Cloud computing has brought a new way that
organizations store and manage their data, due to reduced cost,
robustness and ubiquitous nature. It offers the promise of
massive cost savings along with increased IT agility. But the
storage and access of sensitive data in cloud computing is an
important issue to consider. Still many organizations are not fully
confident to have the benefits of the cloud, pointing problems
regarding data loss and unauthorized access, and are reluctant to
give faith on cloud providers to solve these challenges. This paper
discusses some mechanisms and techniques which are used to
preserve the privacy in cloud computing.
Original Title
An Analysis on Privacy Preserving in Cloud
Computing
Cloud computing has brought a new way that
organizations store and manage their data, due to reduced cost,
robustness and ubiquitous nature. It offers the promise of
massive cost savings along with increased IT agility. But the
storage and access of sensitive data in cloud computing is an
important issue to consider. Still many organizations are not fully
confident to have the benefits of the cloud, pointing problems
regarding data loss and unauthorized access, and are reluctant to
give faith on cloud providers to solve these challenges. This paper
discusses some mechanisms and techniques which are used to
preserve the privacy in cloud computing.
Cloud computing has brought a new way that
organizations store and manage their data, due to reduced cost,
robustness and ubiquitous nature. It offers the promise of
massive cost savings along with increased IT agility. But the
storage and access of sensitive data in cloud computing is an
important issue to consider. Still many organizations are not fully
confident to have the benefits of the cloud, pointing problems
regarding data loss and unauthorized access, and are reluctant to
give faith on cloud providers to solve these challenges. This paper
discusses some mechanisms and techniques which are used to
preserve the privacy in cloud computing.
An Analysis on Privacy Preserving in Cloud Computing J ithin S #1 , Dr. P. Sujatha *2
#1 PG Scholar in Department of Computer Science *2 Faculty in Department of Computer Science Pondicherry University, India
Abstract Cloud computing has brought a new way that organizations store and manage their data, due to reduced cost, robustness and ubiquitous nature. It offers the promise of massive cost savings along with increased IT agility. But the storage and access of sensitive data in cloud computing is an important issue to consider. Still many organizations are not fully confident to have the benefits of the cloud, pointing problems regarding data loss and unauthorized access, and are reluctant to give faith on cloud providers to solve these challenges. This paper discusses some mechanisms and techniques which are used to preserve the privacy in cloud computing.
Keywords Tree based cryptographic key management, hash function, data storage, Digital Signatures, Virtualization and authentication mechanism I. INTRODUCTION Cloud computing is an internet based infrastructure which provides organizations and users to use various kinds of applications and services without actually installing those on their own computers. It provides huge benefits to organizations of all sizes. In this way cloud computing is becoming as a new and promising platform for delivering information infrastructure and resources as IT services. The users can directly access these services to run their business jobs in a pay and use fashion. It can be used in business processes and make the employees administrative tasks easier, grow the business, increase productivity, and generate more revenue. So, many organizations are taking advantages of the cloud services for their business. When large no of companies use cloud storage facility to store their private data, which is controlled by un-trusted parties, many issues regarding the security and privacy will occurs. The storage and access of sensitive data in cloud computing is still a crucial issue. Customers often have doubt about whether their privacy can be protected while taking services in the cloud, since they are not having much control inside the cloud. They are also doubtful about the people who manage the cloud system and the amount of security that they can get from the providers. Because of these issues still many organizations are not fully confident to take benefits of the cloud. They are having many doubts regarding data loss and unauthorized access, and are reluctant to give faith on cloud providers to solve these challenges. To make the cloud system even more effective for all the kinds of business, personal uses, more security measures should be taken in to