Data Security Issues and Challenges in Cloud Computing and Data Integrity for Cloud Computing Security
Pushphalatha S1, Satish B Basapur2, Surendra Babu M S3
,
1Asst.Prof, ISE, Dr.AIT, Karnataka, India
2Asst.Prof, ISE, Dr.AIT, Karnataka, India
3Student, ISE, Dr.AIT, Karnataka, India
Abstract
Cloud services are provided by a third-party supplier who possesses the arrangement. Cloud computing has many advantages such as flexibility, efficiency, scalability, integration, and capital reduction. Moreover, it provides an advanced virtual space for organizations to deploy their applications or run their operations.Security is one of the main challenges that hinder the growth of cloud compu-ting.service providers strive to reduce the risks over the clouds and increase their reliability in order to build mutual trust between them and the cloud customers. Various security issues and challenges are discussed and a detailed analysis of the cloud security problem is presented. Also the different problem in a cloud computing system and their effect upon the different cloud users are analyzed. It is providing a comparably scalable, position-independent. Low cost platform for client’s data. Since cloud computing environment is constructed based on open Architecture and interface. Based on this analysis various computing system and their effect upon the system, upon organizations and also upon different cloud users are analyzed. It is providing a comparably scalable, position-independent, low cost platform for client’s data. Since cloud computing environment is constructed based on open architecture and interface. Based on this analysis various researches have also presented a view of measures that can be taken to deal with the cloud security problem and prevention that must be taken into account by any organization and cloud users seeking investment in cloud computing.
KeyWords:Cloud Computing, Data Security, infrastructure, Integrity verification, Iaas,Paas,Saas.
------***------
1.INTRODUCTION
Cloud computing offers a rela-tively low-cost scalable alternative to in-house infra-structure, both in hardware and software [1-5]. NIST [6] defined the term “Cloud Computing” as an ubiquitous on-demand model for accessing common resources over a network. The main idea of cloud computing is to deliv-er both software and hardware as services. Three layers of services over the cloud that are Soft-ware as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) using services over the cloud is accompanied with many doubts mostly about security issues . A survey con-ducted by IDC shows the importance of the challenges for those considering cloud computing as an option. It is shown in Figure 1 that security is the utmost concern. Moving essential data over a network to a third-party resource is not an easy decision to be approved.should be many guarantees as good performance, availability,and mostly secure transmission andStoragediscussing the configurations and security issues in cloud computing while highlighting SaaS, PaaS, and IaaS. This research presents a conceptual study of the data
Figure 1.Challenges in considering cloud computing .
security issues and challenges in cloud com-puting.This paper shall also be taken care of by allowing trusted party to verify the correctness of the cloud data on demand without retrieving a copy of the whole data or introducing additional on-time burden to cloud users. Cloud computing offers its services in three deployment models: (IaaS), (PaaS), and (SaaS). IaaS is a set of IT equipments that are owned, managed, and maintained by a cloud provider and then used by a cloud customer in a pay-as-you go manner. IaaS services include storage, where virtualized storage is delivered on demand which allows customers to pay only for the amount they use. IaaS also provides other services such as backup and recovery, Content Distribution Network (CDN), service management and platform hosting.
PaaS provides infrastructure and middleware without the need to manage the underlying resources (hardware and software), allowing cloud costumers to create and control their applications through the cloud. These services include databases, deployment, development applications integration, and administration tools. An example of the PaaS services is Google Cloud SQL, which allows developers to create and control their databases without requiring the installation of any software for database management, maintenance, and administration.
SaaS allows cloud customers to access applications and their associated data without the complexity of buying and installing in-house applications. SaaS is the most popular cloud deployment; it includes a wide range of applications. In terms of business, SaaS can cover accounting applications, sales, collaboration, management information systems (MIS), customer relationship management (CRM), enterprise resourceplanning (ERP), billing, and human resource management (HRM). Sales Force is a common example of SaaS that provides innovative and easy to access CRM tools to cloud customers.
2. SECURITY ISSUES AND CHALLENGES OF
CLOUD COMPUTING
Security is considered as one of the most critical aspects in everyday computing and it is not different for cloud computing due to sensitivity and importance of data stored on the cloud. Cloud Computing infrastructure uses new technologies and services, most of which haven’t been fully evaluated with respect to the security. Cloud Computing has several major issues and concerns, such as data security, trust, expectations, regulations, and performances issues.
2.1 TOP SECURITY RISKS
The most important classes of cloud-specific risks identified are:
LOFF OF GOVERANCE:in using cloud infrastructures, the client necessarily cedes control to the Cloud Provider (CP) on a number of issues which may affect security. At the same time, SLAs may not offer a commitment to provide such services on the part of the cloud provider, thus leaving a gap in security defences.
