Privacy and security in cloud computing and enhanced the protection by using multiple mechanism and techniques Dr. Adwan Yasin Faculty of Engineering & Information Technology The Arab American University jenin, Palestine
[email protected]
Abstract Cloud computing emerged again as one of the methods of computing, in which they are providing computing resources as services, and allow users to access them via the Internet (cloud), without the need to acquire knowledge, or experience, or even control the infrastructure that supports these services. As it can be seen cloud computing as a general concept includes (Software as a Service), and other modern trends in the world of technology that share the idea of relying on the Internet to meet the computing needs of users. In addition, in computing technology there is a group of critical political issues, which include the issues of privacy, security and anonymity, and the ability to communication and government control, reliability, responsibility, and others, But most of them are Security and how cloud provider confirms this. Overall, cloud computing has many customers like ordinary users, academia, and corporations who have different motivations to move to the cloud. Security issues in cloud computing such as the availability of the service, and to deal with large-scale movement, and application security, authentication, requires stop and search for solutions and find practical effective and efficient techniques to overcome the obstacles that facing the subject of protection. When the privacy factor comes, there is a question that arises about this cloud computing services can be able to protect the privacy of consumers, what are the necessary measurements and what precautions? We can do to improve privacy and enhanced privacy through the use of effective and multiple techniques. In this paper and In particular, we aim to provide and discuss and review multiple techniques to enhance the protection in cloud computing.
Keywords : cloud computing, encryption algorithm, Watermarking, Data coloring.
1. Introduction Many governments, institutions and companies are using computer resources to store data or to interact with applications or development through him. These servers need maintenance, management and a place to provide and guarantee their work. The need may vary from time to time, at one time it was most needed is provided and work efficiently is critical, while on the
Mohammad zaid kelani Faculty of Engineering & Information Technology The Arab American University- Master program jeni n, Palestine
[email protected]
contrary, completely at other times, so the most important two factors (the availability of resources, efficiency), which showed the many solutions that It relies mainly on assembling computers (aggregation) to ensure efficient operation. When our desire to store images of our own online instead of our computer at home, or when our desire to use e-mail or social networking site, we use "cloud computing" service. If you an organization and you want to use for example, invoices online service instead of one update in a home that has been used for many years, that the billing service on the Internet is a "cloud" service. Cloud computing means providing computing resources over the Internet Instead of saving the data on your hard disk or update applications to meet your needs, you can use the online service, in another location, to store your information or use applications. Doing so may lead to the emergence of the effects of certain privacy. Therefore cloud services have the ability to allow individuals and businesses to use software and devices that are managed by third parties. Examples of cloud services, files are stored over the Internet, social networking sites, e-mails, business applications over the Internet. Cloud computing enables us to access to information and computer resources from anywhere a network connection is available. Cloud computing provides a common set of resources, including data networking and storage space and the power of computer processing. The following definition of cloud computing has been developed by the U.S. National Institute of Standards and Technology (NIST): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models [1]. Many companies are delivering services from the cloud, Some notable examples include the following: • Google — Has a private cloud that it uses for delivering many different services to its users, including email access, Document
applications, text translations, maps, web analytics, and much more. • Microsoft — Has Microsoft®Sharepoint® online service that allows for content and business intelligence tools to be moved into the cloud, and Microsoft currently makes its office applications available in cloud. • Salesforce.com — Runs its application set for its customers in a cloud, and its Force.com and Vmforce.com products provide developers with platforms to build customized cloud services. Cloud providers have Expresses of the cloud security concern and are working hard To resist it. Therefore, cloud security is becoming a key differentiator and competitive edge between cloud providers. By Using and applying the strongest security techniques and practices, cloud security may soon be raised far above the level that IT departments achieve using their own hardware and software. When you think to a move to use cloud computing, consumers should have a clear and Special understanding of potential security benefits and risks associated with cloud computing, Consideration should be given to the different models of service delivery: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) as each model brings different security requirements and responsibilities. therefore, this paper highlights the role that standards play to improve cloud security and also Shows the areas where future standardization could be effective.
