International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March – April 2014 ISSN 2278-6856
International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March – April 2014 ISSN 2278-6856
International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March – April 2014 ISSN 2278-6856
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com
Volume 3, Issue 2, March April 2014 ISSN 2278-6856
Volume 3, Issue 2 March April 2014 Page 287
AbstractThis paper shows the framework for designing the trusted data security platform for the cloud computing system. Data stored in third party storage systems like the cloud might not be secure since confidentiality and integrity of data are not guaranteed. Data Owner can not trust the cloud service provider to store its data securely within the cloud. Hence, many organizations and users may not be willing to use the cloud services to store their data in the cloud until certain security guarantees are made. In this research, a solution to the problem of secure data storage by maintaining the confidentiality and integrity of the data within the cloud is developed. The system is based on the capability list based data security. The system provides data security against a unauthorized access to the data files stored by the data owner.
1.INTRODUCTION Cloud Computing is the name given to a recent trend in computing service provision. This trend has seen the technological and cultural shift of computing service provision from being provided locally to being provided remotely and en masse, by third-party service providers. These third-parties offer consumers an affordable and flexible computing service that consumers would otherwise not have been accessible, let alone afford. This new means of service provision has evolved from and is the culmination of research stemming from (among others) distributed and networked systems, utility computing, the web and software services research. This paradigm shift has led to computing being seen as another household utility, aka fifth utility", and has prompted many a business and individual to migrate parts of their IT infrastructure to the cloud and for this data to become managed and hosted by Cloud Service Providers (CSPs). However, Cloud Computing is the cause celebrate among tech pundits and has led to the term `Cloud Computing' as an umbrella term being applied to differing situations and their solutions. As such a broad range of definitions for Cloud Computing exists, each of which differ depending on the originating authors' leaning. This chapter seeks to provide a coherent and general introduction to Cloud Computing. COMPUTING AS A SERVICE One of the main tenets of Cloud Computing is the `as-a- Service' paradigm in which `some' service is offered by a Service Provider (also known as a Cloud Service Provider) to a User (consumer) for use. This service can also be categorized according to the application domain of its deployment. Examples of application domains that offer services are: Financial e.g. Mint.com, Managerial e.g. Ever Note and Analytical e.g. Google Analytics. The agreed terms of use, indicating the actions that must be taken by both the provider and consumer, are described in a contract that is agreed upon before service provision. Failure to honor this agreement can lead to denial of service for the consumer or legal liability for the service provider. This contract is often described as a Terms of Service or Service Level Agreement. Moreover, as part of this agreement the service provider will provide a Privacy Policy which outlines how the users data will be stored, managed, used and protected. SPI SERVICE MODEL The services offered are often categorized using the SPI Service Model. This model represents the different layers/levels of service that can be offered to users by service providers over the different application domains and types of cloud available. Clouds can be used to provided as-a-Service: software to use, a platform to develop on, or an infrastructure to utilize. Figure summarizes the SPI Service Model. Software as a Service The first and highest layer is known as: Software as a Service (SaaS). It represents the applications that are deployed/ enabled over a cloud by CSPs. These are mature applications that often offer an API to allow for greater application extensibility. For instance, Google Docs can be seen as the archetypal SaaS application, it has been deployed solely within the Cloud and offers several APIs to promote use of the application. Platform as a Service The next layer is known as: Platform as a Service (PaaS). This represents a development platform that developers can utilize to write, deploy and manage applications that run on the cloud. This can include aspects such as development, administration and management tools, run-time and data management engines, and security and user management services. For instance, Force.com and Amazon Web Services [AWS] offers a suite of services that allows developers to construct an application that is deployed using web-based tooling.
