Running head: CLOUD STORAGE AND COUNTERMEASURES 1

Cloud Storage and Countermeasures: an Analysis of Cryptographic as Service in the Core

Components of the Security Layer
Mose Edner Brutus
Pontificia Universidad Catlica Madre y Maestra
Santo Domingo, Dominican Republic


CLOUD STORAGE AND COUNTERMEASURES 2

Cloud Storage and Countermeasures: an Analysis of Cryptographic as Service in the Core
Components of the Security Layer
In years passed, cloud computing has been conceived as the next generation architecture
of IT enterprising. In fact, this successful emergence is due to the introduction of new flexible
and scalable remote storage strategies used in fields such as database administration and
application software management. Meanwhile, traditional solutions of IT services consist of
clustering those components in one or many geographical points under proper, physical, logical,
and personal controls. Cloud computing has moved them to the large data centers. Hence, this
may pose new security challenges which may not be considered in the most common security
measures currently. Moreover, throughout the last decade, we had seen how disastrous these
might be, regarding the insurance of the correctness of users data, reviewing privacy issues, and
so on. So cloud storage companies have to deal with huge scope security issues, so that they can
master a lot of important aspects of quality of service. In this sense, we recommend that those
companies include cryptographic service as a component of their security layer. By doing so, the
breaches of privacy issues will be tackled more effectively, the clients have the assurance that no
data will be modified, and the clients also will have the ability to check that all operations were
performed accurately by the cloud provider.
Cloud computing advances are today unarguable; people are used them because of their
suitable benefits in the world of storage services. However, people dont care thorough about
how such an idea has spawn, and then conquered any fields of the marketplace in a short time. In
fact, the comprehension of that and different other historical events, combine to generate such a
furtherance of telecommunication technologies, require that we go backward for many years, at
the mainframes Age. By doing so, an insight into cloud computing might come up. Thereby, we
CLOUD STORAGE AND COUNTERMEASURES 3

have divided cloud computing development chronologically into four periods: (1) the 1950s, (2)
the 1960s-1990s, (3) the 1990s, and the 2000s and further.
At the beginning, dated back to 1950s, cloud computing technologies have been
perceived through CPU time-sharing. At that very moment, large-scale mainframe computers
became more popular in corporations and universities. This era is well-known for the practice of
sharing CPU time on a mainframe, later in the industry as time-sharing or RJE Remote Job
Entry.
Further, in the 1960s-1990s, almost all of recent characteristics of cloud computing was
yet pointed out. As John McCarthy said, computation may someday be organized as a public
utility. To advocate this idea, another scientist, namely known, Mr. Herb Grosch, the author of
Groschs law, postulated that the world would operate on dumb terminals join to 15 large data
centers (Grosch, 1970). This period is marked also by the start-up of several organizations with
as aims provide computing capability through time sharing.
Additionally, the 1990s were witness to a major step in the advancement of the
telecommunication domain. In the past, the companies offered a dedicated point-to-point data
circuit, but, at this period of the growth of telecommunication technologies, they moved to
Virtual Private Network services with comparable quality of service. Moreover, they started to
exploit more and more network bandwidth more effectively. This period was also the era of new
researches on large-scale computing power available, on algorithms to afford the optimal use of
infrastructures, platforms and applications based on the idea of the prioritized access to the CPU
and the idea of more efficiency for end-users.
CLOUD STORAGE AND COUNTERMEASURES 4

