Lade Inhalt...

To implement a Multi-level Security in Cloud Computing using Cryptography Novel Approach

Security in Cloud Computing

Masterarbeit 2014 44 Seiten

Informatik - IT-Security

Leseprobe

Table of Contents

DECLARATION

APPROVED RESEARCH TOPI

CERTIFICATE

ABSTRACT

ACKNOWLEDGEMENT

List of Figures viii

Chapter 1: INTRODUCTION
1.1 Cloud Computing
1.2 History of Cloud Computing
1.3 Service Models in Cloud Computing
1.4 Deployment Models of Cloud Computing
1.5 Benefits of Cloud Computing
1.6 Challenges of Cloud Computing
1.7 Cloud Computing with the Communication Services
1.8 Accessing through Internet APIs
1.9 Cloud Computing Trends for
1.10 Cloud Security Threats
1.11 Advantages of Cloud Computing
1.12 Disadvantages of Cloud Computing

Chapter 2: LITERATURE SURVE

Chapter 3: PRESENT WORK18
3.1 Problem Formulation
3.2 Research Objective
3.3 Research Methodology.

Chapter 4: IMPLEMENTATION AND RESULTS
4.1 Implementation

Chapter 5: CONCLUSION AND FUTURE SCOPE
5.1 Conclusion
5.2 Future Scope

REFERENCES

ABSTRACT

Currently cloud computing environments have come up with a serious problem known as security which is in terms of Confidentiality of Data, Integrity of the Message and Authenticity of the users (CIA). Since user’s personal data is being stored in an unencrypted format on a remote machine operated by third party vendors who provide various services, the impact of user’s identity and unauthorized access or disclosure of files are very high. Though we have various techniques and algorithms to protect our data from hackers and intruders still cloud environments are prone to other attacks. In this paper, a novel approach is implemented to protect user’s confidential data from third party service providers, and also to make sure that the data is not disclosed to any unauthentic user or the service provider even, in any cloud environments. This approach provides a multi-level security in three aspects: 1) User authentication for “authorization” to enter the network, 2) Image Sequencing password for “authentication” wherein it is proved that the identity is original user, and 3) RSA algorithm to encrypt the data further for providing “data integrity”. Thus this approach provides an overall security to the client’s personal data and the major issue of confidentiality, integrity and authenticity is fully solved. Implemented results are represented to illustrate that our approach has a reasonable performance.

ACKNOWLEDGEMENT

First of all, I am thankful to God for his blessings and showing me the right direction. With His mercy, it has been made possible for me to reach so far. It gives me great pleasure to express my gratitude towards the guidance and help I have received from Mr. Parveen kumar. I am thankful for his continual support, encouragement and invaluable suggestion. He not only provided me help whenever needed, but also the resources required to complete this Dissertation report on time. I am also thankful to Prof. Dalwinder Singh, Head, Computer Science and Engineering Department for his kind help and cooperation. I express my gratitude to all the staff members of Computer Science and Engineering Department for providing me all the facilities required for the completion of my Dissertation Proposal work. I would like to say thanks to the Project Approval Committee members for their valuable comment and discussion. I extend my thanks to Lovely Professional University for the support on academic studies and letting me involve in this study. I want to express my appreciation to every person who contributed with either inspirational or actual work to this Dissertation Proposal. Last but not the least I am highly grateful to all my family members for their inspiration and ever encouraging moral support, which enables me to purse my studies.

