Secure hash based distributed framework for utpc based cloud authorization
Upcoming SlideShare
Loading in...5
×
 

Secure hash based distributed framework for utpc based cloud authorization

on

  • 896 views

 

Statistics

Views

Total Views
896
Slideshare-icon Views on SlideShare
896
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Secure hash based distributed framework for utpc based cloud authorization Secure hash based distributed framework for utpc based cloud authorization Document Transcript

    • INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print), TECHNOLOGY (IJCET) ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEMEISSN 0976 – 6367(Print)ISSN 0976 – 6375(Online)Volume 3, Issue 3, October - December (2012), pp. 54-65 IJCET© IAEME: www.iaeme.com/ijcet.aspJournal Impact Factor (2012): 3.9580 (Calculated by GISI) ©IAEMEwww.jifactor.com SECURE HASH BASED DISTRIBUTED FRAMEWORK FOR UTPC BASED CLOUD AUTHORIZATION C. Lalrinawma Dr. Masih Saikia Dept of Computer Sciences. HOD. Dept. of Computer Sciences Govt. Zirtiri Residential Science College Pragjyotish College Mizoram, India Guwahati, India E-Mail: lalrinawma.gzrsc@gmail.com ABSTRACT The paper introduces a cloud-enabled framework for parameterized security in large-scale Smartphone based wireless sensor network. The research work also highlights some of the effective implementation of service broker included in aggregation service in sensor network. The cumulative collected throughput information is considered to be forwarded to the cloud users using conventional cloud interfaces. A cloud interface is built with newly introduced concept of Unit Transaction permission coin (UTPC) as a security token for cloud user authorization that is integrated in Android platform (v2.2). The UTPC generation process includes hash function (SHA/MD5) that is most difficult to break by any intruder. The empirical process consists of registration and authentication phase using micro-platform computation in untrusted environment considering the IMEI and IMSI of the considered trusted handheld device. The result accomplished is unique and lightweight that is easily compatible with any real time application that runs on cloud environment. Keywords-: Smartphone, Android, Cloud Computing, Cloud Security, SHA, MD5, Hash Function. I. INTRODUCTION Cloud computing [1] gets its name from the drawings usually accustomed illustrate the internet. Cloud computing may considered as a new consumption and delivery model for IT services. The idea of cloud computing represent a shift in paradigm where the end user need not 54
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEMErecognize the main points of a selected technology. The service is totally managed by the supplier.Users will consume services at a rate thats set by their explicit requirements. Such on-demandservices are often provided at any time. There is an critical need to ensure secure storage,managing, sharing and analyzing the huge amounts of complicated (e.g., semi-structured andunstructured) information to work out patterns and trends so as to enhance the standard of care,higher safeguard the state and explore energy. Attributable to the essential nature of theapplications, it is vital that cloud platform should be secure. The main security challenge withcloud application is that the owner of the information might not have control management ofwherever the information is located. This is often as a result of if one desire to take advantage ofthe advantages of victimization cloud computing, one should additionally utilize the resourceallocation and programming provided by clouds. Therefore, if user wants to safeguard theinformation within the interior of untrusted processes, the security protocols within clientinterface should be stressed more. The rising cloud computing model tries to deal with theexplosive growth of web-connected devices, and handle huge amounts of knowledge [2]. With the increased pervasiveness of sensory devices for military and civilian uses comes thedemand for effective processing of the large amounts of data they collect. This demand can onlybe met with the low-cost computing resources offered by today’s cloud computing systems.Today’s cloud [3] can already support data-intensive computing at a low cost: for example, alarge-scale computing task can be accomplished on Amazon’s Elastic Compute Cloud (EC2) [4]at an expense as low as 10 cents per CPU hour. So far little effort has been made in applying theultra cost effective cloud platform towards analyzing and managing sensor data. Recently, wehave made the first step towards building a practical sensor cloud system. Different from priorwork on sensor networks, we assume that sensors communicate directly with a proxy or broker ona cloud. In our research, we consider a group of sensors organized as a hierarchical structure orsome types of partitions, which communicate with their cloud proxies through wireless channels.The sensor platforms studied in our research are ones with multiple sensors that can each measuredifferent properties of