You are on page 1of 62

Contents

Abstract..ii
Acknowledgement.iv
Contents..v
List of Tables........vii
List of Figures.....viii
1 Introduction...1
1.1 Essential Characteristics........3
1.2 Deployment Models..4
1.3 Architecture...6
1.4 Benefits of Cloud Architecture.7
1.5 Examples of Cloud Architecture..8
2 Related Work..11
2.1 Comparison of Different Techniques..12

iv

3Requirements16
3.1 SoapUI...16
3.2 Mule Studio...17
3.3 Eclipse....18
4 Infrastructure..20
4.1 Registration Process.....21
4.2 Upload Process.....22
4.3 Retrieval Process..24
5Implementation Plan...28
6Analysis.....30
7Conclusion and Future Work.....31
7.1 Conclusion.31
7.2 Future Work.31
8 References.32
9Appendix35

List of Tables
Table 1.1 .Multi-layer security10
Table 2.1 System requirements12
Table 2.2 .Comparison of different techniques15

List of Figures
Figure 1-1 Internet as a Cloud 1
Figure 1-2 Deployment models in cloud computing.. 5
Figure 1-3 Basic cloud architecture.6
Figure 4-1 Infrastructure of the proposed method.20
Figure 4-2 Relationship Diagram for Registration Request...21
Figure 4-3 Relationship Diagram for Upload Process22
Figure 4-4 Flow in Upload Process.23
Figure 4-5 Relationship Diagram for Retrieval Process..24
Figure 4-6 Flow in Retrieval of Data Process..25

Chapter 1
Introduction
Cloud computing is an emerging paradigm in the field of Information Technology and it
is here to stay and serve rest of the future. As it has become a global phenomenon, a lot of
companies have joined the bandwagon of cloud computing. A model for enabling convenient,
on-demand network access to a shared pool of configurable computing resources, (e.g.,
networks, servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. [21]

g
n
t
e
Figure 1-1: Internet as a cloud
r
n
e
Now, the question
posed by renowned IT gurus is how far can one go with cloud i.e., trust and
t
a
security of the scloud are being questioned. In a cloud computing environment, the equipment
a
C
used for business
operations can be leased from a single service provider along with the
l
o
application, andu the related business data can be stored on equipment provided by the same
d

serviceprovider. [4] This type of arrangement can help a company save on hardware and
1

software infrastructure costs, but storing the companys data on the service providers equipment
raises the possibility that important business information may be improperly disclosed to others.
There have been quite a number of security measures implemented in the cloud. These security
measures have their own pros and cons. There have been a few security measures with respect to
encryption. But the question is who has the control over encryption and decryption keys?
Logically the control should be with the customer.

When an internet connection protocol is established, it is possible to share services within


anyone of the following layers.

Client: The devices that we use to access the applications in cloud computing are the clients. The
client consists of hardware and/or computer software that rely on cloud computing for access to
application and is useless without it. Some examples of client may include laptops, phones and
tablets.

Server: This layer consists of computer hardware and computer software products that are
specifically designed for delivery of cloud services.

Infrastructure: This is one among the services of cloud computing, also known as
infrastructure as a service (IaaS). This is typically a platform virtualization environment that
allows us for raw storage and networking. This service allows the client to outsource the service
instead of purchasing servers, software, data-center space or network equipment. This concept is

based on utility computing basis; the amount of resources utilized will reflect the level of
activity.

Application:This service allows the user to eliminate maintenance of hardware and software by
allowing him to access the application over internet. By this process the user doesnt require to
install the application on customers own computer. This service model is also known as
software as a service.

Platform:This service facilitates deployment of applications without the cost and complexity of
buying and managing the underlying hardware and software layers. This service model is also
known as platform as a service (PaaS).

1.1 Essential Characteristics


On-demand self-service: Computing capabilities used as needed and automatically without
requiring Human Computer Interaction.
Broad network access: Capabilities available over network and accessed through standard
mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile
phones, laptops, and PDAs).
Resource pooling: Computing resources pooled to serve multiple consumers using a multi-tenant
model, with different physical and virtual resources dynamically assigned and reassigned
according to consumer demand.

Rapid elasticity: Capabilities can be rapidly and elastically provisioned to quickly scale out and
rapidly released to quickly scale in. Capabilities available for provisioning often appear to be
unlimited to the consumer and can be purchased in any quantity at any time.
Measured Service: Automatic control and optimize use of resources by leveraging a metering
capability at some level of abstraction, appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts).

1.2 Deployment Models


The four types of deployment models in cloud computing are [22]:

Public cloud - Public cloud infrastructure is owned by an organization selling cloud


services and it is made available to the normal users or a large industry. This is based on
utility computing where the customer has to pay for the resources used. The third party
provider or service provider bills the customer based on the utility. E.g., Google,
Facebook.

