ABSTRACT:Placing critical data in the hands of a cloud providershould come with the guarantee of security and availability for data at rest,in motion, and in use.
Several alternatives exist for storage services, whiledata confidentiality solutions for the database as a service paradigm are stillimmature. We propose a novel architecture that integrates cloud databaseservices with data confidentiality and the possibility of executing concurrentoperations on encrypted data. Our proposed work will provide the high securityto the data which is stored in cloud.
INTRODUCTIONCloud Computing: Cloudcomputing is the use of computingresources (hardware and software) that are delivered as a service over anetwork (typically the Internet). The name comes from the common use of a cloud-shaped symbol as anabstraction for the complex infrastructure it contains in system diagrams.Cloud computing entrusts remote services with a user’s data, software andcomputation. Cloud computing consists of hardware and software resources madeavailable on the Internet as managed third-party services. These servicestypically provide access to advanced software applications and high-endnetworks of server computers.Structure ofcloud computingHow Cloud Computing Works?The goal of cloud computing is to apply traditional supercomputing, or high-performance computing power, normally usedby military and research facilities, to perform tens of trillions ofcomputations per second, in consumer-oriented applications such as financialportfolios, to deliver personalized information, to provide data storage or topower large, immersive computer games.
The cloud computing uses networks of large groups of servers typically running low-cost consumer PC technology withspecialized connections to spread data-processing chores across them. Thisshared IT infrastructure contains large pools ofsystems that are linked together. Often, virtualization techniques are used tomaximize the power of cloud computing. Characteristics and Services Models: The salient characteristicsof cloud computing based on the definitions provided by the NationalInstitute of Standards and Terminology (NIST) are outlined below: On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider. Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.
g., mobile phones, laptops, and PDAs). Resource pooling: The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location-independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center).
Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be managed, controlled, and reported providing transparency for both the provider and consumer of the utilized service. Characteristicsof cloud computing Services Models: Cloud Computing comprises three different service models, namelyInfrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), andSoftware-as-a-Service (SaaS). The three service models or layer are completedby an end user layer that encapsulates the end user perspective on cloudservices. The model is shown in figure below.
If a cloud user accesses serviceson the infrastructure layer, for instance, she can run her own applications onthe resources of a cloud infrastructure and remain responsible for the support,maintenance, and security of these applications herself. If she accesses aservice on the application layer, these tasks are normally taken care of by thecloud service provider.Structure of service modelsBenefitsof cloud computing: Achieve economies of scale – increase volume output or productivity with fewer people. Your cost per unit, project or product plummets. Reduce spending on technology infrastructure.
Maintain easy access to your information with minimal upfront spending. Pay as you go (weekly, quarterly or yearly), based on demand. Globalize your workforce on the cheap. People worldwide can access the cloud, provided they have an Internet connection. Streamline processes. Get more work done in less time with less people.
Reduce capital costs. There’s no need to spend big money on hardware, software or licensing fees. Improve accessibility. You have access anytime, anywhere, making your life so much easier! Monitor projects more effectively. Stay within budget and ahead of completion cycle times. Less personnel training is needed. It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware and software issues. Minimize licensing new software.
Stretch and grow without the need to buy expensive software licenses or programs. Improve flexibility. You can change direction without serious “people” or “financial” issues at stake. Advantages:1.
Price: Pay for only the resources used.2. Security:Cloud instances are isolated in the network from other instances for improvedsecurity.3.
Performance:Instances can be added instantly for improved performance. Clients have accessto the total resources of the Cloud’s core hardware.4. Scalability:Auto-deploy cloud instances when needed.5. Uptime:Uses multiple servers for maximum redundancies.
In case of server failure,instances can be automatically created on another server.6. Control:Able to login from any location. Server snapshot and a software library letsyou deploy custom instances.7.
Traffic:Deals with spike in traffic with quick deployment of additional instances tohandle the load.Cloud Security:Cloud computing security is a fast-growingservice that provides many of the same functionalities as traditional ITsecurity. This includes protecting critical information from theft, dataleakage and deletion. One of the benefits of cloud services is that you canoperate at scale and still remain secure.
It is similar to how you currentlymanage security, but now you have new ways of delivering security solutionsthat address new areas of concern. Cloud security does not change the approachon how to manage security from preventing to detective and corrective actions.but it does however give you the ability to perform these activities in a more agilemanner. Your data is secured within data centers and where some countriesrequire data to be stored in their country, choosing a provider that hasmultiple data centers across the world can help to achieve this.
Data storageoften includes certain compliance requirements especially when storing creditcard numbers or health information. Many cloud providers offer independentthird party audit reports to attest that their internal process exist and areeffective in managing the security within their facilities where you store yourdata.LITERATURE SURVY:W. Jansen and T.
