Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
1Activity
×
0 of .
Results for:
No results containing your search query
P. 1
X.509 Authentication Services to Enhance the Data Security in Cloud Computing

X.509 Authentication Services to Enhance the Data Security in Cloud Computing

Ratings: (0)|Views: 366|Likes:
Published by ijcsis
This paper represents a method to build a Cloud Security by giving concept of X.509 authentication services. We are discussing theory of cloud computing, feature of cloud computing and cloud security .We proposed a X.509 format to enhances data security in cloud (Public). Cloud computing is a new computational paradigm that offers an innovative business model for organization.
This paper represents a method to build a Cloud Security by giving concept of X.509 authentication services. We are discussing theory of cloud computing, feature of cloud computing and cloud security .We proposed a X.509 format to enhances data security in cloud (Public). Cloud computing is a new computational paradigm that offers an innovative business model for organization.

More info:

Published by: ijcsis on May 15, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

06/10/2012

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No.
3
, 2012
X.509 Authentication Services to Enhance the Data Security in CloudComputing
Surbhi Chauhan Kamal Kant Arjun Singh
Department of CSE Department of CSE Department of CSEAmity University Amity University Sir Padampat Singhania UniversityNoida, INDIA Noida, India Udaipur, IndiaSurbhichauhan2009@gmail.com kamalkant25@gmail.com arjun.singh@spsu.ac.in 
 Abstract
— This paper represents a method to build a CloudSecurity by giving concept of X.509 authentication services. Weare discussing theory of cloud computing, feature of cloudcomputing and cloud security .We proposed a X.509 format toenhances data security in cloud (Public). Cloud computing is anew computational paradigm that offers an innovative businessmodel for organization.
I.
 
I
NTRODUCTION
Cloud computing is relay on internet, which have hardwareand software base with provision of computing infrastructure.Clouds concept based on existing technologies such asvirtualization, utility computing or distributed computing.Cloud computing provides effective IT service delivery andmanagement with efficient lower cost.
 A.
 
Service Layers in Cloud Computing
1)
 
Software as Service (SaaS): Saas is at the highest layerand offer application such as service on demand viamultitenancy i.e. means a single instance of softwareserves multiple clients in organization. The example of SaaS is salesforce.com2)
 
Infrastructure as a Service (IaaS)- Cloud outsources theprovision of the computing infrastructure which isrequired to host service. This infrastructure is providedas a service storage and computing resources such asnetworking, operating system, Load balancers as acloud service. The high Profile Iaas operation isAmazon’s Elastic Compute Cloud (Amazon EC2).3)
 
Platform as a Service (PaaS)- Cloud computing canprovide software platform where systems run onexecution of services is made in a transparent manner.Clouds systems provide additional abstraction levelinstead of supplying a virtualized Infrastructure. A wellKnown example is the Google Apps Engine.
 B.
 
Forms of Cloud 
Cloud computing can be categories in three types:1.
 
Private Cloud: Private clouds are on demand infrastructure.It is owned by single customer who controls the applicationrun, and where they have their own servers, networks.Hence the security risk is reduced in Private cloud. Cloudremains behind the firewall to virtualizing the servers.2.
 
Public Cloud: Public cloud does not depend on anyorganization; the services provided in Public clouds can beaccessed by any organization. Chances of security risk areslightly higher in public cloud.3.
 
Hybrid Cloud
:
Hybrid cloud computing is a platformwhich acts as interface between private cloud and publiccloud. It depends on the organizations, which do not wantto put everything in the external cloud (public cloud)while we are hosting some servers in their own internalcloud infrastructure.
C.
 
 Advantages of Cloud Computing
i.
 
Faster, simpler and cost effective servicesii.
 
Highly elastic because resources are occupied on thebasis of demandiii.
 
Optimized utilization of computing resourcesiv.
 
User virtualizes more resource than they have. Forexample unlimited storagev.
 
Energy efficient as less power consume on hardwareand software
 D.
 
Securites issues in Cloud 
Each type of cloud has certain securities issues. Fewsecurities concern is discussed below.i.
 
Many organizations share the resources so there is noabsolute control on physical security in cloud model.
123http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No.
3
, 2012
ii.
 
Organization or government can violate the law (risk of data seizure by foreign government)iii.
 
Storage services provided by one vendor may beincompatible with another vendor’s services, if user wantsto move from one vendor to another.iv.
 
Ensuring and maintaining the integrity of data is achallenge.v.
 
In case of Payment Card Industry Data SecurityStandard (PCIDSS) data logs must be provided tosecurity managers and regulators.vi.
 
User must keep up to date with application improvementto ensure they are protected.vii.
 
Due to dynamic and fluid nature of virtual machine, itbecomes very difficult to maintain the consistency of security and ensure the auditability of-records.II.
 
X.509
AUTHENTICATION SERVICE TO ENHANCE DATASECURITY IN CLOUD
 Security is always an issue in cloud computing. In thispaper we are proposing X.509 authentication service techniqueto secure the data in public cloud.In public cloud there is always a high risk for data, systemfiles, and network traffic and host security as they arevulnerable to attack and has lack of strong authenticationmechanism. In this paper, we are proposing the concept of X.509 authentication service to ensure the security of data incloud. X.509 is relay on asymmetric key cryptography anddigital signature. Asymmetric key cryptography and digitalsignature scheme enhance the security of cloud computing.X.509 technique is widely used in S/MIME IPsec, SSL/TTLand SET.X.509 has three alternatives authentication procedure, one wayauthentication, two way authentication and three-wayauthentications. All these procedures relay on asymmetric keycryptography and digital signature. In asymmetric keycryptography it is assumed that two parties (sender andreceiver) share their public key. Here we will apply three wayauthentication techniques due to its extra advantages over twoother procedures.Let’s assume there is two enterprise called A and B as shownin figure 1.0. Enterprise A has public cloud and providingSaas, Paas, Iass services and Database.A user from enterprise B wants to access the data in securemanner from the public cloud. Three-way authenticationsinvolve transfer of information from A to B in X.509, andestablish the following:a.
 
A User from enterprise B, sends a request to get a securedata from Enterprise A.b.
 
Enterprise A, sends a message consist a nonce r(a),identity of B and message signed with A’s private key.The nonce value must be unique and it must be completedwithin expiration time of message. It is used to detectreplay attack.c.
 
Enterprise B, sends a message, consist of nonce r(b),identity of enterprise A, sign data with authenticity andintegrity, and a session key encrypted with A’s publickey.d. A final message from enterprise A to enterprise B sends,which includes a signed copy of the nonce r(b)In three-way authentication, no need to check the timestamp.Each side can check the returned nonce value to detect thereplay attacks. On the other hand in two-way authentication,timestamp must be checked.III.
 
CERTIFICATEThe main part of X.509 is the public key certificate related toeach user. These user certificates are created by certificationauthority (CA). Let’s assume, Enterprise A has obtained thecertificate from CA, called X1 and enterprise B obtain thecertificate called X2. If enterprise A securely knows the publickey of X2(Certification Authority), then A can read B’scertificate and verifies the signature.CA signs the certificate (X1) of Enterprise A. User in B musthave a copy of the CA’s own public Key.So in cloud computing integrity and authenticity can beenhanced by the X.509 certificate service.Figure 1.0
124http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->