Private cloud - private cloud infrastructure is owned by a single organization. This allows
the user to avoid the criticism of buying, building and managing the software application
that he is working on. E.g., Amazon VPC, VMware Cloud.

Hybrid cloud -This infrastructure is a combination of two or more clouds i.e. private,
public or community. These clouds remain unique but are bound together by standardized
technology that enables application and data portability. An example for hybrid cloud
would be cloud-bursting (load balancing between clouds). E.g., Windows Azure,
VMWare vCloud.

Community cloud -Community as the name suggests is a shared cloud. It is shared by


several organizations and supports a particular community that has common concerns viz.
mission, policy, security requirements. It can be managed by the organization or a third
party. E.g., GoogleApp, IBM SmartCloud.

Public/ Large Industry


Owned by organization selling
cloud services
Google, Facebook

Public

Private

Hybrid

Community

2 or more clouds
Common technology
Windows Azure, VMWare
vCloud

Figure 1-2: Deployment Models in Cloud Computing

Single Organization
Location?
Managed by?
Amazon VPC, VMWare Cloud

Several Organizations
Location?
Managed by?
Google App, IBM Smart
Cloud

1.3 Architecture
Cloud architecture, the systems architecture of the software systems involved in the delivery of
cloud computing, typically involves multiple cloud components communicating with each other
over a loose coupling mechanism such as a messaging queue. Sample architecture is shown in
the diagram below.

Figure 1-3: Basic Cloud Architecture

Cloud Architectures address key difficulties surrounding large-scale data processing. In


traditional data processing it is difficult to get as many machines as an application needs.
Second, it is difficult to get the machines when one needs them. Third, it is difficult to distribute
and co-ordinate a large-scale job on different machines, run processes on them, and provision
another machine to recover if one machine fails. Fourth, it is difficult to auto-scale up and down
based on dynamic workloads. Fifth, it is difficult to get rid of all those machines when the job is
done. Cloud Architectures solve such difficulties.
Applications built on Cloud Architectures run in-the-cloud where the physical location of the
infrastructure is determined by the provider. They take advantage of simple APIs of Internet-

accessible services that scale on-demand, that are industrial-strength, where the complex
reliability and scalability logic of the underlying services remains implemented and hidden
inside-the-cloud. The usage of resources in Cloud Architectures is as needed, sometimes
ephemeral or seasonal, thereby providing the highest utilization and optimum bang for the buck.

1.4 Benefits of Cloud Architecture [23]


i.

Almost zero upfront infrastructure investment: If you have to build a large-scale system it
may cost a fortune to invest in real estate, hardware (racks, machines, routers, backup
power supplies), hardware management (power management, cooling), and operations
personnel. Because of the upfront costs, it would typically need several rounds of
management approvals before the project could even get started. Now, with utility-style
computing, there is no fixed cost or startup cost.

ii.

Just-in-time Infrastructure: In the past, if you got famous and your systems or your
infrastructure did not scale you became a victim of your own success. Conversely, if you
invested heavily and did not get famous, you became a victim of your failure. By
deploying applications in-the-cloud with dynamic capacity management software
architects do not have to worry about pre-procuring capacity for large-scale systems. The
solutions are low risk because you scale only as you grow. Cloud Architectures can
relinquish infrastructure as quickly as you got them in the first place (in minutes).

iii.

More efficient resource utilization: System administrators usually worry about hardware
procuring (when they run out of capacity) and better infrastructure utilization (when they
have excess and idle capacity). With Cloud Architectures they can manage resources

more effectively and efficiently by having the applications request and relinquish
resources only what they need (on-demand).

iv.

Usage-based costing: Utility-style pricing allows billing the customer only for the
infrastructure that has been used. The customer is not liable for the entire infrastructure
that may be in place. This is a subtle difference between desktop applications and web
applications. A desktop application or a traditional client-server application runs on
customers own infrastructure (PC or server), whereas in a Cloud Architectures
application, the customer uses a third party infrastructure and gets billed only for the
fraction of it that was used.

v.

Potential for shrinking the processing time: Parallelization is the one of the great ways to
speed up processing. If one compute-intensive or data-intensive job that can be run in
parallel takes 500 hours to process on one machine, with Cloud Architectures, it would be
possible to spawn and launch 500 instances and process the same job in 1 hour. Having
available an elastic infrastructure provides the application with the ability to exploit
parallelization in a cost-effective.

1.5 Examples of Cloud Architecture


There are plenty of examples of applications that could utilize the power of Cloud Architectures.
These range from back-office bulk processing systems to web applications. Some are listed
below:

Processing Pipelines

Document processing pipelines convert hundreds of thousands of documents


from Microsoft Word to PDF, OCR millions of pages/images into raw searchable
text

Image processing pipelines create thumbnails or low resolution variants of an


image, resize millions of images, Picasa, flickr.

Video transcoding pipelines transcode AVI to MPEG movies, YouTube.