Grance Guidelineson Security and Privacy in Public Cloud ComputingCloud computing can and does mean different things todifferent people. The common characteristics most interpretations share areon-demand scalability of highly available and reliable pooled computingresources, secure access to metered services from nearly anywhere, anddisplacement of data and services from inside to outside the organization.While aspects of these characteristics have been realized to a certain extent,cloud computing remains a work in progress. This publication provides anoverview of the security and privacy challenges pertinent to public cloudcomputing and points out considerations organizations should take whenoutsourcing data, applications, and infrastructure to a public cloudenvironment.
P. Mahajan, S. Setty, S. Lee, A.Clement, L. Alvisi, M. Dahlin, and M. Walfish,Depot: Cloud Storage withMinimal TrustThis article describes the design, implementation, andevaluation of Depot, a cloud storage system that minimizes trust assumptions.
Depot tolerates buggy or malicious behavior by any number of clients orservers, yet it provides safety and liveness guarantees to correct clients.Depot provides these guarantees using a two-layer architecture. First, Depotensures that the updates observed by correct nodes are consistently orderedunder Fork-Join-Causal consistency (FJC). FJC is a slight weakening of causalconsistency that can be both safe and live despite faulty nodes. Second, Depotimplements protocols that use this consistent ordering of updates to provideother desirable consistency, staleness, durability, and recovery properties.Our evaluation suggests that the costs of these guarantees are modest and thatDepot can tolerate faults and maintain good availability, latency, overhead,and staleness even when significant faults occur. H. Hacigu¨mu¨ s¸, B.
Iyer, and S.MehrotraProviding Database as a Service We explore a novel paradigm for data management inwhich a third party service provider hosts “database as a service”,providing its customers with seamless mechanisms to create, store, and accesstheir databases at the host site. Such a model alleviates the need for organizationsto purchase expensive hardware and software, deal with software upgrades, andhire professionals for administrative and maintenance tasks which are takenover by the service provider. We have developed and deployed a database serviceon the Internet, called NetDB2, which is in constant use.
In a sense, a datamanagement model supported by NetDB2 provides an effective mechanism fororganizations to purchase data management as a service, thereby freeing them toconcentrate on their core businesses. Among the primary challenges introducedby “database as a service” are the additional overhead of remoteaccess to data, an infrastructure to guarantee data privacy, and user interfacedesign for such a service. These issues are investigated. We identify dataprivacy as a particularly vital problem and propose alternative solutions basedon data encryption.
The paper is meant as a challenge for the databasecommunity to explore a rich set of research issues that arise in developingsuch a service. C. Gentry Fully HomomorphicEncryption Using Ideal LatticesWe propose a fully homomorphic encryption scheme –i.e., a scheme that allows one to evaluate circuits over encrypted data withoutbeing able to decrypt.
Our solution comes in three steps. First, we provide ageneral result — that, to construct an encryption scheme that permits evaluationof arbitrary circuits, it suffices to construct an encryption scheme that canevaluate (slightly augmented versions of) its own decryption circuit; we call ascheme that can evaluate its (augmented) decryption circuit bootstrappable.Next,we describe a public key encryption scheme using ideal lattices that is almostbootstrappable.Lattice-based cryptosystems typically have decryptionalgorithms with low circuit complexity, often dominated by an inner productcomputation that is in NC1. Also, ideal lattices provide both additive andmultiplicative homomorphisms (modulo a public-key ideal in a polynomial ringthat is represented as a lattice), as needed to evaluate general circuits.Unfortunately,our initial scheme is not quite bootstrappable — i.e.
, the depth that thescheme can correctly evaluate can be logarithmic in the lattice dimension, justlike the depth of the decryption circuit, but the latter is greater than theformer. In the final step, we show how to modify the scheme to reduce the depthof the decryption circuit, and thereby obtain a bootstrappable encryptionscheme, without reducing the depth that the scheme can evaluate. Abstractly, weaccomplish this by enabling the encrypter to start the decryption process,leaving less work for the decrypter, much like the server leaves less work forthe decrypter in a server-aided cryptosystem.
H. Hacigu¨mu¨ s¸, B. Iyer, C. Li,and S. Mehrotra Executing SQL over Encrypted Data in theDatabase-Service-Provider Model Rapid advances in networking and Internet technologieshave fueled the emergence of the “software as a service” model forenterprise computing. Successful examples of commercially viable softwareservices include rent-a-spreadsheet, electronic mail services, general storageservices, disaster protection services. “Database as a Service” modelprovides users power to create, store, modify, and retrieve data from anywherein the world, as long as they have access to the Internet. It introducesseveral challenges, an important issue being data privacy.
