“Overview and Analysis on Secure Storage Techniques in Cloud Computation Environments”
Abstract
Cloud computing is a type of
environment where resources and information are provided as a service on demand
over the internet. No matter what location you are on, you can access resources
placed on cloud at any time this platform has also provided benefit in the form
of cloud storage services. Cloud storage services provide users with ease of
access and reduce maintenance and software costs, they are scalable and easy to
use without being expensive. The security of the data placed over the cloud is
a big concern because ease of placing data online comes with a great threat of
security and vulnerability of being hacked. Cloud data security is a big
concern of the larger organizations to enter in the cloud environments. In this
research we have targeted one of the most vital phenomena of cloud data
storage, we have surveyed different cloud data storage techniques, frameworks
and their pros and cons. We have also discussed the challenges that are
required to implement secure data storage in cloud. This research will provide
a basis on assessing the current work on secure data storage on cloud as well
as help in implementing future data security techniques.
1.
Introduction
In cloud computing
the services are provided by distributed hosting companies using the internet.
The cloud services are divided into three brought categories, i.e. deploying
software as a service, infrastructure and software as services. The core point of interest in cloud based software development is
data management and security. Cloud computing is
an emerging field because of its flexibility and versatility of services.
Clouds services are used in a variety of computational fields. Clouds are
categorized in to public or private clouds. The public clouds provide services
to any customer which wants to get their services over the internet. While the
private clouds are the providers of the services to specific customers. The
biggest advantage of the use of the cloud services is the saving of capital
investment. The organizations don’t have to invest for the purchase of
expensive servers; they just require connecting through internet to the cloud
server. Now the services can be availed as and when required. Clouds provide
services on demand. The cost is the amount of usage of the resource and the
time to which that resource was used. Cloud computing is building new horizons
for the new era of computing. CIO Vivek Kundra [1] stressed on the data
security in cloud is one of the prime concerns in cloud environments. The prime
advantage of moving to cloud is its flexibility of use, users can access
sources using requests and the host on cloud full fill the requests. There are
three different categories of cloud services. Software as a service (SaaS),
platform as a service (PaaS) and infrastructure as a service (IaaS). Companies
move into cloud because it allows the users to access cloud applications
anytime anywhere by using internet. Cloud provide its users flexibility to use
resources on demand, recovery from disaster, pay as much as you use as well as
cost reduction.
1.1 Use of Cloud Services
The cloud networks are getting the
hype because they are flexible in their implementation. They can adjust
themselves as and when needed, in the normal demand times they work fine. And if
the work load is increased suddenly the resources can be allocated with in
short interval of time. The cost of the clouds depends upon the amount of usage
of the resources and for what time. There is an example of EC2 which is of
Amazon Company; it provides powerful server instances in seconds on demand. So
there is flexibility to the users to accomplish their tasks, and plan their
work accordingly. Another advantage and flexibility of the clouds is that when
we are using a powerful server instance for our software development need, then
the instance will be provided. If at the same time the instance is no longer
required by the developer, the server will be off loaded. Now the cost of that
particular server will be charged with reference to the time the server was
allotted to the customer.
1.2 Data Access on Cloud
Data access is connected with the
users who can access the data. The data is accessed in levels, and the level of
access of the data fine granularity to be attained is also described in the
access mechanism. The access rights are also connected with this particular
field. The access rights allotment and reviewing is also described in this
phase.
The security module contains the
security requirements for the services on the clouds. The security of the
system when they are interfaced with other systems, the safety requirements for
the system are also discussed in this module.
The ease of use and cheap cost of
using hosted services over clouds relate some drawbacks with them. It is not
that easy to go over internet and start using cloud services. There are some
areas which need to be addressed before using cloud services. Data management
is an issue which has to be solved. Using good data management plans we can
overcome these issues and can get benefit from this advanced field. Moving data
to public clouds pose certain threats to companies who want to put data in
public clouds. These threats comprise of security, as well as some data legality
issues posed by the data owners on which some companies operate.
2.
Related Work
Cloud computing is
an emerging field because of its flexibility and versatility of services.
Clouds services are used in a variety of computational fields. Clouds are
categorized in to public or private clouds. The public clouds provide services
to any customer which wants to get their services over the internet. While the
private clouds are the providers of the services to specific customers. The
biggest advantage of the use of the cloud services is the saving of capital
investment. The organizations don’t have to invest for the purchase of
expensive servers; they just require connecting through internet to the cloud
server. Now the services can be availed as and when required. Clouds provide
services on demand. The cost is the amount of usage of the resource and the
time to which that resource was used. Cloud computing is building new horizons
for the new era of computing.