the environment. For example, we might have GPS for positioning,microphones for sound, laser-range finders for scanning surroundings, temperature indicators,wireless radios etc. We can imagine a host of different autonomous and manned devices thatcontain these sensors including vehicles, robots, smart-grid nodes, mobile computers, and smartphones. For each device, we have a number of different sensors that can provide differentenvironmental readings on a near continuous basis, further these hosts all contain reasonablecomputational power and power supplies for continuous function. Finally, they all have reliablecellular network conductivities. We imagine that these hosts are continually collecting data fromtheir environment, performing some level of data processing and publishing the outcomes to acloud for further analysis or data storage. For the purposes of our studies, we examine modernAndroid smart phones as exemplar hosts in our work. Cloud computing exhibit five essentialcharacteristics defined by NIST (National Institute of Standards and Technology) [5].a) On-demand self-service. A consumer can unilaterally provision computing capabilities.b) Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms.c) Resource pooling. The provider’s computing resources are pooled to serve multiple consumers, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.d) Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. 55
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEMEe) Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service. Cloud computing can be defined as the provision of computing services via the Internet such as[5] Applications (software-as-a-service, or SaaS), Platforms, Infrastructure (IaaS), Processorchestration and integration Figure 1 shows the proposed open secure architecture of cloudcomputing which is enhanced version of work done in [6]. The Open Security Architecture cloudcomputing pattern is an attempt to illustrate core cloud functions, the key roles for oversight andrisk mitigation, collaboration across various internal organizations, and the controls that requireadditional emphasis.The security aspects of cloud computing is as follows:a) Infrastructure Security: The security challenges at various levels namely network level, host level and application level are not specifically caused by cloud computing instead are exacerbated by its use. The issues of infrastructure security and cloud computing can be addressed by clearly defining trust boundaries by understanding which party provides which part of security [5].b) Data Security and Storage: Data security [10][11] is a significant task, with a lot of complexity. Methods of data protection, such as redaction, truncations, obfuscation, and others, should be viewed with great concern. Not only are there no accepted standards for these alternative methods, but also there are no programs to validate the implementations of whatever could possibly be developed. Homomorphic encryption can be used for data security encryption. But with this approach key management is a problem [5].c) Identity and Access Management: The key critical success factor to managing identities at cloud providers is to have a robust federated identity management architecture and strategy internal to the organization. Using cloud-based “Identity as a Service” providers may be a useful tool for outsourcing some identity management capabilities and facilitating federated identity management with cloud providers [7].d) Security Management: From a security management perspective, a key issue is the lack of enterprise-grade access management features. The scope of security management of cloud services will vary with the service delivery model, provider capabilities, and maturity. Customers will have to make trade-offs with respect to the flexibility and control offered by the SPI services. The more flexible the service, the more control you can exercise on the service, and with that come additional security management responsibilities. In a virtualized environment where infrastructure is shared across multiple tenants, your data is commingled with that of other customers at every phase of the life cycle—during transit, processing, and storage. Hence, it is important to understand the location of the service, service-level guarantees such as inter-node communication, and storage access (read and write) latency [5].e) Privacy: Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust and this need to be considered at every phase of design. The key challenge for software engineers to design cloud services in such a way as to decrease privacy risk and to ensure legal compliance. The following tips are recommended for cloud system designers, architects, developers and Testers [8]. a. Minimize personal information sent to and stored in the cloud. b. Protect personal information in the cloud. c. Maximize user control. 56
