A Report Based on Cost & Secured Data used
Multi Cloud Storage in Cloud Based Resources.
Ms. T.K. Anusuya M.C.A., M.Phil., Head, PG Department of Computer Science Bon Secours College for Women, Thanjavur.
ABSTRACT− After this decade a prototype is shift towards a pay per use service in business in industrial information technology known as cloud computing. The security issues and data store in cloud target on customer outsourced. In this report we can pragmatic from point of customers, relying upon a service provider – SP outsourced data is not promising. We can provide a better privacy ensure the data availability by dividing the users data block into data pieces and disburse a number of service provider can take part in the end of this decade is marked by a prototype shift of the industrial information technology towards a pay-per-use service business model known as cloud computing. Cloud data storage redefines the security issues targeted on customer’s outsourced data (data that is not stored/retrieved from the costumers own servers). In this work we observed that, from a customer’s point of view, relying upon a solo (Service Provider) SP for his outsourced data is not very promising. In addition, providing better privacy as well as ensure data availability, can be achieved by dividing the user’s data block into data pieces and distributing them among the available SPs in such a way that no less than a threshold number of SPs can take part in successful retrieval of the whole data block. In this paper, we propose a secured cost-effective multi-cloud storage (SCMCS) model in cloud computing which holds an economical distribution of data among the available SPs in the market, to provide customers with data availability as well as secure storage. Our results show that, our proposed model provides a better
decision for customers according to their available budgets.
Keywords: Cloud computing, security, storage, cost-effective, cloudservice provider,
customer.
1, INTRODUCTION
The end of this decade is marked by a paradigm shift of the industrial information technology
towards a subscription based or pay-per-use service business model known as cloud computing.
This paradigm provides users with a long list of advantages, such as provision computing capabilities; broad, heterogeneous network access; resource pooling and rapid elasticity with measured services [15]. A huge amount of data being retrieved from geographically distributed data sources, and nonlocalized data-handling requirements, creates such a change in
technological as well as business model. One of the prominent services offered in cloud
computing is the cloud data storage, in which, subscribers do not have to store their own data on their servers, where instead their data will be stored on the cloud service provider’s servers. In
cloud computing, subscribers have to pay the provides for this storage service. This service does not only provides flexibility and scalability data storage, it also provides customers with the benefit of paying only for the amount of data they needs to store for a particular period of time, without any concerns of efficient storage mechanisms and maintainability issues with large amounts of data storage. In addition to these benefits, customers can easily access their data from any geographical region where the Cloud Service Provider’s network or Internet can be accessed. An example of the cloud computing is shown in Fig. 1. Along with these unprecedented advantages, cloud data storage also redefines the security issues targeted on customer’s outsourced data (data that is not stored/retreived from the costumers own servers). Since cloud service providers
(SP) are separate market entities, data integrity and privacy are the most critical issues that need
to be addressed in cloud computing. Even though the cloud service providers have standard
regulations and powerful infrastructure to ensure customer’s data privacy and provide a better availability, the reports of privacy breach and service outage have been apparent in last few years [1] [3] [12] and [13]. Also the political influence might become an issue with the availability of
services [8]. In this work we observed that, from a customer’s point of view, relying upon a solo
SP for his outsourced data is not very promising. In addition, providing better privacy as well as
ensure data availability, can be achieved by dividing the user’s data block into data pieces and distributing them among the available Ps in such a way that no less than a threshold number of SPs can take part in successful retrieval of the whole data block. To address these issues in this paper, we proposed an economical distribution of data among the available SPs in the market, to provide customers with data availability as well as secure storage. In our model, the customer divides his data among several SPs available in the market, based on his available budget. Also we provide a decision for the customer, to which SPs he must chose to access data, with respect to data access quality of service offered by the SPs at the location of data retrieval. This not only rules out the possibility of a SP misusing the customers’ data, breaching the privacy of data, but can easily ensure the data availability with a better quality of service. Our proposed approach will provide the cloud computing users a decision model, that provides a better security by
distributing the data over multiple cloud service providers in such a way that, none of the SP can
successfully retrieve meaningful information from the data pieces allocated at their servers. Also, in addition, we provide the user with better assurance of availability of data, by maintaining redundancy in data distribution. In this case, if a service provider suffers service outage [1] [12] or goes bankrupt, the user still can access his data by retrieving it from other service providers.
