There are many security threats in cloud computing. But the major security threats in the security of the data is third party auditor of data or user data. The various security model varies from application to application. After studying the model of proof of retrievability. The new model will proposed for E-learning, while putting the data on the cloud because security is important factor
This is a technical presentation describing two protocols namely MQTT and CoAP for IoT communications. This explains the protocols in conjunction with OSI layers.
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
This is a technical presentation describing two protocols namely MQTT and CoAP for IoT communications. This explains the protocols in conjunction with OSI layers.
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
The term “Cloud Computing” is a recent buzzword in the IT world. Behind this fancy poetic phrase, there lies a true picture for the future of computing for both in technical prospective and social prospective. However, the term “Cloud Computing” is recent but the idea of centralizing computation and storage in distributed data centers maintained by third party companies is not new but it came in the way back in 1990s along with distributed computing approaches like grid computing. Cloud computing aimed at providing IT as a service to the cloud users on-demand basic with greater flexibility, availability, reliability and scalability with utility computing model. This new paradigm of computing has an immense potential in it to be use in the field of e-governance and in rural development perspective in the developing country like India.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Software Defined Wide Area Network (SD-WAN) merupakan bagian dari teknologi Software Define Networking (SDN) yang penerapannya dilakukan pada Wide Area Network dan berfungsi untuk menghubungkan HQ (kantor pusat) atau Data Center dengan kantor cabang suatu perusahaan atau instansi.
SD-WAN menyederhanakan manajemen dan pengoperasian WAN dengan memisahkan antara hardware network dengan controller-nya.
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
Public-key cryptosystems produce constant-size cipher texts with efficient delegation
of decryption rights for any set of cipher texts. One can aggregate any set of secret keys and make
them as compact as a single key. The secret key holder can release a constant-size aggregate key for
flexible choices of cipher text set in cloud storage. In KAC, users encrypt a message not only under a
public-key, but also under an identifier of cipher text called class. That means the cipher texts are
further categorized into different classes. The key owner holds a master-secret called master-secret
key, which can be used to extract secret keys for different classes. More importantly, the extracted
key have can be an aggregate key which is as compact as a secret key for a single class, but
aggregates the power of many such keys, i.e., the decryption power for any subset of cipher text
classes. The key aggregate cryptosystem is enhanced with boundary less cipher text classes. The
system is improved with device independent key distribution mechanism. The key distribution
process is enhanced with security features to protect key leakage. The key parameter transmission
process is integrated with the cipher text download process.
The growth of embedded systems connecting to the Internet or "Internet of Things" (IoT) increases year by year. Thus, the IoT ecosystems become new targets of the attackers. This presentation will talk about the basic principle of information security, why we need to secure IoT ecosystems, and also the vulnerabilities and solutions from OWASP.
The term “Cloud Computing” is a recent buzzword in the IT world. Behind this fancy poetic phrase, there lies a true picture for the future of computing for both in technical prospective and social prospective. However, the term “Cloud Computing” is recent but the idea of centralizing computation and storage in distributed data centers maintained by third party companies is not new but it came in the way back in 1990s along with distributed computing approaches like grid computing. Cloud computing aimed at providing IT as a service to the cloud users on-demand basic with greater flexibility, availability, reliability and scalability with utility computing model. This new paradigm of computing has an immense potential in it to be use in the field of e-governance and in rural development perspective in the developing country like India.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
Software Defined Wide Area Network (SD-WAN) merupakan bagian dari teknologi Software Define Networking (SDN) yang penerapannya dilakukan pada Wide Area Network dan berfungsi untuk menghubungkan HQ (kantor pusat) atau Data Center dengan kantor cabang suatu perusahaan atau instansi.
SD-WAN menyederhanakan manajemen dan pengoperasian WAN dengan memisahkan antara hardware network dengan controller-nya.
SURVEY ON KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARINGEditor IJMTER
Public-key cryptosystems produce constant-size cipher texts with efficient delegation
of decryption rights for any set of cipher texts. One can aggregate any set of secret keys and make
them as compact as a single key. The secret key holder can release a constant-size aggregate key for
flexible choices of cipher text set in cloud storage. In KAC, users encrypt a message not only under a
public-key, but also under an identifier of cipher text called class. That means the cipher texts are
further categorized into different classes. The key owner holds a master-secret called master-secret
key, which can be used to extract secret keys for different classes. More importantly, the extracted
key have can be an aggregate key which is as compact as a secret key for a single class, but
aggregates the power of many such keys, i.e., the decryption power for any subset of cipher text
classes. The key aggregate cryptosystem is enhanced with boundary less cipher text classes. The
system is improved with device independent key distribution mechanism. The key distribution
process is enhanced with security features to protect key leakage. The key parameter transmission
process is integrated with the cipher text download process.
