PUNE INSTITUTE OF COMPUTER TECHNOLOGY,

DHANKAWADI PUNE-43.

A Seminar Report

On

“DATA SECURITY ISSUES IN CLOUD COMPUTING”

Submitted by

AMOL MODI

3205

TE- II

Guided by

(P: F-SMR-UG/08/R0) 1

PROF. M.S.CHAVAN

COMPUTER ENGINEERING DEPARTMENT

Academic Year: 2014-2015

PUNE INSTITUTE OF COMPUTER TECHNOLOGY,

DHANKAWADI PUNE-43.

CERTIFICATE

(P: F-SMR-UG/08/R0) 2

Date:

DATA SECURITY ISSUES IN CLOUD COMPUTING

(P: F-SMR-UG/08/R0)

This is to certify that Mr./Miss. Amol Modi Roll No.3205 a student of T.E. (Computer EngineeringDepartment) Batch 2014-2015, has satisfactorilycompleted a seminar report on “Data Security Issues inCloud Computing” under the guidance of Prof. M. S.Chavan towards the partial fulfillment of the thirdyear Computer Engineering Semester II of PuneUniversity.

_________ _________

Internal Guide Prof G. P. Potdar

HOD Computer Engineering

3

(P: F-SMR-UG/08/R0)

AbstractCloud computing is an enticing technology that is a combination of many existingtechnologies such as parallel computing, grid computing, distributed computing andothers. It offers services like data storage, computing power, shared resources at lowcost to its users over Internet at anytime from anywhere. Costing model on cloudcomputing is based on pay as you go method; hence companies are saving millions byadopting this technology. It has fundamentally changed the landscape of computing,storage, and communication infrastructures and services. As more and moreindividuals and companies are relying on cloud for their data, the question arises hereis how secure cloud environment is? The cloud computing offers many advantages, butthere are also many disadvantages.

It brings much more challenging situation in the field of personal data privacy and security,reliability of the cloud computing network which directly affect the usability of the applicationservice. Besides, security in cloud computing has been regarded as the one critical area in itsdevelopment and implementation. This paper identifies security threats focused on cloudcomputing which is an essential part to the companies that want to use cloud-computingservices. The fundamental risk factors particular to the cloud are elaborated and theinterrelation between cloud computing with the information security. To ensure the security ofdata, we proposed a method by implementing RSA algorithm.

Keywords: Cloud Computing, Data Security, Cryptography, RSA Algorithm.

4

1. INTRODUCTION1.1. Motivational Survey

Cloud computing has given a new dimension to internet. Ithas changed internet into a computing platform wherecomputing power, storage, network etc. are provided tousers. Cloud computing has transformed IT industrycompletely. It has a great impact on the development of ITby enhancing its existing capabilities and increasingflexibility. Being a promising business model it provideson demand provisioning of resources to its consumers. Itattracts not only large enterprises but also medium andsmall size companies. Clients can access service providedby cloud only through internet and can also scale up anddown resources according to their need, hence it is a costeffective, efficient and flexible alternative. Thus byadopting cloud computing companies can achieve more bypaying less. There are many cloud providers such as Google,Amazon, Microsoft, IBM, and Rackspace. Cloud computing is atechnology which saves user data on remote location (i.e.at data center) rather than saving it locally. So users donot have to worry about managing hardware and software butat the same time cloud computing increases theresponsibility of cloud vendors because now users totallydepends on cloud for their data. To ensure access to cloud anytime from anywhere cloudshould provide several features like availability, dataintegrity, accessibility etc. Since data is shifted outsidethe control of data owner and is maintained by third party,it invites security issues too, so cloud computing mustensure security. There are many issues in cloud computingthat should be addressed by cloud provider to convinceindividuals or companies to use this technology. The mostimportant concern is to guarantee that user data integrity

(P: F-SMR-UG/08/R0) 5

and confidentiality is attained while data is stored in thecloud system. Therefore data security issue is the majorconcern in cloud computing.