From the business point of view, since cloud data storage is a subscription service, the higher the
data redundancy, the higher will be the cost to be paid by the user. Thus, we provide an optimization scheme to handle the tradeoff between the costs that a cloud computing user is willing to pay to achieve a particular level of security for his data. In other words, we provide a scheme to maximize the security for a given budget for the cloud data. The rest of the paper is organized as follows. The related work is discussed in Section II, followed by the system model and the threat model discussed in Section III. we discussed the Linear Programming model we
propose as a part of our cost-effective security model. A statistical model is implemented using our approach in section. Finally we conclude the paper.
2, RELATED WORKS
Privacy preservation and data integrity are two of the most critical security issues related to user data [4]. In conventional paradigm, the organizations had the physical possession of their data, and thus have an ease of implementing better data security policies. But in case of cloud computing, the data is stored on an autonomous business party, that provides data storage as a
subscription service. The users have to trust the cloud service provider (SP) with security of their
data. In [7], the author discussed the criticality of the privacy issues in cloud computing, and pointed out that obtaining an information from a third party is much more easier than from the creator himself. Following the pattern of paradigm shift, the security policies also evolved from the conventional cryptographic schemes applied in centralized and distributed data storage, for enabling the data privacy. Many of the cryptographic approaches have been proposed for hiding the data from the storage provider and hence preserving data privacy [18] [19] [5]. In [19], the authors proposed a scheme in which, the user’s identity is also detached from the data, and claim
to provide public auditing of data. These approaches concentrate on one single cloud service
provider that can easily become a bottleneck for such services. In [14], the authors studied and proved that sole cryptographic measures are insufficient for ensuring data privacy in cloud computing. They also argued that the security in cloud storage needs a hybrid model of privacy enforcement, distributed computing and complex trust ecosystems. One more bigger concern that arises in such schemes of cloud storage services, is that, there is no full-proof way to be certain that the service provider doe not retains the user data, even after the user opts out of the subscription. With enormous amount of time, such data can be decrypted and meaningful information can be retrieved and user privacy can easily be breached. Since, the user might not be availing the storage services from that service provider; he will have no clue of such a passive attack. The better the cryptographic scheme, the more complex will be It’s implementation and hence the service provider will ask for higher cost. This could also lead to a monopoly over cloud services in the market. To provide users with better and fair chances to avail efficient security services for their cloud storage at affordable costs, our model distributes the data pieces
among more than one service providers, in such a way that no one of the SPs can retrieve any
meaningful information from the pieces of data stored on its servers, without getting some more pieces of data from other service providers. Therefore, the conventional single service provider based cryptographic techniques does not seem too much promising. In [16], the authors discussed distributing the data over multiple clouds or networks in such a way that if an adversary is able to intrude in one network, still he can not retrieve any meaningful data, because its complementary pieces are stored in the other network. Our approach is similar to this approach, because both aim to remove the centralized distribution of cloud data. Although, in their approach, if the adversary causes a service outage even in one of the data networks, the user data can not be retrieved at all. This is why in our model, we propose to use a redundant distribution scheme, such as in [17], in which at least a threshold number of pieces of the data are required out of the entire distribution range, for successful retrieval.
Key benefits of Cloud Computing
Management Insight, NH, USA, which is a dedicated market research consulting firm, conducted a study (6) on the impact of Cloud services in the market. This study was sponsored by CA Technologies, New York, USA. The statistical data (given in Fig.4 & 5) has revealed the following facts.
. IT personnel attitude towards the Cloud
Usage of Cloud services in the market
Cloud computing offers the following advantages to the enterprises:
Lower costs: All resources, including expensive networking equipment, servers, IT personnel,
etc. are
shared, resulting in reduced costs, especially for small to mid-sized applications.
Shifting Capital Expenses to Operational Expenses: Cloud computing enables companies to
from capital expenses to operating expenses, which ultimately allows the enterprise to focus their m oney and resources on innovation
. Agility: Provisioning on - demand enables faster setup on an as -needed basis. When a project
is funded, customer can initiate service, and then if the project is over, they can simply terminate the cloud contract.
