Security Issues and solutions through TPA mechanism

Abstract—the cloud is infrastructure store a huge amount of data from organizations and individuals. Thus security and privacy of data and data owner both are essential area of concern in cloud. The presented paper provides their contribution in two key phases first preparing the survey on different existing security schemes for cloud security and second proposal of an enhanced security technique which provide confidentiality and integrity on data.

Keywords— cloud computing, security, confidentiality, data security, third party auditor

I. INTRODUCTION

The term “cloud” refers to the computing power that is available across the Internet. In a sense, the cloud is rapidly transforming a worldwide network into largest “virtual” computing machine in the world.

“Cloud computing refers to computing on the Internet, as opposed to computing so on a desktop”.

Cloud computing is technology that provides the different services at low cost. The different client stores data on Cloud storage. Cloud computing provides storage for information and provides security for that information. Cloud service models are infrastructure as a service, platform as a service and software as a service. By using these services the client avoid the cost of buying extra resources.

Cloud storage is a network of online storage, managed by third parties. On cloud data is stored in virtualized pools of storage. Hosting companies operate large data centres and lease their storage. Companies, organizations and institutes, hosted their data by buy or lease storage from hosting companies. The storage operator virtualizes the resources as per the requirements of client. The resource may physically span across multiple servers and data may be stored at different places. The advantage of cloud storage over dedicated storage is that, the storage is delivered on demand.

For avoiding the disadvantage of storing all data on a client, data can be split into chunks and distributed among multiple data clusters. The distributed environment represents different data clusters that placed on different places. Different data cluster store the client’s information after encryption, replication.

Figure 1 cloud storage

Applications

• Clients would be able to access their applications and data from anywhere and any time. They could access computing system using remote computer linked to Internet. Data wouldn’t be kepton a hard drive or even a corporation’s internal network.

• Cloud computing would reduce need for advanced hardware on client side. Need not to buy fastest computer, because cloud system take care needs of user. Instead, buy an expensive computer terminal.

• Corporations that work on traditional computers need tochoose correct software. The companies don’t have to buy a software licenses for employee. Instead, the company could pay a metered fee to a cloud operating company.

• Some companies rent physical space to store files and databases because they don’t have it available on site. Cloud computing provide the option of storing data.

• Corporations might save money on IT support.

This section provides the overview of the cloud infrastructure the next section discusses the issues and challenges of cloud computing.

II. CLOUD ADAPTATION CHALLENGES

This section includes the issues and challenges that are in front of new generation technology, some of them are related to the technology awareness and some of them from the security aspects.

A. Technology awareness

Data Storing Techniques: When data mobility via at a high level then the risks and issues increase many folds especially when data is transferred to another country with different regulatory framework. Users cannot controls cloud infrastructure managing their data, which causes threats to the data.

Data Location:Cloud computing offers a high degree of data mobility. Consumers do not always know the location of their data. In most cases, this does not matter. For examples, e-mails and photographs uploaded to facebook can reside anywhere in the world and facebook members are not generally concerned.

Data Relocation:Another issue is the movement of data from one location to another. Data is initially stored at an appropriate location decide by the cloud providers. However, it is often moved from one place to another. Cloud providers have contacts with each other and they use each other’s resources. Consumers do not know this and often it does not matter[4].

B. Security attacks in Cloud

Cloud computing offers numerous advantages. Various attacks such as social engineering attack, XML signature wrapping attack, malware injection, and other attacks poses risk clouding systems. Some of them are discussed in this section.

XML Signature Wrapping Attack: Wrapping attacks aim to injecting a faked element into message structure,by which a valid signature covers unmodified element while the faked one is processed by the application logic. As result, an attacker can perform an arbitrary Web Service request while authenticating as a legitimate user.

Malware Injection: In a malware-injection attack an adversary attempts to inject malicious code into a system. This attack can appear in the form of code, scripts, active content, and/or other software. When an instance of a legitimate user is ready to run in the cloud server, the respective service accepts the instance for computation in the cloud. The only checking done is to determine if the instance matches a legitimate existing service. However, the integrity of the instance is not checked.

Social Engineering Attack: A social engineering attack is an intrusion that relies heavily on human interaction and often tricking other people to break normal security procedures.

