The document proposes an architecture for implementing security in cloud computing systems, particularly for Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) models. The key aspects of the proposed architecture are:
1. It incorporates different security techniques like homomorphic encryption, access control policies, and trusted hardware to address issues of confidentiality, authentication, and integrity in cloud systems.
2. It presents security as a service that allows on-demand use of security components like encryption and access control based on application or user requirements.
3. It provides an example of how the security-as-a-service model could be applied to an e-health
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsHossam Al-Ansary
This document proposes a model for enhancing data storage security in cloud computing systems. It discusses threats and attacks to cloud data storage from external and internal sources. It then describes three common cloud deployment models: public clouds, private clouds, and hybrid clouds. The document proposes that cloud systems should include cloud service providers, users, and third party auditors. It also outlines two types of potential adversaries (weak and strong). Finally, it proposes design goals for secure cloud data storage systems, including ensuring storage correctness, fast error localization, dynamic data support, dependability, and lightweight verification.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...IRJET Journal
This document proposes a new cloud-manager-based encryption scheme (CMReS) to address key management and sharing issues in fully homomorphic encryption. CMReS distributes encryption, decryption, and re-encryption tasks between a trusted Encryption/Decryption Service Provider (EDSP) module and a Re-encryption Service Provider (RSP) module hosted on the cloud. The scheme uses Diffie-Hellman key exchange to generate session keys and one-time passwords for authentication between users and cloud services. Experimental results show the proposed technique reduces delay compared to previous approaches by distributing computational tasks between user devices, the EDSP, and RSP modules.
A Study of Data Storage Security Issues in Cloud Computingvivatechijri
Cloudcomputingprovidesondemandservicestoitsclients.Datastorageisamongoneoftheprimaryservices providedbycloudcomputing.Cloudserviceproviderhoststhedataofdataownerontheirserverandusercan accesstheirdatafromtheseservers.Asdata,ownersandserversaredifferentidentities,theparadigmofdata storagebringsupmanysecuritychallenges.Anindependentmechanismisrequiredtomakesurethatdatais correctlyhostedintothecloudstorageserver.Inthispaper,wewilldiscussthedifferenttechniquesthatare usedforsecuredatastorageoncloud. Cloud computing is a functional paradigm that is evolving and making IT utilization easier by the day for consumers. Cloud computing offers standardized applications to users online and in a manner that can be accessed regularly. Such applications can be accessed by as many persons as permitted within an organization without bothering about the maintenance of such application. The Cloud also provides a channel to design and deploy user applications including its storage space and database without bothering about the underlying operating system. The application can run without consideration for on premise infrastructure. Also, the Cloud makes massive storage available both for data and databases. Storage of data on the Cloud is one of the core activities in Cloud computing. Storage utilizes infrastructure spread across several geographical locations.
An approach for secured data transmission at client end in cloud computingIAEME Publication
This document summarizes a research paper that proposes an algorithm for securing data transmission between a client and cloud server in cloud computing environments. The algorithm uses an authentication function and key that are updated during transmission to verify authorization and detect any modifications by potential attackers. When a client connects to a server, they both initialize the key to the same value. Then, the key is incremented by one for each packet sent or received. If a client wants to verify security, it can send a packet with the current key value to the server for matching. This helps prevent man-in-the-middle attacks by making it difficult for attackers to modify packets without knowing the updated key values. The approach aims to securely transmit sensitive data from cloud servers
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware,
networking, and services integrate to offer different computational facilities, while Internet or a private
network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud
system delimit the benefits of cloud computing like “on-demand, customized resource availability and
performance management”. It is understood that current IT and enterprise security solutions are not
adequate to address the cloud security issues. This paper explores the challenges and issues of security
concerns of cloud computing through different standard and novel solutions. We propose analysis and
architecture for incorporating different security schemes, techniques and protocols for cloud computing,
particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed
architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and
is not coupled with the underlying backbone. This would facilitate to manage the cloud system more
effectively and provide the administrator to include the specific solution to counter the threat. We have also
shown using experimental data how a cloud service provider can estimate the charging based on the
security service it provides and security-related cost-benefit analysis can be estimated.
Proposed Model for Enhancing Data Storage Security in Cloud Computing SystemsHossam Al-Ansary
This document proposes a model for enhancing data storage security in cloud computing systems. It discusses threats and attacks to cloud data storage from external and internal sources. It then describes three common cloud deployment models: public clouds, private clouds, and hybrid clouds. The document proposes that cloud systems should include cloud service providers, users, and third party auditors. It also outlines two types of potential adversaries (weak and strong). Finally, it proposes design goals for secure cloud data storage systems, including ensuring storage correctness, fast error localization, dynamic data support, dependability, and lightweight verification.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...IRJET Journal
This document proposes a new cloud-manager-based encryption scheme (CMReS) to address key management and sharing issues in fully homomorphic encryption. CMReS distributes encryption, decryption, and re-encryption tasks between a trusted Encryption/Decryption Service Provider (EDSP) module and a Re-encryption Service Provider (RSP) module hosted on the cloud. The scheme uses Diffie-Hellman key exchange to generate session keys and one-time passwords for authentication between users and cloud services. Experimental results show the proposed technique reduces delay compared to previous approaches by distributing computational tasks between user devices, the EDSP, and RSP modules.
A Study of Data Storage Security Issues in Cloud Computingvivatechijri
Cloudcomputingprovidesondemandservicestoitsclients.Datastorageisamongoneoftheprimaryservices providedbycloudcomputing.Cloudserviceproviderhoststhedataofdataownerontheirserverandusercan accesstheirdatafromtheseservers.Asdata,ownersandserversaredifferentidentities,theparadigmofdata storagebringsupmanysecuritychallenges.Anindependentmechanismisrequiredtomakesurethatdatais correctlyhostedintothecloudstorageserver.Inthispaper,wewilldiscussthedifferenttechniquesthatare usedforsecuredatastorageoncloud. Cloud computing is a functional paradigm that is evolving and making IT utilization easier by the day for consumers. Cloud computing offers standardized applications to users online and in a manner that can be accessed regularly. Such applications can be accessed by as many persons as permitted within an organization without bothering about the maintenance of such application. The Cloud also provides a channel to design and deploy user applications including its storage space and database without bothering about the underlying operating system. The application can run without consideration for on premise infrastructure. Also, the Cloud makes massive storage available both for data and databases. Storage of data on the Cloud is one of the core activities in Cloud computing. Storage utilizes infrastructure spread across several geographical locations.
An approach for secured data transmission at client end in cloud computingIAEME Publication
This document summarizes a research paper that proposes an algorithm for securing data transmission between a client and cloud server in cloud computing environments. The algorithm uses an authentication function and key that are updated during transmission to verify authorization and detect any modifications by potential attackers. When a client connects to a server, they both initialize the key to the same value. Then, the key is incremented by one for each packet sent or received. If a client wants to verify security, it can send a packet with the current key value to the server for matching. This helps prevent man-in-the-middle attacks by making it difficult for attackers to modify packets without knowing the updated key values. The approach aims to securely transmit sensitive data from cloud servers
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security attacks to clouds like denial of service attacks and man-in-the-middle attacks. Security concerns with moving data and applications to the cloud are outlined. Techniques for securely publishing data in the cloud are also presented. The document concludes that security in cloud computing is challenging due to the complexity of clouds but that assurance of secure and mission-critical operations is important.
This document discusses security issues related to cloud computing. It begins with an introduction to cloud computing models including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). It then discusses potential security threats in cloud computing like denial of service attacks, side channel attacks, and man-in-the-middle cryptographic attacks. The document proposes a layered framework for assured cloud computing and techniques for secure publication of data in the cloud, including encryption. It concludes that achieving end-to-end security in cloud computing will be challenging due to complexity, but that more secure operations can be ensured even if some parts of the cloud fail.
This document summarizes a research paper on secure data storage in the cloud using digital signature mechanisms. The paper proposes using digital signatures to authenticate data and ensure its integrity when stored in the cloud. Digital signatures are generated using a digital signature algorithm and attached to data files before being uploaded to the cloud. When users request to access a file, the cloud server will verify the digital signature using the user's public key to confirm the data has not been altered. The paper evaluates this approach through a prototype implemented using Windows Azure that demonstrates how digital signatures can help secure data stored in cloud computing environments.
