This document discusses attaining data security in cloud computing. It aims to address security issues like insider attacks and identity theft. The challenges of storing data across distributed cloud systems while maintaining integrity and control are examined. Traditional cryptographic techniques like encryption, decryption, and digital signatures are explored as well as symmetric and asymmetric ciphers. A system model involving users, cloud service providers, and third party auditors is proposed. Simulation tools and references are also provided.

1. Attaining Data Security in
Cloud Computing
Submitted by
M.Gopinath
(1074305)
VLSI DESIGN
Under the Guidelines of
Dr.V.Sumathy

2. Objective
• To address the security problems such as
insider attacks and identity theft.
• To store the data across network-distributed
systems in a secure way.

3. Challenging Security Threats
• Loss of control over data in cloud storage
• Traditional integrity menace
Due to dynamic data update
Due to storing data redundantly in various
physical location
• Insider attack

4. Literature Survey
• Great amount of data widely spread over the
network require adequate management, to
ensure authorization, confidentiality and
integrity.
• Based on the cryptography and the nature of the
cloud, information security has to be achieved.

5. Cloud Computing
• Computing on multiple server via a digital
network
• A model for enabling convenient, ondemand network access to a shared pool
of configurable computing resources
• Technique which moves the application
software and databases to the large data
centers

6. Cloud Computing contd..
• Provides computation, software, data
access, and storage services
• Does not require end-user’s knowledge of
the physical location and configuration of
the system that delivers the services

7. Technologies in Cloud
•
•
•
•
•
Grid computing
Virtualization
Infrastructure-as-a-Service
Software-as-a-Service
Utility Computing

8. Cloud Storage
• A model of networked online storage where data
•
•
is stored on multiple virtual servers, generally
hosted by third parties, rather than being hosted
on dedicated servers.
Companies do not need to install physical
storage devices in their own datacenter or
offices, which reduces IT and hosting costs.
Companies need to pay only for the storage they
actually use.

9. Benefits of Cloud
•
•
•
•
Highly scalable
Highly available
Dynamically allocated resources
Pay only for resources that you use

10. System Model
Users (consists of both consumers and
organizations), who have data to be stored in the
cloud
Cloud Service Provider(CSP), who has
resources and expertise in building and
managing distributed cloud storage servers
Third Party Auditor(TPA), who has expertise
and capabilities that users may not have, to
assess and expose risk of cloud storage

12. Adversary model
• It tries to compromise a number of cloud
data storage servers and is able to modify
or delete users’ data.
• Two types of adversary with different
levels of capability
Weak adversary
Strong adversary

13. Data Storage Security
• Encryption – the process of transforming
plaintext into ciphertext using cipher
• Decryption – the reverse process of
encryption
• Digital Signature

14. Cipher Types
• Symmetric cryptography
• Asymmetric or Public Key cryptography

15. Symmetric Cipher

16. DES
The Data Encryption Standard (DES) is a
symmetric-key block cipher published by
the National Institute of Standards and
Technology (NIST).

17. General Structure of DES

18. DES uses 16 rounds. Each round of DES is a
Feistel cipher.

19. Key Generation

20. Properties of DES
• Avalanche effect
• completeness
Design Criteria
• S-boxes
• P-boxes
• Number of rounds

21. Public Key Cipher

22. RSA Algorithm
• An algorithm for public-key (asymmetric)
•
•
•
•
cryptography.
Based on the presumed difficulty of factoring
large integers, the factoring problem.
RSA involves a public key and private key.
Anyone can use the public key to encrypt a
message.
If the public key is large enough, only someone
with knowledge of the prime factors can feasibly
decode the message.

23. Key Generation
•
•
•
•
•
•
Choose two distinct prime numbers p and q.
Compute n = pq.
Compute φ(n) = (p – 1)(q – 1), where φ is
Euler's totient function.
Choose an integer e such that 1 < e < φ(n)
and gcd(e,φ(n)) = 1, i.e. e and φ(n) are
coprime.
Determine d = e–1 mod φ(n); i.e. d is the
multiplicative inverse of e mod φ(n).
The public key pair is {e,n} and the private key
pair is {d,n}.

24. ENCRYPTION
For sending message to B:
• Obtains the recipient B's public key (n,
e).
• Represents the plaintext message as a
positive integer m, 1 < m < n.
• Computes the ciphertext C = me mod n.
• Sends the ciphertext C to B.

25. DECRYPTION
Sender decrypts the message as follows:
• Uses his private key (n, d) to compute m
= Cd mod n.
• Extracts the plaintext from the message
representative m.

26. Features of RSA
• Secrecy and Privacy
• Integrity
• Authentication
• Non-repudiation

27. Proposed Algorithm
• Public-Key encryption
•
•
– increased security
– Convenience
Secret-Key encryption
– Speed
Best solution is to combine public- and secret-key
cryptography to get both security and speed

28. Proposed Algorithm contd.
• User logins must be used to provide
authorization.
• The symmetric Data Key K is used for data
encryption.
• Then the symmetric key K is encrypted through
the user public key KPUB, and it is written in the
distributed storage system.

29. Simulation Tools
• Dot Net framework
• Gladinet Cloud Desktop
• Amazon Cloud Drive
• Box.net and OpenBox platform

30. Reference
• Gary C.Kessler, 1998, “An Overview of Cryptography”,
•
•
•
•
•
•
Chapter 3.
William Stallings, “Cryptography and Network Security”,
Fourth Edition, Chapters 3, 5, 9 and 13.
http://en.wikipedia.org/wiki/Cloud_Computing
http://www.box.net/
Amazon.com, “Amazon Web Services (AWS),” Online at
http://aws.amazon.com, 2008.
http://www.msdn.microsoft.com/enus/library/system.security.cryptography.aspx
http://www.gladinet.com/

31. Thank you