2. literature review Dialogic making innovation thrive : (white paper) Introduction to Cloud Computing, This white paper present an Introduction to cloud computing, exploring the characteristics, service models, and deployment models in use today, as well as the benefits and challenges associated with cloud computing. Also discussed are the communications services in the cloud (including ways to access the cloud, such as web APIs and media control interfaces) and the importance of scalability and flexibility in a cloud-based environment. Office of privacy commissioner survey : Cloud computing offers benefits for organizations and individuals, There are also privacy and security concerns, If you are considering a cloud service, you should think about how your personal information, and that of your customers, can best be protected. Carefully review the terms of service or contracts, and challenge the provider to meet your needs. Security and Privacy Issues in Cloud (Jaydip-Sen) : this paper discuss critical challenges: security and privacy issues in cloud computing, Cloud Security Threats, provides an overview of the threats for cloud customers categorized according to the confidentiality, integrity and availability (CIA) security model, Types of Attackers, Some solutions to mitigate these challenges are also proposed. Analysis of Security Algorithms in Cloud Computing: Number of users stores their data on Cloud, Data storage security refers to the security of data on the storage media. So, Security is an important factor in cloud computing for ensuring clients data is placed on the secure mode in the cloud.
Data must not be stolen by the third party so authentication of client becomes a mandatory task. this paper, discussed a number of existing techniques used to provide security in the field of cloud computing on the basis of different parameters.
3. Characteristics of cloud computing The characteristics of cloud computing include on-demand self service, broad network access, resource pooling, rapid elasticity and measured service. On-demand self service means that customers can request and manage their own computing resources[2]. Broad network access allows services to be offered over the Internet or private networks[3]. Pooled resources means that customers draw from a pool of computing resources, usually in remote data centers[4]. Rapid elasticity [5]: It is defined as the rapid ability to scale resources both up and down as needed. Measured service[6]: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts).
4. Service Models cloud computing services are deployed in terms of business models can differ depending on requirements. • Software as a Service (SaaS) Consumers purchase the ability to access and use an application or service that is hosted in the cloud, a benchmark example of this is Salesforce.com. • Platform as a Service (PaaS) Consumers purchase access to the platforms, enabling them to deploy their own software and applications in the cloud. The operating systems and network access are not managed by the consumer, and there might be constraints as to which applications can be deployed. • Infrastructure as a Service (IaaS) Consumers control and manage the systems in terms of the operating systems, applications, storage, and network connectivity, but do not themselves control the cloud infrastructure.
5. Deployment Models Cloud services are mostly made available via a private cloud, community cloud, public cloud or hybrid cloud . Generally speaking, services provided by:1- a public cloud are offered over the Internet and are owned and operated by a cloud provider. Some examples include services aimed at the general public, such as online photo storage services, e-mail services, or social networking sites. However, services for enterprises can also be offered in a public cloud. 2- a private cloud, the cloud infrastructure is operated solely for a specific organization, and is managed by the organization or a third party, operation may be in-house or with a third party on the premises.
3- a community cloud, the service is shared by several organizations and made available only to those groups. The infrastructure may be owned and operated by the organizations or by a cloud service provider. 4- a hybrid cloud is a combination of different methods of resource pooling (for example, combining public and community clouds). The following are some of the possible benefits for those who offer cloud computing-based services and applications: • Cost Savings: organizations and companies can decreasing and reduce their capital expenditures and use operational expenditures for increasing their computing capabilities, decreasing the cost and complexity of owning and operating computers and networks. • Scalability/flexibility: organizations and companies can launch with a small deployment and grow to a large deployment fairly rapidly, and then scale back if necessary, Also, the flexibility of cloud computing allows organizations and companies to use extra resources at peak times, enabling them to satisfy consumer demands. • Reliability: Services using multiple redundant sites can support business continuity and disaster recovery. • Maintenance: Cloud service providers do the system maintenance, and access is through APIs that do not require application installations onto PCs, thus further reducing maintenance requirements. • Mobile Accessible: Mobile workers have increased productivity due to systems accessible in an infrastructure available from anywhere.