This document summarizes recent research on security issues related to single cloud and multi-cloud storage models. It finds that relying on a single cloud service provider poses risks to data availability and integrity if the provider experiences an outage. Storing data across multiple cloud providers (a multi-cloud model) can help address these issues but may increase costs. The document surveys various techniques proposed in recent research to improve security, availability, and integrity in single and multi-cloud environments, such as homomorphic tokens, file division, and the Depsky model. It concludes that while single cloud has been more widely researched, multi-cloud is an important area of ongoing work to help overcome the security and cost challenges of cloud storage.
Cloud Computing is benefiting to both cloud hosts and consumers by providing elastic services as a utility. These
services are provided on the basis of Service Level Agreement (SLA). Security and privacy are major issues when dealing with a multi - tenant model of cloud. Consumers are provided computing power in terms of virtual machines (VMs). A consumer can have many VMs at a time. Multiple consumers can get different VMs from the same server. This may lead to cross-VM attacks. This paper introduces a new framework: SAFETY (Security Awareness Framework for Everyone's Task with You), for maintaining security from cross-VM attacks, Data
leakage, VM theft, VM escape, Hyper jacking and VM Hopping. Experiments and results show that this framework is suitable and can be used for secure operations at cloud host side.
Unit 3 -Data storage and cloud computingMonishaNehkal
Data storage
Cloud storage
Cloud storage from LANs to WANs
Cloud computing services
Cloud computing at work
File system
Data management
Management services
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
This document summarizes a research paper that proposes a new password management system called Security Blanket Algorithm. The system uses strong encryption to securely store user logins, passwords, credit cards and other sensitive information in the cloud or locally on a device. When adding a new device, the system implements two-factor authentication for security. All data and communications are encrypted using AES-256. The system aims to provide secure password management while hiding encryption keys and passwords from cloud servers or third parties.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
Comparison of data security in grid and cloud computingeSAT Journals
Abstract In the current era, Grid computing and cloud computing are the main fields in the research work. This thesis define which are the main security issues to be considered in cloud computing and grid computing, and how some of these security issues are solved. Comparative study shows the grid security is tighter than the cloud. It also shows cloud computing is less secure and faced security problems. This research work is based on main security problems in cloud computing such as authentication, authorization, access control and security infrastructure (SLA). Cloud infrastructure is based on service level agreement; simply cloud providers provide different services to cloud’s users and organizations with an agreement known SLA. So the security and privacy of user’s data is the main problem, because unauthorized person can’t access the data of cloud user. Hacking and data leakage are the common threats in cloud computing. As the security due to hackers increase over internet and the cloud computing is totally on internet. At this time, cloud computing demand the tight password protection and strong authentication and authorization procedure. For an increased level of security, privacy and password protection, we provide a new strong authentication model named “Two factor authentications using graphical password with pass point scheme”. This authentication model includes the login procedure, access control that is based on service level agreement (SLA) in cloud computing. Index Terms: Cloud computing, Authentication, login, Recognition, Recall, Pass point, security, Cloud Provider, Service level Agreement, Two Factor Authentication
The document compares the security of grid computing and cloud computing. Grid computing is considered more mature and has tighter security than cloud computing. Some key differences are:
- Grid computing uses multiple IDs for authentication while cloud often uses a single ID and password.
- Grid security infrastructure (GSI) uses public key protocols for authentication, communication protection, and authorization. Cloud relies more on basic username and password.
- Grid computing enforces service level agreements (SLAs) and policies across sites using distributed enforcement points. Cloud SLA security is simpler.
- The document proposes a new two-factor authentication model for cloud computing that uses graphical passwords and pass point selection on images for added security.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
This document discusses security challenges in cloud computing and proposes a framework to address them. It begins by reviewing existing literature on cloud security that identifies threats like VM-level attacks, management interface compromise, and compliance risks. It then discusses specific threats to cloud computing like changes to business models, abusive use of cloud resources, insecure APIs, and issues from shared infrastructure and multitenancy. The document proposes a cloud security model and framework to define security challenges and help providers enforce complex security policies to detect and prevent attacks in cloud environments.
A survey on cloud security issues and techniquesijcsa
This document summarizes security issues and techniques related to cloud computing. It discusses common cloud security threats such as multi-tenancy, elasticity, insider and outsider attacks, loss of control, data loss, network attacks, malware injection, and flooding attacks. The document also outlines techniques for securing data in the cloud, including authentication, encryption, privacy, availability, and information management. Finally, it briefly discusses cloud computing security standards like SAML, OAuth, OpenID and SSL/TLS.
This document summarizes an article about providing security in cloud networks. It discusses how cloud computing provides benefits but also security concerns as cloud resources can be compromised without proper security policies. It recommends defining policy management, performing risk analysis, and taking countermeasures. The document also lists some upsides of cloud computing like scalability and cost efficiency, but also downsides like losing control over data security once data is transferred to the cloud. It suggests using encryption to keep sensitive data secure across cloud platforms.
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
Cloud computing provides many benefits to the users such as accessibility and availability. As the data is available over the cloud, it can be accessed by different users. There may be sensitive data of organization. This is the one issue to provide access to authenticated users only. But the data can be accessed by the owner of the cloud. So to avoid getting data being accessed by the cloud owner, we will use the intrusion detection system to provide security to the data. The other issue is to save the data backup in other cloud in encrypted form so that load balancing can be done. This will help the user with data availability in case of failure of one cloud.
Security and Privacy Enhancing Multicloud Architectureijsrd.com
In recent years use of Cloud computing in different mode like cloud storage, cloud hosting, cloud servers are increased in industries and other organizations as per requirements. The Security challenges are still among the biggest obstacles when considering the adoption of cloud services. For this a lot of research has been done. With these, security issues, the cloud paradigm comes with a new set of unique features, which open the path toward novel security approaches, techniques, and architectures.
Cloudcomputingprovidesondemandservicestoitsclients.Datastorageisamongoneoftheprimaryservices providedbycloudcomputing.Cloudserviceproviderhoststhedataofdataownerontheirserverandusercan accesstheirdatafromtheseservers.Asdata,ownersandserversaredifferentidentities,theparadigmofdata storagebringsupmanysecuritychallenges.Anindependentmechanismisrequiredtomakesurethatdatais correctlyhostedintothecloudstorageserver.Inthispaper,wewilldiscussthedifferenttechniquesthatare usedforsecuredatastorageoncloud. Cloud computing is a functional paradigm that is evolving and making IT utilization easier by the day for consumers. Cloud computing offers standardized applications to users online and in a manner that can be accessed regularly. Such applications can be accessed by as many persons as permitted within an organization without bothering about the maintenance of such application. The Cloud also provides a channel to design and deploy user applications including its storage space and database without bothering about the underlying operating system. The application can run without consideration for on premise infrastructure. Also, the Cloud makes massive storage available both for data and databases. Storage of data on the Cloud is one of the core activities in Cloud computing. Storage utilizes infrastructure spread across several geographical locations.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
This document proposes a new security architecture for cloud computing environments that addresses various security gaps. It presents a hybrid technique combining Advanced Encryption Standard (AES) and Quantum Key Distribution (QKD) for encryption and decryption with random key generation. QKD provides more flexibility for communication through attack detection, while addressing shortcomings of each individual approach like limited distance of QKD and key availability issues of AES. The new approach aims to provide a more trusted cloud communication environment.
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
This document summarizes a research paper on secure data storage in the cloud using digital signature mechanisms. The paper proposes using digital signatures to authenticate data and ensure its integrity when stored in the cloud. Digital signatures are generated using a digital signature algorithm and attached to data files before being uploaded to the cloud. When users request to access a file, the cloud server will verify the digital signature using the user's public key to confirm the data has not been altered. The paper evaluates this approach through a prototype implemented using Windows Azure that demonstrates how digital signatures can help secure data stored in cloud computing environments.
