You are on page 1of 20

Cloud Computing Security: From Single to Multi-Clouds

Abstract:
The use of cloud computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in other words, “interclouds” or “cloud-ofclouds” has emerged recently. This paper surveys recent research related to single and multi-cloud security and addresses possible solutions. It is found that the research into the use of multicloud providers to maintain security has received less attention from the research community than has the use of single clouds. This work aims to promote the use of multi-clouds due to its ability to reduce security risks.

Algorithm Used: Secret Sharing Algorithms:
Data stored in the cloud can be compromised or lost. So, we have to come up with a way to secure those files. We can encrypt them before storing them in the cloud, which sorts out the disclosure aspects. However, what if the data is lost due to some catastrophe befalling the cloud service provider? We could store it on more than one cloud service and encrypt it before we send it off. Each of them will have the same file. What if we use an insecure, easily guessable password to protect the 2012 45th Hawaii International Conference on System Sciences file, or the same one to protect all files? I have often thought that secret sharing algorithms could be employed to good effect in these circumstances instead.

Background
The use of cloud computing has increased rapidly in many organizations. Subashini and Kavitha argue that small and medium companies use cloud computing services for various reasons, including because these services provide fast access to their applications and reduce their infrastructure costs. Cloud providers should address privacy and security issues as a matter of high and urgent priority. Dealing with “single cloud” providers is becoming less popular with customers due to potential problems such as service availability failure and the possibility that there are malicious insiders in the single cloud. In recent years, there has been a move towards “multiclouds”, “intercloud” or “cloud-of-clouds”. This paper focuses on the issues related to the data security aspect of cloud computing. As data and information will be shared with a third party, cloud computing users want to avoid an untrusted cloud provider. Protecting private and important information, such as credit card details or a patient’s medical records from attackers or malicious insiders is of critical importance. In addition, the potential for migration from a single cloud to a multi-cloud environment is examined and research related to security issues in single and multi-clouds in cloud computing are surveyed. The remainder of this paper is organized as follows.

The System describes the beginning of cloud computing and its components. In addition, it presents examples of cloud providers and the benefits of using their services. The system discusses security risks in cloud computing. System analyses the new generation of cloud computing, that is, multi-clouds and recent solutions to address the security of cloud computing, as well as examining their limitations. The System presents suggestions for future work.

NIST describes cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

The three key cloud delivery models are infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). In IaaS, the user can benefit from networking

this data is out of the user’s control. whereas the infrastructure that is managed and controlled by the cloud service provider is in a public cloud. it provides computation resources for users such as Amazon EC2. An example of IaaS is the Amazon web service. while a community cloud is modified for a specific group of customers. for example. NSF joined with Google and IBM to offer academic institutions access to a large-scale distributed infrastructure. First. community. various computing needs are provided as a service. such as Amazon S3. Cloud Service Providers Examples In the commercial world. Cloud service providers should ensure the security of their customers’ data and should be responsible if any security risk . it is the delivery of computer infrastructure as a service. It is the delivery of a computing platform and solution as a service. permit consumers to access online data. As another example. A cloud environment that is accessible for multi-tenants and is available to the public is called a public cloud. This model represents the second layer in the cloud environment architecture. A private cloud is available for a particular group. namely private and public clouds. The infrastructure that is owned and managed by users is in the private cloud. An example of SaaS is the Salesforce. and is managed and shared with unsafe and un trusted servers. the service EC2. private. Hybrid cloud infrastructure is a composition of two or more clouds (private. community. and hybrid clouds. Google Apps or versioning repositories for source code are examples of online collaboration tools. This model represents the third layer in the cloud environment architecture. created by Amazon. Third. For instance. In other words. Data that is accessed and controlled by trusted users is in a safe and secure private cloud. An example of PaaS is Google Apps.infrastructure facilities.com CRM application. or public cloud). In particular. maintaining software or purchasing expensive hardware. under the CLuE program. There are many features of cloud computing. Kamara and Lauter present two types of cloud infrastructure only. cloud storages. data storage and computing services. Second. The service providers take care of the customer's needs by. Running software on the provider’s infrastructure and providing licensed applications to users to use services is known as SaaS. the user runs custom applications using the service provider’s resources. or NirvanixCLoudNAS. Microsoft SkyDrive. Cloud deployment models include public. In PaaS. provides customers with scalable servers.

