Acknowledgement
List of Abbreviations
List of Figures
List of Tables
Abstract
Chapter 1. Introduction of Cloud Computing
1.1 Introduction
1.2 Concept of Cloud Computing
1.3 Cloud Architecture
1.4 Service/Delivery Model of Cloud Computing
1.4.1 SaaS(Software as a Service)
1.4.2 PaaS(Platform as a Service)
1.4.3 IaaS(Infrastructure as a service)
1.5 Layered Architecture Description
1.6 Deployment Model of Cloud Computing
1.6.1 General Division
1.6.2 Other Divisions
1.7 Characteristics of Cloud Computing
1.7.1 Rapid Elasticity
1.7.2 On demand
1.7.3 Broad network access
1.7.4 Multi Tenancy
1.7.5 Pay per use
1.7.6 Scalability
1.7.7 Resiliency
1.8 Categorization of Cloud Computing
1.8.1 Terminology of Cloud computing
1.8.2 Cloud Security Standards
1.8.3 Cloud Apps
1.9 Technologies Related with Cloud
1.9.1 Grid Computing
1.9.2 Utility Computing
1.9.3 Virtualization
1.9.4 Autonomic Computing
1.9.5 Cluster Computing
1.10 Benefits of Cloud Computing
1.10.1 Reduce Business Risk
1.10.2 Remove Complexity of Installing Software
1.10.3 New Research area
1.10.4 Easy Access
1.10.5 Provide service based on our needs
1.10.6 Scope for SME
1.10.7 Bigger software market
1.11 Problem with Cloud Computing
1.11.1 Loss of Governance
1.11.2 Data Loss
1.11.3 Account or Service Hijacking
1.11.4 Insecure Interfaces and Application Program Interfaces
1.11. 5 Abuse and Nefarious use of Cloud Computing
1.12 Contribution of the Book
1.13 Conclusion
Chapter 2. Research Background
2.1 Survey of Existing Work
2.2 Definitions of Cloud Computing
2.3 Issues with Cloud Computing
2.4 Solution of Cloud Adoption Issue
2.4.1 Cloud security using Third Party Auditor
2.4.2 Cloud Computing Security Using Cryptographic Technique
2.5 Problem Yet To Be Solved
2.6 Problem Definitions
2.7 Objective
2.8 Conceptual Framework of Model
2.9 Conclusion
Chapter 3. Analysis of Cryptographic Mechanism
3.1 Introduction of Cryptography
3.2 Cryptography
3.2.1 Process of Cryptography
3.2.2 Encryption
3.2.3 Decryption
3.2.4 Cryptosystem
3.2.5 Symbolic Representation
3.3 Algorithms
3.3.1 Homomorphic Encryption
3.3.2 Fully Homomorphic
3.3.3 Partial Homomorphic
3.3.4 Hashing
3.4 Conclusion
Chapter 4. Data Security and Integrity in Cloud Computing based on RSA Partial Homomorphic and MD5 Algorithm
4.1 Introduction
4.2 Overview of Architecture
4.3 Model Description
4.3.1 Prerequisites
4.3.2 Secure Data Sharing
4.3.3 Secure Data Storage at Cloud Server
4.4 Algorithm Applied in Proposed Architecture
4.4.1 RSA Partial Homomorphic
4.4.2 Working of RSA Partial
4.4.3 MD5 Hashing Algorithm
4.4.4 Working of MD5
4.5 Implementation
4.6 Snapshot of Model
4.7 Pseudo Code of RSA Homomorphic Encryption Algorithm
4.8 Pseudo Code of MD5 Hashing Technique
4.9 Conclusion
Chapter 5. Experimental Study on Performance Evaluation of Proposed
Ar c hitecture
5.1 Result Analysis
5.2 Triple DES (3 DES)
5.3 SHA (Secure Hash Algorithm)
5.4 Investigation and Analysis Based on Performance Parameters
5.4.1 Experimental Result
5.4.2 File Encryption Time
5.4.3 Graph of Encryption
5.4.4 File Decryption Time
5.4.5 Decryption Graph
5.5 Conclusion
Chapter 6. Conclusion & Future Work
6.1 Summary
6.2 Security Discussion
6.2.1 Confidentiality
6.2.2 Access control
6.2.3 Integrity
6.3 Final Thought
6.4 Future Work
References
Dr. Parashu Ram Pal,obtained Ph.D. in Computer Science. He is working as a Professor in Department of Information Technology, ABES Engineering College, Ghaziabad, India. He has published three books and more than 40 Research Papers in various International, National Journals & Conferences. He is devoted to Education, Research & Development for more than twenty years and always try to create a proper environment for imparting quality education with the spirit of service to the humanity. He believes in motivating the colleagues and students to achiev e excellence in the field of education and research.
Abbildung in dieser Leseprobe nicht enthalten
Dr. Priyanka Oracompleted Masters and Ph.D. in Computer Science. She is working as an Assistant Professor in Department of Computer Science, Medi-Caps University, Indore, India. She has more than six years of academic experience. She published more than 10 Research Papers in various International, National Journals & Conferences. Her area of interests are cloud computing, cyber security, internet of things.
Abbildung in dieser Leseprobe nicht enthalten
From Parashu Ram Pal
A journey is easier when you travel together. Interdependence is certainly more valuable than independence. In this work, I have been accompanied and supported by many people. It is a pleasant aspect that I have now the opportunity to express my gratitude to all of them.
