Cloud Storage and Countermeasures: an Analysis of Cryptographic as Service in the Core
Components of the Security Layer Mose Edner Brutus Pontificia Universidad Catlica Madre y Maestra Santo Domingo, Dominican Republic
CLOUD STORAGE AND COUNTERMEASURES 2
Cloud Storage and Countermeasures: an Analysis of Cryptographic as Service in the Core Components of the Security Layer In years passed, cloud computing has been conceived as the next generation architecture of IT enterprising. In fact, this successful emergence is due to the introduction of new flexible and scalable remote storage strategies used in fields such as database administration and application software management. Meanwhile, traditional solutions of IT services consist of clustering those components in one or many geographical points under proper, physical, logical, and personal controls. Cloud computing has moved them to the large data centers. Hence, this may pose new security challenges which may not be considered in the most common security measures currently. Moreover, throughout the last decade, we had seen how disastrous these might be, regarding the insurance of the correctness of users data, reviewing privacy issues, and so on. So cloud storage companies have to deal with huge scope security issues, so that they can master a lot of important aspects of quality of service. In this sense, we recommend that those companies include cryptographic service as a component of their security layer. By doing so, the breaches of privacy issues will be tackled more effectively, the clients have the assurance that no data will be modified, and the clients also will have the ability to check that all operations were performed accurately by the cloud provider. Cloud computing advances are today unarguable; people are used them because of their suitable benefits in the world of storage services. However, people dont care thorough about how such an idea has spawn, and then conquered any fields of the marketplace in a short time. In fact, the comprehension of that and different other historical events, combine to generate such a furtherance of telecommunication technologies, require that we go backward for many years, at the mainframes Age. By doing so, an insight into cloud computing might come up. Thereby, we CLOUD STORAGE AND COUNTERMEASURES 3
have divided cloud computing development chronologically into four periods: (1) the 1950s, (2) the 1960s-1990s, (3) the 1990s, and the 2000s and further. At the beginning, dated back to 1950s, cloud computing technologies have been perceived through CPU time-sharing. At that very moment, large-scale mainframe computers became more popular in corporations and universities. This era is well-known for the practice of sharing CPU time on a mainframe, later in the industry as time-sharing or RJE Remote Job Entry. Further, in the 1960s-1990s, almost all of recent characteristics of cloud computing was yet pointed out. As John McCarthy said, computation may someday be organized as a public utility. To advocate this idea, another scientist, namely known, Mr. Herb Grosch, the author of Groschs law, postulated that the world would operate on dumb terminals join to 15 large data centers (Grosch, 1970). This period is marked also by the start-up of several organizations with as aims provide computing capability through time sharing. Additionally, the 1990s were witness to a major step in the advancement of the telecommunication domain. In the past, the companies offered a dedicated point-to-point data circuit, but, at this period of the growth of telecommunication technologies, they moved to Virtual Private Network services with comparable quality of service. Moreover, they started to exploit more and more network bandwidth more effectively. This period was also the era of new researches on large-scale computing power available, on algorithms to afford the optimal use of infrastructures, platforms and applications based on the idea of the prioritized access to the CPU and the idea of more efficiency for end-users. CLOUD STORAGE AND COUNTERMEASURES 4
Roughly in the 2000s, with the modernization of Amazons equipment, a key initiative had been made which is the development of new cloud architecture. This resulted in significant internal efficiency improvements whereby small, fast-moving teams could add new features faster and more easily. Later, Amazon initiated a new product development effort to provide cloud computing to external customers, and launched Amazon Web Services (AWS). In the following years, new projects had begun such as Eucalyptus, the first open-source, AWS API- compatible platform for deploying private clouds; OpenNebula, enhanced in the RESERVOIR European Commission-funded project, the first open-source software for deploying private and hybrid clouds, and for the federation of clouds (B. Rochwerger, 2009). As you can see, cloud computing has a long path, but