data recovery. the security responsibility between users and providers is different. in addition to low cost. application security. and security related to third-party resources. Security Risks in Cloud Computing Although cloud service providers can offer benefits to users. Reliability and availability are other benefits of the public cloud. In different cloud service models. In PaaS.affects their customers’ service infrastructure. security risks play a major role in the cloud computing environment. the way the responsibility for privacy and security in a cloud computing environment is shared between consumers and cloud service providers differs between delivery models. data storage. Any customer will be worried about the security of sensitive information such as medical records or financial information. and virtualization security. In SaaS. accessibility vulnerability. users are responsible for taking care of the applications that they build . and use of the network and infrastructure facilities. which are data storage security. Users of online data sharing or network facilities are aware of the potential loss of privacy. integrity. A cloud provider offers many services that can benefit its customers. the users remain responsible for addressing security control of the IT system including the operating systems. such as fast access to their data from any location. Subashini and Kavitha present some fundamental security challenges. Moving databases to a large data centre involves many security challenges such as virtualization vulnerability. protection against hackers. confidentiality. scalability. issues surrounding data integrity and data confidentiality. data transmission security. According to a recent IDC survey . and data loss or theft. However. environmental. According to Amazon. cloud providers are more responsible for the security and privacy of application services than the users. on-demand security controls. whereas. pay-for-use. most notably. privacy and control issues related to data accessed from a third party. their EC2 addresses security control in relation to physical. According to Tabakiet al. This responsibility is more relevant to the public than the private cloud environment because the clients need more strict security requirements in the public cloud. applications and data. the top challenge for 74% of CIOs in relation to cloud computing is security. there are also concerning issues for public cloud computing. Protecting private and important information such as credit card details or patients’ medical records from attackers or malicious insiders is of critical importance.

In IaaS. it is difficult to address the data corruption issue. any damage which occurs to the security of the physical infrastructure or any failure in relation to the management of the security of the infrastructure will cause many problems. Hendricks et al. Cachinet give examples of the risk of attacks from both inside and outside the cloud provider. Data Integrity One of the most important issues related to cloud security risks is data integrity.and run on the platform. Ristenpartet al claim that the levels of security issues in IaaS are different. whereas cloud providers must provide protection for the users’ data. . Cachinet system argue that when multiple clients use cloud storage or when multiple devices are synchronized by one user. However. Another example of breached data occurred in 2009 in Google Docs. users are responsible for protecting operating systems and applications. state that this solution can avoid data corruption caused by some components in the cloud. The impact of security issues in the public cloud is greater than the impact in the private cloud. Cachinet al. The data stored in the cloud may suffer from damage during transition operations from or to the cloud storage provider. the physical infrastructure that is responsible for data processing and data storage can be affected by a security risk. such as the recently attacked Red Hat Linux’s distribution servers. Another example of a risk to data integrity recently occurred in Amazon S3 where users suffered from data corruption. claim that using the Byzantine fault tolerant replication protocol within the cloud is unsuitable due to the fact that the servers belonging to cloud providers use the same system installations and are physically located in the same place. For instance. One of the solutions that they propose is to use a Byzantine fault-tolerant replication protocol within the cloud. In the cloud environment. while cloud providers are responsible for protecting one user’s applications from others. which triggered the Electronic Privacy Information Centre for the Federal Trade Commission to open an investigation into Google’s Cloud Computing Services.

