Data Security in Cloud Computing: A Survey
Narender Kavita Rathi
CSE Department DCRUST, Murthal Assistant Prof. CSE Department DCRUST Murthal
Haryana,India Haryana,India
Abstract - Cloud computing is a rapidly growing information technology nowadays. It provides efficient model for organizations to take services over internet such as data storage, hardware, software, computing and network. Cloud computing data storage service has been used in medical, engineering, private industries and in many countries government also looks towards cloud to store their data. However cloud services have limitations because of lack in data security. Data must be secured in cloud by use of effective encryption algorithms in proper way with the help of data security models. For data security in cloud three parameters (integrity, confidentiality and availability) must be ensured. This paper represents data security issues in cloud, different data security models and their comparisons.
Keywords: Cloud computing, data security, integrity, confidentiality, availability
I. INTRODUCTION
Cloud computing is a paradigm of distributed computing, in which a pool of computing resources is available to client via the internet as shown in figure I. The cloud computing resources are accessible as public utility services, such as processing power, storage, software, and network bandwidth etc [1]. Cloud has fundamentally changed the landscape of computing, storage, communication infrastructures and services. With strong interest and investment from government and industry, the cloud is being increasingly used by both organizations and individuals. From provider’s perspective main benefits of cloud computing includes resource consolidation, uniform management and cost-effective operation; for the user, benefits include on-demand capacity, flexible pricing and low cost of ownership. However features that bring benefits like sharing and consolidation, also introduce potential security problems. Security and privacy issues resulting from the illegal use of information and causing disclosure of confidential information can significantly hinder user acceptance of cloud services. Recent surveys support this observation indicating that security and privacy concerns prevent customers from adopting cloud computing platforms [2].
Figure I: Cloud Computing
In 2009 the major cloud computing vendors faced several accidents. Amazon's Simple Storage Service was interrupted in July 2009. This accident resulted in some network sites rely on a single type of storage service. Security vulnerabilities in Google Docs led to serious leakage of user information in March 2009. It was exposed that there was security vulnerability in VMware virtualization software in May 2009[3]. In September 2014, security vulnerabilities in iCloud led to serious leakage of user information. So data security is major problem in cloud computing .To resolve this problem, there is need some good data security techniques. All the data security technique is built on integrity, confidentiality and availability of these three principles as shown in figure II. Confidentiality means hiding the information, especially in the sensitive areas. The confidentiality of data is the most stringent requirement. For cloud computing, the data are stored in "Data Center". The integrity of data in any state is not subjected to the need of unauthorized deletion or damage [4, 5]. The availability of data means that users can have the expectations of the use of data by the use of capacity.
Figure II: CIA Composition
This rest of the paper is organized as follows: Architecture of cloud computing, in section II describes issues in data security in cloud. In section III describes data security principle. In section IV describes various data security models and their comparison. In section V provides conclusion on data security and future scope.
ARCHITECTURE OF CLOUD COMPUTING
Architecture in cloud computing is divided into three sections. The two important components of architecture are back end and the front end. They both are connected to each other through internet. The back end of the cloud computing architecture is cloud itself, comprising of various servers and data centers. The front end is the part seen by the user like laptops, computers, tablet and mobile phones.
Figure III: Architecture
The architecture of cloud computing is shown in above figure III.
Layers of cloud computing:
a) SaaS (Software as a service)
b) PaaS (Platform as a service)
c) IaaS (infrastructure as a service)
In this architecture data and processing is far ways from client’s and they don’t know where the data is stored and where the processes are running so security is a major concern especially in network, processing, host, application.
