“Overview and Analysis on Secure Storage Techniques in Cloud Computation Environments”

Abstract

Cloud computing is a type of environment where resources and information are provided as a service on demand over the internet. No matter what location you are on, you can access resources placed on cloud at any time this platform has also provided benefit in the form of cloud storage services. Cloud storage services provide users with ease of access and reduce maintenance and software costs, they are scalable and easy to use without being expensive. The security of the data placed over the cloud is a big concern because ease of placing data online comes with a great threat of security and vulnerability of being hacked. Cloud data security is a big concern of the larger organizations to enter in the cloud environments. In this research we have targeted one of the most vital phenomena of cloud data storage, we have surveyed different cloud data storage techniques, frameworks and their pros and cons. We have also discussed the challenges that are required to implement secure data storage in cloud. This research will provide a basis on assessing the current work on secure data storage on cloud as well as help in implementing future data security techniques.

1.      Introduction

In cloud computing the services are provided by distributed hosting companies using the internet. The cloud services are divided into three brought categories, i.e. deploying software as a service, infrastructure and software as services. The core point of interest in cloud based software development is data management and security. Cloud computing is an emerging field because of its flexibility and versatility of services. Clouds services are used in a variety of computational fields. Clouds are categorized in to public or private clouds. The public clouds provide services to any customer which wants to get their services over the internet. While the private clouds are the providers of the services to specific customers. The biggest advantage of the use of the cloud services is the saving of capital investment. The organizations don’t have to invest for the purchase of expensive servers; they just require connecting through internet to the cloud server. Now the services can be availed as and when required. Clouds provide services on demand. The cost is the amount of usage of the resource and the time to which that resource was used. Cloud computing is building new horizons for the new era of computing. CIO Vivek Kundra [1] stressed on the data security in cloud is one of the prime concerns in cloud environments. The prime advantage of moving to cloud is its flexibility of use, users can access sources using requests and the host on cloud full fill the requests. There are three different categories of cloud services. Software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS). Companies move into cloud because it allows the users to access cloud applications anytime anywhere by using internet. Cloud provide its users flexibility to use resources on demand, recovery from disaster, pay as much as you use as well as cost reduction.

1.1 Use of Cloud Services

The cloud networks are getting the hype because they are flexible in their implementation. They can adjust themselves as and when needed, in the normal demand times they work fine. And if the work load is increased suddenly the resources can be allocated with in short interval of time. The cost of the clouds depends upon the amount of usage of the resources and for what time. There is an example of EC2 which is of Amazon Company; it provides powerful server instances in seconds on demand. So there is flexibility to the users to accomplish their tasks, and plan their work accordingly. Another advantage and flexibility of the clouds is that when we are using a powerful server instance for our software development need, then the instance will be provided. If at the same time the instance is no longer required by the developer, the server will be off loaded. Now the cost of that particular server will be charged with reference to the time the server was allotted to the customer.

1.2 Data Access on Cloud

Data access is connected with the users who can access the data. The data is accessed in levels, and the level of access of the data fine granularity to be attained is also described in the access mechanism. The access rights are also connected with this particular field. The access rights allotment and reviewing is also described in this phase.

The security module contains the security requirements for the services on the clouds. The security of the system when they are interfaced with other systems, the safety requirements for the system are also discussed in this module.

The ease of use and cheap cost of using hosted services over clouds relate some drawbacks with them. It is not that easy to go over internet and start using cloud services. There are some areas which need to be addressed before using cloud services. Data management is an issue which has to be solved. Using good data management plans we can overcome these issues and can get benefit from this advanced field. Moving data to public clouds pose certain threats to companies who want to put data in public clouds. These threats comprise of security, as well as some data legality issues posed by the data owners on which some companies operate.

2.      Related Work

Cloud computing is an emerging field because of its flexibility and versatility of services. Clouds services are used in a variety of computational fields. Clouds are categorized in to public or private clouds. The public clouds provide services to any customer which wants to get their services over the internet. While the private clouds are the providers of the services to specific customers. The biggest advantage of the use of the cloud services is the saving of capital investment. The organizations don’t have to invest for the purchase of expensive servers; they just require connecting through internet to the cloud server. Now the services can be availed as and when required. Clouds provide services on demand. The cost is the amount of usage of the resource and the time to which that resource was used. Cloud computing is building new horizons for the new era of computing.

