Cloud ComputingLiteraturesurvey

March 22, 2018 | Author: engineeringwatch | Category: Cloud Computing, Key (Cryptography), Cryptography, Public Key Cryptography, Encryption


Comments



Description

Cloud Computing Security Issues Cloud Computing  Cloud Computing is set of resources and services offered through theInternet.  Cloud services are delivered from data centers located throughout the world.  Cloud computing facilitates its consumers by providing virtual resources via internet and customers pay the bill of the service as their usage. Cloud Service Models IAAS-Infrastucuter As-A -Service  The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources.  Consumer is able to deploy and run arbitrary software, which can include operating systems and applications.  The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems; storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Access to infrastructure stack: – Full OS access,Firewalls,Routers,Load balancing Cloud Provider: AWS: EC2 PAAS-Plat Form As a Service  The capability provided to the consumer is to deploy onto the cloud infrastructure consumer created or acquired applications created using programming languages and tools supported by the provider.  The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Popular services Storage,Database,Scalability. Cloud Providers:Google App Engine,Mosso ,AWS: S3 SAAS-Software As a Service  The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure.  The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email).  The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings Examples • CRM ,Financial Planning, Human Resources • Word processing Commercial Services providers: Salesforce.com ,email cloud Cloud Deployment Models • Private Cloudsingle organization • Public Cloud----public • Community Cloud ----for community • Hybrid Cloud----combination of 2 or more clouds Examples of Cloud Services • Email – instead of having a client sitting at home, you can check your e-mail wherever you are, even from other systems. (Yahoo, Gmail, Microsoft) • Data Storage – can store MP3’s, video, photos and documents online instead of at home. • Virtualization – Amazon EC2 • Data Sharing – Google Doc’s, allows quicker updates and faster project completion times • *ASP's/SaaS, Paas SECURITY ISSUES IN CLOUD COMPUTING Security Issues: The cloud service provider for cloud makes sure that the customer does not face any problem such as loss of data or data theft. There is also a possibility where a malicious user can penetrate the cloud by impersonating a legitimate user, there by infecting the entire cloud. This leads to affects many customers who are sharing the infected cloud. There are five types of issues raise while discussing security of a cloud. 1. Data Issues 2. Privacy issues 3. Infected Application 4. Security issues 5. Trust Issues 1)Data Issues:  Whenever a data is on a cloud, anyone from anywhere anytime can access data from the cloud. Since data may be common, private and sensitive data in a cloud. So at the same time, many cloud computing service consumer and provider accesses and modify data. Data stealing Data stealing is a one of serious issue in a cloud computing environment.  Many cloud service provider do not provide their own server instead they acquire server from other service providers due to it is cost affective and flexible for operation and cloud provider.  So there is a much probability of data can be stolen from the external server. Data loss is a common problem in cloud computing.  Data loss is a common problem in cloud computing. If the cloud computing service provider shut down his services due to some financial or legal problem then there will be a loss of data for the user.  Moreover data can be lost or damage or corrupted due to miss happening, natural disaster, and fire. Data protection in cloud computing is very important factor it could be complicated for the cloud customer to efficiently check the behavior of the cloud supplier and as a result he is confident that data is handled.  Also very efficient data integrity method in cloud computing. 2) Privacy Issues:  The cloud computing service provider must make sure that the customer personal information is well secured from other providers, customer and user.  As most of the servers are external, the cloud service provider should make sure who is accessing the data and who is maintaining the server so that it enable the provider to protect the customer’s personal information.  Solution “Authentication is a best solution for the privacy issue. Authentication and access control are more important than ever since the cloud and all of its data are accessible to anyone over the Internet.” 3) Infected Application  Any malicious user from uploading any infected application onto the cloud which will severely affect the customer and cloud computing service.  Solution: “To prevent cloud computing service provider should have the complete access to the server with all rights for the purpose of monitoring and maintenance of server.” 4) Security Issues  Cloud computing security must be done on two levels. One is on provider level and another is on user level.  