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME d. Allow user choice. e. Specify and limit the purpose of data usage. f. Provide feedback.f) Audit and Compliance: A programmatic approach to monitoring and compliance will help prepare CSPs (Cloud Service Provider) and their users to address emerging requirements and the evolution of cloud business models. To drive efficiency, risk management, and compliance, CSPs need to implement a strong internal control monitoring function coupled with a robust external audit process. To gain comfort over their in-cloud activities, CSP users need to define their control requirements, understand their CSP’s internal control monitoring processes, analyze relevant external audit reports, and properly execute their responsibilities as CSP users [5].g) Security-as-a-Service: Security-as-a-service is likely to see significant future growth for two reasons. First, a continuing shift in information security work from in-house to outsourced will continue. Second, several other information security needs are present for organizations currently, but they will accelerate in need and complexity with the growing adoption of cloud computing. The two proactive controls are important to the growth of cloud computing: identity management that is inter-cloud and scalable to the cloud size, and (encryption) key management. The two reactive controls are needed for audit and compliance purposes as well: scalable and effective SIEM, and data leakage prevention (DLP). Providing solutions to each of these controls will be difficult and requires significant complexity that must be hugely scalable and yet easy to use [5]. II.PROBLEM DESCRIPTION While cost and ease of use are two great benefits of cloud computing, there are significantsecurity concerns that need to be addressed when considering moving critical applications andsensitive data to public and shared cloud environments. To address these concerns, the cloudprovider must develop sufficient controls to provide the same or a greater level of security thanthe organization would have if the cloud were not used. Listed here are ten items to review whenconsidering cloud computing. As more companies move to cloud computing, look for hackers tofollow. Some of the potential attack vectors criminals may attempt include:• Denial of Service (DoS) attacks - Some security professionals have argued that the cloud is more vulnerable to DoS attacks, because it is shared by many users, which makes DoS attacks much more damaging. Twitter suffered a devastating DoS attack during 2009.• Side Channel attacks – An attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack.• Authentication attacks – Authentication is a weak point in hosted and virtual services and is frequently targeted. There are many different ways to authenticate users; for example, based on what a person knows, has, or is. The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers.• Man-in-the-middle cryptographic attacks – This attack is carried out when an attacker places himself between two users. Anytime attackers can place themselves in the communication’s path, there is the possibility that they can intercept and modify communications. 57
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME In prior research work, we summarize the security and privacy challenges we face whenbuilding a trustworthy sensor-cloud system, which come from the following perspectives:• The environment in which sensors work can be compromised by the adversary. For example, the adversary can artificially reduce or raise temperatures to cause the sensors to collect improper data.• Individual sensors can be vulnerable to attacks. This can happen when the adversary has physical access to the sensors, or remote access through propagating malware.• Information flows within the cloud can be intercepted and stolen or modified by compromised cloud nodes.• The cloud client can be infected by malicious code implanted by an adversary, which can lead to further security breaches within a sensor-cloud system.• The communication channels between the sensors and the cloud and between the client and the cloud are vulnerable to different types of attacks. Even when the data transferred over the channels is fully encrypted: side-channel information leaks constitute creditable threats. The prior research pinpoints a subset of issues within the problem space that need immediatelyattention. Specifically, we investigated I) techniques for detecting anomalous use of sensors,particularly, when the adversary gains unauthorized physical access to smart phones; ii) wedemonstrated that intelligent Smartphone-based malware can be built to “understand” the contextof a phone conversation and extract a small amount of high-value information from the context(Given the small quantity of such sensitive information, the malware can deliver it to its masterthrough covert channels, even without direct network access); and iii) prior research shows thateven in the presence of Wi-Fi encryption and HTTPS protection, the traffic features of thecommunication between sensors and the cloud, and between the cloud and its clients can easily beanalyzed to infer highly-sensitive user data.III. PROPOSED SYSTEM The proposed system identifies recent progress and follow-up on previously discussed researchplans on these fronts, including detection of anomalous use of sensors, and defenses againstSmartphone malware and side-channel leaks. 58
