Protecting End-to-End Location Privacy in
Cloud Computing Environment
Khushwant Virdi
Anil Kumar
Computer Science
Guru Nanak Dev University, Amritsar (Pb.) 143001
Abstract- Cloud computing is a technology that provides the processing huge amount of data which depend on sharing computing resources like networks, servers, storage, applications, and services. The end-to-end location privacy has been neglecting in the field of cloud computing. Location privacy deals with the hide the location of source and sink from the hackers by providing them fake locations so that hackers can utilize their maximum time to search the fake location instead of original location of source and destination. This paper has focus on various end-to-end location privacy techniques that can be applied in cloud computing. The review has shown that the location privacy is required for cloud computing environment especially for public clouds network.
Index terms- Cloud Computing, Location Privacy, Location Privacy Techniques and Algorithms.
I. INTRODUCTION
Cloud computing is just a technique that gives the dispensation of massive amount data which rely on allocation of computing resources like networks, servers, storage, applications, and services. CC is computing techniques where all the services providing inexpensive computing entities connected by IP networks. It generally does not only supply the resources, but provide the guaranty of a good of service (QoS) of these products like CPU speed, I/O bandwidth and memory size etc with low-priced resources on demand of users which is often easily accessed. Virtualization may be the technique utilized in the cloud computing which provide flexible and scalable hardware services.
Nowadays location privacy is an essential security issue because if the positioning of source and destination is not secure the hacker can easy track the positioning of traveling packet and can extract the
critical information. Location privacy over a network is just a challenging task. The origin location privacy may be explain by utilizing figure 1. In this figure, there is a main server called central server which is destination and there are N number of clients called source connecting to the central server. The central server must utilize the powerful encryption and other security safeguards to guard the client's data.
Fig. 1 End-to-End location privacy of client and central server
The clients can used to store their critical information on the central server. The hackers can monitor the every moment of the client i.e. when user used to store their data on the central server. The hackers are always trying to trace the travelling route of the data packet so that they can extract the critical information from the data packets over the network. The hackers who is monitoring the wireless communication between the source and destination, the sensor will be able to identify the direction of incoming traffic flow and trace back the data transmission path to locate the data source.
A. Activates of Hacker
Chen et al. [1] has discussed the activities of hacker. Some assumptions are assumed that each data packet travels on the network is encrypted by some algorithmic technique and so the hacker cannot
CENTRAL SERVER
CLIENT 1 CLIENT 2
CLIENT N
CLIENT 5 CLIENT 4
CLIENT 3
extract the relevant information from the info packet. The activities of the hackers are discussed as follows. 1. The hacker can arbitrarily walk in the network before the data packet cannot travel on the network from source to destination.
2. The hacker has to choose whether to trace the place of source or destination.
3. The hacker may use some powerful equipment to trace the place of source and destination such as for instance antenna and spectrum analyzer. 4. The hacker can localize the flow of network
traffic of source or destination by analyzing the flow of network traffic. The speed of hacker is slower compared to the speed of transmitted packets in the network.
5. The hacker has sufficient memory space to truly save the tracing information.
6. The hacker knows the routing strategies found in the network.
II. DIFFERENT FORMS OF CLOUD
This section introduces the different forms of cloud models. Generally, four kinds of cloud models are found: private cloud, public cloud, community cloud and hybrid cloud [15].
A. Public Cloud
Public cloud is a form of cloud where computing resources can be found over internet for multiple users and are organized and managed by some third party.
Fig. 2 Public Cloud
The alternative party mentioned here will be the cloud service providers, who provide on-demand scalable and flexible services to the client. This model is managed by some business, academic, or government organization or their combination. It exists on the premises of the cloud provider. That is typically the most popular model among most of the
models since it helps the consumers deploy something in the cloud with a very affordable cost. Most computer users have already been using a few of the software and services supplied by this model such as for instance Google Drive, Drop box, and Gmail.
B. Private Cloud
Private cloud is a processing model where in fact the cloud infrastructure is deployed and provisioned for an individual organization. It can be defined as the interior data centers of a small business that are not open to general public. Using private cloud will be a better choice when consumers have to cope with large data sets where security and data privacy is just a primary concern.