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
Cloud computing provides the facility to access shared resources and common support which contributes services on demand over the network to perform operations that meet changing business needs. A cloud storage system, consisting of a collection of storage servers, affords long-term storage services over the internet. Storing the data in a third party cloud system cause serious concern over data confidentiality, without considering the local infrastructure limitations, the cloud services allow the user to enjoy the cloud applications. As the different users may be working in the collaborative relationship, the data sharing becomes significant to achieve productive benefit during the data accessing. The existing security system only focuses on the authentication; it shows that user’s private data cannot be accessed by the fake users. To address the above cloud storage privacy issue shared authority based privacy-preserving authentication protocol is used. In the SAPA, the shared access authority is achieved by anonymous access request and privacy consideration, attribute based access control allows the user to access their own data fields. To provide the data sharing among the multiple users proxy re-encryption scheme is applied by the cloud server. The privacy-preserving data access authority sharing is attractive for multi-user collaborative cloud applications.
Guddu Kumar. “A Review on Data Protection of Cloud Computing Security, Benefits, Risks and Suggestions” United International Journal for Research & Technology (UIJRT) 1.2 (2019): 26-34.
A Secure Cloud Storage System with Data Forwarding using Proxy Re-encryption ...IJTET Journal
Cloud computing provides the facility to access shared resources and common support which contributes services on
demand over the network to perform operations that meet changing business needs. A cloud storage system, consisting of a collection
of storage servers, affords long-term storage services over the internet. Storing the data in a third party cloud system cause serious
concern over data confidentiality, without considering the local infrastructure limitations, the cloud services allow the user to enjoy the
cloud applications. As the different users may be working in the collaborative relationship, the data sharing becomes significant to
achieve productive benefit during the data accessing. The existing security system only focuses on the authentication; it shows that
user’s private data cannot be accessed by the fake users. To address the above cloud storage privacy issue shared authority based
privacy-preserving authentication protocol is used. In the SAPA, the shared access authority is achieved by anonymous access request
and privacy consideration, attribute based access control allows the user to access their own data fields. To provide the data sharing
among the multiple users proxy re-encryption scheme is applied by the cloud server. The privacy-preserving data access authority
sharing is attractive for multi-user collaborative cloud applications.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
This is a literature survey about security issues and countermeasures on cloud computing. This paper discusses about an overview of cloud computing and security issues of cloud computing.
Abstract--The paper identifies the issues and the solution to overcome these problems. Cloud computing is a subscription based service where we can obtain networked storage space and computer resources. This technology has the capacity to admittance a common collection of resources on request. It is the application provided in the form of service over the internet and system hardware in the data centers that gives these services. But having many advantages for IT organizations cloud has some issues that must be consider during its deployment. The main concern is security privacy and trust. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario [4].
Keywords--Cloud, Issues, Security, Privacy, Resources, Technology.
Cloud computing means using multiple server computers via a digital network, as though they were one computer.
We can say , it is a new computing paradigm, involving data and/or computation outsourcing.
it has many issues like security issues, privacy issues, data issues, energy issues, bandwidth issues, cloud interoperability.
there are solutions like scaling of resources, distribute servers etc.
Security for Effective Data Storage in Multi CloudsEditor IJCATR
Cloud Computing is a technology that uses the internet and central remote servers to maintain data and
applications. Cloud computing allows consumers and businesses to use applications without installation and access their personal
files at any computer with internet access. This technology allows for much more efficient computing by centralizing data
storage, processing and bandwidth. The use of cloud computing has increased rapidly in many organizations. Cloud computing
provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor
in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers
may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of
service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in
other words, “interclouds” or “cloud-of clouds” has emerged recently. This paper surveys recent research related to single and
multi-cloud security and addresses possible solutions. It is found that the research into the use of multicloud providers to maintain
security has received less attention from the research community than has the use of single clouds. This work aims to promote the
use of multi-clouds due to its ability to reduce security risks that affect the cloud computing user.
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
Abstract Data security and Access control is a challenging research work in Cloud Computing. Cloud service users upload there private and confidential data over the cloud. As the data is transferred among the server and client, the data is to be protected from unauthorized entries into the server, by authenticating the user’s and provide high secure priority to the data. So the Experts always recommend using different passwords for different logins. Any normal person cannot possibly follow that advice and memorize all their usernames and passwords. That is where password managers come in. The purpose of this paper is to secure data from unauthorized person using Security blanket algorithm.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Similar to Security threats in cloud computing (20)
Primer on Supervised Learning and Unsupervised Learning Modelling for Non-Tec...Puneet Arora
Presentation of the 'Supervised Learning and Unsupervised Learning for Non-Technical People
All-India Workshop on Data Analytics and Responsible AI (Online)
Gig Based Career Options in Pandemic :
Gigs are equal to abilities and skills. Remember , the current economy does not give much importance to experience and even to degrees.You need to know how the work done , this only comes with the help of Skills.