The user should make sure that there should not be any loss of data or stealing or tampering of data for other users who are using the same cloud due to its action.  Solution: “Cloud computing service provider should make sure that the server is well secured from all the external threats it may come across.  Even though the cloud computing service provider has provided a good security layer for the customer and user. A cloud is good only when there is a good security provided by the service provider to the user.” 5) Trust Issues:  Trust is very necessary aspect in business.  Still cloud is failed to make trust between customer and provider.  So the vendor uses this marvelous application should make trust. Weak trust relationship and lack of customer trust cause many problems during deployment of cloud services ENCRYPTION METHODS FOR DATA SECURITY IN CLOUD Encryption is a well known technology for protecting sensitive data. Use of the combination of Public and Private Key encryption to hide the sensitive data of users, and cipher text retrieval. The following three papers analyze the feasibility of the applying encryption algorithm for data security and privacy in cloud Storage. Implementing DES Algorithm in Cloud for Data Security Neha Jain described Data security system implemented into cloud computing using DES algorithm. This Cipher Block Chaining system is to be secure for clients and server. The security architecture of the system is designed by using DES cipher block chaining, which eliminates the fraud that occurs today with stolen data. There is no danger of any data sent within the system being intercepted, and replaced. The system with encryption is acceptably secure, but that the level of encryption has to be stepped up, as computing power increases. The algorithm steps are follows. 1. Get the Plaintext. 2. Get the Password. 3. Convert the Characters into binary form. 4. Derive the Leaders (L1 to L16) from the Password. 5. Apply the Formula to get the encrypted and decrypted message.  In order to secure the system the communication between modules is encrypted using symmetric key. Though many solutions have been proposed earlier many of them only consider one side of security; the author proposed that the cloud data security must be considered to analyze the data security risk, the data security requirements, deployment of security functions and the data security process through encryption.  The main contribution of this is the new view of data security solution with encryption, which is the important and can be used as reference for designing the complete security solution 2. Data Security in Cloud computing using RSA Algorithm  Parsi Kalpana, Sudha Singaraju have proposed a method by implementing RSA algorithm to ensure the security of data in cloud computing.  RSA algorithm to encrypt the data to provide security so that only the concerned user can access it.  The purpose of securing data, unauthorized access does not allow. User data is encrypted first and then it is stored in the Cloud.  When required, user places a request for the data for the Cloud provider; Cloud provider authenticates the user and delivers the data.  RSA is a block cipher, in which every message is mapped to an integer. RSA consists of Public-Key and Private-Key.  In the proposed Cloud environment, Pubic-Key is known to all, whereas Private-Key is known only to the user who originally owns the data.  Thus, encryption is done by the Cloud service provider and decryption is done by the Cloud user or consumer. Once the data is encrypted with the Public-Key, it can be decrypted with the corresponding Private-Key only. Homomorphic Encryption Applied to the Cloud Computing Security  Maha TEBAA have proposed an application of a method to execute operations on encrypted data without decrypting them which will provide the same results after calculations as if the authors have worked directly on the raw data.  Homomorphic Encryption systems are used to perform operations on encrypted data without knowing the private key (without decryption), the client is the only holder of the secret key.  When the author decrypts the result of any operation, it is the same as if they had carried out the calculation on the raw data.  In this paper cloud computing security based on fully Homomorphic encryption, is a new concept of security which enables providing results of calculations on encrypted data without knowing the raw data on which the calculation was carried out, with respect of the data confidentiality. The author work is based on the application of fully Homomorphic encryption to the Cloud Computing security considering:  The analyze and the improvement of the existing cryptosystems to allow servers to perform various operations requested by the client. The improvement of the complexity of the Homomorphic encryption algorithms and compare the response time of the requests to the length of the public key. The comparison table considers the important cloud computing security characteristics such as, Cloud Security Threats and Mitigation The following are cloud security best practices to mitigate risks to cloud services:  Architect for security-as-a-service  Implement sound identity, access management architecture and practice  Leverage APIs to automate safeguards  Always encrypt or mask sensitive data  Do not rely on an IP address for authentication services Cloud Security Principles Services running in a cloud should follow the principles of least privileges.  