Without the help of a large number of students and my colleagues, this book would never have existed. I would like to thank the editors and reviewers who took the time to read this book and provided with valuable suggestions to Priyanka and me make this book a reality.
The episode of acknowledgement would not complete unless I mention my gratitude to the Management of ABES Engineering College Ghaziabad, who permitted and availed the facilities for my work. I am also thankful to Director, Dean Research & Development, and peoples of ABES Engineering College for their kind cooperation and providing necessary help during my work.
I wish to express my feelings of extreme gratefulness to my parents, my wife beloved Aditi for their continuous moral support, encouragement, inspiration and patience during the period of my work. I owe thanks to my loving daughter Anwesha and son Atharva who missed my company quite often but never complained.
From Priyanka Ora
All praise and Glory is due to God for blessing, leading and strengthening me every single moment of my life. God is always here for me whenever I needed help and guidance.
My deepest gratitude to Dr. Parashu Ram Pal. I am thankful to him for selecting me as a research scholar. His ceaseless support, encouragement and flexibility I shall never forget. I do appreciate his generosity for making time for my questions on any matter. His internal peace and quiet made my life easier during the hard times I passed through. Dr. Pal was always encouraging me and guided me to work more hard. As I proceed in my life, Dr. Pal will always be my mentor and a model of how a successful supervisor should be.
I would like to thank my family firstly My Late Grandfather Senior Advocate, Mr. KesharimalJi Ora and Ms. Kamla Ora for their blessings. I would not be able to reach this milestone without the education that my parents Mr. Vijay Kumar Ora and Ms. Premlata Ora provided for me, along with their boundless advice support and encouragement. I would like to thank my brother Mr. Sourabh Ora, my brother-in-law Ms. Ankita Ora and my cute niece Ms. Anaya Ora to motivate throughout my study.
Abbildung in dieser Leseprobe nicht enthalten
Figure 1.1 Cloud Architecture
Figure 1.2 Cloud Service Provider Architecture
Figure 2.1 Framework of Model
Figure 3.1 Cryptosystem Structure
Figure 4.1 Working Architecture
Figure 4.2 RSA Process
Figure 4.3 Snapshot of Encryption Process
Figure 4.4 Snapshot of Decryption Process
Figure 4.5 Snapshot of Server Login
Figure 4.6 Snapshot of Uploading Data on Cloud
Figure 4.7 Snapshot of Hash Calculation
Figure 4.8 Snapshot of Hash Calculation Result
Figure 4.9 Snapshot of Read Only Access Permission
Figure 4.10 Snapshot of Read &Write Only Access Permission
Figure 4.11 Snapshot of Verification
Figure 4.12 Snapshot of Report Generation
Figure 5.1 Encryption Time Comparison Graph
Figure 5.2 Decryption Time Comparison Graph
Table 1.1 List of Famous Cloud App
Table 1.2 Driver of cloud computing
Table 1.3 Open Cloudware
Table 1.4 Third party Offerings
Table 4.1 MD5 State Variable Initialization
Table 4.2 MD5 Compression Process
Table 5.1 File Encryption Time Table
Table 5.2 File Decryption Time Table
In the period of continuous advancement in software field and widespread use of software product many innovative applications have emerged, cloud computing is one of them. Cloud computing fix up a new trend in the field of information technology. It brings a new revolution in the field of IT industry. Now a day’s people are finding their interest in information sector as many software’s are available for performing their task easily, but the problem with some software is their higher computational cost and installation charges. Here cloud computing brings the change; in cloud computing users need not to install software they just log in the cloud and pay for their required service. It provides the software as well as hardware and resource facility to users with easy accessibility and appropriate amount. In cloud computing many devices are connected via internet to utilize the services of cloud. Any user who wants to use cloud can easily register itself and utilize resources.
As many users are frequently using cloud computing a big question arises here is security of user’s personal data present at cloud. This issue can be explained as user uploads their personal data on cloud, sometimes it may be possible that uploaded data can be accessible by other users. It causes data loss, or it can be possible that data can be modified by other user. Due to this clause users demands for secure cloud environment. Second major security challenge with clouds is data location, the owner of the data may not have control of where the data is located. This is because if any user wants to utilize the benefits of cloud computing, the facility of resource allocation and scheduling must be provided by clouds. Therefore, we need to safeguard the data in the midst of untrusted processes. Due to this reason the popularity of cloud computing is decreasing.
On keeping these issues in mind a security model is designed in this thesis. For achieving data integrity and security cryptographic methods are used. The whole model is divided into three sections one is Data encryption, Second is Secure data storage and Third one is maintenance of Data Integrity. The combinations of cryptographic methods which are used in this model are RSA partial homomorphic and MD5 hashing algorithm. In first section before uploading the file on cloud file is encrypted by RSA Partial Homomorphic algorithm after encryption two keys public and private get generated. Between these two keys public key is known to all but private key is known to only authorize users.
Second section in which data is securely uploaded on cloud. This process can be completed as Data Owner uploads the encrypted file moreover with this one access permission list in which contains names of authorized user and their respective permission is uploaded. In this model two access permission Read Only and Read & Write are defined by data owner. The user having Read Only permission can only Read the data but cannot perform any modifications on it. They get the data in readable format. On the contrary user is having Read & Write permission can perform both the operation on data. That means they can perform read operation and with that they can make modification on the data.