Why Kitchen Gardening is critical for Us,especially in covid-19 times. Learn why kitchen gardening can solve the problems of climate change and pollution,
Optimization of Cognitive Radio spectrum and
1. To optimise maximum throughput and SNIR of secondary user’s w.r.t Primary user’s.
2. To calculate throughput w.r.t no of slots by varying time slots and channel bandwidth.
3. To study the performance characteristics achieved through Greedy Algorithm and Optimal algorithm.
If find how to create
E-R Diagrams ? Here is a Doc making things for you simple and easy .
Entity Relationship Diagrams (ERDs) illustrate the logical structure of databases.
I find many students find uneasiness in creating ER-Diagrams conceptually , but they understand how to create tables and columns for a Software project . Here is an approach creating to first create Tables and from tables ..ER Diagrams
X 509 Certificates How And Why In Vb.NetPuneet Arora
Learn Why and How to : X 509 Certificates
A public key certificate, usually just called a digital certificate or certs is a digitally signed document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority (CA) and can be issued for a user, a computer, or a service. This creates a trust relationship between two unknown entities. The CA is the Grand Pooh-bah of Validation in an organization, which everyone trusts, and in some public key environments, no certificate is considered valid unless it has been attested to by a CA. Example of a popular CA�s authority is http://www.verisign.com
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
1. 1
Security threats in cloud computing
1. Introduction
Cloud computing is a term used to describe both a platform and type of application. A
cloud computing platform dynamically provisions, configures, reconfigures, and
deprovisions servers as needed. Servers in the cloud can be physical machines or virtual
machines. Advanced clouds typically include other computing resources such as storage
area networks (SANs), network equipment, firewall and other security devices. One of the
biggest promoters of the cloud computing is Google that already owns a massive computer
infrastructure (the cloud) where millions of people are connecting .Today, the Google cloud can
be accessed by Google Apps intended to be software as a service suite dedicated to information
sharing and security. Google Apps covers the following three main areas: messaging (Gmail,
Calendar and Google Talk),collaboration (Google Docs, Video and Sites) and security (email
security, encryption ).
By moving data and application software from traditional local hosts to network servers,
cloud computing provides more flexible and convenient access to data and services, with
2. 2
cheaper software obtainment and hardware maintenance costs. Cloud computing also may
provide some value-added services, such as automatic data backup and group collaboration
support. Cloud applications are applications that are extended to be accessible through the
Internet. These cloud applications use large data centers and powerful servers that host
Web applications and Web services .
Cloud computing is the vision of computing as a utility, where users can remotely store
their data into the cloud so as to enjoy the on-demand high quality applications and
services from a shared pool of configurable computing resources. By data outsourcing,
users can be relieved from the burden of local data storage and maintenance. Thus,
enabling public auditability for cloud data storage security is of critical importance so
that users can resort to an external audit party to check the integrity of outsourced data
when needed. To securely introduce an effective third party auditor (TPA), the following
two fundamental requirements have to be met: 1) TPA should be able to efficiently audit
the cloud data storage without demanding the local copy of data, and introduce no
additional on-line burden to the cloud user. Specifically, our contribution in this work can
be summarized as the following three aspects:
1) We motivate the public auditing system of data storage security in Cloud Computing
and provide a privacy-preserving auditing protocol, i.e., our scheme supports an external
auditor to audit user’s outsourced data in the cloud without learning knowledge on the
data content.
2) To the best of our knowledge, our scheme is the first to support scalable and efficient
public auditing in the Cloud Computing. In particular, our scheme achieves batch
auditing where multiple delegated auditing tasks from different users can be performed
simultaneously by the TPA.
3) We prove the security and justify the performance of our proposed schemes through
concrete experiments and comparisons with the state-of-the-art.
3. 3
1.1. Architecture of Cloud Computing
Cloud data storage architecture
Three different network entities can be identified as follows:
• User: users, who have data to be stored in the cloud and rely on the cloud for data computation,
consist of both individual consumers and organizations.
• Cloud Service Provider (CSP): a CSP, who has significant resources and expertise in building
and managing distributed cloud storage servers, owns and operates live Cloud Computing
systems.
• Third Party Auditor (TPA): an optional TPA, who has expertise and capabilities that users may
not have, is trusted to assess and expose risk of cloud storage services on behalf of the users upon
request
To enable privacy-preserving public auditing for cloud data storage under the aforementioned
model, our protocol design should achieve the following security and performance guarantee:
1) Public auditability: to allow TPA to verify the correctness of the cloud data on demand without
retrieving a copy of the whole data or introducing additional on-line burden to the cloud users.