Scalability: Many cloud services can smoothly and efficiently scale to handle the growing
nature of the
business with a more cost effective pay- as-you-go model. This is also known as elasticity. Simplified maintenance: Patches and upgrades are rapidly deployed across the shared infrastructure, as well as the backups.
Diverse platform support: Many cloud computing services offer built-in support for a rich
collection of client platforms including browsers, mobile, and more. This diverse platform support enables applications to reach a broader category of users.
Faster development: Cloud computing platforms provide many of the core services that, under
traditional development models, would normally be built in house. These services, plus templates and other tools can significantly accelerate the development cycle.
Large scale prototyping / Testing: Cloud computing makes large scale prototyping and load
testing much easier. A client can easily spawn 1,000 servers in the cloud to load test your application and then release them as soon as they are done, and then try doing that with owned or corporate servers.
3, CLOUD STORAGE
Rapid data growth and the need to keep it safer and longer will require organizations to integrate how they manage and use their data, from creation to end of life. Now there is an opportunity to store all our data in the internet. Those off-site storages are provided and maintained by the third parties through the Internet which is represented in Fig. 6. Cloud storage offers a large pool of storage was available for use, with three significant attributes: access via Web services APIs on a
non persistent network connection, immediate availability of very large quantities of storage , and pay for what you use . It supports rapid scalability [2].
Evolution of Cloud Storage
Cloud storage is an offering of cloud computing. Fig. 7 shows the evolution of Cloud Storage based on traditional network storage and hosted storage. Benefit of cloud storage is the access of your data from anywhere. Cloud storage providers provide storage varying from small amount of
data to even the entire warehouse of an organization. Subscriber can pay to the cloud storage provider for what they are using and how much they are transferring to the cloud storage.
Cloud Security reference architecture
Reference architectures are useful for understanding how various recommendations come together to provide a complete solution. Enterprises that are interested in cloud computing models should consider the following reference architecture to ensure adequate security and optimal functionality.
Diagram Key:
1) Security profile per compute profile 2) Security DMZ per vApp
3) OS Management 4) Resource Management 5) Security profile per network 6) Data Security
7) Security Authentication, Authorization, and Auditing 8) Identity Management
1) Security profile per compute profile
Administrators should communicate enterprise corporate security policy and server tier firewall rules that are defined within a vApp to the service provider. This should include corporate server security patch levels, anti-virus status and file-level access restrictions. The VMware vCloud reference architecture provides a method to communicate the policies and server tier firewall rules for the vApp.
2) Security DMZ for vApp : The service provider needs to validate the patch level and security level prior to bringing a vApp into the production environment. The VMware vCloud reference architecture should include a DMZ area for validating the vApp and miti-gating any security violations according to each enterprise’s security profile.
2) OS management: It is important to understand the security hardening performed around the service provider’s library of OSs and patching policies. Administrators should update traditional security policies that govern the service provider’s hosting environment to ensure that virtual machines are hardened and patched within the standard enterprise policies. Administrators should update virtual machines that are not at the correct patch level to the correct patch level through a DMZ, for example.
4) Resource management: The service provider needs to separate and isolate the resources each customer virtual machine uses from other customers’ virtual machine resources to prevent DDoS attacks. These attacks are usually caused by log files not having limits or CPU or memory utilization increasing on a single virtual machine through memory leaks or poorly behaving applications.
5) Security profile per network: In addition to the vApp having a compute security profile, there should also be a network security profile to ensure perimeter and Web access security. This includes functionality like switch and router Access Control Lists (ACLs), perimeter firewall rules, or Web application security (Application Firewall, URL Filtering, whitelist and blacklists). The VMware vCloud reference architecture provides a method to communicate the network security profile. A critical component of the reference architecture is the isolation of networks; enterprises need to ensure that service providers implement separate management networks and data networks per customer. In other words, there needs to be complete isolation between each customer’s virtual machine and the data traffic connecting to their virtual machines. In addition, service providers should have a separate network for VMware VMotion and VMware VMsafe™. Enterprises should request that service providers encrypt all management traffic, including VMware VMotion events. Many enterprises will require encryption of data packets via SSL/IPSec, or management connectivity via SSL or SSH. Some service providers offer only shared or open connectivity. At a minimum, all management connectivity should be
provided via SSL.