Fig. 3 Private Cloud
1.1. Hybrid Cloud
Whilst the name itself suggests, hybrid cloud is a mix of several distinct models. Hybrid cloud is a type in which a cloud infrastructure is formed by the mixture of public and private cloud models which can be in-house or provided externally. This cloud model will work for the corporation that's more susceptible to move public cloud to private and vice-versa across lots of different resources. By the utilization of portability they meant that any organizations whose data and applications are hosted in public areas cloud
Fig. 3 Private Cloud
C. Hybrid Cloud
As the name itself suggests, hybrid cloud is a combination of two or more distinct models. Hybrid cloud is a model where a cloud infrastructure is formed by the combination of public and private cloud models that can be in-house or provided externally. This cloud model is good for the organization that is more prone to move public cloud to private and vice-versa across a lot of different resources. By the use of portability they meant that any organizations whose data and applications are hosted in public cloud can shift in private cloud according to their need. Generally, private and hybrid cloud infrastructures are only used for specific business purposes, where public cloud is not a suitable choice.
Public Cloud Migrated
applications
Customer A Customer B
XaaS
Private cloud XaaS
PRIVATE CLOUD
INTERNAL CLOUD
EXTERNAL CLOUD
RUN
MANAGE
BUILD APP LOAD
FEDERAION
VMware Vsphere VMware Vsphere
Fig.4 Hybrid Cloud
D. Community Cloud
Community cloud is just a cloud model where in fact the computing resources are shared among several organizations and is managed by more than one participating organizations. This cloud model is simply made for employed in a shared project. As an example, a shared software development environment for an open source project community.
Fig. 5 Community Cloud
III. LOCATION PRIVACY
The positioning privacy is worried with hiding the location the place where a particular form of data messages are generated and where it needs to be send.
A. Source Location Privacy: Pavitha et al. [2] has described Source location privacy describes the capability of protecting the located area of the sender from where in actuality the data has been sent towards the top end server nodes. Prior work in protecting location privacy to monitored objects wanted to improve safety period, that will be defined as the amount of messages initiated byte current source sensor before a monitored object is trace.
B. Destination Location Privacy: Pavitha et al. [2] has described Destination location privacy is generally specialized in protecting the hacker from attaining the located area of the destination. The
destination is the most crucial asset in the network as it irresponsible for processing and analyzing all the information collected by the sensor nodes. Additionally, it serves as a screen between the consumer and the monitored field, allowing the consumer to get into or send commands to sensor nodes. Thus, a hacker alert to the located area of the base station can compromise it, as well as destroy it, rendering the WSN useless.
IV. CLOUD SERVICE MODELS
Cloud is broadly classified into three categories on the cornerstone of delivery, which are as follows [19].
A. Software as a Service (SaaS): The facility provided to the user is by using the service provider's applications running on a cloud infrastructure. Most widespread types of such web-based applications are Facebook, Salesforce.com, Google Apps, SAP, Taleo, and WebEx etc. Every one of these web applications are full-service applications and are typically obtainable from everywhere on the Internet. End user doesn't cope with or organize the fundamental cloud infrastructure which includes system network, web servers systems, mass-storage, as well as person application capabilities, with the promising exemption of restricted user-defined application design settings.
B. Platform as a Service (PaaS): The potential provided to the user is always to deploy onto the cloud infrastructure consumer-produced or acquired applications produced by using encoding languages, class libraries, system services, and tools prolonged by the service provider. The buyer doesn't administer or command the underlying cloud infrastructure including network, servers, systems, or storage, but has domination on the deployed applications and perhaps configuration settings for the application-hosting background.
C. Infrastructure as a Service (IaaS): The facility provided to the finish user is always require to dispensation, storage, networks, and other elemental computing resources where the finish user has the capacity to deploy and run random software that may comprise systems and applications. The finish user doesn't supervise or cope with the fundamental cloud infrastructure although have control upon systems, mass-storage, and deployed applications; and probably inadequate control of selected networking components as an example host firewalls.
HYBRID CLOUD
PRIVATE CLOUD PUBLIC CLOUD
APP LOAD
MANAGEMENT
CLOUD OS
MANAGEMENT
V. LOCATION PRIVACY SCHEMES
There are four location privacy schemes are accustomed to secure the positioning of source and destination [3].