LOCK-IN:there is currently little on offer in the way of tools, procedures or standard data formats orservices interfaces that could guarantee data, application and service portability. This can make it difficult for the customer to migrate from one provider to another or migrate data and services back to an in-house IT environment. This introduces a dependency on a particular CP for service provision, especially if data portability, as the most fundamental aspect, is not enabled.
ISOLATION FAILURE:Multi-tenancy and shared resources are defining characteristics of cloud computing.This risk category covers the failure of mechanisms separating storage, memory, routing and even reputation between different tenants (e.g., so-called guest-hopping attacks). However it should be considered that attacks on resource isolation mechanisms (e.g.,. against hypervisors) are still less numerous and much more difficult for an attacker to put in practice compared to attacks on traditional OSs.
COMPLIANCE RISKS: Investment in achieving certification (e.g., industry standard or regulatoryrequirements) may be put at risk by migration to the cloud:
if the CP cannot provide evidence of their own compliance with the relevant requirements
if the CP does not permit audit by the cloud customer (CC).
In certain cases, it also means that using a public cloud infrastructure implies that certain kinds of compliance cannot be achieved (e.g., PCI DSS 7).
MANAGEMENT INTERFACE COMPROMISE:customer management interfaces of a public cloud provider areaccessible through the Internet and mediate access to larger sets of resources (than traditional hostingproviders) and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities.
DATA PROTECTION: Cloud computing poses several data protection risks for cloud customers andproviders. In some cases, it may be difficult for the cloud customer (in its role as data controller) toeffectively check the data handling practices of the cloud provider and thus to be sure that the data is handled in a lawful way. This problem is exacerbated in cases of multiple transfers of data, e.g., between federated clouds. On the other hand, some cloud providers do provide information on their data handling practices. Some also offer certification summaries on their data processing and data security activities and the data controls they have in place, e.g., SAS70 certification.
INSECURE OR INCOMPLETE DATA DELETION:when a request to delete a cloud resource is made, as with mostoperating systems, this may not result in true wiping of the data. Adequate or timely data deletion may also be impossible (or undesirable from a customer perspective), either because extra copies of data are stored but are not available, or because the disk to be destroyed also stores data from other clients. In the case of multiple tenancies and the reuse of hardware resources, this represents a higher risk to the customer than with dedicated hardware.
MALICIOUS INSIDER:While usually less likely, the damage which may be caused by malicious insiders isoften far greater. Cloud architectures necessitate certain roles which are extremely high-risk. Examples include cloud provider system administrators and managed security service providers.
The authors examined different security and privacy concerns related to cloud computing. They discussed and outlined the risks, their influences, and the opportunities. Adequate levels of reliability, confidentiality, and sensitive data protection are examples of many security concerns. The weaknesses and problems come from unresolved issues in the existing technologies, which are used to build the cloud. Security requirements over the clouds, but face different challenges to guarantee high level of security. For that, authors discussed the requirement and challenges, also suggested standardization and management approaches to guide cloud engineers and users. Cloud computing as an approach introduces new risks, influences others, and magnifies some. These risks and their effect on security risks and vulnerabilities
3.Security Issues in Cloud Computing
The deployment of a cloud is managed in-house (Private Cloud) or over a third-party location (Public Cloud). While, for various reasons, it is deployed as an integrated private-public cloud (Hybrid Cloud) A “Community Cloud” is a fourth type of cloud implementation models, where the infrastructure spreads over several organizations and is accessed by a specific community.The different cloud implementation models are shown in Figure 2.
Figure 2 shows types of cloud
Public cloud implementation is a model in which a service provider, third-party, offers public services on pay-per-use manner. Some of the benefits of this model are the economies of scale, ability to have short-term usage and greater resources utilization [1]. Secure use of the shared public cloud is more challenging compared to private clouds. For that, public cloud suits more incidental or less vulnerable applications [7].. A trusted third party auditor (TPA) is proposed in [8] to solve the trust issues in public clouds. A TPA is expected to analyze the public cloud services and provide an adequate report. Public cloud service providers are supposed to prove the credibility of their systems, guarantee ser-vice availability, ensure a high level of data protect and handle security breach attempts efficiently .
One of the key issues is to effectively detect any unauthorized data modification and corruption, possibly due to server compromise and/or random Byzantine failures. To address these problems, our main scheme for ensuring cloud data storage is presented in this section. The first part of the section is devoted to a review of basic tools from coding theories that are needed in our scheme for file distribution across cloud servers. Then, the homomorphism token is introduced. The token computation function we are considering belongs to a family of universal hash function, chosen to preserve the homomorphism properties, which can be perfectly integrated with the verification of erasure-coded data. Subsequently, it is also shown how to derive a challenge response protocol for verifying the storage correctness as well as identifying misbehaving servers. Finally, the procedure for file retrieval and error recovery based on erasure-correcting code is outlined. B.
