Placing critical data in the hands of a cloud provider
should come with the guarantee of security and availability for data at rest,
in motion, and in use. Several alternatives exist for storage services, while
data confidentiality solutions for the database as a service paradigm are still
immature. We propose a novel architecture that integrates cloud database
services with data confidentiality and the possibility of executing concurrent
operations on encrypted data. Our proposed work will provide the high security
to the data which is stored in cloud.
computing is the use of computing
resources (hardware and software) that are delivered as a service over a
network (typically the Internet). The name comes from the common use of a cloud-shaped symbol as an
abstraction for the complex infrastructure it contains in system diagrams.
Cloud computing entrusts remote services with a user’s data, software and
computation. Cloud computing consists of hardware and software resources made
available on the Internet as managed third-party services. These services
typically provide access to advanced software applications and high-end
networks of server computers.
How Cloud Computing Works?
The goal of cloud computing is to apply traditional supercomputing, or high-performance computing power, normally used
by military and research facilities, to perform tens of trillions of
computations per second, in consumer-oriented applications such as financial
portfolios, to deliver personalized information, to provide data storage or to
power large, immersive computer games.
The cloud computing uses networks of large groups of servers typically running low-cost consumer PC technology with
specialized connections to spread data-processing chores across them. This
shared IT infrastructure contains large pools of
systems that are linked together. Often, virtualization techniques are used to
maximize the power of cloud computing.
Characteristics and Services Models:
The salient characteristics
of cloud computing based on the definitions provided by the National
Institute of Standards and Terminology (NIST) are outlined below:
A consumer can unilaterally provision computing capabilities, such as
server time and network storage, as needed automatically without requiring
human interaction with each service’s provider.
Capabilities are available over the network and accessed through standard
mechanisms that promote use by heterogeneous thin or thick client
platforms (e.g., mobile phones, laptops, and PDAs).
The provider’s computing resources are pooled to serve multiple consumers
using a multi-tenant model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer demand. There is
a sense of location-independence in that the customer generally has no
control or knowledge over the exact location of the provided resources but
may be able to specify location at a higher level of abstraction (e.g.,
country, state, or data center). Examples of resources include storage,
processing, memory, network bandwidth, and virtual machines.
Capabilities can be rapidly and elastically provisioned, in some cases
automatically, to quickly scale out and rapidly released to quickly scale
in. To the consumer, the capabilities available for provisioning often
appear to be unlimited and can be purchased in any quantity at any time.
Cloud systems automatically control and optimize resource use by
leveraging a metering capability at some level of abstraction appropriate
to the type of service (e.g., storage, processing, bandwidth, and active
user accounts). Resource usage can be managed, controlled, and reported
providing transparency for both the provider and consumer of the utilized
of cloud computing
Cloud Computing comprises three different service models, namely
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and
Software-as-a-Service (SaaS). The three service models or layer are completed
by an end user layer that encapsulates the end user perspective on cloud
services. The model is shown in figure below. If a cloud user accesses services
on the infrastructure layer, for instance, she can run her own applications on
the resources of a cloud infrastructure and remain responsible for the support,
maintenance, and security of these applications herself. If she accesses a
service on the application layer, these tasks are normally taken care of by the
cloud service provider.
Structure of service models
of cloud computing:
economies of scale
– increase volume output or productivity with fewer people. Your cost per
unit, project or product plummets.
spending on technology infrastructure. Maintain easy access to your information with minimal
upfront spending. Pay as you go (weekly, quarterly or yearly), based on
your workforce on the cheap. People worldwide can access the cloud, provided they
have an Internet connection.
Get more work done in less time with less people.
capital costs. There’s
no need to spend big money on hardware, software or licensing fees.
You have access anytime, anywhere, making your life so much easier!
projects more effectively. Stay within budget and ahead of completion cycle
personnel training is needed. It takes fewer people to do more work on a cloud, with
a minimal learning curve on hardware and software issues.
licensing new software. Stretch and grow without the need to buy expensive
software licenses or programs.
You can change direction without serious “people” or “financial” issues at
Price: Pay for only the resources used.
Cloud instances are isolated in the network from other instances for improved
Instances can be added instantly for improved performance. Clients have access
to the total resources of the Cloud’s core hardware.
Auto-deploy cloud instances when needed.
Uses multiple servers for maximum redundancies. In case of server failure,
instances can be automatically created on another server.
Able to login from any location. Server snapshot and a software library lets
you deploy custom instances.
Deals with spike in traffic with quick deployment of additional instances to
handle the load.