II. DATA SECURITY ISSUES IN CLOUD COMPUTING
The content of data security in cloud is similar to that of traditional data security. It is also involved in every stage of the data life cycle [6]. The content of data security in cloud has its particularities because of openness and multi-tenant characteristic of the cloud. Cloud computing implements three services to the end-user. In those service models different levels of security are provided in cloud computing environment. Efficient security technology in cloud computing is required to have proper secured cloud computing and to increase cloud implementation. The security element in SaaS service model (such data security, data integrity, identity management, data location, data availability, etc) are to be considered for better data security in cloud computing.
a. Data Security and Data Protection: When the client hosts data to the cloud there should be guarantee that access to that data will only be limited to the authorized user. Inappropriate access to customer data by cloud personnel is another risk that can pose potential threat to cloud data [7, 8 and 9].
b. Data Integrity: By providing security of data, cloud service providers should form mechanism to ensure data integrity and be able to explain what happened to dataset and at what point. When such data integrity requirements exist, the origin and custody of data must be maintained to prevent tampering and exposure of data beyond the agreed territories [10, 11].
c. Data Location and Relocation: Cloud computing provides a high degree of data mobility. Consumers usually do not know the location of their data. However, when an enterprise has some private data that is kept on a storage device in the cloud, they may need to know location where the data are stored. This requires a contractual agreement, between the consumer and the cloud provider that data should reside on a given known server [12]. It is often moved from one place to another place to secure the data in cloud. Cloud providers have contracts with each other which are called as Service Level Agreement by which they use mutual resources [10, 12].
d. Data Availability: Customer data is stored in chunk on different servers often in different clouds or in different locations. In this case, data availability becomes a major issue as the availability of uninterruptible provision becomes relatively difficult. So it is important for the provider to provide proper data to the authorized user [13, 8].
e. Identity Management: Every user uses his identity for accessing a cloud service. The provider should provide an identity management system for authentication and authorization. This is an important issue for both provider as well as user in a cloud computing environment [14, 15 and 27].
III. DATA SECURITY PRINCIPLES
Data security technique is built on integrity, confidentiality and availability principles [16].
Figure IV [16]. Security Principles to protect data in Cloud Computing
The nine key data security points were analyzed by M.Saugumaran al in depth on the basis of a comprehensive summary of the data needs to be protected [17, 18 and 19]. They are shown in figure IV.
· Announcement, openness and transparency.
· Right, license and authority.
· Minimization.
· Accuracy.
· Security safeguards.
· Compliance.
· Purpose.
· Limiting use and disclosure.
· Accountability
Announcement, openness and transparency: Cloud computing service providers must explain some attention in detail to users who want to use the data in cloud. For example what data they can use, how long they will keep it, how they use it and with whom will they share it. They must warn the users if they want to change the information. If the information is to be passed to a third party, it should remind the users. Security policies must be open to customers through the network and they should be easy to understand and use.
Right, license and authority: Cloud service providers must give the user the right whether they can gather their information or not. License of use and disclosure of personally identifiable information must be given. But the cloud service providers still have the control authority.
Minimization: Data that is needed to carry out the extent should be collected, used, shared or disclosure. At the same time, the available information and the use scope must be minimized.
Accuracy: Information owners must be able to get access to personal information, to see what is being staged about them, who are using them and to check its accuracy. All disbursement must be made to guarantee that the personal information staged is accurate and they have not been modified.
Security safeguards: Data security requires safe guards like standardization, regulatory approach and regulations to prevent unauthorized access, disclosure, copying, use or modification of information.
Compliance: A client must be able to challenge procedures of agency's data security. Transactions must comply with data security legislation.
Purpose: There must be a clearly specified purpose for the collection and sharing of personal information. Data usage has to be limited to the purpose which the owners of data agree.
Limiting use and disclosure: Data can only be disclosed or used for the purpose for which it was collected and should only be divulge to those parties authorized to receive it. Personal information should only be kept as long as is necessary.
Accountability: Cloud Services providers must arrange for someone to ensure the implementation of data security policies. And also has a reasonable audit function which must be present to monitor all modification and data access. These measures are accountability [16].
For an effective data security model for cloud computing these security principles must be ensured.
