The Issues In Cloud Data Security Author

Published Date: 02 Nov 2017

Abstract— Cloud computing is one of the most fascinating technologies which attract the users to outsource their data from local to remote cloud servers using Internet. A large number of cryptographic schemes are available to encrypt the sensitive information and to protect data. Even though it protects the data but it limits the functionality of the cloud storage. This paper focuses on investigation of cloud data security and its issues. Cloud Computing is one of the most influential technology in the IT industry in recent years. In Cloud , the computing infrastructures (Hardware and Software) are provided as services over the internet in pay-as-you-use basis. The outsourced sensitive data an cloud servers are not within the same trusted domain as data owners. For securing these sensitive user data in cloud server, at present many cryptographic solutions are available. However, these solutions have computation overhead, key distribution and data management for providing secure, scalable and fine-grained data access control in cloud computing. This paper presents the analysis on various cloud data security issues available.

Keywords--- Cloud Computing, Outsourcing data, Encryption

Introduction

Cloud computing provides the next generation of internet based, highly scalable distributed computing systems in which computational resources are offered 'as a service'. The third party, on-demand, self-service, pay-per-use and seamlessly scalable computing resources and services offered by the cloud paradigm promise to reduce capital as well as operational expenditures for hardware and software. Despite the potential benefits and revenues that could be gained from the cloud computing model, the model still has a lot of open issues that impact the model creditability and pervasiveness. Vendor lock-in, multi-tenancy and isolation, data management, service portability, elasticity engines, SLA management, and cloud security are well known open research problems in the cloud computing model [1].

Cloud computing exhibit five essential characteristics defined by NIST (National Institute of Standards and Technology) [2, 3].

On-demand self-service. A consumer can unilaterally provision computing capabilities.

Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms.

Resource pooling. The provider’s computing resources are pooled to serve multiple consumers, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in.

Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service.

The data stored in a cloud database is considered as data outsourcing, since they are managed by an external party [4]. Among various kinds of cloud computing services, have especially seen the dramatic growth of cloud storage services, with which enterprises outsource their data into cloud environment for location independent resource pooling, rapid resource elasticity and usage-based pricing. For example, cloud storage services such as Microsoft’s Azure storage and Amazon’s S3 have gained a lot of popularity recently.

Cloud computing is consider as the fifth utility after the other four utilities (water, gas, electricity and telephone). The major benefit of the cloud computing is which reduces cost and capital expenditures, increased operational efficiencies, scalability, flexibility, immediate time to market and so on. Cloud computing has three important service models, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS).

Commercial cloud computing systems are built at different levels. Example shown as in Table I.

TABLE I

IaaS

PaaS

SaaS

Amazon's Ec2 [2]

Google App Engine [5]

Google's Apps [6]

Amazon's S3 [3]

Yahoo Pig

Salesforce's

IBM's Blue Cloud [4]

 

Customer Relation Management System (CRM)

As more and more enterprises jump onto the cloud computing bandwagon, security implications of moving services or infrastructure to the cloud need serious consideration. Small and medium businesses that typically cannot afford to devote resources to address security issues can benefit from the security solution applied by cloud providers. In order that the cloud is well accepted by organizations, security concerns of both data owners and end users need to be addressed. Moving into the cloud exposes both challenges and opportunities. Although the clouds centralized data model makes it convenient to monitor access to data, it also exposes the risk of a comprehensive data theft [5]. Further, organizations have to trust a third party vendor with their applications and data. This loss of control over data traditionally maintained in-house, introduces some new security management challenges. In addition, the notion of unlimited resources in the cloud is possible through resource sharing. This multitenant nature of the cloud where tenants share resources introduces new privacy concerns as the traditional network firewalls and secure socket layers cannot be a security shield in the cloud. In the cloud, a business’s data is typically stored on a virtual machine, which is probably running on a server with other virtual machines some of which could potentially be malicious. In addition, cloud data is accessed via the Internet, which guarantees security only to a certain level.

With an avalanche rise towards the deployment of Cloud Computing, the ever consistent security and privacy issues have become more sophisticated, more distributed in the sense that the user section for such services is growing by leaps and bounds [6,7]. With the increase of on-demand application usage, the potential of cyber attacks also increases. Individual users have to frequently provide online information about their identification, and these could be used by attackers for identity theft. In order to maintain various security and privacy issues like: confidentiality, operational integrity, disaster recovery and identity management, following schemes should be deployed at least to ensure data security [8] to some extent like:

An encryption scheme to ensure data security in a highly interfering environment maintaining security standards against popular threats and data storage security.