This document summarizes recent research on security issues related to single cloud and multi-cloud storage models. It finds that relying on a single cloud service provider poses risks to data availability and integrity if the provider experiences an outage. Storing data across multiple cloud providers (a multi-cloud model) can help address these issues but may increase costs. The document surveys various techniques proposed in recent research to improve security, availability, and integrity in single and multi-cloud environments, such as homomorphic tokens, file division, and the Depsky model. It concludes that while single cloud has been more widely researched, multi-cloud is an important area of ongoing work to help overcome the security and cost challenges of cloud storage.
Cloud Computing is benefiting to both cloud hosts and consumers by providing elastic services as a utility. These
services are provided on the basis of Service Level Agreement (SLA). Security and privacy are major issues when dealing with a multi - tenant model of cloud. Consumers are provided computing power in terms of virtual machines (VMs). A consumer can have many VMs at a time. Multiple consumers can get different VMs from the same server. This may lead to cross-VM attacks. This paper introduces a new framework: SAFETY (Security Awareness Framework for Everyone's Task with You), for maintaining security from cross-VM attacks, Data
leakage, VM theft, VM escape, Hyper jacking and VM Hopping. Experiments and results show that this framework is suitable and can be used for secure operations at cloud host side.
Unit 3 -Data storage and cloud computingMonishaNehkal
Data storage
Cloud storage
Cloud storage from LANs to WANs
Cloud computing services
Cloud computing at work
File system
Data management
Management services
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
This document summarizes a research paper that proposes a new password management system called Security Blanket Algorithm. The system uses strong encryption to securely store user logins, passwords, credit cards and other sensitive information in the cloud or locally on a device. When adding a new device, the system implements two-factor authentication for security. All data and communications are encrypted using AES-256. The system aims to provide secure password management while hiding encryption keys and passwords from cloud servers or third parties.
Enhancing Data Integrity in Multi Cloud StorageIJERA Editor
Cloud computing is a way to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. Cloud is surrounded by many security issues like securing data and examining the utilization of cloud by the cloud computing vendors. Security is one of the major issues which reduce the growth of cloud computing. A large number of clients or data owners store their data on servers in the cloud and it is provided back to them whenever needed. The data provided should not be jeopardized. Data integrity should be taken into account so that the data is correct, consistent and accessible. For ensuring the integrity in cloud computing environment, cloud storage providers should be trusted. Dealing with single cloud providers is predicted to become less secure with customers due to risks of service availability, failure and the possibility of malicious insiders in the single cloud. This paper deals with multi cloud environments to resolve these issues. The integrity of the data in multi cloud storage has been provided with the help of trusted third party using cryptographic algorithm.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
Comparison of data security in grid and cloud computingeSAT Journals
Abstract In the current era, Grid computing and cloud computing are the main fields in the research work. This thesis define which are the main security issues to be considered in cloud computing and grid computing, and how some of these security issues are solved. Comparative study shows the grid security is tighter than the cloud. It also shows cloud computing is less secure and faced security problems. This research work is based on main security problems in cloud computing such as authentication, authorization, access control and security infrastructure (SLA). Cloud infrastructure is based on service level agreement; simply cloud providers provide different services to cloud’s users and organizations with an agreement known SLA. So the security and privacy of user’s data is the main problem, because unauthorized person can’t access the data of cloud user. Hacking and data leakage are the common threats in cloud computing. As the security due to hackers increase over internet and the cloud computing is totally on internet. At this time, cloud computing demand the tight password protection and strong authentication and authorization procedure. For an increased level of security, privacy and password protection, we provide a new strong authentication model named “Two factor authentications using graphical password with pass point scheme”. This authentication model includes the login procedure, access control that is based on service level agreement (SLA) in cloud computing. Index Terms: Cloud computing, Authentication, login, Recognition, Recall, Pass point, security, Cloud Provider, Service level Agreement, Two Factor Authentication
The document compares the security of grid computing and cloud computing. Grid computing is considered more mature and has tighter security than cloud computing. Some key differences are:
- Grid computing uses multiple IDs for authentication while cloud often uses a single ID and password.
- Grid security infrastructure (GSI) uses public key protocols for authentication, communication protection, and authorization. Cloud relies more on basic username and password.
- Grid computing enforces service level agreements (SLAs) and policies across sites using distributed enforcement points. Cloud SLA security is simpler.
- The document proposes a new two-factor authentication model for cloud computing that uses graphical passwords and pass point selection on images for added security.
Security Issues’ in Cloud Computing and its Solutions. IJCERT JOURNAL
Cloud computing is a set of IT services that are provided to a customer over a network on a leased basis and with the ability to scale up or down their service requirements. Usually cloud computing services are delivered by a third party provider who owns the infrastructure. It advantages to mention but a few include scalability, resilience, flexibility, efficiency and outsourcing non-core activities. Cloud computing offers an innovative business model for organizations to adopt IT services without upfront investment. Despite the potential gains achieved from the cloud computing, the organizations are slow in accepting it due to security issues and challenges associated with it. Security is one of the major issues which hamper the growth of cloud. The idea of handing over important data to another company is worrisome; such that the consumers need to be vigilant in understanding the risks of data breaches in this new environment. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
This document discusses security challenges in cloud computing and proposes a framework to address them. It begins by reviewing existing literature on cloud security that identifies threats like VM-level attacks, management interface compromise, and compliance risks. It then discusses specific threats to cloud computing like changes to business models, abusive use of cloud resources, insecure APIs, and issues from shared infrastructure and multitenancy. The document proposes a cloud security model and framework to define security challenges and help providers enforce complex security policies to detect and prevent attacks in cloud environments.
A survey on cloud security issues and techniquesijcsa
This document summarizes security issues and techniques related to cloud computing. It discusses common cloud security threats such as multi-tenancy, elasticity, insider and outsider attacks, loss of control, data loss, network attacks, malware injection, and flooding attacks. The document also outlines techniques for securing data in the cloud, including authentication, encryption, privacy, availability, and information management. Finally, it briefly discusses cloud computing security standards like SAML, OAuth, OpenID and SSL/TLS.
This document summarizes an article about providing security in cloud networks. It discusses how cloud computing provides benefits but also security concerns as cloud resources can be compromised without proper security policies. It recommends defining policy management, performing risk analysis, and taking countermeasures. The document also lists some upsides of cloud computing like scalability and cost efficiency, but also downsides like losing control over data security once data is transferred to the cloud. It suggests using encryption to keep sensitive data secure across cloud platforms.
Cloud Computing Using Encryption and Intrusion Detectionijsrd.com
Cloud computing provides many benefits to the users such as accessibility and availability. As the data is available over the cloud, it can be accessed by different users. There may be sensitive data of organization. This is the one issue to provide access to authenticated users only. But the data can be accessed by the owner of the cloud. So to avoid getting data being accessed by the cloud owner, we will use the intrusion detection system to provide security to the data. The other issue is to save the data backup in other cloud in encrypted form so that load balancing can be done. This will help the user with data availability in case of failure of one cloud.
Security and Privacy Enhancing Multicloud Architectureijsrd.com
In recent years use of Cloud computing in different mode like cloud storage, cloud hosting, cloud servers are increased in industries and other organizations as per requirements. The Security challenges are still among the biggest obstacles when considering the adoption of cloud services. For this a lot of research has been done. With these, security issues, the cloud paradigm comes with a new set of unique features, which open the path toward novel security approaches, techniques, and architectures.
