings from using built-in infrastructure services for security, scalability, and failover, rather than having to obtain and test them separately, The ability to realize cost savings from using higher-level programming abstractions Hurdles There are two main obstacles that developers face when considering PaaS.

C. Hardware as a Service

Hardware as a Service (HaaS) is the next form of service available in cloud computing. Where SaaS and PaaS are providing applications to customers, HaaS doesn’t. It simply offers the hardware so that your organization can put whatever they want onto it.

HaaS allows you to ―rent‖ such resources as

 Server space

 Network equipment

 Memory

 CPU cycles

 Storage space

Additionally, the infrastructure can be dynamically scaled up or down, based on the application resource needs. Further, multiple tenants can be on the equipment at the same time. Resources are typically billed based on a utility computing basis, so providers charge by how many resources are consumed. HaaS involves several pieces:

 Service level agreements - this is an agreement between the provider and client, guaranteeing a certain level of performance from the system.

 Computer hardware - these are the components whose resources will be rented out. Service providers often have this set up as a grid for easier scalability.  Network - This includes hardware for firewalls,

routers, load balancing, and so on.

 Internet connectivity - this allows clients to access the hardware from their own organizations.

 Platform virtualization environment - this allows the clients to run the virtual machines they want.

 Utility computing billing - typically set up to bill customers based on how many system resources they use.

VI. INTRANETS AND THE CLOUD

While your operation is not big as Amazon S3 cloud computing, you can use the same sorts of principles within your organization to develop your IT infrastructure.

By setting up thin clients to run applications and services on a local server, rather than on their desktops, you ease the costs of deployment and maintenance, as well as reducing power costs. In this section we’ll talk about the merits of developing your own in-house cloud and what is used in its composition.

A.Components

There are two main components in client/server computing: servers and thin or light clients. The servers house the applications your organization needs to run, and the thin

Clients—who do not have hard drives—display the results.

B. Hypervisor Applications

Applications like VMware or Microsoft’s Hyper-V allow you to virtualize your servers so that multiple virtual servers can run on one physical server. These sorts of solutions provide the tools to supply a virtualized set of hardware to the guest operating system. They also make it possible to install different operating systems on the same machine. For example, you may need Windows Vista to run one application, while another application requires Linux. It’s easy to set up the server to run both operating systems. Thin clients use an application program to communicate with an application server. Most of the processing is done down on the server, and sent back to the client. There is some debate about where to draw the line when talking about thin clients. Some thin clients require an application program or a web browser to communicate with the server. However, others require no add-on applications at all.

VII. VIRTUALIZATION

Full Virtualization- it is a technique in which a complete Installation of one machine is run on another. The result is a system in which all software running on the server is within a virtual machine. This sort of deployment allows not only unique applications to run, but also different operating systems. Virtualization is relevant to cloud computing because it is one of the ways in which you will access services on the cloud. That is, the remote data center may be delivering your services in a fully virtualized format.

In order for full virtualization to be possible, it was necessary for specific hardware combinations to be used. It wasn’t until 2005 that the introduction of the

AMD-Virtualization (AMD-V) and Intel Virtualization

International Journal of Emerging Technology and Advanced Engineering

453 Full virtualization has been successful for several purposes:

 Sharing a computer system among multiple users

 Isolating users from each other and from the control

program.

 Emulating hardware on another machine

Para virtualization

Para virtualization allows multiple operating systems to run on a single hardware device at the same time by more efficiently using system resources, like processors and memory. In full virtualization, the entire system is emulated (BIOS, drive, and so on), but in Para virtualization, its management module operates with an operating system that has been adjusted to work in a virtual machine. Para virtualization typically runs better than the full virtualization model, simply because in a fully virtualized deployment, all elements must be emulated.

The trade-off is reduced security and flexibility.

Para virtualization requires only 2 present of processor utilization per guest instance and still leaves 10 present of the guest OS available. Para virtualization works best in these sorts of deployments:

Disaster recovery In the event of a catastrophe, guest instances can be moved to other hardware until the equipment can be repaired.

MigrationMoving to a new system is easier and faster because guest instance scan be removed from the underlying hardware.

Capacity management Because of easier migrations, capacity management is simpler to implement. It is easier to add more processing power or hard drive capacity in a virtualized environment.

VIII. CLOUD DEPLOYMENT MODELS

There are 3 deployment Models available for the cloud namely private cloud, public cloud and hybrid cloud. A. Public Cloud

This is the most popular incarnation of the Cloud. Many businesses and individuals realize Cloud through the Public Cloud implementation. It needs a huge investment and only well established companies with deep pockets like Microsoft, Amazon and Google can afford to set them up. Public Cloud is implemented on thousands of servers running across hundreds of data centers deployed across tens of locations around the world. The best thing about Public Cloud is that the customers can choose a location for his application to be deployed. This will reduce the latency

when the consumers access the application.

