Research Article
a
November
2017
Computer Science and Software Engineering
ISSN: 2277-128X (Volume-7, Issue-11)
A Survey on Secured Approach of External Cloud without
Avoiding the Data Integrity
Ankur P. Saikia*
M.Tech- Scholar, Dept. of Computer Science & Engineering, Assam Down Town University, Assam, India
Prof. (Dr.) L. P. Saikia
Dean, Faculty of Engineering, Assam Down Town University, Assam, India
Abstract— Cloud Computing settled state of mind has included a New York minute inmany organizations. Cloud Computing offers numerous advantages in uncertainty of delicate cost and administration of information. Guaranteeing the guarantee of exceed processing assumes a leisure activity part in the leave in the shade registering, as clients regularly five and dime shop imperative data by all of obscuration automated data suppliers in any case these suppliers make out be hazardous. Clients are pondering generally assaults on the arrangement of significant worth and the accessibility of their story in the diminish from terrible insiders and untouchables, and from accepting nobody guarantee worth of diminish administrations. These issues are strongly critical yet there are still around space for stake investigating in leave in the shade processing. Managing by the entire of "single cloud" suppliers is anticipated to wind up noticeably slight well known commonly clients appropriate to dangers of engagement in movement application accessibility blemish and the incident of wretched insiders in the fair hit cloud. An arrangement towards "multi-mists", or in particular words, "inter clouds" or "billow of-Cloud" has expanded as of late.
The thought process of this freebee is to skim late research over each other to hit and multi-mists cash in the bank and to give conceivable arrangements. It is rely on that the examination into the demonstration with respect to of multi-cloud suppliers to sponsor security has gotten rare consideration from the exploration swarm than has the oversee of fair hit mists. This exchange tries to protect the consider of multi-mists guerdon to its adaptability to influenced a long story to short security chances that push the distributed computing buyer.
Keywords— Cloud Computing, Data confidentiality, Data Integrity, Service Availability
I. INTRODUCTION
The utilization of Cloud Computing has enhanced quickly in numerous associations. Subashini and Kavitha [61] contend that little and medium organizations utilize distributed computing administrations for different reasons, including giving quick access to their applications and decreasing their foundation costs. The distributed computing ventures spending in USA between 2010 to 2015 will be at 40% yearly development rate (CAGR) and will pass $7 billion by 2015 [36]. Moreover, analysts evaluated that 12% of programming business sector will push toward distributed computing inside the following 5 years and the sum development of distributed computing business sector will reach $95 billion [61].
Security and protection are thought to be the basic angles in a distributed computing condition because of the touchy and vital data put away in the cloud for clients. Cloud suppliers should address security and protection issues as an issue of high and critical need.
Managing "single cloud" suppliers is ending up fewer mainstreams with clients because of potential issues, for example, benefit accessibility disappointment and the likelihood that there are malevolent insiders in the single cloud. As of late, there has been a move towards "multi-Cloud", "intercloud" or "billow of-mists".
This paper concentrates more on the issues identified with the information security and protection perspectives in distributed computing, for example, information uprightness, information classification and administration accessibility. As information and data will be imparted to an outsider, distributed computing clients need to maintain a strategic distance from a risky or untrusted cloud supplier. Ensuring private and imperative data, for example, charge card points of interest or a patient‟s restorative records from aggressors or pernicious insiders are of basic significance. What's more, the potential for relocation from a solitary cloud to a multi-cloud condition is analysed and inquire about identified with security issues in single and multi-mists in distributed computing is studied.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
examines security chances in distributed computing. Segment IV investigations the new age of distributed computing, that is, multi-mists and late answers for address the security of distributed computing, and additionally inspecting their impediments.
II. CLOUDCOMPUTING
According to [15],[30] ,[68], Cloud Computing has been defined as „„a style of computing where massively scalable IT-enabled capabilities are delivered „as a service‟ to external customers using Internet technologies‟‟. Moreover, NIST [1] describes cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction).
A. Cloud Computing Components and Layers
The cloud computing model consists of five characteristics, three delivery models, and four deployment models [1]. The five key characteristics of cloud computing are: location -independent resource pooling, on-demand self-service, rapid elasticity, broad network access, and measured service [63]. These five characteristics represent the first layer in the cloud environment architecture (Figure 1).
Figure 1: Cloud Environment Architecture-adopted from NIST definition [1].
