SlideShare a Scribd company logo

Research Design Report Tagore

Download as DOCX, PDF
Vinoth Kanna , profile picture
Vinoth Kanna

This document outlines a final year project proposal on security in cloud computing. The aim is to propose a new trust model between cloud providers and users based on the user's past experience, knowledge of cloud concepts, and security measures at different levels. The document reviews existing literature on reputation-based trust models and encryption techniques. It then discusses research problems around data security, privacy, and trust. The proposed methodology involves surveys to understand user requirements, and experiments using data coloring and watermarking techniques with encryption to securely store fragmented data in the cloud. Potential outcomes include improved service level agreements and fine-grained access control, with limitations around specific data types and formats supported.

1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Tagore Engineering College Security in Cloud Computing Name: Vinoth Kanna Kolapakkam Venkatesan Project: Final Year Project
Vinoth Kanna Kolapakkam Venkatesan 1 Contents Introduction.................................................................................................................................2 AIM............................................................................................................................................. 2 Background to the research ..........................................................................................................3 Literature Review ......................................................................................................................... 4 Implementation Method...........................................................................................................4 Impacts....................................................................................................................................5 Research Problem......................................................................................................................... 5 Research Question........................................................................................................................ 6 Methodology................................................................................................................................ 6 Observation.............................................................................................................................. 8 Proposedexperiment or Experimental Design............................................................................ 8 Data Analysis............................................................................................................................ 9 Potential Outcomes and Limitations .............................................................................................. 9 Limitations................................................................................................................................. 10 Ethical Limitations ...................................................................................................................... 10 Conclusion ................................................................................................................................. 11 Reference .................................................................................................................................. 12
Vinoth Kanna Kolapakkam Venkatesan 2 Introduction Cloud has ended up being a suitable decision for providing computing and stockpiling data particularly for little and medium estimated organizations lately. The "pay per utilization" expense model, on interest registering, vast scale stockpiling asset with simple get to and liberating clients from overseeing and keeping up assets are among the vital components that have settled on cloud an appealing decision for such administrations. The issue of low trust on cloud processing is a deterrent, one of the significant hindrances to its pervasive organization, especially if there should be an occurrence of discriminating information stockpiling on the cloud supplier's data centres. Trust is a basic factor in cloud computing; in present practice it depends generally on impression of notoriety, and self appraisal by suppliers of cloud services. We start this paper with an overview of existing systems for building up trust, and remark on their confinements. We then address those constraints by proposing more thorough components in view of proof, trait accreditation, and acceptance, and close by recommending a system for coordinating different trust instruments together to uncover chains of trust in the cloud. [3] This reports will outline the background; aim; existing literature issue; inquiry; proposed methodology ;and potential results and constraints. AIM In this paper, contended favourable circumstances and drawbacks are assessed for fulfilment of clients. Another trust model has been proposed between cloud supplier and cloud clients in three turns. At first turn client must be fulfilled by past experience of cloud supplier, at second turn client must have information about Cloud Computing, SLA (Administration Level Agreement), Cloud Advantages, Cloud Disadvantages Issues identified with preferences & weaknesses and securities at distinctive levels. With proposed model any association can without much of a stretch make a trust on cloud supplier and can utilize third party services. [2] This paper proposes utilizing a trust-overlay organizes over different server farms to actualize a reputation framework for setting up trust between administration suppliers and information proprietors. Information shading and programming watermarking strategies
Vinoth Kanna Kolapakkam Venkatesan 3 ensure shared information items and enormously circulated programming modules. These strategies shield multi-way verifications, empower single sign-on in the cloud. [1] Background to the research The cloud does appear understand some important issues with the constantly expanding expenses of installing, maintaining, and supporting an IT framework that is sometimes used any-place close to its ability in the single-proprietor environment. There is a chance to expand productivity and lessen costs in the IT part of the business and leaders are starting to focus. Vendors who can provide a safe, high-accessibility, adaptable framework to the masses may be ready to succeed in getting associations to receive their cloud administrations. To expand the selection of Web and cloud administrations, cloud service providers (CSPs) should first build up trust and security to reduce the stresses of a various clients. A secure cloud system ought to be free from abuse of trust, password duping, hacking, virus, obscenity, spam, and protection and copyright infringement. Both public and private cloud interest "trusted zones" for information, virtual machines (VMs), and client identity, as VMware and EMC3 initially presented. [1] Kai Hwang, Deyi Li. (2010)author describes The Cloud Security Alliance has distinguished a couple of basic issues for trusted cloud registering, and a few late works talk about broad issues on cloud security and privacy. Public and private clouds request diverse levels of security authorization. We can recognize among diverse service-level agreements (SLAs) by their variable level of shared obligation between cloud suppliers and clients. Discriminating security issues incorporate data integrity, client privacy, and trust among suppliers, individual clients, and client groups. Because of the following reasons, the greater part of the companies would prefer not to utilize the cloud computing services:  Security Concerns (i.e. 20%)  Unawareness with respect to the Entire administrations gave by the Cloud Provider (i.e. 40%)  Un-trusted Service Providers (i.e. 40%)