After uploading the file on cloud, third section comes which performs data integrity. After securely storing the data on cloud, cloud provider calculates hash value of uploaded file. Hash value is calculated by MD5 hash algorithm. This calculated hash value is transferred back to the data owner so that in future owner can use it for verification purpose. In future if data owner wants to verify the data they can verify by it easily. This step is performed as matching of hash values. As Owner performs verification hash value of the desired data present at cloud is again calculated. Now this new hash value matches with old hash value which is present at owner end. If this value matches then file on the cloud and file present on data owner is same and no modification is performed on uploaded data, if hash value does not match then some modifications has been performed on the uploaded data.
After uploading the file on cloud this file is visible to all users. They can easily download the file but cannot decrypt it as all users don’t have private key. Private Key is sent to authenticate users by e-mail so that they can get original data. Hence data security is maintained
In this manner by proposing this architecture data security and data integrity is maintained. In this model the whole control of data is in hands of data owner. As cloud also have data in encrypted form. This model tries to increase the adoption level of cloud computing.
For evaluation process the whole architecture is compared with combination of Triple DES and SHA. The result generated by proposed model have shown that it takes less encryption and decryption time as compare to 3DES and SHA combination. Therefore the proposed model provides better security and maintains data integrity of the uploaded data on cloud.
Over the past couple of years many technologies and trends has been evolved in the field of computer science. These technologies have changed our centralized working system to handy and private pc. It has been said that “ The computer industry is the only industry that is more fashion driven than women’s fashion” [3]. Somehow it seems to be true as many computing techniques like Grid, Utility, Elastic and Mobile have been evolved and they are providing variety of services in the growth of Information Technology sector. These computing techniques make the way of sharing data economical and easier for users. Among this computing technique there is one more name added that is cloud computing. Cloud computing can be described as anything people need on internet and get it with the help of cloud. In cloud computing the term cloud is used to denote internet. Cloud computing is not about purchasing hardware or software; It is about receiving IT services as a commodity via internet [56]. Cloud computing is a set of different server and computers which all are assembled in a network region to provide services to its users. It is considered as the ability to use application over internet which stores and protect data while providing services [85]. People can take benefits of Cloud computing by any device just with an internet connection. They normally came across cloud on daily basis like checking emails, downloading of files, sharing of photos on social networking sits etc. All these are activities of cloud computing and it is strange that people are not aware that indirectly they are utilizing the benefits of cloud computing.
Cloud computing can be identify as Disruptive technology because it can completely change the way things are done in IT sector. It brings new innovations and improves the quality of services in IT field. With the help of cloud computing users are able to get flexible IT services and resources. After evolution of this technology its popularity is increasing day by day not only in organization sector but also in research area. At organizational point of view it supports economic savings, resource sharing, easy accessibility, on demand scalability and different services. Many researcher and scientist are finding their research area of interest in cloud computing field which also helps in finding new areas in the development of cloud. The most commonly used services that are provided via the cloud are data storage, application hosting and e- mail. Government organizations and financial institutions are however relatively reluctant to use cloud computing services [56].
Cloud computing is both a business delivery model and an infrastructure management methodology[43].Many Software companies like Amazon, IBM, Sun, EMC, Cisco, Oracle etc. are titans of Cloud computing. They are known as cloud provider. Cloud providers are software companies which offer cloud services to users on the basis of their requirement. Infograph reports that 63% of financial services, 62% of manufacturing, 59% of healthcare, and 51% of transportation industries are using cloud computing services [62].Organizations have an 80/20 ratio between regular IT operations like hardware, software, licensing charge and data centre maintenance with new investment for solving critical business needs, critical for the survival of business in these challenging times [81], This is where cloud comes with its extraordinary pay per use features and solve the complexity of organizations.
In cloud computing the term cloud refers to an IT environment which is planned for the purpose of remotely provisioning scalable and measured IT resources. Cloud computing is a network region that provides remote access to a set of decentralized IT resources. Cloud computing is a model in which hardware, infrastructure, platform and software are delivered as a service rather than a product. The basic idea of cloud computing is to deliver hardware and software resources as services through internet. These resources also include networking, storage space, software system, cooling equipment’s, electricity, firefighting etc. In other words in cloud computing these resources includes applications and services as well as the infrastructure on which they operate. Cloud computing considered as the ability to use application over internet which stores and protect data while providing services. It also minimizes the need for user involvement by making technical details such as software upgrades, licenses and maintenance from its customer.
In cloud computing cloud is used to represent internet in web based architecture. Here Internet provides open access to many web based IT resources and cloud system offer access to IT resources that is metered.
Cloud architecture is a combination of two sections: Front end and Back end. This ends are connected with each other through a network generally internet. In cloud architecture front end is mainly the customer or users. Back end is the main cloud area of system. It includes all the necessary applications and tools that are needed to access cloud. Front end includes client computer and user interface applications. Its back end contains various computers, servers and data storage systems that assemble to create the cloud of computing services. A central server is present to manage the system traffic and administrative task of cloud architecture. It follows a set of rules known as protocols and uses software called middleware. Middleware allows the networked linked computers to communicate with each other.