account. This paper analyses some mechanisms which are used to preserve the privacy in cloud computing. This discusses pros and corns of each mechanism and provides some suggestions for overcoming those disadvantages. II. ANALYSIS OF PRIVACY PRESERVING MECHANISMS IN CLOUD COMPUTING This section discusses about various methods and proposals which are introduced for preserving user privacy and security in Cloud computing technology. This gives a brief idea of the proposed techniques and evaluates the advantages and disadvantages. It also provides some modifications to the proposals for achieving a better result and more efficiency. A. Privacy Enhanced Outsourcing Of Cloud Data Privacy enhanced data outsourcing in the cloud model [1] discussed an enhanced privacy preserving technique for outsourcing data in cloud. This paper presented a tree-based key derivation hierarchy. This tree-based key derivation hierarchy allows only the outsourcing party to access the data block located at a particular node while he cannot access the data blocked encrypted with child keys. It is International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
based on the concept that a data source protected with a node key in a key management tree can be shared with or managed by another party without compromising the security of the data encrypted with its child nodes keys. For a particular node two decryption keys (d1, d2) will be assigned. d1 is associated with the tree and can be utilized to generate its childrens keys. d1 is used for the decryption of the database located at the corresponding node and the generation of sub-keys for the child nodes, while d2 can only be used for the decryption of the database at the same node. A cryptographic one way hash function is used as key generation function. Security of this system relies on the difficulty of computing discrete logarithm. The protocols are based on a polynomial function and a set of exponentials. But this concept is generalized in such a way that one encryption key is associated with many decryption key so that many user can access the same node at a time. But in this scenario, Brute force attack can be applied to this method so that the attacker can access either the node data or the entire child node data.
Fig. 1 Brute force Attack model This is a major drawback of this technique. If we are including an authorization mechanism like Encryption proxy or a password authentication system to check whether the requested user is a valid one or not, we can achieve a high efficiency data outsourcing model. B. Cloud Computing By Using A Privacy Preserving System Data in cloud can be outsourced securely by using encryption mechanism to the data that we want to outsource. Still by using encryption, only the cloud server is prevented from learning content in the outsourced databases. It cant avoid scenarios such as employees using cloud applications may learn more than it is necessary to perform their respective duties. To prevent a local administrator from learning the database content of the outsourced data, A Privacy Preserving System for Cloud Computing [2] proposed a data outsourcing technique which prevents sensitive information need to be protected not only against external administrators, service providers, but also local administrators. This technique used machine readable rights expressions in order to limit users of the database to a need-to-know basis, which gives a system architecture that allows sufficient and flexible restriction writing. So, local administrators as well as cloud administrators are not able to change the access rules after an application is launched. This system uses an Encryption proxy, which is the key part of the system. It provides user access to the unencrypted data and acts as an intermediary between users and cloud that serves secure data storage. The main advantage of this technique is that, it follows the information-centric approach which aims to make cloud data self- intelligent. Also cloud data are packaged and encrypted with a usage policy mechanism. While accessing the data will consult its policy, create a virtualization environment and attempt to assess the trustworthiness of the data environment by using a Trusted Computing mechanism. But this technique is having some disadvantages. The creation of complex machine readable access rights to the decryption keys becomes a challenging problem. The syntax of XML-based rights expressions is complicated and obscure when the user-related conditions become sophisticated. If we are applying this authorization technique along with some privacy enhanced outsourcing model like tree-based key derivation hierarchy model, we can obtain a high efficiency privacy preserving technique.