A. Forward Random Walk: Every node relays received packets to a node randomly chosen from its forward neighbors whose hop count to destination isn’t bigger than its own. To improve the location anonymity of the origin and destination, a tree topology is employed at the 2 ends of the delivery path respectively in the bidirectional tree scheme.
Algorithm 1 Forward Random Walk Scheme (Node i)
1: Initiation: Next_hop = null. 2: Build the forward list FRLi. 3: while receive a message m do
4: Randomly select a neighbor from FRLi as Next_hop.
5: Forward the received packet to Next_hop. 6: end while
B. Bidirectional Tree Scheme: The actual messages are delivered over the shortest path from source to destination. To safeguard the origin location privacy, branches are made over the shortest path at the origin side, in that the fake messages are delivered from the leaf nodes to the stem nodes. Since the hacker would trace the origin by moving backward the direction of the packets, the branches will turn the hacker from the true delivery path that may protect the origin location privacy.
Algorithm 2 Bidirectional Tree Scheme (Node i)
1: Initiation: Next_hop = Null, Child_node = Null. 2: Build the neighbor set Ni and the closer list CLi. Randomly select a node from CLi as Next_hop. 3: Child_node ←− RandomSelect(Ni − Next_hop). 4: while receive a real message m do
5: Forward the packet to Next_hop. 6: if Hi > (1 − α2 )Hs then
7: SetTTL(branch_req, L).
8: Send branch_req to Child_node with probability P. 9: else if Hi < α2 Hs then
10: SetTTL(sink_dummy, L).
11: Send sink_dummy to Child_node with probability P.
12: end if 13: end while
C. Dynamic Bidirectional Tree Scheme:It's the mix of above both schemes i.e. forward random walk and bidirectional tree scheme. In this the delivery path of the message differ as time passes i.e. the packet has traveling the cross country from source to destination that may easily boost the difficulties of hacker to trace the packets. To safeguard the origin location privacy a vibrant tree scheme can be used at the origin side.
Algorithm 3 Dynamic Bidirectional Tree Scheme (Node i)
1: Initialization: Next_hop = null, Child_node = null. 2: Build the forward list FRLi.
3: while receive a real message m from node j do 4: Randomly select a node from FRLi as Next_hop and forward the message to Next_hop.
5: Child_node ←− RandomSelect(Ni − Next_hop) 6: if Hs < Hi < Hj then
7: SetTTL(branch_req, L).
8: Send branch_req to Child_node with probability P. 9: else if Hi < Hs and Hi < Hj then
10: SetTTL(sink_dummy, L).
11: Send sink_dummy to Child_node with probability P.
12: end if 13: end while
D. Zigzag Bidirectional Tree:It's another end to-end location privacy protection scheme. This scheme revent from hacker to detecting the way of source or destination. In this scheme, the proxy source and the proxy destination to really make the original messages to send over the zigzag path. It provides the three segments. From the origin to the proxy source, from the proxy source to the proxy sink and from proxy sink to sink.
Algorithm 6 Zigzag Bidirectional Tree Scheme (Node i)
1: Initiation: Next_hop = null, 2: while receive a real message m do 3: Destination ←− GetDestination(m). 4: if IsProxySource(Destination) = true then 5: if IsProxySource(i) = true then
6: Determine Next_hop and forward m towards proxy sink.
7: else
9: Child_node ←− RandomSelect(Ni − Next_hop). 10: SetTTL(branch_req, L).
11: Send branch_req to Child_node with probability P.
12: end if
13: else if IsProxySink(destination) = true then 14: if IsProxySink(i) = true then
15: Determine Next_hop and forward m towards sink.
16: else
17: Determine Next_hop and forward m towards proxy sink.
18: end if
19: else if IsSink(destination) = true then 20: if IsSink(i) = false then
21: Determine Next_hop and forward m towards sink.
22: Child_node ←− RandomSelect(Ni − Next_hop). 23: SetTTL(sink_dummy, L).
24: Send sink_dummy to Child_node with probability P.