Indexing create an index of web crawl data

Data mining perform search over millions of records

Batch Processing Systems

Back-office applications (in financial, insurance or retail sectors)

Log analysis analyze and generate daily/weekly reports

Nightly builds perform nightly automated builds of source code repository


every night in parallel

Automated Unit Testing and Deployment Testing Test and deploy and perform
automated unit testing (functional, load, quality) on different deployment
configurations every night

Websites

Social Networking websites

Websites that sleep at night and auto-scale during the day

Instant Websites websites for conferences or events (Super Bowl, sports


tournaments)

Seasonal Websites - websites that only run during the tax season or the holiday
season (Black Friday or Christmas).

Security in cloud computing must be provided in each and every layer. The table below depicts
the security needed in a cloud.
Application Layer

Identify management,
authorization, auditing
Data encryption, backup,

Data Layer

recovery
System Layer

System hardening, antivirus


protection, host intrusion
detection

Network Layer

Firewall, Network intrusion


detection

Table 1.1: Multi-layer Security [14]

Chapter 2
Related Work
There have been a few security measures with respect to encryption. But the question is who has
the control over encryption and decryption keys? Logically the control should be with the
customer.
Software as a service layer of the cloud computing would be the best option for method
described in this project. As software needs are to be addressed even after handing it over to a
client, one has control over it. Software as a service also known as on demand service is hosted
on the internet. So, one need not install and run the required software all the time and just use it
as per the requirements. This service is cost effective .This is an emerging trend in the
information technology. Undoubtedly, this trend has a great potential in the near future as it
provides computing in an easy and efficient manner with low cost. This trend is ever growing
due to its cost effective way of sharing large amount of information anywhere in the world. As
the demand for cloud computing is sky high there is a serious issue of security. In order to ensure
security in cloud computing the cloud provider must guarantee the customer with eminent
security measures. There have been a number of encryption mechanism used for security in
cloud computing. But each of them failed to provide control to the customer. So, a technique
using encryption is proposed in this project which provides control to the customer. The
user/customer has the maximum control of the data here. The major part of encryption and
decryption is done at the user level which is the motive of this project.

Confidentiality

Ensure the Confidentiality of the data being


stored

Integrity

Maintain the Integrity of the data to ensure


that it has not been tampered with.

File Sharing

Ensure that File Sharing can be catered for.

Key-Revocation

Allow for Key-Revocation when user rights


need to be removed.

Compromised Key pair

Ensue that the system can recover from a


Compromised Key pair.

Access Control

Ensure Access Control to the server.


Table 2.1: System Requirements [16]

2.1 Comparison of different security techniques


There have been many encryption techniques employed in the cloud. But the main question is
who has the control over these encryption keys. Is the control with the user, or the third party or
the cloud? Logically the control should be with the customer.
As in any cloud computing atmosphere we need to assume that the system comprises of the
following parties: the data owner, cloud server, data consumers and a Third Party Auditor (TPA)
if necessary. [13]
The use of a semi-trusted mediator (SEM) in conjunction with a simple variant of the RSA
cryptosystem (mediated RSA) offers a number of practical advantages over current revocation

techniques. This approach simplifies validation of digital signatures and enables certificate
revocation within legacy systems. [15]
Encryption scheme using Residue Number System (RNS). In this scheme, a secret is split into
multiple shares on which computations can be performed independently. Security is enhanced by
not allowing the independent clouds to collude. Efficiency is achieved through the use of smaller
shares. [3]
Technique

Description

Benefits

Usability Issues

Cloud Key

CKMIs introduction

Complexity of

Encrypting data at rest

Management

will reduce the

encryption management

within Paas is generally

(CKMI)[1]

encryption

is reduced and

complex process and

management

infrastructure costs and

involves more

complexity by

risks are lowered.

customization. In case of

building

SaaS, Cloud customers

interoperability into

cannot implement

the key management

directly and they need to

environment.[1]

request the provider.

RSA encryption

A digital signatureor

Hashing algorithm and

Public and private keys

algorithm with

digitalsignature

message digest are used

are used and there is no

digital

schemeis a

in this algorithm which

back up for loss of

signature[2]

mathematical

makes it secure.

key(s).

scheme for
demonstrating the

authenticity of a
digital message or
document.[2]
Homomorphic

Security is enhanced

A secret is split in to

Issues like overflow and

encryption

by not allowing the

multiple shares and

sign detection to apply

scheme using

independent clouds to

computations on each

RNS (Residue Number

residue number

collude. Efficiency is

share are performed

System) for

system[3]

achieved through the

independently. There is

homomorphic

use of smaller

no collision between the computations need to be

shares.[3]

independent clouds and

addressed. Also issues

hence security is

like confidentiality,

enhanced.

integrity and cloud


collusion need to be
addressed.

YI cloud[6]

This system allows the The primary key is

Single encryption key is

users to encrypt their

shared between trusted

used for all files stored in

files and store it in the

entities so even if the

the cloud. Encryption key

cloud.[6]

user loses the key

is fixed in YI cloud.

he/she can recover it


from the entities.
Use of secret sharing
algorithm reduces the
risk of losing data.