Roughly in the 2000s, with the modernization of Amazons equipment, a key initiative
had been made which is the development of new cloud architecture. This resulted in significant
internal efficiency improvements whereby small, fast-moving teams could add new features
faster and more easily. Later, Amazon initiated a new product development effort to provide
cloud computing to external customers, and launched Amazon Web Services (AWS). In the
following years, new projects had begun such as Eucalyptus, the first open-source, AWS API-
compatible platform for deploying private clouds; OpenNebula, enhanced in the RESERVOIR
European Commission-funded project, the first open-source software for deploying private and
hybrid clouds, and for the federation of clouds (B. Rochwerger, 2009).
As you can see, cloud computing has a long path, but now, it has to cope with new
security challenges. The causes of this are drawn from cloud computing infrastructures. Cloud
storage now provides a high availability, an easier accessibility, and an inexpensive remote data
repository to customers. Customers who cant afford high expenditures in high-tech equipment
and maintenance for their storage infrastructures turn automatically to this inexpensive option.
However, some of them require security guarantees because they are deal with sensitive data
which might not be disclosed for any raison. Given the legal framework and current
requirements in terms of security policy, providing this level may diminish the utility and
performance of cloud storage. Consequently, this strategy may generate higher costs for cloud
providers. At this moment, the idea is to look for any approach that can accurately improve
security level then persuades customers without disturbs cloud providers. That is well done by
cryptographic service. For now, we will present how the implementation of cryptographic
service may tackle breaches of privacy issues more effectively.
CLOUD STORAGE AND COUNTERMEASURES 5

In advance, we state that a cryptographic service can diminish the level of risks for
businesses that have to treat sensitive and critical data such as financial records, medical records,
governmental reports and research, and so on. But keep in mind that we will narrow our writing
strictly around the benefits of using such a cryptographic approach, and then avoiding any kinds
of implementation that could be considered in this context.
In the cloud storage background, customers are outside the control of its data as soon as
these data have been transferred to the cloud. So to protect customers against any disclosure from
cloud providers, in a cryptographic approach, data have to be encrypted on-premise by the data
processors. This way, customers are sure that their data are preserve irrespective of the actions of
the cloud storage providers. Additionally, sometimes, breaches may occur in the cloud security,
so once data are encrypted, the latter may be verified at any time. Therefore, a security breach
poses a minor risk for customers. For instance, imagine that a company A wants to share its data
to B. Regarding the cryptographic principles, the system will generate a decryption key that the
called company A will send to B. Such a decryption key only can able the company B to access
to called data.
Now that you can figure out, even if briefly, how a cryptographic service proceeds to
achieve confidentiality requirements and work overall. Let us take a look at how it grantees the
clients to have the assurance that no data will be modified. This way is perceived as integrity
requirements, which focus on: any unauthorized of customer data by the cloud storage provider
can be detected by the customer (Seny Kamara, n. a.). With a cryptographic service, customers
can verify the integrity of their data at any point of time. For this aim, cryptographic community
has proposed tools called proofs of retrievability (PORs) [24] and proofs of data possession
(PDPs) [2]. With those tools more precisely using the POR, customers are ensured if a called file
CLOUD STORAGE AND COUNTERMEASURES 6

F is retrievable, i.e. recoverable without any loss or corruption, it is. Roughly, a PDP provides
weaker assurance than a POR, but potentially greater efficiency (Kevin D. Bowers, n. a.). Most
of the time, a POR is used in environments where files are distributed across multiple systems,
such as independent storage services, this way of storing files are called redundant form. For
now, each time customers attempt to fetch a file from cloud storage, if this one is corrupted
within given server, it can appeal to the other servers for file recovery. By doing so, globally, the
integrity of system data is maintained.
Customers have to exploit cloud computing [storage] infrastructure, because of its
flexibility, its high availability, its great accessibility, its high performance, and its low cost
agreements. There are some customers for whom these are not enough. They want to be
guaranteed about accuracy of those tasks that performs every cloud provider for keeping steadily
customer data online. This aspect is a major challenge in matter of quality of service. Without
that any IT enterprise couldnt intend to fulfill business requirements in real-time facing the
marketplace concurrence. So this is crucial that the customers also have the ability to check that
all operations were performed accurately by the cloud provider. This idea is the last step of our
writing after that we will take care of some opposed speeches to our approach before the end.
Customer data have to be always available and accessible on remote cloud storage
infrastructures, thats a fact. In the cryptographic background, there are a few major purposes
that any security policy should cope with. Data verifiability is one of them; its job is secured
customers. It also demonstrates that cloud providers do nothing more and nothing less than what
customers have requested. How? Using search authenticators which consist in allowing a server
to prove to a client that it answered a search query correctly. Initially, once a client needs to load
data to the cloud storage, he begins by creating the authenticator and state information, with its
CLOUD STORAGE AND COUNTERMEASURES 7

