Abstract
Cloud is considered as future of Information Technology. User can utilized the cloud on pay-as-you use basis. But many organizations are stringent about the adoption of cloud computing due to their concern regarding the security of the stored data. Therefore, issues related to security of data in the cloud have become very vital. Data security involves encrypting the data and ensuring that suitable policies are imposed for sharing those data. There are several data security issues which need to be addressed. These issues are: data integrity, data intrusion, service availability, confidentiality and non-repudiation. Many schemes have been proposed for ensuring data security in cloud environment. But the existing schemes lag in fulfilling all these data security issues. In this chapter, a new Third Party Auditor based scheme has been proposed for secured storage and retrieval of client's data to and from the cloud service provider. The scheme has been analysed and compared with some of the existing schemes with respect to the security issues. From the analysis and comparison it can be observed that the proposed scheme performs better than the existing schemes.
TopIntroduction
Cloud Computing is a new computing model that distributes the computation on a resource pool. The resource pool which contains a large amount of computing resources offers services to the clients. These services are provided to the cloud users as utility services. The utility services are generally described as XaaS (X as a Service) where X can be software, platform or infrastructure.
Many organizations deal with the storage, retrieval and maintenance of huge amount of data. In traditional computing environment, the organization has to maintain an infrastructure for storing the data. With the use of cloud computing services, the organization gets relieved from the burden of maintaining the infrastructure. But, when the cloud clients are storing their data, users are unaware of its physical storage location. As a result, one of the biggest concern of cloud computing is its data security. It is not clear how safe the client’s data is and ownership of data is also unclear when these services are used. Cloud service providers claim that the stored data are completely safe. But, it is too early to comment on the reliability issues claimed by them. The stored data may suffer from damage during data transition to or from the cloud service provider by intrusion. Therefore, data security is the prime threat of modern technological era that each of the cloud service providers are facing. Data security involves encrypting the data as well as ensuring that suitable policies are imposed for sharing those data. The issues which need to be considered for ensuring data security in cloud environment are: data integrity, data intrusion, service availability, confidentiality and non-repudiation (Mahmood, 2011; Alzain et al., 2012; You et al., 2012).
For ensuring data security in cloud environment many schemes have been proposed. Varalakshmi et al., (2012), proposed a third party broker based scheme. Here a third party broker has been introduced to reduce the computational burden on client side and to increase the security of the system by not relying on the cloud service provider. The third party broker performs the activities of partitioner, hash key generator, encryptor, decryptor, local database manager and verifier. S. Kumar et al., (2011), proposed a meta data encryption based scheme for checking the integrity of stored data. In this scheme the verifier creates the meta data and encrypts it to reduce the computational overhead on the client side. At the time of integrity checking the verifier compares the decrypted meta data with the stored meta data. P. Kumar et al., (2011), proposed a hidden markov model and clustering based approach for intrusion detection in cloud environment. The scheme uses a data mining techniques for securing the cloud computing network. Hemant et al., (2011), proposed a governance body based scheme for solving the security issues of cloud computing. In this scheme all the transaction between the cloud server and the clients goes through the central server or governance body. Double encryption is used on each transaction. Shuai Han et al. proposed a third party auditor (TPA) scheme for ensuring data storage security in cloud computing. In this scheme, the cloud service performs additional functionality of TPA for making the system more trustful. Alzain et al., (2011) proposed Multi-clouds Database Model (MCDB). The model has been developed for handling data security issues in multi cloud environment. A redundancy based approach (Alzain et al., 2012) has been proposed for improving the security of MCDB model. The scheme uses Shamir’s secret sharing algorithm (Shamir, 1979) and triple modular redundancy (TMR) to enhance the security of MCDB model.
Key Terms in this Chapter
Encryption: The process of encoding a message into a form so that it can only be read by an authorized party is known as encryption. Encryption algorithms can be classified into two categories, Symmetric key encryption and Asymmetric key encryption. In symmetric key encryption same key is used for encryption as well as decryption. This type of encryption algorithms incur less computational cost but sharing of the key is the major problem. In Asymmetric key encryption, two keys are used: private key and public key. Public key is known to every sender. When a sender wants to send data to the receiver, the data will be encrypted using public key of the receiver. On receiving the encrypted data, the receiver will decrypt it using his private key.
Resource Pool: A resource pool is a collection of a single or multiple types of resources. The resources may be CPU, memory, storage and network.
Decryption: In cryptography, decryption is the process to decode the data that has been encoded into some secret format.
Hidden Markov Model (HMM): It is a Markov model with hidden states. HMM is used to model a system which is assumed as a Markov process having unobserved states. HMM is used in many areas such as, signal processing and in speech processing.
Clustering: In data mining Clustering is a technique used to partition a set of data elements into sub-classes or cluster. A cluster is a collection of objects having some similarity. Some of the clustering techniques are: k-means clustering and expectation maximization (EM) clustering. For more information on Clustering, see Appendix.
Virtual Machine: It is a program or operating system. It provides an environment that is not physically existent but resides into another environment. The virtual machine is known as guest, on the other hand the environment in which the virtual machine resides is known as guest. It is often used to create an environment different from the host environment. It emulates a computer system. Specialized hardware, software or both may be required for implementation of virtual machine (VM).