It is in thiscontext that we specifically address the issue of data privacy. Ahmed Albugmi, Madini O. Alassafi, Robert WaltersDatasecurity in cloud computingThis paper discusses the security of data in cloud computing.It is a study of data in the cloud and aspects related to it concerningsecurity. The paper will go in to details of data protection methods andapproaches used throughout the world to ensure maximum data protection byreducing risks and threats.
Availability of data in the cloud is beneficial formany applications but it poses risks by exposing data to applications whichmight already have security loopholes in them. Similarly, use of virtualizationfor cloud computing might risk data when a guest OS is run over a hypervisorwithout knowing the reliability of the guest OS which might have a securityloophole in it. The paper will also provide an insight on data security aspectsfor Data-in-Transit and Data-at-Rest. The study is based on all the levels ofSaaS (Software as a Service), PaaS (Platform as a Service) and IaaS(Infrastructure as a Service). Deyan Chen, Hong ZhaoData Security and Privacy Protection Issues in CloudComputingIt is well-known that cloud computing has manypotential advantages and many enterprise applications and data are migrating topublic or hybrid cloud. But regarding some business-critical applications, theorganizations, especially large enterprises, still wouldn’t move them to cloud.The market size the cloud computing shared is still far behind the oneexpected. From the consumers’ perspective, cloud computing security concerns,especially data security and privacy protection issues, remain the primary inhibitorfor adoption of cloud computing services.
This paper provides a concise butall-round analysis on data security and privacy protection issues associatedwith cloud computing across all stages of data life cycle. Then this paperdiscusses some current solutions. Finally, this paper describes future researchwork about data security and privacy protection issues in cloud.SCOPE:Placing the data in third party hands will raise the issueof privacy and security. They will provide their own security for the owner’sdata. But we need to secure our data. Sobefore sending the data to cloud we need to secure it.
Then only we can protectour data from attackers. Our proposed work can provide the high security todata which is stored in the cloud from the unauthorized peoples. PROBLEM STATEMENT: Despite the fact that Security,Privacy and Trust issues exists since the advancement of Internet, the reasonwhy they are generally talked nowadays is a direct result of the CloudComputing scenario.
Any customer/little firms/enterprise that processesinformation in the cloud is subjected to a characteristic level of risk inlight of the fact that outsourced services sidestep the “physical, logicaland personnel controls” of the client. While storing information on cloud,one might need to ensure if the information is effectively storing and can berecovered later. As the measure of information stored by the cloud for acustomer can be tremendous, it is unfeasible (and may likewise be costly) torecover every one of the information, if one’s motivation is simply to ensurethat it is stored effectively. Consequently there is a need to give suchassurances to a customer. Subsequently, it is essential for both the cloudsupplier and the client to have common put stock in such that the cloudsupplier can be guaranteed that the client isn’t some malicious hacker and theclient can be guaranteed of information consistency, information stockpilingand the example he/she is running isn’t malicious. Consequently the need forcreating trust models/protocols is demanding. OBJECTIVE: Cloud computing is facing the problemof security issue. Cloud provider needs to give the guarantee from themalicious user.
Cloud provider is the third party person. So we need to providehigh security to our data. Existing security algorithms such as AES, DiffieHellmen Key are not providing the high security.Our proposed work can provide the high security to our data. We are providingdata audit and security in every level of storing data in cloud. So ourproposed work can provide high security to the data which is stored in thecloud. HYPOTHESIS:Ourresearch work will be developed using java in cloud computing. Cloud providersshould give the assurance to the user’s data from the malicious users.
We areconsidering the every security step in our algorithm to provide the highsecurity to user’s data in the cloud. EXPECTED OUTCOME: Partial outcome of our proposed work is to provide the highsecurity to cloud data. We need to consider following parameters.
· How many types attackercan hack the data in cloud?· What are the loop holesin the cloud?· What type of securitystrategy we need to follow? RESEARCH METHODOLOGY: To overcome from the existing algorithm problems in cloudcomputing security we are proposing new algorithm to provide security. Ourproposed work can provide the high security to data which is stored in thecloud. It can give assurance to users data from the malicious hackers. CONCLUSION: Wepropose an innovative architecture that guarantees confidentiality of datastored in public cloud databases. Unlike state-of-the-art approaches, oursolution does not rely on an intermediate proxy that we consider a single pointof failure and a bottleneck limiting availability and scalability of typicalcloud database services. A large part of the research includes solutions tosupport concurrent SQL operations (including statements modifying the databasestructure) on encrypted data issued by heterogenous and possibly geographicallydispersed clients. The proposed architecture does not require modifications tothe cloud database, and it is immediately applicable to existing cloud DBaaS,such as the experimented PostgreSQL Plus Cloud Database, Windows Azure, andXeround .