The three key cloud conveyance models are foundation as an administration (IaaS), stage as an administration (PaaS), and programming as an administration (SaaS). In IaaS, the client can profit by systems administration foundation offices, information stockpiling and figuring administrations. At the end of the day, it is the conveyance of PC foundat ion as an administration. A case of IaaS is the Amazon web benefit [35]. In PaaS, the client runs custom applications utilizing the specialist co-op's assets. It is the conveyance of a registering stage and arrangement as an administration. A case of PaaS is GoogleApps [35]. Running programming on the supplier's framework and giving authorized applications to clients to utilize administrations is known as SaaS. A case of SaaS is the Salesforce.com CRM application [35],[61],[63]. This model speaks to the second layer in the cloud condition engineering.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
Kamara and Lauter [35] introduce two sorts of cloud framework just, to be specific private and open mists. The framework that is possessed and overseen by clients is in the private cloud. Information that is gotten to and controlled by trusted clients is in a protected and secure private cloud, while the framework that is overseen and controlled by the cloud specialist organization is in an open cloud. Specifically, this information is out of the client's control, and is overseen and imparted to hazardous and untrusted servers [35].
B. Cloud Service Providers: Single Cloud
There are many sorts of Cloud Computing. To start with, cloud stockpiles, for example, Amazon S3, Microsoft SkyDrive, or NirvanixCLoudNAS [18], allow shoppers to get to online information. Second, it gives calculation assets to clients, for example, Amazon EC2. Third, it gives online joint effort offices, for example, Google Apps or forming stores for source code [18].
Cloud specialist organizations ought to guarantee the security of their clients' information and ought to be capable if any security chance influences their clients' administration foundation. A cloud supplier offers many administrations that can profit its clients, for example, quick access to their information from any area, adaptability, pay-for-utilize, information stockpiling, information recuperation, insurance against programmers, on-request security controls, and utilization of the system and foundation offices.
One of the main distributed computing usage to convey venture benefits through a site was presented by Salesforce.com in 1999 [4]. Amazon Web Services in 2002 gave clients focal points, for example, stockpiling and calculation administrations. In 2006, Amazon furnished their clients with the Elastic Compute Cloud (EC2) administration to enable them to utilize their case for information preparing and figuring [36]. Amazon created the Amazon Elastic register Cloud (EC2) as a cloud benefit
To enable clients to buy computational assets, without the need noteworthy specialized foundation to manage the distributed computing condition. Clients can concentrate without anyone else applications as opposed to keeping up the cloud condition programming and equipment. Amazon EC2 is a cloud benefit that offers virtual machine examples on-request which gives clients a super computerequivalent without the need to buy it. The cost of leasing the administrations of a cloud specialist co-op (as-you-go) is less expensive than acquiring a super PC for a similar reason [4].
Amazon EC2 likewise underpins the working of a distributed computing condition as a gathering of virtual machines innovation. Supporters of this innovation contend that product and equipment for this computational condition are perfect with each other and clients don't have to perform similarity measures between them. Rivals of this philosophy contend about the overheads of virtual machines and the negative parts of imparting one physical machine to other virtual machines [4].
In the distributed computing condition, Amazon EC2 is a gathering of virtual machine hubs or example. In connection to the client's charges for Amazon EC2, the correspondence amongst occasions and correspondence amongst examples and machines outside Amazon EC2 will be charged in light of CPU time [9]. Kaufman [36] built up a security show that guarantees dataconfidentially, information uprightness, and information accessibility (CIA). The distributed storage supplier must have the capacity to give an encryption pattern to the put away information, get to control for their information to keep an unapproved client from getting to the information, and give a reinforcement administration to their information.
Open cloud administrations for information stockpiling, for example, Amazon Simple Storage Service (S3) and Azure in Microsoft, furnish clients with dynamic and adaptable stockpiling administrations. People in general cloud, as examined some time recently, shields the client from the cost of buying equipment and programming for their capacity foundation; rather, they pay a cloud specialist co-op [4].
Unwavering quality and accessibility are different advantages for general society cloud, notwithstanding minimal effort [35]. Be that as it may, there are additionally concerning issues for open distributed computing, most outstandingly, issues encompassing information respectability and information classification.
III. SECURITYISSUES
There are many sorts of Cloud Computing. To begin with, cloud stockpiles, for example, Amazon S3, Microsoft SkyDrive, or NirvanixCLoudNAS [18], allow customers to get to online information. Second, it gives calculation assets to clients, for example, Amazon EC2. Third, it gives online coordinated effort offices, for example, Google Apps or forming archives for source code [18].
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
stockpiling, information recuperation, assurance against programmers, on-request security controls, and utilization of the system and foundation offices .
One of the primary distributed computing executions to convey venture benefits through a site was presented by Salesforce.com in 1999 [4]. Amazon Web Services in 2002 gave clients points of interest, for example, stockpiling and calculation administrations. In 2006, Amazon gave their clients the Elastic Compute Cloud (EC2) administration to enable them to utilize their example for information handling and figuring [36]. Amazon created the Amazon Elastic register Cloud (EC2) as a cloud benefit
To enable clients to buy computational assets, without the need critical specialized foundation to manage the distributed computing condition. Clients can concentrate alone applications as opposed to keeping up the cloud condition programming and equipment. Amazon EC2 is a cloud benefit that offers virtual machine examples on-request which gives clients a super computerequivalent without the need to buy it. The cost of leasing the administrations of a cloud specialist organization (as-you-go) is less expensive than obtaining a super PC for a similar reason [4].