A Generic

It is a generic scheme

This scheme has

Like every other scheme,

Scheme for

to enable fine-grained

advantages as it makes

even this scheme has

Secure Data

data sharing over the

use of attribute-

some potential risks.

Sharing in

cloud, which does not

based/predicate

There is no mechanism to

Cloud[5]

require key-

encryption and proxy

overcome the ill effects

redistribution and data

re-encryption.

performed by the revoked

re-encryption.[5]
Table 2.2: Comparison of different techniques

user.

Chapter 3
Requirements
3.1 SoapUI
SoapUI is a free and open source cross-platform Functional Testing solution. With an easy-touse graphical interface, and enterprise-class features, SoapUI allows you to easily and rapidly
create and execute automated functional, regression, compliance, and load tests. In a single test
environment, SoapUI provides complete test coverage and supports all the standard protocols
and technologies. There are simply no limits to what you can do with your tests.
Features of SoapUI [19]:
Functional Testing -Automated Functional and Regression Testing. Powerful and
innovative features help to validate and improve the quality of the services and
applications.
Service Simulation -SoapUI Mock Services let you mimic and create robust tests against
Web Services before they are implemented.
Security Testing -Using a complement of tests and scans, protect the services on
websites against the most common security vulnerabilities.
Load Testing -SoapUI lets you create even the most advanced Load Tests quickly and
easily.

Technology Support -Loaded with advanced technologies, SoapUI provides support for
all the common protocols and standards.
Automation -SoapUI packs advanced end-to-end automation features, allowing the user
to dramatically reduce labor costs and improve your time-to-market.
Analytics -With powerful and integrated analytics, SoapUI Pro makes your testing faster
than ever and saves countless hours.
Recording -Built from the ground up to offer advanced recording capabilities, SoapUI
records, monitors and displays all the data that is sent and received between a client, such
as your web browser, and a server.
Ecosystem -A big part of what makes SoapUI great is the universe of the open source
community and partners around it, who have accelerated the pace of innovation on
SoapUI.
Role of SoapUI in this project: SoapUI acts as a client in this project.

3.2 Mule Studio


It is the worlds most widely used integration platform for connecting applications. If you have
more than a couple of applications, services, or legacy systems, custom point-to-point integration
is painful. It is way too expensive and time-consuming to build and once in place, creates a
complex web of brittle connections that breaks every time you change an endpoint modify a data
structure or change a business process.
Mule ESB is the one which helps to overcome all the above situations with ease.

Features of Mule Studio[18]:

Service Mediation - Business logic is separated from protocols and message formats for
rapid, nimble development and long-term flexibility.

Message Routing - Messages can be routed based on content or complex rules and
filtered, aggregated, or re-sequenced as required.

Data Transformation - Data can be transformed to and from virtually any format across
heterogeneous transport protocols and data types and incomplete messages can enhanced
through data retrieval. In addition, message payload can be encrypted, compressed or
encoded to ensure security.

Event Handling - Mule ESB supports synchronous and asynchronous events,


transactions, streaming, routing patterns, and SEDA architecture.

Service Orchestration - Message flows can contain lightweight service orchestration to


support SOA initiatives.

Service Creation & Hosting - Functionality in any endpoint can be exposed as a service
and organized into an efficient, unified, standards-based architecture. Existing services
can be hosted as lightweight service containers.

3.3 Eclipse
The Eclipse Software Development Kit (SDK) contains everything you need to build Java
applications. Considered by many to be the best Java development tool available, the Eclipse
Java Development Tools (JDT) provides superior Java editing with on-the-fly validation,
incremental compilation, cross-referencing, code assist and much more. [20]

The new Eclipse 3.2 release features some exciting new capabilities, including:

Java 6 support

Refactoring scripts

Static analysis of Java code

Improved code completion and quick fix support

Improved usability and performance

Support for Mac OSX on Intel and preview support for Windows Vista

Chapter 4
Infrastructure

Cloud Storage
(S3 Storage)

Client Worstation

Third Party
Services

DB Instance
at Cloud

Amazon S3/ Amazon Ubuntu Server with Mysql DB

Ubuntu 12-0.4 Cloud Server

Figure 4-1: Infrastructure of the proposed method

The figure above depicts the infrastructure of the proposed method. The communication among
the key components of client workstation, third party services and the amazon cloud storage is
vital in this method. Here, the client is the SoapUI, third party server is the Mule Studio and the
cloud is Amazon S3. The structure of the method is clearly shown in the above figure. The flow
of the method and the structure of each component is discussed in the following pages of this
document.