these benefits come at the cost of fully trusting cloud providers with potentially sensitive and important data. unlike previous systems. The latter prevents a misbehaving server from equivocating about the order of operations unless it is willing to fork clients into disjoint sets. The attackers details are not dynamic instead its maintaining the log files to store the attacker details and viewing using data mining concepts which is time consuming job and less security. highly available. . Notably. To overcome this strict tradeoff. Conceptually. and globally accessible. Unlike desktop applications. SPORC: Group Collaboration using Untrusted Cloud Resources Cloud-based services are an attractive deployment model for user-facing applications like word processing and calendaring. We demonstrate SPORC’s flexibility through two prototype applications: a causally-consistent key-value store and a browser-based collaborative text editor. Unfortunately. SPORC allows concurrent. a server observes only encrypted data and cannot deviate from correct execution without being detected. a generic framework for building a wide variety of collaborative applications with untrusted servers. we present SPORC. The data integrity is proving only based on the filename and not on the file blocks or any other public key.Literature Survey: 1. cloud services allow multiple users to edit shared state concurrently and in real-time. The former allows SPORC clients to execute concurrent operations without locking and to resolve any resulting conflicts automatically. permits disconnected operation. In SPORC. SPORC can automatically recover from such malicious forks by leveraging OT’s conflict resolution mechanism. Disadvantages 1. SPORC illustrates the complementary benefits of operational transformation (OT) and fork* consistency. 2. and supports dynamic access control even in the presence of concurrency. while being scalable. low-latency editing of shared state.

entities outsource their data management needs to third-party service providers. There is no feature of automatic blocking the cloud server attackers. It investigates both security and efficiency aspects of the problem and constructs several secure and practical schemes that facilitate integrity and authenticity of query replies while incurring low computational and communication costs. Specifically. This work provides mechanisms to ensure data integrity and authenticity for outsourced databases. Disadvantages 1. 2. Owner data will be stored in un trusted cloud servers. update and access (query) their databases. Authentication and Integrity in Outsourced Databases In the Outsourced Database (ODB) model. this work provides mechanisms that assure the querier that the query results have not been tampered with and are authentic (with respect to the actual data owner). .2. Such a service provider offers mechanisms for its clients to create. store.

To ensure the correctness of users’ data in the cloud. There is no feature of automatic blocking the cloud server attackers.3. our scheme achieves the integration of storage correctness insurance and data error localization. poses many new security challenges which have not been well understood. Extensive security and performance analysis shows that the proposed scheme is highly efficient and resilient against Byzantine failure.e.. the new scheme further supports secure and efficient dynamic operations on data blocks. which has always been an important aspect of quality of service. 2. In this article. Disadvantages 1. malicious data modification attack. where the IT services are under proper physical. Ensuring Data Storage Security in Cloud Computing Cloud Computing has been envisioned as the next generation architecture of IT Enterprise. the identification of misbehaving server(s). including: data update. however. where the management of the data and services may not be fully trustworthy. By utilizing the homomorphic token with distributed verification of erasure-coded data. opposing to its predecessors. logical and personnel controls. In contrast to traditional solutions. Cloud Computing moves the application software and databases to the large data centers. Unlike most prior works. i. Less Security – No cryptographic technique is used on the cloud data . we focus on cloud data storage security. This unique attribute. delete and append. and even server colluding attacks. we propose an effective and flexible distributed scheme with two salient features.

In recent years.System Architecture Existing System: Cloud providers should address privacy and security issues as a matter of high and urgent priority. Dealing with “single cloud” providers is becoming less popular with customers due to potential problems such as service availability failure and the possibility that there are malicious insiders in the single cloud. Disadvantages: 1. “intercloud” or “cloud-of-clouds”. Cloud providers should address privacy and security issues as a matter of high and urgent priority. there has been a move towards “multiclouds”. .

cloud computing users want to avoid an un trusted cloud provider. such as credit card details or a patient’s medical records from attackers or malicious insiders is of critical importance. As data and information will be shared with a third party. Service Availability. 3. Dealing with “single cloud” providers is becoming less popular with customers due to potential problems such as service availability failure and the possibility that there are malicious insiders in the single cloud. Advantages: 1. Data Integrity 2. Proposed System: This paper focuses on the issues related to the data security aspect of cloud computing. Cloud service providers should ensure the security of their customers’ data and should be responsible if any security risk affects their customers’ service infrastructure. In addition. Protecting private and important information. . the potential for migration from a single cloud to a multi-cloud environment is examined and research related to security issues in single and multi-clouds in cloud computing are surveyed. The user runs custom applications using the service provider’s resources 4.2.