(P: F-SMR-UG/08/R0) 6

1.2. HistoryIt was a gradual evolution that started in the 1950s withmainframe computing. Multiple users were capable ofaccessing a central computer through dumb terminals, whoseonly function was to provide access to the mainframe. After some time, around 1970, the concept of virtualmachines (VMs) was created. Using virtualization softwarelike VMware, it became possible to execute one or moreoperating systems simultaneously in an isolatedenvironment. Complete computers (virtual) could be executedinside one physical hardware, which in turn can run acompletely different operating system.In the 1990s, telecommunications companies started offeringvirtualized private network connections. Historically,telecommunications companies only offered single dedicatedpoint–to-point data connections. The newly offeredvirtualized private network connections had the sameservice quality as their dedicated services at a reducedcost. Instead of building out physical infrastructure toallow for more users to have their own connections,telecommunications companies were now able to provide userswith shared access to the same physical infrastructure.The following list briefly explains the evolution of cloudcomputing:

• Grid computing: Solving large problems with parallel computing• Utility computing: Offering computing resources as a metered service• SaaS: Network-based subscriptions to applications• Cloud computing: Anytime, anywhere access to IT resources delivered dynamically as a service

1.3. Applications

(P: F-SMR-UG/08/R0) 7

1.3.1. Infrastructure as a service (IaaS) and platform asa service (PaaS)When it comes to IaaS, using an existing infrastructureon a pay-per-use scheme seems to be an obvious choicefor companies saving on the cost of investing toacquire, manage and maintain an IT infrastructure. Thereare also instances where organizations turn to PaaS forthe same reasons while also seeking to increase thespeed of development on a ready-to-use platform todeploy applications.

1.3.2.  Private cloud and hybrid cloudAmong the many incentives for using cloud, there are twosituations where organizations are looking into ways toassess some of the applications they intend to deployinto their environment through the use of a cloud(specifically a public cloud). While in the case of testand development it may be limited in time, adopting ahybrid cloud approach allows for testing applicationworkloads, therefore providing the comfort of anenvironment without the initial investment that mighthave been rendered useless should the workload testingfail.

1.3.3. Test and developmentProbably the best scenario for the use of a cloud is atest and development environment. This entails securinga budget, setting up your environment through physicalassets, significant manpower and time. Then comes theinstallation and configuration of your platform. Allthis can often extend the time it takes for a project tobe completed and stretch your milestones.

(P: F-SMR-UG/08/R0) 8

With cloud computing, there are now readily availableenvironments tailored for your needs at your fingertips.This often combines, but is not limited to, automatedprovisioning of physical and virtualized resources.

1.3.4. Big data analyticsOne of the aspects offered by leveraging cloud computingis the ability to tap into vast quantities of bothstructured and unstructured data to harness the benefitof extracting business value.Retailers and suppliers are now extracting informationderived from consumers’ buying patterns to target theiradvertising and marketing campaigns to a particularsegment of the population. Social networking platformsare now providing the basis for analytics on behavioralpatterns that organizations are using to derivemeaningful information.

1.3.5. File storageCloud can offer you the possibility of storing yourfiles and accessing, storing and retrieving them fromany web-enabled interface. The web services interfacesare usually simple. At any time and place you have highavailability, speed, scalability and security for yourenvironment. In this scenario, organizations are onlypaying for the amount of storage they are actuallyconsuming, and do so without the worries of overseeingthe daily maintenance of the storage infrastructure.There is also the possibility to store the data eitheron or off premises depending on the regulatorycompliance requirements. Data is stored in virtualizedpools of storage hosted by a third party based on thecustomer specification requirements.

1.3.6. Disaster recovery

(P: F-SMR-UG/08/R0) 9

This is yet another benefit derived from using cloudbased on the cost effectiveness of a disaster recovery(DR) solution that provides for a faster recovery from amesh of different physical locations at a much lowercost that the traditional DR site with fixed assets,rigid procedures and a much higher cost.

1.3.7. BackupBacking up data has always been a complex and time-consuming operation. This included maintaining a set oftapes or drives, manually collecting them anddispatching them to a backup facility with all theinherent problems that might happen in between theoriginating and the backup site. This way of ensuring abackup is performed is not immune to problems such asrunning out of backup media, and there is also time toload the backup devices for a restore operation, whichtakes time and is prone to malfunctions and humanerrors.

1.4. Literature ReviewThe Author discusses cloud computing is an emerging paradigm, which has become today’s hottest research area due to its ability to reduce the costs associated with computing. In today’s era, it is most interesting and enticing technology, which is offering the services to its users on demand over theInternet. Since Cloud Computing stores the data and disseminated resources in the open environment, security has become the main obstacle, which is hampering the deployment ofCloud environments. Even though the Cloud Computing is promising and efficient, there are many challenges for data security as there is no vicinity of the data for the Cloud user. To ensure the security of data, the author proposed a method by implementing RSA algorithm.

(P: F-SMR-UG/08/R0) 10

1.5. Data Security issues in Cloud ComputingCloud computing challenges have always been there. Companies are increasingly aware of the business value that cloud computing brings and are taking steps towards transition to the cloud. A smooth transition entails a thorough understanding of the challenges involved. Like any new technology, the adoption of cloud computing is not free from issues. Some of the most important challenges are as follows.

