2 - new title & new paper

8/10/2019 2 - New Title & New Paper

1/5

CCM: A Survey on Prevention in Cloud Computing or

Cloud Storage Services

ABSTRACT

With the growth Internet development cloud computing is novel technique to serve better and secure services. E- business is growing rapidly with the development of Internet. The cloud computing provides on demand self servicemethodology that authorizes users to request resources dynamically as a best benefit. The use of Cloud Computingis ahead reputation due to its mobility and massive availability in minimum cost. Here in this paper an efficientCapacity Management of users data on datacenters is proposed using attribute and scheduling techniques. The

proposed technique provides much efficient use of Virtualized data as compared to the existing technique.

Keywords: Cloud Computing, Public Verifiability, Cloud Storage, Cloud Security, Virtualization.

I. INTRODUCTION

Cloud Computing means a remote server that accessthrough the internet which helps in businessapplications and functionality along with theconvention of system software for respective webapplication. Cloud computing concept saves capitalthat cloud users pay out on annual or monthly

payment. Due to advantage of cloud services, moreand more sensitive information are being centralizedinto the cloud servers, such as confidential videos and

photos, various emails, personal health recordsinformation, corporation business data, governmentdocuments, etc. So as to privacy problem, data

privacy [1] and data loss will be increase in certain

circumstances. When users outsource their privateonto cloud, the cloud service provider able to monitorthe communication between the users and cloud atwill trust or UN trusted. As cloud computing is

promising development in computing concept theconfidence increase becomes very important aspect.There are mainly two parameters which can help toget better the confidence on the cloud services. Oneis to improve efficiency and another for improvingsecurity. To improve the efficiency the keywordsearch method is enhanced as it makes available twoway communications between cloud server and thecloud customer. But while deploying security the

burden on cloud server gets increased unexpectedly.Consequently it is extremely significant to maintainthese two factors so that to improve overall efficiencyof the cloud services [2]. Also the world is of mobiledevices, so everyone wants to use cloud services ontheir mobile devices and if the computational costgoes to elevated then it effects into importantresource utilization, which is not appropriate formobile devices. So current scenario is having need of

a proficient method is cloud services in theexpectations. Cloud is a service which can beaccessed from everywhere if arranged in that way atany path. It causes lots of parties or persons using itfor their purpose. In such case the data various partiesmay contribute to within them on the cloud servercan be secret. In addition every cloud user who usescloud services doesnt like to get followed. In suchcases it is very important to maintain their privacy[3].

Thus to maintain their privacy the files and even thesearch requests are encrypted as soon as the request issent to the server. This encryption may also affect theefficiency of searching techniques as the search

should go on in encrypted manner. Besides, in cloudcomputing data owners may allocate their outsourceddata with a number of cloud users, who strength wantto only get back the data files they are payingattention in cloud server. One of the most fashionableways to do so is throughout keyword-based retrieval.It is like better to get the retrieval outcome with themost significant files that match users interestinstead of all the files, which indicates that the filesshould be ranked in the order of relevance by usersinterest and only the files with the highest relevancesare sent back to cloud users. To develop securityexclusive of give up effectiveness, methods here in

[4], [5], give you an idea about that they sustain top ksingle keyword retrieval under differentcircumstances.

To protect data privacy, confidential data has to beencrypted before outsourcing, so as to provide end-to-end data confidentiality assurance in the cloud.Clouds enable customers to remotely store and accesstheir data by lowering the cost of hardwareownership while providing robust and fast services


2/5

[6]. The importance and necessity of privacy preserving search techniques are even more pronounced in the cloud applications. Due to the factthat large companies that operate the public cloudslike Google or Amazon may access the sensitive dataand search patterns, hiding the query and theretrieved data has great importance in ensuring the

privacy and security of those using cloud services.We aim to achieve an efficient system where anyauthorized user can perform a search on a remotedatabase with multiple keywords, not includingexposing neither the keywords he/she searches for,nor the pleased of the documents he/she get backs.The main confront of cloud storage is guaranteeinghave power over, and the essential integrity andconfidentiality of all stored cloud data.