6) Data security: Enterprises should request service providers provide access paths to only the
physical servers that must have access to maintain the desired functionality. Service providers should accomplish this through the use of zoning via SAN N-Port ID virtualization (NPIV), LUN masking, access lists and permission configurations.
7) Security authentication, authorization and auditing: Cloud service provider environments
require tight integration with enterprise policies around individual and group access, authentication and auditing (AAA). This involves integrating corporate directories and group policies with the service provider’s policies.. Service providers should offer stronger authentication methods to enterprises, such as 2-factor hard or soft tokens or certificates. The enterprise should require a user access report, including administrative access as well as authentication failures, through the service provider portal or via a method that pulls this data back to the enterprise. The VMware vCloud reference architecture provides a method to communicate the access controls and authentication needs to the service provider.
8) Identity management: Cloud environments require control over user access. Cloud providers must define a virtual machine identity that ties each virtual machine to an asset identity within the provider’s infrastructure. Based on this identity, service providers are able to assign user, role and privilege access within the extended infrastructure to provide role-based access controls.Enterprises also want to prevent unauthorized data cloning or copying from a virtual machine to a USB device or CD. Service providers can prevent cloning and copying of virtual machines using a combination of virtual machine identity and server configuration management policies.
CONCLUSION
Enterprises that are looking for ways to streamline internal IT operations, to expand on-premise infrastructure and add capacity on demand, or to fully outsource the infrastructure are all investigating the many advantages of cloud computing. While cloud computing offers a fundamentally new way to cost-effectively and quickly deploy new services and augment existing capabilities, it’s not without its challenges. Chief among these challenges is security. IT staff can readily address security concerns by deploying the appropriate solutions and following best practices as they relate to each company’s unique business requirements.
REFERENCES [1]N. Gruschka, M. Jensen, “Attack surfaces: A taxonomy
for attacks on cloud services”, Cloud Computing (CLOUD
), 2010 IEEE 3rd International Conference on, 5-10 July 2010.
[2] W. Itani, A. Kayssi, A. Chehab, “Privacy as a Service: Privacy-Aware Data Storage and
Processing in Cloud Computing Architectures,” Eighth IEEE International Conference on
Dependable, Autonomic and SecureComputing, Dec 2009.
[3] M. Jensen, J. Schwenk, N. Gruschka, L.L. Iacono, “On Technical Security Issues in Cloud
Computing”, IEEE International Conference on Cloud Computing, (CLOUD II 2009), Banglore,
India, September 2009, 109-116.
[4]Securing the Clouds :A review of cloud computing, security implications
[5] J. Kincaid, “MediaMax/TheLinkup Closes Its Doors”,
Onlineathttp://www.techcrunch.com/2008//10/mediamaxthelinkup-closes-itsdorrs/,July 2008.
[6] B. Krebs, “Payment Processor Breach May Be Largest
Ever”,Onlineathttp://voices.washingtonpost.com/securityfix/2009/01/payment processor breach may b.html, Jan, 2009.
[7]M. Dijk, A. Juels, “On the Impossibility of Cryptography Alone forPrivacy-Preserving Cloud
Computing”, HotSec 2010.
[8]P. Mell, T. Grance, “Draft NIST working definition of
cloud computing”, Referenced on June. 3rd, 2009, Online
athttp://csrc.nist.gov/groups/SNS/cloudcomputing/index.html, 2009.
[9] P. F. Oliveira, L. Lima, T. T. V. Vinhoza, J. Barros, M. M´edard, “Trustedstorage over
untrusted networks”, IEEE GLOBECOM 2010, Miami, FL.USA.
[10] A. Shamir, “How to share a secret”, Commun. ACM 22, 11(November1979).
[11] S. H. Shin, K. Kobara, “Towards secure cloud storage”, Demo forCloudCom2010, Dec
[12] C. Wang, Sherman S.-M. Chow, Q. Wang, K. Ren, W. Lou, “Privacypreservingpublic
