This document proposes designing a secure third party environment for accessing cloud computing services. It discusses cloud computing models and security challenges. The objective is to develop a system architecture and security protocols/algorithms to enable secure cloud services using homomorphic encryption. Experiments will validate the security algorithms. This is expected to deliver a secure architecture and protocols for trust in cloud computing.

1. Secure Third Party Cloud Computing Services
Proposal by: Shibwabo Anyembe
Abstract
Today’s business world is using Cloud computing services to meet there mandate. Mobile
Computing includes services and deployment models. Services models are Software as a Service
(SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) while deployment
models are Public Cloud, Private Cloud, Community Cloud and Hybrid Cloud. Cloud
Computing Services are prone to threat, vulnerabilities and security issues in general. However,
these services come with enormous benefits. To enhance trust in use of cloud computing
services, this research proposes to design a secure third party environment for accessing cloud
computing services. Secure protocols and algorithms will be developed as well as carrying out
experiments to support this.
1. Introduction
National Institute of Standards and Technology (NIST) defines cloud computing by describing
five essential characteristics [1] (Broad Network Access, Rapid Elasticity, Measured Services,
On-Demand Self-Service, Resource Pooling), Three cloud services models (Software as a
Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and four cloud
deployment models (Public, Private, Hybrid, Community).
The three cloud services models are further defined as:-
i) Software as a service (SaaS) – Sometimes referred to as “on-demand software,” is a
software delivery model in which software and its associated data are hosted centrally
(typically in the (internet) cloud) and are typically accessed by users using a thin client,
normally using a web browser over the internet.
ii) Platform as a Service (Paas) – is the delivery of a computing platform and solution stack as a
service. PaaS offerings facilitate deployment of applications without the cost and complexity of
buying and managing the underlying hardware and software and provisioning hosting
capabilities. This provides all of the facilities required to support the complete life cycle of
building and delivering web applications and services entirely available from the internet.
iii) Infrastructure as a Service (IaaS) – Delivers computer infrastructure (typically a platform
virtualization environment) as a service, along with raw storage and networking. Rather than
purchasing servers, software, data-center space, or network equipment, clients instead buy
those resources as a fully outsourced service.
Further, the four deployment models are defined as follows:-
i) Public Cloud – The cloud infrastructure is made available to the general public or a large
industry group and is owned by an organization selling cloud services.
Page 1 of 4

2. ii) Private Cloud – The cloud infrastructure is operated solely for a single organization. It may
be managed by the organization or by a third party and may be located on-premise or off-
premise.
iii) Community Cloud – The cloud infrastructure is shared by several organizations and
supports a specific community that has shared concerns (e.g., mission, security requirements,
policy, or compliance considerations). It may be managed by the organizations or by a third
party and may be located on-premise or off-premise.
iv) Hybrid Cloud – The cloud infrastructure is a composition of two or more clouds (private,
community, or public) that remain unique entities but are bound together by standardized or
proprietary technology that enables data and application portability (e.g., cloud bursting for
load-balancing between clouds).
a) Cloud Computing Challenges
Security Challenges for Cloud Environments includes: Abuse and nefarious use of cloud
services, multitenancy and shared technology issues, data loss or leakage, account or service
hijacking, Unknown risk e.t.c. Moreover, there are a number of security risks associated with
cloud computing that must be adequately addressed such as loss of governance, responsibility
ambiguity, authentication and authorization, isolation failure, compliance and legal risks,
handling of security incidents, management interface vulnerability, application Protection, data
protection, malicious behavior of insiders, business failure of the provider, service unavailability,
vendor lock-in, insecure or incomplete data deletion, visibility and Audit, e.t.c.
b) Cloud Computing Benefits
With these challenges and risks, cloud computing bring with it a lot of benefits that includes [2]
reduced infrastructure costs, capacity, scalability and speed, security and backup, availability,
geography and mobility, regulatory compliance, e.t.c. Due to this observation, there is need to
research on how to deal with these challenges in order to continue enjoying these enormous
benefits.
2. State of the art
Steiner et. al [3] reviewed the best practices to secure Cloud services and data, including
conventional security techniques and working with vendors to ensure proper Service Level
Agreements exist. So, K. et. al [4] introduced a detailed analysis of the cloud computing security
issues and challenges focusing on the cloud computing types and the service delivery types. Noting
the fact that there are a lot of risks in cloud computing, Hamlen, K. et. al [5] discusses security issues
for cloud computing and present a layered framework for secure clouds and then focuses on two of
the layers, i.e., the storage layer and the data layer. In particular, the authors discuss a scheme for
secure third party publications of documents in a cloud. Further, Hashizume, K. et. al [6] identifies
the main vulnerabilities in this kind of systems and the most important threats found in the literature
related to Cloud Computing and its environment as well as to identify and relate vulnerabilities and
threats with possible solutions. Moreover, Ahmed, M. et. al [7] presents a review on the cloud
computing concepts as well as security issues inherent within the context of cloud computing and
cloud infrastructure. In an attempt to come up with one of the solution to
Page 2 of 4

