2. Vinoth Kanna Kolapakkam Venkatesan
1
Contents
Introduction.................................................................................................................................2
AIM............................................................................................................................................. 2
Background to the research ..........................................................................................................3
Literature Review ......................................................................................................................... 4
Implementation Method...........................................................................................................4
Impacts....................................................................................................................................5
Research Problem......................................................................................................................... 5
Research Question........................................................................................................................ 6
Methodology................................................................................................................................ 6
Observation.............................................................................................................................. 8
Proposedexperiment or Experimental Design............................................................................ 8
Data Analysis............................................................................................................................ 9
Potential Outcomes and Limitations .............................................................................................. 9
Limitations................................................................................................................................. 10
Ethical Limitations ...................................................................................................................... 10
Conclusion ................................................................................................................................. 11
Reference .................................................................................................................................. 12
3. Vinoth Kanna Kolapakkam Venkatesan
2
Introduction
Cloud has ended up being a suitable decision for providing computing and stockpiling data
particularly for little and medium estimated organizations lately. The "pay per utilization"
expense model, on interest registering, vast scale stockpiling asset with simple get to and
liberating clients from overseeing and keeping up assets are among the vital components
that have settled on cloud an appealing decision for such administrations. The issue of low
trust on cloud processing is a deterrent, one of the significant hindrances to its pervasive
organization, especially if there should be an occurrence of discriminating information
stockpiling on the cloud supplier's data centres. Trust is a basic factor in cloud computing; in
present practice it depends generally on impression of notoriety, and self appraisal by
suppliers of cloud services. We start this paper with an overview of existing systems for
building up trust, and remark on their confinements. We then address those constraints by
proposing more thorough components in view of proof, trait accreditation, and acceptance,
and close by recommending a system for coordinating different trust instruments together
to uncover chains of trust in the cloud. [3]
This reports will outline the background; aim; existing literature issue; inquiry; proposed
methodology ;and potential results and constraints.
AIM
In this paper, contended favourable circumstances and drawbacks are assessed for
fulfilment of clients. Another trust model has been proposed between cloud supplier and
cloud clients in three turns. At first turn client must be fulfilled by past experience of cloud
supplier, at second turn client must have information about Cloud Computing, SLA
(Administration Level Agreement), Cloud Advantages, Cloud Disadvantages Issues identified
with preferences & weaknesses and securities at distinctive levels. With proposed model
any association can without much of a stretch make a trust on cloud supplier and can utilize
third party services. [2]
This paper proposes utilizing a trust-overlay organizes over different server farms to
actualize a reputation framework for setting up trust between administration suppliers and
information proprietors. Information shading and programming watermarking strategies
4. Vinoth Kanna Kolapakkam Venkatesan
3
ensure shared information items and enormously circulated programming modules. These
strategies shield multi-way verifications, empower single sign-on in the cloud. [1]
Background to the research
The cloud does appear understand some important issues with the constantly expanding
expenses of installing, maintaining, and supporting an IT framework that is sometimes used
any-place close to its ability in the single-proprietor environment. There is a chance to
expand productivity and lessen costs in the IT part of the business and leaders are starting
to focus. Vendors who can provide a safe, high-accessibility, adaptable framework to the
masses may be ready to succeed in getting associations to receive their cloud
administrations.
To expand the selection of Web and cloud administrations, cloud service providers (CSPs)
should first build up trust and security to reduce the stresses of a various clients. A secure
cloud system ought to be free from abuse of trust, password duping, hacking, virus,
obscenity, spam, and protection and copyright infringement. Both public and private cloud
interest "trusted zones" for information, virtual machines (VMs), and client identity, as
VMware and EMC3 initially presented. [1]
Kai Hwang, Deyi Li. (2010)author describes The Cloud Security Alliance has distinguished a
couple of basic issues for trusted cloud registering, and a few late works talk about broad
issues on cloud security and privacy. Public and private clouds request diverse levels of
security authorization. We can recognize among diverse service-level agreements (SLAs) by
their variable level of shared obligation between cloud suppliers and clients. Discriminating
security issues incorporate data integrity, client privacy, and trust among suppliers,
individual clients, and client groups.