Isolation between various security zones should be guaranteed using layers of firewalls.  Cloud firewall, hypervisor firewall, guest firewall and application container. Firewall policies in the cloud should comply with trust zone isolation standards based on data sensitivity.  Applications should use end-to-end transport level encryption (SSL, TLS, IPSEC) to secure data in transit between applications deployed in the cloud as well as to the enterprise.  Applications should externalize authentication and authorization to trusted security services. Single Sign-on should be supported using SAML 2.0.  Data masking and encryption should be employed based on data sensitivity aligned with enterprise data classification standard.  Applications in a trusted zone should be deployed on authorized enterprise standard VM images.  Industry standard VPN protocols such as SSH, SSL and IPSEC should be employed when deploying virtual private cloud (VPC).  Security monitoring in the cloud should be integrated with existing enterprise security monitoring tools using an API. Cloud Service Models-Security ISSUES A. IaaS Issues VM security – securing the VM operating systems and workloads from common security threats that affect traditional physical servers, such as malware and viruses, using traditional or cloud-oriented security solutions. The VM’s security is the responsibility of cloud consumers. Each cloud consumer can use their own security controls based on their needs, expected risk level, and their own security management process. Securing VM images repository - unlike physical servers VMs are still under risk even when they are offline. VM images can be compromised by injecting malicious codes in the VM file or even stole the VM file itself. Secured VM images repository is the responsibilities of the cloud providers. Another issue related to VM templ ates is that such templates may retain the original owner information which may be used by a new consumer. Virtual network security - sharing of network infrastructure among different tenants within the same server (using vSwitch) or in the physical networks will increase the possibility to exploit vulnerabilities in DNS servers, DHCP, IP protocol vulnerabilities, or even the vSwitch software which result in networkbased VM attacks. Securing VM boundaries - VMs have virtual boundaries compared with to physical server ones. VMs that co-exist on the same physical server share the same CPU, Memory, I/O,NIC, and others (i.e. there is no physical isolation among VM resources). Securing VM boundaries is the responsibility of the cloud provider. Hypervisor security - a hypervisor is the “virtualizer” that maps from physical resources to virtualized resources and vice versa. It is the main controller of any access to the physical server resources by VMs. Any compromise of the hypervisor violates the security of the VMs because all VMs operations become traced unencrypted. Hypervisor security is the responsibility of cloud providers and the service provider. In this case, the SP is the company that delivers the hypervisor software such as VMware or Xen. B. PaaS Security Issues SOA related security issues – the PaaS model is based on the Service-oriented Architecture (SOA) model.  This leads to inheriting all security issues that exist in the SOA domain such as DOS attacks, Man-in-the-middle attacks, XML-related attacks, Replay attacks, Dictionary attacks, Injection attacks and input validation related attacks.  Mutual authentication, authorization and WS-Security standards are important to secure the cloud provided services. This security issue is a shared responsibility among cloud providers, service providers and consumers.  API Security - PaaS may offer APIs that deliver management functions such as business functions, security functions, application management, etc. Such APIs should be provided with security controls and standards implemented, such as  OAuth , to enforce consistent authentication and authorization on calls to such APIs. Moreover, there is a need for the isolation of APIs in memory. This issue is under the responsibility of the cloud service provider. C. SaaS Security Issues  In the SaaS model enforcing and maintaining security is a shared responsibility among the cloud providers and service providers (software vendors).  The SaaS model inherits the security issues discussed in the previous two models as it is built on top of both of them including data security management (data locality, integrity, segregation, access, confidentiality, backups) and network security.  