Sie sind auf Seite 1von 5

International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)

Web Site: Email:,

Volume 3, Issue 2, March April 2014 ISSN 2278-6856

Volume 3, Issue 2 March April 2014 Page 287

AbstractThis paper shows the framework for designing
the trusted data security platform for the cloud computing
system. Data stored in third party storage systems like the
cloud might not be secure since confidentiality and integrity
of data are not guaranteed. Data Owner can not trust the
cloud service provider to store its data securely within the
cloud. Hence, many organizations and users may not be
willing to use the cloud services to store their data in the
cloud until certain security guarantees are made. In this
research, a solution to the problem of secure data storage by
maintaining the confidentiality and integrity of the data
within the cloud is developed. The system is based on the
capability list based data security. The system provides data
security against a unauthorized access to the data files stored
by the data owner.

Index TermsTrusted Storage, Cloud Computing,
Capability based, Encrypted File System, Cloud Storage.

Cloud Computing is the name given to a recent trend in
computing service provision. This trend has seen the
technological and cultural shift of computing service
provision from being provided locally to being provided
remotely and en masse, by third-party service providers.
These third-parties offer consumers an affordable and
flexible computing service that consumers would
otherwise not have been accessible, let alone afford. This
new means of service provision has evolved from and is
the culmination of research stemming from (among
others) distributed and networked systems, utility
computing, the web and software services research. This
paradigm shift has led to computing being seen as
another household utility, aka fifth utility", and has
prompted many a business and individual to migrate parts
of their IT infrastructure to the cloud and for this data to
become managed and hosted by Cloud Service Providers
However, Cloud Computing is the cause celebrate among
tech pundits and has led to the term `Cloud Computing'
as an umbrella term being applied to differing situations
and their solutions. As such a broad range of definitions
for Cloud Computing exists, each of which differ
depending on the originating authors' leaning. This
chapter seeks to provide a coherent and general
introduction to Cloud Computing.
One of the main tenets of Cloud Computing is the `as-a-
Service' paradigm in which `some' service is offered by a
Service Provider (also known as a Cloud Service
Provider) to a User (consumer) for use. This service can
also be categorized according to the application domain
of its deployment. Examples of application domains that
offer services are: Financial e.g., Managerial
e.g. Ever Note and Analytical e.g. Google Analytics. The
agreed terms of use, indicating the actions that must be
taken by both the provider and consumer, are described in
a contract that is agreed upon before service provision.
Failure to honor this agreement can lead to denial of
service for the consumer or legal liability for the service
provider. This contract is often described as a Terms of
Service or Service Level Agreement. Moreover, as part of
this agreement the service provider will provide a Privacy
Policy which outlines how the users data will be stored,
managed, used and protected.
The services offered are often categorized using the SPI
Service Model. This model represents the different
layers/levels of service that can be offered to users by
service providers over the different application domains
and types of cloud available. Clouds can be used to
provided as-a-Service: software to use, a platform to
develop on, or an infrastructure to utilize. Figure
summarizes the SPI Service Model. Software as a Service
The first and highest layer is known as: Software as a
Service (SaaS). It represents the applications that are
deployed/ enabled over a cloud by CSPs. These are
mature applications that often offer an API to allow for
greater application extensibility. For instance, Google
Docs can be seen as the archetypal SaaS application, it
has been deployed solely within the Cloud and offers
several APIs to promote use of the application. Platform
as a Service The next layer is known as: Platform as a
Service (PaaS). This represents a development platform
that developers can utilize to write, deploy and manage
applications that run on the cloud. This can include
aspects such as development, administration and
management tools, run-time and data management
engines, and security and user management services. For
instance, and Amazon Web Services [AWS]
offers a suite of services that allows developers to
construct an application that is deployed using web-based

Fig 1: Summary of the SPI Service Model
A Secure Framework for Data Security in
Cloud Computing

Meenakshi Pawar
, Sukhwinder Sharmar
and Puneet Mittal

Punjab Technical University, Baba Banda Singh Bahadur Engg. College,
Fatehgarh Sahib, India
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: Email:,
Volume 3, Issue 2, March April 2014 ISSN 2278-6856