C. Ensuring Security of Data in Cloud Computing Using a Combined Approach In Cloud Computing, several techniques including encryption mechanism for protecting International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
privacy of the outsourced data are not fully accurate.By using encryption, all these techniques are used for encrypted data searching but increase complexity and make the system Cumbersome. Those models did not provide any information about the security attacks, confidentiality and integrity. Also these techniques dont focus on situations like what to do if cloud service provider turn against the owner. To provide a way to protect the data, check the integrity and authentication by following the best possible industry mechanisms, A combined approach to ensure data security in cloud computing [3] discussed a technique. The proposed frame work is divided into two phases. First phase deals with process of transmitting and storing data securely into the cloud. Second phase deals with the retrieval of data from cloud and showing the generation of requests for data access, double authentication, verification of digital signature and integrity, thereby providing authorized user with data on passing all security mechanisms. An approach is introduced for storing the data in different sections in the cloud (public, private, limited access) basis of three cryptographic parameters via: Confidentiality, Availability and Integrity. As the data on cloud will be stored in encrypted form and the index for searching the data will be also encrypted. MAC code is used to check whether data has been tampered throughout the transmission and this check can be made by the user or owner of data on retrieving the file. By SSL encryption, there is also a key that allows only an authorized person to be able to decode the information. The main advantages of the proposed systems are discussing here. This technique provides a way to protect the data, check the integrity and authentication by following the best possible industry mechanisms. It provides availability of data by surpassing many issues like data leakage, tampering of data and unauthorized access even from the cloud service provider. One of the disadvantages of this technique is that since it includes lots of procedures for verification and access granting, it will take significant amount of time, which will causes the access process slow. If the encryption process if handled by the owner, it will make some complication. So as a solution it will be better to add a key derivation tree like structure to develop the keys for encryption. D. Towards Trusted Cloud Computing In normal cloud applications, clients of cloud computing services currently have no means of verifying the confidentiality and integrity of their data and computation. In these systems, anyone with privileged access to the host can read or manipulate a customers data.So the customers cannot protect their VMs on their own. As a solution for this problem, Towards Trusted Cloud Computing [4] discussed a method which enables IaaS providers to provide a closed box execution environment that guarantees confidential execution of guest virtual machines. It allows users to attest to the IaaS provider and determine whether the service is secure before they launch their virtual machines or not. Each node of the backend runs a TVMM that hosts Customers VMs and prevents privileged users from inspecting or modifying them. The Trusted virtual machine monitor protects its own integrity over time, and complies with the TCCP protocols. The Trusted coordinator manages the set of nodes that can run a customers VM securely. Trusted coordinator maintains a record of the nodes located in the security perimeter. Also it attests to the nodes platform for verifying whether the node is running a Trusted virtual machine monitor implementation or not. External trusted entity that hosts the trusted coordinator, and securely updates the information provided to the Trusted coordinator about the set of nodes deployed within the IaaS perimeter, and the set of trusted configurations. Advantages of the proposed method are given: It enables IaaS services for providing a closed box environment for execution. TCCP can guarantee confidential execution of guest Virtual machines. It also allows users to attest to the IaaS provider and determine whether the service is secure before they launch their Virtual Machines or not. If we can apply the closed box execution of services to the other services offered by the cloud, an efficient cloud computing architecture can be formed. E. Addressing And Analysing Cloud Computing Security Issues International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
Many of the organizations and users of cloud computing technologies are having so many questions and doubts regarding the security and privacy of their data and information. Addressing cloud computing security issues [5] discusses about the security issues and challenges regarding the cloud and cloud computing services. It firstly evaluates cloud security by identifying unique security requirements and secondly to attempt to present a viable solution that eliminates these potential threats. Then it proposes to introduce a Trusted Third Party, which is used for assuring specific security characteristics within a cloud environment. The proposed solution method uses cryptography, particularly the Public Key Infrastructure operating by an agreement with SSO and LDAP. This is to ensure the authentication, confidentiality and integrity of involved communications