High-Throughput Encryption for Cloud Computing Storage System

High-Throughput Encryption for Cloud Computing Storage System

Yaser Jararweh (Computer Science Department, Jordan University of Science and Technology, Irbid, Jordan), Ola Al-Sharqawi (Computer Science Department, Jordan University of Science and Technology, Irbid, Jordan), Nawaf Abdulla (Computer Science Department, Jordan University of Science and Technology, Irbid, Jordan), Lo'ai Tawalbeh (Computer Engineering Department, Jordan University of Science and Technology, Irbid, Jordan) and Mohammad Alhammouri (Computer Science Department, Jordan University of Science and Technology, Irbid, Jordan)
Copyright: © 2014 |Pages: 14
DOI: 10.4018/ijcac.2014040101
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In recent years Cloud computing has become the infrastructure which small and medium-sized businesses are increasingly adopting for their IT and computational needs. It provides a platform for high performance and throughput oriented computing, and massive data storage. Subsequently, novel tools and technologies are needed to handle this new infrastructure. One of the biggest challenges in this evolving field is Cloud storage security, and accordingly we propose new optimized techniques based on encryption process to achieve better storage system security. This paper proposes a symmetric block algorithm (CHiS-256) to encrypt Cloud data in efficient manner. Also, this paper presents a novel partially encrypted metadata-based data storage. The (CHiS-256) cipher is implemented as part of the Cloud data storage service to offer a secure, high-performance and throughput Cloud storage system. The results of our proposed algorithm are promising and show the methods to be advantageous in Cloud massive data storage and access applications.
Article Preview

1. Introduction

In recent years, Cloud computing has become one of the most significant trends in the IT industry; it provides a whole new platform for high throughput computing and massive data storage needs. Cloud data storage services are among the essentials when building data centers and providing services, such as data backup, file synchronization, and resource sharing. Cloud storage may be accessed through a web-based user interface, or a web service application programming interface (API). This way a Cloud user can access their data at any time and from anywhere, without the need to install a physical storage device on their own machines. Cloud storage providers allow their customers to pay for the storage they actually use (pay-as-you-go), where the providers are designated with the task of maintaining client data using such techniques as data replication, data backup, etc. These features allow customers to focus on their core business.

1.1. Cloud Storage Architecture

In Wang, Wang, Ren, and Lou (n.d.) provide a network based architecture cloud storage services as depicted in Figure 1. The architecture is composed from the following components:

Figure 1.

Cloud storage system architecture (Wang, Wang, Ren, & Lou, n.d.)

  • Users: The component that own and stores data in the Cloud, it can be either an enterprise or an individual customer;

  • Cloud Server (CS): An entity which provides the data storage service. It commands a significant amount of storage space and computation resources, which are subsequently managed by a Cloud Service Provider (CSP);

  • Third Party Auditor (TPA): An optional entity which has means and capabilities that a regular user may not have. It is entrusted to assess and expose risks of Cloud storage services on behalf of the users upon request.

In Cloud data storage, users store their data onto a set of Cloud servers, which in turn are running in a simultaneous, distributed, and cooperative manner, as illustrated in Figure 1. Data redundancy can be implemented, and along with some type of erasure correcting code, further fault-tolerance and recovery options can be provided, in case of server crash, as user data grows in size and importance. Since Cloud data resides at CSP’s address domain away from user’s local site, threats or concerns can come from two different sources; internal and external:

  • Internal attacks: A CSP can be self-interested, untrusted, or possibly even malicious. It can move data which is rarely accessed to a lower tier of storage than agreed, for monetary reasons (Juels, Burton, & Kaliski, 2007). Additionally, it may attempt to hide data loss incidents due to management errors, Byzantine failures, and so forth (Ateniese, Burns, Curtmola, Herring, Kissner, Peterson, & Song, 2007; Shah, Baker, Mogul, & Swaminathan, 2007; Shah, Swaminathan, & Baker, 2008);

  • External attacks: These may come from outsiders who are beyond the control domain of the CSP. They might be economically motivated attackers who wish to compromise a number of Cloud data storage servers in different time intervals in order to modify or delete users’ data while remaining undetected by the CSP. Figure 2 classifies the Cloud storage attackers as stated above.

Figure 2.

Cloud storage attacks classifcation

This paper proposes an efficient, yet robust algorithm for Cloud data storage encryption, since widespread Cloud computing adoption hinges on the ability to ensure client data security. We propose a symmetric block encryption algorithm (CHiS-256) to accomplish this goal, though we opt to apply this algorithm in a partial manner, instead of the full data storage encryption. This novel method assures efficiency in power consumption, performance, and throughput, while maintaining data protection. Experiments show this to be a promising method which can be effectively used in Cloud data storage security.

The rest of the paper is outlined as follows: section 2 discusses relevant findings regarding Cloud storage security in recent literature. Then, a description of a metadata-based model is established in section 3 along with a description of the partially encrypted metadata approach. Afterwards, section 4 explores the CHiS-256 encryption algorithm and its implementation details. Section 5 presents results and evaluation. Finally, a conclusion and summary is conveyed in section 6.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing