Design and Development of Security
Framework for Data Storage in Public Cloud
Model
Amit Kumar Pillai1, Prof. Anshul Khurana2
Research Scholar, Department of Computer Science Engineering, Shri Ram Institute of Technology - [SRIT],
Madhya Pradesh, India1
Professor & Guide, Department of Computer Science Engineering, Shri Ram Institute of Technology - [SRIT],
Madhya Pradesh, India2
ABSTRACT: In the modern era of computing, secure data sharing has become one of the challenges when considering the adoption of multi-cloud storage services. It has become one of the essential services in cloud computing. Many advantages of multi-cloud storage attracts the individuals and organization to move their data from remote to cloud servers. Recently many Multi-cloud storage services have been proposed but most of them focus on the single specific organization and file formats. In addition most providers use attribute based encryption which encrypts only particular database fields which reduces the trust of the many individuals and organizations. The biggest challenge that the present business world faces in multi-cloud storage is that there is no single standard architecture and procedure that can meet the requirements of the individuals and organizations. In order to address this challenge, this paper presents an effective architectural framework with a standard algorithm which would enable to enhance the secure data sharing through dynamic index based cryptographic data slicing.
KEYWORDS: Cloud Security, Authentication, Encryption, Decryption , Cloud storage., intrusion detection, attacks, Slice.
I. INTRODUCTION
internal networks to provide cloud computing services for their own users. These centralized storage of data in clouds offer the highest level of security and control, but they require the company to still purchase and maintain all the software and infrastructure, which reduces the cost savings. External clouds: It is refer as public cloud. It is use for the public users such as enterprises that provide cloud computing services. Hybrid clouds these are the clouds that is combination of various multiple private and/or public clouds [4].
Fig 1: Cloud Computing Types
The three widely referenced cloud computing service models are illustrated as follows:
1. Software as a Service (SaaS): It refers to services that is provided to the users by giving users’ the efficacy to access services of cloud by running on a simple software like a browse. Examples: Gmail, Google Groups. This model is also known as Application Service Provider or ASP model.
2. Platform as a Service (Paas): This service allows theusers’ to develop applications and deploy them. Examples: Google App Engine allows developers to create customized apps.
3. Infrastructure as a Service (IaaS): This service allows users’ to access the servers’ computational and storage infrastructure in a centralized service [2] [3] [6]. Say for an example, we have Amazon Web Services. It allows remote access to Amazon.com’s computing services.
II. ISSUES IN CLOUD SECURITY
A guaranteed security service will enhance the business performance of the cloud service provider. Security is an Essential service to be provided to the clients, a cloud service provider should assure. Secure cloud is a reliable source of information. Protecting the cloud is a very important task for security professionals who are in charge of the cloud. Cloud can be protected by protecting the data, making sure data is available for the customers, delivering high performance for the customers, using Intrusion Detection System on cloud and to monitor any malicious activities. For the safety purpose, the provider’s must provide a support system for the client’s so that every client must be able to recover their own data loss in the cloud environment. Therefore, the encryption technique must be adopted in cloud by the provider’s to their client’s for integrity and authentication of data. When it comes to Security, cloud has lot of difficulties. The provider’s must make sure that the client does not face any problem such as data loss or data theft. There is also a possibility where a malicious user can penetrate the cloud by impersonating a legitimate user and there by infecting the entire cloud thus affecting many customers who are sharing the infected cloud.
The various problems faced by the cloud computing can be classified as:
1. Infected Application: Vendor should have the completeaccess to the server for monitoring and maintenance, thus preventing any malicious user from uploading any infected application onto the cloud which will severely affect the customer. The applications are available as a service on cloud , Cloud providers ensure that services to users and secure these application by implementing testing and acceptance procedures for outsourced or packaged application code. It also requires application security measures (application level firewalls) be in place in the production environment.
2. Authentication: The authentication of the respondent device or devices like IP spoofing, RIP attacks, ARP poisoning (spoofing), and DNS poisoning are all too common on the Internet. TCP/IP has some “unfixable flaws” such as “trusted machine” status of machines that have been in contact with each other, and tacit assumption that routing tables on routers will not be maliciously altered. One way to avoid IP spoofing by using encrypted protocols wherever possible. They also suggest avoiding ARP poisoning by requiring root access to change ARP tables; using static, rather than dynamic ARP tables; or at least make sure changes to the ARP tables are logged.
3. Data Verification: Things like tampering, loss and theft,while on a local machine, while in transit, while at rest at the unknown third-party device, or devices, and during remote back-ups. Resource isolation ensures security of data during processing, by isolating the processor caches in virtual machines, and isolating those virtual caches from the Hypervisor cache.
4. Availability: Cloud providers assure customers that theywill have regular and predictable access to their data and applications.