Fig 1: Summary of the SPI Service Model A Secure Framework for Data Security in Cloud Computing
1,2&3 Punjab Technical University, Baba Banda Singh Bahadur Engg. College, Fatehgarh Sahib, India International Journal of EmergingTrends & Technology in Computer Science(IJETTCS) Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 3, Issue 2, March April 2014 ISSN 2278-6856
Volume 3, Issue 2 March April 2014 Page 288
Infrastructure as a Service The final and lowest layer is known as: Infrastructure as a Service (IaaS). CSP offer developers, a highly scaled and elastic computing infrastructure that is used to run applications. This infrastructure can be comprised of virtualized servers, storage, databases and other items. Two well known examples are the Amazon Elastic Compute Cloud, a commercial platform offered as part of Amazon.com's Web Service platform and Eucalyptus, an open source platform that offers the same functionality. Cloud Entities Cloud actors/entities can be divided into two main categories: CSP or Service Provider those who provide a service Cloud Service User (Users) those who use a service. Within Cloud Computing the differences between the role played by a service provider and a user can be blurred. The service provider could also be the user of another service e.g. when infrastructure is the service. The exact definition whether an entity is a provider or user is dependent on the context of the interaction and the service being offered. Some service providers will offer services at all three service levels, or offer just one particular level of service and have their own internal IaaS infrastructure. A possible refinement could be that CSP providers are either: a) Infrastructure Service Providers|those that offer IaaS and own and run the data centers that physically house the servers and software; or b) Service Providers|those that offer PaaS or SaaS services. And that Cloud Service Users are either: A) Platform Users| are users who buy into a service pproviders platform e.g. Facebook; and B) Consumers are service users who use either SaaS or IaaS services.
2.MERITS OF CLOUD COMPUTING Many of the benefits to be had when using Cloud Computing are the lower costs associated. At the infrastructure level, virtual images can be scaled and contracted with complete disregard for any associated hardware costs such as equipment procurement, storage, maintenance and use. This is all taken care of by the service provider and will be factored into the payment for the service: capital expenditure has been converted into operational expenditure. Resources within the cloud can be treated as a commodity, an `unlimited' medium. At both the platform and software level similar benefits are seen. Aspects such as software installation, deployment and maintenance is virtually non-existent. This is taken care of by the provider within their own infrastructure. The service user only pays technical support. Service providers at the SaaS level, often tout features that allow users to collaborate and interact with each other, in real- time, within the scope of the service being offered. For example, Google Docs allows users to edit documents simultaneously and for users to see each others edits in real time. Moreover, the provision of platform and software `as a service' allows cloud service users the ability to aggregate services together either for their own use or to promote as another service i.e. Mashups. The aggregation could imply the combination of functionality from several services, or the change/combination of output from the services involved. Remark. Service aggregation is a good example outlining how a service user can become a service provider.
3.PROPOSED STORAGE SYSTEM FOR CLOUD COMPUTING Our main goal is to divide the security mechanismof cloud service providers in to three layers. The layered approach is used to increase the data security while keeping the computational requirements low. For data security capability based encryption techniques are used which generates unique key for each user and data file without worried about storage and indexing of the encryption keys. The performance of this security mechanism can be compared with other encryption techniques. Data Security mechanismconsists of mainly three phases: User Authentication Systemencrypt and privacy defence File quick regeneration layer User Authentication: It is required to ensure that user data cannot be tampered. Users who pass the authentication can get relative operation on the user data, such as addition, modification, deletion. System encrypt and privacy defense: If the unauthorized user use illegal means to deceive the authentication system, the file entered the system encrypt and privacy defense levels. In system encrypt and privacy defense layer, user data is encrypted. If key has been got by the intruder. The user data cannot be got valid information even it is obtained through function of privacy protection.
File quick regeneration layer: The last is the file quick regeneration layer, user data can get maximumregeneration even it is damaged through rapid regeneration algorithmin this layer. Each layer accomplishes its own job and combines with others to ensure data security in the cloud computing. The Steps involved in our methodology can be divided in two different modules which can be summarized as: We use the security library provided by the .Net Platform. The Class used is SystemSecurity Cryptography. This library provides the support for the security algorithms which may be symmetric or Asymmetric. International Journal of EmergingTrends & Technology in Computer Science(IJETTCS) Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 3, Issue 2, March April 2014 ISSN 2278-6856
Volume 3, Issue 2 March April 2014 Page 289
The login process is totally different from the previous implemented login process at cloud platform. The security algorithms are implemented to encrypt file data. The algorithms for implementation are RSA, DSA, AES and DES. These algorithms provide us the comparison platformfor our encryption algorithm and the other two platforms (Symmetric and Asymmetric) The key exchange mechanismis modified fromthe previously implemented algorithms in Symmetric key and Asymmetric key. The results are studied on the basis of the following parameters Time Consumption Memory Usage Output Size First of the entire input file size is decided and that is encrypted with each of the above algorithms. The Time taken to encrypt, Memory Usage by the algorithm and the output file size variation is studied along with other security factors. Memory Usage is calculated by using System.Runtime.InteropServices Class of .Net platform. Other security aspects are also taken into account to take care of the security measure along with performance of the system.