In spite of the fact that cloud specialist organizations can give advantages to customers, security dangers assume a noteworthy part in the distributed computing condition. Clients of online information sharing or system offices know about the potential loss of security [18]. As indicated by a current IDC review [23], the best test for 74% of CIOs in connection to distributed computing is security. Ensuring private and imperative data, for example, charge card points of interest or patients' medicinal records from assailants or noxious insiders is of basic significance [45]. Moving databases to vast server farms includes numerous security challenges, for example, virtualization powerlessness, availability weakness, protection and control issues identified with information got to from an outsider, uprightness, privacy, and information misfortune or burglary. SubashiniandKavitha [61] show some major security challenges, which are information stockpiling security, application security, information transmission security, and security identified with outsider assets.
In various cloud benefit models, the security obligation amongst clients and suppliers is unique. As indicated by Amazon [58], their EC2 tends to security control in connection to physical, natural, and virtualization security, though, the clients stay in charge of tending to security control of the IT framework including the working frameworks, applications and information.
As indicated by Takabi et al., the way the obligation regarding protection and security in a distributed computing condition is shared amongst purchasers and cloud specialist co-ops contrasts between conveyance models. In SaaS, cloud suppliers are more in charge of the security and protection of use administrations than the clients. This duty is more applicable to people in general than the private cloud condition in light of the fact that the customers require more strict security necessities in the general population cloud. In PaaS, clients are in charge of dealing with the applications that they assemble and keep running on the stage, while cloud suppliers are in charge of shielding one client's applications from others. In IaaS, clients are in charge of securing working frameworks and applications, whereas cloud suppliers must give insurance to the clients' information.
Ristenpart et al. [53] assert that the levels of security issues in IaaS are unique. The effect of security issues in the general population cloud is more noteworthy than the effect in the private cloud. For example, any harm which jumps out at the security of the physical framework or any disappointment in connection to the administration of the security of the foundation will cause numerous issues. In the cloud condition, the physical foundation that is in charge of information preparing and information stockpiling can be influenced by a security hazard. What's more, the way for the transmitted information can be additionally influenced, particularly when the information is transmitted to some outsider foundation gadgets.
As the cloud administrations have been worked over the Internet, any issue that is identified with web security will likewise influence cloud administrations. Assets in the cloud are gotten to through the Internet; subsequently regardless of whether the cloud supplier concentrates on security in the cloud framework, the information is as yet transmitted to the clients through systems which might be shaky. Therefore, web security issues will influence the cloud, with more serious dangers because of profitable assets put away inside the cloud and cloud weakness. The innovation utilized as a part of the cloud is like the innovation utilized as a part of the Internet. Encryption procedures and secure conventions are not adequate to ensure information transmission in the cloud. Information classification of the cloud through the Internet by programmers and cybercriminals should be tended to and the cloud condition should be secure and private for customers.
We will address three security factors that especially influence single mists, in particular information trustworthiness, information privacy, and administration accessibility.
1. Data Integrity:
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
distributed storage supplier. Cachin et al. [18] give cases of the danger of assaults from both inside and outside the cloud supplier, for example, the as of late assaulted Red Hat Linux's conveyance servers [52]. Another case of broke information happened in 2009 in Google Docs, which set off the Electronic Privacy Information Center for the Federal Trade Commission to open an examination concerning Google's Cloud Computing Services [18]. Another case of a hazard to information uprightness as of late happened in Amazon S3 where clients experienced information defilement [62]. Advance illustrations giving points of interest of assaults can be perused in [18],[52].
Cachin et al. [18] contend that when numerous customers utilize distributed storage or when various gadgets are synchronized by one client, it is hard to address the information debasement issues. One of the arrangements that is proposed [18] is to utilize a Byzantine blame tolerant replication convention inside the cloud. Hendricks et al. [31] express that this arrangement can maintain a strategic distance from information debasement caused by a few segments in the cloud. Be that as it may, Cachin et al. [18] guarantee that utilizing the Byzantine blame tolerant replication convention inside thecloud is unacceptable because of the way that the servers having a place with cloud suppliers utilize a similar framework establishment and are physically situated in a similar place.
Despite the fact that this convention takes care of the issue from a distributed storage point of view, Cachin et al. [18] contend that they stay worried about the clients' view, because of the way that clients put stock in the cloud as a solitary dependable space or as a private cloud without monitoring the insurance conventions utilized as a part of the cloud supplier's servers. As an answer, Cachin et al. [18] recommend that utilizing Byzantine blame tolerant conventions over various mists from various suppliers is a useful arrangement.
