INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print),

, ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME TECHNOLOGY (IJCET)
ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3, Issue 3, October - December (2012), pp. 54-65 IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2012): 3.9580 (Calculated by GISI) www.jifactor.com

IJCET
IAEME

SECURE HASH BASED DISTRIBUTED FRAMEWORK FOR UTPC BASED CLOUD AUTHORIZATION

C. Lalrinawma
Dept of Computer Sciences. Govt. Zirtiri Residential Science College Mizoram, India E-Mail: lalrinawma.gzrsc@gmail.com

Dr. Masih Saikia

HOD. Dept. of Computer Sciences Pragjyotish College Guwahati, India

ABSTRACT The paper introduces a cloud-enabled framework for parameterized security in large-scale Smartphone based wireless sensor network. The research work also highlights some of the effective implementation of service broker included in aggregation service in sensor network. The cumulative collected throughput information is considered to be forwarded to the cloud users using conventional cloud interfaces. A cloud interface is built with newly introduced concept of Unit Transaction permission coin (UTPC) as a security token for cloud user authorization that is integrated in Android platform (v2.2). The UTPC generation process includes hash function (SHA/MD5) that is most difficult to break by any intruder. The empirical process consists of registration and authentication phase using micro-platform computation in untrusted environment considering the IMEI and IMSI of the considered trusted handheld device. The result accomplished is unique and lightweight that is easily compatible with any real time application that runs on cloud environment. Keywords-: Smartphone, Android, Cloud Computing, Cloud Security, SHA, MD5, Hash Function.

INTRODUCTION Cloud computing [1] gets its name from the drawings usually accustomed illustrate the internet. Cloud computing may considered as a new consumption and delivery model for IT services. The idea of cloud computing represent a shift in paradigm where the end user need not
I. 54

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

recognize the main points of a selected technology. The service is totally managed by the supplier. Users will consume services at a rate that's set by their explicit requirements. Such on-demand services are often provided at any time. There is an critical need to ensure secure storage, managing, sharing and analyzing the huge amounts of complicated (e.g., semi-structured and unstructured) information to work out patterns and trends so as to enhance the standard of care, higher safeguard the state and explore energy. Attributable to the essential nature of the applications, it is vital that cloud platform should be secure. The main security challenge with cloud application is that the owner of the information might not have control management of wherever the information is located. This is often as a result of if one desire to take advantage of the advantages of victimization cloud computing, one should additionally utilize the resource allocation and programming provided by clouds. Therefore, if user wants to safeguard the information within the interior of untrusted processes, the security protocols within client interface should be stressed more. The rising cloud computing model tries to deal with the explosive growth of web-connected devices, and handle huge amounts of knowledge [2]. With the increased pervasiveness of sensory devices for military and civilian uses comes the demand for effective processing of the large amounts of data they collect. This demand can only be met with the low-cost computing resources offered by todays cloud computing systems. Todays cloud [3] can already support data-intensive computing at a low cost: for example, a large-scale computing task can be accomplished on Amazons Elastic Compute Cloud (EC2) [4] at an expense as low as 10 cents per CPU hour. So far little effort has been made in applying the ultra cost effective cloud platform towards analyzing and managing sensor data. Recently, we have made the first step towards building a practical sensor cloud system. Different from prior work on sensor networks, we assume that sensors communicate directly with a proxy or broker on a cloud. In our research, we consider a group of sensors organized as a hierarchical structure or some types of partitions, which communicate with their cloud proxies through wireless channels. The sensor platforms studied in our research are ones with multiple sensors that can each measure different properties of the environment. For example, we might have GPS for positioning, microphones for sound, laser-range finders for scanning surroundings, temperature indicators, wireless radios etc. We can imagine a host of different autonomous and manned devices that contain these sensors including vehicles, robots, smart-grid nodes, mobile computers, and smart phones. For each device, we have a number of different sensors that can provide different environmental readings on a near continuous basis, further these hosts all contain reasonable computational power and power supplies for continuous function. Finally, they all have reliable cellular network conductivities. We imagine that these hosts are continually collecting data from their environment, performing some level of data processing and publishing the outcomes to a cloud for further analysis or data storage. For the purposes of our studies, we examine modern Android smart phones as exemplar hosts in our work. Cloud computing exhibit five essential characteristics defined by NIST (National Institute of Standards and Technology) [5]. a) On-demand self-service. A consumer can unilaterally provision computing capabilities. b) Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms. c) Resource pooling. The providers computing resources are pooled to serve multiple consumers, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. d) Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in.
55