4. RESULT ANALYSIS The encryption time is considered the time that an encryption algorithm takes to produces a cipher text froma plain text. Encryption time is used to calculate the throughput of an encryption scheme, is calculated as the total plaintext in bytes encrypted divided by the encryption time. Comparisons analyses of the results of the selected different encryption scheme are performed.
Fig 2: Output file size comparison
Figure above shows the output file size comparison for the algorithms AES, DES, RSA, DSA and CBC. The comparison chart is made by using different file sizes and calculating the encryption file size corresponding to each algorithm.
Fig 3: Computational Time comparison
Figure above shows the Computational Time comparison for the algorithms AES, DES, RSA, DSA and CBC. The comparison chart is made by using different file sizes and calculating the computational time corresponding to each algorithm.
Fig 4: Memory Usage Computation
Figure above shows the Memory Usage comparison for the algorithms AES, DES, RSA, DSA and CBC. The Memory Usage corresponds to the main memory used by the encryption process. This memory usage is calculated by using system calls to get the process size in the main memory at run time. .Net runtime library provide us with the functionality of getting the process size at run time and using this for the analysis of the results. These values stored at run time are stored in the databases. In this comparison the files of different sizes are used and the same processes are executed for each file while noting there process sizes with the change of input file size to the same process. All these values are further stored in a database and are used to make a comparison graph as shown in fig above.
5.CONCLUSION AND RECOMMENDATION From the analysis done in this research work we can conclude : Output size i.e. encrypted file size is nearly in the range of the output size of AES, DES algorithms. This is due to the symmetric key cryptographic International Journal of EmergingTrends & Technology in Computer Science(IJETTCS) Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 3, Issue 2, March April 2014 ISSN 2278-6856
Volume 3, Issue 2 March April 2014 Page 290
approach used by us and it observed in the case of all symmetric key algorithms. Computational time for CBC is lowest among AES, DES, RSA, DSA and CBC algorithms which shows the decrease in complexity of encryption algorithm. Memory usage varies corresponding to different input file sizes which is as expected. The process memory usage is dependent on its input and the hardware it is running.
REFERENCES [1] Gentry C., Dr. Hawthorne.(2010) Computing Arbitrary Functions of Encrypted Data, ACM,Vol. 53,No. 3, pp97-105 . [2] Itani W., Kayssi A. ,Chehab A. (2009) Privacy as a Service: Privacy Aware Data Storage and Processing in Cloud Computing Architectures, IEEE Eight International conference, pp.-711-716. [3] Sanka S., Hota C. and Rajarajan M. (2010) Secure Data Access in Cloud Computing, IEEE 4th internatinal conference on Internet Multimedia Services Architecture and Application, pp. 1-6. [4] Yu S.,Wang C, Ren K. and Lou W. (2010)Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud computing, IEEE INFOCOM, proc.the 29th conf. on Information communication, pp. 534-542. [5] Lagesse B. (2010) Challenges in Securing the interface between the Cloud and Pervasive Systems, 1st IEEE PerComWorkshop on Passive Communities and Services Clouds. [6] Chen T.,Ye H. and Shih W. (2011) An Architecture for Secure Searchable Cloud Storage, FTRA. [7] Koletka R.,Hutchison A. (2011) An Architecture for Secure Searchable Cloud Storage, IEEE Information