4.1 Registration Process

1 Registration Request

1:* Registration
Information

Encrypted Key

Registration Service
User Key (First Half)

Response

5
Status

4
Server Key

User

Server Key
Percistance

User SOAP UI Client


Registration Request: User Name, Email Address, First Name, Last Name
3RD Party Service Registration Service (Web Service)
Takes the above parameters and generates the encrypted key.
Split the key and provide the first half to user as part of response.
Second half will be saved in server.
Figure 4-2: Relationship Diagram for Registration Request

Java Custom
Component
(Generate Key
and Splitter)

4.2 Upload Process

File

Get the file

Encrypt the
data using
User Key

Prepare
Service
Request

Upload Document Service Request

Upload Document
Service Req

Upload Document
Service

5
Status

Upload
Document

User

Encrypted Content

Java Custom
Component
(Get the content
and encrypt the
data using server
key)
- Second
Encryption
Phase

Persist the data


at S3
(Cloud
Persistence)

User SOAP UI Client


- Identify the file which needs to be uploaded to Cloud.
- Encrypt the data using the first half of the key (Eclipse Test project)
- Take the encrypted content and fill in SOAP UI Request
Server - 3RD Party Service Upload Document Service (Web Service)
- Receive the User Encrypted Data
- Get the Server Key (second half of the key) and encrypt the above content (second phase of encryption)
- Call Amazon Cloud Service and send the document for its persistence.
- Data stored in cloud is having double protection.
- If Web service exposed thru security layer (HTTPS), data across the wire will be encrypted and cannot be intercepted.
Figure 4-3: Relationship Diagram for Upload Process

Upload

User

Registration

Third Party
Services

Registration

Cloud

Phase

Account Setup

Initiate File Upload


Process

Encrypt the Content


using the first half

Call Service with


encrypted Data for
cloud storage

Receive the Content

Encrypt the Content


using the second
Half

Upload the content


to cloud

Persist the data

Figure4-4:Flow in Upload Process

The upload process in the proposed method is shown in the above figure. Firstly, registration is
done by providing details as first name, last name, email Id. Then, the user uploads the file by
encrypting it with the first half of the key. This is sent to the third party services and the content
is again encrypted with the second half key. Now, the file is uploaded in to the cloud.

4.3 RetrievalProcess

1
Get Document By Doc Name

Get Content By S3
KEY

Document Service

Get the Content


Decrypt the
content using
User Key (first
Half)

Store the
data in file
or view

Response

Content from Cloud

5
Server
Decrypted
Content

User

ted

ten

Server
Encrypted
Content

En

p
cr y

n
Co

Amazon S3

Java Custom
Component
(Retrieve Server
Key
Decrypt Content
using server Key)

User SOAP UI Client


- Identify the file name which needs to be retrieved
- Fill in the SOAP UI Request with document name
Server - 3RD Party Service Document Service (Web Service)
- Receive the Document Name.
- Call the Cloud Service to retrieve the content using the document name as Key.
- Get the Server Key (second half of the key) and Decrypt the content received from cloud
- Return the data to user (at this time one layer of decryption was done)
User SOAP UI
- Receive the data from server
- Decrypt this content using User first half of the key (using java program in eclipse)
- If needed, save the content in file.

Figure 4-5: Relationship Diagram for Retrieval Process

Retrieve Data

Cloud

Third Party
Services

User

Phase

Initiate the File


Retreival

Call Service with


filename and user
info

Validate the User


Get second part of
Key

Receive the
encrypted data

Call Cloud service to


retrieve the data

Decrypt the data


using second part of
the key

Decrypt the data


using first half of
the key

Return the data to


user

Data Retrieval

Figure 4-6: Flow in Retrieval of Data Process

The process for the retrieval of data is shown in the above figure. The user will initiate the
retrieval of the file. Retrieval is done by calling the service with filename and the user
information. The user will call the third party service for validation. After validation, the third
party service will get the second part of the key and call the cloud service to retrieve the data.
Third party service will decrypt the data using the second part of the key and return the data to
the user. Here, the data is only half decrypted. Now, the user receives the encrypted (half
decrypted) data and decrypts the data using the first half of the key. Thus, we get the original
data.

Encryption and Decryption Keys:


The process involves encryption of the data and decryption of the data. Here, we have two
encryption keys and two decryption keys.
Use of two keys. How do you justify?
Use of two keys is justified as it ensures more safety and security in this model. Firstly, in order
to encrypt the given data, user encrypts the data file and sends it to the third party server which
again encrypts the data and stores it in the cloud. Secondly, when the user wants to decrypt the
data, the data file from the cloud is retrieved by the third party server and it is partially
decrypted. This file is sent to the user who decrypts it with the decryption key. So, it does make
sense to use two keys.
The user loses the key. How often can this happen?
No one or no mechanism can ensure that the user will never lose the key. Key can be lost any
moment. There is no exact probability for losing a key. Even if the key is lost, we can make use
of YI cloud mechanism which is used for the key recovery. In this mechanism the key is divided
in to a number of parts and each part is stored with a trusted party. So when a user loses the key,
the user can gain the key from the trusted parties. None of the trusted parties can gain access to
the data as the trusted party does not know each other.