Cloudcomputingprovidesondemandservicestoitsclients.Datastorageisamongoneoftheprimaryservices providedbycloudcomputing.Cloudserviceproviderhoststhedataofdataownerontheirserverandusercan accesstheirdatafromtheseservers.Asdata,ownersandserversaredifferentidentities,theparadigmofdata storagebringsupmanysecuritychallenges.Anindependentmechanismisrequiredtomakesurethatdatais correctlyhostedintothecloudstorageserver.Inthispaper,wewilldiscussthedifferenttechniquesthatare usedforsecuredatastorageoncloud. Cloud computing is a functional paradigm that is evolving and making IT utilization easier by the day for consumers. Cloud computing offers standardized applications to users online and in a manner that can be accessed regularly. Such applications can be accessed by as many persons as permitted within an organization without bothering about the maintenance of such application. The Cloud also provides a channel to design and deploy user applications including its storage space and database without bothering about the underlying operating system. The application can run without consideration for on premise infrastructure. Also, the Cloud makes massive storage available both for data and databases. Storage of data on the Cloud is one of the core activities in Cloud computing. Storage utilizes infrastructure spread across several geographical locations.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
A SECURITY FRAMEWORK IN CLOUD COMPUTING INFRASTRUCTUREIJNSA Journal
In a typical cloud computing diverse facilitating components like hardware, software, firmware, networking, and services integrate to offer different computational facilities, while Internet or a private network (or VPN) provides the required backbone to deliver the services. The security risks to the cloud system delimit the benefits of cloud computing like “on-demand, customized resource availability and performance management”. It is understood that current IT and enterprise security solutions are not adequate to address the cloud security issues. This paper explores the challenges and issues of security concerns of cloud computing through different standard and novel solutions. We propose analysis and architecture for incorporating different security schemes, techniques and protocols for cloud computing, particularly in Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) systems. The proposed architecture is generic in nature, not dependent on the type of cloud deployment, application agnostic and is not coupled with the underlying backbone. This would facilitate to manage the cloud system more effectively and provide the administrator to include the specific solution to counter the threat. We have also shown using experimental data how a cloud service provider can estimate the charging based on the security service it provides and security-related cost-benefit analysis can be estimated.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
This document proposes a new security architecture for cloud computing environments that addresses various security gaps. It presents a hybrid technique combining Advanced Encryption Standard (AES) and Quantum Key Distribution (QKD) for encryption and decryption with random key generation. QKD provides more flexibility for communication through attack detection, while addressing shortcomings of each individual approach like limited distance of QKD and key availability issues of AES. The new approach aims to provide a more trusted cloud communication environment.
Cloud computing is set of resources and services offered through the Internet. Cloud
services are delivered from data centers located throughout the world. Cloud computing
facilitates its consumers by providing virtual resources via internet. The biggest challenge in
cloud computing is the security and privacy problems caused by its multi-tenancy nature and the
outsourcing of infrastructure, sensitive data and critical applications. Enterprises are rapidly adopting
cloud services for their businesses, measures need to be developed so that organizations can be assured
of security in their businesses and can choose a suitable vendor for their computing needs. Cloud
computing depends on the internet as a medium for users to access the required services at any time on
pay-per-use pattern. However this technology is still in its initial stages of development, as it suffers
from threats and vulnerabilities that prevent the users from trusting it. Various malicious activities
from illegal users have threatened this technology such as data misuse, inflexible access control and
limited monitoring. The occurrence of these threats may result into damaging or illegal access of
critical and confidential data of users. In this paper we identify the most vulnerable security
threats/attacks in cloud computing, which will enable both end users and vendors to know a bout
the k ey security threats associated with cloud computing and propose relevant solution directives to
strengthen security in the Cloud environment. We also propose secure cloud architecture for
organizations to strengthen the security.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
Enhancing Data Storage Security in Cloud Computing Through SteganographyIDES Editor
This document summarizes a research paper that proposes a method for enhancing data security in cloud computing through steganography. The method hides user data in digital images stored on cloud servers. When data needs to be accessed, it is extracted from the images. The document outlines the cloud architecture and security issues addressed. It then describes the proposed system architecture, security model, and data storage and retrieval process. Data is partitioned and hidden in multiple images to improve security. The goal is to prevent unauthorized access to user data stored on cloud servers.
This document discusses security and privacy issues related to cloud computing. It begins by defining cloud computing and describing the four broad categories of cloud services: IaaS, PaaS, DSaaS, and SaaS. It then discusses general security issues faced by both cloud service providers and consumers. Specific issues are organized by governance domain, operational domain, and computer network domain for providers, and by governance, architecture, identity and access management, and availability for consumers. The document also summarizes security challenges related to each type of cloud service and issues regarding virtualization and legal concerns in cloud computing.
This presentation gives a detailed overview about Cloud Computing, its features and challenges faced by it in the market. It gives an insight into cloud security and privacy issues and its measures.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
Cloud data security and various cryptographic algorithms IJECEIAES
Cloud computing has spread widely among different organizations due to its advantages, such as cost reduction, resource pooling, broad network access, and ease of administration. It increases the abilities of physical resources by optimizing shared use. Clients’ valuable items (data and applications) are moved outside of regulatory supervision in a shared environment where many clients are grouped together. However, this process poses security concerns, such as sensitive information theft and personally identifiable data leakage. Many researchers have contributed to reducing the problem of data security in cloud computing by developing a variety of technologies to secure cloud data, including encryption. In this study, a set of encryption algorithms (advance encryption standard (AES), data encryption standard (DES), Blowfish, Rivest-Shamir-Adleman (RSA) encryption, and international data encryption algorithm (IDEA) was compared in terms of security, data encipherment capacity, memory usage, and encipherment time to determine the optimal algorithm for securing cloud information from hackers. Results show that RSA and IDEA are less secure than AES, Blowfish, and DES). The AES algorithm encrypts a huge amount of data, takes the least encipherment time, and is faster than other algorithms, and the Blowfish algorithm requires the least amount of memory space.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
Ubiquitous computing has revolutionized interaction of humans and machines. Cloud computing has been mainly used for storing data and various computational purposes. It has changed the face of using the internet. But, as we know every technology has its pros and cons. Securing cloud environment is the most challenging issue for the researchers and developers. Main aspects which cloud security should cover are authentication, authorization, data protection etc. Establishing trust between cloud service providers (CSP) is the biggest challenge, when someone is discussing about cloud security. Trust is a critical factor which mainly depends on perception of reputation and self-assessment done by both user and CSP. The trust model can act as security strength evaluator and ranking service for cloud application and services. For establishing trust relationship between two parties, mutual trust mechanism is reliable, as it does verification from both sides. There are various trust models which mainly focuses on securing one party i.e., they validate either user or service node. In this survey paper, the study of various trust models and their various parameters are discussed.
Cloud Computing is the most emerging trend in Information Technology now days. It is attracting the organizations due to its advantages of scalability, throughput, easy and cheap access and on demand up and down grading of SaaS, PaaS and IaaS. Besides all the salient features of cloud environment, there are the big challenges of privacy and security. In this paper, a review of different security issues like trust, confidentiality, authenticity, encryption, key management and resource sharing are presented along with the efforts made on how to overcome these issues.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Research On Preserving User Confidentiality In Cloud Computing – Design Of A ...IJERA Editor
Cloud Computing creates a dynamic resource sharing platform. Using cloud technologies such as virtualization, data can be provided to the active users who are at high need to utilize the resources provided within the cloud. As this data (or service) is stored (or offered) outside the data owner's boundaries, they are skeptical for utilizing cloud technology in order to store or utilize their data or service. There are many issues for these active clients (companies or individuals) to be petrified at the thought of using cloud computing paradigm. Some of the main issues that make the clients not to choose cloud computing may be determined because of three important security aspects such as confidentiality, integrity, and availability. This research focused on the security models that relate confidentiality issues. A literature Review is performed for analyzing the existing confidentiality frameworks and security models in the area of grid computing, cluster computing and virtualization. A new theoretical framework is then designed to overcome confidentiality issues thereby improving the client‟sgeneric understanding of cloud computing services. The resulting framework when implemented in real world would motivate clients to transform their businesses on to cloud.
Proposed system for data security in distributed computing in using triple d...IJECEIAES
This document proposes and compares two encryption algorithms, triple data encryption standard (3DES) and Rivest Shamir Adlemen (3kRSA), for securing data in cloud computing. The algorithms are implemented on the cloud operating system EyeOS. A comparative study finds that 3kRSA outperforms 3DES in complexity and output bytes, while 3DES is faster. Both algorithms encrypt data to provide confidentiality and integrity for data stored and transmitted over the insecure cloud environment. The document provides background on cloud security, the two algorithms, and the experimental setup using EyeOS for evaluation.