Vinoth Kanna Kolapakkam Venkatesan 4 By explaining the said advantages of cloud computing, 29% completely concurred and 66% companies’ partially consented to use the cloud environment. Presently it is important to give a stage which could help associations to settle on choice about the usage and upgrade their insight about cloud services from all viewpoints. [2] To address these issues, we propose a reputation based trust-administration plan increased with data colouring and software watermarking. Literature Review Kai Hwang, Deyi Li. (2010) research paper literature review was been conducted throughout the paper. (Ma, K.; Weiming Zhang (2009)) paper is been used by author to justify hiding data in encrypted images techniques. Same modular approach is been followed by (Kai Hwang, Deyi Li. (2010)) to hide data by the concepts like data coloring and water marking techniques. To propose this author uses Encryption Algorithm. Author also reviews the project and backs it with many IEEE research papers. [1] Syed.S, Teja P.S. (2014) literature reviewed almost exclusively from a large number of articles, books and IEEE research papers. Same as (Kai Hwang, Deyi Li. (2010)) this paper is also well researched and reviewed. Author proposes secure cloud data centres through encrypted databases. To achieve this author uses Attribute Based Encryption for secure storage. (Iyer, B.; Mehrotra, S (2004)) IEEE papers as a reference to the encoded database using efficient cryptic operations. Database encryption will provides an additional level of security of data owners from the service providers. This paper also proposes multi-level threshold based encryption technique, whose encoded data size independent of the number of attributes. [4] Implementation Method Kai Hwang, Deyi Li. (2010) paper revolves around the concept of creating trust between the cloud service providers and cloud user. In order to achieve this author uses software watermarking and encryption algorithm to secure user data over the cloud. This approach provides more secure cloud platform for the users. To create trust author encrypts the data stored on the cloud. This will make impossible for the cloud service providers to view the user data present over the data centres. Syed.S, Teja P.S. (2014) also depicts the same process rather than encrypting the data, author suggests encrypting the entire database. To
Vinoth Kanna Kolapakkam Venkatesan 5 encrypt the database author uses attribute based encryption. Both the papers use an encryption algorithm to provide a secure cloud service. Impacts Utilizing Cloud Computing, organizations can scale up-to High limits instantly without putting resources into new base, preparing the individuals or new programming licensing. It is more helpful for small and medium scale organizations that need to outsource their Data Centre, or some bigger organizations likewise incline to chop down the expenses of building data centres inside the organisation to get maximum usage. So, buyers use what they need and pay appropriately. Advantages for the cloud users are they no more need a PC to utilize the application. They can get to it by utilizing cell phones, PDA or which the medium Cloud underpins. By receiving cloud, user does not have to worry about the infrastructure, programming furthermore user doesn't have to stress over the system support. By picking this cloud user can diminish the capital costs and operating costs. [1] Research Problem The problem arise during the implementation phase, as the data present over cloud is encrypted it requires complex techniques to achieve it. The Service-Level-Agreements (SLAs) between the cloud providers and users for both the public and private clouds require different approach. The SLAs require data confidentiality highly for the users Virtual Machines (VMs). These critical issues comprises of data integrity, confidentiality and trust between the providers and cloud user are always a debatable concept. In order to secure the data the encryption algorithm used to watermark the data are complex and hard to implement in the real time. The infrastructure-as-a-service (IaaS) model sits at the deepest usage layer, which is reached out to shape the platform-as-a-service (PaaS) layer by including OS and middleware support. The cloud user are not allowed to manage the cloud IaaS with the current (SLAs) provided by the cloud service providers. Because of these agreements the cloud user data passing through IaaS are subjected to malwares and viruses. Securing Platform-as-a-service (PaaS) requires complex coding and implementing those user built application over the cloud may result in performance reduction. User privacy is a major concern.
Vinoth Kanna Kolapakkam Venkatesan 6 PaaS further reaches out to the software-as-a-service (SaaS) demonstrate by creating applications on information, substance, and metadata utilizing exceptional APIs. This shows that SaaS requires security at all levels and it is prone to vulnerabilities. The encryption technique proposed is proved not to be the best, data securing option over the cloud as the cloud service providers have the access over the data centre. The watermarking technique fragments the data into bits and pieces and storing the data. These data are retrieved using the encryption keys. Data can be viewed by anyone who provides the appropriate key in the cloud, which makes it unreliable. Research Question The implementation of the security over the cloud will be based on the requirements and the research is completely based on the trust between the cloud service providers and the cloud users. How the watermarking technique is implemented. And what are the necessary steps to achieve this goal. The exact questions this search project will address:  Are the encryption algorithm used is sufficient to secure cloud data?  How the Data colouring and watermarking techniques is implemented?  How to prevent Internet Service Providers and Cloud Service Providers from violating user privacy?  Trust between Cloud Service Providers and Data Owners (Users)?  Is it really possible to secure all Iaas, PaaS and SaaS service models? Methodology The methodology used to gather information for investigation in this research project will be a mixed methodology. Both qualitative and quantitative information gathering strategies will be consolidated together. The essential approach will be qualitative. The primary technique of data collection will be survey and observations. These surveys can be conducted as Electronic survey through mailed questionnaire and online survey. The below survey shows the insight of the cloud users requirements for the security in cloud computing
Vinoth Kanna Kolapakkam Venkatesan 7 Questions Answer Options Rating Average Reasons Not Important Medium Important Very Important Privacy YES/NO YES/NO YES/NO Provides insight of the users privacy requirements Cloud Models Public Private Hybrid YES/NO YES/NO YES/NO Data Availability YES/NO YES/NO YES/NO Data Integrity YES/NO YES/NO YES/NO Data Confidentiality YES/NO YES/NO YES/NO Trust YES/NO YES/NO YES/NO Repudiation YES/NO YES/NO YES/NO Loss of control over data YES/NO YES/NO YES/NO Lack of liability of providers YES/NO YES/NO YES/NO Security Standard YES/NO YES/NO YES/NO Development model IaaS SaaS PaaS YES/NO YES/NO YES/NO This survey helps us to determine the various cloud security factors preferred by the cloud users. On the basis of this survey we can get the clear picture of the cloud user
Vinoth Kanna Kolapakkam Venkatesan 8 requirements. Based on this we can provide the secure and exact cloud application to the cloud user. The qualitative analysis helps to conclude the overall characteristic of the cloud user towards cloud services. [12] The above survey consist three parts of data security under Data Integrity, Data Confidentiality and Data Availability. To achieve this we use the encryption standard to provide fine-grain access control over the data. Observation In this Research method, all the observation related to the cloud security will observed and recorded. These recorded values are shown in the below graph. These data recordings will show the importance of the data security over the cloud. [5] Security solutions with grouped categories: Pie chart for solutions with grouped categories, showing a clear lack for virtualization security mechanisms in comparison to its importance in terms of concerns citations. [5] The security in data will be implemented based on the above observations in relations to the appropriate security measure. Proposed experiment or Experimental Design Before, watermarking was primarily utilized for advanced copyright administration. Christian Collberg has proposed watermarking to ensure programming methods. [6] The model Deyi Li and his partners suggest offers a two request fluffy participation capacity for securing information owners. [7] This model is extended to add distinct data colours to