6. Challenges Like any new technology, and the adoption of cloud computing is not far from such issues. Companies are increasingly aware of the business value they bring cloud computing and take steps towards becoming a cloud And therefore, a smooth transition is based on a comprehensive understanding of the benefits as well as challenges involved in the transition to cloud computing. Some of the most important challenges are as follows.
1. Security and Privacy The key challenge for software engineers to design cloud services in such a way as to decrease privacy risk and to ensure legal compliance [7]. So the main challenge to cloud computing is how it addresses the security and privacy concerns of businesses thinking of adopting it. The fact that the valuable enterprise data will reside outside the corporate firewall raises serious concerns.
2. Reliability and Availability Cloud providers still lack round-the-clock service; this results in frequent outages. It is important to monitor the service being provided using internal or third-party tools. 3. Performance and Bandwidth Cost Businesses can save money on hardware but they have to spend more for the bandwidth, This can be a low cost for smaller
applications but can be significantly high for the data-intensive applications. Delivering intensive and complex data over the network requires sufficient bandwidth. Because of this, many businesses are waiting for a reduced cost before switching to the cloud. 4. others ,such as (Lack of Standards, Continuously Evolving, Compliance Concerns). 7. CLOUD COMPUTING SECURITY AND PRIVACY ISSUES There are numerous security issues for cloud computing as it encompasses many technologies including networks, databases, operating systems, virtualization, resource scheduling, transaction management, load balancing, concurrency control and memory management[8]. security issues for many of these systems and technologies are applicable to cloud computing. For example, the network that interconnects the systems in a cloud has to be secure, Furthermore, virtualization paradigm in cloud computing leads to several security concerns. For example, mapping the virtual machines to the physical machines has to be carried out securely. Data security involves encrypting the data as well as ensuring that appropriate policies are enforced for data sharing. six specific areas of the cloud computing environment where equipment and software require substantial security attention[8]. there are six specific areas of the cloud computing environment where equipment and software require substantial security attention (Trusted Computing Group’s White Paper, 2010)[8]. These six areas are: (1)security of data at rest, (2)security of data in transit, (3)authentication of users/applications/ processes, (4)robust separation between data belonging to different customers, (5)cloud legal and regulatory issues, and (6)incident response [8].
8. Information that needs protection The following types of information are privacy sensitive and hence needs to be protected [9]. • Personally identifiable information (PII): any information that could be used to identify or locate an individual (e.g. name, address) or information that can be correlated with other information to identify an individual (e.g. credit card number, postal code, Internet Protocol (IP) address). • Sensitive information: information on religion or race, health, sexual orientation, union membership or other information that is considered private. Such information requires additional safeguards, Other information that may be considered sensitive includes personal financial information and job performance information. • Information considered being sensitive PII, e.g. biometric information or collections of surveillance camera images in public places. • Usage data: Usage data collected from computer devices such as printers; behavioral information such as viewing habits for digital content, users recently visited websites or product usage history. • Unique device identities: Other types of information that might be uniquely traceable to a user device, e.g. IP addresses,
Radio Frequency Identity (RFID) tags, unique hardware identities.
9. Cloud Security Threats It is possible that there will be a difference in the threats faced by the existing information assets in the cloud, according to the delivery models used by the beneficiary organizations of cloud computing. There are several types of security threats to which cloud computing is vulnerable. In this section we provides an overview of the threats for cloud customers categorized according to the confidentiality, integrity and availability (CIA) security model and their relevance to each of the cloud service delivery model as shown in table (1,2,3)
Table.3
10. Types of Attackers in Cloud Computing An insider or internal attack occurs when an individual or a group within an organization seeks to disrupt operations or exploit organizational assets. In many cases, the attacker employs a significant amount of resources, tools and skill to launch a sophisticated computer attack and potentially remove any evidence of that attack as well. External attack a malicious and experienced individual, a group of experienced individuals, an experienced malicious organization, or inexperienced attackers carry out these attacks. External attacks can also occur either remotely or locally. Table.1
Table.2
Many of the security threats and challenges in cloud computing will be familiar to organizations. Each of the cloud computing service delivery models’ threats result from the attackers that can be divided into two groups as depicted in Table 4.