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Cloud User Access User_ID, Pswd User Unlock Access Authentication UTPC Generated on Stud’s Mobile Matches with the Android Handset Server’s generated Password UTPC Generation Process Password generated SHA Hash Function and entered by the MD5 Hash Function Stud using IMEI, IMSI and using the result of Registration time of SHA function Mobile Phone Generated Challenge Final UTPC for Hash function entered by Send to Stud User UTPC generated by Server Sent to Server and match with UTPC entered by the Stud Figure 1 Proposed Schema The main aim of the project work is to develop an Architectural Model for multi-factorauthentication system for secure sensor cloud application, where we will produce unit instanceauthorization token in the forward direction. The core idea is to produce multiple Unit TransactionPermission Coin (UTPC) from an initial seed in a parallel process with the service provider itself,e.g., an online bank, by utilizing two different types of hash functions, which come with a nestedchain using Brokering network. The resulting chain provides forwardness and infiniteness and itshould run on multiple systems of wired or wireless network. The base paper “Towards SecureCloud Bursting, Brokerage and Aggregation” drafted by Srijith K. Nair, Sakshi Porwal, TheoDimitrakos, Ana Juan Ferrer, Johan Tordsson, Tabassum Sharif, Craig Sheridan, MuttukrishnanRajarajan, and Afnan Ullah Khan. The respective author proposed the concept of cloud burstingand cloud brokerage and elaborates the open management and security issues connected with thetwo models. The work also introduces a feasible model that is capable of enhancing the brokeragebased cloud services. But unfortunately, security concerns written in the paper is not enough tomitigate core attacks like side-channel leak or DoS attack. Moreover, the paper is more theoreticalin nature without any core information of implementation modules or algorithms or any researchmethodology nor any performance analysis results or implementation. Some other past researchwork has also seen the discussion related to the requirements for securing communication using inSmartphone towards cloud computing. Therefore, the current paper has considered the sensors tobe modern Smartphone. Therefore, the proposed project work will be towards implementing thecore concept written in the above mentioned base paper with our contribution in designing asecure real-time application on Android based smart phone using brokering network.Our proposed system is mainly classified into two modules:A. Registration Phase:The cloud user gets the two different hash functions, and an initial seed, established on his mobilephone. To ensure that the information is completely shared with the service provider, the seed is 59
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEMEproduced by the shared and unique parameters of the host and user, e.g., the International MobileEquipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), and registration date.B. Authentication Phase:The steps of the login and authentication process between the user and service provider are asfollows. The user logs in to the service provider’s website, e.g., an online bank, requesting access.As a response to this access request, a secure session is established, i.e., an SSL session, allowingthe user to enter his authentication privileges, i.e., user name and password, the first factor ofauthentication, what the user knows. Also the user provides the server with his unit instanceauthorization token current status. The current status allows the server to synchronize his seedwith the client’s current seed to get the same seed value on both sides before sending a challenge.The server randomly challenges the user with new indexes. The user enters those indexes, in hisUnit Transaction Permission Coin (UTPC)) generator to get the corresponding UTPC. The userresponds with this corresponding UTPC. The server compares the received UTPC with thecalculated one. According to the server check, done in the previous step, the server will transferan authorization execution or a communication termination.Through the registration process, the user gets two different hash functions, which could be SHA-1, and hB(.), which could be MD5 [11], along with an initial seed, “Sint” as the concatenation ofthe IMEI, IMSI, and registration time, which could be “1234567891234561234567891234507012010200259”Assuming IMEI is “123456789123456,” IMSI is “12345678912345,” and the registration time is“7/1/2010 20:02:59.” After logging into the service provider’s website using a different and staticusername and password, the first factor of authentication, the server asks the user for the UTPC’scurrent status. If the user has generated numerous UTPCs without using them, he might havereached an UTPC status of, for