Abbildung in dieser Leseprobe nicht enthalten
Figure 1.1: Cloud Architecture
Cloud computing provides a wide collection of services to fulfil the requirement of users .On the basis of variety of services they are categorized into three parts namely IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service).Their working are as follows:
Software as a Service is the traditional form of cloud computing. In SaaS an application is hosted by a cloud service provider which is then accessed through internet by user. SaaS is the ultimate form of cloud computing which delivers software/application to user in the form of services. With the help of SaaS user don’t need to purchase/install the software, they just have to subscribe the application and pay the rent for their subscribed application. SaaS provides its services in two forms which are line of business services and customer oriented services. Line of business service is the business solutions offered to companies and enterprises. These services are provided on a subscription basis while customer oriented is for the general public on a subscription basis. Users can utilize SaaS service with the help of web browser or mobile apps. SaaS has solved so many issues related with software like software installation, availability of updated and latest versions of software, Error solving etc. The main feature of SaaS systems is that the API offered to the cloud client is for a complete software service and not programming abstractions or resources [66].Many countries are using Software as a service in the public sector like in NSW Department of Trade and Investment uses Google Docs for email and is implementing SAP Business ByDesign Software as a service solution for its core finance and Human Resource applications [96]. Examples: Salesforce.com, Google docs, Net suite, Cloud Switch, Cloud9analytics, and CloudTran are providers of SaaS.
In this service model platform is provided to users for deployment of their applications. PaaS is a set of services which are provided to developers for building and testing of their app. PaaS is used to develop mobile applications that are maintained by service provider which includes languages, application server and databases. PaaS are normally used by developers, tester, deployers, middleware and application administrator. PaaS gives subscribers access to the components that they require to develop and operate applications over the internet [104].In PaaS users have control over their application deployed but they don’t have control on infrastructure. All the backend objects about setting up servers should be done automatically and transparently in the background by PaaS environment. Example: PaaS is provided by Google App Engine, Amazon, Openstack, and Windows Azure.
This service model provides infrastructure to its consumer. It is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components [48]. This model does not permit sharing of infrastructure with unknown users. It provides resources like CPU, Content Delivery Network (CDN), and Networks etc. Network engineers, system administrator are end users of IaaS. In IaaS users do not have control on the infrastructure but has control over operating systems and applications.
Example: IaaS Provider companies are AT&T, Go Grid, Rackspace, Hp, Eucalyptus. User has to look after many factors while selecting a cloud service provider as it is a challenging task to deal with any cloud provider. Intel provides the technology foundation on which cloud is built [49].
All service providers can be represented jointly in the form of layer architecture. On each layer three providers are present where they perform and transform their task gently. As shown below its bottom layer consist of IaaS, it is the base of layer of architecture. Without IaaS the whole layered architecture cannot be considered. As described above it provides infrastructural resources like CPU, memory, Network, etc. to users. Many companies like Rackspace, Go Grid, and Eucalyptus are the renowned IaaS providers. Its middle layer consists of PaaS i.e. Platform as a Service. Many PaaS platforms are available to permit access to IaaS resources. PaaS supplies users with development and administration platforms that provide on demand access to available hardware resources. PaaS providers are Amazon, Openstack and Windows Azure etc. The upper layer consists of SaaS. They are designed to access hardware resources only through a PaaS layer. Other than that SaaS provides software’s to their clients. Users can also enrich their applications by connecting with SaaS. SaaS providers are Salesforce, Net suite and Google Docs. In this way all the layers of layered architecture are connected and maintained in the layered architecture.
Abbildung in dieser Leseprobe nicht enthalten
Figure 1.2: Cloud Service Provider Structure
This section elaborates how users can deploy or use cloud in different manner. Deploying cloud computing can be differ on the basis of user requirements. On the basis of their different use these deployment models are divided into the following parts.
In this deployment model cloud infrastructure is accessible to public that means anyone can utilize the service of cloud. In this model cloud services are shared in a pay as you go model of payment. In this cloud users don’t have any idea with whom their information is sharing. As it is public accessible users rarely make use of it. The first and most used type of this offering is the Amazon Web Services EC2 [35]. After that many software companies like Google, Microsoft and Salesforce are providing public cloud services to users.
This deployment model is specially managed by a specific organization. The specialty with this cloud is resources are not shared with unknown users. User can utilize cloud resources within the client organization premises or offsite. This model overcomes the problem of security which is faced by user in public cloud. In this type of cloud everyone does not have access to utilize the resources until and unless they registered in the organization. Many software companies are help to build and provide the facility of private cloud. Some of the famous companies which provide services of private cloud are IBM, Sun, Oracle and 3tera.
Hybrid cloud is combination of both public and private cloud within the same network. Each part of a hybrid cloud is connected to the other by a gateway which controls the applications and data that flow from each part to the other [40] .Where private and community clouds are managed, owned, and located on either organization or third party provider side per characteristic, hybrid clouds have these characteristics on both organization and third party provider side [40]. In hybrid cloud private cloud users can store personal information on private cloud and at the same time utilize the benefits of public cloud. Hybrid cloud defines a situation where public and private infrastructures are used in tandem with another [8]. Example of hybrid cloud is ERP in private cloud and email in public cloud. Gartner Predicts that many organization will move from private to hybrid cloud soon and he believes that half of large enterprises will be running hybrid cloud by the end of 2017 [94].
