2014 World Congress on Computing and Communication Technologies

Data Security Issues in Cloud Environment and Solutions

Dr. P. Dinadayalan
1
S. Jegadeeswari
2
Dr. D. Gnanambigai
3
Department of Computer Science Department of Computer Science and Applications Department of Computer Science
K.M.Centre for P.G. Studies, Rajiv Gandhi Arts and Science college, ndira Gandhi College of Arts and
Science, Puducherr!
p d inadayalan@ho tmai l.com
Puduche
rr!
j ega"sath!a#!ahoo.co.in
Puduche
rr!
om
Abstract Cloud com!uting is an internet based model t"at
enable convenient# on demand and !ay !er use access to a !ool o$
s"ared resources. It is a new tec"nology t"at satis$ies a user%s
re&uirement $or com!uting resources li'e networ's# storage#
servers# services and a!!lications# Data security is one o$ t"e
leading concerns and !rimary c"allenges $or cloud com!uting.
("is issue is getting more serious wit" t"e develo!ment o$ cloud
com!uting. )rom t"e consumers% !ers!ective# cloud com!uting
security concerns# es!ecially data security and !rivacy !rotection
issues# remain t"e !rimary in"ibitor $or ado!tion o$ cloud
com!uting services. ("is !a!er analyses t"e basic !roblem o$
cloud com!uting and describes t"e data security and !rivacy
!rotection issues in cloud.
Keyword Cloud Computing, Cloud Computing Security, Data
Security, Privacy protection.
I. I*(+,D-C(I,*
A Cloud is a type of parallel and distributed system
consisting of a collection of inter-connected and irtuali!ed
computers that are dynamically proisioned and presented as
one or more unified computing resources based on serice-
leel agreements established through negotiation bet"een the
serice proider and consumers#21$. Cloud Computing is a
paradigm that focuses on sharing data and computations oer a
scalable net"or% of nodes. &'amples of such nodes include end
user computers( data centers( and Cloud )erices. The term
such a net"or% of nodes as a Cloud .Cloud computing is one of
hot topic in the field of information technology currently.
*o"eer( cloud computing faces many critical issues. +ear
the brunt of them is data security( "hich has become an
important factor restricting the deelopment of cloud
computing. As cloud serices data "as stored in the computer
that do not o"ned or operated by users( this leads to data
security issues( and easily drifted a"ay from the user,s control.
Cloud computing emerges as a ne" computing paradigm "hich
aim to proide reliable( customi!ed and -o) .-uality of
)erice/ guaranteed computing dynamic enironments for end-
users. The basic principle of cloud computing is that user data is
not stored locally but is stored in the data center of internet.
The companies "hich proide cloud computing serice could
manage and maintain the operation of these data centers. The
users can access the stored data at any time by using
Application 0rogramming 1nterface .A01/ proided by cloud
proiders through any terminal e2uipment connected to the
internet. 3ot only are storage serices proided but also
hard"are and soft"are serices are aailable to the general
public and business mar%ets. The serices proided by serice
proiders can be eerything from the infrastructure( platform or
soft"are resources #4$#55$. &ach
such serice is respectiely called 1nfrastructure as a )erice
.1aa)/( 0latform as a )erice .0aa)/ or )oft"are as a )erice
.)aa)/ #2$. There are three types cloud 6eployment models that
"idely used in cloud computing are7 0riate Cloud 8The cloud
infrastructure is o"ned or leased by a single
organi!ation and is operated solely for that organi!ation.
Community Cloud- )eeral organi!ations that hae similar
polices( ob9ecties( aims and concerns share the cloud
infrastructure. 0ublic Cloud-A large organi!ation o"ns the
cloud infrastructure and sells cloud serices to industries or
public. *ybrid Cloud-1t is combination of t"o or more clouds.
1t enables data and application probability. 1n 200:( the ma9or
cloud computing endors successiely faced seeral accidents.