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...AJASTJournal
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Similar to SECURITY POLICY ENFORCEMENT IN CLOUD INFRASTRUCTURE (20)
ANALYSIS OF LAND SURFACE DEFORMATION GRADIENT BY DINSAR cscpconf
The progressive development of Synthetic Aperture Radar (SAR) systems diversify the exploitation of the generated images by these systems in different applications of geoscience. Detection and monitoring surface deformations, procreated by various phenomena had benefited from this evolution and had been realized by interferometry (InSAR) and differential interferometry (DInSAR) techniques. Nevertheless, spatial and temporal decorrelations of the interferometric couples used, limit strongly the precision of analysis results by these techniques. In this context, we propose, in this work, a methodological approach of surface deformation detection and analysis by differential interferograms to show the limits of this technique according to noise quality and level. The detectability model is generated from the deformation signatures, by simulating a linear fault merged to the images couples of ERS1 / ERS2 sensors acquired in a region of the Algerian south.
4D AUTOMATIC LIP-READING FOR SPEAKER'S FACE IDENTIFCATIONcscpconf
A novel based a trajectory-guided, concatenating approach for synthesizing high-quality image real sample renders video is proposed . The lips reading automated is seeking for modeled the closest real image sample sequence preserve in the library under the data video to the HMM predicted trajectory. The object trajectory is modeled obtained by projecting the face patterns into an KDA feature space is estimated. The approach for speaker's face identification by using synthesise the identity surface of a subject face from a small sample of patterns which sparsely each the view sphere. An KDA algorithm use to the Lip-reading image is discrimination, after that work consisted of in the low dimensional for the fundamental lip features vector is reduced by using the 2D-DCT.The mouth of the set area dimensionality is ordered by a normally reduction base on the PCA to obtain the Eigen lips approach, their proposed approach by[33]. The subjective performance results of the cost function under the automatic lips reading modeled , which wasn’t illustrate the superior performance of the
method.
MOVING FROM WATERFALL TO AGILE PROCESS IN SOFTWARE ENGINEERING CAPSTONE PROJE...cscpconf
Universities offer software engineering capstone course to simulate a real world-working environment in which students can work in a team for a fixed period to deliver a quality product. The objective of the paper is to report on our experience in moving from Waterfall process to Agile process in conducting the software engineering capstone project. We present the capstone course designs for both Waterfall driven and Agile driven methodologies that highlight the structure, deliverables and assessment plans.To evaluate the improvement, we conducted a survey for two different sections taught by two different instructors to evaluate students’ experience in moving from traditional Waterfall model to Agile like process. Twentyeight students filled the survey. The survey consisted of eight multiple-choice questions and an open-ended question to collect feedback from students. The survey results show that students were able to attain hands one experience, which simulate a real world-working environment. The results also show that the Agile approach helped students to have overall better design and avoid mistakes they have made in the initial design completed in of the first phase of the capstone project. In addition, they were able to decide on their team capabilities, training needs and thus learn the required technologies earlier which is reflected on the final product quality
PROMOTING STUDENT ENGAGEMENT USING SOCIAL MEDIA TECHNOLOGIEScscpconf
This document discusses using social media technologies to promote student engagement in a software project management course. It describes the course and objectives of enhancing communication. It discusses using Facebook for 4 years, then switching to WhatsApp based on student feedback, and finally introducing Slack to enable personalized team communication. Surveys found students engaged and satisfied with all three tools, though less familiar with Slack. The conclusion is that social media promotes engagement but familiarity with the tool also impacts satisfaction.
A SURVEY ON QUESTION ANSWERING SYSTEMS: THE ADVANCES OF FUZZY LOGICcscpconf
In real world computing environment with using a computer to answer questions has been a human dream since the beginning of the digital era, Question-answering systems are referred to as intelligent systems, that can be used to provide responses for the questions being asked by the user based on certain facts or rules stored in the knowledge base it can generate answers of questions asked in natural , and the first main idea of fuzzy logic was to working on the problem of computer understanding of natural language, so this survey paper provides an overview on what Question-Answering is and its system architecture and the possible relationship and
different with fuzzy logic, as well as the previous related research with respect to approaches that were followed. At the end, the survey provides an analytical discussion of the proposed QA models, along or combined with fuzzy logic and their main contributions and limitations.
DYNAMIC PHONE WARPING – A METHOD TO MEASURE THE DISTANCE BETWEEN PRONUNCIATIONS cscpconf
Human beings generate different speech waveforms while speaking the same word at different times. Also, different human beings have different accents and generate significantly varying speech waveforms for the same word. There is a need to measure the distances between various words which facilitate preparation of pronunciation dictionaries. A new algorithm called Dynamic Phone Warping (DPW) is presented in this paper. It uses dynamic programming technique for global alignment and shortest distance measurements. The DPW algorithm can be used to enhance the pronunciation dictionaries of the well-known languages like English or to build pronunciation dictionaries to the less known sparse languages. The precision measurement experiments show 88.9% accuracy.
INTELLIGENT ELECTRONIC ASSESSMENT FOR SUBJECTIVE EXAMS cscpconf
In education, the use of electronic (E) examination systems is not a novel idea, as Eexamination systems have been used to conduct objective assessments for the last few years. This research deals with randomly designed E-examinations and proposes an E-assessment system that can be used for subjective questions. This system assesses answers to subjective questions by finding a matching ratio for the keywords in instructor and student answers. The matching ratio is achieved based on semantic and document similarity. The assessment system is composed of four modules: preprocessing, keyword expansion, matching, and grading. A survey and case study were used in the research design to validate the proposed system. The examination assessment system will help instructors to save time, costs, and resources, while increasing efficiency and improving the productivity of exam setting and assessments.
TWO DISCRETE BINARY VERSIONS OF AFRICAN BUFFALO OPTIMIZATION METAHEURISTICcscpconf
African Buffalo Optimization (ABO) is one of the most recent swarms intelligence based metaheuristics. ABO algorithm is inspired by the buffalo’s behavior and lifestyle. Unfortunately, the standard ABO algorithm is proposed only for continuous optimization problems. In this paper, the authors propose two discrete binary ABO algorithms to deal with binary optimization problems. In the first version (called SBABO) they use the sigmoid function and probability model to generate binary solutions. In the second version (called LBABO) they use some logical operator to operate the binary solutions. Computational results on two knapsack problems (KP and MKP) instances show the effectiveness of the proposed algorithm and their ability to achieve good and promising solutions.
DETECTION OF ALGORITHMICALLY GENERATED MALICIOUS DOMAINcscpconf
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Control (C&C) network infrastructure to ensure a persistence presence on a compromised host. Amongst the various DDNS techniques, Domain Generation Algorithm (DGA) is often perceived as the most difficult to detect using traditional methods. This paper presents an approach for detecting DGA using frequency analysis of the character distribution and the weighted scores of the domain names. The approach’s feasibility is demonstrated using a range of legitimate domains and a number of malicious algorithmicallygenerated domain names. Findings from this study show that domain names made up of English characters “a-z” achieving a weighted score of < 45 are often associated with DGA. When a weighted score of < 45 is applied to the Alexa one million list of domain names, only 15% of the domain names were treated as non-human generated.
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...cscpconf
The document proposes a blockchain-based digital currency and streaming platform called GoMAA to address issues of piracy in the online music streaming industry. Key points:
- GoMAA would use a digital token on the iMediaStreams blockchain to enable secure dissemination and tracking of streamed content. Content owners could control access and track consumption of released content.
- Original media files would be converted to a Secure Portable Streaming (SPS) format, embedding watermarks and smart contract data to indicate ownership and enable validation on the blockchain.
- A browser plugin would provide wallets for fans to collect GoMAA tokens as rewards for consuming content, incentivizing participation and addressing royalty discrepancies by recording
IMPORTANCE OF VERB SUFFIX MAPPING IN DISCOURSE TRANSLATION SYSTEMcscpconf
This document discusses the importance of verb suffix mapping in discourse translation from English to Telugu. It explains that after anaphora resolution, the verbs must be changed to agree with the gender, number, and person features of the subject or anaphoric pronoun. Verbs in Telugu inflect based on these features, while verbs in English only inflect based on number and person. Several examples are provided that demonstrate how the Telugu verb changes based on whether the subject or pronoun is masculine, feminine, neuter, singular or plural. Proper verb suffix mapping is essential for generating natural and coherent translations while preserving the context and meaning of the original discourse.