What if the second part of the key is made using the first key?
The second part of the key cannot be made using the first key. The two keys are not symmetrical.
Keys are generated in a random manner and even if the same file is used again for storage in the
cloud another key is generated and is not at all related to the old key.

Chapter 5
Implementation Plan
Requirements for the implementation:
Client - SoapUI
Server (Third party) - Mule Studio
Cloud Amazon S3
The first step in the implementation of this project is to run the mule studio. Mule studio
(Third party server) should be up and running to start the implementation.
Then, the registration request in SoapUI is used for the user to register. User credentials
like username email ID, first name and last name are needed here. Now, the SoapUI
request with the user credentials is executed. A token is generated here.
This token is taken and pasted in the TestRead.java in the eclipse. The path of the file to
be stored is also given here. This program is executed as a java application. The output o
this program is the encryption key. By using this encryption key, the data file is
encrypted. This key is pasted in the content of the upload request in the SoapUI. This
request is executed and there will be a response indicating that the file is uploaded. Now,
if the user wants the file back, the Get document request in the SoapUI is used. Here, the
File name to be retrieved is given and a document ID(any random number) should be
provided. This request is executed and a key is generated. This key is the decryption key.
This key along with the first token generated are pasted in the DecryptContent.java in

the eclipse and this program is executed. Now, the original data is obtained. This proves
that the encryption and decryption keys are in working state and the encryption and
decryption of data is possible in this method. Now, in order to make sure that the file is
stored in an encrypted format, we have to take a look at the Amazon S3 cloud where
there is a bucket created namely tejatest. Here, we have the file stored in an encrypted
format. Hence, the proposed method is up and running. The flow of the method is shown
in the appendix as screen shots.

Chapter 6
Analysis

Security is the first priority in any method. In order to ensure the security of the data to be stored
in the cloud, we use two step encryption and decryption. The data in the cloud is stored in
encrypted format. So, even if a malicious user gets access to the data, he/she cannot get the
original data. The keys used in this method for encryption and decryption are not symmetrical, so
even if the malicious users get hold of one key, they cannot generate the other key and hence
cannot get the original data.
Firstly, the data with the user is encrypted and sent to a third party. Here, it is again encrypted
and stored in the cloud. This way the data is secure in the cloud.
Decryption is also done in a two-step process to ensure security of the data. A retrieval request is
sent to the cloud by the third party. This request is sent when the user initiates the file retrieval.
The user receives the half decrypted data from the third party and the second level of decryption
is done at the user side. Hence, the user has the original data. The data stored in the cloud is on
Amazon S3 and it is in encrypted form.
Thus, it is proven that the mechanism works.

Chapter 7
Conclusion and Future Work
7.1 Conclusion
Security is the key aspect in any method and this aspect has been primarily focused in this
method. Encryption at two levels ensures that the data is safe and secure and more importantly
its the user who has the original data. The logical control over the data is with the user. There is
no way that the third party server or the cloud can get access to the original data. So, this method
will be of good use in the coming future of cloud computing security.

7.2 Future Work


This method can be extended by making the whole process automatic. This can be done by
creating a GUI in java. SoapUI, Mule Studio and eclipse have to be connected in order to make
the whole process automatic. This method can also be modified by using different client, server
and cloud and also by changing the key mechanism of this method.
Finally, by implementing this method, cloud provider can attract a number of users.

References
[1] Research on Key Management Infrastructure in Cloud Computing Environment: Sun Lei, Dai
Zishan, Guo Jindi.
[2]Implementing Digital Signature with RSA Encryption Algorithm to Enhance the Data
Security of Cloud in cloud computing: Uma Somani, Kanika Lakhani, Manish Mundra.
[3] HORNS: A Homomorphic Encryption Scheme for Cloud Computing using Residue Number
System. Mahadevan Gomathisankaran, Akhilesh Tyagi, Kamesh Namuduri.
[4] A Business Model for Cloud Computing Based on a Separate Encryption and Decryption
Service: Jing-Jang Hwang and Hung-Kai Chuang, Yi-Chang Hsu and Chien-Hsing Wu.
[5] A Generic Scheme for Secure Data Sharing in Cloud: Yanjiang Yang, Youcheng Zhang.
[6] YI Cloud: Improving user privacy with secret key recovery in cloud storage. Zheng
Huang,Qiang Li,Dong Zheng,Kefei Chen, XiangXue Li.
[7] Cloud Computing Security: From Single to Multi Clouds Mohammed A. AlZain #, Eric
Pardede #, Ben Soh #, James A. Thom* # Department of Computer Science and Computer
Engineering.
[8] Cloud Computing Security Challenges and Methods to Remotely Augment A Clouds
Security Posture Robert E. Johnson, III Cimcor, Inc.