25: end if 26: end if 27: end while
VI. LITERATURE SURVEY
Chinnu et al. [5] has proposed Blast technique to guard the base station from both packet tracing and traffic analysis attacks. It provides privacy contrary to the global attackers. The transmission range pair of selected sensors is varied to confuse the attacker. For this, network is divided in to two pair of nodes called blast nodes and ordinary nodes. Receiver is present somewhere inside blast nodes. Blast node retransmits the packet sent by source node inside blast area which is then delivered to the receiver. The hacker is not aware of communication between blast node and actual receiver. Hence, location privacy of the receiver is maintained. Mahmoud et al. [6] has defined a hotspot phenomenon that creates an evident inconsistency in the network traffic pattern due to the large level of packets originating from a small area. Secondly a sensible adversary model was developed which assume that the hacker can monitor the network traffic in multiple areas, rather than the entire network or only one area. Finally, cloud-based scheme has proposed for efficiently protecting source node’s location privacy against Hotspot-Locating attack by developing a cloud with an irregular model
vulnerabilities. Through exploiting the static and aware nature of WSNs. Here a location-aware end-to-end security framework has been developed where each node only stores several secret keys and those secret keys are bound to the node's geographic location. The property of the location-aware keys successfully limits the impact of compromised nodes for their vicinity. In addition has proposed a multifunctional key management framework which ensures both node to- sink and node-to-node authentication along report forwarding routes. Xinfeng Li et al. [12] has proposed an efficient scheme, consisting of anonymous topology discovery and intelligent fake packet injection (IFPI), to safeguard the place privacy of base station. Anonymous topology discovery eliminates the potential threats against base station within topology discovery period. On another hand, IFPI enhances privacy protection strength during data transmission period. Under given conditions, comprehensive simulations demonstrate that their scheme significantly improves privacy strength weighed against existing strategies. Di Tang et al. [13] has proposed a book secure and energy aware (SEAR) routing protocol to deal with two issues concurrently through balanced energy consumption and probabilistic random walking. SEAR was created with two configurable parameters, energy balance control (EBC) and security level. EBC is employed to enforce energy balance and raise the lifetime. Security level was created to determine the probabilistic distribution of the random walking that gives routing security. Mishra et al. [14] has proposed a scheme which assures to make certain both data and context privacy in wireless sensor network. Till now enormous quantity of work have now been carried out for achieving privacy in sensor networks. But maximum of those works concentrates on routing techniques. Although these techniques can be robust against different hackers attacks. Ouyang et al. [16] has focused on the best way to protect the origin location against laptop-class attackers who've an international view of the network traffic. Here four schemes were proposes —global, naïve, greedy, and probabilistic—to cope with laptop class attacks. The inexperienced solution uses protection messages sent periodically to cover up real event reports. The global and greedy solutions increase the naive solution by reducing the latency of event delivery without increasing communiqué overhead. The probabilistic
explanation further improves the performance by sinking communication overhead without sacrificing location privacy. Mauro Conti et al. [17] a pair of base stations is randomly selected making use of their locations recognized to all. Instead it hides which base station will be found in an operation. Even when its location is famous, attacker has for the most part a 50% chance of having success in single tryout. Good quality scheme is focused on known locations of base stations in place of hiding them. Shahare et al. [18] has proposed very efficient scheme to secure the positioning privacy of sink node. It tries to secure the positioning of sink node by making it anonymous from the network. The blast technique is useful for security purpose. The proposed technique is just tryout to improve efficiency of blast scheme when it comes to both energy and delay.
VII. GAPS IN LITERATURE SURVEY
There are three gaps seen in the existing system. We will try to overcome these gaps in the future.
1. The use of location privacy has been neglecting in the field of cloud computing. 2. The issues of safety in end-to-end latency
have also been ignored.
3. The energy consumption of end-to-end location privacy algorithm is quite more than available methods thus we try to reduce the energy consumption in future.
VIII. CONCLUSION
cloud users and high end servers. The review has shown that the location privacy has very significant research with respect to safety period but in cloud computing environment public network are used so safety of end to end users and high end servers has become a challenging issue.
IX. FUTURE WORK
In near future, to overcome the issue of zigzag based location privacy algorithm has been introduced to secure the safety period and also energy consumption will be further removed by using the effect of data fusion.
REFERENCES
[1] Chen, Honglong, and Wei Lou. "From nowhere to somewhere: protecting end-to-end location privacy in wireless sensor networks." In Performance Computing and Communications Conference (IPCCC), 2010 IEEE 29th International, pp. 1-8. IEEE, 2010.
