This document discusses attaining data security in cloud computing. It aims to address security issues like insider attacks and identity theft. The challenges of storing data across distributed cloud systems while maintaining integrity and control are examined. Traditional cryptographic techniques like encryption, decryption, and digital signatures are explored as well as symmetric and asymmetric ciphers. A system model involving users, cloud service providers, and third party auditors is proposed. Simulation tools and references are also provided.
Axa Assurance Maroc - Insurer Innovation Award 2024
Attaining data security in cloud computing
1. Attaining Data Security in
Cloud Computing
Submitted by
M.Gopinath
(1074305)
VLSI DESIGN
Under the Guidelines of
Dr.V.Sumathy
2. Objective
• To address the security problems such as
insider attacks and identity theft.
• To store the data across network-distributed
systems in a secure way.
3. Challenging Security Threats
• Loss of control over data in cloud storage
• Traditional integrity menace
Due to dynamic data update
Due to storing data redundantly in various
physical location
• Insider attack
4. Literature Survey
• Great amount of data widely spread over the
network require adequate management, to
ensure authorization, confidentiality and
integrity.
• Based on the cryptography and the nature of the
cloud, information security has to be achieved.
5. Cloud Computing
• Computing on multiple server via a digital
network
• A model for enabling convenient, ondemand network access to a shared pool
of configurable computing resources
• Technique which moves the application
software and databases to the large data
centers
6. Cloud Computing contd..
• Provides computation, software, data
access, and storage services
• Does not require end-user’s knowledge of
the physical location and configuration of
the system that delivers the services
8. Cloud Storage
• A model of networked online storage where data
•
•
is stored on multiple virtual servers, generally
hosted by third parties, rather than being hosted
on dedicated servers.
Companies do not need to install physical
storage devices in their own datacenter or
offices, which reduces IT and hosting costs.
Companies need to pay only for the storage they
actually use.
10. System Model
Users (consists of both consumers and
organizations), who have data to be stored in the
cloud
Cloud Service Provider(CSP), who has
resources and expertise in building and
managing distributed cloud storage servers
Third Party Auditor(TPA), who has expertise
and capabilities that users may not have, to
assess and expose risk of cloud storage
11.
12. Adversary model
• It tries to compromise a number of cloud
data storage servers and is able to modify
or delete users’ data.
• Two types of adversary with different
levels of capability
Weak adversary
Strong adversary
13. Data Storage Security
• Encryption – the process of transforming
plaintext into ciphertext using cipher
• Decryption – the reverse process of
encryption
• Digital Signature
22. RSA Algorithm
• An algorithm for public-key (asymmetric)
•
•
•
•
cryptography.
Based on the presumed difficulty of factoring
large integers, the factoring problem.
RSA involves a public key and private key.
Anyone can use the public key to encrypt a
message.
If the public key is large enough, only someone
with knowledge of the prime factors can feasibly
decode the message.
23. Key Generation
•
•
•
•
•
•
Choose two distinct prime numbers p and q.
Compute n = pq.
Compute φ(n) = (p – 1)(q – 1), where φ is
Euler's totient function.
Choose an integer e such that 1 < e < φ(n)
and gcd(e,φ(n)) = 1, i.e. e and φ(n) are
coprime.
Determine d = e–1 mod φ(n); i.e. d is the
multiplicative inverse of e mod φ(n).
The public key pair is {e,n} and the private key
pair is {d,n}.
24. ENCRYPTION
For sending message to B:
• Obtains the recipient B's public key (n,
e).
• Represents the plaintext message as a
positive integer m, 1 < m < n.
• Computes the ciphertext C = me mod n.
• Sends the ciphertext C to B.
25. DECRYPTION
Sender decrypts the message as follows:
• Uses his private key (n, d) to compute m
= Cd mod n.
• Extracts the plaintext from the message
representative m.
26. Features of RSA
• Secrecy and Privacy
• Integrity
• Authentication
• Non-repudiation
27. Proposed Algorithm
• Public-Key encryption
•
•
– increased security
– Convenience
Secret-Key encryption
– Speed
Best solution is to combine public- and secret-key
cryptography to get both security and speed
28. Proposed Algorithm contd.
• User logins must be used to provide
authorization.
• The symmetric Data Key K is used for data
encryption.
• Then the symmetric key K is encrypted through
the user public key KPUB, and it is written in the
distributed storage system.
29. Simulation Tools
• Dot Net framework
• Gladinet Cloud Desktop
• Amazon Cloud Drive
• Box.net and OpenBox platform
30. Reference
• Gary C.Kessler, 1998, “An Overview of Cryptography”,
•
•
•
•
•
•
Chapter 3.
William Stallings, “Cryptography and Network Security”,
Fourth Edition, Chapters 3, 5, 9 and 13.
http://en.wikipedia.org/wiki/Cloud_Computing
http://www.box.net/
Amazon.com, “Amazon Web Services (AWS),” Online at
http://aws.amazon.com, 2008.
http://www.msdn.microsoft.com/enus/library/system.security.cryptography.aspx
http://www.gladinet.com/