now, it has to cope with new security challenges. The causes of this are drawn from cloud computing infrastructures. Cloud storage now provides a high availability, an easier accessibility, and an inexpensive remote data repository to customers. Customers who cant afford high expenditures in high-tech equipment and maintenance for their storage infrastructures turn automatically to this inexpensive option. However, some of them require security guarantees because they are deal with sensitive data which might not be disclosed for any raison. Given the legal framework and current requirements in terms of security policy, providing this level may diminish the utility and performance of cloud storage. Consequently, this strategy may generate higher costs for cloud providers. At this moment, the idea is to look for any approach that can accurately improve security level then persuades customers without disturbs cloud providers. That is well done by cryptographic service. For now, we will present how the implementation of cryptographic service may tackle breaches of privacy issues more effectively. CLOUD STORAGE AND COUNTERMEASURES 5
In advance, we state that a cryptographic service can diminish the level of risks for businesses that have to treat sensitive and critical data such as financial records, medical records, governmental reports and research, and so on. But keep in mind that we will narrow our writing strictly around the benefits of using such a cryptographic approach, and then avoiding any kinds of implementation that could be considered in this context. In the cloud storage background, customers are outside the control of its data as soon as these data have been transferred to the cloud. So to protect customers against any disclosure from cloud providers, in a cryptographic approach, data have to be encrypted on-premise by the data processors. This way, customers are sure that their data are preserve irrespective of the actions of the cloud storage providers. Additionally, sometimes, breaches may occur in the cloud security, so once data are encrypted, the latter may be verified at any time. Therefore, a security breach poses a minor risk for customers. For instance, imagine that a company A wants to share its data to B. Regarding the cryptographic principles, the system will generate a decryption key that the called company A will send to B. Such a decryption key only can able the company B to access to called data. Now that you can figure out, even if briefly, how a cryptographic service proceeds to achieve confidentiality requirements and work overall. Let us take a look at how it grantees the clients to have the assurance that no data will be modified. This way is perceived as integrity requirements, which focus on: any unauthorized of customer data by the cloud storage provider can be detected by the customer (Seny Kamara, n. a.). With a cryptographic service, customers can verify the integrity of their data at any point of time. For this aim, cryptographic community has proposed tools called proofs of retrievability (PORs) [24] and proofs of data possession (PDPs) [2]. With those tools more precisely using the POR, customers are ensured if a called file CLOUD STORAGE AND COUNTERMEASURES 6
F is retrievable, i.e. recoverable without any loss or corruption, it is. Roughly, a PDP provides weaker assurance than a POR, but potentially greater efficiency (Kevin D. Bowers, n. a.). Most of the time, a POR is used in environments where files are distributed across multiple systems, such as independent storage services, this way of storing files are called redundant form. For now, each time customers attempt to fetch a file from cloud storage, if this one is corrupted within given server, it can appeal to the other servers for file recovery. By doing so, globally, the integrity of system data is maintained. Customers have to exploit cloud computing [storage] infrastructure, because of its flexibility, its high availability, its great accessibility, its high performance, and its low cost agreements. There are some customers for whom these are not enough. They want to be guaranteed about accuracy of those tasks that performs every cloud provider for keeping steadily customer data online. This aspect is a major challenge in matter of quality of service. Without that any IT enterprise couldnt intend to fulfill business requirements in real-time facing the marketplace concurrence. So this is crucial that the customers also have the ability to check that all operations were performed accurately by the cloud provider. This idea is the last step of our writing after that we will take care of some opposed speeches to our approach before the end. Customer data have to be always available and accessible on remote cloud storage infrastructures, thats a fact. In the cryptographic background, there are a few major purposes that any security policy should cope with. Data verifiability is one of them; its job is secured customers. It also demonstrates that cloud providers do nothing more and nothing less than what customers have requested. How? Using search authenticators which consist in allowing a server to prove to a client that it answered a search query correctly. Initially, once a client needs to load data to the cloud storage, he begins by creating the authenticator and state information, with its CLOUD STORAGE AND COUNTERMEASURES 7
