Research on security issues of privacy data under the cloud

Journal of Chemical and Pharmaceutical Research, 2014, 6(7):738-743

Research Article

_{CODEN(USA) : JCPRC5}

ISSN : 0975-7384

Research on security issues of privacy data under the cloud

Fu Xie, Fangai Liu and Xuexue Guo

College of Information Sciences and Engineering, Shandong Normal University, China

ABSTRACT

In the computing field, the cloud computing has become one of the hottest topics , the development of which has been promoting the tremendous changes of the world of both computer and commerce. However, as the security issues of the cloud computing highlighted increasingly, it can not be ignored, especially the data security and privacy protection under the cloud computing environment. This paper introduces the conception and unique characteristics of the cloud computing, and the security issues and strategies under the virtual cloud environment, Furthermore, it proposes to build a single-line connection between the virtual machine and the client by using the digital certificate technology with Elliptic Curves Cryptography, analyzes the mathematical principle of the Elliptic Curves Cryptography and describes the process of the communication between the virtual machine and the client, so that people can achieve the protection and isolation of users’ privacy data under the cloud environment and the cloud computing technology can service users with much higher security.

Keywords: Cloud computing, data security, privacy protection, virtual machine, digital certification, Elliptic Curves

Cryptography

_____________________________________________________________________________________________

INTRODUCTION

Since the companies Google and Amazon etc. raising the conception of “cloud computing” in 2006, the “cloud computing ” has been promoting the tremendous changes of the IT world, and one of the most hottest topics at present exactly is “cloud computing”. So far, there are more than a dozen of versions of the definition about “cloud computing”, but they have not been united into a standard one, and the version that is mostly accepted by the professional people was brought forward by the National Institute of Standards and Technology (NIST), and it is stated as follows:

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”[1]

As a new network computing technology, compared with the traditional network computing technologies, the cloud computing has five essential outstanding characteristics: (1) On-demand capabilities; (2) Broad network access; (3) Resource pooling; (4) Rapid elasticity; (5) Measured service. By the cloud computing, the majority of network users can quickly apply and release the resources that they need according to their business load, and pay the cloud service provider for the resources they have used on-demand[2]. The cloud computing can improve the quality of net service while decrease the operational costs. And in a sense, we can say, the technology of cloud computing is the integration and development of the distributed computing technology, network technology and storage technology . Since the cloud computing own the above mentioned essential characteristics and advantages, it is undoubted that

cloud computing can bring great values to both our economy and science. However, as the development and maturation of the cloud computing, there has arose some events what tell people it is not so perfect as they thought, its security issues have been more and more evidently, one of the most critical problems is the security of users’ privacy data, there are increasingly incidents happening which cause the security matter such as data disclosure and data loss.

THE DATA SECURITY OF CLOUD COMPUTING

In September 2013, the Cloud Security Alliance (CSA) released a investigation report about the cloud security issues, the report describes nine security risks in the area of the cloud computing : (1) the data leakage; (2) the data loss; (3) the account hijacking; (4) the unsafe API; (5) denial of service(DoS); (6) the malicious actions of the internal staffs; (7) the abuse of the cloud service; (8) the programming of the cloud service is not reasonable; (9) the vulnerabilities of the technology sharing[3].

We can find that the proportion of the threaten of the data leakage and the data loss have been rose a lot, and according to the data that was provided by the private information communication center, since 2013,there have been 28 data leakage incidents caused by the hacker attacks, losing 117000 records, and there were many companies including Zendesk, Twitter have got involved in those incidents. In 2012, there were also at least happened 230 data leakage incidents causing 9 millions of records have been lost, the cloud providers Yahoo, eHarmony and LinkedIn all are the sufferers. In march of 2011, approximately one hundred and fifty thousand mails and chat records have been deleted, and some users’ accounts have been reset. In November , the Facebook has also been attacked by hackers , millions of users’ accounts have infected with the virus causing huge loss[4].

The analyst of Gartner, Lawrence Pingree has said that, “All the presented vulnerabilities and security issues of the non-virtualized and non-cloud deployments still exist in the cloud, if the entire infrastructure of the cloud computing providers is destroyed , those pieces of virtualized software that are introduced for cloud and virtualization will increase the risk of data leakage instead.”[5]

What’s more surprising, we found that the threats of data loss and data leakage reported by the CSA are not all caused by the attack of net hackers , some are caused by the cloud providers themselves. It often happens that the internal staff of the cloud service provider take wrong operation that cause the data loss . And in some cases , the operators abuse their rights to steal the users’ privacy information out of curiosity oat its internal staff abused their access privileges to peek the users’ private data violating the cr malicious, for example, in September 2010 , Google was reported thompany’s privacy policy. For the cloud users, their private data must can be accessed only by themselves, others including the internal staff of the cloud providers should not have the right to access. Currently , the cloud service providers even the relatively mature providers have not realized the absolutely secure isolation of the users’ private data to ensure the privacy of users can be accessed by the users themselves only, they just can realize the isolation between users using the net isolation technology but can not prevent their internal management staff, who can activate the users’ virtual machine directly .