. Routers Finding File Hacker Information. It specifies the hardware and software requirements that are required in order to run the application properly.Multi Cloud Table: 3. data manipulation and processing and other specific functionality. The Software Requirement Specification (SRS) is explained in detail.1 Summaries of SRS Functional Requirements Functional Requirement defines a function of a software system and how the system must behave when presented with specific inputs or conditions. Blocked Users. which includes overview of this dissertation as well as the functional and non-functional requirement of this dissertation. Data Integrity Proof at TPA.SYSTEM REQUIREMENT: This Chapter describes about the requirements. File Privacy Management Non. These may include calculations.owner. File Sharing efficiency fairness Attributes File Management.Functional External interface Performance Cloud servers never monitors and controls the TPA LAN . In this system following are the functional requirements: The Owner will divide the file into ‘N’ number of blocks and has to upload the each block the individual cloud servers.Remote Users.cloud server.tpa. SRS for Single To Multi Cloud Functional Control the file access at cloud server.

Alternatively.  The Third party auditor has to maintain the error localization and has to monitor the Cloud Server Activities. . They may relate to emergent system properties such as reliability response time and store occupancy. Remote user and blocked user. Many non-functional requirements relate to the system as whole rather than to individual system features. tpa. owner. User and File Owner  Energy Efficiency: The Energy consumed by the Users to receive the File information from the cloud server  Reliability: The system should be reliable and must not degrade the performance of the existing system and should not lead to the hanging of the system. cloud server. they may define constraints on the system such as the capability of the Input Output devices and the data representations used in system interfaces. The following non-functional requirements are worthy of attention. The key non-functional requirements are:  Security: The system should allow a secured communication between Cs and TPA. The Cloud server has to authorize the valid remote users.  The Remote user has to user correct Secret key and file name. If anyone is wrong then he is detected as attacker. This means they are often critical than the individual functional requirements. if the Remote user is hacker then he has to block in the cloud server. as the name suggests. Non – Functional Requirements Non – Functional requirements.  The Attributes are File Management. The data should be integrated by the cloud server. are those requirements that are not directly concerned with the specific functions delivered by the system.

efficiency. The amount of the time the cs allocated for File transmission and reception is called cs busy time.Performance The network performance can be determined by few terms such as the cloud busy time. The MAC layer utilization level can be determined by noticing whether the medium is busy or idle. The channel or medium utilization level can be defined as average rate of reliable packets delivered through the channel. 1. File utilization level. The main factor deciding buffer overflow is interface queue length when the queue length is limited in the network. The binary values are used for indicating MAC layer utilization level. The unit of time which makes delay to transmit a packet is called channel access delay time. fairness and imbalance. The efficiency of the communication is calculated by number hops the successful packets travelled to the total number of packets placed (dropped and retransmitted also included) in the Network. fairness and imbalance. The main terms that are to be calculated to determine the network performance are efficiency. Similarly channel is sometimes being idle during communication.0 are used for indicating channel is now busy or idle respectively. .

.Problem Definition The problem of the system incorporates the previous system advantages and extends to find the unauthorized user. Objective The Objective of the system is to Block the attackers in cloud servers automatically using automatic protocol. The proposed system monitors the user requests according the user specified parameters and it checks the parameters for the new and existing users. and prompts for the new users for the parameter to match requirement specified during user creation for new users. The system accepts existing validated user. to prevent the unauthorized data access for preserving data integrity. secret sharing with Byzantine failure and proving the data integrity and batch auditing by the data owners. computing the cloud securely. If the new user prompts parameter matches with cloud server. it gives privileges to access the Audit protocol author wise the system automatically blocks the Audit protocol for specific user.