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

e) Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service. Cloud computing can be defined as the provision of computing services via the Internet such as [5] Applications (software-as-a-service, or SaaS), Platforms, Infrastructure (IaaS), Process orchestration and integration Figure 1 shows the proposed open secure architecture of cloud computing which is enhanced version of work done in [6]. The Open Security Architecture cloud computing pattern is an attempt to illustrate core cloud functions, the key roles for oversight and risk mitigation, collaboration across various internal organizations, and the controls that require additional emphasis. The security aspects of cloud computing is as follows: a) Infrastructure Security: The security challenges at various levels namely network level, host level and application level are not specifically caused by cloud computing instead are exacerbated by its use. The issues of infrastructure security and cloud computing can be addressed by clearly defining trust boundaries by understanding which party provides which part of security [5]. b) Data Security and Storage: Data security [10][11] is a significant task, with a lot of complexity. Methods of data protection, such as redaction, truncations, obfuscation, and others, should be viewed with great concern. Not only are there no accepted standards for these alternative methods, but also there are no programs to validate the implementations of whatever could possibly be developed. Homomorphic encryption can be used for data security encryption. But with this approach key management is a problem [5]. c) Identity and Access Management: The key critical success factor to managing identities at cloud providers is to have a robust federated identity management architecture and strategy internal to the organization. Using cloud-based Identity as a Service providers may be a useful tool for outsourcing some identity management capabilities and facilitating federated identity management with cloud providers [7]. d) Security Management: From a security management perspective, a key issue is the lack of enterprise-grade access management features. The scope of security management of cloud services will vary with the service delivery model, provider capabilities, and maturity. Customers will have to make trade-offs with respect to the flexibility and control offered by the SPI services. The more flexible the service, the more control you can exercise on the service, and with that come additional security management responsibilities. In a virtualized environment where infrastructure is shared across multiple tenants, your data is commingled with that of other customers at every phase of the life cycleduring transit, processing, and storage. Hence, it is important to understand the location of the service, service-level guarantees such as inter-node communication, and storage access (read and write) latency [5]. e) Privacy: Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust and this need to be considered at every phase of design. The key challenge for software engineers to design cloud services in such a way as to decrease privacy risk and to ensure legal compliance. The following tips are recommended for cloud system designers, architects, developers and Testers [8]. a. Minimize personal information sent to and stored in the cloud. b. Protect personal information in the cloud. c. Maximize user control.
56

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

d. Allow user choice. e. Specify and limit the purpose of data usage. f. Provide feedback. f) Audit and Compliance: A programmatic approach to monitoring and compliance will help prepare CSPs (Cloud Service Provider) and their users to address emerging requirements and the evolution of cloud business models. To drive efficiency, risk management, and compliance, CSPs need to implement a strong internal control monitoring function coupled with a robust external audit process. To gain comfort over their in-cloud activities, CSP users need to define their control requirements, understand their CSPs internal control monitoring processes, analyze relevant external audit reports, and properly execute their responsibilities as CSP users [5]. g) Security-as-a-Service: Security-as-a-service is likely to see significant future growth for two reasons. First, a continuing shift in information security work from in-house to outsourced will continue. Second, several other information security needs are present for organizations currently, but they will accelerate in need and complexity with the growing adoption of cloud computing. The two proactive controls are important to the growth of cloud computing: identity management that is inter-cloud and scalable to the cloud size, and (encryption) key management. The two reactive controls are needed for audit and compliance purposes as well: scalable and effective SIEM, and data leakage prevention (DLP). Providing solutions to each of these controls will be difficult and requires significant complexity that must be hugely scalable and yet easy to use [5]. PROBLEM DESCRIPTION While cost and ease of use are two great benefits of cloud computing, there are significant security concerns that need to be addressed when considering moving critical applications and sensitive data to public and shared cloud environments. To address these concerns, the cloud provider must develop sufficient controls to provide the same or a greater level of security than the organization would have if the cloud were not used. Listed here are ten items to review when considering cloud computing. As more companies move to cloud computing, look for hackers to follow. Some of the potential attack vectors criminals may attempt include:
II.

Denial of Service (DoS) attacks - Some security professionals have argued that the cloud is more vulnerable to DoS attacks, because it is shared by many users, which makes DoS attacks much more damaging. Twitter suffered a devastating DoS attack during 2009. Side Channel attacks An attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack. Authentication attacks Authentication is a weak point in hosted and virtual services and is frequently targeted. There are many different ways to authenticate users; for example, based on what a person knows, has, or is. The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers. Man-in-the-middle cryptographic attacks This attack is carried out when an attacker places himself between two users. Anytime attackers can place themselves in the communications path, there is the possibility that they can intercept and modify communications.