Ama!on,s )imple )torage )erice "as interrupted t"ice in
;ebruary and <uly 200:. This accident resulted in some
net"or% sites relying on a single type of storage serice. 1n
=arch 200:( security ulnerabilities in >oogle 6ocs een led to
serious lea%age of user priate information #10$. 1t "as e'posed
that there "as serious security ulnerability in ?= "are
irtuali!ation soft"are for =ac ersion in =ay 200:#:$( #1@(
24$. The rest of the paper is organi!ed as follo"s7 )ection II
describes "hy the data need to be protected. )ection III
discusses "ith the issues in cloud data storage. )ection 1.
e'plains different security principles in cloud computing.
)ection . deals "ith current security solutions in data security
and priacy protection. This paper concludes the arious
discussion and issues of data security in Cloud Computing.
II. D/(/ *EED (, 0E P+,(EC(ED
6ata security issues may be significant for users "ho play on
introducing cloud computing. This may be potentially
disastrous for all different types of cloud computing serices(
unless security principles and security technological
mechanisms to eliminate users concerns are adopted. ;or
e'ample( the most cloud serices userAs complaints are that
their priate data is used for other purposes or sent to other
cloud serice proiders "hich they are not "illing to do. The
user data need to be protected that includes the follo"ing #5(
54$. They are personally identifiable information( sensitie
information( usage data( and uni2ue deice identities.
/. Personally identity in$ormation1 ;irst( it includes any
information that could be used to identify or discoer an
indiidual( such as name( 16 number and address( etc. )econd(
it also includes information that may be correlated "ith other
information to identify or locate an indiidual( for e'ample(
social relations information( postal code( 1nternet 0rotocol
address( card number of credit.
:BC-1-4B::- 2CBB-4D14 E51.00 F 2014 1&&& 6G1
10.110:DWCCCT.2014.45
2014 World Congress on Computing and Communication Technologies
:BC-1-4B::-2CB4-BD14 E51.00 F 2014 1&&& 6G1 10.110:DWCCCT.2014.45
2014 World Congress on Computing and Communication Technologies
:BC-1-4B::-2CB4-BD15 E51.00 F 2015 1&&& 6G1 10.110:DWCCCT.2014.45
2014 World Congress on Computing and Communication Technologies
CC
CC
CC
:BC-1-4B::-2CBB-4D14 E51.00 F 2014 1&&& CC
6G1 10.110:DWCCCT.2014.45
0. Sensitive in$ormation1 )ensitie information re2uires
additional safeguards. 3ormally( it includes information on
religion or race( health( se'ual orientation( union membership
or other information that is considered priate. 1t also includes
personal financial information( 9ob performance information
and 1nformation considered being sensitie personally
identifiable information( e.g. biometric information or
collections of sureillance camera images in public places.
C. -sable data1 1t consists of information collected from
computer deices such as printers( input habits. 1t also
includes behaioural information( for e'ample ie"ing habits
for digital content( users, recently isited "ebsites( product
usage history( fre2uented place or social interaction.
D. -ni&ue device identities1 Gther types of information that
might be uni2uely traceable to a user deice( e.g. 10 addresses(
Hadio ;re2uency 1dentity .H;16/ tags( uni2ue hard"are
identities.
III. C2,-D D/(/ S(,+/GE ISS-ES
Cloud Computing moes the application soft"are
and databases to the large data centers( "here the management
of the data and serices may not be fully trust"orthy #4(C$.
$rust management% Trust management is defined as reliance on
the integrity( strength( ability and surety of a person or thing.
&ntrust your data on to a third party "ho is proiding cloud
serices is an issue.
Security provider: Cloud serice proiders employ data
storage and transmission encryption( user authentication( and
authori!ation. =any clients "orry about the ulnerability of
remote data to criminals and hac%ers. Cloud proiders are
enormously sensitie to this issue and apply substantial
resources to mitigate this problem.
Privacy protection% 6ifferent from the traditional computing
model( cloud computing utili!es the irtual computing
technology( usersA personal data may be scattered in arious
irtual data center rather than stay in the same physical
location( een across the national borders( at this time( data
priacy protection "ill face the controersy of different legal
systems #2C$.
Ownersip: Gnce data has been relegate to the cloud( some
"orry about losing their rights or being unable to protect the
rights of their customers. =any cloud proiders address this
issue "ith "ell-s%illed user-sided agreements. According to
the agreement( users "ould be "ise to see% adice from their
faorite.