Account Hijacking: Account hijacking is usually carried out with stolen credentials. Using the stolen credentials, attackers can access sensitive information and compromise the confidentiality, integrity, and availability of the services offered.Example of such attacks includes eavesdropping on transactions/sensitive activities, manipulation of data, returning falsified information, and redirection to illegitimate sites.

Traffic Flooding: Traffic flooding attacks bring a network or service down by flooding it with large amounts of traffic. Traffic flooding attacks occur when a network or service becomes so weighed down with packets initiating incomplete connection requests it cannot process genuine connection requests. Eventually, the host’s memory buffer becomes full and no further connections can be made, and the result is a Denial of Service.

C. Security Reasons

Security is defined as assurance that sensitive information is not disclosed to unauthorized persons, processes, or devices. Hence, must make sure that users’ confidential data, which users do not want to be accessed by service providers, is not disclosed to service providers. It is noted that users’ confidential data is disclosed to a service provider only if all of the following three conditions are satisfied simultaneously:

1. The service provider knows where the users’ confidential data is located in the cloud computing systems.

2. The service provider has the privilege to access and collect the user’s confidential data in the cloud computing systems.

3. The service provider can understand the meaning of the users’ data. This is due to the following reasons: In order to collect users’ data, the service provider must know the location of the data in cloud computing systems and have the privilege to access the data. Even if the service provider can collect users’ data successfully, the service provider may not be able to understand the meaning of the data unless the service provider has at the least some of the following information:

i) types of data

ii) functionalities and interfaces of the application using the data

iii) Format of the data

III. CURRENT CLOUD COMPUTING ARCHITECTURES

The current cloud computing system consists of three layers software layer, platform layer and infrastructure layer, as shown in figure 2. The software layer provides interfaces for users, to use service provider’s applications. The platform layer provides the operating environment for software torun using system resources. The infrastructure layer provides the hardware resources for computing, storage, and networks. The following are the major problems of current cloud computing systems are obtained:

• Each service provider has its own software, platform and infrastructure layer. When a user uses a cloud application, the user is forced to use platform and infrastructure provided by the same service provider.Hence the service provider knows where the users’ data is located and has full access privileges to data.

• The users’ data has to be in fixed format specified by the service provider, and hence the service provider knows all the information required for understanding users’ data.[5]

Therefore, we cannot prevent service providers from satisfying all of the three conditions.

Figure 2Current CloudComputing Architecture

In further discussion we report some essential security models that are currently being used by different cloud provides.

A. MODEL 1

The available secure architecture defined using figure 3 and the involved processes is given as follows:-

• Step1: Client sends data to cloud provider for storing.

• Step2: cloud provides receive data and perform encryption.

• Step3: full copy of encrypted data stores on data warehouse.

• Step4: After backup, performing replication and divide the data in parts according to the availability of data marts (in our system use three data marts ( S1, S2, S3)

• Step5: Storing the different part of information on different data mart.

• Step6: Repeat Steps as per storing request.

Figure 3secure replication system architecture

Advantages of this architecture:

1. Software failure:In case of software failure data mart loss the information of particular client. But Data mart takes a backup copy from warehouse. It increases the availability of information.

2. Hardware failure:The data mart is crashes or down also impact on the availability. This system also removes that drawback. If any data mart is crashed then client’s request also able to extract data from backup warehouse.

B. MODEL 2

The security program includes developing design models to describe the minimum acceptable recommended practices to be used in constructing a secure system as shown in figure 3according to the given model the model includes the following essential components.

A. Network Segments

The network consists of a series of logical and physical layers divided into network segments to simplify the approach for designing secure network architecture. The network segments can be further classified as follows:

1. Enterprise Network Segment consisting of enterprise computer systems

2. Process Information Network Segment consisting of Manufacturing Execution System computers

3. Control network Segment consisting of controllers and Human Machine Interface devices

4. Field network Segment consisting of sensors and actuators

5. Process Segment consisting of pipes, valves, and transportation belts.[6]

Figure 4 architecture of model 2

B. Access Control Model

The recommended practices for access and Control can be further sub-divided into the following steps:

a) User Access Management

b) User responsibilities

c) Network Access Control

d) Operating System Access Control

e) Application Access Control

f) Monitoring System Access and Use

User access is regulated by RBAC addresses the problem of traditional model by basing access on user’s job responsibilities rather than customizing access for each individual.