Because of the following reasons, the greater part of the companies would prefer not to
utilize the cloud computing services:
Security Concerns (i.e. 20%)
Unawareness with respect to the Entire administrations gave by the Cloud Provider
(i.e. 40%)
Un-trusted Service Providers (i.e. 40%)
5. Vinoth Kanna Kolapakkam Venkatesan
4
By explaining the said advantages of cloud computing, 29% completely concurred and 66%
companies’ partially consented to use the cloud environment. Presently it is important to
give a stage which could help associations to settle on choice about the usage and upgrade
their insight about cloud services from all viewpoints. [2]
To address these issues, we propose a reputation based trust-administration plan increased
with data colouring and software watermarking.
Literature Review
Kai Hwang, Deyi Li. (2010) research paper literature review was been conducted throughout
the paper. (Ma, K.; Weiming Zhang (2009)) paper is been used by author to justify hiding
data in encrypted images techniques. Same modular approach is been followed by (Kai
Hwang, Deyi Li. (2010)) to hide data by the concepts like data coloring and water marking
techniques. To propose this author uses Encryption Algorithm. Author also reviews the
project and backs it with many IEEE research papers. [1]
Syed.S, Teja P.S. (2014) literature reviewed almost exclusively from a large number of
articles, books and IEEE research papers. Same as (Kai Hwang, Deyi Li. (2010)) this paper is
also well researched and reviewed. Author proposes secure cloud data centres through
encrypted databases. To achieve this author uses Attribute Based Encryption for secure
storage. (Iyer, B.; Mehrotra, S (2004)) IEEE papers as a reference to the encoded database
using efficient cryptic operations. Database encryption will provides an additional level of
security of data owners from the service providers. This paper also proposes multi-level
threshold based encryption technique, whose encoded data size independent of the
number of attributes. [4]
Implementation Method
Kai Hwang, Deyi Li. (2010) paper revolves around the concept of creating trust between the
cloud service providers and cloud user. In order to achieve this author uses software
watermarking and encryption algorithm to secure user data over the cloud. This approach
provides more secure cloud platform for the users. To create trust author encrypts the data
stored on the cloud. This will make impossible for the cloud service providers to view the
user data present over the data centres. Syed.S, Teja P.S. (2014) also depicts the same
process rather than encrypting the data, author suggests encrypting the entire database. To
6. Vinoth Kanna Kolapakkam Venkatesan
5
encrypt the database author uses attribute based encryption. Both the papers use an
encryption algorithm to provide a secure cloud service.
Impacts
Utilizing Cloud Computing, organizations can scale up-to High limits instantly without
putting resources into new base, preparing the individuals or new programming licensing. It
is more helpful for small and medium scale organizations that need to outsource their Data
Centre, or some bigger organizations likewise incline to chop down the expenses of building
data centres inside the organisation to get maximum usage. So, buyers use what they need
and pay appropriately. Advantages for the cloud users are they no more need a PC to utilize
the application. They can get to it by utilizing cell phones, PDA or which the medium Cloud
underpins. By receiving cloud, user does not have to worry about the infrastructure,
programming furthermore user doesn't have to stress over the system support. By picking
this cloud user can diminish the capital costs and operating costs. [1]
Research Problem
The problem arise during the implementation phase, as the data present over cloud is
encrypted it requires complex techniques to achieve it. The Service-Level-Agreements (SLAs)
between the cloud providers and users for both the public and private clouds require
different approach. The SLAs require data confidentiality highly for the users Virtual
Machines (VMs). These critical issues comprises of data integrity, confidentiality and trust
between the providers and cloud user are always a debatable concept. In order to secure
the data the encryption algorithm used to watermark the data are complex and hard to
implement in the real time.
The infrastructure-as-a-service (IaaS) model sits at the deepest usage layer, which is
reached out to shape the platform-as-a-service (PaaS) layer by including OS and middleware
support. The cloud user are not allowed to manage the cloud IaaS with the current (SLAs)
provided by the cloud service providers. Because of these agreements the cloud user data
passing through IaaS are subjected to malwares and viruses.
Securing Platform-as-a-service (PaaS) requires complex coding and implementing those user
built application over the cloud may result in performance reduction. User privacy is a major
concern.