2) Storage correctness: to ensure that there exists no cheating cloud server that can pass the audit
from TPA without indeed storing users’ data intact.
4. 4
3) Privacy-preserving: to ensure that there exists no way for TPA to derive users’ data content
from the information collected during the auditing process.
4) Batch auditing: to enable TPA with secure and efficient auditing capability to cope with
multiple auditing delegations from possibly large number of different users simultaneously.
5) Lightweight: to allow TPA to perform auditing with minimum communication and
computation overhead.
1.2. Cloud Service Models: Cloud service delivery is divided among three models The
three fundamental classifications are often referred to as the “SPI Model,” where ‘SPI’
refers to Software, Platform or Infrastructure (as a Service), respectively defined thus:
Cloud Software as a Service (SaaS). (Clouds) Software as a Service (SaaS), also
sometimes referred to as Service or Application Clouds are offering implementations of
specific business functions and business processes that are provided with specific cloud
capabilities, i.e. they provide applications / services using a cloud infrastructure or
platform, rather than providing cloud features themselves. Examples: Google Docs, The
capability provided to the consumer is to use the provider’s applications running on a
cloud infrastructure. The applications are accessible from various client devices through a
thin client interface such as a web browser (e.g., web-based email). The consumer does
not manage or control the underlying cloud infrastructure including network, servers,
operating systems, storage, or even individual application capabilities, with the possible
exception of limited userspecific application configuration settings.
Cloud Platform as a Service (PaaS). Cloud) Platform as a Service (PaaS), provide
computational resources via a platform upon which applications and services can be
developed and hosted. PaaS typically makes use of dedicated APIs to control the
behaviour of a server hosting engine which executes and replicates the execution
according to user requests (e.g. access rate). As each provider exposes his / her own API
according to the respective key capabilities, applications developed for one specific cloud
provider cannot be moved to another cloud host – there are however attempts to extend
generic programming models with cloud capabilities. Examples: Force.com, Google App
Engine. The capability provided to the consumer is to deploy onto the cloud
5. 5
infrastructure consumer-created or acquired applications created using programming
languages and tools supported by the provider. The consumer does not manage or control
the underlying cloud infrastructure including network, servers, operating systems, or
storage, but has control over the deployed applications and possibly application hosting
environment configurations.
Cloud Infrastructure as a Service (IaaS). (Cloud) Infrastructure as a Service (IaaS)
also referred to as Resource Clouds, provide (managed and scalable) resources as
services to the user – in other words, they basically provide enhanced virtualisation
capabilities. Accordingly, different resources may be provided via a service interface:
Data & Storage Clouds deal with reliable access to data of potentially dynamic size,
weighing resource usage with access requirements and / or quality definition.The
capability provided to the consumer is to provision processing, storage, networks, and
other fundamental computing resources where the consumer is able to deploy and run
arbitrary software, which can include operating systems and applications. The consumer
does not manage or control the underlying cloud infrastructure but has control over
operating systems, storage, deployed applications, and possibly limited control of select
networking components (e.g., host firewalls).
6. 6
1.3. Security Threat
A threat is any situation, event or personnel that can adversely affect the data security and
the smooth and efficient functioning of the organisation. A threat may be caused by a
situation or event involving a person, action or situation that is likely to bring some harm
to the organisation. The harm may be tangible such as loss of data, damage to hardware,
loss of software or intangible such as loss of customer goodwill or credibility
Threat 1: Abuse and Nefarious Use of Cloud
IaaS providers offer their customers the illusion of unlimited compute, network, and
storage capacity — often coupled with a ‘frictionless’ registration process where anyone
with a valid credit card can register and immediately begin using cloud services. Some
providers even offer free limited trial periods. By abusing the relative anonymity behind
these registration and usage models, spammers, malicious code authors, and other
criminals have been able to conduct their activities with relative impunity. PaaS providers
have traditionally suffered most from this kind of attacks; however, recent evidence
shows that hackers have begun to target IaaS vendors as well. Future areas of concern
include password and key cracking.
Remediation
1. Stricter initial registration and validation processes.
2. Enhanced credit card fraud monitoring and coordination.
3. Comprehensive introspection of customer network traffic.
4. Monitoring public blacklists for one’s own network blocks
Threat 2: Insecure Interfaces and APIs
Cloud computing providers expose a set of software interfaces or APIs that customers use
to manage and interact with cloud services. Provisioning, management and monitoring
are all performed using these interfaces. The security and availability of general cloud
services is dependent upon the security of these basic APIs. From authentication and
access control to encryption and activity monitoring, these interfaces must be designed to
7. 7
protect against both accidental and malicious attempts to circumvent policy. Furthermore,
organizations and third parties often build upon these interfaces to offer value-added
services to their customers. This introduces the complexity of the new layered API; it
also increases risk, as organizations may be required to relinquish their credentials to
thirdparties in order to enable their agency.Anonymous access and/or reusable tokens or
passwords, clear-text authentication or transmission of content, inflexible access controls
or improper authorizations, limited monitoring and logging capabilities, unknown service
or API dependencies.