and data. The solution provides a horizontal service level which is available to all of the implicated entities. This identifies a security mesh, in which essential trust is maintained. It has identified generic design principles of a cloud environment which stem from the necessity to control relevant vulnerabilities and threats. To do so, software engineering and information systems design approaches were adopted. F. Digital Identity Management for Preserving Privacy in Cloud Computing Users of cloud services must have control on which personal information is disclosed and how this information is used in order to minimize the risk of identity theft and fraud. Digital identity management in cloud computing can offer some sort of security to the data outsourcing and accessing. But digital identity management in cloud platforms leads to interoperability. The use of different names for identity attributes leads to naming heterogeneity. Privacy-preserving Digital Identity Management for Cloud Computing [6] provide a privacy enhanced technique to authenticate users and to support flexible access control to services, based on user identity properties and past interaction histories. It Provides a privacy- preserving multi-factor identity attribute verification protocol supporting a matching technique based on ontology mapping techniques, look-up tables and dictionaries to match cloud service providers and clients vocabularies. The CSP matches the identity attributes in the clients vocabulary with its own attributes to help the client understand its identity verification policy. The client executes the AgZKPK protocol to prove the CSP the knowledge of the matched attributes for identity. Use of this protocol allows the client for convincing the Cloud Service Provider that the client knows the values of the identity attributes without having to reveal to the CSP the values in clear. This attribute name matching technique uses a combination of ontology mapping, dictionaries and look-up tables in order to address the different variations in identity attribute names. The Advantages of the proposal is that, it propose a privacy enhanced technique to authenticate users and to support flexible access control to services, based on user identity properties and past interaction histories and addresses the heterogeneous naming. But this technique is having some drawbacks. This approach gives rights to the user for using pseudonyms when interacting with the Cloud Service Providers, if the CSP policies allow the use of pseudonyms. This may lead to disclosing the actual user identity or the values of some of users identity attributes, thus leading to privacy breaches. It will be better planning to address this problem by investigating techniques that maintain unlink ability among multiple transactions carried out by the same user with the same or different CSPs. G. Outsourcing Data in Cloud by combining Cryptography and Access Control In many of the data outsourcing techniques in cloud computing using a reference monitor, it does not even have to know the access control policy that is defined by the data owner. So we need to rethink the open environments access control notation, where external servers take full management of the outsourced data and are not trusted with respect to the data confidentiality. In A Data Outsourcing Architecture Combining Cryptography and Access Control [7], it propose a novel access control model and architecture that eliminates the need for a reference monitor and relies on cryptography to International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
ensure confidentiality of data stored on a server. Here Data are encrypted as the data owner stores them on an external server. Authorizations and encryption are merged thus allowing access control enforcement to be outsourced together with the data. This introduces two separate layers of encryption, both adopting the key derivation method. The Base Encryption Layer (BEL) is performed by the data owner before transmitting data to the server; and a Surface Encryption Layer (SEL), performed by the server over the resources already encrypted by the data owner. In the two- layer model, each user u receives two keys: one to access BEL and the other to access SEL, to be used for decryption one after the other. The main advantage of this architecture is that here the data owner, while specifying the policy, needs not be involved in its enforcement. It also described an approach for policy evolution that takes into account the main features of the scenario and is able to guarantee in most cases confidentiality of the information in the presence of significant policy updates, clearly identifying the exposure to collusion when this risk may arise. One disadvantage of this architecture is that efficient and fast execution of different queries given by the user will be slow. We should incorporate a mechanism that will provide efficient execution of various user queries. H. Cloud Computing Security Challenges The ongoing development and growth of cloud and its vast benefits and advantages are not that much effective because of the challenges and inconsistencies that exist in its current state. Considering about the data security, efficiency and effectiveness of cloud services are a result of these challenges. Beyond lightning: A survey on security challenges in cloud computing [8] presents a survey regarding security in cloud computing and discusses a number of possible research topics to improve security in cloud. It presented an overview of cloud computing, its