Community cloud is similar to private cloud with only difference that private cloud is owned by a single organization or institute whereas community cloud is managed by multiple organizations. In this model the cloud infrastructure is shared by multiple organizations or institutes that have a shared concern or interest such as compliance considerations or security requirements [31].
Virtual Private Cloud is a private cloud that exists within a shared or public cloud [20]. A VPC leverage virtual private network (VPN) technology that allows cloud service providers to plan their own protocols and security settings. Example: The Amazon VPC allows Amazon EC2 to connect to legacy infrastructure on an IPSec VPN [20].
Cloud has number of special features that makes it unique with other technologies. Following are some important traits of cloud computing:
Cloud computing is flexible in providing its services. At one time it provides software to one user and on the other end it is providing infrastructure to the other. It is very flexible and dynamic in providing its services to users. Users can quickly add or remove users, software features and other resources.
On demand is a basic criterion for any cloud provider. Cloud providers deliver resources whenever users need. From the customer’s point of view resources should be available infinitely i.e. it is the responsibility of cloud provider to satisfy its customer by making resources available. Users can add or delete and change storage network and software as needed. All these facility are just provided with a monthly subscription or a pay for what you use scenario.
In cloud computing resources can be accessed from anywhere and by any device which are accessible through network. It is also known as device independent feature. This feature helps users to utilize the benefits of cloud without any limitation.
Multi tenancy means ability to provide computing services to multiple users by using same infrastructure. By sharing resources and infrastructure multi tenancy reduces cost. Multi tenancy uses the concept of virtualization for maintaining privacy among various users.
Cloud computing grasp many qualities from other computing technologies. One feature of it matches with utility computing. Both the technologies work on the concept of resource usage billing i.e. whatever service or resource customers are using they have to pay a definite amount for that.
Scalability is the art of maintaining system in case of addition of new hardware .i.e. if any hardware is added in the prescribed system then its performance doesn’t hamper. This quality of delivering service and fast user accessibility is maintained by cloud computing at the time of addition of new hardware.
Cloud computing keeps the quality of resiliency i.e. in case of any system failure or node failure it does not destroy the whole network, it immediately overcomes from network failure and keeps system running. Cloud is having disaster recovery capacity. Due to which users will not bother about hardware or system damage.
Although the area of cloud computing is infinite to study and explanation. Some of the important basic concepts which help users and beginners to understand different areas of cloud are explained in this section.
Users come in contact with many terms while using cloud computing. Some of these terms are also known as cloud participants. Cloud model has many participants which are contributing in giving hike to cloud computing. These are as follows:
A provider is responsible to provide everything which a user demands. They provide their services in the form of applications, infrastructure and platform. Many software companies are providing the facility to use cloud services in different sector. These providers are divided into three parts namely SaaS, PaaS, and IaaS. User can differentiate these providers by their service offerings.
They are also known as cloud owners or cloud service owners. Cloud service owners are the individuals or organizations which subscribes cloud services. Cloud consumers opt the services of cloud on the basis of their requirement, Moreover consumer have to pay the charges for their opted services.
It is a third party individual or business which provides a link between cloud provider and cloud consumer. It is also known as cloud agent. It helps cloud consumer to provide the customer with information about how to use cloud .It also helps customers to understand work process, processing needs and data management requirements to give suggestions which service will be good for them. It helps customer in searching their needs and after that it shortlist the names of cloud provider.
Cloud audit is presentations of information about how a cloud service provider adds control frameworks for users [17]. Cloud audit is designed to provide a way to cloud service provider to make their performance and security data readily available for potential customers. Cloud security Alliance released cloud audit as part of a free tool suite for cloud based governance risk and compliance in November 2010. Canvas, AuditFile, CompWALK, Knowledge Vault etc. are some famous cloud audit software’s.
A cloud reseller is a kind of IT service provider that purchase cloud computing products and services from a cloud service provider and resells them to its customer.
It is just like term middleware. It is software which enables creating, running, managing and deploying applications in cloud environment. It is a kind of delivery model which allows users to subscribe any application instead of purchasing.
To ensure guarantees from cloud service providers for service delivery, businesses using cloud computing services typically enter into service level agreements (SLAs) with the cloud service providers [55]. Although these schemes vary between businesses and cloud service providers their varying parameters can be quality of service parameters, level of service of availability etc.
It is an architecture in which applications and application component act as services on internet.
The space where user’s data stored on cloud provider’s infrastructure is known as cloud storage. It is the storage of information online in the cloud. This storage facility is available in four forms personal, public, private and hybrid storage.
Cloud oriented architecture describe the components, procedure and system that make up cloud computing service model or cloud. It can be defined as a model that revolves around all the factors and elements that are included in the cloud environment.
Data centre is a collection of different server. Cloud is also having data centre where applications are hosted and data is stored it is also known as cloud data storage. At data centre applications are installed on one computer and accessible by different servers. Stored data on cloud is available in two forms which are static and dynamic. Static data cannot be altered or edited by user while dynamic data can be altered and modified by the user.
Cloud Bridge is work on the concept of running an application so that its components are integrated within multiple cloud environments.
While using cloud computing users put their trust on different cloud providers. In that situation they must be assured about security of their data by different cloud providers. Although they assure users for security of their data. For evaluating the absurdity provided by cloud provider cloud security standard have been defined. These security standards provide tools to evaluate the security offered by a cloud provider.