Vinoth Kanna Kolapakkam Venkatesan 9 secure expansive data formats in the cloud. To protect it, we consolidate the benefits of safe cloud stockpiling and programming watermarking through information shading and trust transaction. We introduce the cloud drops (data colours) into the input photograph and remove colour to restore the original photograph. The colouring procedure utilizes three information attributes to produce the shading: the expected value (Ex) relies on upon the information content, though entropy (En) and hyper-entropy (He) include a random number generated by the encryption algorithm, which are anonymous of the information content and known just to the cloud user. All things considered, these three capacities produce a collection of cloud drops to shape a remarkable "colouring" that cloud providers or other cloud clients cannot distinguish. Data Analysis Once all the above metric data is calculated it is easy to analysis the data. The qualitative information will uncover the examples and recognize variables that researchers were not appraised of. This statistical approach will provide the clear outcome of the cloud users requirement and behaviour towards cloud services. The data analysis will keep track of how the data is been stored and retrieved from the cloud data centres. The data will be watermarked and fragmented into data bits and stored in the data centres. It shows the methodology used to store the data securely using the encryption. Data analysis shows physically how the watermarked data is stored on the server. The encryption key is been used to store the data and retrieve the data we use the decryption key to decrypt the data present in the cloud server. The efficiency of the analysis will be calculated in accordance to the storing and retrieval of data. After this watermarking even the Cloud Service Providers cannot able to view the data present in the cloud server without the permission of the data owner. Potential Outcomes and Limitations The proposed reputation framework and data colouring system to ensure data centre access at a coarse-grained level and secure information access at a fine-grained document level. These are important to the universal acknowledgement of Web-scale cloud computing in individual, business, finances, and computerized government applications. Internet clouds
Vinoth Kanna Kolapakkam Venkatesan 10 request that we globalize operating and security models. The interoperability and mesh-up among diverse clouds are completely different issues. Cloud security framework and trust administration will assume an essential part in redesigning combined cloud services. From the above consequences, the possible outcomes can be subdivided as: 1. Better Service Level Agreements (SLAs) between service providers and users 2. Fine-grained access control over the data on the cloud servers 3. The security as a service (SECaaS) and data protection as n service (DPaaS) may grow quickly. The watermarking and data colouring technique used in this research paper will only encrypt the selective types of files, all formats of images. It can be researched and developed to encrypt even videos format data. Limitations There are several limitations in this research study which should be acknowledged. The technical part of the research study is not been implemented professionally. So the resultant output may vary. The research study is conducted only to secure certain types of data over the cloud, not every data types and formats can be secure using this research study. The basic purpose of this research is to create trust between the cloud service providers and cloud users. In order to implement those aspects in real life the technical and system limitations may arise. The data gathering for the study is been done by the student, who lack in trained experience. The system requirement to implement the study is not been properly discussed The lack of technical knowledge may lead to complex cloud application, which will eventually tend to be time consuming during data migration. Ethical Limitations The study utilizing overview is taking measures to ensure that the individuals from the survey are aware of their rights. A participant should feel empowered and taught about
Vinoth Kanna Kolapakkam Venkatesan 11 their advantage, and that the endeavour is taking every measure to hold quickly to their rights. Contribution in every period of the audit is wilful and people have the benefit to not share in any or most of the activities. Someone's withdrawal from one activity does not square them from the others; however a couple of results may not be accomplished when uniting data transversely over stages. The framework checking hubs may be configurable, with the objective that individuals can pick not to have specific discernments assembled from their frameworks. The study is generally identified with the associations and is in view of the examination done till now inside different associations and people. An information hand-out will be orchestrated on these analysed rights and the errand by and large. It will have a layout highlighting the noteworthy concentrates moreover contain more all around information for those wishing to request further. This is so individuals are taught. Exactly when data is submitted to the review, it will contain this identifier for association, yet at no time is the identifier joined with the character of the person. The identifier will be given to the individual so they can use it to withdraw at whatever point they need to be barred from the review. Withdrawal from the endeavour will never be tended to. This errand needs to be careful in the data it is get-together to guarantee protection. The data required is about tradition likeness and perceiving device sorts. No record of certified substance on the framework is set away whenever. Conclusion Even though the cloud computing is considered the future of information technology and growing in a fast pace. It is relatively new concept which provides a good application and service to its customers; however there are some security concerns in the cloud computing which make it to not to reach its full potential. Although most of the study deals only with security in cloud either trusts between cloud service providers and cloud users. But this study provides both the trust and security on cloud. Since Cloud Computing influences numerous advances, it likewise acquires their security issues. Conventional web applications, information facilitating, and virtualization have been looked over, yet a
Vinoth Kanna Kolapakkam Venkatesan 12 percentage of the arrangements offered are juvenile or in-existent. We have exhibited security issues for cloud models: IaaS, PaaS, and IaaS, which change dependencies upon the model. Reference [1]K. Hwang and D. Li, 'Trusted Cloud Computing with Secure Resources and Data Coloring', IEEE Internet Comput., vol. 14, no. 5, pp. 14-22, 2010. [2]A. Rashidi, 'A Model for User Trust in Cloud Computing', IJCCSA, vol. 2, no. 2, pp. 1-8, 2012. [3]J.Huang and D. Nicol,'Trustmechanismsforcloudcomputing', JCloud ComputAdv SystAppl, vol. 2, no. 1, p. 9, 2013. [4]S. Syed and P. Teja, 'Contemporary Computing and Informatics (IC3I), 2014 International Conference on', Novel data storage and retrieval in cloud database by using frequent access node encryption, vol. 13, no. 2, pp. 353-356, 2014. [5]N. Gonzalez, 'A quantitative analysis of current security concerns and solutions for cloud computing', J Cloud Comput Adv Syst Appl, vol. 1, no. 1, p. 11, 2012. [6]C. Collberg and C. Thomborson, 'Watermarking, tamper-proofing, and obfuscation - tools for software protection', IIEEE Trans. Software Eng., vol. 28, no. 8, pp. 735-746, 2002. [7]D. Li, C. Liu and W. Gan, 'A new cognitive model: Cloud model', Int. J. Intell. Syst., vol. 24, no. 3, pp. 357-375, 2009. [8]G. Garrison, S. Kim and R. Wakefield, 'Success factors for deploying cloud computing', Commun. ACM, vol. 55, no. 9, p. 62, 2012. [9]J. Rittinghouse and J. Ransome, Cloud computing. Boca Raton: CRC Press, 2010. [10]A.Rahbar and O. Yang, 'PowerTrust:A Robustand Scalable ReputationSystem for Trusted Peer- to-Peer Computing', IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 4, pp. 460-473, 2007. [11]T. Carvalho, 'A quantitative analysis of current security concerns and solutions for cloud computing', J Cloud Comput Adv Syst Appl, vol. 1, no. 1, p. 11, 2012. [12]S. Subashini and V. Kavitha, 'A survey on security issues in service delivery models of cloud computing', Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1-11, 2011.
Vinoth Kanna Kolapakkam Venkatesan 13 [13]R. Bhadauria and S. Sanyal, 'Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques', International Journal of Computer Applications, vol. 47, no. 18, pp. 47-66, 2012. [14]S. ., 'A SURVEY ON DATA SECURITY IN CLOUD COMPUTING: ISSUES AND MITIGATION TECHNIQUES', IJRET, vol. 02, no. 14, pp. 26-30, 2013. [15]S. Zhu and X. Yang, 'Protecting data in cloud environment with attribute-based encryption', International Journal of Grid and Utility Computing, vol. 6, no. 2, p. 91, 2015.