There are no theoretical and practical limits to extend our solutionto other platforms and to include new encryption algorithms. REFERENCES:1. M. Armbrust et al., “A View of Cloud Computing,”Comm. of the ACM, vol. 53, no. 4, pp.
50-58, 2010.2. W. Jansen and T. Grance, “Guidelines on Security andPrivacy in Public Cloud Computing,” Technical Report Special Publication800-144, NIST, 2011.3. A.J.
Feldman, W.P. Zeller, M.J. Freedman, and E.W. Felten,”SPORC: Group Collaboration Using Untrusted Cloud Resources,” Proc.
NinthUSENIX Conf. Operating Systems Design and Implementation, Oct. 2010.4.
J. Li, M. Krohn, D. Mazie`res, and D. Shasha,”Secure Untrusted Data Repository (SUNDR),” Proc. Sixth USENIX Conf. OpeartingSystems Design and Implementation, Oct. 2004.
5. P. Mahajan, S. Setty, S. Lee, A.
Clement, L. Alvisi,M. Dahlin, and M. Walfish, “Depot: Cloud Storage with Minimal Trust,” ACMTrans. Computer Systems, vol. 29, no. 4, article 12, 2011.6.
H. Hacigu¨mu¨ s¸, B. Iyer, and S. Mehrotra,”Providing Database as a Service,” Proc. 18th IEEE Int’l Conf. Data Eng.
, Feb.2002. 7.
C. Gentry, “Fully Homomorphic Encryption Using IdealLattices,” Proc. 41st Ann. ACM Symp. Theory of Computing, May 2009.8.
R.A. Popa, C.M.S.
Redfield, N. Zeldovich, and H.Balakrishnan, “CryptDB: Protecting Confidentiality with Encrypted QueryProcessing,” Proc. 23rd ACM Symp. Operating Systems Principles, Oct. 2011.9.
H. Hacigu¨mu¨ s¸, B. Iyer, C. Li, and S. Mehrotra,”Executing SQL over Encrypted Data in the Database-Service-Provider Model,”Proc. ACM SIGMOD Int’l Conf.
Management Data, June 2002.10. J. Li and E. Omiecinski, “Efficiency and SecurityTrade-Off in Supporting Range Queries on Encrypted Databases,” Proc.
19thAnn. IFIP WG 11.3 Working Conf. Data and Applications Security, Aug. 2005.11. E. Mykletun and G.
Tsudik, “Aggregation Queries inthe Database-as-a-Service Model,” Proc. 20th Ann. IFIP WG 11.3 Working Conf.
Data and Applications Security, July/Aug. 2006.12. D. Agrawal, A.E. Abbadi, F.
Emekci, and A. Metwally,”Database Management as a Service: Challenges and Opportunities,” Proc. 25thIEEE Int’l Conf.
Data Eng., Mar.-Apr. 2009.13.
V. Ganapathy, D. Thomas, T. Feder, H. Garcia-Molina,and R. Motwani, “Distributing Data for Secure Database Services,” Proc. FourthACM Int’l Workshop Privacy and Anonymity in the Information Soc., Mar.
2011.14. A. Shamir, “How to Share a Secret,” Comm. of theACM, vol. 22, no. 11, pp. 612-613, 1979.
15. M. Hadavi, E. Damiani, R. Jalili, S.
Cimato, and Z.Ganjei, “AS5: A Secure Searchable Secret Sharing Scheme for Privacy PreservingDatabase Outsourcing,” Proc. Fifth Int’l Workshop Autonomous and SpontaneousSecurity, Sept. 2013.16. “Oracle Advanced Security,” Oracle Corporation, http://www.oracle.
com/technetwork/database/options/advanced-security, Apr. 2013.17. G. Cattaneo, L. Catuogno, A.
D. Sorbo, and P.Persiano, “The Design and Implementation of a Transparent Cryptographic FileSystem For Unix,” Proc. FREENIX Track: 2001 USENIX Ann.
Technical Conf., Apr.2001.18.
E. Damiani, S.D.C. Vimercati, S. Jajodia, S.Paraboschi, and P.
Samarati, “Balancing Confidentiality and Efficiency inUntrusted Relational Dbmss,” Proc. Tenth ACM Conf. Computer and Comm. Security,Oct. 2003.
19. L. Ferretti, M. Colajanni, and M.
Marchetti,”Supporting Security and Consistency for Cloud Database,” Proc. Fourth Int’lSymp. Cyberspace Safety and Security, Dec. 2012.