Table.4
In the cloud environment, attackers can be categorized into four types: random, weak, strong, and substantial . Each of these categories is based on ability to instigate a successful attack, rather than on the type of threat they present (i.e., criminal, espionage or terrorism)[10]: 1- Random - The most common type of attacker uses simple tools and techniques. The attacker may randomly scan the Internet trying to find vulnerable components. They will deploy well known tools or techniques that should be easily detected. 2- Weak - Semi-skilled attackers targeting specific servers/cloud providers by customizing existing publicly available tools or specific targets. Their methods are more advanced as they attempt to customize their attacks using available exploit tools. 3- Strong - Organized, well-financed and skilled groups of attackers with an internal hierarchy specializing in targeting particular applications and users of the cloud. Generally this group will be an organized crime group specializing in large scale attacks. 4- Substantial - Motivated, strong attackers not easily detected by the organizations they attack, or even by the relevant law enforcement and investigative organizations specializing in e-Crime or cyber security. Mitigating this threat requires greater intelligence on attacks and specialist resources in response to detection of an incident or threat.
customers, suppliers and vendors means that many employees of these organizations will be listed on social networking sites and be connected to each other. Attackers can setup identities to gain trust, and use online information to determine relationships and roles of staff to prepare their attacks. A combination of technical attack and social engineering attacks can be deployed against a target user by taking advantage of the people they know and the online social network they use. 4-Mobile device attacks: The use of smart phones has increased and cloud connectivity is now no longer limited to laptop or desktop computing devices. Attacks are now emerging that are targeted for mobile devices and rely on features traditionally associated with laptops and desktops. As mobile devices now have these equivalent features, Internetbased spyware, worms or even physical attacks may be more likely to occur against mobile devices, as they are potentially a less risky target to an attacker that wishes to remain undetected. most mobile devices do not have the equivalent security features enabled, or in some case available. For example, mature antimalware, antivirus or full disk encryption technologies are not widespread on current available smart phones.
12. Different Types Of Security Risks In Cloud Computing
11. Cloud Security Risks There is no doubt that the security risks associated with each model is different and depends on a wide range of factors, including the sensitivity of information assets, and the cloud Engineering , and the control that interested in cloud environment. For example, not limitation, We will review some of them below. 1-Side channel attacks: An emerging concern for cloud delivery models using virtualization platforms is the risk of side channel attacks causing data leakage across resident virtual machine instances. 2-Denial of service attacks: Availability is a primary concern to cloud customers and as such it is equally of concern to the service providers who must design solutions to mitigate this threat. Traditionally, denial of service (DoS) has been associated with network layer distributed attacks flooding infrastructure with excessive traffic in order to cause critical components to fail or to consume all available hardware resources (Sen et al., 2006a; Sen, 2011a; Sen, 2011b). 3-Social networking attacks: With the increased popularity of business and personal social networking sites the risk of advanced social engineering attack is increased. Cloud computing systems are targeted due to their large customer data stores. The complex set of relationships between cloud providers,
Server Security : many security concerns belonging to server side . As a user, it is important to understand what security measures are provided by server before using cloud computing services. Client Security : It is important to provide physical and logical safety to client machine as Client side security is equally important as the Server side. To maintain secure client, organizations should review existing security practices and employ additional ones to ensure the security of its data. Password Security : Password security is used for authentication process, but once broken; the attacker can gain all the privileges provide for the authenticated user. so, it’s very important to select a secure password for any website and it should be the case that a given password should be changed regularly. Identity Thefts : It is difficult managing many accounts of customers and the fact that when user leaves the organization their account remains active increases risk of data exposure which leads to the Identity and access related problems especially in SaaS.
As one of the solutions offered and Used in many applications, The presented solution focuses on Client side security; it propose a solution through which the Clients Identity can be secured with higher level of security mechanism.