More Related Content

PDF
Improving Efficiency of Security in Multi-Cloud
IJTET Journal
 
PDF
Ijarcet vol-2-issue-4-1405-1409
Editor IJARCET
 
PDF
Secure Data Sharing In an Untrusted Cloud
IJERA Editor
 
PDF
Comparison of data security in grid and cloud computing
eSAT Journals
 
PDF
J0423066069
ijceronline
 
PDF
Comparison of data security in grid and cloud
eSAT Publishing House
 
PDF
Survey of uncertainty handling in cloud service discovery and composition
ijngnjournal
 
PDF
Enhanced security framework to ensure data security
eSAT Publishing House
 
Improving Efficiency of Security in Multi-Cloud
IJTET Journal
 
Ijarcet vol-2-issue-4-1405-1409
Editor IJARCET
 
Secure Data Sharing In an Untrusted Cloud
IJERA Editor
 
Comparison of data security in grid and cloud computing
eSAT Journals
 
J0423066069
ijceronline
 
Comparison of data security in grid and cloud
eSAT Publishing House
 
Survey of uncertainty handling in cloud service discovery and composition
ijngnjournal
 
Enhanced security framework to ensure data security
eSAT Publishing House
 

What's hot (20)

PDF
H1803035056
IOSR Journals
 
PDF
Insuring Security for Outsourced Data Stored in Cloud Environment
Editor IJCATR
 
PDF
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET Journal
 
PDF
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
ijccsa
 
PDF
Ijetcas14 424
Iasir Journals
 
PDF
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET Journal
 
PDF
Enhanced security framework to ensure data security in cloud using security b...
eSAT Journals
 
PPTX
Smart cloud - single to multi cloud
Abdul Rasheed Feroz Khan
 
PDF
Encryption based multi user manner secured data sharing and storing in cloud
prjpublications
 
PDF
Dn35636640
IJERA Editor
 
PDF
J018145862
IOSR Journals
 
PDF
A comparative study of secure search protocols in pay as-you-go clouds
eSAT Publishing House
 
PDF
Oruta project report
Manasa Chowdary
 
PDF
A novel graphical password approach for accessing cloud & data verification
eSAT Publishing House
 
PDF
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET Journal
 
DOCX
4.authentication and key agreement based on anonymous identity for peer to-pe...
Venkat Projects
 
PDF
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET Journal
 
PDF
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
dbpublications
 
PDF
A survey on cloud security issues and techniques
ijcsa
 
PDF
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
Migrant Systems
 
H1803035056
IOSR Journals
 
Insuring Security for Outsourced Data Stored in Cloud Environment
Editor IJCATR
 
IRJET- An EFficiency and Privacy-Preserving Biometric Identification Scheme i...
IRJET Journal
 
Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier ...
ijccsa
 
Ijetcas14 424
Iasir Journals
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET Journal
 