II. CLOUD SECURITY ISSUES

The Cloud security is also the focus of this work.

Unlike prior surveys of cloud security issues, ourultimate goal is to provide a much more complete andthorough coverage of the research literature related tothis topic. We give a broad overview of publicationsin the fields of cloud computing security and securityof remote storage and computation [7]. In particular,the topics covered in this work include:

Client authentication and authorization:

We cover the current body of work on methods fordisrupting and exploiting the interface between acloud provider and its clients, usually carried out viaa web browser.

Security shortcomings of hardwarevirtualization:

We describe the problems that have surfaced alongwith the massive use of hardware virtualization bycloud providers. We indicate how virtualization can

be exploited to obtain unauthorized information fromvulnerable users, and also indicate mitigationtechniques that can be employed. In addition, we alsoaddress vulnerabilities related to the usage andsharing of virtual machine (VM) images.

Flooding attacks and denial of service (DoS):

Because cloud computing systems are designed toscale according to the demand for resources, anattacker may use that characteristic to maliciouslycentralize large portions of the clouds computing

power, lowering the quality of service that the cloud provides to other concurrent users. We discussdifferent types of attacks on cloud availability andtheir potential consequences.

Cloud responsibility or its ability to captureand expose wrongful activity:

We discuss capabilities that a held responsible systemshould have and solutions for achieving thesecapabilities most cloud providers charge their usersaccording to the actual usage of their infrastructureduring a predetermined time slice. In the case of aservice that is being flooded, this usage will beobviously high, which, in its turn, will most likelytranslate to bills that are much higher than expected.

Challenges and solutions for remote storageprotection:

We describe several techniques that can beemployed by cloud clients to verify integrity of theiroutsourced data.

Protection of outsourced computation:

Finally, we give an overview of current approachesfor assuring privacy and integrity of outsourcedcomputations

3. PROPOSED ALGORITHM

The proposed methodology works in the following phases:

1. Provides authentication when ever any new user issend data to datacenters at broker.

2. Each time virtualized data center is created adictionary entry for scheduling of these data centersat broker.


3/5

3. Data is always access using the concept of query based encryption and decryption.

Annotations Used

1. If N of packets are send from Ui to DCi.

Ui (N) {Pkt} DCi

2. for each Pkt send from Ui Brki

3. Generate a Atti and encrypt the Pkt using Enc(Pkt).

4. Send the Tupple (Enc (Pkt), Atti) to the localBroker Brki.

5. Scheduling of this Data Pkt is done at the local broker for the access of the resource Ri.

6. Create virtal data centers at the time of request ofthe Pkt to access.

7. The receiver needs to authenticate at the local broker Brki and Dec (Enc (Pkt)).

4. A CRYPTOGRAPHIC STORAGE SERVICE

The core properties of a cryptographic storage serviceare that (1) control of the data is maintained by thecustomer and (2) the security properties are derivedfrom cryptography, as opposed to legal mechanisms,

physical security or access control. Therefore, such aservice provides several compelling advantages overother storage services based on public cloudinfrastructures. In this section, we recall some of themain concerns with cloud computing as outlined inthe Cloud Security Alliances recent report [4] andhighlight how these concerns can be mitigated bysuch an architecture.

A. Regul atory compl iance:

Most countries have laws in place that makeorganizations responsible for the protection of thedata that is entrusted to them. This is particularly sofor the case of personally identifiable information,medical records and financial records. And sinceorganizations are often held responsible for theactions of their contractors the use of a public cloudstorage service can involve significant legal risks. Ina cryptographic storage service, the data is encryptedon premise by the data processor(s). This way,customers can be assured that the confidentiality oftheir data is preserved irrespective of the actions ofthe cloud storage provider. This greatly reduces anylegal exposure for both the customer and the

provider.