2. Data Confidentiality
As indicated by Garfinkel [26], another security hazard that may happen with a cloud supplier, for example, the Amazon cloud benefit, is a hacked secret word or information privacy. On the off chance that somebody accesses an Amazon account secret word, they will have the capacity to get to the majority of the record's examples and assets. In this manner, the stolen watchword enables the programmer to delete all the data inside any virtual machine occasions for the stolen client account, adjust it, or even handicap its administrations. Moreover, there is a probability for the client's email (Amazon client name) to be hacked (see [25] for an exchange of the potential dangers of email), and since Amazon enables a lost secret word to be reset by email, the programmer may even now have the capacity to sign in to the record in the wake of accepting the new reset watchword.
3. Administration Availability
Another significant worry in cloud administrations is benefit accessibility. Amazon [10] says in its authorizing understanding that it is conceivable that the administration may be inaccessible now and again. The client's web administration may end for any reason whenever if any client's records break the distributed storage approach. Moreover, if any harm jumps out at any Amazon web benefit and the administration bombs, there will be no charge to the Amazon Company for this disappointment. Organizations looking to shield administrations from such disappointment require measures, for example, reinforcements or utilization of numerous suppliers [26]. Both Google Mail and Hotmail experienced administration down-time as of late [18]. On the off chance that a defer influences installments from clients for distributed storage, the clients will most likely be unable to get to their information. Because of a framework director blunder, 45% of put away customer information was lost in LinkUp (MediaMax) as a distributed storage supplier [18].
Garfinkel [26] contends that data protection isn't ensured in Amazon S3. Information verification which guarantees that the returned information is the same as the put away information is critical. Garfinkel [26] claims that as opposed to following Amazon's recommendation that associations encode information before putting away them in Amazon S3, associations should utilize HMAC [38] innovation or a computerized mark to guarantee information isn't adjusted by Amazon S3. These advances shield clients from Amazon information adjustment and from programmers who may have acquired access to their email or stolen their secret word [26].
IV. MULTI-CLOUDS
This section will discuss the migration of cloud computing from single to multi-clouds to ensure the security of the user‟s data.
A. Multi-Clouds: Preliminary
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
Late research has concentrated on the multi-mists condition [3], [13], [16], [17] which control a few mists and dodges reliance on any one individual cloud.
Cachin et al. [17] distinguish two layers in the multi-mists condition: the base layer is the inward cloud, while the second layer is the between cloud. In the between cloud, the Byzantine adaptation to internal failure discovers its place. We will initially abridge the past Byzantine conventions throughout the most recent three decades.
B. DepSky System: Multi-Clouds Model
This segment will clarify the current work that has been done in the territory of multi-mists. Bessani et al. [13] display a virtual stockpiling cloud framework called DepSky which comprises of a blend of various mists to assemble a billow of-mists. The DepSky framework tends to the accessibility and the privacy of information in their capacity framework by utilizing multi-mists suppliers, joining Byzantine majority framework conventions, cryptographic mystery sharing and deletion codes [13].
• DepSky Architecture
The DepSky engineering [13] comprises of four mists and each cloud utilizes its own specific interface. The DepSky calculation exists in the customers' machines as a product library to speak with each cloud (Figure 2). These four mists are capacity mists, so there are no codes to be executed. The DepSky library grants perusing and composing operations with the capacity mists.
DepSky Data show: As the DepSky framework bargains withdifferent cloud suppliers, the DepSky library manages diverse cloud interface suppliers and thusly, the information organize is acknowledged by each cloud. The DepSky information show comprises of three deliberation levels: the calculated information unit, a non specific information unit, and the information unit execution. The motivation behind why essayists can bomb discretionarily is that regardless of whether their conventions endured writes in mists, the defective scholars in their information unit, which prompt the debasement of the application that utilized the DepSKy framework, will compose wrong esteems [13].
Figure 2: DepSky Architecture [13].
DepSKy System show: The DepSky framework model contains three sections: perusers, essayists, and four distributed storage suppliers, where perusers and scholars are the customer's undertakings. Bessani et al. [13] clarify the distinction amongst perusers and journalists for distributed storage. Perusers can flop discretionarily (for instance, they can bomb by slamming, they can flop every once in a while and after that show any conduct) though, scholars just bomb by smashing.
Bessani et al. [13] utilized a mystery sharing plan to guarantee privacy of the put away information on the cloud without the requirement for a key dispersion benefit. This mapping plans to separate the mystery into n shares where each offer contains the mystery. What's more, to guarantee the mystery, the n offers ought to be n >= f +1 shares (for this situation f=1 flawed cloud). To recoup the mystery, learning of the distinctive offers of the mystery is required, while with f number of offers or less, no data about the mystery will be investigated.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
Bessani et al. [13] expect that utilizing mystery sharing mapping allowed them to ensure classification alongside the put away information without utilizing the instrument of key conveyance which permits sharing of the mystery key amongst perusers and authors of an information unit. Moreover, the DepSky instrument can pick which perusers can get to the information unit by the cloud supplier's entrance control system [13].