example, “17.” The user will submit his current status to the serverto allow the server to calculate the current seedScrt=hA17(Sint)= 1220848648030773785924867285680707842195071405780,that means that the server has calculated seventeen cascaded hashes of its initial seed “Sint” usingthe SHA-1 algorithm, to be synchronized with the client. After that the server sends a randomchallenge value of new indexes, e.g., x, y = 3, 4, which means the user has to calculate his sessionUTPC using this formula:UTPC=hB4(hA3(Scrt))= 68606061177919188523363813602016333158.The server has to calculate the same value in a parallel process, and as soon as the client responds,the server will match the two values to give either a yes or no.C. Micro Platform Computation Phase:The android enabled phones may be in the control of trusted (or semi-trusted) individuals, or belocated in some potentially untrusted environment. Certain reasons for using Samsung Android(v2.2) are:• Improved Security: With the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices.• Remote Wipe: Exchange administrators can remotely reset the device to factory defaults to secure data in case device is lost or stolen. 60
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME• Java Compatibility: Performance of the browser has been enhanced using the V8 engine, which enables faster loading of JavaScript-heavy pages.• Kernel Memory Management Boost: Improved memory reclaim by up to 20x, which results in faster app switching and smoother performance on memory-constrained devicesFurther, they have a reasonable processing capability on modern low-power processors, such asan ARM architecture processor running at 500–800MHZ. It is assumed that the phones havestandard sensors including, eGPS, 802.11x, Bluetooth v2 (Class 1, 2 or 3), temperature,orientation, acceleration, audio microphone, and camera (stills or video). In particular, our projectfocuses on the use of Samsung Android (v2.2) development phones, due to the ease ofprogramming and their ability to multi-task. The communication between the sensors and thecomputing infrastructure is mediated by a brokering network that uses a publish / subscribemodel.IV. FRAMEWORK IMPLEMENTATIONThe computing environments of a sensor grid are fraught with different kinds of threats, whichendanger the security and privacy assurance the system can provide. Mitigation of these threatsrelies on establishing trust on individual system layers through proper security control. In thissection, we survey the security and privacy risks on each layer of senor-grid computing and thetechnical challenges for controlling them. A sensor grid interacts with its operating environmentthrough a set of sensors. Those sensors work either autonomously or collaboratively to gather dataand dispatch them to the grid. Within the grid, a brokering system filters and routes the data totheir subscribers, the clients of the sensor grid. We now describe the security and privacy issueson each layer of such an operation. This includes the environment the sensors are working in; thesensors; the grid; the clients; and the communications between the sensor and grid, and the gridand clients. The proposed system is designed on Windows 32-bit OS with 1.84 GHz processorwith broadband connectivity of 100 Mpbs. The programming is done on MyEclipse IDE. Theexperiment for the proposed system is done on real time Samsung Galaxy Smartphone withAndroid 2.2. Hence Android Development Tools (ADT) is used as it is a plug-in for theMyEclipse IDE that is designed to give a powerful, integrated environment in which to buildAndroid applications.ADT extends the capabilities of Eclipse to let you quickly set up new Android projects, create anapplication UI, add packages based on the Android Framework API, debug your applicationsusing the Android SDK tools, and even export signed (or unsigned) .apk files in order to distributeyour application. The Android software development kit (SDK) includes a comprehensive set ofdevelopment tools. These include a debugger, libraries, a handset emulator based on QEMU,documentation, sample code, and tutorials. Currently supported development platforms includecomputers running Linux, Mac OS X 10.5.8 or later, Windows XP or later. The proposed systemwill be experimented with active wireless connectivity between the system and Android enabledevice. 61
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME Figure 2 Broker Login Options Figure 3 Generation of the UTPC, IMEI No, IMSI No and Registration time stampThe above figure 3 highlights the initial authentication login for student. Initially the student hasto sign up a new account where they have to furnish all the details as shown in Figure 4. Figure 4: Sign-up Information feeding. 62