The users’ privacy data security issues under the cloud environment mainly manifested in two aspects: on the one hand , the hackers intercept the users’ data information by implanting viruses or other methods; on the other hand , the operators of the cloud service platform abuse their rights to steal or disclosure the users’ privacy information.

THE SINGLE-LINE CONNECTION BETWEEN THE VIRTUAL MACHINE AND THE CLIENT

We need a effective method to ensure the absolute isolation of privacy data. This paper proposes to build a single-line connection between the virtual machine and the client by using the digital certificate technology with Elliptic Curves Cryptography(ECC).

First of all, to build the single-line exclusive connection between the cloud user and the virtual machine by using the digital certificate technology , we need to introduce the PKI ( Public Key Infrastructure ) in the virtual cloud environment. The PKI is a kind of key management platform abiding by the established standards. It can provide several cryptographic services (encryption, digital signatures etc.) with necessary keys and certificate management system for network applications . The main task of PKI is to establish a secure network environment for the Internet users through managing the keys and certificates automatically. The PKI system includes a public key, digital certificates, trust model certificate, CA, certificate storage, certificate revocation, key backup and recovery, automatic key updating, cross-certification, timestamps and other aspects of content. PKI has already developed into a relatively mature stage as a security technology, and it has been widely used in various aspects of the network, the technology of PKI system has strong vitality and unparalleled technical advantages.

system. DES( Data Encryption Standard) is one kind of the symmetric encryption algorithm that is most commonly used, and the common asymmetric encryption algorithm includes RSA, DSA, ECC, etc[6]. Currently RSA has been widely used in the PKI system, however there is few studies have addressed the ECC algorithm owing to its complex mathematical theory. So this paper makes a positive attempt in the application of the ECC algorithm. ECC( Elliptic Curve Cryptography) is a kind of asymmetric encryption algorithm based on the difficulty of the elliptic curve discrete problem, the mathematical theory that the ECC bases on is very esoteric and complex, but it is precisely because of this, ECC is considered to have the highest encryption strength among existing encryption algorithms , it features discrete, long integer arithmetic, high-capacity storage and massively parallel computing and so on . It can achieve high security with little cost, therefore ECC is worth to be introduced in the PKI. The mathematical theory of the ECC is concretely described as follows:

Definition 1

the Weierstrass equation:

y axy by x cx dx e 2 3 2 + + + = + + (1) Determines the Elliptic curve which we can call as E, and a, b, c ,d, e∈Fp; Fp is a finite field, and the dot (x , y) that

meet the formula (1) belong to the field of Fp, in addition , the elliptic curve definites a special infinite point O. If the Eigenvalues of the field Fp is not 2 or 3，we can simplify the formula (1) into a simpler form[7]:

y x ax b 3 2 + + = （2） Definition 2

Given a elliptic curve E: y2=x3+ax+b that is definited on the finite field Fp, and a, b∈Fp, and a, b can suffice that:

4a3+27b2≠0 , we choose any two point P(x1,y1)、Q(x₂,y₂) on the elliptic curve E, the connection line of PQ is L(while

P=Q, L should be the tangent of P(Q)), and R is the other point where L and E intersect, L’ is the connection line of the point R and the infinite point O, and the other point S, where L’ and E intersection, is called dot additionand denoted as P Q. Supposed that the Coordinate of S is⊕ （x₃,y₃）, and then

    = = p y]mod -) x -[t(x y p mod ) x -x -(t x 3 1 3 2 1 2 3 （3）

In fact , P Q and the point R is Symmetrical on x axis. If P and Q are symmetrical on x axis or overlaps x axis, the ⊕

position of PQ and x axis is vertical, and here L and the elliptic curve E are intersected on the infinite point O.

Definition 3

The dot addition of m dots ‘p’ is called the dot product of m and p, scilicet: m·P P P ... P m 4 4 4 3 4 4 4 2 1+ + + = （4） Definition 4

Suppose that w is an integer that greater than 1, if the equation x n(mod w)

2 =

（5）

is solvable, then we call n is the quadratic remainder of model w[8] .

Definition 5

Suppose that p is a prime number, a is an integer ,and a and p are relatively prime, then the Legendre symbol can be definited as : a/p=±1

If a is the quadratic remainder of model p, then a/p=1, or a/p=-1 (while a=1,a / p=(1/p)=1).

For the Abel Groups consisted by the point (a, b) belonging to Ep, considering the formula K=k·G( wherein K, G are the point on Ep, k is an integer that smaller than n, n is the order of G), it’s not difficult to find that if there are given k and G, it is easy to calculate K out ,but if there are given K and G , it is relatively difficult to calculate k out[9]. This is the difficulty that the elliptic curve encryption take. Then, we can take the point G as the basis point,

take k as the private key. We describe the process of the encryption communication that take use of the ECC algorithm taking the example of the communication between user A and B.

(1)The user A selects a elliptic curve Ep(a ,b), and take the point G on the elliptic to be the basis point. (2)The user A selects a private key k, and calculate out the public key K=k·G (the dot product operation) (3)The user A sends Ep(a ,b) and the point K , G to the user B.

