Sie sind auf Seite 1von 6

Synopsis for Technical Seminar

Topic of Discussion: A Secure Data Model in cloud using Crypt-Tools

Submitted By: Reshmi p Rajan M.Tech (C.S.) Weekend V Semester Submitted To: M. Safdar Tanweer ( Assistant Professor) Department of Computer Science Faculty of Management and Information Technology Jamia Hamdard (Hamdard University) Hamdard Nagar, New delhi-11006

Introduction
Cloud computing is the latest step in evolution of distributed computing that takes advantage of technology innovations and the internet evolution. It provides convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be quickly provisioned and released with minimal management effort or cloud provider interaction. Cloud computing technologies can be implemented in a wide variety of architectures, under different service and deployment models, and can coexist with other technologies and software design approaches. The security challenges cloud computing presents, however, are formidable, especially for public clouds whose infrastructure and computational resources are owned by an outside party that sells those services to the public.The US National Institutes of Standards and Technology (NIST) recently published a definition of cloud computing that provides a useful model for the cloud that has been widely accepted in the IT industry. Cloud Service Models proposed by NISTSaaS/PaaS/IaaS The NIST model provides for three service models and four different deployment models (sometimes referred to as cloud formations).
Software as a Service

Software-as-a-Service (SaaS) is capability provided to the consumer to use the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g. web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. The cloud service provider typically takes responsibility for data security in this model, but the enterprise is ultimately accountable and needs to review security practices. Prime examples of SaaS include Salesforce.com and Google Apps.
Platform as a Service

With Platform as a Service (PaaS), the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. The cloud service provider usually takes responsibility for much of data security in this model, but this can be a shared responsibility for some PaaS vendors. Examples of PaaS include Microsoft Windows Azure, Salesforce.com Force.com, and Google App Engine.
Infrastructure as a Service

Using Infrastructure-as-a-Service (IaaS), the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where

the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Data security is typically a shared responsibility between the cloud service provider and cloud consumer in this model. Examples of IaaS include Amazon Elastic Cloud Computing (EC2), Terremark, and Rackspace. Deployment models
Private Cloud

Operated solely for a single organization. It may be managed by the organization or a third party and may exist onpremise or off-premise.
Community Cloud

Shared by several organizations in support of a specific community that has shared concerns (e.g. business need, policy, compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
Public Cloud

Made available to the general public or a large industry group. Owned by an organization selling cloud services.
Hybrid Cloud

A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

SECURITY ISSUES IN CLOUD COMPUTING


Cloud computing is a model for information and services by using existing technologies. It uses theinternet infrastructure to allow communication between client side and server side services/applications.Cloud service providers (CSPs) exist between clients that offers cloud platforms for their customers to use and create their own web services. When making decisions to adopt cloud services ,privacy or security has always been a major issue. To deal with these issues, the cloud provider must build up sufficient controls to provide such level of security than the organization would have if the cloud were not used. The major security challenge is that the owner of the data has no control on their data processing.Due to involvement of many technologies including networks, databases, operating systems, resource scheduling, transaction management, concurrency control and memory management various security issues arises in cloud computing. Top seven security threats to cloud computing discovered by Cloud Security Alliance (CSA) are Abuse and Nefarious Use of Cloud Computing Insecure Application Programming Interfaces

Malicious Insiders. Shared Technology Vulnerabilities Data Loss/Leakage Account, Service & Traffic Hijacking. Unknown Risk Profile

Related Work Done on Data security in Cloud computing


Balachandra Reddy Kandukuri described some of the security issues that have to be included in Service Level Agreement a document which defines the relationship between service provider and the recipient, typical Service level agreement contents includes Definition of services,Performance management, Problem Management, Security, Disaster recovery, proper termination of transaction also they have stated a methodology to standardize SLAs. Cong Wang stated that data security is a problem in cloud data storage, which is essentially a distributed storage system. And explained their proposed scheme to ensure the correctness of users data in cloud data storage, an effective and flexible distributed scheme with explicit dynamic data support, including block update, delete, and append relying on erasure correcting code in the file distribution preparation to provide redundancy parity vectors and guarantee the data dependability. Meiko Jensen described a selection of issues of Cloud Computing security and the Web Services security frameworks(attacking the Cloud Computing system itself), stating the importance and capabilities of browser security in the Cloud computing context, and sketched the threat of flooding attacks on Cloud systems. Showed, the threats to Cloud Computing security are numerous, and each of them requires an in-depth analysis on their potential impact and relevance to real-world Cloud Computing scenarios. Siani Pearson described the overview of privacy issues within cloud computing and a detailed analysis on privacy threat based on different type of cloud scenario was explained, the level of threat seem to vary according to the application area. Their work has stated the basic guidelines for software engineers when designing cloud services in particular to ensure that privacy are not mitigated.