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEMEAfter the successful sign-up, the student can log in to their privilege account using the similar userID and password, which was successfully fed at the time of sign up process. Figure 5: Captacha Authentication.Once the student logs and their initial user ID and password are accepted, then they will beprompted to feed the random digital information displayed by Captacha application as shown inFigure 5. Now, after the successful sign up, the student can now perform initial loginauthentication for which they will be asked to feed UTPC and Current status, both of which isgenerated at the Mobile interface as shown in Figure 6 and 7. Figure 6: UTPC & Current Status generation in Android Interface Figure 7 Feeding UTPC and Current Status from Android Interface to Client interface. 63
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEMEOnce the UTPC and current status is authenticated, the new index will be generated automaticallyin web interface as shown in Figure 8. Figure 8 Generation of new IndexThe generated new index value will be then fed to the Android mobile interface. Once the newindex value is authenticated in the mobile interface, the next sequence, it will generate a newUTPC, in same mobile interface as shown in Figure 9. The student needs to take the newlygenerated UTPC and feed in to their web-interface for final authentication as shown in Figure 10. Figure 9: Generation of UTPC in Android Interface. Figure 10 Feeding newly generated UTPC in Client Interface.Cloud computing facilitates storage of data at a remote site to maximize resource utilization. As aresult, it is critical that this data be protected and only given to authorized individuals. Thisessentially amounts to secure third party publication of data that is necessary for data outsourcing,as well as external publications. Since data in the cloud will be placed anywhere, it is importantthat the data is encrypted. We are using secure co-processor as part of the cloud infrastructure toenable efficient encrypted storage of sensitive data. 64
    • International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 3, Issue 3, October-December (2012), © IAEME V. CONCLUSIONThe current paper has outlined the research on secure sensor networks in the context of a high-level cloud based brokering architecture and highlighted various research challenges goingforward. The analysis for security challenges are illustrated related to assessing the trustiness ofthe sensing elements supported environmental sensor knowledge, police investigation anddefensive against “sensory malware” on such sensors, and mitigating aspect channel leaks oncesensing element devices communicate with the cloud. The work attempts to believe theseelements of the general cloud based mostly sensing element specific area unit the smallest amounttrustworthy since theyre out of the management of the cloud “back end.” Thus, addressing thesechallenges can facilitate defend the integrity of the sensing platforms, the privacy of users UNagency carry mobile sensors, yet because the delivery of sensing element knowledge to the cloud.the long run work of the Cloud computing can improve organization’s performance by utilizingminimum resources and management support, with a shared network, valuable resources ,bandwidth, software’s and hardware’s in a very value effective manner and restricted servicesupplier dealings. the long run sweetening of the this application, we tend to explore the “middleground”, wherever users will still share physical hardware resource, however user networks areaunit isolated and accesses area unit controlled within the method the same as that in enterprisenetworksREFERENCES[1] http://www.ibm.com/cloud-computing/us/en/. Accessed on 27th Aug, 2012[2] Michael Gregg, Security Concerns for Cloud Computing, Global Knowledge Training LLC, 2012[3] Wang, L., Laszewski,V., Gregor, Kunze, Marcel, Tao, Jie. Cloud computing: A Perspective study, Proceedings of the Grid Computing Environments (GCE) workshop. Held at the Austin Civic Center: Austin, Texas: 16 November 2008.[4] Michael, A, Fox,A., Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, Matei Zaharia. A view of cloud computing. Communications of the ACM , Volume 53 Issue 4, pages 50-58. April 2010.[5] The NIST Definition of Cloud Computing, version 15, by Peter Mell and Tim Grance, October 7, 2009, National Institute of Standards and Technology (NIST), Information Technology Laboratory (www.csrc.nist.gov)[6] Tim Mather, Subra Kumaraswamy, Shahed Latif Cloud Security and Privacy : An Enterprise perspective of Risks and Compliance, OReilly Media, Inc., 2009[7] Open Security Architecture http://www.opensecurityarchitecture.org/[8] Discovering Identity: Cloud Computing: Identity and Access Management DOI =http://blogs.sun.com/identity/entry/cloud_computing_identity_and_access[9] Siani Pearson. Taking Account of Privacy when Designing Cloud Computing Services. CLOUD 09: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages 44-52. May 2009[10] Security Guidance for Critical Areas of Focus in Cloud Computing, April 2009. DOI =http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf[11] Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava. Secure and Efficient Access to Outsourced Data. CCSW 09: Proceedings of the 2009 ACM workshop on Cloud computing security, pages 55-65. November 2009 65