Cloud computing security is a fast-growing
service that provides many of the same functionalities as traditional IT
security. This includes protecting critical information from theft, data
leakage and deletion. One of the benefits of cloud services is that you can
operate at scale and still remain secure. It is similar to how you currently
manage security, but now you have new ways of delivering security solutions
that address new areas of concern. Cloud security does not change the approach
on how to manage security from preventing to detective and corrective actions.
but it does however give you the ability to perform these activities in a more agile
manner. Your data is secured within data centers and where some countries
require data to be stored in their country, choosing a provider that has
multiple data centers across the world can help to achieve this. Data storage
often includes certain compliance requirements especially when storing credit
card numbers or health information. Many cloud providers offer independent
third party audit reports to attest that their internal process exist and are
effective in managing the security within their facilities where you store your
W. Jansen and T. Grance Guidelines
on Security and Privacy in Public Cloud Computing
Cloud computing can and does mean different things to
different people. The common characteristics most interpretations share are
on-demand scalability of highly available and reliable pooled computing
resources, secure access to metered services from nearly anywhere, and
displacement of data and services from inside to outside the organization.
While aspects of these characteristics have been realized to a certain extent,
cloud computing remains a work in progress. This publication provides an
overview of the security and privacy challenges pertinent to public cloud
computing and points out considerations organizations should take when
outsourcing data, applications, and infrastructure to a public cloud
P. Mahajan, S. Setty, S. Lee, A.
Clement, L. Alvisi, M. Dahlin, and M. Walfish,Depot: Cloud Storage with
This article describes the design, implementation, and
evaluation of Depot, a cloud storage system that minimizes trust assumptions.
Depot tolerates buggy or malicious behavior by any number of clients or
servers, yet it provides safety and liveness guarantees to correct clients.
Depot provides these guarantees using a two-layer architecture. First, Depot
ensures that the updates observed by correct nodes are consistently ordered
under Fork-Join-Causal consistency (FJC). FJC is a slight weakening of causal
consistency that can be both safe and live despite faulty nodes. Second, Depot
implements protocols that use this consistent ordering of updates to provide
other desirable consistency, staleness, durability, and recovery properties.
Our evaluation suggests that the costs of these guarantees are modest and that
Depot can tolerate faults and maintain good availability, latency, overhead,
and staleness even when significant faults occur.
H. Hacigu¨mu¨ s¸, B. Iyer, and S.
MehrotraProviding Database as a Service
We explore a novel paradigm for data management in
which a third party service provider hosts “database as a service”,
providing its customers with seamless mechanisms to create, store, and access
their databases at the host site. Such a model alleviates the need for organizations
to purchase expensive hardware and software, deal with software upgrades, and
hire professionals for administrative and maintenance tasks which are taken
over by the service provider. We have developed and deployed a database service
on the Internet, called NetDB2, which is in constant use. In a sense, a data
management model supported by NetDB2 provides an effective mechanism for
organizations to purchase data management as a service, thereby freeing them to
concentrate on their core businesses. Among the primary challenges introduced
by “database as a service” are the additional overhead of remote
access to data, an infrastructure to guarantee data privacy, and user interface
design for such a service. These issues are investigated. We identify data
privacy as a particularly vital problem and propose alternative solutions based
on data encryption. The paper is meant as a challenge for the database
community to explore a rich set of research issues that arise in developing
such a service.
C. Gentry Fully Homomorphic
Encryption Using Ideal Lattices
We propose a fully homomorphic encryption scheme —
i.e., a scheme that allows one to evaluate circuits over encrypted data without
being able to decrypt. Our solution comes in three steps. First, we provide a
general result — that, to construct an encryption scheme that permits evaluation
of arbitrary circuits, it suffices to construct an encryption scheme that can
evaluate (slightly augmented versions of) its own decryption circuit; we call a
scheme that can evaluate its (augmented) decryption circuit bootstrappable.
we describe a public key encryption scheme using ideal lattices that is almost
Lattice-based cryptosystems typically have decryption
algorithms with low circuit complexity, often dominated by an inner product
computation that is in NC1. Also, ideal lattices provide both additive and
multiplicative homomorphisms (modulo a public-key ideal in a polynomial ring
that is represented as a lattice), as needed to evaluate general circuits.
our initial scheme is not quite bootstrappable — i.e., the depth that the
scheme can correctly evaluate can be logarithmic in the lattice dimension, just
like the depth of the decryption circuit, but the latter is greater than the
former. In the final step, we show how to modify the scheme to reduce the depth
of the decryption circuit, and thereby obtain a bootstrappable encryption
scheme, without reducing the depth that the scheme can evaluate. Abstractly, we
accomplish this by enabling the encrypter to start the decryption process,
leaving less work for the decrypter, much like the server leaves less work for
the decrypter in a server-aided cryptosystem.