Enhanced security framework to ensure data security in cloud using security b...
eSAT Journals
 
Smart cloud - single to multi cloud
Abdul Rasheed Feroz Khan
 
Encryption based multi user manner secured data sharing and storing in cloud
prjpublications
 
Dn35636640
IJERA Editor
 
J018145862
IOSR Journals
 
A comparative study of secure search protocols in pay as-you-go clouds
eSAT Publishing House
 
Oruta project report
Manasa Chowdary
 
A novel graphical password approach for accessing cloud & data verification
eSAT Publishing House
 
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET Journal
 
4.authentication and key agreement based on anonymous identity for peer to-pe...
Venkat Projects
 
IRJET- A Research Paper on Block Design-based Key Agreement for Group Dat...
IRJET Journal
 
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA)...
dbpublications
 
A survey on cloud security issues and techniques
ijcsa
 
DECENTRALIZED ACCESS CONTROL OF DATA STORED IN CLOUD USING KEY POLICY ATTRIBU...
Migrant Systems
 
Ad

Similar to Research Design Report Tagore (20)

PDF
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
PDF
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
PDF
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
PDF
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
PDF
Security Issues in Cloud Computing - A Review
Eswar Publications
 
PDF
Measurable, safe and secure data management for sensitive users in cloud comp...
eSAT Publishing House
 
PDF
An approach for secured data transmission at client end in cloud computing
IAEME Publication
 
PDF
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
PDF
IRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET Journal
 
PDF
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
IJNSA Journal
 
PDF
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
cscpconf
 
PDF
A Review On Data Security In Cloud Computing
Yolanda Ivey
 
PDF
A systematic mapping study of security, trust and privacy in clouds
journalBEEI
 
PDF
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
IRJET Journal
 
PDF
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 
RTF
Secure third party cloud computing services a proposal by shibwabo anyembe
Shibwabo Christopher Anyembe
 
PDF
Issues of cloud security and its implications
eSAT Publishing House
 
PDF
G033030035
ijceronline
 
PDF
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL
 
PDF
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
Design and implement a new cloud security method based on multi clouds on ope...
csandit
 
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...
cscpconf
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTURE
IJNSA Journal
 
Security Issues in Cloud Computing - A Review
Eswar Publications
 
Measurable, safe and secure data management for sensitive users in cloud comp...
eSAT Publishing House
 
An approach for secured data transmission at client end in cloud computing
IAEME Publication
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
IRJET- Security Concern: Analysis of Cloud Security Mechanism
IRJET Journal
 
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDS
IJNSA Journal
 
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...
cscpconf
 
A Review On Data Security In Cloud Computing
Yolanda Ivey
 
A systematic mapping study of security, trust and privacy in clouds
journalBEEI
 
SECURE DATA TRANSFER BASED ON CLOUD COMPUTING
IRJET Journal
 
A Survey on Cloud Computing Security – Challenges and Trust Issues
IJCSIS Research Publications
 
Secure third party cloud computing services a proposal by shibwabo anyembe
Shibwabo Christopher Anyembe
 