Problem Definition
Our research is to focus on Account, service and traffic hijacking, Data Loss/Leakage their risks and solutions for this. Since Clouds have no borders and the data can be physically located anywhere in the world, data protection is a critical issue in cloud computing environments. So this phenomenon raises serious issues regarding user authentication and data confidentiality. Hence it is proposed to implement a simple Data Protection model which performs authentication, verification and encrypted data transfer, thus maintaining data confidentiality and integrity.

Proposed Implementation and work flow


The various implementation steps involved can be broadly classified as Step 1 Client requests service to server Step2 Server grants the request through a response. Step3 Client register himself in the server to begin with. Step4 Server stores the password and client is registered. Step5 Login process starts.( at the time of login, Username and password are verified, welcome message is prompted. ) Step6 Client sends a key request to server Step7 Server creates a key and forwards it to the corresponding client for its use in encryption and or decryption. Step8 Client request for data which is encrypted by the server ant then sent to it. Step9 Client later decrypts it to obtain the plaintext.

Conclusion
The quick development of cloud computing bring some security problems as well as many benefits to Internet users. The major risk among these being data security .This research tries to explore the possibilities of building a model for secure data communication and data storage using crypto graphical tools. Future work can be done in the model proposed by adding the concept of steganography for encrypted messages for ensuring data hiding also.

References
[1]Robert Gellman and World Privacy Forum , Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing, February 23, 2009. [2] Amazon.com, Amazon Web Services (AWS), Online at http://aws. amazon.com, Version 2010. [3] Weiss, Aaron. Computing in the clouds. netWorker 11, 4 (Dec. 2007), <http://doi.acm.org/10.1145/1327512.1 327513>. [4] Eric A. Marks, Bob Lozano Executives Guide to Cloud computing, John Wiley & Sons, Inc. [5] Theart of Service, A Complete Guide to Cloud Computing, http://theartofservice.com. [6] Tim Mather, Subra Kumaraswamy, and Shahed Latif, Cloud Security and Privacy, Published by OReilly Media, Inc.,- 2009. [7] Brian J.S. Chee and Curtis Franklin, Jr., Cloud Computing, Technologies and Strategies of the Ubiquitous Data Center, CRC Press 2010 by Taylor and Francis Group, LLC. [8] N.Gohring, Amazons S3 down for several hours, Online at http://www.pcworld.com/businesscenter/article/142549/amazons s3 down for several hours.html, 2008. [9]cong Wang, Qian Wang and Kui Ren. Ensuring Data Storage Security in Cloud computing 978-14244-3876-1/2009 IEEE. [10] Lijun Mei, W.K.Chan and T.H.T se, A Tale of Clouds:Paradigm comparisons and some thoughts on researchissues, 2008 IEEE Asia-Pacific Services ComputingConference. [11] John Harauz, Lori M. Kaufman and Bruce Potter, Datasecurity in the world of cloud computing ,2009 IEEE COPublished by the IEEE Computer and Reliability Societies. [12] Siani Pearson, Taking account of Privacy when DesigningCloud computing Services CLOUD09, May 23, 2009,Vancouver, Canada, 2009 IEEE. [13] Meiko Jensen, Jorg Schwenk, Nils Gruschka and Luigi Lo Iacono, On technical security issues in cloud computing 978-0-7695- 3840-2/ 092009,IEEE Computer Society. [14] Balachandra Reddy Kandukuri, Ramakrishna Paturi V and Dr. Atanu Rakshit, Cloud securityIssues 978-0-7695-38112/09 2009, IEEE computer society.