By having the record of Clients logins and MAC address[11], the server will maintain a database and generate a random token by the use of Gold number generator for uniquely matching that token with the MAC address. The figure 3 is used for showing the flow of sequence in the login process using the two level efficient password management systems.
Figure.4
14. Quick Review & Analysis of Security Algorithms in Cloud Computing
Figure.3 The code is received on the Clients mobile and notifies him of a possible attack if in case the user attempting the login is not authenticated, if the Client is authenticated, the code received can be entered as required by the Server and allows user to access the account else the access is denied.
13. improving the security and protection by using the encryption algorithm In order to ensure a secure connection over the network, there is no doubt that its encryption algorithms play a key role, It is a vital tool to protect the data. the basic function of the encryption algorithms is to convert the data from the form known and readable to forms and mixture is Incomprehensible through the use of "key" and the user is the only one who has the key to decrypt the data, so there are two types of algorithms: symmetric, is used one key to encrypt and to decrypt data and The other type is asymmetric uses two keys private and public. The public key is used to encrypt and the private key for decryption. Figure.4 shows[12] some of the symmetric & asymmetric algorithms.
BLOWFISH: This was developed in 1993, It is one of the most common public algorithms provided by Bruce Schneier. Blowfish is a variable length key, 64-bit block cipher. No attack is known to be successful against this. Various experiments and research analysis proved the superiority of Blowfish algorithm over other algorithms in terms of the processing time. Blowfish is the better than other algorithms in throughput and power consumption [13]. DES: This stands for Data Encryption Standard and it was developed in 1977. It was the first encryption standard to be recommended by NIST (National Institute of Standards and Technology). DES is 64 bits key size with 64 bits block size. Since that time, many attacks and methods have witnessed weaknesses of DES, which made it an insecure block cipher.[14] RC5: It was developed in 1994, The key length if RC5 is MAX2040 bit with a block size of 32, 64 or 128. The use of this algorithm shows that it is Secure. The speed of this algorithm is slow. [15] 3DES: This was developed in 1998 as an enhancement of DES. In this standard the encryption method is similar to the one in original DES but applied 3 times to increase the encryption level. But it is a known fact that 3DES is slower than other block cipher methods, This is an enhancement of DES and it is 64 bit block size with 192 bits key size. 3DES has low performance in terms of power consumption and throughput when compared with DES. It requires always more time than DES because of its triple phase encryption characteristics.[13][16]. AES: (Advanced Encryption Standard), is the new encryption standard recommended by NIST to replace DES. Brute force attack is the only effective attack known against it, in which the attacker tries to test all the characters combinations to unlock the encryption. Both AES and DES are block ciphers. It has variable key length of 128, 192, or 256 bits; default 256.
It encrypts data blocks of 128 bits in 10, 12 and 14 round depending on the key size. AES encryption is fast and flexible; it can be implemented on various platforms especially in small devices. Also, AES has been carefully tested for many security applications.[15][16]. RSA: This is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption. Till now it is the only algorithm used for private and public key generation and encryption,It is a fast encryption [17]. RSA has a multiplicative homomorphic property i.e., it is possible to find the product of the plain text by multiplying the cipher texts. The result of the operation will be the cipher text of the product. DSA: The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS) and adopted as FIPS 186 in 1993. Four revisions to the initial specification have been released: FIPS 186-1 in 1996, FIPS 186-2 in 2000, FIPS 186-3 in 2009, and FIPS 186-4 in 2013. With DSA, the entropy, secrecy, and uniqueness of the random signature value k is critical [16]. It is so critical that violating any one of those three requirements can reveal the entire private key to an attacker. Using the same value twice (even while keeping k secret), using a predictable value, or leaking even a few bits of k in each of several signatures, is enough to break DSA. [17] Diffie-Hellman Key Exchange (D-H): Diffie–Hellman key exchange is a specific method of exchanging cryptographic keys. It is one of the earliest practical examples of key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
15. Methodologies To Increasing Security in Cloud Environment (Building the Secure Cloud)
15.1 Securing the Transmission thing axiomatic that the data communication between the client and cloud server passes through the network, so it can be exploited, therefore Malicious flooding routes need to be handled by setting a limit for each route . To secure the transmission signals encryption algorithms i.e. public key and private key encryption, can be used with spread spectrum modulation . A - Tunneling methodology : (secure the data during transmission). The packet destined for the cloud server can be encapsulated in a packet with the address of a different node. Packets on reaching this node will be redirected to the server by the node.