Ashwin Dhivakar M R

Registration No: 11200955

List of Figures

Figure 1.1: Cloud Computing Internet Structure

Figure 1.2: Service Models of Cloud Computing

Figure 1.3: Public, Private and Hybrid Cloud Deployment

Figure 1.4: Web 2.0 Interfaces to Cloud

Figure 1.5: Cloud Computing Threats

Figure 3.1: Data Confidentiality Breaks

Figure 3.2: Data Integrity Breaks

Figure 3.3: Image Sequencing

Figure 3.4: Image Shuffling

Figure 4.1: Cloud Sim and Net Beans

Figure 4.2: Wrong Password

Figure 4.3: Authentication

Figure 4.4: Warning Message

Figure 4.5: Image Sequencing Authentication

Figure 4.6: Wrong Sequence

Figure 4.7: Image Shuffle

Figure 4.8: User interface on Cloud

Figure 4.9: Data Storage Process Cloud

Figure 4.10: Data Saved on Cloud

Figure 4.11: Data Retrieval Process

Figure 4.12: Decryption of Data

CHAPTER 1

1.1 Cloud Computing

In the last few years there is an impressive change in computational power, storage and network communication technologies. These changes let human beings to generate, process, and share huge sets of information and data. Cloud computing is acted as the large pool, inside which there are various accessible and virtualized resources, these resources includes, hardware, development platforms and services.[3]Now, it is feasible to assemble any amount of powerful systems that consists of many small and low-cost service components since computers are at a very less price and compatibility is high these days with many technical advancements. Cloud computing provides huge techniques such as IT as a service. Cloud Computing provides services over internet, data and its applications are supported via remote servers, as:

Figure 1.1: cloud computing internet structure

Abbildung in dieser Leseprobe nicht enthalten

Cloud computing permits many user to access the system without installation of system files on any computer but it has to be connected on an internetwork. In Cloud computing, specific systems are required for executing applications on server and websites[4]. The cloud computing flexibility depends on authorization request for resources allocation and the act of uniting. Cloud computing is the emerging technology which is used to provide a range of storage services via the Internet[5]. It mainly has infrastructure, platform, and software as a service. These service provider lease information centric hardware’s and software’s to distribute storage and computing services over the network. Online users can be given services from a cloud like a super computer which is being used by cloud computing to store data on the cloud instead of storing on their device and access to data is possible anytime. Applications can run on powerful cloud computing platforms with software deployed on the cloud which justifies that the consumers are not in need for any software installation and upgrades on their local devices continuously.

1.2 History of Cloud Computing

In 1950, the cloud computing concept came into picture. Here, the large scale mainframe computers are used in many corporations and these computers are accessible by the terminal computers. Time sharing is the process of sharing CPU time on a mainframe system. In 1960-1990, the present day scenario of the cloud computing, square measure explored by politician Parkhill, he described “The Challenge of the PC Utility”. An agency Corporation was found in 1957. The Tymshare was found in 1966, National CSS was found in 1967 and acquired by Dun & poet in 1979, Dial information bought by Tymshare in 1968, and Bolt, Beranek and Newman BBN marketed time-sharing as a billboard venture.

In 1990, telecommunications companies begin to offer virtual private network (VPN) services with good quality of service on a less price by switching traffic which suits a balanced server use; wherein bandwidth was efficiently used. They started using the cloud representation to indicate the segregation point. Network infrastructure and servers were bounded through cloud computing.[10] In 2000, following the dot-com bubble, modernization of information centres were done by Amazon that was important within the evolution of cloud computing. A product was launched for external customers and Amazon net Services (AWS) for computing supported utility in 2006. In 2008, Eucalyptus was the first open supply, AWS API-compatible platform for deploying personal clouds. In early 2008, Open Nebula was the first ASCII text file software package for deploying personal and hybrid clouds. On March 1, 2011, IBM declared the IBM sensible Cloud framework to support Smarter Planet. Amidst a variety of parts for Smarter Computing foundation, cloud computing could be an essential piece. On June 7, 2012, Oracle declared the Oracle Cloud. Despite the very fact that Oracle Cloud square measure still below improvement, this cloud is taken into account to be the first to supply users through access to AN integrated set of IT solutions, like Applications (SaaS), Platform (PaaS), and Infrastructure (IaaS) layers.

1.3 Service Models in Cloud Computing

1. Platform as-a Service (PaaS): In PaaS, the clients obtain access to platforms, which enables users to deploy their personal software and applications on the cloud. The customer doesn’t manage the network or OS either but are limited to the type of applications[12].
2. Infrastructure as-a Service (IaaS): Here the Network connections, storage and applications are controlled and executed by clients. Communications as a Service model is used to depict hosted IP telephony services. To avoid the expenses and a dedicated system which provides all resources for computing environment a physical infrastructure is really distant.
3. Software as-a service (SaaS): Software as a service is an outlet for delivering the service over Internet and it runs thousands of customers on a single deployment code which means if we fix a problem for one customer then it is fixed for everyone on the network, it may also use open APIs and web services for integration but every client has to pay for what is used on the cloud.