Depsky executed two conventions for his framework [13]: the first is called DepSky-A that duplicates the information into various cloud suppliers by utilizing majority systems to enhance the accessibility and the trustworthiness of the put away information in the cloud. Notwithstanding, there are two restrictions in this convention: to begin with, reproducing information into a multi-cloud will have a high cost, more than if it was put away in a solitary cloud; and furthermore, this convention needs information privacy as the information is put away in the capacity cloud with no difference in its esteems. To address these constraints, [13] proposed the second convention called CA. DepSky-CA guarantees information classification by utilizing a data effective mystery sharing plan [37] that consolidates a mystery sharing plan and an ideal deletion code. This construction was utilized to separate the information into an arrangement of pieces where right off the bat, f+1 squares were sufficient to get the first information, besides, f or less pieces were insufficient to know the first put away information [13].
C. Analysis of Multi-Clouds Research
Moving from single clouds or inner-clouds to multi-clouds is reasonable and important for many reasons. According to Cachin et al. [18], “Services of single clouds are still subject to outage”. In addition, [16] showed that over 80% of company management “fear security threats and loss of control of data and systems”. Vukolic [66] assumes that the main purpose of moving to interclouds is to improve what was offered in single clouds by distributing reliability, trust, and security among multiple cloud providers. In addition, reliable distributed storage [21] which utilizes a subset of BFT techniques was suggested by Vukolic [66] to be used in multi-clouds. A number of recent studies in this area have built protocols for interclouds. RACS (Redundant Array of Cloud Storage) [3] for instance, utilizes RAID-like techniques that are normally used by disks and file systems, but for multiple cloud storage. Abu-Libdeh et al.[3] assume that to avoid “vender lock-in”, distributing a user‟s data among multiple clouds is a helpful solution.
There are a number of studies which is related to untrusted clouds. For instance, similar to DepSky, Depot improves the flexibility of cloud storage, as Mahajan et al. (2010) believe that cloud storages face many risks. However, Depot provides a solution that is cheaper due to using single clouds, but it does not tolerate losses of data and its service availability depends on cloud availability [13]. Other work which implements services on top of untrusted clouds are studies such as SPORC [24] and Venus. These studies are different from the DepSky system because they consider a single cloud (not a cloud-of-clouds). In addition, they need code execution in their servers. Furthermore, they offer limited support for the unavailability of cloud services in contrast to DepSky [13].
D. Current Solutions for Security Risks
With a specific end goal to decrease the hazard in distributed storage, clients can utilize cryptographic strategies to secure the put away information in the cloud [18]. Utilizing a hash work [46] is a decent answer for information uprightness by keeping a short hash in nearby memory. Along these lines, verification of the server reactions is finished by recalculating the hash of the got information which is contrasted and the neighborhood put away information [18]. In the event that the measure of information is huge, at that point a hash tree is the arrangement [46]. Numerous capacity framework models have executed hash tree capacities, for example, SiRiUS [27]and TDB [42]. Mykletun et al. [47] and Papamanthou et al. [48] assert this is a dynamic territory in look into on cryptographic techniques for put away information verification. Cachin et al. [18] contend that in spite of the fact that the past techniques enable shoppers to guarantee the uprightness of their information which has been returned by servers, they don't ensure that the server will answer an inquiry without realizing what that question is and whether the information is put away accurately in the server or not. Evidences of Retrievability (PORs) and Proofs of Data Possession (PDP) are conventions acquainted by [34] and [11] with guarantee high likelihood for the recovery of the client's information. Cachin et al.[18] propose utilizing various cloud suppliers to guarantee information respectability in distributed storage and running Byzantine-blame tolerant conventions on them where each cloud keeps up a solitary copy [20], [31]. Registering assets are required in this approach and not just capacity in the cloud, such an administration gave in Amazon EC2, though if just capacity benefit is accessible, Cachin et al. [18] recommend working with Byzantine Quorum Systems [43] by utilizing Byzantine Disk Paxos [2] and utilizing no less than four unique mists so as to guarantee clients' atomicity operations and to maintain a strategic distance from the danger of one cloud disappointment.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
Bessani et al. [13] utilize Byzantine blame tolerant replication to store information on a few cloud servers, so in the event that one of the cloud suppliers is harmed; they are as yet ready to recover information effectively. Information encryption is viewed as the arrangement by [13] to address the issue of the loss of protection. They contend that to shield the put away information from a malevolent insider, clients ought to encode information before it is put away in the cloud. As the information will be gotten to by appropriated applications, the DepSky framework stores the cryptographic keys in the cloud by utilizing the mystery sharing calculation to shroud the estimation of the keys from a noxious insider. In DepSky framework, information is imitated in four business stockpiling mists (Amazon S3, Windows Azure, Nirvanix and Rackspace); it isn't handed-off on a solitary cloud, thusly, this maintains a strategic distance from the issue of the overwhelming cloud causing the supposed seller secure issue [3]. Furthermore, putting away a large portion of the measure of information in each cloud in DepSky framework is accomplished by the utilization of deletion codes. Thus, trading information between supplier to another will bring about a littler cost. DepSky framework expects to lessen the cost of utilizing four mists (which is four times the overhead) to double the cost of utilizing a solitary cloud, which is a noteworthy preferred standpoint [13].