Remediation
1. Analyze the security model of cloud provider interfaces.
2. Ensure strong authentication and access controls are implemented in concert with
encrypted transmission.
3. Understand the dependency chain associated with the API.
Threat 3: Malicious Insiders
Description
The threat of a malicious insider is well-known to most organizations.This threat is
amplified for consumers of cloud services by the convergence of IT services and
customers under a single management domain, combined with a general lack of
transparency into provider process and procedure. For example, a provider may not
reveal how it grants employees access to physical and virtual assets, how it monitors
these employees, or how it analyzes and reports on policy compliance. To complicate
matters, there is often little or no visibility into the hiring standards and practices for
cloud employees. This kind of situation clearly creates an attractive opportunity for an
adversary — ranging from the hobbyist hacker, to organized crime, or even nation-state
sponsored intrusion. The level of access granted could enable such an adversary to
harvest confidential data or gain complete control over the cloud services with little or no
risk of detection.
8. 8
Remediation
1. Enforce strict supply chain management and conduct a comprehensive supplier
assessment.
2. Specify human resource requirements as part of legal contracts.
3. Require transparency into overall information security and management practices, as
well as compliance reporting.
4. Determine security breach notification processes.
Threat 4: Shared Technology Issues
IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the
underlying components that make up this infrastructure (e.g., CPU caches, .) were not
designed to offer strong isolation properties for a multi-tenant architecture. To address
this gap, a virtualization hypervisor mediates access between guest operating systems and
the physical compute resources. Still, even hypervisors have exhibited flaws that have
enabled guest operating systems to gain inappropriate levels of control or influence on
the underlying platform. A defense in depth strategy is recommended, and should include
compute, storage, and network security enforcement and monitoring. Strong
compartmentalization should be employed to ensure that individual customers do not
impact the operations of other tenants running on the same cloud provider. Customers
should not have access to any other tenant’s actual or residual data, network traffic, etc.
Remediation
1. Implement security best practices for installation/configuration.
2. Monitor environment for unauthorized changes/activity.
3. Promote strong authentication and access control for administrative access and
operations.
4. Enforce service level agreements for patching and vulnerability remediation.
5. Conduct vulnerability scanning and configuration audits.
9. 9
Threat 5: Data Loss or Leakage
There are many ways to compromise data. Deletion or alteration of records without a
backup of the original content is an obvious example. Unlinking a record from a larger
context may render it unrecoverable, as can storage on unreliable media. Loss of an
encoding key may result in effective destruction. Finally, unauthorized parties must be
prevented from gaining access to sensitive data. The threat of data compromise increases
in the cloud, due to the number of and interactions between risks and challenges which
are either unique to cloud, or more dangerous because of the architectural or operational
characteristics of the cloud environment.
Insufficient authentication, authorization, inconsistent use of encryption and software
keys; operational failures; persistence and remanence challenges: disposal challenges;
risk of association; jurisdiction and political issues; data center reliability.
Remediation
1. Implement strong API access control.
2. Encrypt and protect integrity of data in transit.
3. Analyzes data protection at both design and run time.
4. Implement strong key generation, storage and management, and destruction practices.
5. Contractually demand providers wipe persistent media before it is released into the
pool.
6 Contractually specify provider backup and retention strategies
Threat 6: Account or Service Hijacking
Account or service hijacking is not new. Attack methods such as fraud, and exploitation
of software vulnerabilities still achieve results. Credentials and passwords are often
reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to
the landscape. If an attacker gains access to your credentials, they can eavesdrop on your
activities and transactions, manipulate data, return falsified information, and redirect your
clients to illegitimate sites. Your account or service instances may become a new base for
10. 10
the attacker. From here, they may leverage the power of your reputation to launch
subsequent attacks.
Remediation
1. Prohibit the sharing of account credentials between users and services.
2. Leverage strong two-factor authentication techniques where possible.
3. Employ proactive monitoring to detect unauthorized activity.
4. Understand cloud provider security policies and SLAs.
Threat 7: Unknown Risk Profile
One of the tenets of Cloud Computing is the reduction of hardware and software
ownership and maintenance to allow companies to focus on their core business strengths.