Figure 1.2: Service Models of Cloud Computing[13]

Abbildung in dieser Leseprobe nicht enthalten

1.4 Deployment Models of Cloud Computing

Deploying cloud computing depends upon the different requirements; hence it is different from each other. As for deploying a cloud computer, four deployment models can be used. Each model has its specific characteristics.

1. Private Cloud: The private cloud is used for the personal work, some organizations can maintain specifically on a private cloud. The operation takes place either at clients or at third party’s side.
2. Community Cloud: This cloud is shared amongst the various Companies. These organizations have the same interests and requirements.[3]These requirements help to limit the capital costs for its establishment.
3. Public Cloud: The cloud infrastructure is offered to the general public on a billboard basis by a cloud service supplier. This allows a client to develop and deploy a service within the cloud with little or no money outlay compared to the cost necessities.
4. Hybrid Cloud: The cloud infrastructure consists of variety of clouds of any sort; however the clouds have the power through their interfaces to permit knowledge or applications to be moved from one cloud to a different. This may be a mix of personal and public clouds.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.3: Public, Private, and Hybrid Cloud Deployment

1.5 Benefits of cloud computing

There are many benefits of the cloud computing, these benefits are based upon the services and applications of the cloud computing.

Scalability: The cloud computers are scalable in nature. The organizations initially can run on a small deployment model and later they can even adapt to larger models and if it needed, they can even scale back to its initial state if necessary.

Flexibility: The flexibility in the cloud environment provides organizations to utilize the resources whenever the customer demands for additional features. To convince a customer the flexibility of the resources is needed.

Cost Savings: cloud computing helps the organization to reduce their capital expenditures. Reliability: cloud computing is more reliable because the services used in this having multiple redundant sites. These sites support the business continuity.

Maintenance: The cloud system provides the maintenance. It does not require any application installation on the PC, the access of the system done through APIs directly. Mobile Accessible: These systems are accessible in any infrastructure. Hence cloud system help to increase the productivity of the system.

1.6 Challenges of Cloud computing

There are many challenges that are associated with cloud computing.

1. Security and Privacy: In the cloud computing data storage and data security is important aspects. The cloud[3]computing can be monitor by the service providers.
2. Lack of Standards: In the cloud computing, clouds have standard interfaces. Hence there are no standards related to cloud computing. To resolve these issues open cloud computing interface is comes into picture; it helps to resolve many issues.[8]
3. Continuously Evolving: The requirements of the user are continuously evolving, hence requirements for interfaces, networking and storage is increased and decreased according to the need of person. This means that a cloud behave dynamically.
4. Compliance Concerns:

Cloud computing has many issues regarding its data protection. Its main concern is about the affecting factors of cloud computing. These factors make an impact on the data types and application for the purpose the cloud is utilized.

1.7 Cloud Computing with the Communications Services

In a cloud the communications services will extend their capabilities. It conjointly helps to provides new interactive capabilities to current services. These services change businesses to infix communications capabilities into business applications. The services of the cloud computing is accessed from any location and joined into current services to increase their capabilities, additionally as stand alone as service offerings.

1.8 Accessing through internet APIs

Accessing communications capabilities in an exceedingly cloud-based atmosphere is achieved through genus Apis. It permits the appliance development outside the cloud to require advantage of the communication infrastructure among it.

Abbildung in dieser Leseprobe nicht enthalten

Figure 1.4: Web 2.0 Interfaces to the Cloud

1.9 Cloud Computing Trends for 2014

1. Cloud enables agility and business innovation: Now days, every business is a digital business. The world is changing, due to the increasing need of IT. Cloud computing supports the rapid experiments and innovation, hence is recognized as facilitating speed to market. The cloud solutions are used to help business to understand the customer unique challenges. [18]

2. Security, Addressing security & privacy is key to building trust in cloud computing: The cloud performance is depends upon its security. Everyone, who want to do work in cloud, he or she must check the security of cloud. There are various security issues in cloud namely.

-Physical Security and Data Location
-Network Security
-Backup & Recovery
-Operational Compliance
-Confidentiality & Integrity
-Data Portability
-Location of Data

3. System of Engagement - Common User Experience across delivery models, cloud as a wrapper

Cloud solutions are highly agile wrapper around different systems, different behavior. They help in bringing all together in an engagement cycle. Cloud computing also helps in changing the ways of interaction between the people and technology. It may lead in enabling new forms of consumer applications.