Volume 3, Issue 2 March April 2014 Page 288

Infrastructure as a Service The final and lowest layer is
known as: Infrastructure as a Service (IaaS). CSP offer
developers, a highly scaled and elastic computing
infrastructure that is used to run applications. This
infrastructure can be comprised of virtualized servers,
storage, databases and other items. Two well known
examples are the Amazon Elastic Compute Cloud, a
commercial platform offered as part of's
Web Service platform and Eucalyptus, an open source
that offers the same functionality. Cloud Entities Cloud
actors/entities can be divided into two main categories:
CSP or Service Provider those who provide a
Cloud Service User (Users) those who use a
Within Cloud Computing the differences between the role
played by a service provider and a user can be blurred.
The service provider could also be the user of another
service e.g. when infrastructure is the service. The exact
definition whether an entity is a provider or user is
dependent on the context of the interaction and the
service being offered. Some service providers will offer
services at all three service levels, or offer just one
particular level of service and have their own internal
IaaS infrastructure.
A possible refinement could be that CSP providers are
either: a) Infrastructure Service Providers|those that offer
IaaS and own and run the data centers that physically
house the servers and software; or b) Service
Providers|those that offer PaaS or SaaS services. And that
Cloud Service Users are either: A) Platform Users| are
users who buy into a service pproviders platform e.g.
Facebook; and B) Consumers are service users who use
either SaaS or IaaS services.

Many of the benefits to be had when using Cloud
Computing are the lower costs associated. At the
infrastructure level, virtual images can be scaled and
contracted with complete disregard for any associated
hardware costs such as equipment procurement, storage,
maintenance and use. This is all taken care of by the
service provider and will be factored into the payment for
the service: capital expenditure has been converted into
operational expenditure. Resources within the cloud can
be treated as a commodity, an `unlimited' medium. At
both the platform and software level similar benefits are
seen. Aspects such as software installation, deployment
and maintenance is virtually non-existent. This is taken
care of by the provider within their own infrastructure.
The service user only pays technical support. Service
providers at the SaaS level, often tout features that allow
users to collaborate and interact with each other, in real-
time, within the scope of the service being offered. For
example, Google Docs allows users to edit documents
simultaneously and for users to see each others edits in
real time. Moreover, the provision of platform and
software `as a service' allows cloud service users the
ability to aggregate services together either for their own
use or to promote as another service i.e. Mashups. The
aggregation could imply the combination of functionality
from several services, or the change/combination of
output from the services involved. Remark. Service
aggregation is a good example outlining how a service
user can become a service provider.

Our main goal is to divide the security mechanismof cloud
service providers in to three layers. The layered approach
is used to increase the data security while keeping the
computational requirements low. For data security
capability based encryption techniques are used which
generates unique key for each user and data file without
worried about storage and indexing of the encryption keys.
The performance of this security mechanism can be
compared with other encryption techniques.
Data Security mechanismconsists of mainly three phases:
User Authentication
Systemencrypt and privacy defence
File quick regeneration layer
User Authentication:
It is required to ensure that user data cannot be
Users who pass the authentication can get relative
operation on the user data, such as addition,
modification, deletion.
System encrypt and privacy defense:
If the unauthorized user use illegal means to deceive
the authentication system, the file entered the
system encrypt and privacy defense levels.
In system encrypt and privacy defense layer, user
data is encrypted. If key has been got by the
intruder. The user data cannot be got valid
information even it is obtained through function of
privacy protection.

File quick regeneration layer:
The last is the file quick regeneration layer,
user data can get maximumregeneration even it
is damaged through rapid regeneration algorithmin
this layer.
Each layer accomplishes its own job and combines
with others to ensure data security in the cloud
The Steps involved in our methodology can be divided in
two different modules which can be summarized as:
We use the security library provided by the .Net
The Class used is SystemSecurity Cryptography.
This library provides the support for the security
algorithms which may be symmetric or Asymmetric.
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: Email:,
Volume 3, Issue 2, March April 2014 ISSN 2278-6856

Volume 3, Issue 2 March April 2014 Page 289

The login process is totally different from the
previous implemented login process at cloud
The security algorithms are implemented to encrypt
file data.
The algorithms for implementation are RSA, DSA,
AES and DES.
These algorithms provide us the comparison
platformfor our encryption algorithm and the other
two platforms (Symmetric and Asymmetric)
The key exchange mechanismis modified fromthe
previously implemented algorithms in Symmetric
key and Asymmetric key.
The results are studied on the basis of the following
Time Consumption
Memory Usage
Output Size
First of the entire input file size is decided and that
is encrypted with each of the above algorithms.
The Time taken to encrypt, Memory Usage by the
algorithm and the output file size variation is
studied along with other security factors.
Memory Usage is calculated by using
System.Runtime.InteropServices Class of .Net
Other security aspects are also taken into account to
take care of the security measure along with
performance of the system.