This has clear financial and operational benefits, which must be weighed carefully
against the contradictory security concerns — complicated by the fact that cloud
deployments are driven by anticipated benefits, by groups who may lose track of the
security ramifications. Versions of software, code updates, security practices,
vulnerability profiles, intrusion attempts, and security design, are all important factors for
estimating your company’s security posture. Information about who is sharing your
infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts
and/or successes, and other logs. Security by obscurity may be low effort, but it can result
in unknown exposures. It may also impair the in-depth analysis required highly
controlled or regulated operational areas.
Remediation
1. Disclosure of applicable logs and data.
2. Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).
3. Monitoring and alerting on necessary information.
11. 11
1.4. Benefits
Cloud computing infrastructure allows enterprises to achieve more efficient use of their
IT hardware and software investments. Cloud computing allows an organization to
further reduce costs through
Improved utilization.
Administration costs
Infrastructure costs.
Faster deployment cycles
A cloud infrastructure can be a cost efficient model for delivering information services,
reducing IT management complexity, promoting innovation, and increasing
responsiveness through realtime workload balancing.. In short
• Minimized Capital expenditure
• Location and Device independence
• Utilization and efficiency improvement
• Very high Scalability
• High Computing power
1.5. Security Issue and Policy in Cloud Computing Environment
Cloud computing is a new computing model, regardless of the system’s architecture or
service’s deployment is different from the traditional computing model. Therefore
traditional security policies are not able to respond to the emergence of new cloud
computing security issues in cloud computing environment.
a) Cloud computing can not be clearly defined boundaries to protect the device user, the
traditional computing model can protected device user by dividing physical and logical
security zones.
b) Service security issues. The data, communications networks, services and other
important resource are controlled by the cloud service provider. So when provider’s
12. 12
security is something wrong, how to ensure that the service continue to be used, as well
as the confidentiality of user data is particularly important.
c) Protection for user data. This issue includes location of user data stored, the way of
data storage, data recovery, data encryption and data integrity protection.
d) The number of users changes dynamically, as well as user use the different services,
leading the user can not be classified.
e) In cloud computing model, the cloud service provider has too large right. However, the
user’s rights may be difficult to ensure. Therefore, how to balance the rights between the
service providers and users becomes a problem.
f) Due to the complexity of cloud computing, and the user’s dynamic changes in cloud
computing environment, how to ensure communications among the various subjects are
security and integrity is an important issue to be considered.
B. Security policy in cloud computing environment
In order to solve these problems, the security policy should include the following points:
a) Divided into multiple security domains in the cloud computing environment, different
security domain operation must be mutual authentication, each security domain internal
should have main map between global and local.
b) Ensure that the user’s connection and communications security with the SSL, VPN,
PPTP, etc. Using license and allowing there are multiple authorizations among user,
service owner and agents, to ensure user access to data securely.
c) User data security assurance: according to the different user’s requirements, different
data storage protection should be provided. At the same time, the efficiency of data
storage should be improving.
d) Using a series of measure to solve the user dynamic requirements, including a
complete single sign-on authentication, proxy, collaborative certification, and
certification between security domains.
13. 13
e) Establishment of third-party monitoring mechanism to ensure that operation of cloud
computing environment is safe and stable.
f) The computing requested by service requestor, should carry out the safety tests, it can
check whether they contain malicious requests to undermine the security rules.
Other dangerous issues are
Distrupts Services.
Theft of Information.
Loss of Privacy.
Damage information.
We need Security at following levels:
Server access security
Internet access security
Database access security
Data privacy security
Program access Security
1.6. Cloud Data Storage
CDS is composed of thousands of cloud storage devices clustered by network, distributed
file systems and other storage middleware to provide cloud storage service for users. The
typical structure of CDS includes storage resource pool, distributed file system, service
level agreements (SLAs), and service interfaces, etc. Globally, they can be divided by
physical and logical functions boundaries and relationships to provide more
compatibilities and interactions. CDS is tending to combined with CDSS, which will
provide more robust security.
CDS can provide cloud storage resources for all kinds of clients, and the fee can be based
on CDS capacity or CDS bandwidth periodically. The data life cycle management in
CDS can be based on servers’ configurations, or based on the contracts between servers
14. 14
and clients when CDS services are initiated. CDS is also enables Web services APIs and
unified service interface via virtualization over a network at low cost, and can provide
anytime and anywhere access, massive data storing, sharing and collaboration via a single
namespace, and policy management of storage, etc.
1.7. Cloud Data Storage Security: CDSS involves storage media physical security
and data security. As general network storage, the security of CDS includes certification,
authority, audit and encryption, etc. Through automatic redundant replications the data
will be easy recovery once failover. The CDSS can also expand to the whole procedure of
storage service, including hardware, software, data, information, network security and
clients’ privacy security, etc.
