Study of Secure Data in Multi-Cloud Using DROPS Techniques

(1)

Author: Mrs Indhumathi, Student, M.E(II), Computer Science and Engineering, Vivekanandha College of Engineering for Women, Thiruchencode, Namakkal, India. E-Mail: [email protected] Page 32

Study of Secure Data in Multi-Cloud Using DROPS Techniques

1_{Mrs Indhumathi,}2_{Mrs Subathra,}3_{Ms Gowdhami}

1_{Student, M.E(II), Computer Science and Engineering, Vivekanandha College of Engineering for Women, Thiruchencode,} Namakkal, India. E-Mail: [email protected]

2_{Assistant Professor , Computer Science and Engineering, Vivekanandha College of Engineering for Women, Thiruchencode,} Namakkal, India. E-Mail: [email protected]

3_{Assistant Professor ,}_Computer_{Science and Engineering, Vivekanandha College of Engineering for Women, Thiruchencode,} Namakkal, India. E-Mail: [email protected].

Article Information:

Article history: Received 04 December 2015 Accepted: 07 December 2015 Available online 15 January 2016.

Abstract---- Outsourcing data to a third-party administrative control, as is done in cloud computing, gives rise to security concerns. The data compromise may occur due to attacks by other users and nodes within the cloud. Therefore, high security measures are required to protect data within the cloud. However, the employed security strategy must also take into account the optimization of the data retrieval time. In this paper, we propose Division and Replication of Data in the Cloud for Optimal Performance and Security (DROPS) that collectively approaches the security and performance issues. In the DROPS methodology, we divide a ﬁle into fragments, and replicate the fragmented data over the cloud nodes. Each of the nodes stores only a single fragment of a particular data ﬁle that ensures that even in case of a successful attack, no meaningful information is revealed to the attacker. Moreover, the nodes storing the fragments, are separated with certain distance by means of graph T-colouring to prohibit an attacker of guessing the locations of the fragments. Furthermore, the DROPS methodology does not rely on the traditional cryptographic techniques for the data security; thereby relieving the system of computationally expensive methodologies. We show that the probability to locate and compromise all of the nodes storing the fragments of a single file is extremely low. We also compare the performance of the DROPS methodology with ten other schemes. The higher level of security with slight performance overhead was observed.

Keywords---- Centrality, cloud security, fragmentation, replication, performance.

1.0 INTRODUCTION

Cloud computing creates a large number of security issues and challenges. These issues range from the required trust in the cloud provider and attacks on cloud interfaces to misusing the cloud services for attacks on other systems. The main problem that the cloud computing paradigm implicitly contains is that of secure outsourcing of sensitive as well as business-critical data and processes. Each of the introduced

(2)

architectural patterns provides individual security merits, which map to different application scenarios and their security needs

Replication of applications allows to receive multiple results from one operation performed in distinct clouds and to compare them within the own premise. Partition of application System into tiers allows separating the logic from the data. This gives additional protection against data leakage due to flaws in the application logic. Partition of application logic into fragments allows distributing the application logic to distinct clouds. Partition of application data into fragments allows distributing fine-grained fragments of the data to distinct clouds.

2.0 LITERATURE SURVEY

In [3] effective successful attack on a Cloud control interface grants the attacker a complete power over the victim's account, with all the stored data included. In this paper, the authors provided a security analysis pertaining to the control interfaces of a large Public Cloud (Amazon) and widely used Private Cloud software (Eucalyptus). Their research results are alarming: in regards to the Amazon EC2 and S3 services, the control interfaces could be compromised via the novel signature wrapping and advanced XSS techniques. Similarly, the Eucalyptus control interfaces were vulnerable to classical signature wrapping attacks, and had nearly no protection against XSS. As a follow up to those discoveries, they additionally describes the countermeasures against these attacks, as well as introduce a novel "black box" analysis methodology for public Cloud interfaces. The cloud computing paradigm has been hailed for its promise of enormous cost-saving potential. In spite of this euphoria, the consequences regarding a migration to the cloud need to be thoroughly considered. Amongst many obstacles present, the highest weight is assigned to the issues arising within security.