[2] Pavitha, N., and S. N. Shelke. "Providing Source and Sink Location Privacy against a Global Eavesdropper in Sensor Networks." International Journal of Research 1, no. 6 (2014): 63-68. [3] Chen, Honglong, and Wei Lou. "On protecting
end-to-end location privacy against local eavesdropper in Wireless Sensor Networks." Pervasive and Mobile Computing (2014).
[4] Mehta, Kiran, Donggang Liu, and Matthew Wright. "Location privacy in sensor networks against a global eavesdropper." In Network Protocols, 2007. ICNP 2007. IEEE International Conference on, pp. 314-323. IEEE, 2007. [5] Chinnu Mary George and Teslin Jacob, ―Privacy
Towards Base Station In Wireless Sensor Networks Against a Global Eavesdropper – A Survey,‖ International Journal of Computer Science and Management Research, Vol 2, Issue, February 2013. pp. 1493-1497.
[6] Mahmoud, Mohamed MEA, and Xuemin Shen. "A cloud-based scheme for protecting source-location privacy against hotspot-locating attack in wireless sensor networks." Parallel and Distributed Systems, IEEE Transactions on 23, no. 10 (2012): 1805-1818.
[7] Li, Yun, and Jian Ren. "Source-location privacy through dynamic routing in wireless sensor
networks." In INFOCOM, 2010 Proceedings IEEE, pp. 1-9. IEEE, 2010.
[8] Li Yun, Jian Ren, and Jie Wu. "Quantitative measurement and design of source-location privacy schemes for wireless sensor networks." Parallel and Distributed Systems, IEEE Transactions on 23, no. 7 (2012): 1302-1311.
[9] Debnath, Ashmita, Pradheep kumar Singaravelu, and Shekhar Verma. "Privacy in wireless sensor networks using ring signature." Journal of King Saud University-Computer and Information Sciences (2014).
[10]Mehta, Kiran, Donggang Liu, and Matthew Wright. "Location privacy in sensor networks against a global eavesdropper." In Network Protocols, 2007. ICNP 2007. IEEE International Conference on, pp. 314-323. IEEE, 2007. [11]Ren, Kui, Wenjing Lou, and Yanchao Zhang.
"LEDS: Providing location-aware end-to-end
data security in wireless sensor
networks." Mobile Computing, IEEE Transactions on 7, no. 5 (2008): 585-598. [12]Li, Xinfeng, Xiaoyuan Wang, Nan Zheng,
Zhiguo Wan, and Ming Gu. "Enhanced location privacy protection of base station in wireless sensor networks." In Mobile Ad-hoc and Sensor Networks, 2009. MSN'09. 5th International Conference on, pp. 457-464. IEEE, 2009. [13]Tang, Di, Tingting Jiang, and Jian Ren. "Secure
and energy aware routing (sear) in wireless
sensor networks." In Global
Telecommunications Conference (GLOBECOM 2010), 2010 IEEE, pp. 1-5. IEEE, 2010.
[14]Mishra, Sarthak, and Asst Prof Manjusha Pandey. "Enhanced Ring Signatures Schemes for Privacy Preservation in Wireless Sensor Networks." (2014).
[15]Shah, Khusboo. "Survey on cloud based testing tools." (2014).
[16]Ouyang, Yi, Zhengyi Le, Donggang Liu, James Ford, and Fillia Makedon. "Source location privacy against laptop-class attacks in sensor networks." In Proceedings of the 4th international conference on Security and privacy in communication networks, p. 5. ACM, 2008. [17]Mauro Conti, Bruno Crispo, and Jeroen
[18]Shahare, Priti C., and Nekita A. Chavhan. "Secure and Efficient Sink Node Location Privacy Technique in WSN." Traffic 3, no. 3 (2014).
[19]Narula, Bisret, and Vinod Beniwal. "Cloud Testing-Types, Service Platforms and Advantages." International Journal of Computer Applications 72, no. 20 (2013).
AUTHOR PROFILE
Khushwant Virdi received her B-Tech degree in Computer Science
& Engineering from Global
Institutes of Management and Emerging Technology and Pursuing M. Tech from Guru Nanak Dev University (Amritsar) India. Her
area of interest are Cloud
Computing.
Anil Kumar received his M-Tech degree in Computer Science & Engineering from Guru Nanak Dev University (Amritsar) India. He is currently working as
Assistant Professor in CSE