Issues of cloud security and its implications
eSAT Publishing House
 
G033030035
ijceronline
 
Security Issues’ in Cloud Computing and its Solutions.
IJCERT JOURNAL
 
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
Ad

Research Design Report Tagore

  • 1. Tagore Engineering College Security in Cloud Computing Name: Vinoth Kanna Kolapakkam Venkatesan Project: Final Year Project
  • 2. Vinoth Kanna Kolapakkam Venkatesan 1 Contents Introduction.................................................................................................................................2 AIM............................................................................................................................................. 2 Background to the research ..........................................................................................................3 Literature Review ......................................................................................................................... 4 Implementation Method...........................................................................................................4 Impacts....................................................................................................................................5 Research Problem......................................................................................................................... 5 Research Question........................................................................................................................ 6 Methodology................................................................................................................................ 6 Observation.............................................................................................................................. 8 Proposedexperiment or Experimental Design............................................................................ 8 Data Analysis............................................................................................................................ 9 Potential Outcomes and Limitations .............................................................................................. 9 Limitations................................................................................................................................. 10 Ethical Limitations ...................................................................................................................... 10 Conclusion ................................................................................................................................. 11 Reference .................................................................................................................................. 12
  • 3. Vinoth Kanna Kolapakkam Venkatesan 2 Introduction Cloud has ended up being a suitable decision for providing computing and stockpiling data particularly for little and medium estimated organizations lately. The "pay per utilization" expense model, on interest registering, vast scale stockpiling asset with simple get to and liberating clients from overseeing and keeping up assets are among the vital components that have settled on cloud an appealing decision for such administrations. The issue of low trust on cloud processing is a deterrent, one of the significant hindrances to its pervasive organization, especially if there should be an occurrence of discriminating information stockpiling on the cloud supplier's data centres. Trust is a basic factor in cloud computing; in present practice it depends generally on impression of notoriety, and self appraisal by suppliers of cloud services. We start this paper with an overview of existing systems for building up trust, and remark on their confinements. We then address those constraints by proposing more thorough components in view of proof, trait accreditation, and acceptance, and close by recommending a system for coordinating different trust instruments together to uncover chains of trust in the cloud. [3] This reports will outline the background; aim; existing literature issue; inquiry; proposed methodology ;and potential results and constraints. AIM In this paper, contended favourable circumstances and drawbacks are assessed for fulfilment of clients. Another trust model has been proposed between cloud supplier and cloud clients in three turns. At first turn client must be fulfilled by past experience of cloud supplier, at second turn client must have information about Cloud Computing, SLA (Administration Level Agreement), Cloud Advantages, Cloud Disadvantages Issues identified with preferences & weaknesses and securities at distinctive levels. With proposed model any association can without much of a stretch make a trust on cloud supplier and can utilize third party services. [2] This paper proposes utilizing a trust-overlay organizes over different server farms to actualize a reputation framework for setting up trust between administration suppliers and information proprietors. Information shading and programming watermarking strategies
  • 4. Vinoth Kanna Kolapakkam Venkatesan 3 ensure shared information items and enormously circulated programming modules. These strategies shield multi-way verifications, empower single sign-on in the cloud. [1] Background to the research The cloud does appear understand some important issues with the constantly expanding expenses of installing, maintaining, and supporting an IT framework that is sometimes used any-place close to its ability in the single-proprietor environment. There is a chance to expand productivity and lessen costs in the IT part of the business and leaders are starting to focus. Vendors who can provide a safe, high-accessibility, adaptable framework to the masses may be ready to succeed in getting associations to receive their cloud administrations. To expand the selection of Web and cloud administrations, cloud service providers (CSPs) should first build up trust and security to reduce the stresses of a various clients. A secure cloud system ought to be free from abuse of trust, password duping, hacking, virus, obscenity, spam, and protection and copyright infringement. Both public and private cloud interest "trusted zones" for information, virtual machines (VMs), and client identity, as VMware and EMC3 initially presented. [1] Kai Hwang, Deyi Li. (2010)author describes The Cloud Security Alliance has distinguished a couple of basic issues for trusted cloud registering, and a few late works talk about broad issues on cloud security and privacy. Public and private clouds request diverse levels of security authorization. We can recognize among diverse service-level agreements (SLAs) by their variable level of shared obligation between cloud suppliers and clients. Discriminating security issues incorporate data integrity, client privacy, and trust among suppliers, individual clients, and client groups. Because of the following reasons, the greater part of the companies would prefer not to utilize the cloud computing services:  Security Concerns (i.e. 20%)  Unawareness with respect to the Entire administrations gave by the Cloud Provider (i.e. 40%)  Un-trusted Service Providers (i.e. 40%)
  • 5. Vinoth Kanna Kolapakkam Venkatesan 4 By explaining the said advantages of cloud computing, 29% completely concurred and 66% companies’ partially consented to use the cloud environment. Presently it is important to give a stage which could help associations to settle on choice about the usage and upgrade their insight about cloud services from all viewpoints. [2] To address these issues, we propose a reputation based trust-administration plan increased with data colouring and software watermarking. Literature Review Kai Hwang, Deyi Li. (2010) research paper literature review was been conducted throughout the paper. (Ma, K.; Weiming Zhang (2009)) paper is been used by author to justify hiding data in encrypted images techniques. Same modular approach is been followed by (Kai Hwang, Deyi Li. (2010)) to hide data by the concepts like data coloring and water marking techniques. To propose this author uses Encryption Algorithm. Author also reviews the project and backs it with many IEEE research papers. [1] Syed.S, Teja P.S. (2014) literature reviewed almost exclusively from a large number of articles, books and IEEE research papers. Same as (Kai Hwang, Deyi Li. (2010)) this paper is also well researched and reviewed. Author proposes secure cloud data centres through encrypted databases. To achieve this author uses Attribute Based Encryption for secure storage. (Iyer, B.; Mehrotra, S (2004)) IEEE papers as a reference to the encoded database using efficient cryptic operations. Database encryption will provides an additional level of security of data owners from the service providers. This paper also proposes multi-level threshold based encryption technique, whose encoded data size independent of the number of attributes. [4] Implementation Method Kai Hwang, Deyi Li. (2010) paper revolves around the concept of creating trust between the cloud service providers and cloud user. In order to achieve this author uses software watermarking and encryption algorithm to secure user data over the cloud. This approach provides more secure cloud platform for the users. To create trust author encrypts the data stored on the cloud. This will make impossible for the cloud service providers to view the user data present over the data centres. Syed.S, Teja P.S. (2014) also depicts the same process rather than encrypting the data, author suggests encrypting the entire database. To