1.5.1. Privacy and Confidentiality Once the client host data to the cloud there should be some guarantee that access to that data will only be limited to the authorized access. Inappropriate access to customer sensitive data by cloud personnel is anotherrisk that can pose potential threat to cloud data. Assurances should be provided to the clients and proper practices and privacy policies and procedures should be in place to assure the cloud users of the data safety.

1.5.2. Data IntegrityWith providing the security of data, cloud service providers should implement mechanisms to ensure data integrity and be able to tell what happened to a certaindataset and at what point. The cloud provider should make the client aware of what particular data is hosted on the cloud, the origin and the integrity mechanisms put in place.

(P: F-SMR-UG/08/R0) 11

For compliance purposes, it may be necessary to have exact records as to what data was placed in a public cloud, when it occurred, what virtual memories (VMs) andstorage it resided on, and where it was processed. When such data integrity requirements exists, that the originand custody of data or information must be maintained inorder to prevent tampering or to prevent the exposure ofdata beyond the agreed territories (either between different servers or different networks).

1.5.3. Data location and RelocationCloud Computing offers a high degree of data mobility. Consumers do not always know the location of their data.However, when an enterprise has some sensitive data thatis kept on a storage device in the Cloud, they may want to know the location of it. They may also wish to specify a preferred location (e.g. data to be kept in India). This, then, requires a contractual agreement, between the Cloud provider and the consumer that data should stay in a particular location or reside on a given known server. Also, cloud providers should take responsibility to ensure the security of systems (including data) and provide robust authentication to safeguard customers’ information. Another issue is the movement of data from one location to another. Data is initially stored at an appropriate location decide by the Cloud provider. However, it is often moved from one place to another. Cloud providers have contracts with each other and they use each other’sresources.

1.5.4. Data Availability

(P: F-SMR-UG/08/R0) 12

Customer data is normally stored in chunk on different servers often residing in different locations or in different Clouds. In this case, data availability becomes a major legitimate issue as the availability of uninterruptible and seamless provision becomes relatively difficult.

1.5.5. Storage, Backup and RecoveryWhen you decide to move your data to the cloud the cloudprovider should ensure adequate data resilience storage systems. At a minimum they should be able to provide RAID (Redundant Array of Independent Disks) storage systems although most cloud providers will store the data in multiple copies across many independent servers.In addition to that, most cloud providers should be ableto provide options on backup services which are certainly important for those businesses that run cloud based applications so that in the event of a serious hardware failure they can roll back to an earlier state.

All these challenges should not be considered as roadblocks in the pursuit of cloud computing. It is rather important to give serious consideration to these issues and the possible ways out before adopting the technology.

2. PROPOSED MATHEMATICAL MODELLet S be the solution for the system.S={s, e, X, Y, DD, ND, Fs, Sc, Fc|Ф}Where,s = start state of the system{D}D= data set = {m1,m2,m3… mn}

e = end state of the system = {D}D= data set = {m1,m2,m3… mn}

(P: F-SMR-UG/08/R0) 13

X= set of inputX = {a,b,m,c}Wherea = prime numberb = another prime numberm = decrypted data itemc = encrypted data item

Y = set of outputWhere,Y = {m1,m2,m3… mn}Where {m1, m2, m3,.., mn} are part of D data set.

Fs = set of functions used in this programFs = {F1, F2, F3}Where,F1 = function for key generation.Input: none Computation:

Select two prime integers p, q Compute integers n = p x q

v = (p-1) x (q-1) Select small odd integer k such that gcd(k, v) = 1 Compute integer d such that (d x k)%v = 1

Output: n, k, and d CoF2 = Function to encrypt the dataInput: integers k, n, M

M is integer representation of plaintext message Computation:

let C be integer representation of cipher text C = (Mk)%n

Output: integer C

(P: F-SMR-UG/08/R0) 14

cipher text or encrypted message CF3= Function to decrypt the dataInput: integers d, n, C

C is integer representation of cipher text message Computation:

Let D be integer representation of decrypted cipher text D = (Cd)%n

Output: Integer D decrypted message

DD = Deterministic Data{No. of items}NDD = Non Deterministic Data{time taken}

Sc = Success case{If the data set is successfully encrypted and decrypted}

Fc= Failure case{Unable to calculate encrypted value, power failure}

3. DESIGN AND ANALYSIS OF SYSTEM3.1. CLOUD COMPUTING ARCHITECTURE

When talking about a cloud computing system, it's helpful to divide it into two sections: the front end and the back end. They connect to each other through a network, usually the Internet. The front end is the side the computer user, or client, sees. The back end is the "cloud" section of the system.