(4)After receiving the message, user B should encode the plaintext that would be converted to a point M on Ep(a ,b), and calculate out a random integer r (r<n).

(5)The user B calculates C1=M + r·K ; C2=r·G.

(6)The user B sends the C1 、C₂ to the user A.

(7)After receiving the message, the user A calculate M=C1-kC2(for C1-kC2=M+rK-krG=M) , and then decode M to

get the plaintext.

The process of the communication between the user A and B is showed as the following fig.1,

fig.1.the process of the communication with ECC

In this process of encrypted communication, if there is a peeper C, he can only get the value of Ep(a,b), K, G, C1, C2, But it is difficult to solve the k out by given K and G, or to solve the r out by given C2 and G. So the peeper C can not

get the plaintext that is transfered between A and B.

In addition, while ECC algorithm is applied in the system of PKI, CA must be the center, the client should apply for a certification to the CA center, and then the client can communicate with other clients following the established protocols. So we should initialize the CA center and the client machines.

(1)Initialize the CA. CA select one elliptic curve E: y2=x3+ax+b on the finite field Ep, and give a set of elliptic curve parameters that is necessary: p, a, b and G.

(2)

(3)Initialize the client machines. Firstly, the client generate his own public key and private key; and then, the client apply for the certificate to CA by his own public key, after which, CA generate a digital signature to the public key, and generate the digital certificate and return to the client.

(4)

Like this, all the clients and the virtual machines owning the digital certificate can safely conduct the data communication with each other.

THE CONNECTION SYSTEM BETWEEN THE VIRTUAL MACHINE AND USER

Taking advantage of the digital certification based on the ECC algorithm ,we can build the connection between the cloud user and the virtual machine of the cloud platform, so that we can realize the single-line exclusive connection between them, achieve the absolute isolation of the cloud users’ private data, and ensure the secrecy of the communication. The concrete process of the communication is showed as the figure fig.2 shows:

fig.2. the communication between the virtual machine and user

The realization of the system architecture needs three respects: Firstly , reform the platform of cloud management; secondly, reform the logic middleware of the cloud platform; thirdly, reform the client. To achieve protecting the privacy data during the whole process, it is required to guarantee the three respects can support the functions of the digital certification such as signature, verification ,encode and decode. Otherwise, because there are many CA confirms, and many kind of digital certification, we should guarantee the intercommunication of the digital certifications, and make every digital certification that awarded by different CA confirms can get the services of data encode and decode, digital signature and verification and so on.

CONCLUSION

The cloud computing is not only a new kind of network computing technology, but also a kind of new service mode, it brings people much benefit no matter in the respect of production or the way that people live, it can also bring people more convenient application mode, larger storage space and faster computing. There is no doubt that the cloud computing has many advantages that other technology can not exceed. But there still exists an suspicion about that whether the data on the cloud is safe, and whether the virtual cloud platform is trustable, only if the safety issue has been solved, the cloud users’ private data has been protected and the data loss can be avoided, people can accept the cloud computing and use it at ease. Beside the security risk of the users’ private data, there also exists security risk about the virtualization of the cloud computing. In the following days, we will focus on the secure isolation among the virtual machines in the cloud environment.

Acknowledgements

I would like to express my gratitude to all people who helped me much during the writing of this thesis.

My deepest gratitude goes first and foremost to my supervisor, for his constant encouragement and guidance. He has walked me through all the stages of the writing of this thesis. Without his consistent and illuminating instruction,this thesis could not have reached its present form.

Secondly,I would like to express my heartfelt gratitude to Professor Liu , who led me into the world of cloud computing. I am so greatly indebted to the all professors and teachers at the Department of information science and technology in shandong normal university who have instructed and helped me a lot in the two past years.

Last my thanks would go to my beloved family for their loving considerations and great confidence in me all through these years. I also owe my sincere gratitude to my friends an my fellow classmates who gave me their help and time in listening to me and helping me work out my problems during the difficult course of the thesis.

REFERENCES

September 2011

[2]Sean Carlin and Kevin Curran. International Journal of Ambient Compuitng and Intelligence.2011

[3] Attanasio CR. Virtual machines and data security. Proceedings of the workshop on virtual computer systems.

1973.pp. 206–9.

[4]Kaufman,L.M. Security&Privacy,IEEE. 2009. pp.61-64.

[5]foster I,Zhao Yong.Cloud Computing and Grid Computing 360-degree Compared[M]//2008 Grid Computing Environments Workshop,IEEE.Austin, Texas;[s.n.],2008

[6] Carlisle Adam, Steve Lloyd. Understanding PKI : concepts, Standards, and Deployment Considerations. Addison-Wesley Professional,2003.

[7] J.Urquhart. The Biggest Cloud-Computing Issue of 2009 is Trust. (http: // news. Cnet. Com/ 8301-19413_ 3-10133487- 240. html)

[8] Kohlitz. N. Mathematics of Compution,1985,(48),pp.203-209.