Data location and !elocation% Cloud Computing offers a high
degree of data mobility. Consumers do not al"ays %no" the
location of their data #25$.
"ultiplat#orm Support: =ore an issue for 1T departments
using managed serices is ho" the cloud based serice
integrates across different platforms and operating systems(
e.g. G) I( Windo"s( Jinu' and thin clients. =ultiplatform
support re2uirements "ill ease as more user interfaces become
"eb-based.
Data integrity: With proiding the security of data( cloud
C:
C:
C:
serice proiders should implement mechanisms to ensure
data integrity and be able to tell "hat happened to a certain
dataset and at "hat point #24$.
Data recovery% An incident such as a serer brea% do"n may
cause damage or loss to users, data. To aoid this( data should
be bac%ed up to be recoered in future. Cloud users can %eep a
bac%up of critical data on a local computer.
Per#ormance and Availability: +usiness organi!ations are
"orried about acceptable leels of performance and
aailability of applications hosted in the cloud.
Data $ac%up% Cloud proiders employ redundant serers and
routine data bac%up processes( but some people "orry about
being able to control their o"n bac%ups. =any proiders are
no" offering data dumps onto media or allo"ing users to bac%
up data through regular do"nloads.
Data Portability and Conversion: )ome people hae concerns
li%e( s"itching serice proiders there may be difficulty in
transferring data. 0orting and conerting data is highly
dependent on the nature of the cloud proiderAs data retrieal
format( particular in cases "here the format cannot be easily
reealed.
I.. D/(/ SEC-+I(3 P+I*CIP2ES
All the data security techni2ue is built on
confidentiality( integrity and aailability of these three basic
principles. Confidentiality refers to the so-called hidden the
actual data or information( especially in the military and other
sensitie areas( the confidentiality of data on the more
stringent re2uirements. ;or cloud computing( the data are
stored in Kdata CenterK( the security and confidentiality of user
data is een more important. The so-called integrity of data in
any state is not sub9ect to the need to guarantee unauthori!ed
deletion( modification or damage #24(2B$. The aailability of
data means that users can hae the e'pectations of the use of
data by the use of capacity.
)igure 1. Security Princi!les to !rotect data in Cloud Com!uting
The nine %ey data security principles "ere analy!ed in depth on
the basis of a comprehensie summary of the data need to be
protected #50(51(54$. They are
L Announcement( openness and transparency.
L Hight( license and authority.
L =inimi!ation.
5
L Accuracy.
L )ecurity safeguards.
L Compliance.
L 0urpose.
L Jimiting use-disclosure and retention.
L Accountability
Mey data security principles may be summed up in nine facets
#50(51(54$7
/nnouncement# o!enness and trans!arency1 Cloud
computing serice proiders must e'plain some attention in
detail to them "ho "ant to use the data stored in cloud. ;or
e'ample( "hat data they can use( ho" they use it( ho" long
they "ill %eep it( and "ith "hom "ill they share it( and any
other uses they intend for the information. They must also
"arn the users if they "ant to change the use of information. 1f
the information to be passed to a third party( it should also
remind the users. 6ata security policies must be open to
customers through the net"or% or other forms( and easy to
understand and use #12(1B(1C$.
+ig"t# license and aut"ority7 Cloud serice proiders must gie
the user the right "hether can gather their information or not.
Jicense of collection( use and disclosure of personally
identifiable information must be gien. +ut the cloud serice
proiders still hae the control authority.
4inimi5ation1 6ata that is needed to carry out the e'tent
permitted should be collected in collection( used shared or
disclosure. At the same time( the aailable information and the
use scope must be minimi!ed.
/ccuracy1 1nformation o"ners must be able to get access to
personal information( to see "hat is being staged about them(
"ho are using them( and to chec% its accuracy. All
disbursement must be made to guarantee that the personal
information staged is accurate( and they hae not been
modified.
Security sa$eguards1 6ata security re2uires safe guards( such as
standardi!ation( regulatory approach and la"s and regulations(
to preent unauthori!ed access( disclosure( copying( use or
modification of personally identifiable information.
Com!liance1 A client must be able to challenge an agency,s
data security procedures. Transactions must comply "ith data
security legislation.