III. BACKGROUND AND RELATED WORK
An overview of different data security issues related to cloud computing provided by Joshi et al. in 2010, [8] This piece of work focuses on how to achieve the security in cloud computing and which are various ways to enhance the secure trustworthy cloud environment. on the basis of various issues identifies Farzad Sabahi [9], proposed a system that deals with the problem of ensuring the integrity of data storage in cloud with the help of a Third Party Auditor. Data integrity is achieved through the public auditing that is carried out on the users data by the Third Party Auditor.
In 2011, Ashish Agarwal et al. [10], This paper talks about security issues concerned with cloud computing. It has revealed many about many serious security threats that prevails this field. Kui Ren [13], proposed the publicly auditable cloud data storage which is able to help the cloud economy become fully established. This auditing service helps the data owners’ to maintain their data effectively that is present in the cloud storage. The proposed system accounts the users regarding the usage of their data by both the user himself and the TPA. Services for the legacy users is made available, who may not only access but also modify the data in the cloud.
The author Prashant Rewagad et al. [2] propose an architecture for providing security in cloud network. These systems architecture uses the combination of digital signature algorithm of Diffie Hellman and AES encryption. The author Ashutosh Kumar et al.[11] highlights on providing a secure architectural framework for data gathering and sharing. This spectacular work of this project of this work is that the authors have made a permission hierarchy at different levels.
The authors have focused on security but with view of use hierarchy. M.Venkatesh et al .In 2012, [12] proposes RSASS system for data security. The scheme uses RSA algorithm for encrypting large files and storing the data. The system can be used for storing large databases. But the use of linear methods compromises with the data retrieval speed. Hence, this system is good for static data. Farzad Sabahi [9] explains about the scope of various enterprises migrating to cloud. The author explains how migration to cloud can benefit various enterprises. Cloud computing migration involves considering the gravity of issue of security.
Aderemi A. Atayero [7], proposed an auditing system which is carried out in such a way that the Third Party Auditor does its job without demanding the copy of user’s data. Also the Third Party Auditor is not capable of deriving the user’s data while performing the auditing task. To verify the correctness of the cloud data on demand from the cloud users the Third Party Auditor is used, who without retrieving a copy of the whole data or introducing additional online burden to the cloud users performs the auditing.
Block tag authentication is made to handle the data from the cloud storage efficiently. For the data that is stored in the cloud database, there is need for remote data integrity check which assurers the cloud users with a sense of security regarding their data. The third party audit ting has to be made available in such a way that no additional burden is introduced to the cloud users. A single Third Party Auditor is capable of handling multiple auditing tasks, which is achieved with the bilinear aggregate signature technique.
The author Arjun Kumar specifies a method in 2012 [1] that allows user to store and access the data securely from the cloud storage. It also guarantees that no one except the authenticated user can access the data neither the cloud storage provider. This method ensures the security and privacy of data stored on cloud. A further advantage of this method is that if there is security breach at the cloud provider, the user’s data will continue to be secure since all data is encrypted. Users also need not to worry about cloud providers gaining access to their data illegally.
In 2013 ,the author Mr. Prashant Rewagad , Ms.Yogita Pawar [2] focuses on the idea of security and authentication His piece of work makes use of a combination of authentication technique and key exchange algorithm blended with an encryption algorithm. This combination is referred to as “Three way mechanism” because it ensures all the three protection scheme of authentication, data security and verification, at the same time.
since key in transit is of no use without user’s private key, which is confined only to the legitimate user. Author Mohamed Nabeel, Elisa Bertino Fellow in this paper, focused on the utilization of encrypted cloud data with practical system usability and high-level user searching experience. Focus on encryption of data using RSA algorithm. [4] The author Sushmita Ruj, Milos Stojmenovic, Amiya Naya[5]in this paper an approach, based on two layers of encryption, the data owner performs a coarse-grained encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted data.
The author Xueli Huang and Xiaojiang Du [6] “Efficiently Secure Data Privacy on Hybrid cloud” This present a privacy preserving access control scheme for clouds. This paper not only provides fine-grained access control but also authenticates users who store information in the cloud. The cloud however does not know the identity of the user who stores information, but only verify the user’s credentials. Key distribution is done in a decentralized way. One limitation is that the cloud knows the access policy for each record stored in the cloud.
The author Orner K. Jasim Mohammad, Safia Abbas, EI-Sayed M. EI-Horbaty : In this Paper[7] The sensitive data is separated from non-sensitive data, and only the non-sensitive data is outsourced to public cloud.
IV. PROBLEM STATEMENT
The Securing user data is the responsibility of cloud provider. So, efficient security mechanism needs to be design using encryption The related above work had considered the various security issues. They are provided various mechanism for securing large volume of data on , only use of cryptography for encryption/ decryption doesn’t prove to be much effective for cloud systems as this conversion involves huge and very complex mathematical computations and All types of data are stored using the same and single encryption algorithms. The cost of storing the data on Cloud is high. Here will need more space for storage. The required time to encrypt and decrypt the data to/from the Cloud is long.