Data retrieve ability was suggested by [2] in their research work in which a client can check whether his data is intact or not. Some authentication information is ensemble in the data in random spots. This information is entirely not related with the data and it is randomly generated. The cloud administration services also not know the position of the data. When user want to check the authentication of the data, it requests the cloud for sending back its data, this data is compared with the original data and checked whether it is persistent or not. However there is a major drawback of using this technique that the user have the limitation of using the authentication data for a finite number of times. In another work in the field of secure data management Ateniese et al [3] proposed the concept of data verifiable data possession. In this work authors have used homomorphic data authentication for data security. A computation process is done on data blocks in such a way that new calculation can be done on a group of data blocks from the exact calculation on their calculation. The auditing process can be done by requesting the cloud to send back the calculation of some arbitrarily chosen data blocks and authentication of calculated results. If the calculated authentication is right than the data stored on cloud is in its original form. On the other hand if the authentication don’t match with the data, the data stored is not intact. In [4] authors have proposed a cloud storage system that integrates storage resources provided by multiple hosts in order to get security, redundancy and ease of access to the data. Their provided system covers all the storage services that are needed by a client over the cloud. They have implemented their work as a NubiSave user friendly cloud data storage controller that can run on all types of consumer environments. They have validated their system by deploying it on a real word scenario with commercial and cloud data storage providers. In [6] authors have proposed a security technique in which data integrity is maintained. In this technique whenever data is changed, the user is aware of those changes. For authorize access control, Kerberos authentication technique is used. This technique is also applicable where data is stored even on untrusted storage. Authors had performed different attack experiments to check the validity of the technique. In [7] authors have suggested that owners of the data and the server storing the data belongs to the equal trust domain. However it is not true because in cloud computing data and cloud providers are on two diverse trust domains. The services in cloud are provided by commercial service providers that are most of the times out of cloud trust domain. Public clouds provide services open to all over the internet and any user can use these services by living in the limits of the services providers.

In this section we present a comparison of the data storage techniques, their methodologies and their advantages as well as disadvantages.

Table 01: Comparison of data storage techniques and methodologies

Sr.	Technique	Methodology	Pros	Cons
1.	Storage security for online data	Data partitioning technique	No information can be extracted from partitioned data	Difficult to store data destination on servers
2.	Authentication using identity	Authentication protocol using identity based on hierarchical model	Seamless working and alterable	Only used of certified communication
3.	Third Party Auditing [9]	Implementation of BLS algorithm for storage security	Auditing can be performed on multiple users at the same time	It is unable to have support verification at public and dynamic data correction
4.	Fuzzy deduplication [5]	Data is encrypted using fuzzy image deduplication	Provides low bandwidth implementation and optimizes storage	Contains high risk of data lost if the encrypted image changes
5.	Ontology for cloud storage services using NubiSave [4]	Combine resources from multiple hosts	Provides redundancy, security and availability	It faces scalability issues if deployed in large clouds
6.	Kerberos Technique[6]	Access control technique that provide security for data providers and cloud owners	Data can be protected from malicious nodes	Provides security with major attack scenarios, uncommon situations are not handled
7.	Implicit Data Security [8]	Data partitioning and saving on multiple servers	Simplest technique and reduce cost of overheads of encryption.	If someone gets access to the data partition strategy and

4.      Analysis of Storage Methods in Cloud

There are several technique that are experimented and being used by cloud owners for data protection. In this section we will have a brief look on those technique.

4.1 Data Storage Security: Implicit Techniques

It is a basic requirement for data to be protected implicitly. This will not increase any overhead to the cloud management as well as work well for all the nodes on the cloud. In [8] authors have proposed data security architecture for cloud. They proposed data partitioning method for security.  They have used finite field polynomial method for data partitioning. The partitioning scheme breaks data into several sections and saved on random nodes on cloud. These data pieces are available to the person who requests the data and have the security key of the data to prove himself as a legitimate owner of the data. They have used the partitioning scheme which works in a way that there is no need for encryption of the data. The data is placed on the compute nodes which are only known to the data owner and none other. Data regeneration process has to browse all the servers where the data was stored and the knowledge of the partition portion of the data on one particular server.

4.2 Third Party Auditing

Data security and in time availability of data is the prime concern of the cloud users. In [9] authors have proposed a homogenous structure. Authors have used Bonech Lynn Shacham algorithm to divide data blocks before submitting onto the cloud. Batch auditing can be maintained in this technique by using bilinear aggregating method. In third party auditing specialized error detection method is used which is Reed Solmon technique, this technique maintains correctness of the data on the cloud. This technique is also applicable for multiple batch auditing, using this technique multiple auditing tasks can be performed for multiple users.