The encryption time is considered the time that an
encryption algorithm takes to produces a cipher text froma
plain text. Encryption time is used to calculate the
throughput of an encryption scheme, is calculated as the
total plaintext in bytes encrypted divided by the encryption
time. Comparisons analyses of the results of the selected
different encryption scheme are performed.

Fig 2: Output file size comparison

Figure above shows the output file size comparison for the
algorithms AES, DES, RSA, DSA and CBC. The
comparison chart is made by using different file sizes and
calculating the encryption file size corresponding to each

Fig 3: Computational Time comparison

Figure above shows the Computational Time comparison
for the algorithms AES, DES, RSA, DSA and CBC. The
comparison chart is made by using different file sizes and
calculating the computational time corresponding to each

Fig 4: Memory Usage Computation

Figure above shows the Memory Usage comparison for the
algorithms AES, DES, RSA, DSA and CBC. The Memory
Usage corresponds to the main memory used by the
encryption process. This memory usage is calculated by
using system calls to get the process size in the main
memory at run time. .Net runtime library provide us with
the functionality of getting the process size at run time and
using this for the analysis of the results. These values
stored at run time are stored in the databases. In this
comparison the files of different sizes are used and the
same processes are executed for each file while noting
there process sizes with the change of input file size to the
same process. All these values are further stored in a
database and are used to make a comparison graph as
shown in fig above.

From the analysis done in this research work we can
conclude :
Output size i.e. encrypted file size is nearly in the
range of the output size of AES, DES algorithms.
This is due to the symmetric key cryptographic
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: Email:,
Volume 3, Issue 2, March April 2014 ISSN 2278-6856

Volume 3, Issue 2 March April 2014 Page 290

approach used by us and it observed in the case of
all symmetric key algorithms.
Computational time for CBC is lowest among AES,
DES, RSA, DSA and CBC algorithms which shows
the decrease in complexity of encryption algorithm.
Memory usage varies corresponding to different
input file sizes which is as expected. The process
memory usage is dependent on its input and the
hardware it is running.

