Abstract
A Distributed Cloud Storage Provider (DCSP) is used for managing the client's data. However, the platform is vulnerable to security attacks, which results in huge losses of client data. The confidential data in an enterprise system may be illegally accessed through a remote interface provided by a heterogeneous-cloud and archives. The data may be lost or tampered with when it is stored in a storage pool outside the enterprise on a cloud. To achieve reliability, consistency, security, and confidentiality of user information Kerberos Protocol is used. The Kerberos protocol is designed to provide reliable authentication over open and insecure networks. The symmetric-key cryptography is maintained for transaction over the network. In this chapter, a cooperative Key-Distribution Center (KDC) scheme is proposed to support dynamic scalability on multiple storage servers. The results of the research work show that KDC provides effective security properties required by Kerberos protocol to mitigate the impact of various attacks in any cloud.
Top1. Introduction To Cloud Computing
The cloud storage service is rapidly growing as a potential profit making venture due to its lesser-cost, scalability, and position-independent platform features to name a few. As cloud computing environment is constructed based on open architectures and interfaces, it has the capability to incorporate Heterogeneous internal or external cloud services together to provide high interoperability. This type of distributed cloud environment is known as Heterogeneous-Cloud (or hybrid cloud). Tag Forgery Attack and Data Leakage Attack are often possible due to use of virtual infrastructure management (VIM) (Sotomayor, Montero, Llorente & Foster, 2009). Cloud computing can also be provided by a distributed set of machines that are running at different locations, while still connected to a single network or hub service. In cloud computing, the most important security concepts are confidentiality, availability and integrity (Zhifeng & Yang, 2013). In fact, confidentiality becomes indispensable in order to keep private data from being disclosed and maintain privacy (Zhifeng & Yang, 2013). Confidentiality means that data and computation tasks are confidential, neither the cloud provider nor others clients could access to data. In addition, integrity assures that data is not corrupted (Zhifeng & Yang, 2013).
- •
Kerberos Protocol: Kerberos (Forouzan & Mukhopadhyay, 2010) is an authentication protocol for trusted hosts on suspicious networks.
- •
KDC: Key-Distribution Center (Forouzan & Mukhopadhyay, 2010) is the abbreviation of KDC.
- •
DCSP: Distributed cloud storage Provider (Zhu, Hu, Ahn & Yu, 2012) is placed an important role in multi cloud storage system. A DCSP that offers customers storage or software services available via a multi cloud, private (private cloud) or public network (cloud).
Private Cloud
In private cloud user has the facility to store data with high levels of security. A private cloud, because of its function independence for an organization behind firewall settings can be accessible. One of the many major challenges IT enterprises do face while developing private cloud is to decide whether file-or-block-based system or object-based model should be used for data storage. Dedicated environments offered with Private Clouds are a perfect fit for clients with predictable hardware requirements that need high availability, stability, and redundancy which should be as per the standards. The infrastructure policies are governed by a single organization where workloads and data can be moved to and from internal and external data centers. Private Clouds provide an organization a single point of control for security, manageability, privacy, audit, compliance and governance. Some of the characteristics of private cloud are given below:
- •
Hosted at an enterprise or a service provider site.
- •
Supports one customer.
- •
Does not utilize shared infrastructure.
- •
Suited for information that requires a high level of security.
Private clouds are ideal when one needs to accelerate the pace of innovation, which have huge compute and storage requirements, or have very strict control, security, and compliance needs. It provides some extra security to the users’ for maintaining their data globally. Application Server acts as a mediator between the clients’ and the private cloud storage.
Key Terms in this Chapter
SC: A SC (stream cipher) is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (key stream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the key stream, to give a digit of the cipher text stream.
AEs: The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is based on a design principle known as a substitution-permutation network, combination of both substitution and permutation, and is fast in both software and hardware.
DES: The Data Encryption Standard (DES) is a previously predominant symmetric-key algorithm for the encryption of electronic data. It was highly influential in the advancement of modern cryptography in the academic world.
BC: In cryptography, a BC (Block Cipher) is a deterministic algorithm operating on fixed-length groups of bits, called blocks , with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data.