IV. DATA SECURITY MODELS IN CLOUD COMPUTING
A frame work of different specialized procedures and techniques was proposed [20] that can protect the data from the beginning to the end (from the cloud to the users). The classification of data is done on the basis of the value of three cryptographic parameters (Confidentiality, Integrity and Availability) given by the users. The strategy utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit for stronger encryption. MAC (Message Authentication Code) is used to check integrity of data, searchable encryption and division of data into three sections for storage in cloud. Three sections of data deliver simple access and protection of the data. The user who wants to access the data is required to provide the login identity and password, to give permission to access encrypted data in that section. This model is designed to tackle unauthorized server, brute force attack, threat from cloud service provider, tampering of data, loss of user identity and password very efficiently. It provides availability of data by surpassing many issues such as tampering of data, data leakage and unauthorized access even from the cloud service provider. Proposed method achieves the availability, reliability and integrity of data traversing from owner to cloud and cloud to users. It also provides more flexibility to meet the new demand of today’s diverse and complex network and enable the user to retrieve files from cloud by searching over an encrypted data.
Healthcare Department is also utilizing cloud services nowadays. To secure their data in cloud a new framework was proposed [21]. This solution in health care helps in protecting patient's data they host, which is highly sensitive and important. Main focus is on specific cloud computing health care security concerns and how cloud homomorphic encryption with key delegation and splitting key can help in meeting healthcare regulatory requirements. This model is based on FHE algorithm with key delegation to ensure data integrity, confidentiality, authentication and availability in a hierarchical order. This will enable the healthcare provider to apply/omit any access rule in any order, especially in medical research environment.
Some practical methods for securing the cloud were proposed [22] in which a Combination of the various methods of securing the cloud content, infrastructure and services can help to meet or exceed the protection benefits of a traditional enterprise perimeter.
To protect stored data in cloud a new share group model was proposed [23] which used cryptological technology, in which the groups share their data security and efficiency. This model is lightweight overheads in terms of key management and preserved security and confidentiality in cloud storage.
New data security model was proposed in cloud with the help of agents [24]. Agents are applied in order to provide more reliable services, high fault tolerance, high efficiency accesses and high availability to cloud data centers, where failures are more and are often considered more valuable than high performance.
Comparison among various data security models as shown in table 1:
Sr. No. / Model/author / Advantages/characteristics / Limitations1. / Huda Elmogazy and Omaima Bamasak.[21] / Specially used for health care data in cloud. Provide Confidentiality, integrity, availability. / Not truly practical, No priority wise categorization of data.
2. / Sandeep K. Sood [20] / This technique provides a way to protect the data, check the integrity and authentication. This method achieves the availability, reliability and integrity of data traversing through owner to cloud and cloud to user. / More complexity, data is not secure during processing.
3. / Ching-Hung Yeh [23] / The proposed model has lightweight overheads in terms of keys management as security and confidentiality can be protected in cloud storage. / If group leader is malicious then this approach will no longer be effective, Key management require more time.
4. / Feng-qing Zhang and Dian-Yuan Han [24] / Introduces agents to data security module in order to provide more reliable services. / User’s waiting time is more, slow data access speed.
5. / Edward G. Amoroso [22] / Combine various methods for securing the cloud infrastructure and services. Its content can help, meet or exceed the protection benefits. / There is no provision to securely store data in cloud and no protection during processing of data.
6. / M. Sugumaran et. al.[25] / Provide confidentiality and authentication by use of block cipher symmetric cryptography. / Can’t provide protection during data processing.
7. / Eman M. et al.[26] / Implement software to enhance work in a data security model for cloud computing. Finally this software was applied in the Amazon EC2 Micro instance. / Take more time to encrypt data.
8. / Maha et al.[27] / The proposed game-theoretic security-aware model can be defined by revocation strategies, incurred costs and benefits. / More complex and time consuming approach.
Table 1