See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/279043187

Security challenges in cloud computing

Article · January 2014

CITATIONS READS
0 239

1 author:

Y Srinivas
GITAM University
227 PUBLICATIONS 1,353 CITATIONS

SEE PROFILE

All content following this page was uploaded by Y Srinivas on 07 October 2020.

The user has requested enhancement of the downloaded file.

 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

Securing Cloud with Quality of Services

M. Subrahmanya Sarma1, Y Srinivas 2 , M. Abhi Ram 3
1
Senior Manager, IBM , Bangalore, [email protected],
2
Professor , Department of IT GITAM University ,[email protected],
3
B. Tech (C.L), GITAM University, [email protected]

Abstract: Security is a major concern for the cloud adoption. End users are questioning the cloud
providers on the security aspects of the information stored in the cloud images. In this paper we propose
a security framework where in end users can manage their end to end security. Cloud users are supplied
with the security framework by the cloud service providers as quality of services to implement the end to
end security on their cloud machines. This article helps the end users to classify the Security levels of the
sensitive information stored in their cloud images. This article also suggests to organize the sensitive
information in a structured form called wallet , in the form of Graph data structure and helps the cloud
users to traverse the graph using Depth First Search algorithm to ensure the security levels in the
wallet. Sample experimentation results are attached in this paper. Cloud users can use the steps outlined
in this paper to ensure end to end security in their cloud environments.

1. Introduction: One of the barriers for the cloud adoption is the security challenges in the cloud. As the
traction of cloud increases in the recent years, lot of emphasis is given in this area to secure the cloud
information. In this paper we made an attempt to supply the security mechanisms as a quality of services.
With the proposed scheme, cloud users can classify the information basing on the sensitivity of the
information and ensure the security using the quality of services provided by the cloud service provider.
Section 2 of the paper describe the related work, section 3 of the paper describes the information
classification Model. Section 4 elaborates our proposed scheme of structuring the sensitivity information
as a Secure Wallet. Section 5 covers the experimental results and concluding section 6 concludes this
paper.

2. Related Work

Srinivas Y and Subrahmanya Sarma[6] elaborated the various security issues and mechanisms in cloud
computing. Privacy issues are of highest concern to the user community, cloud users are unaware about
the information pertaining to the actual storage area of data and in which data center the information is
stored. To address the privacy issues, cloud providers should provide tools for encryption and decryption
of the cloud images [7][8]. Integrity issues are of next major concern to the user community, where in
cloud service providers should provide tools to digitally sign and verify the information on the cloud
images[9][10][11] . Cloud service providers should ensure only authorized users to access the cloud
resources for which they are entitled for. This can be achieved by using IAM (Identity and Access

510
 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

Management Solutions). Cloud service providers should ensure the involvement of the cloud users in
cloud transactions. This can be achieved via Digital signatures. The following table summarizes the
security issues and the mechanisms.

Security Issues Mechanism

Cloud Confidentiality Encryption

Cloud Integrity Digital signatures

Cloud Authenticity Digital signatures and Access

Management via IDaas
Cloud Non Repudiation Digital signatures

Srinivas Y . Subrahmanya Sarma and Abhi Ram M compared[17] RSA and ECC Public key
algorithms and concluded RSA is a preferred algorithm when compared with ECC for cloud
implementations. Miland Mathur , Aysuh Kesharvani [16] compared the symmetric encryption
algorithms and concluded AES is not vulnerable for the attacks and considered as more secured when
compared with other symmetric encryption algorithms.

3. Information Classification

A classification level must be assigned to the cloud information to better manage the information on the
cloud. A classification level indicates the relative importance of the classified information and thereby
determines the specific security requirements applicable to that information. Clearly defined classification
levels are essential to an effective classification system. Following is the recommended classification of
the sensitive information in the cloud environments.

Sl . No Information Category Definition Type of Information Security Mechanism

1 Public
2 Open
3 Confidential
4 Strictly Confidential
Name , email address , Telephone no , any
Viewed by ALL information accessible by all Digital signatures
Cloud notifications , articles, Policies and
Open to cloud community procedures Digital signatures
Date of birth , Mental and Physical health
information, Wage details, Death certificates,
Access is limited to a set of People Employee Contract Data Symmetric Encryption
Bank account details
Credit Card Details
User Name and Passwords
Financial Data
Medical Records
Access is limited to very minimal Research Papers
number of people Patents and IP Public Key Encryption

Fig 1

511
 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

4. Securing cloud Images with Secure Wallets and Quality of Services.

Basing on the above classification suggested, the end users should organize the information in the cloud
as secure wallet, with all the Strictly Confidential and Confidential information should be placed as part
of wallet. All the public information should be placed outside the wallet. The advantage of organizing
the sensitive information in the wallet is,

 Cloud providers can automate /develop scripts to ensure the security

 Secure Wallet organization would help the cloud users to manage the security of their own using
any open source crypto API

 Secure Wallet organization would assist the end user and as well as the cloud providers to take
periodic back up of sensitive information.

Fig 2

Confidential information in the Secure Wallet should be encrypted using symmetric encryption algorithm.
We suggest using AES 192 bit or 256 bit symmetric encryption algorithm. All the strictly confidential
information should be encrypted using RSA encryption. Public and community cloud information should
be digitally signed to detect the tampering. We suggest two approaches to provide the security for the
Secure Wallet and public information of Cloud images. Cloud Service providers should include
OpenSSL crypto library as part of cloud images where in cloud users can implement the required security
mechanisms of their own , complete steps on how to use OpenSSL crypto API is discussed in the next
Section. Alternatively Cloud service providers should publish the custom build web services and scripts
in the cloud images to invoke the web services. Latter approach would help to automate the

512
 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

encrypt/decrypt and sign/Verify operations. Graph representation of Secure Wallet helps the cloud users
to traverse the secure wallet in a structured way. We suggest using the following depth first search
algorithm to traverse the secure wallet for encryption and decryption.