NIST abbreviated as National Institute of Standards and Technology. It is a unit of the U.S. Commerce Department, Formerly known as the National Bureau of Standards. NIST Promotes and maintain measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.
The Cloud Security Alliance (CSA), a not-for-profit organization which promotes the use of best practices for providing security assurance within cloud computing [14]. This organization also provides security education and guidance to companies which are implementing cloud. Moreover it also helps vendors to address security in their software delivery model.
The Cloud Customer Standards Council is an end user advocacy group dedicated to accelerating cloud's successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud [16].
Open Grid forum is an open global community which drives many computing technologies like Grid, Cloud and Distributed computing. OGF accomplishes its work through open forums and events that build the community, explore trends, share optimal approaches, document findings and consolidate these results where appropriate into standards [73].
SNIA is an association of storage and information management vendors, channel partners and users who are interested in increasing the use of storage networking and information management within IT community of India [93].
Distributed Management Task Force is an industry standards organization which works to simplify network accessible technologies through open and collaborative efforts by leading technology companies. It implements many technologies like cloud, virtualization network and infrastructure [24].
OASIS is a not-for-profit organization that brings people together to agree on intelligent ways to exchange information over the internet and within organization [72]. Although cloud provider industry has yet to adopt a single standard as the existing range of security standards can be confusing to navigate. This confusion again put the users in dilemma for the security of their data.
Cloud applications are application programs that function in the cloud. These applications are available in Desktop and Web app form. A desktop app resides on a single device and for its access user must have desktop computers while a web app is stored on a remote server and it can be accessible over internet through a browser. This section describes top most companies which deals with cloud computing. This section includes Famous Cloud Applications, Drivers of cloud, Open Cloudware and Third party Offerings.
Cloud computing has evolved so many apps which helps users in different sector to get their job done perfectly. According to [11] here is a list of some famous apps which are used by enterprises. These are described in table 1.1 as follows.
Table 1.1: List of Famous cloud apps
Abbildung in dieser Leseprobe nicht enthalten
Drivers are the component who run or execute any application or system. Same concept is applicable in cloud computing, it also needs some drivers or set up for execution. This section will give a general detail of different cloud drivers. The list of cloud provider shown in the table 1.2 is based on information provided by [52].
Table 1.2: Drivers of cloud computing
Abbildung in dieser Leseprobe nicht enthalten
Cloudware are the middleware which made applications to run or execute easily. Open Cloudware are the application which provide open environment for users to create their applications in cloud environment.
Table 1.3: Open Cloudware
Abbildung in dieser Leseprobe nicht enthalten
In addition to cloud service provider and open cloud ware many companies also offers third party services to users. A third party is an entity which manages and distributes remote, cloud based file or data to customers from a central data centre. Many organizations are available that offers the facility of third party services. The list of some famous third party provider companies which offers third party service is as shown in table 1.4 in the following page.
Table 1.4 Third Party Service Offerings
Abbildung in dieser Leseprobe nicht enthalten
Although the concept of Cloud computing is evolved from different computing technologies. It grasps different features from different computing technologies. It works on the concept of virtualization to achieve or provide utility computing. It shares some aspects of grid computing and cluster computing .The basis of Autonomic computing is its one of the characteristics. The descriptions of all these technologies are as follows:
Grid computing is based on the concept of distributed processing. In grid computing several reliable and unreliable computers or resources are connected in a form of a grid to perform a common task. It is mainly used to solve technical, scientific or organizational problem. Grid computing is all about sharing, aggregating, hosting and offering service across the world for the benefits of mankind [47]. So one can say a grid in need is a grid indeed [47].
Utility computing was firstly proposed in the 1960s by John McCarthy, who envisioned that future organizations would simply log in to a computing grid for computational resources rather than providing their own computing power, just like connecting to an electrical grid, and pay fees based on what is used .It is a model of providing service to the users and pay on the basis of usage. Cloud computing is a realization of utility computing. Users can get the capacity they need whenever they need it, without expending resources and effort to frequently monitor and upgrade capacity [88].
Virtualization is a key enabling technology for cloud computing and scalability [100].Virtualization is a technique to hide the details of physical hardware and provide the applications or services to users. A virtualized server is known as virtual machine which is a common term in cloud computing. Virtualization forms the foundation of cloud computing, as it provides the capability of pooling computing resources from clusters of servers and dynamically assigning or reassigning virtual resources to applications on demand [88].
As its name implies it is a form of providing services to user without any human interference. It was developed by IBM in 2001.It is based on self-management concept. It was designed to reduce the complexity of computer system. Although cloud automatic resource provisioning feature is based on autonomic computing concept. Although cloud computing exhibits certain autonomic features such as automatic resource provisioning, its objective is to lower the resource cost rather than to reduce system complexity [79].
A cluster is a type of parallel and distributed system, which consists of a collection of inter-connected stand-alone computers working together as a single integrated computing resource. Here cluster is a collection of linked computers which are working together and connected by local area network to form a single computer. It gives good facility and availability at low cost. Here more than two computers or servers are connected to solve a single issue.
The concept of cloud computing is evolved from different computing technologies in which initially Grid computing then utility after that Software as a service and at last this evolving session bind up on cloud computing.