files and index, and then he sends the authenticator and the files to the cloud providers. Knowing
that the state information is locally stored by the client, if the cloud provider needs to send
requested files to a client, it uses the authenticator and the concerned files, and then generates a
proof that it returns to the client. The client can then use its state information and the proof to
verify the returned files. Overall, this is what is done with less details (Seny Kamara C. P., n. a.).
Although cloud storage infrastructure is unavoidable, opponents are likely to argue that
availability remain up to now a great challenge since customers is out-controlled of their data.
Given infrastructure of Internet, they still believe that, for the cloud providers who physically
centralize customer data, and then have a single point of failure, this security challenge might not
overcome easily. In some cases, there is no way to prevent that. If we thought availability as this,
there is no doubt that such infrastructure will be harder to recover, but as we told before,
recently, we are able to distribute customer data on different storage systems, so by redundancy
this issue is overcome. Therefore, this argument is insufficient to be opposed to our approach.
At some periods, during cloud storage evolution, this had been an issue, but not anymore.
Others attempt to demonstrate that a cryptographic storage service is an intruder into
security layer for its disturbing capacity of reducing cloud storage performance broadly. This
way, we realize that since cloud computing begins security paradigm has changed. Most old
cryptographic methods have been forgotten for new approach then now cryptography with its
new techniques is more than ever developed to provide IT service tools and methods to fight
against new challenges spawn by cloud storage growth. Once again, this argument is irrelevant.


CLOUD STORAGE AND COUNTERMEASURES 8

Cloud storage is definitely a great step. Cryptographic storage service is the core of its
security policy. This is due to the changes occurred by practicing computing resources sharing
extremely. So cloud storage companies should include cryptographic storage service as core
component of their security strategy to cope effectively with the most concerns in matter of
security. Therefore, they will ensure to customers a high security level against potential
disclosure, unauthorized modifications, unexpected answers to requested files, and more.
Through its chronological design, cloud computing or more precisely cloud storage has emerged
and developed around the need of more efficiency in using computer resources. At its paramount
step, its successful act was to transform computer usage into computing service. There is no
doubt that this is the key technology for further generation. However, advancements are needed
because with the virtuosity whereby this technology grows up, in a short time, the actual
measures may become obsolete. So the idea should be to anticipate the next step. Thereby, the
companies will cut their expenditure facing costs of development always higher.








CLOUD STORAGE AND COUNTERMEASURES 9

References
Anil Gupta, P. P. (2011). A Proposed Solution: Data Availability and Error Correction in Cloud
Computing. International Journal of Computer Science and Security, 9.
B. Rochwerger, J. C. (2009). The Reservoir Model and Architechture for Open Federated Cloud
Computing. IBM Journal of Research and Development.
Cong Wang, Q. W. (2009). Ensuring Data Storage Security in Cloud Computing. Quality of
Service, 2009. IWQoS. 17th International Workshop on, 9.
Kaur, S. (2012). Cryptography and Encryption In Cloud Computing. VSRD International
Journal of Computer Science and Information Technology, 8.
Kevin D. Bowers, A. J. (n. a.). HAIL: A High-Availability and Integrity Layer for Cloud
Storage. RSA Laboratories, 1.
Mortimer J. Adler, C. V. (1940). How to Read a Book. New York: Simon & Schuster, Inc.
Seny Kamara, C. P. (n. a.). CS2: A Searchable Cryptographic Cloud Storage System. Microsoft
Research, 8.
Seny Kamara, K. L. (n. a.). Cryptographic Cloud Storage. Microsoft Research, 12.
Wassim Itani, A. K. (2009). Privacy as a Service: Privacy-Aware Data Storage and Processing in
Cloud Computing Architectures. International Conference on Dependable, Autonomic
and Secure Computing, 6.
Wenying Zeng, Y. Z. (2009). Research on Cloud Storage Architecture and Key Technologies.
International Computer Information Security, 8.