In [5] they decompose any computation to an equivalent logic circuit, and implement the basic gates in terms of the ―plus‖ and ―multiply‖ operations. The circuit results in a cipher text encoding the result of the computation that is sent back to the user for decryption. There are two key problems with this approach: first, no practical fully homomorphism encryption schemes exists yet ; second, as we will argue, even if fully homomorphism encryption was available at the cost of other cryptographic operations today, it would still be inefficient for most computations and could be replaced with a simpler architecture that is already realisable at a low cost today. They devoted the remaining of this paper in describing a

(3)

cryptographic architecture that could be made available today to solve aspects of the problem of privacy in the cloud at a relatively similar cost as if homomorphism encryption was used. While the network overheads of the proposed approach will be higher, its advantage is that it can be deployed today.

In [6] Virtualisation causes a location independence of offered services which could interfere with domain specific legislative regulations. In this paper, we present an approach of putting the cloud user back into power when migrating data and services into and within the cloud. They outlined their work in progress, that aims at providing a platform for developing flexible service architectures for cloud computing with special consideration of security and non-functional properties. The recent progress in virtual sing storage and computing resources combined with service oriented architectures (SOA) and broadband Internet access has led to a renaissance of already known concepts developed in research fields like grid, utility and autonomic computing. Today, the term cloud computing describes different ways of providing on-demand and pay-per-use access to elastic virtualised computing resource pools. These resources are abstracted to services so that cloud computing resources can be retrieved as infrastructure, platform and software services respectively

In [7] Optimized MPC comparison operations for processing high volume data in near real-time. They then designed privacy-preserving protocols for event correlation and aggregation of network traffic statistics, such as addition of volume metrics, computation of feature entropy, and distinct item count. Optimizing performance of parallel invocations, they implemented their protocols along with a complete set of basic operations in a library called SEPIA. We evaluate the running time and bandwidth requirements of their protocols in realistic settings on a local cluster as well as on Planet Lab and show that they work in near real-time for up to 140 input providers and 9 computation nodes. Compared to implementations using existing general-purpose MPC frameworks, their protocols are signiﬁcantly faster, requiring, for example, 3 minutes for a task that takes 2 days with general-purpose frameworks. This improvement paves the way for new applications of MPC in the area of networking. Finally, they ran SEPIA’s protocols on real traffic traces of 17 net- works and show how they provide new possibilities for distributed troubleshooting and early anomaly detection.

In [8] User communicates with a resource-constrained Trusted Cloud (either a private cloud or built from multiple secure hardware modules) which encrypts algorithms and data to be stored and later on queried in the powerful but un trusted Commodity Cloud. They split their protocols such that the Trusted

(4)

Cloud performs security-critical pre- computations in the setup phase, while the Commodity Cloud computes the time-critical query in parallel under encryption in the query phase .Many enterprises and other organizations need to store and compute on a large amount of data. Cloud computing aims at renting such resources on demand. Today's cloud providers offer both, highly available storage (e.g., Amazon's Elastic Block Store ) and massively parallel computing resources (e.g., Amazon's Elastic Compute Cloud (EC2) with High Performance Computing (HPC) Clusters at low costs, as they can share resources among multiple clients. On the other hand, sharing resources poses the risk of information leakage. Currently, there is no guarantee that security objectives stated in Service Level Agreements (SLA) are indeed fulfilled. Consequently, when using the cloud, the client is forced to blindly trust the provider's mechanisms and configuration . Due to regulatory reasons, contractual obligations, or protection of intellectual property, cloud clients require confidentiality of their outsourced data, that computations on their data were processed correctly (verifiability), and that no tampering happened (integrity).

In [1] To maximize eﬃciency multiple VMs may be simultaneously assigned to execute on the same physical server. Moreover, many cloud providers allow ―multi-tenancy‖ — multiplexing the virtual machines of disjoint customers upon the same physical hardware. Thus it is conceivable that a customer’s VM could be assigned to the same physical server as their adversary. This in turn, engenders a new threat that the adversary might penetrate the isolation between VMs (e.g., via a vulnerability that allows an ―escape‖ to the hypervisor or via side-channels between VMs) and violate customer conﬁdentiality. This paper explores the practicality of mounting such cross-VM attacks in existing third-party compute clouds. The attacks they considered require two main steps: placement and extraction. Placement refers to the adversary arranging to place their malicious VM on the same physical machine as that of a target customer.

3.0 SUMMARY

In this study the performance of the DROPS methodology with the algorithms discussed in Section The behavior of the algorithms was studied by:

 Increasing the number of nodes in the system,

 Increasing the number of objects keeping number of nodes constant,  Changing the nodes storage capacity

(5)

The aforesaid parameters are significant as they affect the problem size and the performance of algorithms.