57

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

In prior research work, we summarize the security and privacy challenges we face when building a trustworthy sensor-cloud system, which come from the following perspectives: The environment in which sensors work can be compromised by the adversary. For example, the adversary can artificially reduce or raise temperatures to cause the sensors to collect improper data. Individual sensors can be vulnerable to attacks. This can happen when the adversary has physical access to the sensors, or remote access through propagating malware. Information flows within the cloud can be intercepted and stolen or modified by compromised cloud nodes. The cloud client can be infected by malicious code implanted by an adversary, which can lead to further security breaches within a sensor-cloud system. The communication channels between the sensors and the cloud and between the client and the cloud are vulnerable to different types of attacks. Even when the data transferred over the channels is fully encrypted: side-channel information leaks constitute creditable threats.

The prior research pinpoints a subset of issues within the problem space that need immediately attention. Specifically, we investigated I) techniques for detecting anomalous use of sensors, particularly, when the adversary gains unauthorized physical access to smart phones; ii) we demonstrated that intelligent Smartphone-based malware can be built to understand the context of a phone conversation and extract a small amount of high-value information from the context (Given the small quantity of such sensitive information, the malware can deliver it to its master through covert channels, even without direct network access); and iii) prior research shows that even in the presence of Wi-Fi encryption and HTTPS protection, the traffic features of the communication between sensors and the cloud, and between the cloud and its clients can easily be analyzed to infer highly-sensitive user data. PROPOSED SYSTEM The proposed system identifies recent progress and follow-up on previously discussed research plans on these fronts, including detection of anomalous use of sensors, and defenses against Smartphone malware and side-channel leaks.
III.

58

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME
Cloud User Access User_ID, Pswd User Authentication UTPC Generated on Studs Mobile Android Handset Matches with the Servers generated Password Unlock Access

UTPC Generation Process SHA Hash Function using IMEI, IMSI and Registration time of Mobile Phone MD5 Hash Function using the result of SHA function

Password generated and entered by the Stud

Generated Challenge Final UTPC for Hash function entered by Stud Sent to Server Send to User UTPC generated by Server and match with UTPC entered by the Stud

Figure 1 Proposed Schema The main aim of the project work is to develop an Architectural Model for multi-factor authentication system for secure sensor cloud application, where we will produce unit instance authorization token in the forward direction. The core idea is to produce multiple Unit Transaction Permission Coin (UTPC) from an initial seed in a parallel process with the service provider itself, e.g., an online bank, by utilizing two different types of hash functions, which come with a nested chain using Brokering network. The resulting chain provides forwardness and infiniteness and it should run on multiple systems of wired or wireless network. The base paper Towards Secure Cloud Bursting, Brokerage and Aggregation drafted by Srijith K. Nair, Sakshi Porwal, Theo Dimitrakos, Ana Juan Ferrer, Johan Tordsson, Tabassum Sharif, Craig Sheridan, Muttukrishnan Rajarajan, and Afnan Ullah Khan. The respective author proposed the concept of cloud bursting and cloud brokerage and elaborates the open management and security issues connected with the two models. The work also introduces a feasible model that is capable of enhancing the brokerage based cloud services. But unfortunately, security concerns written in the paper is not enough to mitigate core attacks like side-channel leak or DoS attack. Moreover, the paper is more theoretical in nature without any core information of implementation modules or algorithms or any research methodology nor any performance analysis results or implementation. Some other past research work has also seen the discussion related to the requirements for securing communication using in Smartphone towards cloud computing. Therefore, the current paper has considered the sensors to be modern Smartphone. Therefore, the proposed project work will be towards implementing the core concept written in the above mentioned base paper with our contribution in designing a secure real-time application on Android based smart phone using brokering network. Our proposed system is mainly classified into two modules: A. Registration Phase: The cloud user gets the two different hash functions, and an initial seed, established on his mobile phone. To ensure that the information is completely shared with the service provider, the seed is
59