C. MODEL 3

In further a different security model is discussed that is given using figure 5. According to the system design that model works on the basis of the following steps.

1. Integrity protection problem in clouds, sketches a novel Architecture and Transparent Cloud Protection System (TCPS) for improved security of cloud.

2. This claim that the integrity problem in clouds a system named as Transparent Cloud Protection System (TCPS) for increased security of cloud resources.

3. SWsAccording to them their proposed system, TCPS can be used to observe the guests integration and keeping the transparency and virtualization. The strength of their work is their proposed tool which provides improved security, transparency and intrusion detection mechanism.

4. It mainly focuses public clouds that needs significant consideration and presents to make data security decisions. Key security issues reported are end user trust, Insider Access, Visibility, Risk Management, Client-Side Protection, Server-Side Protection, Access Control and Identity management. The strengths of work are identification and discussion on cloud security issues and private risks associated with cloud services. The weakness is that they haven‘t proposed any tool or framework to address identifies issues.

5. The filters of the system first finds malicious stuff and in next sensitive information like passwords etc are removed. Provenance tracking and access control enable publishers to decide which images are available to which users. Users are able to find their required images. The preliminary results showed that filters are working correctly and similarities among images are accurate.

6. The strength of system which provides image filters and scanners to detect malicious images. The weakness is filters are not accurate and sometimes legitimate images may also be detected as malicious and their virus scanner is also not efficient[6].

Figure 5 model 3 architecture

D. MODEL 4

The Cloud Multiple-Tenancy Model of NIST is given using figure 6 where the different components of the system are reported.

Multiple-tenancy is an important functional characteristic of cloud computing that allows multiple applications to currently running in a physical server. This physical server partitions and processes different customer demands with virtualization.Virtualization possesses good capability of sharing. By running multiple virtual machines in a physical machine, enables to share computing resource such as processor, memory, storage, and I/O, additionally improves the utilization of cloud resources by hosting different customer’s applications into different virtual machines.

The technology difficulties of multiple-tenancy model include data isolation, architecture extension, configuration self-definition, and performance customization. Architecture extension means that multiple-tenancy should provide a basic framework to implement high flexibility and scalability. Performance customization means that cloud computing should assure different customer’s demands on performance of multiple-tenancy platform under different workload. The impact of multiple-tenancy model is different corresponding to different cloud deployment models.

Figure 6 Multiple-Tenancy Model of NIST

E. MODEL 5

The Cloud Risk Accumulation Model of CSA is described using figure 7. Understanding the layer dependency of cloud service models is very critical to analyze the security risks of cloud computing. So there is an inherited relation between service capability of different layers in cloud computing.Similar to inheritance of cloud service capability, security risks of cloud computing is also inherited between different service layers. IaaS holds little security functions and capabilities except for the infrastructure’s own security functions and capabilities. IaaS demands that customers take charge of the security of operating systems, software applications and contents etc. Similarly, the intrinsic security function and capability of PaaS are not complete, but customers possess more flexibility to implement additional security.

One critical feature of cloud security architecture is that the lower service layer that a cloud service provider lies in, the more management duties and security capabilities that a customer is in charge of. In SaaS, cloud service providers need to satisfy the demands on SLA, security, monitor, compliance and duty expectation etc. In PaaS and IaaS, the above demands are charged by customers, and cloud service provider is only responsible for the availability and security of elementary services such as infrastructure component and underlying platform.[11]

Figure 7 the Cloud Risk Accumulation Model of CSA

IV. PROPOSED WORK

We have studied research papers related to security and privacy threats in distributed computing. In a few papers, tools and models are proposed to address security and privacy.After analysis of these contributions security and privacy issues are identified and reported.

A. Issues

The key area of the presented work for improving security is discussed as:

• Issues-I: Traditional security usages encryption standards which cannot be directly adopted by normal users. There is also a loss of control occurs over data towards cloud providers. Thus a new verification mechanism required to use without measuring the concerned issues for data.

• Issue-II: As the cloud faces continuous exchanges of data by users thus user needs to be authenticated for performing the operations on data. Thus, both cloud & user had to be verified for such operations.