EXACT SOLUTIONS OF A FAMILY OF HIGHER-DIMENSIONAL SPACE-TIME FRACTIONAL KDV-T...cscpconf
In this paper, based on the definition of conformable fractional derivative, the functional
variable method (FVM) is proposed to seek the exact traveling wave solutions of two higherdimensional
space-time fractional KdV-type equations in mathematical physics, namely the
(3+1)-dimensional space–time fractional Zakharov-Kuznetsov (ZK) equation and the (2+1)-
dimensional space–time fractional Generalized Zakharov-Kuznetsov-Benjamin-Bona-Mahony
(GZK-BBM) equation. Some new solutions are procured and depicted. These solutions, which
contain kink-shaped, singular kink, bell-shaped soliton, singular soliton and periodic wave
solutions, have many potential applications in mathematical physics and engineering. The
simplicity and reliability of the proposed method is verified.
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
The document discusses automated penetration testing and provides an overview. It compares manual and automated penetration testing, noting that automated testing allows for faster, more standardized and repeatable tests but has limitations in developing new exploits. It also reviews some current automated penetration testing methodologies and tools, including those using HTTP/TCP/IP attacks, linking common scanning tools, a Python-based tool targeting databases, and one using POMDPs for multi-step penetration test planning under uncertainty. The document concludes that automated testing is more efficient than manual for known vulnerabilities but cannot replace manual testing for discovering new exploits.
CLASSIFICATION OF ALZHEIMER USING fMRI DATA AND BRAIN NETWORKcscpconf
Since the mid of 1990s, functional connectivity study using fMRI (fcMRI) has drawn increasing
attention of neuroscientists and computer scientists, since it opens a new window to explore
functional network of human brain with relatively high resolution. BOLD technique provides
almost accurate state of brain. Past researches prove that neuro diseases damage the brain
network interaction, protein- protein interaction and gene-gene interaction. A number of
neurological research paper also analyse the relationship among damaged part. By
computational method especially machine learning technique we can show such classifications.
In this paper we used OASIS fMRI dataset affected with Alzheimer’s disease and normal
patient’s dataset. After proper processing the fMRI data we use the processed data to form
classifier models using SVM (Support Vector Machine), KNN (K- nearest neighbour) & Naïve
Bayes. We also compare the accuracy of our proposed method with existing methods. In future,
we will other combinations of methods for better accuracy.
VALIDATION METHOD OF FUZZY ASSOCIATION RULES BASED ON FUZZY FORMAL CONCEPT AN...cscpconf
The document proposes a new validation method for fuzzy association rules based on three steps: (1) applying the EFAR-PN algorithm to extract a generic base of non-redundant fuzzy association rules using fuzzy formal concept analysis, (2) categorizing the extracted rules into groups, and (3) evaluating the relevance of the rules using structural equation modeling, specifically partial least squares. The method aims to address issues with existing fuzzy association rule extraction algorithms such as large numbers of extracted rules, redundancy, and difficulties with manual validation.
PROBABILITY BASED CLUSTER EXPANSION OVERSAMPLING TECHNIQUE FOR IMBALANCED DATAcscpconf
In many applications of data mining, class imbalance is noticed when examples in one class are
overrepresented. Traditional classifiers result in poor accuracy of the minority class due to the
class imbalance. Further, the presence of within class imbalance where classes are composed of
multiple sub-concepts with different number of examples also affect the performance of
classifier. In this paper, we propose an oversampling technique that handles between class and
within class imbalance simultaneously and also takes into consideration the generalization
ability in data space. The proposed method is based on two steps- performing Model Based
Clustering with respect to classes to identify the sub-concepts; and then computing the
separating hyperplane based on equal posterior probability between the classes. The proposed
method is tested on 10 publicly available data sets and the result shows that the proposed
method is statistically superior to other existing oversampling methods.
CHARACTER AND IMAGE RECOGNITION FOR DATA CATALOGING IN ECOLOGICAL RESEARCHcscpconf
Data collection is an essential, but manpower intensive procedure in ecological research. An
algorithm was developed by the author which incorporated two important computer vision
techniques to automate data cataloging for butterfly measurements. Optical Character
Recognition is used for character recognition and Contour Detection is used for imageprocessing.
Proper pre-processing is first done on the images to improve accuracy. Although
there are limitations to Tesseract’s detection of certain fonts, overall, it can successfully identify
words of basic fonts. Contour detection is an advanced technique that can be utilized to
measure an image. Shapes and mathematical calculations are crucial in determining the precise
location of the points on which to draw the body and forewing lines of the butterfly. Overall,
92% accuracy were achieved by the program for the set of butterflies measured.
SOCIAL MEDIA ANALYTICS FOR SENTIMENT ANALYSIS AND EVENT DETECTION IN SMART CI...cscpconf
Smart cities utilize Internet of Things (IoT) devices and sensors to enhance the quality of the city
services including energy, transportation, health, and much more. They generate massive
volumes of structured and unstructured data on a daily basis. Also, social networks, such as
Twitter, Facebook, and Google+, are becoming a new source of real-time information in smart
cities. Social network users are acting as social sensors. These datasets so large and complex
are difficult to manage with conventional data management tools and methods. To become
valuable, this massive amount of data, known as 'big data,' needs to be processed and
comprehended to hold the promise of supporting a broad range of urban and smart cities
functions, including among others transportation, water, and energy consumption, pollution
surveillance, and smart city governance. In this work, we investigate how social media analytics
help to analyze smart city data collected from various social media sources, such as Twitter and
Facebook, to detect various events taking place in a smart city and identify the importance of
events and concerns of citizens regarding some events. A case scenario analyses the opinions of
users concerning the traffic in three largest cities in the UAE
SOCIAL NETWORK HATE SPEECH DETECTION FOR AMHARIC LANGUAGEcscpconf
The anonymity of social networks makes it attractive for hate speech to mask their criminal
activities online posing a challenge to the world and in particular Ethiopia. With this everincreasing
volume of social media data, hate speech identification becomes a challenge in
aggravating conflict between citizens of nations. The high rate of production, has become
difficult to collect, store and analyze such big data using traditional detection methods. This
paper proposed the application of apache spark in hate speech detection to reduce the
challenges. Authors developed an apache spark based model to classify Amharic Facebook
posts and comments into hate and not hate. Authors employed Random forest and Naïve Bayes
for learning and Word2Vec and TF-IDF for feature selection. Tested by 10-fold crossvalidation,
the model based on word2vec embedding performed best with 79.83%accuracy. The
proposed method achieve a promising result with unique feature of spark for big data.
GENERAL REGRESSION NEURAL NETWORK BASED POS TAGGING FOR NEPALI TEXTcscpconf
This article presents Part of Speech tagging for Nepali text using General Regression Neural
Network (GRNN). The corpus is divided into two parts viz. training and testing. The network is
trained and validated on both training and testing data. It is observed that 96.13% words are
correctly being tagged on training set whereas 74.38% words are tagged correctly on testing
data set using GRNN. The result is compared with the traditional Viterbi algorithm based on
Hidden Markov Model. Viterbi algorithm yields 97.2% and 40% classification accuracies on
training and testing data sets respectively. GRNN based POS Tagger is more consistent than the
traditional Viterbi decoding technique.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
This presentation was provided by Rebecca Benner, Ph.D., of the American Society of Anesthesiologists, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
The chapter Lifelines of National Economy in Class 10 Geography focuses on the various modes of transportation and communication that play a vital role in the economic development of a country. These lifelines are crucial for the movement of goods, services, and people, thereby connecting different regions and promoting economic activities.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
2. 2 Computer Science & Information Technology (CS & IT)
It is worthy to find trustworthiness of cloud service providers based on some parameters like
system update frequency, mean down time, previous attack history [1].