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

produced by the shared and unique parameters of the host and user, e.g., the International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), and registration date. B. Authentication Phase: The steps of the login and authentication process between the user and service provider are as follows. The user logs in to the service providers website, e.g., an online bank, requesting access. As a response to this access request, a secure session is established, i.e., an SSL session, allowing the user to enter his authentication privileges, i.e., user name and password, the first factor of authentication, what the user knows. Also the user provides the server with his unit instance authorization token current status. The current status allows the server to synchronize his seed with the clients current seed to get the same seed value on both sides before sending a challenge. The server randomly challenges the user with new indexes. The user enters those indexes, in his Unit Transaction Permission Coin (UTPC)) generator to get the corresponding UTPC. The user responds with this corresponding UTPC. The server compares the received UTPC with the calculated one. According to the server check, done in the previous step, the server will transfer an authorization execution or a communication termination. Through the registration process, the user gets two different hash functions, which could be SHA1, and hB(.), which could be MD5 [11], along with an initial seed, Sint as the concatenation of the IMEI, IMSI, and registration time, which could be 1234567891234561234567891234507012010200259 Assuming IMEI is 123456789123456, IMSI is 12345678912345, and the registration time is 7/1/2010 20:02:59. After logging into the service providers website using a different and static username and password, the first factor of authentication, the server asks the user for the UTPCs current status. If the user has generated numerous UTPCs without using them, he might have reached an UTPC status of, for example, 17. The user will submit his current status to the server to allow the server to calculate the current seed Scrt=hA17(Sint)= 1220848648030773785924867285680707842195071405780, that means that the server has calculated seventeen cascaded hashes of its initial seed Sint using the SHA-1 algorithm, to be synchronized with the client. After that the server sends a random challenge value of new indexes, e.g., x, y = 3, 4, which means the user has to calculate his session UTPC using this formula: UTPC=hB4(hA3(Scrt))= 68606061177919188523363813602016333158. The server has to calculate the same value in a parallel process, and as soon as the client responds, the server will match the two values to give either a yes or no. C. Micro Platform Computation Phase: The android enabled phones may be in the control of trusted (or semi-trusted) individuals, or be located in some potentially untrusted environment. Certain reasons for using Samsung Android (v2.2) are: Improved Security: With the addition of numeric pin or alpha-numeric password options to unlock device. Exchange administrators can enforce password policy across devices. Remote Wipe: Exchange administrators can remotely reset the device to factory defaults to secure data in case device is lost or stolen.
60

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Java Compatibility: Performance of the browser has been enhanced using the V8 engine, which enables faster loading of JavaScript-heavy pages. Kernel Memory Management Boost: Improved memory reclaim by up to 20x, which results in faster app switching and smoother performance on memory-constrained devices

Further, they have a reasonable processing capability on modern low-power processors, such as an ARM architecture processor running at 500800MHZ. It is assumed that the phones have standard sensors including, eGPS, 802.11x, Bluetooth v2 (Class 1, 2 or 3), temperature, orientation, acceleration, audio microphone, and camera (stills or video). In particular, our project focuses on the use of Samsung Android (v2.2) development phones, due to the ease of programming and their ability to multi-task. The communication between the sensors and the computing infrastructure is mediated by a brokering network that uses a publish / subscribe model. FRAMEWORK IMPLEMENTATION The computing environments of a sensor grid are fraught with different kinds of threats, which endanger the security and privacy assurance the system can provide. Mitigation of these threats relies on establishing trust on individual system layers through proper security control. In this section, we survey the security and privacy risks on each layer of senor-grid computing and the technical challenges for controlling them. A sensor grid interacts with its operating environment through a set of sensors. Those sensors work either autonomously or collaboratively to gather data and dispatch them to the grid. Within the grid, a brokering system filters and routes the data to their subscribers, the clients of the sensor grid. We now describe the security and privacy issues on each layer of such an operation. This includes the environment the sensors are working in; the sensors; the grid; the clients; and the communications between the sensor and grid, and the grid and clients. The proposed system is designed on Windows 32-bit OS with 1.84 GHz processor with broadband connectivity of 100 Mpbs. The programming is done on MyEclipse IDE. The experiment for the proposed system is done on real time Samsung Galaxy Smartphone with Android 2.2. Hence Android Development Tools (ADT) is used as it is a plug-in for the MyEclipse IDE that is designed to give a powerful, integrated environment in which to build Android applications. ADT extends the capabilities of Eclipse to let you quickly set up new Android projects, create an application UI, add packages based on the Android Framework API, debug your applications using the Android SDK tools, and even export signed (or unsigned) .apk files in order to distribute your application. The Android software development kit (SDK) includes a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials. Currently supported development platforms include computers running Linux, Mac OS X 10.5.8 or later, Windows XP or later. The proposed system will be experimented with active wireless connectivity between the system and Android enable device.
IV.

61

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Figure 2 Broker Login Options

Figure 3 Generation of the UTPC, IMEI No, IMSI No and Registration time stamp The above figure 3 highlights the initial authentication login for student. Initially the student has to sign up a new account where they have to furnish all the details as shown in Figure 4.