files and index, and then he sends the authenticator and the files to the cloud providers. Knowing that the state information is locally stored by the client, if the cloud provider needs to send requested files to a client, it uses the authenticator and the concerned files, and then generates a proof that it returns to the client. The client can then use its state information and the proof to verify the returned files. Overall, this is what is done with less details (Seny Kamara C. P., n. a.). Although cloud storage infrastructure is unavoidable, opponents are likely to argue that availability remain up to now a great challenge since customers is out-controlled of their data. Given infrastructure of Internet, they still believe that, for the cloud providers who physically centralize customer data, and then have a single point of failure, this security challenge might not overcome easily. In some cases, there is no way to prevent that. If we thought availability as this, there is no doubt that such infrastructure will be harder to recover, but as we told before, recently, we are able to distribute customer data on different storage systems, so by redundancy this issue is overcome. Therefore, this argument is insufficient to be opposed to our approach. At some periods, during cloud storage evolution, this had been an issue, but not anymore. Others attempt to demonstrate that a cryptographic storage service is an intruder into security layer for its disturbing capacity of reducing cloud storage performance broadly. This way, we realize that since cloud computing begins security paradigm has changed. Most old cryptographic methods have been forgotten for new approach then now cryptography with its new techniques is more than ever developed to provide IT service tools and methods to fight against new challenges spawn by cloud storage growth. Once again, this argument is irrelevant.
CLOUD STORAGE AND COUNTERMEASURES 8
Cloud storage is definitely a great step. Cryptographic storage service is the core of its security policy. This is due to the changes occurred by practicing computing resources sharing extremely. So cloud storage companies should include cryptographic storage service as core component of their security strategy to cope effectively with the most concerns in matter of security. Therefore, they will ensure to customers a high security level against potential disclosure, unauthorized modifications, unexpected answers to requested files, and more. Through its chronological design, cloud computing or more precisely cloud storage has emerged and developed around the need of more efficiency in using computer resources. At its paramount step, its successful act was to transform computer usage into computing service. There is no doubt that this is the key technology for further generation. However, advancements are needed because with the virtuosity whereby this technology grows up, in a short time, the actual measures may become obsolete. So the idea should be to anticipate the next step. Thereby, the companies will cut their expenditure facing costs of development always higher.
CLOUD STORAGE AND COUNTERMEASURES 9
References Anil Gupta, P. P. (2011). A Proposed Solution: Data Availability and Error Correction in Cloud Computing. International Journal of Computer Science and Security, 9. B. Rochwerger, J. C. (2009). The Reservoir Model and Architechture for Open Federated Cloud Computing. IBM Journal of Research and Development. Cong Wang, Q. W. (2009). Ensuring Data Storage Security in Cloud Computing. Quality of Service, 2009. IWQoS. 17th International Workshop on, 9. Kaur, S. (2012). Cryptography and Encryption In Cloud Computing. VSRD International Journal of Computer Science and Information Technology, 8. Kevin D. Bowers, A. J. (n. a.). HAIL: A High-Availability and Integrity Layer for Cloud Storage. RSA Laboratories, 1. Mortimer J. Adler, C. V. (1940). How to Read a Book. New York: Simon & Schuster, Inc. Seny Kamara, C. P. (n. a.). CS2: A Searchable Cryptographic Cloud Storage System. Microsoft Research, 8. Seny Kamara, K. L. (n. a.). Cryptographic Cloud Storage. Microsoft Research, 12. Wassim Itani, A. K. (2009). Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures. International Conference on Dependable, Autonomic and Secure Computing, 6. Wenying Zeng, Y. Z. (2009). Research on Cloud Storage Architecture and Key Technologies. International Computer Information Security, 8.