The Service Providers should be given limited access to the data, just to manage it without being able to see what exactly the data is.

Stringent access controls to prevent unauthorized and illegal access to the servers controlling the network.

Data backup and redundant data storage to make data retrieval easy due to any type of loss unlike the recent breakdown issues with the Amazon cloud.

Distributed identity management and user security is to be maintained by using either Lightweight Directory Access Protocol (LDAP), or published APIs (Application Programming Interfaces) to connect into identity systems.

An important aspect of cloud computing is that it does give rise to a number of security threats from the perspective of data security for a couple of reasons. Firstly, the traditional techniques cannot be adopted as these have become quite obsolete with respect to the ever evolving security threats and also to avoid data loss in a cloud computing environment. The second issue is that the data stored in the cloud is accessed a large number of times and is often subject to different types of changes. This may comprise of bank accounts, passwords and highly confidential files not to be read by someone else apart from the owner. Hence, even a small slip may result in loss of data security.

Literature Survey

Secure and dependable storage services in Cloud Computing(2011)

Cloud storage enables users to remotely store their data and enjoy the on-demand high quality cloud applications without the burden of local hardware and software management. Though the benefits are clear, such a service is also relinquishing user’s physical possession of their outsourced data, which inevitably poses new security risks towards the correctness of the data in cloud. This paper proposes a distributed storage integrity auditing mechanism, utilizing the homomorphism token and distributed erasure coded data [9]. The proposed design allows users to audit the cloud storage with very lightweight communication and computation cost. The auditing result not only ensures strong cloud storage correctness guarantee, but also simultaneously achieves fast data error localization i.e., the identification of misbehaving server. Lightweight communication and computation cost, Data are stored redundantly across multiple physical servers, Erasure-Correcting code is used to provide redundancies and guarantees the data dependability against byzantine failures and Identifies misbehaving servers are some of the main advantages of this cloud security framework. Light overhead is the main disadvantage of this cloud security model.

Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing(2011)

This work ensuring the integrity of data storage in Cloud Computing. In particular, consider the task of third party auditor (TPA) to verify the integrity of the dynamic data stored in the cloud behalf of cloud clients. TPA eliminates the involvement of the client through auditing of whether his data stored in the cloud are indeed intact, which intern achieves economies for Cloud Computing. The support for data dynamics via data operation, such as block modification, insertion, and deletion, is also a significant step toward practicality, since services in Cloud Computing are not limited to archive or backup data only. Explore the problem of providing simultaneous public audit ability and data dynamics for remote data integrity check in Cloud Computing. The construction is deliberately designed to meet these two important goals while efficiency being kept closely in mind [10]. To achieve efficient data dynamics, improve the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication. For supporting efficient handling of multiple auditing tasks, further explore the technique of bilinear aggregate signature to extend main result into a multiuser setting. Example TPA perform multiple auditing tasks simultaneously. Performance analysis and extensive security shows that the proposed scheme is highly secure and efficient.

A Privacy-Preserving Remote Data Integrity Checking Protocol with Data Dynamics and Public Verifiability(2011)

Storing data in the cloud has become a trend. An increasing number of clients store their important data in remote servers in the cloud, without leaving a copy in their local computers. Sometimes the data stored in the cloud is so important that the clients must ensure it is not lost or corrupted. While it is easy to check data integrity after completely downloading the data to be checked, downloading large amounts of data just for checking data integrity is a waste of communication bandwidth. In this paper propose a new remote data integrity checking protocol for cloud storage. The proposed protocol is suitable for providing integrity protection of customers’ important data. The proposed protocol supports data insertion, modification and deletion at the block level, and also supports public verifiability [11]. The proposed protocol is proved to be secure against an untrusted server. It is also private against third party verifiers. Both theoretical analysis and experimental results demonstrate that the proposed protocol has very good efficiency in the aspects of communication, computation and storage costs.