Data retrieve ability was suggested
by [2] in their research work in which a client can check whether his data is
intact or not. Some authentication information is ensemble in the data in
random spots. This information is entirely not related with the data and it is
randomly generated. The cloud administration services also not know the
position of the data. When user want to check the authentication of the data,
it requests the cloud for sending back its data, this data is compared with the
original data and checked whether it is persistent or not. However there is a
major drawback of using this technique that the user have the limitation of
using the authentication data for a finite number of times. In another work in
the field of secure data management Ateniese et al [3] proposed the concept of
data verifiable data possession. In this work authors have used homomorphic
data authentication for data security. A computation process is done on data
blocks in such a way that new calculation can be done on a group of data blocks
from the exact calculation on their calculation. The auditing process can be
done by requesting the cloud to send back the calculation of some arbitrarily chosen
data blocks and authentication of calculated results. If the calculated
authentication is right than the data stored on cloud is in its original form.
On the other hand if the authentication don’t match with the data, the data
stored is not intact. In [4] authors have proposed a cloud storage system that
integrates storage resources provided by multiple hosts in order to get security,
redundancy and ease of access to the data. Their provided system covers all the
storage services that are needed by a client over the cloud. They have
implemented their work as a NubiSave user friendly cloud data storage controller
that can run on all types of consumer environments. They have validated their
system by deploying it on a real word scenario with commercial and cloud data
storage providers. In [6] authors have proposed a security technique in which
data integrity is maintained. In this technique whenever data is changed, the
user is aware of those changes. For authorize access control, Kerberos
authentication technique is used. This technique is also applicable where data
is stored even on untrusted storage. Authors had performed different attack
experiments to check the validity of the technique. In [7] authors have
suggested that owners of the data and the server storing the data belongs to
the equal trust domain. However it is not true because in cloud computing data
and cloud providers are on two diverse trust domains. The services in cloud are
provided by commercial service providers that are most of the times out of
cloud trust domain. Public clouds provide services open to all over the
internet and any user can use these services by living in the limits of the
services providers.
In this section we present a comparison of the data storage
techniques, their methodologies and their advantages as well as disadvantages.
Table 01: Comparison of data storage
techniques and methodologies
Sr.
|
Technique
|
Methodology
|
Pros
|
Cons
|
1.
|
Storage security
for online data
|
Data
partitioning technique
|
No
information can be extracted from partitioned data
|
Difficult to
store data destination on servers
|
2.
|
Authentication
using identity
|
Authentication
protocol using identity based on hierarchical model
|
Seamless
working and alterable
|
Only used of
certified communication
|
3.
|
Third Party
Auditing [9]
|
Implementation
of BLS algorithm for storage security
|
Auditing can
be performed on multiple users at the same time
|
It is unable
to have support verification at public and dynamic data correction
|
4.
|
Fuzzy
deduplication [5]
|
Data is
encrypted using fuzzy image deduplication
|
Provides low
bandwidth implementation and optimizes storage
|
Contains high
risk of data lost if the encrypted image changes
|
5.
|
Ontology for cloud storage services using
NubiSave [4]
|
Combine
resources from multiple hosts
|
Provides redundancy,
security and availability
|
It faces
scalability issues if deployed in large clouds
|
6.
|
Kerberos
Technique[6]
|
Access
control technique that provide security for data providers and cloud owners
|
Data can be
protected from malicious nodes
|
Provides security
with major attack scenarios, uncommon situations are not handled
|
7.
|
Implicit Data
Security [8]
|
Data
partitioning and saving on multiple servers
|
Simplest
technique and reduce cost of overheads of encryption.
|
If someone
gets access to the data partition strategy and
|
4.
Analysis of Storage Methods in Cloud
There are several technique that are
experimented and being used by cloud owners for data protection. In this
section we will have a brief look on those technique.
4.1 Data Storage Security: Implicit
Techniques
It is a basic requirement for data
to be protected implicitly. This will not increase any overhead to the cloud
management as well as work well for all the nodes on the cloud. In [8] authors
have proposed data security architecture for cloud. They proposed data
partitioning method for security. They
have used finite field polynomial method for data partitioning. The
partitioning scheme breaks data into several sections and saved on random nodes
on cloud. These data pieces are available to the person who requests the data
and have the security key of the data to prove himself as a legitimate owner of
the data. They have used the partitioning scheme which works in a way that
there is no need for encryption of the data. The data is placed on the compute
nodes which are only known to the data owner and none other. Data regeneration
process has to browse all the servers where the data was stored and the
knowledge of the partition portion of the data on one particular server.
4.2 Third Party Auditing
Data security and in time
availability of data is the prime concern of the cloud users. In [9] authors
have proposed a homogenous structure. Authors have used Bonech Lynn Shacham algorithm
to divide data blocks before submitting onto the cloud. Batch auditing can be
maintained in this technique by using bilinear aggregating method. In third
party auditing specialized error detection method is used which is Reed Solmon
technique, this technique maintains correctness of the data on the cloud. This
technique is also applicable for multiple batch auditing, using this technique
multiple auditing tasks can be performed for multiple users.