V. PROPOSED SYSTEM
In proposed approach we are splitting the data into various slices, then applying here various different encryption algorithms according to their security level. The level of complexity of security varies according levels and complex encryption algorithm will going to choose. This various encryption algorithm provide more security than using single encryption algorithm to encrypt the data. After doing this we will going to see the comparative analysis of the encrypting the complete data without classification and the proposed scheme to analysis space, time and cost requirement for both.
VI. DATA SLICING AND CRYPTOGRAPHY
Data slicing is done using data fragmentation technique horizontal or vertical or mixed fragmentation technique to creates the segments of data. The whole data set get slice into 3 segments either by using vertical, horizontal or mixed fragmentation technique. This slices of segments are encrypted using 3 different encryption algorithm. And then upload this chunk of segments to the cloud. On this chunk of segments use encryption & decryption process before uploading chunk of data on cloud and after downloading of chunk of data from cloud server. Each chunk encrypted with different cryptographic algorithm.
Step1:-Load master data into dataset.
Step2:-Segment the data set.
Step
3:-Apply different security algorithm on each segments simultaneously.
Step
TABLE 1
Comparative execution times (in ms) of encryption calculations with various bundle measure.
Input Size in (Kbytes) AES 3DES
62 81 137
72 91 157
113 115 205
260 205 385
334 305 585
707 475 925
912 646 1267
976 811 1597
5358 4555 9085
7323 6057 12089
Table Comparative Execution Time
Fig. Graph of Comparative Execution Time
0 2000 4000 6000 8000 10000 12000 14000
1 2 3 4 5 6 7 8 9 10
Input Size in (Kbytes)
AES
TABLE 2
Similar Average Time (in milliseconds) of encryption calculations with various parcel estimate.
Input Size in (Kbytes) AES 3DES
1599 1321 2630
Table Comparative Average Time
Fig. Graph of Comparative Average Time
VII. CONCLUSION
Cloud computing has recently emerged as a paradigm for managing and delivering services over the internet. The rise of this technology is changing rapidly the way of IT, and providing the promise for computation of utilities in a reality. The benefits offered by this technology, the current technologies are not matured enough to realize its full potential. So many challenges are here in this domain Infected Application, Data protection, Availability, Data Verification, Authentication . All this mentioned problems are because of there is not clear method to divide the data into various slices and used different encryption algorithms according to the security of encryption algorithm. In this proposed
Series1 0
1000 2000 3000
AES
3DES
scheme we solve the problem security and increase the security level of data than previous techniques.
REFERENCES
[1].Arjun Kumar , Byung Gook Lee, Hoon Jae Lee.” Secure Storage and Access of Data in Cloud Computing” In ICTC2012.
[2] Mr. Prashant Rewagad , Ms.Yogita Pawar. “Use of Digital Signature with Diffie Hellman Key Exchange and AES Encryption Algorithm to Enhance Data Security in Cloud Computing. In International Conference on Communication Systems and Network Technologies 2013.
[3]S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Proceedings of Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization 2010, January 2010.
[4]. Mohamed Nabeel, Elisa Bertino Fellow.IEEE” Privacy Preserving Delegate Access Control in Public Clouds”.January 2012
[5]. Sushmita Ruj, Milos Stojmenovic, Amiya Naya “ Privacy Preserving Access Control with Authentication for Securing Data in Clouds”.2012 [6]. Xueli Huang and Xiaojiang Du “Efficiently Secure Data Privacy on Hybrid
Cloud”. IEEE ICC 2013 - Communication and Information Systems Security Symposium.
[7]. Orner K. Jasim Mohammad, Safia Abbas, EI-Sayed M. EI-Horbaty : “A Comparative Study between Modern Encryption Algorithms based On Cloud Computing Environment” -2013 IEEE .
[8] Joshi, J.B.D., Gail-Joon Ahn. Security and Privacy Challenges in Cloud Computing Environments. IEEE Security Privacy Magazine, Vol 8, IEEE Computer Society, 2010, p.24-31.
[9] Farzad Sabahi. Cloud Computing Security Threats and Responses. Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference.
[10]Ashish Agarwal, Aparna Agarwal. The Security Risks Associated with Cloud Computing. International Journal of Computer Applications in Engineering Sciences [VOL I, SPECIAL ISSUE ON CNS, JULY 2011] [ISSN: 2231-4946].
[11]Ashutosh Kumar Dubey, Animesh Kumar Dubey, Mayank Namdev, Shiv Shakti Shrivastava. Cloud-User Security Based on RSA and MD5 Algorithm for Resource Attestation and Sharing in Java Environment. Software Engineering (CONSEG), CSI Sixth International Conference, Sept. 2012
[12]M.Venkatesh, M.R.Sumalatha, Mr.C.SelvaKumar. Improving Public Auditability, Data Possession in Data Storage Security for Cloud Computing. Recent Trends In Information Technology (ICRTIT), 2012 International Conference, April 2012.