Security South Africa. pp. 1-7. [8] Hota C.,Sanka S.,Rajarajan M. and Nair S. (2011)Capability- based Cryptographic Data Access Control in Cloud Computing, Int. J. Advanced Networking and Applications ,Vol. 3,No. 03, pp. 1152-1161. [9] Subashini S., Dr. Kavitha V. (2011) A Metadata Based Storage Model For Securing Data in Cloud Environment, IEEE International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 429-434. [10] Liu W. (2012). Research on cloud computing security problem and strategy, IEEE 2nd Internal conference on consumer Electronics,Communications and Networks, pp. 1216-1219 [11] Kulkarni G.,Gambhir J.,Patil T. and Dongare A. (2012) A security aspects in cloud computing, IEEE , ICSESS,Vol. 5,No. 4. [12] Ming Li, Shucheng Yu, Kui Ren, Wenjing Lou and Y. Thomas Hou. Toward Privacy-Assured and Searchable Cloud Data Storage Services, IEEE July/August 2013. [13] Lenkala S. R.,Shetty S. and Kaiqi X. (2013) Security Security Risk Assessment of Cloud Carrier, IEEE , pp 442-449. [14] Khanna L. and Prof. Anant Jaiswal. (2013) Cloud Computing : Security Issues and Description of Encryption Based Algorithms to Overcome them, International Journal of Advanced Research in Computer Science and Software Engineering,Vol. 3,No. 3. [15] Muttukrishan Rajarajan and Srijith K. Nair. (2011)Capapbility-based Cryptographic Data Access Control in Cloud Computing, International Journal of Advanced Networking and Applications, Voume :03,Issue: 03 [16] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic.Cloud Computing and Emerging IT Platforms: Vision, Hype, and Reality for Delivering Computing as the 5 th Utility, Future Generation Computer Systems, vol. 25, no. 6, J une 2009, pp 599 616. [17] H. Takabi, J.B.D. Joshi, and G. Ahn, Security and Privacy Challenges in Cloud Computing Environments, Article in IEEE Security and Privacy, vol. 8, no.6, Nov- Dec. 2010, pp. 24-31. [18] N. Gohring, Amazons S3 down for several hours, Online at http://www.pcworld.com /businesscenter/ articl/ 142549/amasons_down_for _sever_hours.html, 2008. [19] Bhaskar P., Admela J, Dimitrios K, Yves G.:Architectural Requirements for Cloud Computing Systems: An Enterprise Cloud Approach. J. Grid Computing 9(1), 3- 26 (2011). [20] Ateniese G, Kamara S, Katz J. Proofs of Storage from homomorphic identification protocols. In: Proc. Of ASIACRYPT '09, 2009, pp. 319-333. [21] Ateniese G, Pietro R D, Mancini L V, Tsudik G. Scalable and efficient provable data possession. In: Proc. of SecureComm '08, 2008, pp.1-10. [22] Xiao D, Shu J, Chen K, Zheng W. A Practical Data Possession Checking Scheme for Networked Archival Storage. Journal of Computer Research and Development 2009, 46(10) 1660-1668. [23] G.Ateniese et al., Provable Data Possession at Untrusted Stores, Proc. ACM CCS 07, Oct. 2007, pp. 598609. [9] C. Erway et al., Dynamic Provable Data Possession, Proc. ACM CCS 09, Nov. 2009, pp. 21322. [24] M. A. Shah et al., Auditing to keep Online Storage Services Honest, Proc. USENIX HotOS 07, May 2007. [25] R. Gellman, Privacy in the clouds: Risks to privacy and confidentiality fromcloud computing, Prepared for the World Privacy Forum, online at http://www.world privacy forum. Org/pdf/WPF Cloud Privacy Report. PDF, Feb 2009. International Journal of EmergingTrends & Technology in Computer Science(IJETTCS) Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 3, Issue 2, March April 2014 ISSN 2278-6856
Volume 3, Issue 2 March April 2014 Page 291
[26] Q.Wang et al., Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing, Proc. ESORICS 09, Sept. 2009, pp. 35570. [27] C.Wang et al.,Ensuring Data Storage Security in Cloud Computing, Proc.IWQoS 09, July 2009, pp. 19.