Pur!ose1 There must be a clearly specified purpose for the
collection and sharing of personal information. 6ata usage has
to be limited to the purpose "hich the o"ners of data agree.
2imiting use6disclosure and retention1 6ata can only be used or
disclosed for the purpose for "hich it "as collected and
should only be diulge to those parties authori!ed to receie it.
0ersonal information should only be %ept as long as is
necessary.
:0
:0
:0
/ccountability1 Cloud )erices proiders must arrange for
someone to ensure the implementation of data security
policies. And also has a reasonable audit function "hich must
be present to monitor all data access and modification. These
measures are accountability.
.. C-++E*( SEC-+I(3 S,2-(I,*S ),+ D/(/
SEC-+I(3 /*D P+I./C3 P+,(EC(I,*.
1+= deeloped a fully homomorphic encryption scheme in
<une 200:. This scheme allo"s data to be processed "ithout
being decrypted #11$. Hoy and Hamadan applied decentrali!ed
information flo" control .61;C/ and differential priacy
protection technology into data generation and calculation
stages in cloud and put forth a priacy protection system
called air at#1$ #22$. This system can preent priacy lea%age
"ithout authori!ation in =ap-Heduce computing process. A
%ey problem for data encryption solutions is %ey =anagement.
Gn the one hand( the users hae not enough e'pertise to
manage their %eys. Gn the other hand( the cloud serice
proiders need to maintain a large number of user %eys. The
Grgani!ation for the Adancement of )tructured 1nformation
)tandards .GA)1)/ Mey =anagement 1nteroperability
0rotocol .M=10/ is trying to sole such issues #14$. About data
integrity erification( because of data communication( transfer
fees and time cost( the users cannot first do"nload data to
erify its correctness and then upload the data. And as the data
is dynamic in cloud storage( traditional data integrity solutions
are no longer suitable. 3&C JabAs proable data integrity .061/
solution can support public data integrity erification #52$.
Cong Wang proposed a mathematical "ay to erify the integrity
of the data dynamically stored in the cloud #B$ .1n the data
storage and use stages( =o"bray proposed a client-based
priacy management tool. 1t proides a user centric trust
model to help users to control the storage and use of their
sensitie information in the cloud #@$. =unts-=ulero discussed
the problems that e'isting priacy protection technologies .such
as M anonymous( >raph Anonymi!ation( and data pre-
processing methods/ faced "hen applied to large data and
analy!ed current solutions #15(14$. The 3ational 1nstitute of
)tandards and Technology .31)T/ )pecial 0ublication( C00-CC(
gies a &Guidelines for Media Saniti'ation.N#20$.The challenge
of data priacy is sharing data "hile protecting personal
priacy information. Handi%e >a9anaya%e proposed a priacy
protection frame"or% based on information accountability .1A/
components #1:$. The 1A agent can identify the users "ho are
accessing information and the types of information they use.
When inappropriate misuse is detected( the agent defines a set
of methods to hold the users accountable for misuse. About data
destruction( O.). 6epartment of 6efence .6o6/ @220.22-= .the
3ational 1ndustrial )ecurity 0rogram Gperating =anual/ sho"s
t"o approed methods of data.destruction/ security( but it does
not proide any specific re2uirements for ho" these t"o
methods are to be achieed #15$.
.I. C,*C2-SI,*
Cloud Computing is on-demand access to a shared pool of
computing resources. Cloud technologies( if used
appropriately( can help to reduce cost( reduce management
responsibilities( increase agility and efficiency of
organi!ations. Cloud storage is one of the popular serices
proided by the cloud proiders to store the customer data in a
4
remote serer. &en though the Cloud proiders adertise that
the stored information "ill be secure and intact( there are
security attac%s "hich lead to loss of data. To oercome the loss
of data( the data security principles are implemented in different
"ays to protect the data. 6ata security is not 9ust technical
issues( it also inoles many other aspects( such as
standardi!ation( regulatory approach( la"s and regulations(
etc. With the unrelieed efforts of entire cloud computing
enironment and the continuous improement of releant la"s
and regulations( on implementing these solutions in cloud
computing( it "ill proide secured serices for users.