classifications and benefits. Then it discussed security challenges that occur in the current cloud computing model. That includes both the conventional security challenges which can be applied to cloud computing and a number of new challenges which are inherently connected to the new cloud paradigm. So many cloud security issues are present in this scenario. In that this study emphasized three areas of particular interest, which are: trusted data sharing, SLAs and accountability in the cloud. Then it outlined ongoing work on security of SLAs for cloud computing and also it briefly presented a scheme to address the privacy issue and security in the cloud. Secure data storage in cloud environment is a significant concern which prevents many users from using the cloud. For this issue, it presented a solution to provide security and privacy for user data when it is located in a public cloud. This particular secure storage solution does not always fit as there are still a number of applications that rely on accessing cleartext data in the cloud. This shows the need for further work regarding accountability mechanisms in public clouds for providing transparent services that can be trusted by all users. I. Accessing Outsourced Data Securely and Efficiently In Cloud computing, since many service providers are un-trusted, the confidentiality, integrity, and privacy of the clients' information must be protected by some mechanisms. Secure and Efficient Access to Outsourced Data [9] propose a mechanism that provides a secure and efficient access to large scale outsourced data in cloud computing. It proposes to encrypt every data block with a different key so that flexible cryptography- based access control can be achieved. It introduces mechanisms to handle both updates to outsourced data and changes in user access rights. The data owner stores a large amount of encrypted information on the service provider. It generates the data block encryption keys through a tree based key derivation hierarchy. Dynamics in user access rights can be represented as different combinations of two primitive operations: access right grant and revocation. It uses over-encryption and/or lazy revocation to prevent revoked users from getting access to updated data blocks. The main advantages are listed as: Through the adoption of key derivation method, the owner needs to maintain only a few secrets. Also it reduces the computational, storage, and communication International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
overhead. But it has some disadvantages also. Once the outsourced party is granted the node key, it can be used to derive all sub-keys for its child nodes. Ie once a parent node in the tree is given, all the children would be known. To solve this we can add multiple decryption keys for an encrypted block, where one can be used for deriving the child keys and other for accessing only the current node data. If we add an authentication system along with this, we can make a highly secured data outsourcing system. J. Identity Attribute Service for Cloud with Protection of Privacy in Cyberspace Cyber applications and usage are increasing day by day. So we have to provide huge scale cyber trusted service and privacy protection for all these services. All national E-Business and E- Government moving deeply in cyberspace, hence the trust and privacy should be considered more and more seriously. Most of the cyber applications request authenticating the user identity in the real world, and most applications only confirm only few user attributes and features to decide whether giving specific services. Currently, most of the internet applications and services adopt the registration of the user name and the password, Email, or the phone number only, so that it concludes difficult to confirm the identity and easy to steal and abuse the identity. Considering this Cloud-Based Identity Attribute Service with Privacy Protection in Cyberspace [10] presents a cloud-based service method for user identity attribute service in cyberspace, and a method based on the service model of multilevel cyber identity management provides user identity attribute service for cyber applications. It implements the mechanism of multilevel privacy protection policy, and presents the authentication service of the eID certificate and the coherence authentication service of the eID identity. The cloud-based trusted identity attribute service model will separate users real identity management from the business account management, entrust official management departments to maintain the real identity service separately and manage the real identity in the official management domain. The main advantage of this method is that the security of web applications along with user privacy is protected by providing fine-grained access control with user identity attribute and strong authentication services. K. Combining Policy Monitoring and Virtualization Techniques for Enhanced Cloud Security Enhanced Cloud Security by Combining Virtualization and Policy Monitoring Techniques [11] discusses details about different challenges and issues of Cloud Computing and solution to overcome those issues. Cloud computing is undergoing so many security and privacy issues. Many of the companies and organizations are doubtful to use this service because of the fear that they may lose their valuable data. Using virtualization server, resources, network, desktop, application, operating system and storage can be virtualized. One of the major concerns in future is computing with less power. With virtualization, apart