B. Geographic restri ctions: Data that is stored incertain legal jurisdictions may be subject to

regulations even if it was not collected there. Becauseit can be difficult to ascertain exactly where onesdata is being stored once it is sent to the cloud (i.e.,many service providers have data centers deployedthroughout the world) some customers may bereluctant to use a public cloud for fear of increasingtheir legal exposure. In a cryptographic storageservice data is only stored in encrypted form so anylaw that pertains stored data has little to no effect onthe customer. This reduces legal exposure for thecustomer and allows the cloud storage provider tomake optimal use of its storage infrastructure,thereby reducing costs.

C. Subpoenas:

If an organization becomes the subject of aninvestigation, law enforcement agencies may requestaccess to its data. If the data is stored in a publiccloud, the request may be made to the cloud providerand the latter could even be prevented from notifyingthe customer. This can have severe consequences forcustomers. First, it preempts the customer fromchallenging the request. Second, it can lead to lawenforcement having access to data from clients thatare not under investigation (Wired 2009). Such ascenario can occur due to the fact that service

providers often store multiple customers data on thesame disks. In a cryptographic storage service, sincedata is stored in encrypted form and since thecustomer retains possession of all the keys, anyrequest for the data must be made directly to thecustomer.


4/5

D. Secur ity breaches:

Even if a cloud storage provider implements strongsecurity practices there is always the possibility of asecurity breach. If this occurs the customer may belegally responsible. In a cryptographic storage servicedata in encrypted and data integrity can be verified atany time. Therefore, a security breach poses little tono risk for the customer.

E. El ectr onic discovery:

Digital information plays an important role in legal proceedings and often organizations are required to preserve and produce records for litigation.Organizations with high levels of litigation may needto keep a copy of large amounts of data on-premise inorder to assure its integrity. This can obviouslynegate the benefits of using a cloud storage service.Since, with a cryptographic storage service, a

customer can verify the integrity of its data at any point in time (e.g., every hour) a provider has everyincentive to preserve its integrity.

F . Data r etention and destru ction: In many cases acustomer may be responsible for the retention anddestruction of data it has collected. If this data isstored in the cloud, however, it can be difficult for acustomer to ascertain the integrity of the data or toverify whether it was properly discarded. Acryptographic storage service alleviates theseconcerns since data integrity can be verified andsince the information necessary to decrypt data (i.e.,the master key) is kept on-premise. Secure dataerasure can be effectively achieved by just erasingthe master key.

5. RELATED WORK

This section describes about related work in fields ofcloud storage, cloud security, virtualization and

public verifiability.

Cloud capacity management (CCM) consists ofmultiple low overhead techniques. CCM operates on

practical on field observations achieving scalabilityallocation. The architecture of CCM consists of

levels which are top level cloud manager, mid levelsuper cluster managers and cluster managers at thelowest level. Clusters formed by logically groupedhosts are basically at bottom level and are boundedtightly to the capacity manager and the correspondingcapacity manager monitor the clusters formed. Cloudlevel capacity manager is a collection of superclusters under which the other clusters work.Capacity manager monitors black box VM CPUthereby aggregating it and analyzing the usage

information of memory. With the help of black boxmonitoring and allocation, CCM perform capacityallocation for a broad class of applications. Themanagement cost is reduced by monitoring andchanging the resources in intervals that are not sofrequent while moving up on the hierarchy. CCMgenerally analyzes computing estimated demand of acluster and super cluster respectively at the supercluster and cloud level [1].

Cloud storage providers that are auditable in publichave data owners who look upon the third partyauditor for verification of data integrity of the datawhich is obtained from a source for ensuring thesecurity. They adopted a homomorphismauthenticator technique which provides public auditability without burdening the data owner.Homomorphism authenticators are extraordinarymetadata which is obtained from individual data

blocks and securely aggregating and providingguarantee to the verifier informing that linearcombination of data blocks computation is proper byverifying aggregated authenticator. The linearcombination is masked with randomness obtainedfrom the server. The combination is obtained fromthe sampled blocks in response from the server [4].