One of the solutions that they propose is to use a Byzantine fault-tolerant replication protocol within the cloud. . The data stored in the cloud may suffer from damage during transition operations from or to the cloud storage provider. such as the Amazon cloud service. If someone gains access to an Amazon account password. Thus the stolen password allows the hacker to erase all the information inside any virtual machine instance for the stolen user account. Hendricks et al. and since Amazon allows a lost password to be reset by email. or even disable its services. Dep SKy System Model Data Integrity: One of the most important issues related to cloud security risks is data integrity. Data Intrusion 3. Service Availability 4. the hacker may still be able to log in to the account after receiving the new reset password. Cachinet al. modify it. Furthermore.Module Description: 1.Claim that using the Byzantine faulttolerant replication protocol within the cloud is unsuitable due to the fact that the servers belonging to cloud providers use the same system installations and are physically located in the same place. such as the recently attacked Red Hat Linux’s distribution servers. However. another security risk that may occur with a cloud provider. Data Integrity 2. is a hacked password or data intrusion. there is a possibility for the user’s email(Amazon user name) to be hacked (see for a discussion of the potential risks of email). Data Intrusion: According to Garfinkel. they will be able to access all of the account’s instances and resources. State that this solution can avoid data corruption caused by some components in the cloud. Cachinet al. give examples of the risk of attacks from both inside and outside the cloud provider.

Readers can fail arbitrarily (for example. . and four cloud storage providers. Amazon mentions in its licensing agreement that it is possible that the service might be unavailable from time to time.Service Availability: Another major concern in cloud services is service availability. Cryptography Techniques Implementing Elliptic curve cryptography for encrypting and decrypting the owner data. they can fail from time to time and then display any behavior) whereas. if any damage occurs to any Amazon web service and the service fails. writers. DepSKy System Model: The DepSky system model contains three parts: readers. they can fail by crashing. In addition. The user’s web service may terminate for any reason at any time if any user’s files break the cloud storage policy. Bessani et al. in this case there will be no charge to the Amazon Company for this failure. writers only fail by crashing. where readers and writers are the client’s tasks. Companies seeking to protect services from such failure need measures such as backups or use of multiple providers. explain the difference between readers and writers for cloud storage.

1.Networking) : JavaScript.44 MB Key Board Mouse Monitor .256 MB(min) . Database Connectivity : Mysql.20 GB Floppy Drive .1. .Standard Windows Keyboard .1 Ghz .RMI.System Configuration:- H/W System Configuration:Processor Speed RAM Hard Disk .Swing.0/6.Two or Three Button Mouse – SVGA S/W System Configuration:Operating System Application Server Front End Scripts : Windows95/98/2000/XP : Tomcat5.Pentium –III .X : Java (AWT.

namely MaxAccu Cloak and MinComm Cloak. are designed based on different performance objectives. Experimental results show that our proposed mobility-aware cloaking algorithms significantly improve the quality of location cloaking in terms of an entropy measure without compromising much on query latency or communication cost. Two cloaking algorithms. First. In this paper. we develop an efficient polynomial algorithm for evaluating circularregion. Moreover. . and to transform location-based queries into region-based queries. To protect location privacy. it also raises concerns over potential intrusion into user location privacy. Second.Future Enhancement #1 Generating Alerts On Mobile Devices Using MaxAccu Cloak Algorithm In location-based services. While this ubiquitous computing paradigm brings great convenience for information access. namely bulk and progressive. are presented to return query results either all at once or in an incremental manner. the progressive query processing mode achieves a shorter response time than the bulk mode by parallelizing the query evaluation and result transmission. we study the representation of cloaking regions and show that a circular region generally leads to a small result size for region based queries. one typical approach is to cloak user locations into spatial regions based on user-specified privacy requirements. users with location-aware mobile devices are able to make queries about their surroundings anywhere and at any time. we identify and address three new issues concerning this location cloaking approach. we develop a mobility-aware location cloaking technique to resist trace analysis attacks. Two query processing modes.based kNN queries. Finally.