• Issue-III: Since all the existing security mechanism focuses on the single server interaction environment. But as the interaction is increasing integration of security becomes difficult & complex. Thus a new mechanism required to develop which reduces the user efforts.

• Issue-IV: Botnets, huge volumes of spam or launching Distributed Denial of Service (DDoS) attacks on hosts are also some common issues.

B. Solution

Thus in order to provide solution client systemsand their behavior elements are used as a key for encryption. This can be achieved by a known key cryptography method named as public key infrastructure with attribute values of user and data. It also added an additional padding bit with modified hash function to make the cloud more secure & reliable.

The proposed architecture is shown in the figure 8. It shows that when a user wants to access his data, he had to give request to athird party server, which verifies its integrity from its databases & having a specified trust value in case of each user with given authorization parameters like credentials, Role, Network properties etc. Then the third party auditor replies the user with its tenant ID having a unique kind of token to access the data. When a user demands an access to cloud this token gets verified and the permission is granted. The request for data storage from user had to go through an encryption service in which the user‘s behavior based key is used.

After this step cloud doesn‘t know the type of data stored in storage. After this the cloud provides access ID for a data storage session to users to interact directly with storage. After applying such mechanism the problem related to data isolation & incorrect data display to the user is also solved.

C. Architecture & its Components

It solves the problem arises due to remote data locations. It meets all the security requirements of deploying configuration of security as a service. The proposed parameterized third party auditor based access control & encryption security model for cloud services and storage. Thus a novel model PTPA-ACE for security of the cloud for cloud services and storage is demonstrated as.

It manages each interaction scenario of user, cloud and storage through a token system. The work also uses a user attribute based encryption method for security of data. Steps Involved in Designing above Architecture can be summarized in these steps:

Figure 8 proposed system architecture

1. Client Application: This step processed all the elements on behalf of which the client can access. It includes various details of users’ behavior such as its session, failed login attempts, timestamps, historical data, type of files, its size etc. This model will also request for service to third party auditors, cloud server and storage locations.

2. Third Part Auditor (TPA):initially TPA assigns a unique Tenant ID and other parameters like credentials, roles and network properties. It also assigns a unique ID to cloud provider so as to recognize the type of service and its authenticity.

3. Verification:This step involves verification of the ID provided in previous step, if ID passes thorough verification, access is granted and client can start accessing the data from storage.

4. Cloud Data Storage: It is storage module which contains the data of different users with their behavioral elements.

5. Data access:In this step Verification ID provided by third party auditor is passed to the storage systems of the CSP and request for granting access.

Thus, by applying all the above mentioned settings system becomes secure and effective. It will also increase user capabilities to work on cloud services.

V. CONCLUSION AND FUTURE WORK

Cloud computing is a kind of computing paradigm that can access conveniently in a dynamic and configurable public set of computing resources. In this environment the security of data and privacy during access of cloud is a primary concern. To contribute some effort to improve security of cloud a survey of existing security models of cloud computing is presented.Additionally the main security risks of cloud computing is also reported.

In the future, we will implement the proposed security strategies that involve different areas and issues of cloud security. Using the available cloud techniques required to demonstrate the effectiveness of the presented model of security and risk management.

REFERENCES

[1] Dongyoung Koo, Junbeom Hur & Hyunsoo Yoon, “Secure and efficient data retrieval over encrypted data using Attribute-based encryption in cloud storage”, in Computers and Electrical Engineering Journal of Elsevier, ISSN: 0045-7906, doi:10.1016/j.compeleceng.2012.11.002, Vol. No 39, Jan 2013. pp 34—46

[2] Guojun Wang, Qin Liu, Jie Wu & Minyi Guo, “Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers”, in Computer & Security Journal of Elsevier, ISSN: 0167-4048, doi: 10.1016/j.cose.2011.05.006, Vol. No. 30, July 2011. pp 320-331

[3] Shucheng Yu, Cong Wang, Kui Ren & Wenjing Lou, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing”, in Proceedings of IEEE Infocomm., ISSN: 978-1-4244-5837-0/10, 2010.

[4] Deyan Chen & Hong Zhao, “Data Security and Privacy Protection Issues in Cloud Computing”, in International Conference on Computer Science and Electronics Engineering, IEEE Computer Society, ISSN: 978-0-7695-4647-6/12, doi: 10.1109/ICCSEE.2012.193, 2012.