H. Hacigu¨mu¨ s¸, B. Iyer, C. Li,
and S. Mehrotra Executing SQL over Encrypted Data in the
Rapid advances in networking and Internet technologies
have fueled the emergence of the “software as a service” model for
enterprise computing. Successful examples of commercially viable software
services include rent-a-spreadsheet, electronic mail services, general storage
services, disaster protection services. “Database as a Service” model
provides users power to create, store, modify, and retrieve data from anywhere
in the world, as long as they have access to the Internet. It introduces
several challenges, an important issue being data privacy. It is in this
context that we specifically address the issue of data privacy.
Ahmed Albugmi, Madini O. Alassafi, Robert WaltersData
security in cloud computing
This paper discusses the security of data in cloud computing.
It is a study of data in the cloud and aspects related to it concerning
security. The paper will go in to details of data protection methods and
approaches used throughout the world to ensure maximum data protection by
reducing risks and threats. Availability of data in the cloud is beneficial for
many applications but it poses risks by exposing data to applications which
might already have security loopholes in them. Similarly, use of virtualization
for cloud computing might risk data when a guest OS is run over a hypervisor
without knowing the reliability of the guest OS which might have a security
loophole in it. The paper will also provide an insight on data security aspects
for Data-in-Transit and Data-at-Rest. The study is based on all the levels of
SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS
(Infrastructure as a Service).
Deyan Chen, Hong ZhaoData Security and Privacy Protection Issues in Cloud
It is well-known that cloud computing has many
potential advantages and many enterprise applications and data are migrating to
public or hybrid cloud. But regarding some business-critical applications, the
organizations, especially large enterprises, still wouldn’t move them to cloud.
The market size the cloud computing shared is still far behind the one
expected. From the consumers’ perspective, cloud computing security concerns,
especially data security and privacy protection issues, remain the primary inhibitor
for adoption of cloud computing services. This paper provides a concise but
all-round analysis on data security and privacy protection issues associated
with cloud computing across all stages of data life cycle. Then this paper
discusses some current solutions. Finally, this paper describes future research
work about data security and privacy protection issues in cloud.
Placing the data in third party hands will raise the issue
of privacy and security. They will provide their own security for the owner’s
data. But we need to secure our data. So
before sending the data to cloud we need to secure it. Then only we can protect
our data from attackers. Our proposed work can provide the high security to
data which is stored in the cloud from the unauthorized peoples.
Despite the fact that Security,
Privacy and Trust issues exists since the advancement of Internet, the reason
why they are generally talked nowadays is a direct result of the Cloud
Computing scenario. Any customer/little firms/enterprise that processes
information in the cloud is subjected to a characteristic level of risk in
light of the fact that outsourced services sidestep the “physical, logical
and personnel controls” of the client. While storing information on cloud,
one might need to ensure if the information is effectively storing and can be
recovered later. As the measure of information stored by the cloud for a
customer can be tremendous, it is unfeasible (and may likewise be costly) to
recover every one of the information, if one’s motivation is simply to ensure
that it is stored effectively. Consequently there is a need to give such
assurances to a customer. Subsequently, it is essential for both the cloud
supplier and the client to have common put stock in such that the cloud
supplier can be guaranteed that the client isn’t some malicious hacker and the
client can be guaranteed of information consistency, information stockpiling
and the example he/she is running isn’t malicious. Consequently the need for
creating trust models/protocols is demanding.
Cloud computing is facing the problem
of security issue. Cloud provider needs to give the guarantee from the
malicious user. Cloud provider is the third party person. So we need to provide
high security to our data. Existing security algorithms such as AES, Diffie
Hellmen Key are not providing the high security.
Our proposed work can provide the high security to our data. We are providing
data audit and security in every level of storing data in cloud. So our
proposed work can provide high security to the data which is stored in the
research work will be developed using java in cloud computing. Cloud providers
should give the assurance to the user’s data from the malicious users. We are
considering the every security step in our algorithm to provide the high
security to user’s data in the cloud.
Partial outcome of our proposed work is to provide the high
security to cloud data. We need to consider following parameters.
How many types attacker
can hack the data in cloud?
What are the loop holes
in the cloud?
What type of security
strategy we need to follow?