E. Limitation of Current Solutions
The problem of the malicious insiders in the cloud infrastructure which is the base of cloud computing is considered by [54]. IaaS cloud providers provide the users with a set of virtual machines from which the userscan benefit by running software on them. The traditional solution to ensure data confidentiality by data encryption is not sufficient due to the fact that the user‟s data needs to be manipulated in the virtual machines of cloud providers which cannot happen if the data has been encrypted [54]. Administrators manage the infrastructure and as they have remote access to servers, if the administrator is a malicious insider, then he can gain access to the user‟s data [41]. Van Dijk and Juels [64] present some negative aspects of data encryption in cloud computing. In addition, they assume that if the data is processed from different clients, data encryption cannot ensure privacy in the cloud.
Although cloud providers are aware of the malicious insiders danger, they assume that they have critical solutions to alleviate the problem [29]. Rocha and Correia determine possible attackers for IaaS cloud providers. For example, Grosse et al. [29] propose one solution by preventing any physical access to the servers. However, Rocha and Correia [54] argue that the attackers outlined in their work have remote access and do not need any physical access to the servers. Grosse et al. [29] propose another solution by monitoring all access to the servers in a cloud where the user‟s data is stored. However, Rocha and Correia claim that this mechanism is beneficial for monitoring employee‟s behavior in terms of whether they are following the privacy policy of the company or not, but it is not effective because it detects the problem after it has happened.
Rocha and Correia [54] classified four types of attacks that can affect the confidentiality of the user‟s data in the cloud. These four types of attacks could occur when the malignant insider can determine text passwords in the memory of a VM, cryptographic keys in the memory of VM files, and other confidential data. In addition, they argue that the recent research mechanisms are not good enough to consider the issue of data confidentiality and to protect data from these attacks. This does not mean that these mechanisms are not useful; rather that they do not focus on solving the problems that [54] address in their research. Some of the solutions [50] are used as part of cloud computing solutions, while different types of solutions focus on solving the whole data confidentiality issue intrinsic to cloud computing [13], [55]. Rocha and Correia [54] suggests trusted computing and distributing trust among several cloud providers as a novel solution to solving security problems and challenges in cloud computing. The idea of replicating data among different clouds has been applied in the single system DepSky [13]. Rocha and Correia present the limitations of this work which occurs due to the fact that DepSky is only a storage service like Amazon S3, and does not offer the IaaS cloud model. On the other hand, this system provides a secure storage cloud, but does not provide security of data in the IaaS cloud model. This is because it uses data encryption and stores the encrypted key in the clouds by using a secret sharing technique, which is inappropriate for the IaaS cloud model.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
V. CONCLUSION
Plainly despite the fact that the utilization of distributed computing has quickly expanded, distributed computing security is as yet considered the real issue in the distributed computing condition. Clients would prefer not to lose their private data because of noxious insiders in the cloud. Also, the loss of administration accessibility has caused numerous issues for a substantial number of clients as of late. Moreover, information interruption prompts numerous issues for the clients of distributed computing.
The motivation behind this work is to study the current research on single mists and multi-mists to address the security dangers and arrangements. We have discovered that much research has been done to guarantee the security of the single cloud and distributed storage though multi-mists have gotten less consideration in the range of security. We bolster the relocation to multi-mists because of its capacity to diminish security hazards that influence the distributed computing client.
REFERENCES
[1] (NIST), http://www.nist.gov/itl/cloud/, Accessed in May-2011.
[2] I. Abraham, G. Chockler, I. Keidar and D. Malkhi, Byzantine disk paxos: optimal resilience with Byzantine shared memory, Distributed Computing, 18 (2006), pp. 387-408.
[3] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, RACS: a case for cloud storage diversity, Proceedings of
the 1st ACM symposium on Cloud computing, ACM, 2010, pp. 229-240.
[4] S. Akioka and Y. Muraoka, HPC benchmarks on Amazon EC2, Proceedings of The 2010 24th Internat ional Conference on Advanced Information Networking and Applications Workshops, IEEE, 2010, pp. 1029-1034.