This encapsulation prevents the attacker to track down packets meant for the server thus reducing their possibility of getting hacked. The threat of goggle hacking can also be reduced by incorporating this methodology . B - Use of Virtual Circuits methodology it is known that The packets transferred as datagram’s through the network, so they follow the best path possible. However, they may pass through the router which may have been attacked by an attacker, hence , the packets can be traced down and exploited by the attacker. To address and prevent such an attack, virtual circuit can be implemented. In this methodology, the server during the connection establishment sets a fixed route, which the data packets need to follow and this path is through authorized routers and insures data security but may fail if a router on the path is down.
15.2 Securing the Servers A - Intrusion detection system(IDS): attacks like SQL injection can be monitored if we use this technique . The IDS can keep track of possible user requests and queries to monitor these attacks . The IDS can be considered as an immune system for the system. Combining it with soft computing techniques it can detect intrusions in the network . Dimensions such as source and destination IP addresses, port addresses, CPU cycles etc can be used to detect an ambiguous behavior in the network [18]. Replication of state machine can help to detect the nodes in the state with abnormalities, which indicate the attacked nodes [19]. For mobile ad-hoc networks, the dynamic source routing based algorithms can be employed to detect a possible intrusion [20]. The concept of fuzzy networks can be used to analyze the network [21]. B- Separate Servers : Clubbing multiple applications on a single server increases the load on a server, and also makes it more vulnerable to different attacks [22]. so running one application can form a threat to other applications on that server. Solution to this, is storing different applications on different servers, hence we prevents conflicts but increases the cost of setting up the servers. Multi threading parallelization can be used to speed up the servers, thus reducing the response time [23]. With the introduction of IPV6, address assignment and resolution problem has reduced [24]. C - Store Hashed Values : The data stored in the cloud databases is mostly plaintext. If the database is broken then the entire data can be exploited. Storing the hashed value of data can prevent this exploitation. The key for hashing can be securely stored to prevent the exploitation. The key can be randomly generated for each database object like table and view. D – Replication : Until data is available to the user when needed, it necessary for the server to operate without fail.
But in actual scenario it is very difficult for the server to be working all the time. Replication helps to handle the failure, When one server is not working the replicated server can be used. Synchronization is the major concern of replication and Periodic updating can help to keep all the servers up to date. E - Threshold for Server Load : The main purpose of denial of service attack is to overload the server so that it crashes and thus preventing the legitimate user from accessing the server. The solution to this is setting a threshold value for the load a server can handle [25].
15.3. Securing the Client Client data can be secured by combining attribute based encryption and proxy encryption. A - Digital Signatures : Now a days digital signature is used to authenticate the server systems. Different methods for signature like RSA can be used. This increases the computational time but helps to maintain the security. Digital water marking can also be used as a method for unique identification. B - One Time Password : Ones an attacker gets access to the password of a user he can use replay attack to exploit the system. One time password help prevent the replay attacks. One time passwords are randomly generated passwords by the server sent to the client through a secure channel that is used by the client. Client gets a unique password for each session. Embedding the message by exploiting the redundancies in html pages is a possible solution if one time password is proving expensive [26]. One time passwords also secure client’s data from cookie poisoning as passwords change with each session and so the information stored in the system cannot be reused [21]. C - Authenticate for each write: Each write means permanent storage to the database, So, it should be from a valid client. Asking for a password before each storage request helps to ensure that the changes to the file are made by authentic users only. Multifactor authentication can be used to increase the security [25]. Hashing the password method can be deployed for authenticating the users . D - Distributed Storage: Distributed storage means storing parts of the client’s data on different location. Even if one location is attacked the client would not lose the entire data, Hence, restoration will become easier. E - Local Servers: Frequent users use some common applications. They mostly need only few applications. Some local server can be used which store the frequently used applications. This helps to avoid the network congestion and therefore get fast access. Local servers can also cache the data for sessions and template for dynamic documents [27]. F - Temporary storing on local disk : The threat of attack can be minimized by avoiding a constant connection to the internet. This can be achieved by temporarily storing the file on local
disk for one session and updating the cloud database once all the operations for that session are done. Thus there is no need for a constant connection to the internet thus reducing the threat of an attack. This requires the local disk to be large enough to store the session's information.
