The Arrangement For Cloud Computing

Published Date: 02 Nov 2017

In this section, we present a framework that has been structured to offer absolute solutions to preserve the integrity, confidentiality and authenticity of data and communications. We applied multiple techniques and mechanisms such as verification of the digital signature and double authentication to protect the critical data from unauthorized users.

The system consists of three main parties:

Cloud Provider: who manages, provides cloud storage services and has high computation power.

Data Owner: organizations or an individual customer who has vast data files to be stored in the cloud storage.

User: who will register with data owner and uses or shares a data stored on cloud storage. The user has limitation right to use data files.

In proposed model as shown in Fig 2, when a user wants to access the data stored in the cloud, first of all needs to register with the data owner by getting a valid username and password through the application interface. Next the Data Owner sends authentication message (User name and Password) to the user. At the end the owner forwards the registered ID to cloud to store it within the user directory of the authentication server.

The abstract flaw in Fig 3 illustrated the interaction between the four parties and it consists of the following steps

Secure travelling of data on the network is a tough and highly complex issue, while the data threat is continuously raising and improving. In the cloud environment it does not only require traffic protection in addition secure way of communication also essential [4]. To prevent the loss of data in transition, SSL (Secure Socket Layer) protocol in our model is used. SSL generates end-to-end encryption by interacting between applications and the TCP/IP protocols to present authentication and an encrypted communications between User-Server. SSL protocol is available into every web browser, so do not require any special software to install in the user system. To create secure communication first the data server sends the identification information to the user just after the connection creates then sends the user a copy of its SSL certificate. The user verifies the certificate and replies to the data server. The data sever sends back a token to build SSL session.

When the data reside in a cloud database, all the management and responsibility are by service provider. Assume that, the data in a cloud database are secure from any external party, as the service provider uses strict security roles to protect his environment. The service provider can oppose the data owner. As the data in a cloud is not in the direct control of the owner, any harm can be possible by cloud service provider. So the service provider cannot be fully trusted. For this problem the best solution applied in proposed model is encryption of data before storing in the cloud. Integrity, confidentiality and privacy of data can be protected through encryption [4]. SSL protocol as we explained in previous section encrypts the data and builds private and secure communication over the public internet.

The data in the cloud is always vulnerable and under the threat of being interfered by any attack. As all the precautionary methods such as double authentication, data encryption and using SSL protocol in the proposed model to not allow anyone interfere to the data at transition time. The model has one more parameter called as Secure Deliver Report (SDR). Firstly SDR generates by the data owner before send the data to cloud, the owner keep the SDR in his memory. On another side, when the user receives the data can generate the SDR of received data and sends it to the data owner, the data owner can compare the new SDR with the original one that he has. If both the SDR are same, the user is assured the data has not been interfered. In case the owner gets that the SDRs are not same, he generates a message to cloud to resend the data file to the same user. As shown in Fig 4.

Authentication is required in cloud computing to restrict the boundary of access for unauthorized user [40]. Therefore, if any user looses or accidentally discloses his\her user ID and password to any illegal user, it can make problems for data privacy. To protect the data, we inserted an additional parameter, which is must to pass in order to access the data in the cloud database. In this step the system asks a security question whose answer is known only to the authorized user. So this security parameter can control the access of the unauthorized person to the data.

The user sends the user ID and password to the data owner. First level of authentication.

The user replies the security question provided by data owner. Second level of authentication.

The data owner redirect the user ID and digital signature to Authentication server, therefore cloud will be sure that the owner let user access of data.

The Authentication server validates the user approval and authorization grant. It also validates that the user is a trusted entity by data server and issues access permission.

The Authentication server forwards the digital signature to the user. Then the user can use it as an authentication token.

The user afterwards sends the search request and asks for protected resources by presenting digital signature to Data server.

The Data server responds to the search request and delivers the search result to the user.

The user generates a request to the data server for retrieving the encrypted data.

Afterwards the Data server sends back the requested data along with the decryption key to the user.