The main idea is to outsource the file before the data block encryption, and validation of fixed-size tags, each tags ate included in the block information. Although ,the CPDP scheme offer a publically accessible remote interface for checking and managing the tremendous amount of data, the majority of exiting CPDP schemes are incapable to satisfy the inherent requirements from multiple clouds on terms of communication andcomputation costs. To address this problem, we consider a multi-cloud storage service as shown in fig 3
Fig. 3: Cloud data storage architecture
4.System Architecture:
In this architecture, a data storage service involves three different entities. Client who have a large amount of data to be stored in multiple clouds and have the permissions to access and manipulate stored data cloud service providers(CSP) who work together to provide data storage services and have enough storage and computation resources. And Trusted Third Party(TTP) who is trusted to store verification parameters and offer public query services for these parameters. Firstly, a client(data owner) uses the secret key to pro-process a file which consists of a collection of n blocks, generates a set of public verification information that is stored in TTP, transmit the file and some verification tags to CSPs and may delete its local copy; Then, by using a verification protocol, the clients can issue a challenge for one CSP to check the integrity and availability of outsourced data with respect to public information stored in TTP.
Firstly, a client(data owner) uses the secret key to pre-process a file which consists of a collection of n blocks, generates a set of public verification information that is stored in TTP,, transmit the file and some verification tags to CSPs , and may delete its local copy. Then, by using this verification protocol, the clients can issue a challenge for one CSPs to check the integrity and availability of outsourced data either respect to public information stored in TTP.
In proposed system a cooperative provable data possession in cross cloud S=(SecretKeyGen) is a collection of two algorithm and an interactive proof system proof, as follows:
SecretKeyGen(IK ):Takes a security parameter k as input, and returns a secret key Sk or a public-secret key pair(Pk,Sk); Proof(P,V): Is a protocol of proof of data possession between
CSPs(P=Pk) and a verify (V), that is, <Pk E P Pk, F(k)
,Vp(k)(Pk,Vp)where Pk takes input file F(k)and a set of public parameters Vp is the common input between P and V. At the end of the protocol run, V returns a bit {0/1} denoting false and true. This is proposed cross cloud scheme for key generation, tag generation and verification protocol.
The section will analyze the static PDP hybrid security agreement to confidentiality, integrity and confirm the analysis of three aspects. Confidentiality the owner of the file is stored on the server before will use the cryptosystem to encrypt the data to ensure that the file will not be Intercepted by an unauthorized person to get the file content. Because encryption and decryption SecretKeyGen and VeriTagGen cryptosystem uses public key and private key, security is based on calculating private key. Until and unless you don’t know private key, you can’t decrypt the cipher text file M.
Integrity in the verification phase, the owner would like to verification cipher text M is a complete file stored on the server at this time, the sever will calculate the value of z to prove he has complete store cipher text file M. If the server is calculated z calculated with the owner of the verification value is equal to V, it means the server does have the correct storage cipher text file M.
Our design and development is mainly based on the usage of Public and Private key encryption system.The concerns exceed the potential of data loss and corruption to matters of trust, service availability, and unpredictable issues.
5.SLA’s
SLA is an important matter when considering public cloud services, as presented in .It is important to have an assurance before conducting serious business operations over third-party resources. The provider is expected to ensure service accessibility, availability, dependability and performance. Potential problems of the agreements include the interpretation of the conditions, as well as the evaluation criteria of the terms. That creates confusion on one hand; on the other hand the terms may omit the customers’ expectations or requirements. Furthermore, the terms vary and increase the SLA complex-ity for different cloud offerings as for Iaas, Paas, and Saas. For that the SLAs need to be flexible in a way that adapts to customer specific requirements, at the same time clear to both parties. Automated SLAs try to over-come the challenges here, but practically it is difficult as highlighted in [9].
the respondents are apparently consider data protection and SLA at the top of the requirements for evaluating a service provider, Accordingly, a pro-posed solution in [1] suggests implementing standardized API’s, which makes switching between clouds or services easier.Before choosing a cloud vendor, due diligence is necessary by thorough examination of theService-Level Agreements (SLA's) to understand what they guarantee and what they don’t. Inaddition, scour through any publicly accessible availability data. Amazon, for example, maintains a"Service Health Dashboard" that shows current and historical up-time status of its variousservices.Regarding the level of performance, there will always be some network latency with a cloudservice, possibly making it slower than an application that runs in your local data center. But third-party vendors, such as Right Scale, are building services on top of the cloud to make sureapplications can scale and perform well.
But even when SLA's are set and contracts are signed, there are some concerns that should notbe ignored. For example, who is responsible for monitoring, auditing and enforcing the SLA'sOr if security is breached or audits fail, who is responsible for measuring and reporting those