2. Review of Literature:
We believe that CDSS(cloud data storage security)in Cloud Computing, an area full of
challenges and many research problems are yet to be identified. The most promising one
we believe is a model in which public verifiability is enforced. Public verifiability,
supported by Shacham. H., & Waters., B, 2008.Ateniese , 2007,Shah., 2007 allows TPA
to audit the CDS without demanding cloud users’ time, feasibility or resources. If we can
construct a scheme to achieve both public verifiability and storage correctness assurance
of dynamic data, security research for CDS is still in its early stage. we attempted to
provide a complete security service solution to secure the CDS.
In data integrity work Filho 2006 proposed to verify data integrity using RSA-based
hash to demonstrate uncheatable data possession in peer-to peer file sharing networks.
However, their proposal requires exponentiation over the entire data file, which is clearly
impractical for the server whenever the file is large. In the same work Schwarz. T. S. J,
& Miller. E. L, 2006 proposed to ensure file integrity across multiple distributed servers
using erasure-coding and block-level file integrity checks. However, their scheme only
considers static data files and does not explicitly studies the problem of data error
localization. Shah , 2006 proposed allowing a TPA to keep online storage honest by first
encrypting the data then sending a number of precomputed symmetric-keyed hashes over
15. 15
the encrypted data to the auditor. However, their scheme only works for encrypted files
and auditors must maintain long-term state.
Ensuring Data Storage Security in Cloud ComputingJuels,2008 described a formal
“proof of retrievability”(POR) model for ensuring the remote data integrity. Their scheme
combines spot-checking and error-correcting code to ensure both possession and
retrievability of files on archive service systems. Shacham built on this model and
constructed a random linear function based homomorphic authenticator which enables
unlimited number of queries and requires less communication overhead. Bowers
proposed an improved framework for POR protocols that generalizes both Juels and
Shacham’s work. Later in their subsequent work, Bowers extended POR model to
distributed systems. However, all these schemes are focusing on static data. The
effectiveness of their schemes rests primarily on the preprocessing steps that the user
conducts before outsourcing the data file F. Any change to the contents of F, even few
bits, must propagate through the error-correcting code, thus introducing significant
computation and communication complexity.
Ateniese defined the “provable data possession” (PDP) model for ensuring possession of
file on untrusted storages. Their scheme utilized public key based homomorphic tags for
auditing the data file, thus providing public verifiability.However, their scheme requires
sufficient computation overhead that can be expensive for an entire file. In their
subsequent work, Ateniese described a PDP scheme that uses only symmetric key
cryptography. This method has lower-overhead than their previous scheme and allows for
block updates, deletions and appends to the stored file, which has also been supported in
our work. However, their scheme focuses on single server scenario and does not address
small data corruptions, leaving both the distributed scenario and data error recovery issue
unexplored. Curtmola aimed to ensure data possession of multiple replicas across the
distributed storage system. They extended the PDP scheme to cover multiple replicas
without encoding each replica separately, providing guarantee that multiple copies of data
are actually maintained.In other related work, Filho proposed to verify data integrity
using RSA-based hash to demonstrate uncheatable data possession in peer-topeer file
sharing networks. However, their proposal requires exponentiation over the entire data
16. 16
file, which is clearly impractical for the server whenever the file is large. Shah proposed
allowing a TPA to keep online storage honest by first encrypting the data then sending a
number of precomputed symmetric-keyed hashes over the encrypted data to the auditor.
However, their scheme only works for encrypted files, and auditors must maintain long-
term state. Schwarze proposed to ensure file integrity across multiple distributed servers,
using erasure-coding and block-level file integrity checks. However, their scheme only
considers static data files and do not explicitly study the problem of data error
localization.
Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud
Computing Wang, 2009 studies the problem of ensuring the integrity of data storage in
Cloud Computing. In particular, we consider the task of allowing a third party auditor
(TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in
the cloud. The introduction of TPA eliminates the involvement of client through the
auditing of whether his data stored in the cloud is indeed intact, which can be important
in achieving economies of scale for Cloud Computing. The support for data dynamics via
the most general forms of data operation, such as block modification, insertion and
deletion, is also a significant step toward practicality, since services in Cloud Computing
are not limited to archive or backup data only. While prior works on ensuring remote
data integrity often lacks the support of either public verifiability or dynamic data
operations, this paper achieves both. We first identify the difficulties and potential
security problems of direct extensions with fully dynamic data updates from prior works
and then show how to construct an elegant verification scheme for seamless integration
of these two salient features in our protocol design. To achieve efficient data dynamics,
we improve the Proof of Retrievability model by manipulating the classic Merkle Hash
Tree (MHT) construction for block tag authentication. Extensive security and
performance analysis show that the proposed scheme is highly efficient and provably
secure.
17. 17
3. Problem Definition
There are many security threats in cloud computing. But the major security threats in the
security of the data is third party auditor of data or user data. The various security model
varies from application to application. After studying the model of proof of retrievability.