In this paper, we explore the above-mentioned challenges and issues of security concerns of cloud
computing through different standard and novel solutions. Our discussion on cloud security is
independent of the type of cloud deployment. We propose a security-enabled cloud environment
which significantly protects client’s interest and security concerns over its data based on user or
application’s requirement, which helps in mitigating the scalability issues.
This paper is organized as follows. In Section 2, related work done by several researchers is
documented. In Section 3, we discuss about the security in cloud infrastructure, its key issues and
open challenges. Section 4 depicts proposed architecture for implementing cloud system security,
and the Security-as-a-Service in a cloud system. Finally, In Section 5 we conclude the paper
citing our future work.
2. RELATED WORK
Conner et al [1] have presented an effective reputation management system with associated trust
establishment through multiple scoring functions and implemented the security service on a
realistic application scenario in distributed environments. Privacy issue in cloud computing is
dealt in [2]. In [3], a nice scheme for handling data protection in terms of confidentiality through
amalgamation of identity management with hierarchical identity-based cryptography is described.
Trust needs to be established means for better security of cloud platforms. In [14], trust and
reputation based scheme in collaborative computing is presented. With this backdrop, we present
our proposed architecture and security model towards better protection of confidentiality, privacy
in a public cloud infrastructure.
3. SECURITY IN CLOUD COMPUTING
Security is a big challenge in cloud system due to its nature of outsourced computing. Mainly,
confidentiality, integrity and authentication are the primary pain areas. Unless robust security
scheme and user-centric security policy is implemented, cloud system would be vulnerable to
susceptible to different attacks.
3.1 Key Issues
Confidentiality prevents intentional (malicious) or unintentional disclosure of sensitive
information. In cloud systems, confidentiality incorporates data encryption to minimize
vulnerability due to covert channels, traffic analysis, and sensitive inference. In, [3] federated
identity management in the cloud is described. For guaranteeing data integrity at rest or storage,
particularly in IaaS and PaaS systems, trusted infrastructure [8] needs to be incorporated. In fact,
traditional security techniques for enterprise and home computing systems cannot address the
cloud server security problems [10].
3.2 Open Challenges
One of the primary focuses to provide cloud security is to have one integrated solution enabling
the required security primitives like confidentiality, authentication and integrity. In [2, 13], it is
described that cloud specific security solutions like confidentiality-enabled computing, user-
defined authentication and access control, atomic data integrity are the main issues to be
addressed.
3. Computer Science & Information Technology (CS & IT) 3
4. PROPOSED SECURITY MODEL AND IMPLEMENTATION
ARCHITECTURE
We propose a framework for satisfying cloud security ensuring the main primitives:
confidentiality, integrity and authentication (with access control). Then we integrate the
individual proposals to provide an integrated cloud security which would be offered as a security
service.
4.1 Confidentiality in Cloud Infrastructure
With the ownership of client’s sensitive data at cloud service provider, it becomes highly unlikely
to protect data from the respective service provider while there are well-established techniques
available to resist the external threats [2, 5]. One of the solutions is to introduce the concept of
data analysis and processing at the provider without the content of client’s data gets revealed.
Client’s data needs to be processed and analysed in original or raw form at the cloud to enable
meaningful applications. This defeats the confidentiality of user’s data. In order to retain
confidentiality as well as deriving services out of data by third party application, processing on
encryption domain is required. This is termed as homomorphic encryption in [6, 7]. Suppose,
cloud service provider requires to compute some arbitrary function f on client’s (one or many in
number) data d1, … , dN.. This can be done two ways:
• ),....,( 21 Ndddf
• ))(),....(),(( 21 NdEdEdEf
Homomorphic encryption scheme allows to efficiently compute arbitrary functions over
encrypted data i.e., given encryptions E(d1), …, E(dN) of d1, … , dN for any computable function
f. In order to ensure client data security from cloud service provider where cloud service provider
needs to compute on client data, homomorphic encryption is the only available option. Though it
is in developing stage and incurs high computational cost for sophisticated functions, we propose
the following algorithm to balance between the security and usability:
Security-utility balancing algorithm
Begin
Find the confidentiality requirement from client
Repository of trust scores of the cloud service provider is
supplied
If the specific cloud service provider “Blacklisted cloud
service providers” “Sensitive application” (like finance
data)
Use functional encryption (homomorphic encryption)
Elseif client data sensitive “statistical meaning is of
importance
Negotiate with privacy primitives like perturbation,
randomization, and generalization
Else
Use standard on-transit TLS/SSL encryption
End
4. 4 Computer Science & Information Technology (CS & IT)
4.2 Authentication Architecture and Policy in Cloud Infrastructure
For providing identity management to warrant authentication and authorization, OpenID and
OAuth standards are defined using cloud specific security and privacy policy [8]. On the other
hand, XACML (eXtensible Access Control Markup Language), an OASIS-ratified, is a
declarative access control policy language. XCAML is suited for policy-based access control and
authorization services. A trusted third party or the cloud service provider hosts the XACML
decision engine consisting of decision implementation by Policy Decision Point (PDP) and policy
based enforcement by Policy Enforcement Point (PEP). In Fig. 1, we describe a simplified
architecture of XACML based access control.
Fig. 1.Architecture of XACML based cloud authentication
The proposed protocol for XACML-based cloud authentication is described below, where we
depict an activity diagram for better understanding of the protocol for XACML based cloud
authentication. In this case, we consider cloud service provider as a reliable (trusted) third party.
Fig. 2. XACML based cloud authentication protocol
It is to be noted that Policy.xml is a very sensitive and an important file maintaining the access
and authorization policy for different applications and cloud users and should be stored in
encrypted or hardware-secured method. Another important requirement is to ensure higher
usability such that client users with multiple application subscription. Cloud accounts should
easily access data while security is safeguarded. One of the striking usability features is to
provide Single-Sign-On (SSO) based authentication so that the user can maintain only single
authentication credential for accessing different applications, even different cloud service
providers. Following architecture can be conceptualized as depicted in fig. 3, where a cloud user
authenticates through a cloud SSO hosted by a particular cloud service provider to access other
cloud apps, other (owned) cloud service provider accounts, even authorized data of other cloud
user.
5. Computer Science & Information Technology (CS & IT) 5
Fig. 3. SSO- based cloud authentication
4.3 Integrity Architecture in Cloud Infrastructure
Cloud service is very much prone to non-invasive side channel attacks like software attacks
(malware, virus), statistical attacks (password guess) due to its distributed nature. Trusted
Computing Group (TCG) is engaged in formulating a separate layer of hardware security within
cloud infrastructure [10, 12]. Ensuring trusted hardware (like Trusted Platform Module) secure
booting, public key based integrity checking along with frequent system validation and
consequent application access control helps to build a trusted cloud platform as shown in Fig. 4.
The main objective is to provide secure execution of the application by employing application
access control through software and hardware level security. It can be observed that through this
integrity-ensured trusted cloud, an end-to-end trust (from hardware layer to application layer)
chain of trust can be established. When the client is capable of moderate processing power and
transacting sensitive records like financial data, medical reports, the proposed trust establishment
is necessary to ensure reliability for data at rest.
4.4 Integrated Cloud Security Architecture
To ensure the cloud ecosystem capable of handling the security aspects, discrete components for
countering specific attack may not be manageable. An interesting and unique feature of cloud
security is that security can be provided as a service like software, platform or infrastructure.