They analyzed and resolve the problem of providingthe ability to simultaneously audit public and datadynamics that remotely check the data integrity inCloud Computing. They [5] offered a protocol thatsupports fully dynamic data operations and support

block insertion. With the help of cloud large data

files can be stored on remote servers and the clientscan be freed from the storage concern, calculationand the problems. There are some concernsassociated to clients like assurance of correct storageof data and its maintenance. If the local copies areabsent client should be able to verify the remote dataand its correctness with the help of a securitymeasure and the clients should also be able to interactwith cloud servers for accessing and retrieving pre-stored data. The client performs block leveloperations on data files multiple times therefore forsupporting public audit ability efficiently and notallowing the retrieval of the data blocks bythemselves defined by and explained throughhomomorphism authenticator technique. During the

process of verification block less approach andauthenticating the block tags is done and the original

blocks are not considered. For the block tagconfirmation they manipulated classic Merkle HashTree construction for achieving efficient datadynamics and improving the existing proof of storagemodels. They analyzed bilinear aggregate signaturetechnique and presented their result up to a multiuser


5/5

setting for supporting competent handling of multipleauditing tasks and TPA concurrently performingmultiple auditing tasks [5].

D. Srinivas proposed that in the duration of auditing process efficiency a guarantee is provided of TPA notgathering information about the data which is storedon the cloud server. This is done throughhomomorphism non linear authenticator and randommasking this thereby reduces users burden ofauditing task which is pricey and tedious providingthe user the security of his data which is outsourced.Privacy preserving public auditing protocol isextended to a multi-user scenario in which TPA isable to execute multiple auditing tasks in batchmanner providing high efficiency and security [6]

6. CONCLUSION & FUTURE WORK

The proposed technique implemented here for the

Management of Datacenters so that the capacity ofthe users can be increased. The result analysis showsthe performance of the proposed methodology. Alsothe methodology provides less storage and lesscommunication overhead as compared to the existingtechnique. Although the technique is efficient interms of CPU Utilization and Performance but furtherenhancement is required in the enhancement of themethodology of virtualization of datacenters.

Although the technique implemented here provideslow storage cost and low communication overheadand provides better capacity management but furtherenhancements can be done in the field of applying

better scheduling and also clustering is done at thecentral Authority to improve the performance of themethodology.

REFERENCES

[1] Cloud Security Alliance, Top Threats to Cl oudComputing, http://www.cloudsecurityalliance.org,2010.

[2] Kui Ren, Cong Wang and Qian Wang, TowardSecure and Effective Data Utilization in PublicCloud, IEEE Network, November/December 2012.

[3] Cong Wang, Sherman S.M. Chow, Qian Wang,Kui Ren, an d Wenjing Lou, Privacy -PreservingPublic Auditing for Secure Cloud Storage, IEEETransactions on Computers, Vol. 62, No. 2, February2013.

[4] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou,Privacy -Preserving Multi keyword Ranked Search

over Encrypted Cl oud Data, Proc.IEEE INFOCOM,2011

[5] H. Hu, J. Xu, C. Ren, and B. Choi, ProcessingPrivate Queries over Untrusted Data Cloud throughPrivacy Homomorphism, Proc. IEEE 27th IntlConf. Data Eng. (ICDE), 2011

[6]L. M. Vaquero, L. Rodero-Merino, J. Caceres, andM. Lindner A break in the clouds: towards a clouddefinition. SIGCOMM Comput. Commun. Rev.,39:50{55, December 2008.

[7] Everaldo Aguiar, Yihua Zhang, and MarinaBlanton, An Overview of Issues and RecentDevelopments in Cloud Computing and StorageSecurity 2012.

2 - new title & new paper

Documents