Burns. Chockler. Tessaro. pp. http://www. Keidar and D.nist. Peterson and D. pp. G. 2009. Vukolic. Kissner. 18(5). Abraham. Birman.D. "Provable data possession at untrusted stores". "HAIL: A high-availability and integrity layer for cloud storage". Conf. Research Report RZ. Haas and M. 3783. Song. L. Abu-Libdeh. 2011. Cachin. I. on Data Engineering. Metwally. Ateniese. 40.4th Hawaii Intl. 598-609. 2007. 2005. "Using Multi Shares for Ensuring Privacy in Database-as-aService". "RACS: a case for cloud storage diversity". pp. EuroSys'11:Proc. 2010. 14th ACM communications security. pp. SIGACT News. R. Keidar and A.Conf. 19thIntl."Toward a cloud computing research agenda". Cachin. "DepSky: dependable and secure storage in a cloud-of-clouds". pp. October3. [4] D. 2011. [12] C. 31-46. Distributed Computing. pp. 387-408. 6thConf. 1709-1716. B. ACM SIGACT News. Pardede. 2009. M. pp.References [1] (NIST). Web services licensing agreement. Z. Agrawal. R. Oprea. "Optimal resilience for erasure-coded Byzantine distributed storage". El Abbadi. pp. [5] M.2006. 1st ACM symposium on Cloud computing. On Computer systems. A. F. 1-9. Amazon Web Services. [8] A.[6] Amazon. [7] G. Malkhi. SoCC'10:Proc. 68-80. 40. Conf. on Computer and . AlZain and E. [2] I. I. Proc. 2006. pp. 81-86. Conf. Juels and A. Weatherspoon. Bowers. L. R.A. F. [13] C. 2009. CCS'09: Proc. Bessani. on Computer and communications security. on Distributed Computing. A. Quaresma. Emekci and A. Cachin and S. 497-498. J. Sousa.gov/itl/cloud/. 229-240. [9] K. [11] C. Curtmola. Chockler and R. "Database Management as a Service: Challenges and Opportunities". DISC:Proc. Princehouse and H.25thIntl. Shraer. pp. Correia. 2010. G. 187-198. ICDE'09:Proc. [10] K. "Byzantine disk paxos: optimal resilience with Byzantine shared memory". on System Sciences (HICSS). 2009. 16th ACM Conf. van Renesse. "Dependable storage in the Intercloud". André and P. [3] H. "Trusting the cloud". Herring.

pp. and SQS".L. pp. 2010. "Cloud computing roundtable". 2007. Reiter. Ransome. 2008. Computer Science Group. Garfinkel. pp. 60-67. Modadugu and D. 2007. Ganger and M. 1(6). "Reliable distributed storage". Goodson. Clavister White Paper. [20] E. Conf. Keidar and M. [24] A. Juels and B.W. Operating Systems Review. Harvard University. Kaliski Jr.[14] M. J. [15] G. pp. IEEE Security and Privacy.S. 2003. Shacham. "Efficient Byzantine-tolerant erasure-coded storage". Freedman and E. M.P. 2003. 5498 . Vukolic. 1-14. 17-23. J. W. Goh. [16] Clavister. Citeseer. IEEE Security & Privacy. "Security in the cloud". Ganger and M. 1-15. [18] S. 1998. "SPORC: Group collaboration using untrusted cloud resources". G. 33. 2007. Liskov.K. [22] E. Reiter. Computer.J. CCS '07: Proc. Castro and B.NDSS: Proc. Boneh. 73-86. Wylie.R. "Email-based identification and authentication: An alternative to PKI?".J. on Dependable Systems and Networks. Schmidt.1-22. J. October2010. 14th ACM Conf. Garfinkel. 42. [21] G. [19] S.DSN'04: Proc. Howie.J. 584-597. Network and Distributed System Security Symposium. OSDI. Feldman. G. Hendricks. Felten. Reavis and S. Zeller. [17] A. R. pp. 21st ACM SIGOPS symposium on Operating systems principles. I. pp.R. pp. 131–145. "PORs: Proofs of retrievability for large files".L. Grosse.K. pp. "An evaluation of amazon’s grid computing services: EC2.R. SOSP'07: Proc. N. 173-186. Chockler. . Guerraoui. 20-26. "Lowoverhead byzantine fault-tolerant storage". 8(6). on Computer and communications security.Intl. S3. "SiRiUS: Securing remote untrusted storage". pp. pp.2004. "Practical Byzantine fault tolerance". 2009. [23] J. Technical Report TR-08-07. J. H.