+E)E+E*CES
#1$ Airaat7 )ecurity and priacy for =ap Heduce(K 1n7 Castro =( eds. 0roc of
the Bth Oseni' )ymp. on 3et"or%ed )ystems 6esign and 1mplementation.
)an <ose7 O)&31I Association( pp 2:B-512( 2010.
#2$ Aroc%iam( 0arthasarathy and =oni%andan)K 0riacy 1n Cloud
Computing7 A )urey( KComputer )cience P 1nformation Technology .
C) P 1T /0riacy - )urey. pp. 521-550( 2012.
#5$ Ayesha =ali%( =uhammad =ohsin 3a!ir .2012/ <ournal )ecurity
;rame"or% for Cloud Computing &nironment7 A Heie" of &merging
Trends in Computing and 1nformation )ciences )ecurity issues 8 Heie"(
?ol. 5.
#4$ +alachandra( 0. ?. Hama%rishna and A. Ha%shit KCloud )ecurity 1ssuesK(
1&&& 1nternational Conference on )erices Computing )ecurity 1ssues(
pp. @1B-@20( 200:.
#@$ +o"ers M6( <uels A( Gprea A. 0roofs of retrieability7 Theory and
implementation. 1n7 )ion H( ed. 0roc. of the 200: AC= Wor%shop on
Cloud Computing )ecurity( CC)W .200:/( Co-Jocated "ith the 14th
AC= Computer and Communications )ecurity Conf.( CC) 200:. 3e"
Qor%7 Association for Computing =achinery( .200:/. pp. 45-@4
#4$ C.3. *oefer and >. Maragiannis.2010/KTa'onomy of cloud computing
sericesK( <-1nternet serer Applications( ppC1-:4( 2011.
#B$ Cong Wang( -ian Wang( Mui Hen( and Wen9ing Jou( K&nsuring 6ata
)torage )ecurity in Cloud Computing(K in 0roceedings of the 1Bth
1nternational Wor%shop on -uality of )erice( pp.1-:( 200:.
#C$ 6an"ei Chen( Qan9un *e KA )tudy on )ecure 6ata )torage )trategy in
Cloud ComputingK. doi7 10.41@4D9cit.ol@.issueB.25
#:$ ;u Wen Ji 'iangKThe )tudy on 6ata )ecurity in Cloud Computingbased on
?irtuali!ationK. 1&&& 0roc.( 2011.
#10$ >robauer( T. Wallosche% and &. )tRc%er( KOnderstanding Cloud
Computing ?ulnerabilitiesK ?ulnerability ol. ::( 2010.
#11$ 1+= 6iscoers &ncryption )cheme That Could 1mproe Cloud
)ecurity()pam;iltering(Kat http7DD""".e"ee%.comDcDaD)ecurity D1+=O
ncoers-&ncryption cheme-That-Could-1mproe-Cloud-)ecurity-)pam-
;iltering-15@415D.
#12$ 1nformation CommissionerAs Gffice( S01A handboo%(N 200B
#15$ =untTs-=ulero ?( 3in <. 0riacy and anonymi!ation for ery large
datasets. 1n7 Chen 0( ed. 0roc of the AC= 1Cth 1nt,l Conf. Gn 1nformation
and Mno"ledge =anagement( C1M= 200:. 3e" Qor%7 Association for
Computing =achinery( pp.211B-211C( 200:.
#14$ =urat Mantarcioglu( Alain +ensoussan and )ingHu.Celine/ *oeK 1mpact of
)ecurity His%s on Cloud Computing Adoption ;orty-3inth Annual Allerton
Conference( 2011.
#1@$ =uthunagai( Marthic and )u9atha1&&&( ?irtuali!ation Techni2ues pp.
1B4-1B( 2012.
#14$ GA)1) Mey =anagement 1nteroperability 0rotocol .M=10/ TCK(
ht tp7D D""".oasis-open.orgDcomm ittee sDtc Uhom e .php V"gUabbreW%mip.
#1B$ Grgani!ation for &conomic Co-operation and 6eelopment .G&C6/(
S>uidelines goerning the protectionof priacy and transborder flo"s of
personal data(N 0aris(1:C0 and S>uidelines for consumer protection for
ecommerceN(1:::.