[5] M. A. AlZain and E. Pardede, Using Multi Shares for Ensuring Privacy in Database-as-a-Service, Proceedings
of The 2011 44th Hawaii International Conference on System Sciences (HICSS), IEEE, Kauai, USA, 2011, pp. 1-9.
[6] M. A. AlZain, B. Soh and E. Pardede, MCDB: Using Multi-clouds to Ensure Security in Cloud Computing, Proceedings of The 2011 Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC), IEEE, Sydney, Australia, 2011, pp. 784-791.
[7] M. A. AlZain, B. Soh and E. Pardede, A New Approach Using Redundancy Technique to Improve Security in
Cloud Computing, Proceedings of The 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec12), IEEE, Kuala Lumpur, Malaysia, 2012, pp. 230-235.
[8] M. A. AlZain, B. Soh and E. Pardede, A new model to ensure security in cloud computing services, Journal of
Service Science Research, 4 (2012), pp. 49-70.
[9] Amazon, Amazon Web Services. Web services licensing agreement, (2010).
[10] Amazon, Amazon Web Services. Web services licensing agreement, Accessed in May-2011 (2006).
[11] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson and D. Song, Provable data possession
at untrusted stores, Proceedings of the 14th ACM conference on Computer and communications security, ACM, 2007, pp. 598-609.
[12] H. Attiya and A. Bar-Or, Sharing memory with semi-byzantine clients and faulty storage servers, Proceedings
The 2003 22nd International Symposium on Reliable Distributed Systems, 2003, pp. 371-378.
[13] A. Bessani, M. Correia, B. Quaresma, F. André and P. Sousa, DepSky: dependable and secure storage in a cloud-of-clouds, Proceedings of the sixth conference on Computer systems, ACM, 2011, pp. 31-46.
[14] K. Birman, G. Chockler and R. van Renesse, Toward a cloud computing research agenda, SIGACT News, 40
(2009), pp. 68-80.
[15] M. P. Boss G, Quan D, Legregni L, Hall H. , Cloud computing, White Paper, IBM (2007).
[16] K. D. Bowers, A. Juels and A. Oprea, HAIL: A high-availability and integrity layer for cloud storage, Proceedings of the 16th ACM conference on Computer and communications security, ACM, 2009, pp. 187-198.
[17] C. Cachin, R. Haas and M. Vukolic, Dependable storage in the Intercloud, IBM Research, 3783 (2010), pp. 1-6.
[18] C. Cachin, I. Keidar and A. Shraer, Trusting the cloud, ACM SIGACT News, 40 (2009), pp. 81-86.
[19] C. Cachin and S. Tessaro, Optimal resilience for erasure-coded Byzantine distributed storage, Distributed Computing, 3724 (2005), pp. 497-498.
[20] M. Castro and B. Liskov, Practical Byzantine fault tolerance, Operating Systems Review, 33 (1998), pp.
173-186.
[21] G. Chockler, R. Guerraoui, I. Keidar and M. Vukolic, Reliable distributed storage, Computer, 42 (2009), pp.
60-67.
[22] G. Chockler and D. Malkhi, Active disk paxos with infinitely many processes, Proceedings of The 2002
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
[23] Clavister, Security in the cloud, Clavister White Paper (2008), pp. 1-6.
[24] A. J. Feldman, W. P. Zeller, M. J. Freedman and E. W. Felten, SPORC: Group collaboration using untrusted cloud resources, Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation - OSDI (2010), pp. 337-350.
[25] S. L. Garfinkel, Email-based identification and authentication: An alternative to PKI?, IEEE Security and Privacy, 1 (2003), pp. 20-26.
[26] S. L. Garfinkel, An evaluation of amazon‟s grid computing services: EC2, S3, and SQS,
http://simson.net/clips/academic/2007.Harvard.S3.pdf, 2007, pp. 1-15.
[27] E. J. Goh, H. Shacham, N. Modadugu and D. Boneh, SiRiUS: Securing remote untrusted storage, Proceedings
of the Tenth Network and Distributed System Security (NDSS) Symposium, 2003, pp. 131–145.
[28] G. R. Goodson, J. J. Wylie, G. R. Ganger and M. K. Reiter, Efficient Byzantine-tolerant erasure-coded storage,
Proceedings of the International Conference on Dependable Systems and Networks, 2004, pp. 1-22.
[29] E. Grosse, J. Howie, J. Ransome, J. Reavis and S. Schmidt, Cloud computing roundtable, Security & Privacy,
IEEE, 8 (2010), pp. 17-23.
[30] J. Heiser, What you need to know about cloud computing security and compliance, Gartner, Research, ID (2009).
[31] J. Hendricks, G. R. Ganger and M. K. Reiter, Low-overhead byzantine fault-tolerant storage, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, ACM, 2007, pp. 73-86.