3. these problems in cloud, Simion et. al [8] describes modern capabilities that any Cloud provider
should support, together with proposing a cryptographic side of future Cloud services – (fully)
homomorphic encryption.
3. Research Objective
The objective of this research is to design secure third party cloud computing services
4. Research questions
i) How to design a system architecture that offer secure cloud computing services.
ii) How to develop security protocols and algorithms that support secure cloud computing
services.
5. Methodology
To achieve secure cloud computing services, we propose to use homomorphic encryption to
secure these services. Homomorphic encryption is the conversion of data into ciphertext that can
be analyzed and worked with as if it were still in its original form. Homomorphic encryptions
allow complex mathematical operations to be performed on encrypted data without
compromising the encryption and therefore securing the data from being disclosed. We propose
to employ fully homomorphic encryption as it was proposed by Gentry et. al. [9]. Further, we
also propose to deploy trusted third party cloud computing services.
6. Resources Required
i) Computer
ii) Internet Access
iii) Software for carrying out experiment
iv) Other Lab Requirements
v) Conference Funds
7. Expectation
We expect to deliver the following:-
i) System architecture that offer secure cloud computing services.
ii) Security protocols and algorithms that support secure cloud computing services.
iii) Carry out experiments to test the working of the designed security algorithms.
Page 3 of 4

4. 8. References
[1] Alliance, C. (2011). Security guidance for critical areas of focus in cloud computing v3. 0.
Cloud Security Alliance.
[2] Merrill, T., & Kang, T. (2014). Cloud Computing: Is Your Company Weighing Both
Benefits & Risks?. Ace Group.
[3] Steiner, T., & Khiabani, H. (2012). An IntroductionTo Securing a Cloud Environment.
SANS institute.
[4] So, K. (2011). Cloud computing security issues and challenges. International Journal of
Computer Networks, 3(5).
[5] Hamlen, K., Kantarcioglu, M., Khan, L., & Thuraisingham, B. (2012). Security issues for
cloud computing. Optimizing Information Security and Advancing Privacy Assurance: New
Technologies: New Technologies, 150.
[6] Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An
analysis of security issues for cloud computing. Journal of Internet Services and
Applications, 4(1), 1-13.
[7] Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud.
International Journal of Network Security & Its Applications, 6(1), 25.
[8] Simion, A. P. D. M. E. Cloud Computing in Cyberwarfare. Vol XXII, No. 3, Sept. 2012
[9] Van Dijk, M., Gentry, C., Halevi, S., & Vaikuntanathan, V. (2010). Fully homomorphic
encryption over the integers. In Advances in Cryptology–EUROCRYPT 2010 (pp. 24-43).
Springer Berlin Heidelberg.
Page 4 of 4