The new model will proposed for E-learning, while putting the data on the cloud because
security is important factor
4. Cloud Computing Benefits for E-learning Solutions
E-learning is a process in which people are using education resources on the Internet such
as e-books. E-learning is widely used today on different educational levels: continuous
education, company trainings, academic courses, etc. There are various e-learning
solutions from open source to commercial. There are at least two entities involved in an
e-learning system: the students and the Trainers.
The students:
Take online course
Take exams
Send feedback
Send homework, projects
The trainers:
Deal with content management
Prepare tests
Assess tests, homework, projects taken by
Students
Send feedback
Communicate with students (forums)
Usually, e-learning systems are developed as distributed applications, but this is not
necessary so. The architecture of a distributed e-learning system includes software
components, like the client application, an application server and a database server (see
18. 18
figure 3) and the necessary hardware components (client computer, communication
infrastructure and servers).
The e-learning server will use cloud computing, so all the required resources will be
adjusted as needed. E-learning systems can use benefit from cloud computing using:
Infrastructure: use an e-learning solution on the provider's infrastructure
Platform: use and develop an e-learning solution based on the provider's
development interface
Services: use the e-learning solution given by the provider.
A very big concern is related to the data security because both the software and the data
are located on remote servers that can crash or disappear without any additional
warnings. Even if it seems not very reasonable, the cloud computing provides some
major security benefits for individuals and companies that are using/developing e-
learning solutions, like the following: improved improbability – it is almost impossible
for any interested person (thief) to determine where is located the machine that stores
some wanted data (tests, exam questions, results) or to find out which is the physical
component he needs to steal in order to get a digital asset;
Virtualization – makes possible the rapid replacement of a compromised cloud
located server without major costs or damages. It is very easy to create a clone
of a virtual machine so the cloud downtime is expected to be reduced
substantially;
Centralized data storage – losing a cloud client is no longer a major incident
while the main part of the applications and data is stored into the c:loud so a
new client can be connected very fast. Imagine what is happening today if a
laptop that stores the examination questions is stolen;
Monitoring of data access becomes easier in view of the fact that only one place should
be supervised, not thousands of computers belonging to a university, for example.
19. 19
Another important benefit is related to costs. If the e-learning services are used for a
relative short time (several weeks, a quarter, a semester), the savings are very important.
5. Proof-of -Retrievability:
In a proof-of-retrievability system, a data storage center must prove to a verifier that he is
actually storing all of a client’s data. The central challenge is to build systems that are
both efficient and provably secure—that is, it should be possible to extract the client’s
data from any prover that passes a verification check. Our first scheme, built from BLS
signatures and secure in the random oracle model, has the shortest query and response of
any proof-of-retrievability with public verifiability. Our second scheme, which builds
elegantly on pseudorandom functions (PRFs) and is secure in the standard model, has the
shortest response of any proof-of-retrievability scheme with private verifiability (but a
longer query). Both schemes rely on homomorphic properties to aggregate a proof into
one small authenticator value.
20. 20
6. References:
[1] H. Shacham and B. Waters, “Compact proofs of retrievability,” in Proc. of
ASIACRYPT’08. Springer-Verlag, 2008
[2] A. Juels and B. S. Kaliski, Jr., “Pors: proofs of retrievability for large files,” in
Proc. of CCS’07. New York, NY, USA: ACM, 2007.
[3] D. Bowers, A. Juels, and A. Oprea, “Proofs of retrievability: Theory and
implementation,”Cryptology ePrint Archive, Report 2008/175, 2008.
[4]. E.-C. Chang and J. Xu, “Remote integrity check with dishonest storage server,” in
Proc. of ESORICS’08. Berlin, Heidelberg: Springer-Verlag, 2008
[5] A. Oprea, M. K. Reiter, and K. Yang, “Space-efficient block storage integrity,” in
Proc. of NDSS’05, 2005.
[6] T. Schwarz and E. L. Miller, “Store, forget, and check: Using algebraic signatures
to check remotely administered storage,” in Proc. of ICDCS’06, 2006.
[7] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, “Scalable and efficient
provable data possession,” in Proc. of SecureComm’08, 2008
[8] C. Wang, Q. Wang, K. Ren, and W. Lou, “Ensuring data storage security in cloud
computing,” in Proc. of IWQoS’09, Charleston, South Carolina, USA, 2009.
[9] K. D. Bowers, A. Juels, and A. Oprea, “Hail: A high-availability and integrity
layer for cloud storage,” Cryptology ePrint Archive, Report 2008/489, 2008.
[10] G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner,Z. Peterson, and D.
Song. Provable data possession at untrusted stores. In Proc. ACM CCS, 2007.
[11] Puneet Arora , http://www.puneetarora2000.com