Security-as-a-service has potential because of two reasons. The concept of security as a top-up on
different applications may not suffice the requirement of cloud system. In cloud system,
application developer needs to incorporate the security APIs to the application and cloud
administrator has to check the required security primitives. Another important feature is to
provide on-demand security like on-demand storage or on-demand computation. This means that
the cloud user or cloud application based on requirement can subscribe the particular security
components and thus introducing security as a service. On the other hand this feature can be
handy to create an adaptive-secure cloud system, where based on applications or users context
certain security primitives or APIs will be called to defend from possible threats. We envision the
architecture as:
Fig 4. Conceptual cloud service model with security-as-a-service
6. 6 Computer Science & Information Technology (CS & IT)
“Security-as-a-Service” consists of different components like PaaS consists of service, compute
components; IaaS consists of storage, network components. The main components of “Security-
as-a-Service” are shown in Table 1. Based on the requirements, these components can be
incorporated on demand basis. For example, for storage security or data at rest integrity data
integrity components can be used; cloud users can negotiate with cloud service provider for
homomorphic encryption such that user’s data is processed in encrypted domain. In a similar
way, this security primitive can be integrated in a proactive or adaptively to different rendered
services for seamless protection against possible attacks. For example, when SaaS is handling
request for financial transactions more security primitives (like HTTPS, XACML, digital
signature) are used while handling request for chat applications, HTTPS, digital signature are not
needed.
Table 1.Security-as-a-service for other cloud services and stakeholders
Services/
Stakeholders
Security primitives of
Security-as-a-service
Cloud user
Homomorphic
encryption, TPM
Cloud
infrastructure
TPM, SSO
SaaS
OpenID, OAuth,
XACML, HTTPS
PaaS
Homomorphic
encryption, OpenID,
OAuth, XACML
IaaS TPM
4.5 Cloud Computing with Security-As-A-Service
Security-as-a-service, as defined earlier is to be availed as a horizontal service in a cloud service
model. In this section, we describe a use case of an e-health system using security-as-a-service.
There are different parties in the e-health system like medical practitioner, patient, hospital,
medicine retailer, nursing staff, insurance agency, medical researcher, so on and so forth
designated as ][ iττ = , i= medical practitioner, patient, medicine retailer, nursing staff, hospital,
insurance agency, medical researcher… The e-health system is hosted in a cloud service provider
C with PaaS model. We denote the sensitive medical record of the patient as D . The patient
intends to share ],[ sp DDD = , where p stands for public, s stands for sensitive. The cloud client
with medical record (patient) D is hosted in C with following security constraints S :
1. For iτ , where i = medical researcher, only aggregated result on sD would be shared.
2. For iτ , where i= medical retailer only medicine part of sD is to be shared.
3. For iτ , where i= nursing staff, only medicine and some related part of sD is to be shared.
4. For iτ , where i= insurance agency, cost, primary investigation and medicine part of sD
is to be shared.
5. All iτ is to be authenticated.
6. sD is to be stored securely in C , sD is to be shared to iτ through C in a secure channel,
i.e. i
uredDs
C τ → sec
.
7. Computer Science & Information Technology (CS & IT) 7
When the cloud client, the owner registers to the cloud C for allowing C to host D , client
patientτ gets registered and authenticates to C using OpenID. When patientτ avails the service of e-
health application, it posts its medical record D to C undersigning with the constraints S . There
can be a negotiation process between patientτ and C such that C accepts a subset of S . For sake
of simplicity, we do not consider the negotiation phase. In fig. 5, we show the initial data hosting
and constraint sharing between patientτ and C .
Fig 5. Registration and security-constraint sharing
After registers in , shares and , it is the responsibility of to ensure the security
requirements as per when acknowledgement is made. It is to be mentioned that service and
business model does also participate as the amount of and directly impact the pricing of
rendering the service.
After patientτ registers in C , shares D and S , it is the responsibility of C to ensure the security
requirements S as per when acknowledgement is made. It is to be mentioned that service and
business model does also participate as the amount of D and S directly impact the pricing of
rendering the service.
Let us consider that medical researcher intends to avail some information from D through query
function Q , which can be searching for a piece of data, aggregated result etc. So,
researchermedical _τ queries C on D for Q . In order to retain secrecy, C negotiates with
researchermedical _τ for homomorphic key exchange, public and private key ( prpu KK , ) and installing
homomorphic encryption agent (if already not present) on researchermedical _τ . C performs
homomorphic encryption on D with puK and researchermedical _τ decrypts with prK .The decrypted
content is Q on D . For example, D may consist of medical investigation data of patientτ and Q
requires information on the investigation data that is higher than reference range. We depict the
protocol in fig. 6. Our proposal is to address this issue through functional encryption. However,
other cryptographic primitives can be used.
8. 8 Computer Science & Information Technology (CS & IT)
Fig 6. Functional confidentiality in cloud computing
In order to satisfy other constraints primitives from security-as-a-service needs to be
incorporated. For example, satisfying 6 requires HTTPS channel set up among patientτ , D and
researchermedical _τ for data sharing. For 5, OpenID and OAuth primitives need to be set up.
5. CONCLUSION AND FUTURE WORK
In this paper, we have analyzed the problem of security in cloud computing. This paper provides
security architecture and necessary support techniques for securing cloud computing
infrastructure. It assumes to address following challenges to provide data confidentiality cloud
users, to enable cloud information integrity and authentication. We have emphasized that the
problem of network security or security of data at transit can be handled by the present state-of-
the-art solution. We have provided solutions to counter these threats for securing cloud user’s
data when exchanged with the cloud service provider (and processed at the cloud service
provider), among different cloud service providers and between other cloud users. We have
proposed “Security-as-a-Service” as a horizontal service model to support the security
requirements of cloud users as well as other service models like IaaS and PaaS. However, cloud
security research has just started its journey and it is long way to go before ensuring full-fledged
cloud security. For example, computation on encrypted data is very much essential to provide
data confidentiality from cloud security provider while allowing computation. To enable such
feature, homomrphic encryption [5, 6] is a good candidate. However, fully homomrphic
encryption incurs high computational cost and is not feasible with existing state-of-the-art cloud
hardware. There exists immense scope of research to introduce light-weight homomorphic
encryption scheme.
REFERENCES
1. Conner, W., Iyengar, A., Mikalsen, T.,Rouvellou, I., and Nahrstedt, K. A Trust Management
Framework for Service-Oriented Environments. In Proceedings of the WWW Conference, 891- 900,
2009
2. Ukil, A. Security and Privacy in Wireless Sensor Networks. In Smart Wireless Sensor Networks, 395
– 418, 2010
3. Yan, L., Rong, C., and Zhao, G. Strengthen Cloud Computing Security with Federal Identity
Management Using Hierarchical Identity-Based Cryptography. In Proceedings of CloudCom, 167–
177. 2009
4. Yau, S., S., and Ho G. Protection of users' data confidentiality in cloud computing. In Proceedings of
the 2nd Asia-Pacific Symposium on Internetware, 2010
5. Rivest, R. L., Adleman, L., and Dertouzos, M., L. On data banks and privacy homomorphisms. In
Foundations of Secure Computation, 1978
9. Computer Science & Information Technology (CS & IT) 9
6. Gentry, C. Fully Homomorphic Encryption Using Ideal Lattices. In Proceedings of 41st ACM
Symposium on Theory of Computing, 169 – 178, 2009
7. Leiba, B. OAuth Web Authorization Protocol. IEEE Internet Computing, 16, 1, 74-77, 2012
8. Ukil, A. Secure Trust Management in Distributed Computing Systems. IEEE DELTA, Newzealand,
116 – 121, 2011
9. Ukil, A., Sen, J., and Koilakonda, S. Embedded Security for Internet of Things. In Proceedings of 2nd
IEEE National Conference on Emerging Trends and Applications in Computer Science, 1-6, 2011
10. Van Dijk, M., Juel, A. On the impossibility of cryptography alone for privacy-preserving cloud
computing. In Proceedings of USENIX Hotsec, 2010.
11. http://www.trustedcomputinggroup.org (accessed on 27 Aug, 2012)
12. Ukil, A.,Sen, J. Secure multiparty privacy preserving data aggregation by modular arithmetic. In
Proceedings of IEEE International Conference on Parallel Distributed and Grid Computing, 344 –
349, 2010
13. Mather, T., Kumaraswamy, S., and Latif, S. Cloud Security and Privacy: An Enterprise perspective of
Risks and Compliance. O'Reilly Media, Inc., 2009
14. Ukil, A. Trust and Reputation Based Collaborating Computing in Wireless Sensor Networks. In
Proceedings of IEEE International Conference on Computational Intelligence, Modelling and
Simulation, 464 – 469, 2010