Cloud computing is providing many facilities to its end users due to which it is widely used by many organizations. Some of the important benefits are:
In cloud computing users get services at low cost. By providing infrastructure to users move its business risk to infrastructure provider’s which expertise in handling this hardware failure risk.
Cloud computing avoid the complexity of installing the software and maintenance of hardware. It also helps us to utilize the benefits of newly and updated versions of software. Many small apps are also evolving on cloud that helps consumer to work properly.
Cloud computing also opens the way for scholars in research sector. Researcher find a new and innovative field in cloud computing.
Client can easily access cloud by using web services. They are easily accessible through any device with internet connection. These devices can be anything like Smart phones, Laptop, PC’S, and PDA.
Cloud computing provide services in all sector whether it is an application development or platform requirement or infrastructure need, it facilitate the user for any requirement, which in turn almost remove the problem of software piracy because any user can get all types of services.
Cloud computing explore the field of small media enterprises. They don’t have to own infrastructure for their enterprises. They demand and pay for whatever services or resources they want to utilize. Hence cloud brings brighter opportunity for SME to explore their business.
As cloud computing is providing its services at low cost more clients are using this application. Clients are using this service more and more which decrease the rate of software piracy and increase revenue of provider.
On one end cloud computing is providing benefit to its users in every area it also bring some problems with it .A survey by Fujitsu Research Institute reveals that 88% of prospective customers are worried about who has access to their data in the cloud and demand more trustworthiness [34]. Some of the major issues users having with cloud are as follows:
As client uses the services of cloud computing, it gives all access control to the provider. After that they do not know where their data has gone which results in loss of control of data. Although all these agreement does not come under SLA (Service Level Agreement) as a result increase untrust among users. For better understanding one example of SLA’s by providers is:
Google App engine terms of use which require the user to “agree that Google has no responsibility or liability for deletion or failure to store any content and other communications maintained or transmitted through use of the service” [39] . In that situation users didn’t get assure for security of their data.
Due to malicious attack data can be lost. Any accidental deletion by the cloud service provider, or worse, a physical catastrophe such as a fire or earthquake, could lead to the permanent loss of customers’ data unless the provider takes adequate measures to backup data [97].even if we encrypt the data before sending it on cloud and forgot the key then also our data get lost.
Account hacking is not a new term in the field of networking. In cloud if an attacker hack our credentials or opted services then they are able to trace all our cloud activities. They can manipulate our data and misuse it. Our account becomes a new support for the attacker which is a big matter of concern for cloud users.
In April 2010, Amazon experienced a Cross-Site Scripting (XSS) bug that allowed attackers to hijack credentials from the site. In 2009, numerous Amazon systems were hijacked to run Zeus botnet nodes [97].
Although cloud computing is providing many service to its users for which users has to face different interfaces .For example Third party auditor is mostly used for adding service values to customer; in that case if cloud is using un trusted API or TPA then they can harm users private data.
Intruders may use immoral use of cloud computing. For example if user is using any service for trial version CSP ask to fill the general form in which sometimes they ask about their private data like Contact No, Credit card Number, Date of Birth etc. This information may be used by attackers for wicked purpose. In that situation users get worried about using this type of free trial version of services.
The advent of cloud computing in recent years is increased day by day among various organization, institution and IT industry. Cloud Computing offers huge opportunities and provide better services to IT industry. In spite of all these facilities there are many key challenges has come up with cloud computing like Security, Data accessibility and Data availability.
Although cloud computing brings a dynamic trend in technology field. It brings new innovation and open for research as it is providing many facility to user but somehow it also comes up with its drawback. The major drawback with it is security. Although many solutions has been As users phases many issues while using cloud computing .The main issue which users are facing is of security. Due to this issues the adoption level of cloud computing is decreasing. So for increasing the adoption level of cloud computing a solution is proposed in this thesis. In this architecture a security framework is designed in which cryptographic algorithm is used. In this system before sending data into cloud server it is encrypted with RSA partial homomorphic algorithm. After generation of public key and private key of the encrypted data it is then send to cloud server. At cloud end only the authorized users can access the data. The list of authorized users is also send by sender at the time of uploading of data. In this way security of data at cloud is maintained. In this way this architecture is able to provide the following.
The aforementioned system is having some genuine problems. The main issue with it is that data stored in third party auditor like the cloud might not be secure in that situation client cannot trust the cloud service provider to store its data on cloud. The problem with this approach is that TPA is the central and independent component in case any unusual activity in TPA may harm the cloud system .Extra hardware is required in special cases of TPA. It has high computational cost. If at one point we can consider this issue and use TPA but one more and major problem with TPA is that we cannot share file between cloud users.
In this book a solution is provided so that adoption level of cloud computing get increased. Data integrity and security is maintained up to some level. Without using TPA cryptographic algorithms is used to secure the data. Only authorized users can access the data.
In this chapter the concept of thesis is explained, moreover the basic concepts of cloud computing, working architecture, and the basic issues related with cloud are explained. The Classification of cloud on the basis of different level and their related terms are defined. Different famous apps and service offerings are described in this chapter. The technologies which are interrelated with cloud are also defined in this section. In the end this chapter concludes with contribution and roadmap of the thesis.