Recursive Depth First Search Algorithm to traverse the Secure Wallet.

Procedure Traverse_Secure_Wallet ( Vertex v)

Begin

Label Vertex v as reached.

For each unreached vertex u adjacent to v

Traverse_Secure_Wallet ( u )

End

5. Experimentation Results

We have used openSSL crypto library to implement the secure wallet. Open SSL library should be
shipped with all the Linux, Unix and windows cloud images. Cloud users can use the openSSL crypto
library to implement the public key encryption, symmetric encryption and digital signature
implementations. Following figures explains the usage of openSSL crypto libraries for encryption,
decryption, Signing and verification. Alternatively cloud providers can also ship this quality of services
as web services as part of cloud implementations so that the cloud users can use the web service clients to
invoke the respective security mechanisms. Web Services can be developed using either Java based
crypto API or openSSL giving flexibility to the client to invoke the web services in any platform.

5.1 RSA encryption and Decryption

513
 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

5.2 AES Encryption & Decryption

5.3 Digital signatures -Sign and Verify

6. Conclusion

In this paper , we made an attempt to extend the security mechanisms to the cloud users as a
quality of services. In this paper we suggested the to end users to organize their Strictly
Confidential and Confidential information as part of secure wallet and public information
outside the secure wallet. We have implemented the quality of Services using openSSL crypto
API and also suggested same can be deployed as web services at the cloud service provider side.
Further work can be done on enhancing the security levels of the Wallet and also to add more
quality of Services for operational activities.

514
 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

7. References

[1]. Mather T, Kumaraswamy S, Latif S (2009) Cloud Security and Privacy. OReilly Media, Inc.,
Sebastopol, CA

[2]. Li W, Ping L (2009) Trust model to enhance Security and interoperability of Cloud environment, In
Proceedings of the 1st International conference on Cloud Computing , Springer Berlin Heidelberg,
Beijing, China, pp 69–79

[3]. Rittinghouse JW, Ransome JF (2009) Security in the Cloud. In: Cloud Computing. Implementation,
Management, and Security, CRC Press

[4]. Cloud Security Alliance (2010) Top Threats to Cloud Computing V1.0. Available:
https://cloudsecurityalliance.org/research/top-threats

[5].Dahbur K, Mohammad B, Tarakji AB (2011) A survey of risks, threats and vulnerabilities in Cloud
Computing. In: Proceedings of the 2011, International conference on intelligent semantic Web-services
and applications. Amman, Jordan, pp 1–6

[6]. Dr Ysrinivas , Subrahmanya Sarma, Security issues in cloud computing , (GJCSIT) Global Journal
of Computer Science and Information Technology, Vol. 1 (1), 2014, 43-46

[7]. Ertaul L, Singhal S, Gökay S (2010) Security challenges in Cloud Computing. In Proceedings of the
2010 International conference on Security and Management SAM’

[8].Grobauer B, Walloschek T, Stocker E (2011) Understanding Cloud Computing vulnerabilities. IEEE

Security Privacy 9(2):50–57

[9] Dawoud W, Takouna I, Meinel C (2010) Infrastructure as a service security: Challenges and solutions.
In the 7th International Conference on Informatics and systems (INFOS), Potsdam, Germany. IEEE
Computer Society, Washington, DC, USA, pp 1–8

[10] Jasti A, Shah P, Nagaraj R, Pendse R (2010) Security in multi-tenancy cloud. In IEEE International
Carnahan Conference on Security Technology (ICCST), KS,USA. IEEE Computer Society, Washington,
DC, USA, pp 35–41

[11].Garfinkel T, Rosenblum M (2005) When virtual is harder than real: Security challenges in virtual
machine based computing environments. In Proceedings of the 10th conference on Hot Topics in
Operating Systems, SantaFe, NM. volume 10. USENIX Association Berkeley, CA, USA, pp 227–22

[12]https://bithin.wordpress.com/2012/02/22/simple-explanation-for-elliptic-curve-cryptography-ecc/

[13].http://vanilla47.com/PDFs/Cryptography/Miscellenea/Eliptic%20Curve%20Cryptography/A_tutorial
_of_elliptic_curve_cryptography.pdf

[14].http://en.wikipedia.org/wiki/ECC_patents.

[15]. http://www.ijser.org/researchpaper/Performance-Based-Comparison-Study-of-RSA-and-Elliptic-
Curve-Cryptography.pdf

515
 IJISET - International Journal of Innovative Science, Engineering & Technology, Vol. 2 Issue 5, May 2015.
www.ijiset.com
ISSN 2348 – 7968

[16] Miland Mathur , Aysuh Kesharvani , COMPARISON BETWEEN DES , 3DES , RC2 , RC6 ,
BLOWFISH AND AES Proceedings of National Conference on New Horizons in IT - NCNHIT 2013.

[17] Dr Ysrinivas , Subrahmanya Sarma, Best fit algorithms for ensuring security in cloud
environments – A Compartive study of RSA and ECC. International Journal of Modern computer science
and Applications. ISSN:2321-2632( Online) , Volume no3 Issue No 1. January 2015.

516

View publication stats