16. Trust Management Between Data Owners And Storage Service Providers Despite users are enjoying the strength of super-computing and chunk storage supplied by cloud, cloud security still remains as a hot problem, which is in core the trust management between data owners and storage service providers. Data owners fear or be afraid about whether the provider of data storage service will use their data, or disclosure to the third party without authorization. So, we display the idea of data coloring method based on cloud watermarking to solve the trust management issue between data owners and storage service providers. Watermarking - (Digital Watermark) - Technique used to hide a small amount of digital data in a digital signal in such a way that it can’t be detected by a standard playback device or viewer. Digital Watermarking, such as Thomson NexGuard, can embed an indelible and invisible ‘message’ into both the image and the audio track of the motion picture as it passes through the server. A watermarking technique is suggested to protect shared data objects and massively distributed software modules[28]. These techniques safeguard user authentication and tighten the data access-control in public clouds. The new approach could be more cost-effective than using the traditional encryption and firewalls to secure the clouds[28]. Compared with traditional digital watermarking, data coloring based on cloud watermarking not just embeds users copyright into data, but colors all of his/her data ,That is to say, not only the whole data is embedded with watermarks, but a fragment is branded. Each user is specified with a special color, which is able to protect copyright and should not affect the normal use of data.
17. Conclusions Cloud computing is changing the way IT, departments buy IT Businesses have a range of paths to the cloud, including infrastructure, platforms and applications that are available from cloud providers as online services. Many people may be confused by the range of offerings and the terminology used to describe them and will be unsure of the risk and benefits. Security is a major requirement in cloud computing when we talk about data storage. Information needs protection, there are many Security Threats, and different types of security risks need to be discussed. in order to improving the security and protection and building the Secure Cloud, There are number of existing techniques used to implement security .
In this paper, we reviewed number of symmetric and asymmetric algorithms and others such as Data coloring based on cloud water-marking in order to build the Trust Management between data owners and storage service Providers as we can .
[17] Uma Somani, “Implementing Digital Signature with RSA Encryption Algorithm to Enhance the Data Security of Cloud in Cloud Computing," 2010 1st International Conference on Parallel, Distributed and Grid Computing (PDGC- 2010).
References [1] Peter Mell and Tim Grance., 2009, “The NIST Definition of
[18] M. R. Thakur and Sugata Sanyal, "A MultiDimensional approach towards Intrusion Detection System, " arxiv.org, arXiv: 1205.2340, 2012.