[5] Stephen S. Yau & Ho G. An, “Confidentiality Protection in Cloud Computing Systems”, in International Journal of Software Informatics, ISSN 1673-7288, Vol.4, No.4, December 2010, pp. 351-365

[6] Mohemed Almorsy, John Grundy & Amani S. Ibrahim, “Collaboration-Based Cloud Computing Security Management Framework”, in 4th International Conference on Cloud Computing, IEEE Computer Society, ISSN: 978-0-7695-4460-1/11, doi:10.1109/Cloud.2011.9, 2011.

[7] Daryl C. Plummer, Thomas J. Bittman, Tom Austin, David W. Cearley & David Mitchell Smith, “Cloud Computing: Defining and Describing an Emerging Phenomenon”, in Gartner Research Publication, ID Number: G00156220, June 2008.

[8] Pardeep Kumar, Vivek Kumar Sehgal , Durg Singh Chauhan, P. K. Gupta & Manoj Diwakar, “Effective Ways of Secure, Private and Trusted Cloud Computing”, in International Journal of Computer Science Issues, ISSN (Online): 1694-0814, Vol. 8, Issue 3, No. 2, May 2011.

[9] Seny Kamara & Kristin Lauter, “Cryptographic Cloud Storage”, in Microsoft Research Article at http://

[10] S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, G. Pelosi & P. Samarati, “Encryption-based Policy Enforcement for Cloud Storage”, in IEEE Transaction, at Universita degli Studi, di Milano, 2010.

[11] Kan Yang, Zhen Liu, Zhenfu Cao, Xiaohua Jia, Duncan S. Wong & Kui Ren, “TAAC: Temporal Attribute-based Access Control for Multi-Authority Cloud Storage Systems”, in IEEE Transaction, 2011.

[12] Yan Zhu, Hongxin Hu, Gail-Joon Ahn, Xiaorui Gong & Shimin Chen, “POSTER: Temporal Attribute-Based Encryption in Clouds”, in ACM Journal, ISSN:978-1-4503-0948-6/11/10, Oct 2011.

[13] Sushmita Ruj, Amiya Nayak and Ivan Stojmenovic, “DACC: Distributed Access Control in Clouds”, in International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-1, ISSN: 978-0-7695-4600-1/11, doi:10.1109/TrustCom.2011.15, 2011.

[14] Pratap Chandra Mandal, “Evaluation of performance of the Symmetric Key Algorithms: DES, 3DES, AES and Blowfish”, Journal of Global Research in Computer Science, ISSN: 2229-371X, Volume 3, No. 8, August 2012.

[15] Craig Gentry, “Computing Arbitrary Functions of Encrypted Data”, in ACM Journal, ISSN: 0001-0782/08/0X00, 2008.

[16] Bharath K. Samanthula, Gerry Howser, Yousef Elmehdwi, and Sanjay Madria, “An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud”, in ACM Journal, ISSN: 978-1-4503-1596-8/12/08., 2012.

[17] Farhan Bashir Shaikh & Sajjad Haider, “Security Threats in Cloud Computing”, in 6th International Conference on Internet Technology and Secured Transactions, Abu Dhabi, United Arab Emirates Dec 2011.

[18] Farzad Sabahi, “Cloud Computing Security Threats and Responses”, in IEEE Transaction, ISSN: 978-1-61284-486-2/11, 2011.

[19] Wentao Liu, “Research on Cloud Computing Security Problem and Strategy”, in IEEE Transaction, ISSN: 978-1-4577-1415-3/12, 2012.

Source: Essay UK - http://doghouse.net/essays/information-technology/security-issues-and-solutions-through-tpa-mechanism/


Not what you're looking for?

Search our thousands of essays:

Search:


About this resource

This Information Technology essay was submitted to us by a student in order to help you with your studies.



Word count:

This page has approximately words.


Share:


Cite:

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay UK, Security Issues and solutions through TPA mechanism. Available from: <http://doghouse.net/essays/information-technology/security-issues-and-solutions-through-tpa-mechanism/> [21-02-19].


More information:

If you are the original author of this content and no longer wish to have it published on our website then please click on the link below to request removal:


Essay and dissertation help


Latest essays in this category:


Our free essays:

badges