[9] Implementing Digital Signature with RSA Encryption Algorithm to Enhance the Data
Security of Cloud in Cloud Computing #1 Uma Somani, #2 Kanika Lakhani, #3 Manish
Mundra.
[10]Analysis and Research about Cloud Computing Security Protect Yin Hu Network center
Huang gang normal university Huang gang, China e-mail: huyin @hgnu.edu.cn Haoyong Lv
Network center Huang gang normal university Huang gang.
[11] Cloud Hooks: Security and Privacy Issues in Cloud Computing Wayne A. Jansen, NIST.
[12] An architecture based on proactive model for security in cloud computing Prashant
Srivastava1, Satyam Singh2, Ashwin Alfred Pinto3, Shvetank Verma4, Vijay K. Chaurasiya5,
Rahul Gupta 6 MBA & MS-CLIS Division, IIIT-Allahabad, India.
[13] Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing
Shucheng Yu_, Cong Wang, Kui Ren, and Wenjing Lou_Dept. of ECE, Worcester
Polytechnic Institute, Email: {yscheng, wjlou}@ece.wpi.edu Dept. of ECE, Illinois Institute of
Technology, Email: {cong, kren}@ece.iit.edu
[14] A Benchmark of Transparent Data Encryption for Migration of Web Applications in the
Cloud. Ji Hu SAP Research Center Karlsruhe, Germany ji.hu@sap.com Andreas Klein SAP
Research Center Karlsruhe, Germany andreas.klein@sap.com
[15] A Method for Fast Revocation of Public Key Certificates and Security Capabilities Dan
Boneh dabo@cs.stanford.edu Xuhua Ding xhding@isi.edu Gene Tsudik gts@ics.uci.edu Chi
Wing Mong bc@cs.stanford.edu

[16] An Architecture for Secure Searchable Cloud Storage Robert Koletka Department of
Computer Science University of CapeTown, South Africa Email: robert.koletka@uct.ac.za
Andrew Hutchison Department of Computer Science University of Cape Town Cape Town,
South Africa Email: hutch@cs.uct.ac.za
[17] Source: tecnorati.com
[18] http://www.mulesoft.com/mule-esb-features
[19] http://www.soapui.org/About-SoapUI/features.html
[20] http://www.eclipse.org/downloads/moreinfo/java.php
[21] http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
[22] http://www.techno-pulse.com/2011/10/cloud-deployment-private-public-example.html
[23] http://www.databarracks.com/media/93800/aws_cloud_best_practices.pdf

Appendix
Appendix A

Figure A-1: Working of Mule Studio

Figure A-2: SoapUI Registration Request

Figure A-3: SoapUI Upload Document Request

Figure A-4: SoapUI Get Document Request

Figure A-5: SoapUI Registration Request Execution

Figure A-6: SoapUI Registration Request generates a token

Figure A-7: The token generated in SoapUI is placed in the TestRead.java in Eclipse

Figure A-8: The path of the file to be stored and the token are placed in TestRead.java. Execute this and a key is
obtained

Figure A-9: Place the obtained key in the content part of the SoapUI (Upload) and execute

Figure A-10: Executed screen shot of the Upload SoapUI

Figure A-11: Change the key in the Mule Studio Configuration XML to the name given in the Get Document SoapUI

Figure A-12: Document name is given and any random Id can be given. Execute this

Figure A-13: After execution we get a key in the document content

Figure A-14: Place this key and the token obtained in the first step in the DecryptContent.java and execute

Figure A-15: We get the original data

Figure A-16: Amazon Web Services

Figure A-17: A bucket named tejatest has already been created

Figure A-18: 'rapid' file is stored in the cloud

Appendix B
Test Client: Authentication(or registration) and upload of data
package com.test.teja.client;
import java.net.MalformedURLException;
import java.net.URL;
import java.rmi.RemoteException;
import javax.xml.rpc.ServiceException;
import com.toledo.university.test.AuthenticationResponse;
import com.toledo.university.test.AuthenticationService;
import com.toledo.university.test.AuthenticationServiceServiceLocator;
import com.toledo.university.test.UploadDocumentService;
import com.toledo.university.test.UploadDocumentServiceServiceLocator;
public class TestClient {
public static final String serviceUrl = "http://localhost:9777/services/register";
public static final String uploadServiceUrl = "http://localhost:9777/services/upload";
public static AuthenticationService service;
public static UploadDocumentService uploadService;
public static void main(String[] args) throws ServiceException, RemoteException {
// TODO Auto-generated method stub
URL portAddress;
AuthenticationResponse resp = new AuthenticationResponse();
try {
portAddress = getServiceURL(serviceUrl);
AuthenticationServiceServiceLocator locator = new
AuthenticationServiceServiceLocator();
service = locator.getAuthenticationServicePort(portAddress);
resp = service.authenticate("userName", "email", "firstName",
"lastName");
System.out.println(resp.getToken());
uploadcontent(resp.getToken());
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