[1] Gentry C., Dr. Hawthorne.(2010) Computing
Arbitrary Functions of Encrypted Data, ACM,Vol.
53,No. 3, pp97-105 .
[2] Itani W., Kayssi A. ,Chehab A. (2009) Privacy as a
Service: Privacy Aware Data Storage and Processing
in Cloud Computing Architectures, IEEE Eight
International conference, pp.-711-716.
[3] Sanka S., Hota C. and Rajarajan M. (2010) Secure
Data Access in Cloud Computing, IEEE 4th
internatinal conference on Internet Multimedia
Services Architecture and Application, pp. 1-6.
[4] Yu S.,Wang C, Ren K. and Lou W.
(2010)Achieving Secure, Scalable, and Fine-grained
Data Access Control in Cloud computing, IEEE
INFOCOM, proc.the 29th conf. on Information
communication, pp. 534-542.
[5] Lagesse B. (2010) Challenges in Securing the
interface between the Cloud and Pervasive Systems,
1st IEEE PerComWorkshop on Passive Communities
and Services Clouds.
[6] Chen T.,Ye H. and Shih W. (2011) An Architecture
for Secure Searchable Cloud Storage, FTRA.
[7] Koletka R.,Hutchison A. (2011) An Architecture for
Secure Searchable Cloud Storage, IEEE Information
Security South Africa. pp. 1-7.
[8] Hota C.,Sanka S.,Rajarajan M. and Nair S.
(2011)Capability- based Cryptographic Data Access
Control in Cloud Computing, Int. J. Advanced
Networking and Applications ,Vol. 3,No. 03, pp.
[9] Subashini S., Dr. Kavitha V. (2011) A Metadata
Based Storage Model For Securing Data in Cloud
Environment, IEEE International Conference on
Cyber-Enabled Distributed Computing and
Knowledge Discovery, pp. 429-434.
[10] Liu W. (2012). Research on cloud computing
security problem and strategy, IEEE 2nd Internal
conference on consumer Electronics,Communications
and Networks, pp. 1216-1219
[11] Kulkarni G.,Gambhir J.,Patil T. and Dongare A.
(2012) A security aspects in cloud computing, IEEE
, ICSESS,Vol. 5,No. 4.
[12] Ming Li, Shucheng Yu, Kui Ren, Wenjing Lou and
Y. Thomas Hou. Toward Privacy-Assured and
Searchable Cloud Data Storage Services, IEEE
July/August 2013.
[13] Lenkala S. R.,Shetty S. and Kaiqi X. (2013) Security
Security Risk Assessment of Cloud Carrier, IEEE ,
pp 442-449.
[14] Khanna L. and Prof. Anant Jaiswal. (2013) Cloud
Computing : Security Issues and Description of
Encryption Based Algorithms to Overcome them,
International Journal of Advanced Research in
Computer Science and Software Engineering,Vol.
3,No. 3.
[15] Muttukrishan Rajarajan and Srijith K. Nair.
(2011)Capapbility-based Cryptographic Data Access
Control in Cloud Computing, International Journal of
Advanced Networking and Applications, Voume
:03,Issue: 03
[16] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I.
Brandic.Cloud Computing and Emerging IT
Platforms: Vision, Hype, and Reality for Delivering
Computing as the 5
Utility, Future Generation
Computer Systems, vol. 25, no. 6, J une 2009, pp 599
[17] H. Takabi, J.B.D. Joshi, and G. Ahn, Security and
Privacy Challenges in Cloud Computing
Environments, Article in IEEE Security and Privacy,
vol. 8, no.6, Nov- Dec. 2010, pp. 24-31.
[18] N. Gohring, Amazons S3 down for several hours,
Online at /businesscenter/
articl/ 142549/amasons_down_for
_sever_hours.html, 2008.
[19] Bhaskar P., Admela J, Dimitrios K, Yves
G.:Architectural Requirements for Cloud Computing
Systems: An Enterprise Cloud Approach. J. Grid
Computing 9(1), 3- 26 (2011).
[20] Ateniese G, Kamara S, Katz J. Proofs of Storage from
homomorphic identification protocols. In: Proc. Of
ASIACRYPT '09, 2009, pp. 319-333.
[21] Ateniese G, Pietro R D, Mancini L V, Tsudik G.
Scalable and efficient provable data possession. In:
Proc. of SecureComm '08, 2008, pp.1-10.
[22] Xiao D, Shu J, Chen K, Zheng W. A Practical Data
Possession Checking Scheme for Networked Archival
Storage. Journal of Computer Research and
Development 2009, 46(10) 1660-1668.
[23] G.Ateniese et al., Provable Data Possession at
Untrusted Stores, Proc. ACM CCS 07, Oct. 2007,
pp. 598609. [9] C. Erway et al., Dynamic Provable
Data Possession, Proc. ACM CCS 09, Nov. 2009,
pp. 21322.
[24] M. A. Shah et al., Auditing to keep Online Storage
Services Honest, Proc. USENIX HotOS 07, May
[25] R. Gellman, Privacy in the clouds: Risks to privacy
and confidentiality fromcloud computing, Prepared
for the World Privacy Forum, online at privacy forum. Org/pdf/WPF Cloud
Privacy Report. PDF, Feb 2009.
International Journal of EmergingTrends & Technology in Computer Science(IJETTCS)
Web Site: Email:,
Volume 3, Issue 2, March April 2014 ISSN 2278-6856

Volume 3, Issue 2 March April 2014 Page 291

[26] Q.Wang et al., Enabling Public Verifiability and
Data Dynamics for Storage Security in Cloud
Computing, Proc. ESORICS 09, Sept. 2009, pp.
[27] C.Wang et al.,Ensuring Data Storage Security in
Cloud Computing, Proc.IWQoS 09, July 2009, pp.