The data blocks is stored and retrieved in different cloud locations based on the storage and computational capability. Thus the proposed system explores such issue to provide the support of variable-length block verification. Likewise, the privacy level for all cloud providers is analyzed by trusted authority and security degree and performance is quantified for encryption algorithms.

4.0 CONCLUSION

The problem of secure communication is eliminated. In addition, the application required less working experience in systems to run the software. The application is tested well so that the end users use this software for their whole operations. It is believed that almost all the system objectives that have been planned at the commencement of the software development have been net with and the implementation process of the project is completed. A trial run of the system has been made and is giving good results the procedures for processing is simple and regular order. The process of preparing plans been missed out which might be considered for further modification of the application. The project effectively stores and retrieves the records from the cloud space database server. The records are encrypted and decrypted whenever necessary so that they are secure. The data integrity in cloud environment is not considered. The error situation can be recovered if there is any mismatch. The web site and database can be hosted in real cloud place during the implementation.

5.0 REFERNCES

[1] T. Ristenpart , E. Tromer, H. Shacham, and S. Savage, ―Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds,‖ Proc. 16th ACM Conf. Computer and Comm. Security (CCS ’09), pp. 199-212, 2009. [2] Y. Zhang, A. Juels, M.K.M. Reiter, and T. Ristenpart, ―Cross-VM Side Channels and Their Use to Extract Private Keys,‖

Proc. ACM Conf. Computer and Comm. Security (CCS ’12), pp. 305-316, 2012.

[3] J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, ―All Your Clouds Are Belong to Us: Security Analysis of Cloud Management Interfaces,‖ Proc. Third ACM Workshop Cloud Computing Security Workshop (CCSW ’11), pp. 3-14, 2011.

[4] S. Bugiel, S. Nu ¨ rnberger, T. Po ¨ppelmann, A.-R. Sadeghi, and T.Schneider, ―AmazonIA: When Elasticity Snaps Back,‖ Proc. 18th ACM Conf. Computer and Comm. Security (CCS ’11), pp. 389-400, 2011.

[5] G. Danezis and B. Livshits, ―Towards Ensuring Client-Side Computational Integrity (Position Paper),‖ Proc. ACM Cloud Computing Security Workshop (CCSW ’11), pp. 125-130, 2011.

(6)

[6] S. Groß and A. Schill, ―Towards User Centric Data Governance and Control in the Cloud,‖ Proc. IFIP WG 11.4 Int’l Conf. Open Problems in Network Security (iNetSeC), pp. 132-144, 2011.

[7] M. Burkhart,M. Strasser, D. Many, and X. Dimitropoulos, ―SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics,‖ Proc. USENIX Security Symp., pp. 223-240, 2010.

[8] D. Hubbard and M. Sutton, ―Top Threats to Cloud Computing V1.0,‖ Cloud Security Alliance, http://www.Cloud securityalliance.org/topthreats, 2010.

[9] M. Armbrust, A. Fox, R. Griﬃth, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia. A view of cloud computing. Commun. ACM, 53(4):50–58, 2010.

[10] R. Meushaw and D. Simard. A network on a desktop. NSA Tech Trend Notes, 9(4), 2000. http://www.vmware.com/pdf/TechTrendNotes.pdf.

[11] P. England and J. Manferdelli. Virtual machines for enterprise desktop security. Information Security Technical Report, 11(4):193 – 202, 2006.

[12] T. Garﬁnkel, B. Pfaﬀ, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In ACM Symposium on Operating Systems Principles, pages 193–206. ACM, 2003.

[13] O. Ac¸cmez. Yet another microarchitectural attack: Exploiting I-cache. In ACM Workshop on Computer Security Architecture, pages 11–18, October 2007.

[14] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get oﬀ of my cloud: Exploring information leakage in third-party compute clouds. In 16th ACM Conference on Computer and Communications Security, pages 199–212, 2009. [15] Gnu Privacy Guard. www.gnupg.org, 2012.

[16] J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. Openpgp message format. Technical report, RFC 2440, November, 1998.

[17] McIntosh, M., and Austel, P. XML Signature Element Wrapping attacks and Countermeasures. In SWS '05: Proceedings of the 2005 workshop on Secure web services (New York, NY, USA, 2005), ACM Press, pp. 20-27.