In recent years, Cloud computing has become one of the most significant trends in the IT industry; it provides a whole new platform for high throughput computing and massive data storage needs. Cloud data storage services are among the essentials when building data centers and providing services, such as data backup, file synchronization, and resource sharing. Cloud storage may be accessed through a web-based user interface, or a web service application programming interface (API). This way a Cloud user can access their data at any time and from anywhere, without the need to install a physical storage device on their own machines. Cloud storage providers allow their customers to pay for the storage they actually use (pay-as-you-go), where the providers are designated with the task of maintaining client data using such techniques as data replication, data backup, etc. These features allow customers to focus on their core business.
1.1. Cloud Storage Architecture
In Wang, Wang, Ren, and Lou (n.d.) provide a network based architecture cloud storage services as depicted in Figure 1. The architecture is composed from the following components:
Figure 1. Cloud storage system architecture (Wang, Wang, Ren, & Lou, n.d.)
- •
Users: The component that own and stores data in the Cloud, it can be either an enterprise or an individual customer;
- •
Cloud Server (CS): An entity which provides the data storage service. It commands a significant amount of storage space and computation resources, which are subsequently managed by a Cloud Service Provider (CSP);
- •
Third Party Auditor (TPA): An optional entity which has means and capabilities that a regular user may not have. It is entrusted to assess and expose risks of Cloud storage services on behalf of the users upon request.
In Cloud data storage, users store their data onto a set of Cloud servers, which in turn are running in a simultaneous, distributed, and cooperative manner, as illustrated in Figure 1. Data redundancy can be implemented, and along with some type of erasure correcting code, further fault-tolerance and recovery options can be provided, in case of server crash, as user data grows in size and importance. Since Cloud data resides at CSP’s address domain away from user’s local site, threats or concerns can come from two different sources; internal and external:
- •
Internal attacks: A CSP can be self-interested, untrusted, or possibly even malicious. It can move data which is rarely accessed to a lower tier of storage than agreed, for monetary reasons (Juels, Burton, & Kaliski, 2007). Additionally, it may attempt to hide data loss incidents due to management errors, Byzantine failures, and so forth (Ateniese, Burns, Curtmola, Herring, Kissner, Peterson, & Song, 2007; Shah, Baker, Mogul, & Swaminathan, 2007; Shah, Swaminathan, & Baker, 2008);
- •
External attacks: These may come from outsiders who are beyond the control domain of the CSP. They might be economically motivated attackers who wish to compromise a number of Cloud data storage servers in different time intervals in order to modify or delete users’ data while remaining undetected by the CSP. Figure 2 classifies the Cloud storage attackers as stated above.
Figure 2. Cloud storage attacks classifcation
This paper proposes an efficient, yet robust algorithm for Cloud data storage encryption, since widespread Cloud computing adoption hinges on the ability to ensure client data security. We propose a symmetric block encryption algorithm (CHiS-256) to accomplish this goal, though we opt to apply this algorithm in a partial manner, instead of the full data storage encryption. This novel method assures efficiency in power consumption, performance, and throughput, while maintaining data protection. Experiments show this to be a promising method which can be effectively used in Cloud data storage security.
The rest of the paper is outlined as follows: section 2 discusses relevant findings regarding Cloud storage security in recent literature. Then, a description of a metadata-based model is established in section 3 along with a description of the partially encrypted metadata approach. Afterwards, section 4 explores the CHiS-256 encryption algorithm and its implementation details. Section 5 presents results and evaluation. Finally, a conclusion and summary is conveyed in section 6.