private static void uploadcontent(String token) throws ServiceException,


RemoteException {
URL uploadPortAddress;
try {
System.err.println("call update service");
uploadPortAddress = getServiceURL(uploadServiceUrl);
UploadDocumentServiceServiceLocator uploadLocator = new
UploadDocumentServiceServiceLocator();
uploadService =
uploadLocator.getUploadDocumentServicePort(uploadPortAddress);
String fileName = "C:/temp/test.txt";
String encryptContent = encryptContentData(fileName, token);
uploadService.uploadDocument("uploadedtestdoc", encryptContent,
"plain/text");
System.err.println("upload complete");
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private static String encryptContentData(String filename, String token) {
GenerateContent gcon = new GenerateContent();
return gcon.generateContent(filename, token);
}
private static URL getServiceURL(String url) throws MalformedURLException {
// TODO Auto-generated method stub
return new URL(url);

Test read: Encryption


package com.test.teja.client;
publicclass TestRead {
/**
* @param args
*/
publicstaticvoid main(String[] args) {
// TODO Auto-generated method stub
String fileName ="C://Users//Bandaru//Documents//bin.txt";
String userKey=
"h7ZBm1IniyalBMvzCIPNbOv6nQwELnDvVzNRhNhhobrRyDumwDbBaimj4Y6GCztrPlZ4D
oL0XYQ=";
GenerateContent gcn = new GenerateContent();
System.out.println(gcn.generateContent(fileName, userKey));
}
}

Decrypt content: Decryption


package com.test.teja.client;

publicclass DecryptContent {
/**
* @param args
*/
publicstaticvoid main(String[] args) {
// TODO Auto-generated method stub
String encryptedServerData =
"vYjQ8T+wr5GmoUSotW6nUBefNFpSoxJsSkdXY4wdpp1OLPh93l7fdXYtdoZHtBpav2N6Lbl
NUYP02QRs8bDtWsIS/R/iQ0JEaiPU3wI/H+akreSzXPLM8mfQ6pG4U8Qvm7RGDfhYMr3A
C/ViuURvhz69eMmEGG+Lyb6fVaD3HrlyBdptRZFWutR4y5WsNhLRuWKJHihBzUnhnX521
5qwsRFE2VZ62XCllPRZM/ehmO6ux3sMHuPeUL02M/IgA/TMH+hLXn6xCfw=";
String userToken =
"h7ZBm1IniyalBMvzCIPNbOv6nQwELnDvVzNRhNhhobrRyDumwDbBaimj4Y6GCztrPlZ4D
oL0XYQ=";
GenerateContent gcn = new GenerateContent();
System.err.println(gcn.decryptContent(encryptedServerData, userToken));
}
}

Amazon Upload: Upload of data file in to the cloud


package com.teja.authentication;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import com.amazonaws.auth.PropertiesCredentials;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.PartETag;
import com.amazonaws.services.s3.model.UploadPartRequest;
publicclass AmazonUpload {
publicstaticvoid main(String[] args) throwsIOException {
String existingBucketName="tejatest";
String keyName
= "republicday";
String filePath
= "C:\\bandaru\\TAS\\republic-day-1.jpg";
AmazonS3 s3Client = new AmazonS3Client(new PropertiesCredentials(
AmazonUpload.class.getResourceAsStream(
"AwsCredentials.properties")));
// Create a list of UploadPartResponse objects. You get one of these
// for each part upload.
List<PartETag> partETags = new ArrayList<PartETag>();
// Step 1: Initialize.
InitiateMultipartUploadRequest initRequest = new
InitiateMultipartUploadRequest(existingBucketName, keyName);
InitiateMultipartUploadResult initResponse =
s3Client.initiateMultipartUpload(initRequest);
File file = newFile(filePath);
long contentLength = file.length();
long partSize = 5242880; // Set part size to 5 MB.
try {
// Step 2: Upload parts.

long filePosition = 0;
for (int i = 1; filePosition < contentLength; i++) {
// Last part can be less than 5 MB. Adjust part size.
partSize = Math.min(partSize, (contentLength - filePosition));
// Create request to upload a part.
UploadPartRequest uploadRequest = new UploadPartRequest()
.withBucketName(existingBucketName).withKey(keyName)
.withUploadId(initResponse.getUploadId()).withPartNumber(i)
.withFileOffset(filePosition)
.withFile(file)
.withPartSize(partSize);
// Upload part and add response to our list.
partETags.add(
s3Client.uploadPart(uploadRequest).getPartETag());
filePosition += partSize;
}
// Step 3: complete.
CompleteMultipartUploadRequest compRequest = new
CompleteMultipartUploadRequest(
existingBucketName,
keyName,
initResponse.getUploadId(),
partETags);
s3Client.completeMultipartUpload(compRequest);
} catch (Exception e) {
s3Client.abortMultipartUpload(new AbortMultipartUploadRequest(
existingBucketName, keyName, initResponse.getUploadId()));
}
}
}