from flexibility, scalability, security, utilizing underutilized resources/idle resources, manageability, cost effective cloud computing with virtualization technology takes less power since more than one virtual machines can be run on a single physical machine. There are many standards and organizations working on cloud security. Some of them are Cloud Security Alliance (CSA), ISO 27001-27006 series, European Network and Information Security Agency (ENISA), Information Technology Infrastructure Library (ITIL) and National Institute of Standards and Technology (NIST). An automated monitoring tool along with virtualization will solve the security problems of cloud. When we use the monitoring tool, it checks for the port scanning as well as for service scanning and protocol scanning and we can check the incoming request for the service and its route ip also from where request has generated. By combining Authentication and Authorization (JAAS) along with the service policy monitoring besides updating virtual machines periodically will enhance the security of cloud. L. Privacy and Security Issues in the Cloud Computing Privacy and security issues in cloud computing: The role of institutions and institutional evolution [12] investigates how the contexts provided by International Journal of Computer Trends and Technology (IJCTT) volume 4 Issue 6June 2013
formal and informal institutions affect the perceptions of privacy and security issues in the cloud. It shows the origin, nature, and implications of institutions and institutional changes in the context of cloud computing technology. A goal of this is also to gain insights into the mechanisms and forces that have brought about institutional changes in the cloud computing industry. Particularly, they have investigated how contradictions generated at various levels by the formation of dense networks and relationships, the technology and the changing power dynamics have triggered institutional changes. The current analysis of the reasons, effects of institutions and institutional change are mainly focused with more established markets and industries. This paper is expected to give insights into institutions surrounding to this new and emerging technological development. III. CONCLUSION Security and privacy of outsourced data is one of the major challenges in the cloud computing. For providing security the data stored in the cloud are encrypted so that only authorized parties having the decryption key can access them. But here also it is subjected to brute force attack which is a major issue to consider. The cloud clients and organizations often have doubt about whether their privacy and secrecy can be preserved while taking services in the cloud, since they are not having much control and access inside the cloud. Since many issues regarding these security aspects, still many organizations are not fully confident to take benefits of the cloud. This paper analyses different secure mechanisms and techniques used for storing and accessing the outsourced data in cloud system. It analyses each work and discusses those in details along with some improvement suggestions. REFERENCES [1] Miao Zhou , YiMu, Willy Susilo ,J unYan and Liju Dong, Privacy enhanced data outsourcing in the cloud, J ournal of Network and Computer Applications ;13671373, Elsevier; J anuary 2012. [2] Ulrich Greveler, Benjamin J ustus and Dennis Loehr, A Privacy Preserving Systemfor Cloud Computing ,J uly 2011. [3] Sandeep K.Sood, A combined approach to ensure data security in cloud computing, J ournal of Network and Computer Applications; 1831 1838, Elsevier; J uly 2012. [4] Nuno Santos, Krishna P. Gummadi and Rodrigo Rodrigues, Towards Trusted Cloud Computing, 2010. [5] Dimitrios Zissis and Dimitrios Lekkas, Addressing cloud computing security issues, Future Generation Computer Systems 28 (2012) 583 592; Elsevier, 2012. [6] Elisa Bertino, Federica Paci and Rodolfo Ferrini, Privacy-preserving Digital Identity Management for Cloud Computing. [7] Sabrina De Capitani di Vimercati, Sara Foresti, Sushil J ajodia, Stefano Paraboschi and Pierangela Samarati, A Data Outsourcing Architecture Combining Cryptography and Access Control, ACM Workshop on Computer Security Architecture, Fairfax,Virginia, USA, November 2007. [8] Chunming Rong, Son T. Nguyen and Martin Gilje J aatun, Beyond lightning: A survey on security challenges in cloud computing, Computers and Electrical Engineering 39 (2013) 4754, Elsevier, 2012. [9] Wang W, Li Z, Owens R and Bhargava B, Secure and efficient access to outsourced Data, Proceedings of the 2009 ACM workshop on cloud computing security, CCSW 09. 5566 New York, NY, USA:ACM; 2009. [10] Xiang Zou, Bing Chen and Bo J in, Cloud-Based Identity Attribute Service with Privacy Protection in Cyberspace, 1160 1164, Elsevier; 2012. [11] Loganayagi.B and S.Sujatha, Enhanced Cloud Security by Combining Virtualization and Policy Monitoring Techniques, 654 661, Elsevier; 2012. [12] Nir Kshetri, Privacy and security issues in cloud computing: The role of institutions and institutional evolution, Elsevier; 2012. [13] C. Blundo and S. Cimato and S. De Capitani di Vimercati, A. De Santis andS. Foresti and S. Paraboschi and P.Samarati, Efficient Key Management for Enforcing Access Control in Outsourced Scenarios, p. 36475, Boston: Springer; 2009. [14] Fa-Chang Cheng and Wen-Hsing Lai, The Impact of Cloud Computing Technology on Legal Infrastructure within InternetFocusing on the Protection of Information Privacy, 241 251, Elsevier; 2012. [15] Cloud computing world home page http://Cloudcomputingworld.org.