[32] P. Jayanti, T. D. Chandra and S. Toueg, Fault-tolerant wait-free shared objects, Journal of the ACM (JACM), 45
(1998), pp. 451-500.
[33] B. W. Johnson, Design & analysis of fault tolerant digital systems, Addison-Wesley Longman Publishing Co.,
Inc., 1988.
[34] A. Juels and B. S. Kaliski Jr, PORs: Proofs of retrievability for large files, Proceedings of the 14th ACM conference on Computer and communications security, ACM, 2007, pp. 584-597.
[35] S. Kamara and K. Lauter, Cryptographic cloud storage, Financial Cryptography and Data Security, 6054 (2010),
pp. 136-149.
[36] L. M. Kaufman, Data security in the world of cloud computing, IEEE Security & Privacy, 7 (2009), pp. 61-64.
[37] H. Krawczyk, Secret sharing made short, Proceedings of the 13th annual international cryptology conference on
Advances in cryptology Springer, 1994, pp. 136-146.
[38] H. Krawczyk, M. Bellare and R. Canetti, HMAC: Keyed-hashing for message authentication, in R. Editor, ed.,
1997, pp. 1-11.
[39] P. Kuznetsov and R. Rodrigues, BFTW 3: why? when? where? workshop on the theory and practice of
byzantine fault tolerance, ACM SIGACT News, 40 (2009), pp. 82-86.
[40] L. Lamport, R. Shostak and M. Pease, The Byzantine generals problem, ACM Transactions on Programming Languages and Systems (TOPLAS), 4 (1982), pp. 382-401.
[41] P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner and J. F. Farrell, The inevitability of failure: The flawed assumption of security in modern computing environments, Proceedings of the 21st National Information Systems Security Conference, 1998, pp. 303-314.
[42] U. Maheshwari, R. Vingralek and W. Shapiro, How to build a trusted database system on untrusted storage, Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, USENIX Association, 2000, pp. 10-10.
[43] D. Malkhi and M. Reiter, Byzantine quorum systems, Distributed Computing, 11 (1998), pp. 203-213.
[44] J. P. Martin, L. Alvisi and M. Dahlin, Minimal byzantine storage, Distributed Computing (2002), pp. 311-325.
[45] H. Mei, J. Dawei, L. Guoliang and Z. Yuan, Supporting Database Applications as a Service, Proceedings of the
2009 International Conference on Data Engineering IEEE 2009, pp. 832-843.
[46] R. C. Merkle, Protocols for public key cryptosystems, IEEE Symposium on Security and Privacy, IEEE, 1980,
pp. 122-134.
[47] E. Mykletun, M. Narasimha and G. Tsudik, Authentication and integrity in outsourced databases, ACM
Transactions on Storage (TOS), 2 (2006), pp. 107-138.
[48] C. Papamanthou, R. Tamassia and N. Triandopoulos, Authenticated hash tables, Proceedings of the 15th ACM
conference on Computer and communications security, ACM, 2008, pp. 437-448.
[49] M. Pease, R. Shostak and L. Lamport, Reaching agreement in the presence of faults, Journal of the ACM (JACM), 27 (1980), pp. 228-234.
[50] R. Perez, R. Sailer and L. van Doorn, vTPM: virtualizing the trusted platform module, Proceedings of the 15th
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 139-149
[51] M. O. Rabin, Efficient dispersal of information for security, load balancing, and fault tolerance, Journal of the ACM (JACM), 36 (1989), pp. 335-348.
[52] RedHat, https://rhn.redhat.com/errata/RHSA-2008-0855.html, Accessed in May-2011.
[53] T. Ristenpart, E. Tromer, H. Shacham and S. Savage, Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, Proceedings of the 16th ACM conference on Computer and communications security, ACM, 2009, pp. 199-212.
[54] F. Rocha and M. Correia, Lucy in the Sky without Diamonds: Stealing Confidential Data in the Cloud, Proceedings of The 2011 1st International Conference on Dependable Systems and Networks Workshops (DSN-W), IEEE, 2011, pp. 1-6.
[55] N. Santos, K. P. Gummadi and R. Rodrigues, Towards trusted cloud computing, Proceedings of the 2009 conference on Hot topics in cloud computing, USENIX Association, 2009, pp. 1-5.
[56] D. Sarno, Microsoft says lost sidekick data will be restored to users, Los Angeles Times, (2009).
![Figure 1: Cloud Environment Architecture-adopted from NIST definition [1].](https://thumb-us.123doks.com/thumbv2/123dok_us/7811300.2086115/2.595.82.525.268.588/figure-cloud-environment-architecture-adopted-from-nist-definition.webp)
![Figure 2: DepSky Architecture [13].](https://thumb-us.123doks.com/thumbv2/123dok_us/7811300.2086115/6.595.181.415.370.577/figure-depsky-architecture.webp)