Figure 4: Sign-up Information feeding.

62

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

After the successful sign-up, the student can log in to their privilege account using the similar user ID and password, which was successfully fed at the time of sign up process.

Figure 5: Captacha Authentication. Once the student logs and their initial user ID and password are accepted, then they will be prompted to feed the random digital information displayed by Captacha application as shown in Figure 5. Now, after the successful sign up, the student can now perform initial login authentication for which they will be asked to feed UTPC and Current status, both of which is generated at the Mobile interface as shown in Figure 6 and 7.

Figure 6: UTPC & Current Status generation in Android Interface

Figure 7 Feeding UTPC and Current Status from Android Interface to Client interface.
63

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

Once the UTPC and current status is authenticated, the new index will be generated automatically in web interface as shown in Figure 8.

Figure 8 Generation of new Index The generated new index value will be then fed to the Android mobile interface. Once the new index value is authenticated in the mobile interface, the next sequence, it will generate a new UTPC, in same mobile interface as shown in Figure 9. The student needs to take the newly generated UTPC and feed in to their web-interface for final authentication as shown in Figure 10.

Figure 9: Generation of UTPC in Android Interface.

Figure 10 Feeding newly generated UTPC in Client Interface. Cloud computing facilitates storage of data at a remote site to maximize resource utilization. As a result, it is critical that this data be protected and only given to authorized individuals. This essentially amounts to secure third party publication of data that is necessary for data outsourcing, as well as external publications. Since data in the cloud will be placed anywhere, it is important that the data is encrypted. We are using secure co-processor as part of the cloud infrastructure to enable efficient encrypted storage of sensitive data.

64

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 6367(Print), ISSN 0976 6375(Online) Volume 3, Issue 3, October-December (2012), IAEME

CONCLUSION The current paper has outlined the research on secure sensor networks in the context of a highlevel cloud based brokering architecture and highlighted various research challenges going forward. The analysis for security challenges are illustrated related to assessing the trustiness of the sensing elements supported environmental sensor knowledge, police investigation and defensive against sensory malware on such sensors, and mitigating aspect channel leaks once sensing element devices communicate with the cloud. The work attempts to believe these elements of the general cloud based mostly sensing element specific area unit the smallest amount trustworthy since they're out of the management of the cloud back end. Thus, addressing these challenges can facilitate defend the integrity of the sensing platforms, the privacy of users UN agency carry mobile sensors, yet because the delivery of sensing element knowledge to the cloud. the long run work of the Cloud computing can improve organizations performance by utilizing minimum resources and management support, with a shared network, valuable resources , bandwidth, softwares and hardwares in a very value effective manner and restricted service supplier dealings. the long run sweetening of the this application, we tend to explore the middle ground, wherever users will still share physical hardware resource, however user networks area unit isolated and accesses area unit controlled within the method the same as that in enterprise networks
V.

REFERENCES
[1] [2] [3]

[4]

[5]

[6]

[7] [8]

[9]

[10]

[11]

http://www.ibm.com/cloud-computing/us/en/. Accessed on 27th Aug, 2012 Michael Gregg, Security Concerns for Cloud Computing, Global Knowledge Training LLC, 2012 Wang, L., Laszewski,V., Gregor, Kunze, Marcel, Tao, Jie. Cloud computing: A Perspective study, Proceedings of the Grid Computing Environments (GCE) workshop. Held at the Austin Civic Center: Austin, Texas: 16 November 2008. Michael, A, Fox,A., Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, Matei Zaharia. A view of cloud computing. Communications of the ACM , Volume 53 Issue 4, pages 50-58. April 2010. The NIST Definition of Cloud Computing, version 15, by Peter Mell and Tim Grance, October 7, 2009, National Institute of Standards and Technology (NIST), Information Technology Laboratory (www.csrc.nist.gov) Tim Mather, Subra Kumaraswamy, Shahed Latif Cloud Security and Privacy : An Enterprise perspective of Risks and Compliance, O'Reilly Media, Inc., 2009 Open Security Architecture http://www.opensecurityarchitecture.org/ Discovering Identity: Cloud Computing: Identity and Access Management DOI =http://blogs.sun.com/identity/entry/cloud_computing_identity_and_access Siani Pearson. Taking Account of Privacy when Designing Cloud Computing Services. CLOUD '09: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pages 44-52. May 2009 Security Guidance for Critical Areas of Focus in Cloud Computing, April 2009. DOI =http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava. Secure and Efficient Access to Outsourced Data. CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security, pages 55-65. November 2009

65