The front end includes the client's computer (or computer network) and the application required to access the cloud computing system. Not all cloud-computing systems have the same user interface. Services like Web-based e-mail programs

(P: F-SMR-UG/08/R0) 15

leverage existing Web browsers like Internet Explorer or Firefox. Other systems have unique applications that provide network access to clients.

On the back end of the system are the various computers, servers and data storage systems that create the "cloud" of computing services. In theory, a cloud computing system could include practically any computer program you can imagine, fromdata processing to video games. Usually, each application willhave its own dedicated server.

Figure 1. Cloud Computing Architecture

3.2. RSA ALGORITHM

RSA is widely used Public-Key algorithm. RSA stands for Ron Rivest, Adi Shamir and Len Adleman, who first publicly described it in 1977. In our proposed work, we are using RSA algorithm to encrypt the data to provide security so that onlythe concerned user can access it. By securing the data, we arenot allowing unauthorized access to it.

User data is encrypted first and then it is stored in the Cloud. When required, user places a request for the data for

(P: F-SMR-UG/08/R0) 16

the Cloud provider; Cloud provider authenticates the user and delivers the data.

RSA is a block cipher, in which every message is mapped to an integer. RSA consists of Public-Key and Private-Key. In our Cloud environment, Pubic-Key is known to all, whereas Private-Key is known only to the user who originally owns the data. Thus, encryption is done by the Cloud service provider and decryption is done by the Cloud user or consumer. Once the data is encrypted with the Public-Key, it can be decrypted with the corresponding Private-Key only.

RSA algorithm involves three steps:

a) Key Generation

b) Encryption

c) Decryption

Key Generation:

Before the data is encrypted, Key generation should be done. This process is done between the Cloud service provider and the user.

Steps:

1) Choose two distinct prime numbers a and b. For security purposes, the integers a and b should be chosen at randomand should be of similar bit length.

2) Compute n = a * b.

3) Compute Euler’s totient function, Ø (n) = (a-1) * (b-1).

4) Chose an integer e, such that 1 < e < Ø (n) and greatest common divisor of e, Ø (n) is 1. Now e is released as

(P: F-SMR-UG/08/R0) 17

Public-Key exponent.

5) Now determine d as follows: d = e -1(mod Ø (n)) i.e., d ismultiplicate inverse of e mod Ø (n).

6) d is kept as Private-Key component,

so that d * e = 1 mod Ø (n).

7) The Public-Key consists of modulus n and the public exponent e i.e., (e, n).

8) The Private-Key consists of modulus n and the private exponent d, which must be kept secret i.e., (d, n).

Encryption:

Encryption is the process of converting original plain text (data) into cipher text (data).

Steps:

1) Cloud service provider should give or transmit the Public-Key (n, e) to the user who want to store the data with him or her.

2) User data is now mapped to an integer by using an agreed upon reversible protocol, known as padding scheme.

3) Data is encrypted and the resultant cipher text (data) C is

C= me(mod n).

4) This cipher text or encrypted data is now stored with the Cloud service provider.

Decryption:

(P: F-SMR-UG/08/R0) 18

Decryption is the process of converting the cipher text(data) to the original plain text(data).

Steps:

1. The cloud user requests the Cloud service provider for the data.

2. Cloud service provider verifies the authenticity of the userand gives the encrypted data i.e., C.

3. The Cloud user then decrypts the data by computing,

m = Cd (mod n).

4. Once m is obtained, the user can get back the original data by reversing the padding scheme.

4. DISCUSSION ON IMPLEMENTATION RESULTSIn this section, we are taking some sample data end implementing RSA algorithm over it.

Key Generation: 1. We have chosen two distinct prime numbers a=61 and b=53.

(P: F-SMR-UG/08/R0) 19

2. Compute n=a*b, thus n=61*53 = 3233.

3. Compute Euler’s totient function, Ø(n)=(a-1)*(b-1), Thus Ø(n)=(61-1)*(53-1) = 60*52 = 3120.

4. Chose any integer e, such that 1 < e < 3120 that is coprime to 3120. Here, we chose e=17.

5. Compute d, d = e-1(mod Ø(n)), thus d=17-1(mod 3120) = 2753.

6. Thus the Public-Key is (e, n) = (17, 3233) and the Private-Key is (d, n) = (2753, 3233). This Private-Key is kept secret and it is known only to the user.