B. Private Cloud

Simply put, Private Clouds are normal data centres within an enterprise with all the 4 attributes of the Cloud – Elasticity, Self Service, Pay-By-Use and Programmability. By setting up a Private Cloud, enterprises can consolidate their IT infrastructure. They will need fewer IT staff to manage the data centre. They will also realize reduced power bills because of the low electricity consumption and lesser cooling equipment needs. Private Cloud empowers employees within an organization through Self Service of their IT needs. It becomes easy to provision new machines and quickly assigns them to project teams. Private Cloud borrows some of the best practices of Public Cloud but limited to an organizational boundary. Private Cloud can be setup using a variety of offerings from VMware, Microsoft,

IBM, SUN and others.

Fig: 5 Private Cloud in organisations [3]

C. Hybrid Cloud

International Journal of Emerging Technology and Advanced Engineering

454 Through this, they can offer seamless scalability by moving some of the on premise and Private Cloud based applications to the Public Cloud.

Fig: 6 Hybrid Cloud combine both public and private cloud [3]

IX. BENFITS

1. Cost Saving - Organizations can reduce or eliminate IT capital expenditures and reduce ongoing operating expenditures by paying only for the services they use and, potentially, by reducing the size of their IT staffs.

2. Ease of Implementation - Without the need to

purchase hardware, software licenses, or

implementation services, an organization can implement cloud computing rapidly.

3. Flexibility - Cloud computing offers more flexibility (often called ―elasticity‖) in matching IT resources to business functions than past computing methods. It can also increase mobility of staff by allowing

them to access business information and

applications from a wider range of locations and/or devices.

4. Scalability - Organizations using cloud computing need not scramble to secure additional hardware and software when user loads increase, but can instead add and subtract capacity as the network load dictates.

5. Access to Top-End IT Capabilities - Particularly for smaller organizations, cloud computing can allow access to hardware, software, and IT staff of a caliber far beyond that which they can attract and/or afford for themselves

6. Redeployment of IT Staff - By reducing or doing away with constant server updates and other computing issues, and eliminating expenditures of time and money on application development, organizations may be able to concentrate at least some of their IT staff on higher-value tasks

7. Focusing on Core Competencies - Arguably, the ability to run data centers and to develop and manage software applications is not necessarily a core competency of most organizations. Cloud computing may make it much easier to reduce or shed these functions, allowing organizations to concentrate their efforts on issues central to their business such as (in government) the development of policy and design and delivery of public services.

X. SECURITY IN THE CLOUD

Cloud Security Overview

Cloud service providers are lever-aging virtualization technologies combined with self-service capabilities for computing resources via the Internet. In these service provider environments, virtual machines from multiple organizations have to be co-located on the same physical server in order to maximize the efficiencies of virtualization. Cloud service providers must ensure that their customer’s applications and data are secure if they hope to retain their customer base and competitiveness. Today, enterprises are looking toward cloud computing horizons to expand their on-premises infrastructure, but most cannot afford the risk of compromising the security of their applications and data Security is ranked first as the greatest challenge or issue of cloud computing. This paper identifies current security concerns about cloud computing environments and describes the methodology for ensuring application and data security and compliance integrity.

XI. CIA Model

Principle: - A simple but widely-applicable security

model is the CIA triad; standing for

―Confidentiality, Integrity and Availability”; three key

principles which should be guaranteed in any kind of secure system. This principle is applicable across the whole subject of Security Analysis, from access to a user's internet history to security of encrypted data across the internet. If any one of the three can be breached it can have serious consequences for the parties concerned.

International Journal of Emerging Technology and Advanced Engineering

455  Integrity: The ability to ensure that data is an

accurate and unchanged representation of the original secure information. One type of security attack is to intercept some important data and make changes to it before sending it on to the intended receiver.

 Availability: It is important to ensure that the information concerned is readily accessible to the authorised viewer at all times. Some types of security attack attempt to deny access to the user, either for the sake of inconveniencing them, or because there is some secondary effect.

XII. TYPES OF CRYPTOGRAPHY

There are primarily three different types of

cryptography:

Public Key Cryptography or

Asymmetric Cryptography

Secret Key Cryptography or

Symmetric Cryptography

Hash Functions.

However, the first two types of cryptography are more important than the hash functions.