Web application vulnerability scanning - web applications to be hosted on the cloud infrastructure should be validated and scanned for vulnerabilities using web application scanners . Cloud Computing Security Enablers A. Identity & Access Management (IAM) and Federation B. Key Management C. Security Management D. Secure Software Development Lifecycle E. Security-Performance tradeoff optimization F. Federation of security among multi-clouds needs. cloud security management problem. Our objective is to block the hole arise in the security management processes of the cloud consumers and the cloud providers from adopting the cloud model. To be able to resolve such problem we need to: (1) Capture different stakeholders security requirements from different perspectives and different levels of details; (2) Map security requirements to the cloud architecture, security patterns and security enforcement mechanisms. (3) Deliver feedback about the current security status to the cloud providers and consumers. We propose to adopt an adaptive model-based approach in tackling the cloud security management problem. different levels of details. Models will help in the problem abstraction and the capturing of security requirements of different stakeholders at PROBLEM FORMULATION In Cloud computing technology there are a set of important policy issues, which include issues of privacy, security, anonymity, telecommunications capacity, government surveillance, reliability, and liability, among others. But the most important between them is security and how cloud provider assures it. Generally, Cloud computing has several customers such as ordinary users, academia, and enterprises who have different motivation to move to cloud. If cloud clients are academia, security effect is on performance of computing and for them cloud provides a way to combine security and performance. For enterprises the most important problem is also security but with different vision. For them high performance may be not as critical as academia. So, as per the perspective of different users, the security point of view is different. PROPOSED WORK PLAN  To access a cloud based web application that will try to eliminate the concerns regarding data privacy, segregation. proposed different encryption algorithms like - AES, DES, RSA and Blowfish to ensure the security of data in cloud. For the perspective of different users, proposed these algorithms.  All of these algorithms are symmetric key, in which a single key is used for encryption/decryption purposes. RSA is asymmetric key algorithm. This algorithm is used for public key cryptography.  In this, two public/private keys are used for encryption/decryption.  The options are provided to the users to choose any algorithm according to him/her need and accordingly encrypt/decrypt the data on cloud.  The key-size of algorithms is different. Like- Key size of Blowfish algorithm is 128-448 bits and AES algorithm is 128,192,256 bits. The key length of AES is less than Blowfish. 2048 bits of asymmetric key is equivalent to 112 bits of symmetric key. Proposed internal working steps taken in enhancement of data security in cloud as perspective To users Firstly, user has to install Google App Engine, Eclipse IDE and required plug-ins. Following are the various steps through user will be able to login and proceed with the process of enhancing the data security (encryption/decryption) by choice of their own algorithm. Step1. User log into Cipher cloud and then he/ she will be getting choices of encryption algorithms. Step2.Then, after selecting any algorithm as per user’s choice, he/ she will be able to encrypt the particular data which he/she wants to. Step3. After selecting algorithm, user will be getting options to upload the files and encrypt it accordingly. Step 4. After sending request to server, server generates the symmetric key and decrypts the request and again encrypts it with RSA and transmits the file to user. User logs into Cipher Cloud using Google Account .If the user is new then he/she is given a choice for encryption algorithm User chooses an algorithm and is taken to the control panel Control panel has list of all the user's files User uploads the file using the file upload link . Step 5.The encrypted file is made available on the control panel. Only the user can download the decrypted version. DESIGN OBJECTIVES 1. User should not require any third party software/program to encrypt data on the client side. 2. Every bit of data read/written to/from the cloud database must go through an encryption framework. 3. 4. User must be authorized using passwords, to access the data saved on Cipher Cloud. Encryption keys used must be generated instantly and should never be stored on cloud storage framework in any form. 5. Give the user a choice to select the encryption algorithm they wish to use. 6. Provide an efficient mechanism of encryption over the cloud. References [1] Uma Somani , Kanika Lakhani ,Manish Mundra , “Implementing digital signature with RSA encryption algorithm to enhance data security of cloud in cloud computing “, PGDC 2010 pp 211- 216 [2] John harauz , Lori M.Kaufman , Bruce potter , “Data security in world of cloud computing “ by IEEE computer and reliability societies , jul /Aug 2009 Pp 61-64 [3] Cong Wang, Qian Wang, and Kui Ren, Wenjing Lou,” Ensuring Data Storage Security in Cloud Computing” at IEEE (8-1-4244-3876-1/09) [4] Xiao Zhang, Hong-tao Du ,Jian-quan Chen, Yi Lin, Lei-jie Zeng , “Ensure Data Security in Cloud Storage”, At international conference on Network computing and information security 2011 pp284-287 [5] Xiaojun Yu, Qiaoyan Wen “ A view about cloud data security from data life cycle ”published in IEEE 2010
Copyright © 2024 DOKUMEN.SITE Inc.