Encryption:

1. The Public-Key (17, 3233) is given by the Cloud serviceprovider to the user who wish to store the data.

2. Let us consider that the user mapped the data to an integer m=65.

3. Data is encrypted now by the Cloud service provider by using the corresponding Public-Key which is shared by both the Cloud service provider and the user.

C = 6517(mod 3233) = 2790.

4. This encrypted data i.e., cipher text is now stored bythe Cloud service provider.

Decryption:

1. When the user requests for the data, Cloud service provider will authenticate the user and delivers the encrypted data (If the user is valid).

(P: F-SMR-UG/08/R0) 20

2. The cloud user then decrypts the data by computing,

m = Cd(mod n) = 27902753(mod 3233) = 65.

3. Once the m value is obtained, user will get back the original data.

We compare the existing symmetric algorithms on the basis of different parameters

Throughput of the encryption algorithms is calculated by dividing the total plaintext in Megabytes encrypted on total encryption time for each algorithm. Thus, if throughput increased than power consumption decreased. So, as speed of the DES encryption is twice times to the speed of RSA encryption speed.

Table: Execution Time (Milliseconds) of Encryption of differentdata packet size

(P: F-SMR-UG/08/R0) 21

Table2: Execution Time (Milliseconds) of Decryption of Differentdata packet size

Comparison of secret key and public key based DES and RSA algorithms is done. RSA solves the problem of the key agreement and key exchange problem generated in secret key cryptography. But it does not solve all the security infrastructure .So DES is used. RSA and DES differ from each other in certain features. Thegiven figure is used to represent the decryption throughput of different algorithms are used for data security. Thus we find in decryption that DES is better than all other algorithms in throughput and power consumption. Finally,triple DES still requires more time than DES.

(P: F-SMR-UG/08/R0) 22

Table: Distinction between DES and RSA Algorithm’s

5. CONCLUSION AND FURUTE ENHANCEMENTIn this paper we elucidate cloud computing and major security issues of cloud computing. By utilizing various facilities and services provided by cloud one can increase performance, agility and efficiency in addition to reduce cost and management responsibilities of an enterprise. Though there are lots of advantages of cloud, there are yet numerous challenges to be faced by cloud computing such as privacy issues and data security. In this paper we have tried to address most critical data security challenges of cloud. Many standard organizations such as National Institute of Standards and Technology (NIST), Cloud Security Alliance (CSA) and Cloud Computing

(P: F-SMR-UG/08/R0) 23

Interoperability Forum (CCIF) are trying to develop standards to resolve various security issues of cloud. Cloud computing has thepotential to provide a secure and economically viable IT solutionin the future. Thus, in our proposed work, only the authorized user can access the data. Even if some intruder (unauthorized user) gets the data accidentally or intentionally if he captures the data also, he can’t decrypt it and get back the original datafrom it. Hence forth, data security is provided by implementing RSA algorithm.

6. REFERENCES6.1. Louai A. Maghrabi,“The Threats of Data Security over

the Cloud as Perceived by Experts and University Students,”in IEEE 2014 World Symposium on Computer Applications &Research (WSCAR) - Sousse, Tunisia (2014.1.18-2014.1.20)

6.2. Daniel W.K. TSE, “Challenges on Privacy and Reliabilityin Cloud Computing Security,” in Information Science,Electronics and Electrical Engineering (ISEEE), 2014International Conference on (Volume: 2) 26-28 April 2014

6.3. Mark D. Ryan, ”Cloud computing security: The scientificchallenge, and A survey of solutions,” in The Journal ofSystems and Software (2013)

6.4.  Rivest, R.; Shamir, A.; Adleman, L. (February 1978). "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems". Communications of the ACM 21 (2): 120–126. doi:10.1145/359340.359342.

6.5. K. R. C. Wang, Q. Wang and W. Lou, “Ensuring datastorage security in cloud computing,” in Proc. 17th InternationalWorkshop on Quality of Service (IWQoS ’09), pp. 1–9, 2009.

6.6. Z. Mahmood, “Data location and security issues in cloudcomputing,” in Emerging Intelligent Data and Web Technologies (EIDWT),2011 International Conference on, pp. 49–54, IEEE, 2011.

(P: F-SMR-UG/08/R0) 24

6.7.  W. Liu, “Research on cloud computing security problemand strategy,” in Consumer Electronics, Communications and Networks(CECNet), 2012 2nd International Conference on, pp. 1216–1219, IEEE,2012.

6.8. L. M. Kaufman, “Data security in the world of cloudcomputing,” Security & Privacy, IEEE, vol. 7, no. 4, pp. 61–64,2009.

(P: F-SMR-UG/08/R0) 25