To overcome from the existing algorithm problems in cloud
computing security we are proposing new algorithm to provide security. Our
proposed work can provide the high security to data which is stored in the
cloud. It can give assurance to users data from the malicious hackers.
propose an innovative architecture that guarantees confidentiality of data
stored in public cloud databases. Unlike state-of-the-art approaches, our
solution does not rely on an intermediate proxy that we consider a single point
of failure and a bottleneck limiting availability and scalability of typical
cloud database services. A large part of the research includes solutions to
support concurrent SQL operations (including statements modifying the database
structure) on encrypted data issued by heterogenous and possibly geographically
dispersed clients. The proposed architecture does not require modifications to
the cloud database, and it is immediately applicable to existing cloud DBaaS,
such as the experimented PostgreSQL Plus Cloud Database, Windows Azure, and
Xeround . There are no theoretical and practical limits to extend our solution
to other platforms and to include new encryption algorithms.
1. M. Armbrust et al., “A View of Cloud Computing,”
Comm. of the ACM, vol. 53, no. 4, pp. 50-58, 2010.
2. W. Jansen and T. Grance, “Guidelines on Security and
Privacy in Public Cloud Computing,” Technical Report Special Publication
800-144, NIST, 2011.
3. A.J. Feldman, W.P. Zeller, M.J. Freedman, and E.W. Felten,
“SPORC: Group Collaboration Using Untrusted Cloud Resources,” Proc. Ninth
USENIX Conf. Operating Systems Design and Implementation, Oct. 2010.
4. J. Li, M. Krohn, D. Mazie`res, and D. Shasha,
“Secure Untrusted Data Repository (SUNDR),” Proc. Sixth USENIX Conf. Opearting
Systems Design and Implementation, Oct. 2004.
5. P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi,
M. Dahlin, and M. Walfish, “Depot: Cloud Storage with Minimal Trust,” ACM
Trans. Computer Systems, vol. 29, no. 4, article 12, 2011.
6. H. Hacigu¨mu¨ s¸, B. Iyer, and S. Mehrotra,
“Providing Database as a Service,” Proc. 18th IEEE Int’l Conf. Data Eng., Feb.
7. C. Gentry, “Fully Homomorphic Encryption Using Ideal
Lattices,” Proc. 41st Ann. ACM Symp. Theory of Computing, May 2009.
8. R.A. Popa, C.M.S. Redfield, N. Zeldovich, and H.
Balakrishnan, “CryptDB: Protecting Confidentiality with Encrypted Query
Processing,” Proc. 23rd ACM Symp. Operating Systems Principles, Oct. 2011.
9. H. Hacigu¨mu¨ s¸, B. Iyer, C. Li, and S. Mehrotra,
“Executing SQL over Encrypted Data in the Database-Service-Provider Model,”
Proc. ACM SIGMOD Int’l Conf. Management Data, June 2002.
10. J. Li and E. Omiecinski, “Efficiency and Security
Trade-Off in Supporting Range Queries on Encrypted Databases,” Proc. 19th
Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, Aug. 2005.
11. E. Mykletun and G. Tsudik, “Aggregation Queries in
the Database-as-a-Service Model,” Proc. 20th Ann. IFIP WG 11.3 Working Conf.
Data and Applications Security, July/Aug. 2006.
12. D. Agrawal, A.E. Abbadi, F. Emekci, and A. Metwally,
“Database Management as a Service: Challenges and Opportunities,” Proc. 25th
IEEE Int’l Conf. Data Eng., Mar.-Apr. 2009.
13. V. Ganapathy, D. Thomas, T. Feder, H. Garcia-Molina,
and R. Motwani, “Distributing Data for Secure Database Services,” Proc. Fourth
ACM Int’l Workshop Privacy and Anonymity in the Information Soc., Mar. 2011.
14. A. Shamir, “How to Share a Secret,” Comm. of the
ACM, vol. 22, no. 11, pp. 612-613, 1979.
15. M. Hadavi, E. Damiani, R. Jalili, S. Cimato, and Z.
Ganjei, “AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving
Database Outsourcing,” Proc. Fifth Int’l Workshop Autonomous and Spontaneous
Security, Sept. 2013.
16. “Oracle Advanced Security,” Oracle Corporation, http://www.
oracle.com/technetwork/database/options/advanced-security, Apr. 2013.
17. G. Cattaneo, L. Catuogno, A.D. Sorbo, and P.
Persiano, “The Design and Implementation of a Transparent Cryptographic File
System For Unix,” Proc. FREENIX Track: 2001 USENIX Ann. Technical Conf., Apr.
18. E. Damiani, S.D.C. Vimercati, S. Jajodia, S.
Paraboschi, and P. Samarati, “Balancing Confidentiality and Efficiency in
Untrusted Relational Dbmss,” Proc. Tenth ACM Conf. Computer and Comm. Security,
19. L. Ferretti, M. Colajanni, and M. Marchetti,
“Supporting Security and Consistency for Cloud Database,” Proc. Fourth Int’l
Symp. Cyberspace Safety and Security, Dec. 2012.