4.3 Secure protocol for Operational
Storage
Here [10] authors have proposed
effective and secure storage protocol for data security in cloud environments.
This protocol is developed by using Elliptic Curve Cryptography. The Sobol
Sequence algorithm is used for confirming data integrity after random intervals.
Cloud compute nodes acknowledges random block set for generating probabilistic
proof for data security. In this technique dynamic data operations are used for
keeping security assurance and providing fool proof mechanism for data leakage
security.
4.4 Secure Storage for Cloud
In [6] authors have used security
technique which can sustain the security of the data without downloading on the
client side. They have extended Kerberos authentication technique for cloud
environments. They have built a data access control mechanism which is used to
share security properties of cloud providers as well as data owners. They have
defined the term trust for the data privacy how to define a trust of entity B
on entity A. They have answered these security questions by proposing that a
trusted method should be needed by the cloud providers for checking the data
provenance they have also implemented a mechanism to inform the data owners
when there data is changed. The access control mechanism should be proper so
that authentic users can access their data. All the data should not be
encrypted but on the other hand data confidentiality is also maintained.
4.5 Cloud Computing Security for
Amazon Web Services
In [7] authors have proposed cloud
security for amazon web services (AWS). Their security architecture accumulates
all the infrastructure including, software, hardware security, network
security, security `standards and all the facilities that has concern with data
security. They make use of network architecture that is very secure. They
provide secure access points so that data security is maintained. Data has
security concerns during transmission from one place to another. They provide
transmission protection for the data to be safe during transmission. The also
provide with network monitory mechanisms to protect data from theft and
intrusion attacks.
5.
Conclusion
Cloud computing is widely accepted
area of research nowadays. With the 24/7 availability of data and services
provided by the cloud, it is adopted by most of the new IT organizations. But
all these facilities come with some drawbacks, data security is one of the main
issue in cloud environments. Cloud storage is very economical, scalable and
robust, so organizations are now transferring themselves towards cloud environments.
But data security is a main concern for the cloud users. In this paper we have
completed a survey of the techniques used in data security in cloud. These
techniques include implicit data security, third party auditing, secure storage
for cloud and secure protocol for operational storage. We have also completed a
comparison of these techniques and comparative analysis of these techniques was
also presented. We have also observed that one of the simple methods of data
security is implicit method of data security in which data is partitioned and
saved in a way that there is no need of encryption.
6.
Future work
In our future work we will be
implementing major data protection techniques and perform an experimental
survey of the data security techniques used in cloud. We will implement some
data security techniques on a local cloud and propose an effective hybrid technique
that will cost effective as well as secure.
Acknowledgements
I am very thankful to my Advanced
Operating Systems professor who has helped me in completing this research
paper. This is because of his guidance and help that I am able to complete my
first research paper in this field.
References
[1] B. Worthen. Inside the head of obama’s cio. The Wall Street
Journal Digits, March 5th, 2009.
[2] A. Juels and B. Kaliski Jr, “PORs: Proofs of irretrievability
for large files,” in ACM Conference on Computer and Communications Security (SP),
2007, pp. 584–597.
[3] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z.
Peterson, and D. Song, “Provable data possession at untrusted stores,” in ACM
Conference on Computer and Communications Security (CCS), 2007, pp. 598–609.
[4] Josef Spillner, Johannes Müller, Alexander
Schill “optimal cloud storage systems in Future Generation Computer Systems”,
29 (2013) 1062–1072
[5] Xuan Li · Jin Li ·
Faliang Huang “A secure cloud storage system supporting privacy-preserving fuzzy
deduplication”
[6] M
Elkholy, A Elfatatry “Towards a secure storage in cloud computing”
World Academy of Science, Engineering and”, 2016 - waset.org
[7] S Narula, A
Jain “Cloud Computing Security: Amazon Web Services Advanced” in proceedings of
computing & Communication Technologies (ACCT) fifth international
conference 501-555. IEEE2015.
[8] Parakh A, and
Kak S (2009). “Online data storage using implicit security, Information Sciences”,
vol 179(19), 3323–3331.
[9] Balakrishnan S, Saranya G, et al. (2011).” Introducing Effective
Third Party Auditing (TPA) for Data Storage Security in Cloud”, International
Journal of Computer Science and Technology, vol 2(2), 397–400.
[10]. Kumar S P, Subramanian R (2011) “An efficient and secure
protocol for ensuring data storage security in Cloud Computing”, International
Journal of Computer Science Issues, vol 8(6), No 1, 261–274
Comments
Post a Comment