A Secure Erasure Code-Based Cloud Storage System with Secure Data Forwarding(2012)

A cloud storage system consists of collection of storage servers which provides long-term storage services over the Internet. Storing data in a third party’s cloud system causes serious fear over data confidentiality. Encryption schemes protect data confidentiality, other than there is limit in the functionality of the storage system because a few operations are supported over encrypted data. Constructing a secure storage system with multiple support functions is challenging when the storage system is distributed and has no central authority. This paper consider a cloud storage system consists of storage servers and key servers. Which integrate a newly proposed threshold proxy re-encryption scheme and erasure codes over exponents. The threshold proxy re-encryption scheme supports encoding, forwarding, and partial decryption operations in a distributed way. To decrypt a message of k blocks that are encrypted and encoded to n codeword symbols, each key server only has to partially decrypt two codeword symbols in the system [12]. By using the threshold proxy re-encryption scheme, present a secure cloud storage system that provides secure data storage and secure data forwarding functionality in a decentralized structure. Moreover, each storage server independently performs encoding and re-encryption and each key server independently perform partial decryption. The storage servers act as storage nodes in a content addressable storage system for storing content addressable blocks. The key servers act as access nodes for providing a front-end layer such as a traditional file system interface.

Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing(2010)

This paper proposed services for data security and access control when users share sensitive data on cloud for sharing. This paper addresses this open issue by defining and enforcing access policies based on data attributes and allowing the data owner to allot most of the computation tasks involved in fine grained data access control to entrusted cloud servers without disclose the underlying data contents [13]. This scheme enables the data owner to delegate tasks of data file re-encryption and user secret key update to cloud servers without disclosing data contents or user access privilege information. In this paper propose a scheme to achieve this goal by exploiting KPABE and uniquely combining it with techniques of proxy re-encryption and lazy re-encryption. Moreover, the proposed scheme can enable the data owner to delegate most of computation overhead to powerful cloud servers. Confidentiality of user access privilege and user secret key accountability can be achieved. Formal security proofs show that the proposed scheme is secure under standard cryptographic models.

Cloud Security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks

Cloud computing is still in its infancy in regards to its software as services (SAS), web services, utility computing and platform as services (PAS). All of these have remained individualized systems that you still need to plug into, even though these systems are heading towards full integration. One of the most serious threats to cloud computing itself comes from HTTP Denial of Service or XML-Based Denial of Service attacks. These types of attacks are simple and easy to implement by the attacker, but to security experts they are twice as difficult to stop. In this paper, recreate some of the current attacks that attackers may initiate as HTTP and XML. HTTP-DoS (H-DoS) attack is potentially lethal to cloud computing because it relies on HTTP to communicate with itself and other cloud systems. As shown in this paper, demonstrated how such an attack can take place using the same scenario that brought down the pro-Iranian websites and how it can be done within a cloud (for example, by a vindictive employee) or outside of the cloud system (for example, Bragging Rights) [14]. Also covered another attack called Xml-Based Denial of Service (X-DoS), which is another lethal attack aimed at the services the cloud provides. To defend against such attacks, brought forward the SOTA model and implemented it on a cloud system, which is called a Cloud TraceBack (CTB). CTB demonstrated that it can be used in an actual X-DoS attack so the cloud victim could trace the attack back to the source. Results showed that CTB is able to find the source of an attack within a matter of seconds.

Collaboration-Based Cloud Computing Security Management Framework

Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms’ security. However, such standards are still far from covering the full complexity of the cloud computing model [15]. In this paper introduced a collaboration-based security management framework for the cloud computing model. The framework introduces an alignment of the NISTFISMA standard to fit with the cloud computing model. Use the existing security automation efforts such as CPE, CWE, CVE and CAPEC to facilitate the cloud services Security Management Process (SMP). Evaluate the proposed framework by using it to model and secure a multitenant SaaS application with two different tenants. The framework can be used by cloud providers to manage their cloud platforms, by cloud consumers to manage their cloud hosted assets, and as a security-as-a-service to help cloud consumers in outsourcing their internal SMP to the cloud.