4. Cloud as the innovation platform - Mobile, Social, Big Data

Mobile is the mega trend of our century. It has become a commodity. Social has permeated through our personal and business networks. Big Data, the volume of data available for organizations to mine for business value is staggering. Cloud technology provides a common platform for Mobile, Social and Big Data applications to cross pollinate as well as enhance and extend existing investments.

5. Social: Collaboration in a business context: The Collaboration between generations of employees has to be transactional as well as provide business context for a successful knowledge transfer. The collaboration is embedded into the business process. Increasingly business processes will have many cloud touch points, making a case for cloud based collaboration.

6. Big Data - Actionable data: Big Data has become the catch, all phrase for the volume of data businesses generate today. Without appropriate action, the collection and analysis of the data is worthless. Cloud technology makes the collection, analysis and dissemination of results and actions that much easier due to its flexibility.

7. Real time and Predictive: Now a day, the real time is no longer enough, the real time also needs to be predictive. It is not about the advance analytics. A cloud platform and solutions will provide the base for such innovation and agility.

8. Networks - The business network effect: The Network effect only kicks in if you are open and you scale fast. It is simple, more users make a network more attractive and amplify the benefit for all.

9. Platform: you need to have a PaaS to succeed with cloud solutions. . A critical factor will be the ability of this platform to drive innovation as well as provide integration to your existing landscape.

10. Hybrid cloud: You cannot move everything to the cloud. You may not even want to.

1.10 CLOUD SECURITY THREATS

Cloud computing has many security threats. The files in the cloud computing is share by many users. Hence the confidentiality becomes the major issue in this case. There are many security threats in cloud computing, as:[20]

1. Data Breaches: The data breach biggest issue in case of cloud security. At the target the data breaches result in the loss of personal and credit card information of many users. If the database of cloud computing is not properly designed then there may be chances of attacker to attack the data. This may harmful to our whole system.

1. Data Loss: In a cloud computing, knowledge loss is occurring. The info is lost in several conditions, such as: once a hard drive dies while not its owner is having created a backup. The info loss may occur by choice within the event of a malicious attack.

Figure 1.5: cloud computing threats[14]

Abbildung in dieser Leseprobe nicht enthalten

2. Service Traffic Hijacking: The service hijacking is that the biggest issue in cloud computing. Phishing, exploitation of software package vulnerabilities and credentials will all cause the loss of management over a user account.

3. Insecure APIs: The application programming interface, (API), defines however a 3rd party connects associate degree application to the service and providing verification that the third party manufacturing the appliance.

4. Denial of Service: Denial of threat is an attack which is formulated to create a huge traffic over a network such that it gets harder to find between the legitimate user's request and intruder's message. It is considered as a threat since the delivery and acknowledgement of original packets are greatly affected.

5. Malicious Insiders: Inside a large cloud organization, the hazards are magnified. One tactic cloud customers should use to protect themselves is to keep their encryption keys on their own premises, not in the cloud.

6. Abuse of Cloud Services: Cloud computing brings large scale, elastic services to enterprise users and hackers alike. It might take attacker years to crack an encryption key using his own limited hardware.

7. Insufficient Due Diligence: There are many enterprises jump into the cloud without understanding the full scope of the undertaking. Without an understanding of the service providers' environment and protections, customers don't know what to expect in the way of incident response, encryption use, and security monitoring. Enterprises may push applications that have internal on-premises network security controls into the cloud, where those network security controls don't work.

8. Shared Technology: In a multi tenant environment, the compromise of a single component exposes more than just the compromised customer. The cloud is about shared infrastructure, and a mis-configured operating system. In a shared infrastructure, the CSA recommend an in-depth defensive strategy. Defenses should apply to the use of compute, storage, networking, applications, and user access.

[...]

Details

Seiten
44
Jahr
2014
ISBN (eBook)
9783656652021
ISBN (Buch)
9783656651994
Dateigröße
1.7 MB
Sprache
Englisch
Katalognummer
v273465
Institution / Hochschule
Lovely Professional University, Punjab
Note
Schlagworte
multi-level security cloud computing cryptography novel approach

Autor

Teilen

Zurück

Titel: To implement a Multi-level Security in Cloud Computing using Cryptography Novel Approach