Article Preview
Top1. Introduction
Cloud computing is predicted to be the next big revolution in the computing industry. It is a dynamically scalable, network based computing environment where the resources required by the user are allocated as per requirement and revoked when the user completes the task. It follows a utility based model in which the user pays as per resource utilization at the cloud. This characteristic of cloud computing makes it cheaper than the existing computing environments and always availability of computational resources to the end user. The cloud can cater to end user with its faster computation and highly scalable pool of resources (Sood, 2013). These resources can be in the form of memory, processing time, processing power, application software, software development platforms, storage space etc (Overby, Bharadwaj, & Sambamurthy, 2006). It effectively addresses the computing needs of users ranging from an individual to large organizations. One aspect of the cloud which obstructs the users from using cloud services is data security. Data security in cloud is a highly complex issue. The data owner’s especially large organizations fear that their data can be misused by the cloud provider without their knowledge. This concern is a major hurdle in the path of shifting operations to the cloud. An effective security model addressing all these concerns is proposed in this paper.
This paper proposes a hybrid cloud computing model which effectively handles the issues related to cloud data security including confidentiality, integrity, authentication and authorization. The model handles both external as well as internal data security threats. It makes use of a hybrid cloud architecture using both private as well as public cloud (Daniel & Wilson, 2003). A dual security layer is used in proposed model. One is authentication based on username and password and the other is that the user should possess the key to decrypt a password stored at the cloud, without which the password filled by the user and the password stored on cloud cannot be compared. This completes the user authentication phase of the proposed security model. For user authorization, a user role is associated with each user and stored in the database of cloud. The user can only perform operations with respect to this role. This role is determined by the data owner. Also, for processing data at the cloud and keeping it safe even from the cloud service provider, a cryptographic process is proposed. If the user is authenticated and authorized then the operations requested on the data are performed including manipulation and processing of the data. This is done by invocation of a cryptographic process which takes a key defined by the data owner in executable form as input from cloud database and loads into memory. This process decrypts the data, caters it to requesting processes and encrypts it before storing it back (Dikaiakos, Katsaros, Pallis, Vakali, & Mehra, 2009). Symmetric key encryption is used for both decrypting and encrypting data. Since the key is in executable form so it is safe from any modifications by the cloud service provider. Also the cryptographic process is made a part of the operating system therefore, eliminating the control of cloud on this process (Little, 2003).
The paper is organized as follows. In Section 2, related work to security of data in cloud is presented. In Section 3, a data security model for cloud is proposed. In Section 4, security analysis of the proposed model is performed against various data security attacks. Section 5 compare the cost and functionality analysis of the proposed model with other existing related models and Section 6 concludes the paper.