  • 6. Vinoth Kanna Kolapakkam Venkatesan 5 encrypt the database author uses attribute based encryption. Both the papers use an encryption algorithm to provide a secure cloud service. Impacts Utilizing Cloud Computing, organizations can scale up-to High limits instantly without putting resources into new base, preparing the individuals or new programming licensing. It is more helpful for small and medium scale organizations that need to outsource their Data Centre, or some bigger organizations likewise incline to chop down the expenses of building data centres inside the organisation to get maximum usage. So, buyers use what they need and pay appropriately. Advantages for the cloud users are they no more need a PC to utilize the application. They can get to it by utilizing cell phones, PDA or which the medium Cloud underpins. By receiving cloud, user does not have to worry about the infrastructure, programming furthermore user doesn't have to stress over the system support. By picking this cloud user can diminish the capital costs and operating costs. [1] Research Problem The problem arise during the implementation phase, as the data present over cloud is encrypted it requires complex techniques to achieve it. The Service-Level-Agreements (SLAs) between the cloud providers and users for both the public and private clouds require different approach. The SLAs require data confidentiality highly for the users Virtual Machines (VMs). These critical issues comprises of data integrity, confidentiality and trust between the providers and cloud user are always a debatable concept. In order to secure the data the encryption algorithm used to watermark the data are complex and hard to implement in the real time. The infrastructure-as-a-service (IaaS) model sits at the deepest usage layer, which is reached out to shape the platform-as-a-service (PaaS) layer by including OS and middleware support. The cloud user are not allowed to manage the cloud IaaS with the current (SLAs) provided by the cloud service providers. Because of these agreements the cloud user data passing through IaaS are subjected to malwares and viruses. Securing Platform-as-a-service (PaaS) requires complex coding and implementing those user built application over the cloud may result in performance reduction. User privacy is a major concern.
  • 7. Vinoth Kanna Kolapakkam Venkatesan 6 PaaS further reaches out to the software-as-a-service (SaaS) demonstrate by creating applications on information, substance, and metadata utilizing exceptional APIs. This shows that SaaS requires security at all levels and it is prone to vulnerabilities. The encryption technique proposed is proved not to be the best, data securing option over the cloud as the cloud service providers have the access over the data centre. The watermarking technique fragments the data into bits and pieces and storing the data. These data are retrieved using the encryption keys. Data can be viewed by anyone who provides the appropriate key in the cloud, which makes it unreliable. Research Question The implementation of the security over the cloud will be based on the requirements and the research is completely based on the trust between the cloud service providers and the cloud users. How the watermarking technique is implemented. And what are the necessary steps to achieve this goal. The exact questions this search project will address:  Are the encryption algorithm used is sufficient to secure cloud data?  How the Data colouring and watermarking techniques is implemented?  How to prevent Internet Service Providers and Cloud Service Providers from violating user privacy?  Trust between Cloud Service Providers and Data Owners (Users)?  Is it really possible to secure all Iaas, PaaS and SaaS service models? Methodology The methodology used to gather information for investigation in this research project will be a mixed methodology. Both qualitative and quantitative information gathering strategies will be consolidated together. The essential approach will be qualitative. The primary technique of data collection will be survey and observations. These surveys can be conducted as Electronic survey through mailed questionnaire and online survey. The below survey shows the insight of the cloud users requirements for the security in cloud computing
  • 8. Vinoth Kanna Kolapakkam Venkatesan 7 Questions Answer Options Rating Average Reasons Not Important Medium Important Very Important Privacy YES/NO YES/NO YES/NO Provides insight of the users privacy requirements Cloud Models Public Private Hybrid YES/NO YES/NO YES/NO Data Availability YES/NO YES/NO YES/NO Data Integrity YES/NO YES/NO YES/NO Data Confidentiality YES/NO YES/NO YES/NO Trust YES/NO YES/NO YES/NO Repudiation YES/NO YES/NO YES/NO Loss of control over data YES/NO YES/NO YES/NO Lack of liability of providers YES/NO YES/NO YES/NO Security Standard YES/NO YES/NO YES/NO Development model IaaS SaaS PaaS YES/NO YES/NO YES/NO This survey helps us to determine the various cloud security factors preferred by the cloud users. On the basis of this survey we can get the clear picture of the cloud user
  • 9. Vinoth Kanna Kolapakkam Venkatesan 8 requirements. Based on this we can provide the secure and exact cloud application to the cloud user. The qualitative analysis helps to conclude the overall characteristic of the cloud user towards cloud services. [12] The above survey consist three parts of data security under Data Integrity, Data Confidentiality and Data Availability. To achieve this we use the encryption standard to provide fine-grain access control over the data. Observation In this Research method, all the observation related to the cloud security will observed and recorded. These recorded values are shown in the below graph. These data recordings will show the importance of the data security over the cloud. [5] Security solutions with grouped categories: Pie chart for solutions with grouped categories, showing a clear lack for virtualization security mechanisms in comparison to its importance in terms of concerns citations. [5] The security in data will be implemented based on the above observations in relations to the appropriate security measure. Proposed experiment or Experimental Design Before, watermarking was primarily utilized for advanced copyright administration. Christian Collberg has proposed watermarking to ensure programming methods. [6] The model Deyi Li and his partners suggest offers a two request fluffy participation capacity for securing information owners. [7] This model is extended to add distinct data colours to
  • 10. Vinoth Kanna Kolapakkam Venkatesan 9 secure expansive data formats in the cloud. To protect it, we consolidate the benefits of safe cloud stockpiling and programming watermarking through information shading and trust transaction. We introduce the cloud drops (data colours) into the input photograph and remove colour to restore the original photograph. The colouring procedure utilizes three information attributes to produce the shading: the expected value (Ex) relies on upon the information content, though entropy (En) and hyper-entropy (He) include a random number generated by the encryption algorithm, which are anonymous of the information content and known just to the cloud user. All things considered, these three capacities produce a collection of cloud drops to shape a remarkable "colouring" that cloud providers or other cloud clients cannot distinguish. Data Analysis Once all the above metric data is calculated it is easy to analysis the data. The qualitative information will uncover the examples and recognize variables that researchers were not appraised of. This statistical approach will provide the clear outcome of the cloud users requirement and behaviour towards cloud services. The data analysis will keep track of how the data is been stored and retrieved from the cloud data centres. The data will be watermarked and fragmented into data bits and stored in the data centres. It shows the methodology used to store the data securely using the encryption. Data analysis shows physically how the watermarked data is stored on the server. The encryption key is been used to store the data and retrieve the data we use the decryption key to decrypt the data present in the cloud server. The efficiency of the analysis will be calculated in accordance to the storing and retrieval of data. After this watermarking even the Cloud Service Providers cannot able to view the data present in the cloud server without the permission of the data owner. Potential Outcomes and Limitations The proposed reputation framework and data colouring system to ensure data centre access at a coarse-grained level and secure information access at a fine-grained document level. These are important to the universal acknowledgement of Web-scale cloud computing in individual, business, finances, and computerized government applications. Internet clouds
  • 11. Vinoth Kanna Kolapakkam Venkatesan 10 request that we globalize operating and security models. The interoperability and mesh-up among diverse clouds are completely different issues. Cloud security framework and trust administration will assume an essential part in redesigning combined cloud services. From the above consequences, the possible outcomes can be subdivided as: 1. Better Service Level Agreements (SLAs) between service providers and users 2. Fine-grained access control over the data on the cloud servers 3. The security as a service (SECaaS) and data protection as n service (DPaaS) may grow quickly. The watermarking and data colouring technique used in this research paper will only encrypt the selective types of files, all formats of images. It can be researched and developed to encrypt even videos format data. Limitations There are several limitations in this research study which should be acknowledged. The technical part of the research study is not been implemented professionally. So the resultant output may vary. The research study is conducted only to secure certain types of data over the cloud, not every data types and formats can be secure using this research study. The basic purpose of this research is to create trust between the cloud service providers and cloud users. In order to implement those aspects in real life the technical and system limitations may arise. The data gathering for the study is been done by the student, who lack in trained experience. The system requirement to implement the study is not been properly discussed The lack of technical knowledge may lead to complex cloud application, which will eventually tend to be time consuming during data migration. Ethical Limitations The study utilizing overview is taking measures to ensure that the individuals from the survey are aware of their rights. A participant should feel empowered and taught about
  • 12. Vinoth Kanna Kolapakkam Venkatesan 11 their advantage, and that the endeavour is taking every measure to hold quickly to their rights. Contribution in every period of the audit is wilful and people have the benefit to not share in any or most of the activities. Someone's withdrawal from one activity does not square them from the others; however a couple of results may not be accomplished when uniting data transversely over stages. The framework checking hubs may be configurable, with the objective that individuals can pick not to have specific discernments assembled from their frameworks. The study is generally identified with the associations and is in view of the examination done till now inside different associations and people. An information hand-out will be orchestrated on these analysed rights and the errand by and large. It will have a layout highlighting the noteworthy concentrates moreover contain more all around information for those wishing to request further. This is so individuals are taught. Exactly when data is submitted to the review, it will contain this identifier for association, yet at no time is the identifier joined with the character of the person. The identifier will be given to the individual so they can use it to withdraw at whatever point they need to be barred from the review. Withdrawal from the endeavour will never be tended to. This errand needs to be careful in the data it is get-together to guarantee protection. The data required is about tradition likeness and perceiving device sorts. No record of certified substance on the framework is set away whenever. Conclusion Even though the cloud computing is considered the future of information technology and growing in a fast pace. It is relatively new concept which provides a good application and service to its customers; however there are some security concerns in the cloud computing which make it to not to reach its full potential. Although most of the study deals only with security in cloud either trusts between cloud service providers and cloud users. But this study provides both the trust and security on cloud. Since Cloud Computing influences numerous advances, it likewise acquires their security issues. Conventional web applications, information facilitating, and virtualization have been looked over, yet a
  • 13. Vinoth Kanna Kolapakkam Venkatesan 12 percentage of the arrangements offered are juvenile or in-existent. We have exhibited security issues for cloud models: IaaS, PaaS, and IaaS, which change dependencies upon the model. Reference [1]K. Hwang and D. Li, 'Trusted Cloud Computing with Secure Resources and Data Coloring', IEEE Internet Comput., vol. 14, no. 5, pp. 14-22, 2010. [2]A. Rashidi, 'A Model for User Trust in Cloud Computing', IJCCSA, vol. 2, no. 2, pp. 1-8, 2012. [3]J.Huang and D. Nicol,'Trustmechanismsforcloudcomputing', JCloud ComputAdv SystAppl, vol. 2, no. 1, p. 9, 2013. [4]S. Syed and P. Teja, 'Contemporary Computing and Informatics (IC3I), 2014 International Conference on', Novel data storage and retrieval in cloud database by using frequent access node encryption, vol. 13, no. 2, pp. 353-356, 2014. [5]N. Gonzalez, 'A quantitative analysis of current security concerns and solutions for cloud computing', J Cloud Comput Adv Syst Appl, vol. 1, no. 1, p. 11, 2012. [6]C. Collberg and C. Thomborson, 'Watermarking, tamper-proofing, and obfuscation - tools for software protection', IIEEE Trans. Software Eng., vol. 28, no. 8, pp. 735-746, 2002. [7]D. Li, C. Liu and W. Gan, 'A new cognitive model: Cloud model', Int. J. Intell. Syst., vol. 24, no. 3, pp. 357-375, 2009. [8]G. Garrison, S. Kim and R. Wakefield, 'Success factors for deploying cloud computing', Commun. ACM, vol. 55, no. 9, p. 62, 2012. [9]J. Rittinghouse and J. Ransome, Cloud computing. Boca Raton: CRC Press, 2010. [10]A.Rahbar and O. Yang, 'PowerTrust:A Robustand Scalable ReputationSystem for Trusted Peer- to-Peer Computing', IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 4, pp. 460-473, 2007. [11]T. Carvalho, 'A quantitative analysis of current security concerns and solutions for cloud computing', J Cloud Comput Adv Syst Appl, vol. 1, no. 1, p. 11, 2012. [12]S. Subashini and V. Kavitha, 'A survey on security issues in service delivery models of cloud computing', Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1-11, 2011.
  • 14. Vinoth Kanna Kolapakkam Venkatesan 13 [13]R. Bhadauria and S. Sanyal, 'Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques', International Journal of Computer Applications, vol. 47, no. 18, pp. 47-66, 2012. [14]S. ., 'A SURVEY ON DATA SECURITY IN CLOUD COMPUTING: ISSUES AND MITIGATION TECHNIQUES', IJRET, vol. 02, no. 14, pp. 26-30, 2013. [15]S. Zhu and X. Yang, 'Protecting data in cloud environment with attribute-based encryption', International Journal of Grid and Utility Computing, vol. 6, no. 2, p. 91, 2015.