Although Cloud computing is providing flexible environment to fulfil the need of users but users are facing some issues while using cloud. These issues affect the adoption of cloud computing. In this chapter Definition of cloud computing by different researcher is discussed moreover this chapter also contains review of different research papers which are collection of cloud security issues and cloud security solutions by different researcher.
Every IT professionals have their opinion on cloud computing. Some of the standard definitions by different organizations and practitioners are as follows:
National Institute of Standards and Technology (NIST) defines cloud computing as “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” [78].It is a service oriented approach in distributed computing wherein vendors rent resource to users on pay per use basis.
A style of computing where massively scalable IT-related capabilities are provided “as a service” using Internet technologies to connect multiple external customers [36]. A cloud is an elastic execution environment of resources involving multiple stack holders and provided a metered service at multiple granularities for a specified level of quality of service [89].
IBM defined Cloud computing as the delivery of on-demand computing resources everything from applications to data centres over the Internet on a pay-for-use basis [44].
Cloud computing refers to the practice of using a network of remote server to store, manage and process data rather than a local server or a personal computer [71].
Cloud computing is a way of delivering IT enabled capabilities to users in the form of 'services' with elasticity and scalability, where users can make use of resources, platform, or software without having to possess and manage the underlying complexity of the technology [15].
According to [42] Cloud computing means storing and accessing data and programs over internet instead of computer’s hard drive. It is just a metaphor for the internet. It goes back to the days of flowcharts and presentations that would represent the gigantic server-farm infrastructure of the internet as nothing but a puffy, white cumulonimbus cloud, accepting connections and doling out information as it floats.
According to [28], the cloud is also not about having a dedicated network attached storage (NAS) hardware or server in residence. Storing data on a home or office network does not count as utilizing the cloud.
Cloud computing is the ability and capability to leverage a pool of resources to deliver applications and services. It is about delivering IT as a service. It is an idea of managing applications and services at a specific level [27].
Cloud computing is a catch all term for the delivery of applications, storage or other computing resources over the internet. It marks a fundamental shift in the way IT services are delivered in the way of location and pricing [7].
Cloud computing is an IT deployment model which works on the principal of virtualization. In cloud computing resources are deployed through internet as distributed service by service providers. These services are provided on demand and can be priced on a pay per use basis [60].
So this section cover ups different definition of cloud computing. It is complicated to define cloud computing in one proper definition. On the basis of above definitions cloud computing can be defined as a computing model which provides its services on the basis user’s needs.
Although cloud computing is very popular and useful concept in IT sector but it also comes up with some adoption issues which are majorly related with security of data. Some of the major security issues that are identified by different researchers are as follows:
Frederick R. Carlson [33] analyses the baseline of security on the basis of threats, vulnerabilities and impacts. Their analysis part assets are divided into four categories which are people, process/operation and technical. They find out different types of threats and vulnerabilities issues. The impact factor of this issues are calculated on the basis of their risk level. At the end on the basis of risk level three issues are find out which are conflicts between customer procedure and cloud provider ,physical theft and malicious insider are find out that can be solved at organizational management level.
Deyan Chen et al. [22] has discussed major data security and privacy protection issues in cloud computing. Some of the major security accidents which was faced by Amazon in 2009 and Microsoft Azure while using cloud computing is also discussed in this paper. They discuss the data privacy issues based on data life cycle. This paper describes the importance of data security in each step of data life cycle. On behalf of all issues security solutions like fully homomorphic encryption scheme, Airavat is suggested but again the problem which arises in this solution is of key management. In future a security designed model which contains a set of unified identity management and privacy protection frameworks is suggested to improve the adoption process.
Nelson Gonzalez et al. [68] has identified all security issues of cloud computing which is then sub grouped into their related classification. Each and every classification contains its sub domain parts. After the classification security taxonomy is created that contains a hierarchal classification of cloud security issues. Three groups are created in this taxonomy which are privacy, architecture and compliance. The architecture contain network security, interfaces and virtualization issues. The compliance contains responsibilities towards services and providers. The privacy includes data security issues. After discussing all this issues a deep analysis of different research paper that contains security problems is discussed. Three major problems legal issues, compliance and loss of control over data are identified. Some major entities like ENISA, CSA, NIST and CPNI constantly post their views. At the end the paper is concluded on a test based on Openstack for researchers related to identity and credentials management in the cloud environment.
Jeffery Shafer [51] has describe the importance of virtualization in the domain of cloud computing. This paper gives an overview on an open source frame work eucalyptus that gives user the facility to create private cloud. In this paper on eucalyptus private cloud virtualization bottleneck is checked under different areas like network, storage performance etc. KVM and Xen server is used for observation. In the end the paper is concluded with a bottleneck in virtualization with KVM and Xen server.
Some of the solutions which are helpful in solving security issue are as follows:
Rana M [82] has initially described about cloud computing fundamentals later she described how we can secure our data with TPA (Third party auditor). The main problem which was faced by user while using TPA are high computational cost etc. after that it describe about how we can keep our data secure without using TPA. In this structure three basic entities Data owner, Cloud server and User are described .Data owner encrypt the data using Asymmetric and symmetric algorithm and after generating its hash key upload the data on cloud server. It also gives the access permission list of user to cloud server. Cloud server decrypt the data using symmetric and asymmetric algorithm .As user requires data they decrypt the data by using their private key.
[...]