Cloud Computing”. [2] S. Bennett, M. Bhuller, R. Covington, Oracle White Paper in Enterprise Architecture – Architectural Strategies for Cloud Computing. August 2009. DOI=http://www.oracle.com/technology/architect/entarch/pdf/ar chitectural_strategies_for_cloud_computing.pdf. [3] Microsoft. Azure Services Platform. DOI = http://www.microsoft.com/windowsazure/. [4] net-security. org Top 7 threats to cloud computing. DOI= http://www.net-security.org/secworld.php?id=8943. [5] T. Andrei, R. Jain, Cloud Computing Challenges and Related Security Issues. A Survey Paper. DOI = http://www.cse.wustl.edu/~jain/cse571-09/ftp/cloud.pdf. [6] St. Hanna, A security analysis of Cloud Computing. Cloud Computing Journal. DOI = http://cloudcomputing.syscon.com/node/1203943. [7] R. Gellman, Privacy in the clouds: Risks to privacy and confidentiality from cloud computing. Tech. rep., February 2009. DOI =http://www.worldprivacyforum.org/. [8]Sen, J. (2013). Security and Privacy Issues in Cloud Computing. In Mart´ınez, A. R., Marin-Lopez, R., and Pereniguez-Garcia, F., editors, Architectures and Protocols for Secure Information Technology Infrastructures, pages 1–45. IGI Global. [9] D. Liu, V. Vasilakos, N.Xiong .(2013).Security and Privacy in Cloud Computing: ASurvey [10] (CPNI Centre for the Protection of National Infrastructure .Security Briefing, 2010). [11] Himanshu V. Taiwade, 2015, Enhanced Security Mechanisms for Cloud Computing. [12] Kashish Goyal, Supriya Kinger” Modified Caesar Cipher for Better Security Enhancement” International Journal of Computer Applications (0975 – 8887) Volume 73– No.3, July 2013. [13] Mr. Gurjeevan Singh, , Mr. Ashwani Singla and Mr. K S Sandha “ Cryptography Algorithm Compaison For Security Enhancement In Wireless Intrusion Detection System ”International Journal of Multidisciplinary Research Vol.1 Issue 4, August 2011. [14] Yogesh Kumar, Rajiv Munjal and Harsh Sharma,”Comparison of Symmetric and Asymmetric Cryptography with Existing Vulnerabilities and Countermeasures ” IJCSMS International Journal of Computer Science and Management Studies, Vol. 11, Issue 03, Oct 2011. [15] D. S. Abdul. Elminaam, H. M. Abdul Kader and M. M. Hadhoud ,“ Performance Evaluation of Symmetric Encryption Algorithms”, Communications of the IBIMA Volume 8, 2009. [16] Gurpreet Singh, Supriya Kinger”Integrating AES, DES, and 3-DES Encryption Algorithms for Enhanced Data Security “International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013.
[19] M. R. Thakur and Sugata Sanyal, "A PAXOS based State Machine Replication System for Anomaly Detection, " arxiv.org, arXiv: 1206.2307, 2012. [20] A. K. Trivedi, R. Kapoor, R. Arora, S. Sanyal & S. Sanyal, "RISM - Reputation Based Intrusion Detection System for Mobile Ad hoc Networks, " Third International Conference on Computers and Devices for Communications, CODEC-06, Institute of Radio Physics and Electronics, University of Calcutta, 2006, pp. 234-237. [21] S. Chavan, K. Shah, N. Dave, S. Mukherjee, A. Abraham and S. Sanyal, "Adaptive Neuro-Fuzzy Intrusion Detection Systems, " International Conference on Information Technology: Coding Compuing, ITCC1, 2004, pp. 70-74. [22]A. K. Talukdar and M. Chaithanya, "Architecting Secure Software Systems," CRC Press, 2009. [23] A. Jacob, M. Paprzycki, M. Ganzha and S. Sanyal, "Applying SIMD Approach to Whole Genome Comparison on Commodity Hardware, " Parallel Processing and Applied Mathematics, 2008. [24] A. Ramani, S. Vhora and S. Sanyal, "The Next Generation Internet Protocol, " Informatica (Ljubljana), vol. no. 26, 2002, pp. 27-45. [25] S. Sanyal, D. Gada, R. Gogri, P. Rathod, Z. Dedhia and N. Mody, "Security Scheme for Distributed DoS in Mobile Ad Hoc Networks," Technical Report, 2004, School of Technology & Computer Science, TIFR arXiv:1005.0109v2 [cs.CR] . [26] S. Dey, H. Al-Qaheri and S. Sanyal, "Embedding Secret Data in Html Web Page, " arxiv.org, arXiv: 1004.0459, 2010. [27] V. Goyal, S. Sanyal and D. P. Agrawal, "Vcache: Caching Dynamic Documents, " arxiv.org, arXiv: 1003.2616, 2010. [28] Nagaram Ramesh,B. Nagaveni,P. Satyavathi “An Efficient Technique to provide Security for Data Owners in Cloud Computing”, Vol. 1 Issue 5, July - 2012