:1
:1
:1
#1C$ 0atric% and ). Menny( S;rom 0riacy Jegislation to 1nterface 6esign7
1mplementing 1nformation 0riacy in *uman-Computer 1nteractions(N H.
6ingledine .ed./( 0&T 2005( J3C) 2B40( pp. 10B-124()pringer-?erlag
+erlin *eidelberg( 2005
#1:$ Handi%e >a9anaya%e( Henato 1annella( and Tony )ahama( K)haring "ith
Care An 1nformation Accountability 0erspectie(K 1nternet Computing(
1&&&( ol. 1@( pp. 51-5C( 2011.
#20$ Hichard Missel( =atthe" )choll( )teen )%olochen%o( Iing
Ji(K>uidelines for =edia )aniti!ation(K 31)T )pecial 0ublication C00-
CC()eptember 2004( h ttp7DDc sr c .nis t. goDpub licati ons Dn istpubsDC00-
CCD31)T)0C00-CCUre1.pdf.
#21$ Hodero-=erino( Caceres and Jindner?a2uero( NA brea% in the clouds7
to"ards a cloud definitionKAC= )1>CG== Computer Communication
Cloud 6efinitions olume 5:.1/( 200:
#22$ Hoy 1( Hamadan *&( )etty )T?( Mil!er A( )hmati%o ?( Witchel
KAiraat7 )ecurity and priacy for =apHednce(K O)&31I Association(
pp.2:B-512. 2010
#25$ ). )ubashini( ?.MaithaKA surey on security issues in serice deliery
models of cloud computingK. <ournal 3et"or% Computer Application(
2010.
#24$ )hengmei Juo( Xhao9i Jin( Iiaohua Chen( 2011?irtuali!ationpp. 1B4-
1BCK?irtuali!ation security for Cloud computing sericeK. 1&&& 0roc.(
2011.
#2@$ )iani 0earson( STa%ing Account of 0riacy "hen 6esigning Cloud
Computing )erices(N CJGO6A0:( ?ancouer( Canada( pp. 44-@2( 200: #24$
)raan Mumar H Ashutosh )a'enaK6ata 1ntegrity 0roofs in Cloud
)torageK. 1&&& 0roc.( 2011
#2B$ ?i%as Mumar )"etha =.) =unesh"ara =. ). 0rof 0ra%ash KCloud
Computing7 To"ards Case )tudy Gf 6ata )ecurity =echanismK(
1nternational <ournal of Adanced Technology P &ngineering Hesearch
.1<AT&H/( 2012.
#2C$ Wang.C( Hen. M( Jou.W P Ji KTo"ard publicly auditable secure cloud
data storage serices. 3et"or%K( 1&&& 0roc. pp.1:-24( 2012.
#2:$ Wayne A. <ansen201131)T( 1&&&( .2011/ )ecurity and 0riacy 1ssues pp.
1-CKCloud *oo%s7 )ecurity and 0riacy 1ssues in Cloud computingK.
#50$ Iiang yang Juo( Jin Qang( Jinru =a( )hanming Chu and *ao 6ai
K?irtuali!ation )ecurity His%s and )olutions of Cloud Computing ?ia
6iide-Con2uer )trategyK( 1&&& 0roc.( 2011.
#51$ Iiaoling Wang( Ji <ia and Iin Xhang K)tudy on 6ata )ecurity of Cloud
ComputingK2012 &ngineering and Technology .)-C&T/( .2012/ )pring-
pp 1-5. 2012
#52$ Xeng M( K0ublicly erifiable remote data integrity(K 1n7 Chen J-( Hyan
=6( Wang >J( eds. J3C) @50C. +irmingham7 )pringer-?erlag(
41:.454( 200C.
#55$ X*AG Wei KAn 1nitial Heie" of Cloud Computing )erices Hesearch
6eelopmentK. ( 1&&& 0roc.( 2010.
#54$ Xhongbin Tang( Iiaoling Wang( Ji <ia( Iin Xhang(Wenhui =an K)tudy on
6ata )ecurity of Cloud Computing K( 1&&& 0roc.( 2012.
@