The Security of Cloud Computing System enabled by Trusted Computing Technology

Cloud computing provides people the way to share distributed resources and services that belong to different organizations or sites. Since cloud computing share distributed resources via the network in the open environment, thus it makes security problems important for us to develop the cloud computing application. The advantages of proposed approach are to extend the trusted computing technology into the cloud computing environment to achieve the trusted computing requirements for the cloud computing and then fulfill the trusted cloud computing [16]. TCP is used as the hardware base for the cloud computing system. In the proposed design, TCP provides cloud computing system some important security functions, such authentication, communication security and data protection. Related methods for these implementations are proposed. The TCP provides cloud computing a secure base for achieve trusted computing. But how to integrate well these hardware modules with cloud computing system is a challenging work and need more deep research. Now develop a new model system of trusted cloud computing, which is based on the trusted computing platform and can provide flexible security services for users. Make the actual design more practical and operational in the future.

Data Outsourcing in Cloud Environments: A Privacy Preserving Approach

With the increasing cost of maintaining IT centers, organizations are looking into outsourcing their storage and computational needs to a cloud server. However, such outsourcing has also raised the more serious issue of data privacy. In this paper, Sayi et al [17] summarized their work in privacy-preserving data outsourcing. In particular, the author discussed the issue of employing vertical fragmentation to a relation so that the fragment that is assigned to the cloud server contains maximum data without violating privacy. Here, privacy is expressed in terms of a set of confidentiality constraints. The author represented the confidentiality constraints as a graph where the nodes are the attributes and links represent paired confidentiality. The author then applied the graph coloring problem with two colors for the cyclic portion of the graph. The author used some heuristic to eliminate the cycles, and complete the coloring of all nodes. Currently the author extending the work to multiple relations and constraints with multiple attributes in a constraint (i.e., triplet, quadruplet, etc.) instead of just pairs.

Privacy Enhanced Data Outsourcing in the Cloud;;

Securing outsourcing data in cloud computing is a challenging problem, since a cloud environment cannot be considered to be trusted. The situation becomes even more challenging when outsourced data sources in a cloud environment are managed by multiple outsourcers who hold different access rights. In this paper, Miao Zhou et al, [18] introduced an efficient and novel tree-based key management scheme that allows a data source to be accessed by multiple parties who hold different rights. The author ensured that the database remains secure, while some selected data sources can be securely shared with other authorized parties.

This approach is more efficient and different from other approaches since it is based on novel tree-based key management scheme that allows a data source to be accessed by multiple parties.

Problems And Directions

It is obvious from the above discussion that cloud data security has always been an important aspect of quality of service in the cloud environment. A number of cryptographic techniques have been used for the purpose of cloud data security.

Traditional cryptographic primitives for the purpose of data security protection cannot be directly adopted due to the user’s loss control of data under cloud computing. Therefore verification of correct data storage in the cloud must be conducted without explicit knowledge of the whole data. Considering various kinds of data for each user stored in the cloud and the demand of long term continuous assurance of the data safety, the problem of verifying correctness of data storage in the cloud becomes even more challenging.

The main problems in the existing approaches are that

The communication traffic between the user and storage servers is high.

The user has to manage their cryptographic keys. If the user’s cryptographic keys is lost or compromised, security problem will arise.

It is very hard for storage servers to directly support other functions excluding data storing and retrieving.

Storage servers cannot directly forward a user’s messages from one person to another person. However the owner of the message is responsible for message decryption and also forwarding the same.

Data security required in cloud environment is data confidentiality to outsiders, including the cloud providers and their competitors. Data confidentiality alone is not the security requirement. Flexible and fine-grained access control is also desired in the service-oriented cloud computing model. Hence the outsourced data are generally encrypted so that only authorized users can access them. Generally, these outsourced data consist of many data blocks, hence the management of encryption keys is a major challenge.

Tree-based key management schemes are observed to provide better results for managing the encryption key. Compared with the other cryptographic techniques, this key management provide better security for the outsourced data.

Novel encryption algorithms with reduced encryption time utilized for cloud data security are required to protect outsourced data in a cloud in a more efficient way.

Conclusion

This paper clearly discusses the various available cloud data security techniques and also analysis various security issues, characteristics features and working of the existing techniques. This investigation would be a motivation for research scholars to carry out their research work in cloud data security. It has been observed that, a number of cryptographic techniques have been presented to provide security and authentication to the cloud data. But, still there is space available for improvement. Key management system is observed to provide significant performance in the cloud data security. Novel encryption algorithms have to be utilized for providing cloud security. Thus, more efficient encryption techniques have to be developed which reduce the time needed for encryption and decryption.