4.3 Secure protocol for Operational Storage

Here [10] authors have proposed effective and secure storage protocol for data security in cloud environments. This protocol is developed by using Elliptic Curve Cryptography. The Sobol Sequence algorithm is used for confirming data integrity after random intervals. Cloud compute nodes acknowledges random block set for generating probabilistic proof for data security. In this technique dynamic data operations are used for keeping security assurance and providing fool proof mechanism for data leakage security.

4.4 Secure Storage for Cloud

In [6] authors have used security technique which can sustain the security of the data without downloading on the client side. They have extended Kerberos authentication technique for cloud environments. They have built a data access control mechanism which is used to share security properties of cloud providers as well as data owners. They have defined the term trust for the data privacy how to define a trust of entity B on entity A. They have answered these security questions by proposing that a trusted method should be needed by the cloud providers for checking the data provenance they have also implemented a mechanism to inform the data owners when there data is changed. The access control mechanism should be proper so that authentic users can access their data. All the data should not be encrypted but on the other hand data confidentiality is also maintained.

4.5 Cloud Computing Security for Amazon Web Services

In [7] authors have proposed cloud security for amazon web services (AWS). Their security architecture accumulates all the infrastructure including, software, hardware security, network security, security `standards and all the facilities that has concern with data security. They make use of network architecture that is very secure. They provide secure access points so that data security is maintained. Data has security concerns during transmission from one place to another. They provide transmission protection for the data to be safe during transmission. The also provide with network monitory mechanisms to protect data from theft and intrusion attacks.

5.      Conclusion

Cloud computing is widely accepted area of research nowadays. With the 24/7 availability of data and services provided by the cloud, it is adopted by most of the new IT organizations. But all these facilities come with some drawbacks, data security is one of the main issue in cloud environments. Cloud storage is very economical, scalable and robust, so organizations are now transferring themselves towards cloud environments. But data security is a main concern for the cloud users. In this paper we have completed a survey of the techniques used in data security in cloud. These techniques include implicit data security, third party auditing, secure storage for cloud and secure protocol for operational storage. We have also completed a comparison of these techniques and comparative analysis of these techniques was also presented. We have also observed that one of the simple methods of data security is implicit method of data security in which data is partitioned and saved in a way that there is no need of encryption.

6.      Future work

In our future work we will be implementing major data protection techniques and perform an experimental survey of the data security techniques used in cloud. We will implement some data security techniques on a local cloud and propose an effective hybrid technique that will cost effective as well as secure.

Acknowledgements

I am very thankful to my Advanced Operating Systems professor who has helped me in completing this research paper. This is because of his guidance and help that I am able to complete my first research paper in this field.

References

[1] B. Worthen. Inside the head of obama’s cio. The Wall Street Journal Digits, March 5th, 2009.

[2] A. Juels and B. Kaliski Jr, “PORs: Proofs of irretrievability for large files,” in ACM Conference on Computer and Communications Security (SP), 2007, pp. 584–597.

[3] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in ACM Conference on Computer and Communications Security (CCS), 2007, pp. 598–609.

[4] Josef Spillner, Johannes Müller, Alexander Schill “optimal cloud storage systems in Future Generation Computer Systems”, 29 (2013) 1062–1072

[5] Xuan Li · Jin Li · Faliang Huang “A secure cloud storage system supporting privacy-preserving fuzzy deduplication”

[6] M Elkholy, A Elfatatry  “Towards a secure storage in cloud computing” World Academy of Science, Engineering and”, 2016 - waset.org

[7] S Narula, A Jain “Cloud Computing Security: Amazon Web Services Advanced” in proceedings of computing & Communication Technologies (ACCT) fifth international conference 501-555. IEEE2015.

[8] Parakh A, and Kak S (2009). “Online data storage using implicit security, Information Sciences”, vol 179(19), 3323–3331.

[9] Balakrishnan S, Saranya G, et al. (2011).” Introducing Effective Third Party Auditing (TPA) for Data Storage Security in Cloud”, International Journal of Computer Science and Technology, vol 2(2), 397–400.

[10]. Kumar S P, Subramanian R (2011) “An efficient and secure protocol for ensuring data storage security in Cloud Computing”, International Journal of Computer Science Issues, vol 8(6), No 1, 261–274