PRIVATE KEY CRYPTOGRAPHY:

In this cryptographic technique, the same key is used for both the encryption as well as the decryption of the messages i.e. Bob and Alice share the same key for sending and then receiving the messages by its decryption.

Plaintext Cipher text Plaintext

There are two types of symmetric or private key ciphers:

 Stream ciphers

 Block ciphers

STREAM CIPHERS:

The stream ciphers encrypt only one bit at a time. They use the key stream generator and they combine each bit of key stream with each bit of plaintext to get bit of cipher text.

BLOCKCIPHERS:

In the block ciphers, message to be encrypted is processed in block of k bits and 1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of cipher text. In general, about 2k! Mappings are required. But, the problem with this approach is that this requires a table with a lot of entries. But, to solve this we can use a prototype function.

PUBLIC KEY CRYPTOGRAPHY:

In public key cryptography, a pair of different keys is used.

One key is called as the public key and is used for encryption of messages i.e. the messages are encrypted using the recipient’s public key and the second key is called as the private key and is kept secret. Plaintext Public Key Private Key Plaintext There is two main techniques for public key cryptography:

Public key encryption:

In this technique, two keys are used for the purpose of encryption and decryption as described above.

Digital Signatures:

In this case, a message signed with the sender’s private key can be verified by anyone .

This will ensure confidentiality and security. In general, one of the two algorithms is used for public key cryptography. They are:-

 RSA Algorithm

 Diffie-Hellman Algorithm

XIII. BENEFIT OF C3MODEL

– The cryptographic systems mainly support those

applications in which there are no conceivable law enforcement interests in having access to master keys.

– The cryptographic techniques have generally nothing

to do with the secrecy of the message. Rather, they are mainly concerned with protecting the tampering of data.

– The main organization that does this for big

companies like Intel, Microsoft etc. is Walt Disney. Walt Disney refuses to release the digital versions of their videos until unless a high level security is provided to them.

– Further, the primary and the main purpose of

cryptography is network security.

– High Level Security on Clouds over network.

– Possibility of hackers and attackers reduces.

– Authenticity and Confidentiality of data.

XIV. CONCLUSIONS

International Journal of Emerging Technology and Advanced Engineering

456 So, in my opinion everybody should have a basic idea of cryptography. Cryptography is a particularly interesting field because of the reason that it does not involve the secrecy of messages; rather, it involves the security of messages. However, there are many attacks onto the cryptographic algorithms as well but since they are all tested they can be relied upon for protecting the messages.

While, Cloud computing is an emerging commercial infrastructure paradigm that promises to eliminate the need for maintaining expensive computing hardware. As market grows the threat on data also grows. To protect the data from unauthorized access and to ensure that our data are intact we proposed a scheme, which solve the problem of integrity, unauthorized access, privacy and consistency. In this article we first present a network in which cloud architecture, users and TPA are shown after that we describe how file is retrieved. We then suggest a scheme for retrieval of file, encryption and decryption of file, how to check the integrity of our data from CSP and how to give control to TPA. Later, we had defined the properties that will be given by our scheme. Further challenging issues for public auditing services that need to be focused on are discussed too. We believe that security in cloud computing is very much needed as data in the cloud storage are not secure and require lots of attention of user.

As above both technology are still has a great scope in R&D department that’s why may be there will be much better cloud computing architecture issue.

REFERENCES

[1 ] Cloud Computing Research, PDS Group, TU Delft

http://www.pds.ewi.tudelft.nl/~iosup/research_cloud.html

[2 ] Cong Wang and Kui Ren, Wenjing Lou, Jin Li,‖ Toward Publicly Auditable Secure Cloud Data Storage Services‖ in IEEE Network July/August 2010

[3 ] M. A. Shah et al., ―Auditing to keep Online Storage Services Honest, ‖ Proc.USENIX HotOS ‗07, May 2007.

[4 ] G. Ateniese et al., ―Scalable and Efficient Provable Data Possession,‖ Proc. SecureComm ‗08, Sept. 2008.

[5 ] H. Shacham and B. Waters, ―Compact Proofs of Retrievability,‖ Proc. Asia- Crypt ‗08, LNCS, vol. 5350, Dec. 2008, pp. 90–107. [6 ] C.Wang et al.,‖Ensuring Data Storage Security in Cloud Computing,‖

Proc. IWQoS ‗09, July 2009, pp. 1–9.

[7 ] Q. Wang et al., ―Enabling Public Verifiability and Data Dynamics for Stor-age Security in Cloud Computing,‖ Proc. ESORICS ‗09, Sept. 2009, pp. 355–70.

[8 ] Cloud computing making virtual machines cloud ready, www.trendmicro.com/go/enterprise