7. Vinoth Kanna Kolapakkam Venkatesan
6
PaaS further reaches out to the software-as-a-service (SaaS) demonstrate by creating
applications on information, substance, and metadata utilizing exceptional APIs. This shows
that SaaS requires security at all levels and it is prone to vulnerabilities. The encryption
technique proposed is proved not to be the best, data securing option over the cloud as the
cloud service providers have the access over the data centre.
The watermarking technique fragments the data into bits and pieces and storing the data.
These data are retrieved using the encryption keys. Data can be viewed by anyone who
provides the appropriate key in the cloud, which makes it unreliable.
Research Question
The implementation of the security over the cloud will be based on the requirements and
the research is completely based on the trust between the cloud service providers and the
cloud users. How the watermarking technique is implemented. And what are the necessary
steps to achieve this goal.
The exact questions this search project will address:
Are the encryption algorithm used is sufficient to secure cloud data?
How the Data colouring and watermarking techniques is implemented?
How to prevent Internet Service Providers and Cloud Service Providers from violating
user privacy?
Trust between Cloud Service Providers and Data Owners (Users)?
Is it really possible to secure all Iaas, PaaS and SaaS service models?
Methodology
The methodology used to gather information for investigation in this research project will
be a mixed methodology. Both qualitative and quantitative information gathering strategies
will be consolidated together. The essential approach will be qualitative. The primary
technique of data collection will be survey and observations. These surveys can be
conducted as Electronic survey through mailed questionnaire and online survey.
The below survey shows the insight of the cloud users requirements for the security in cloud
computing
8. Vinoth Kanna Kolapakkam Venkatesan
7
Questions Answer Options Rating
Average
Reasons
Not
Important
Medium
Important
Very
Important
Privacy YES/NO YES/NO YES/NO Provides
insight of
the users
privacy
requirements
Cloud Models Public Private Hybrid
YES/NO YES/NO YES/NO
Data
Availability
YES/NO YES/NO YES/NO
Data Integrity YES/NO YES/NO YES/NO
Data
Confidentiality
YES/NO YES/NO YES/NO
Trust YES/NO YES/NO YES/NO
Repudiation YES/NO YES/NO YES/NO
Loss of
control over
data
YES/NO YES/NO YES/NO
Lack of
liability of
providers
YES/NO YES/NO YES/NO
Security
Standard
YES/NO YES/NO YES/NO
Development
model
IaaS SaaS PaaS
YES/NO YES/NO YES/NO
This survey helps us to determine the various cloud security factors preferred by the cloud
users. On the basis of this survey we can get the clear picture of the cloud user
9. Vinoth Kanna Kolapakkam Venkatesan
8
requirements. Based on this we can provide the secure and exact cloud application to the
cloud user. The qualitative analysis helps to conclude the overall characteristic of the cloud
user towards cloud services. [12]
The above survey consist three parts of data security under Data Integrity, Data
Confidentiality and Data Availability. To achieve this we use the encryption standard to
provide fine-grain access control over the data.
Observation
In this Research method, all the observation related to the cloud security will observed and
recorded. These recorded values are shown in the below graph. These data recordings will
show the importance of the data security over the cloud.
[5]
Security solutions with grouped categories: Pie chart for solutions with grouped categories,
showing a clear lack for virtualization security mechanisms in comparison to its importance
in terms of concerns citations. [5]
The security in data will be implemented based on the above observations in relations to
the appropriate security measure.
Proposed experiment or Experimental Design
Before, watermarking was primarily utilized for advanced copyright administration.
Christian Collberg has proposed watermarking to ensure programming methods. [6] The
model Deyi Li and his partners suggest offers a two request fluffy participation capacity for
securing information owners. [7] This model is extended to add distinct data colours to
10. Vinoth Kanna Kolapakkam Venkatesan
9
secure expansive data formats in the cloud. To protect it, we consolidate the benefits of safe
cloud stockpiling and programming watermarking through information shading and trust
transaction.
We introduce the cloud drops (data colours) into the input photograph and remove colour
to restore the original photograph. The colouring procedure utilizes three information
attributes to produce the shading: the expected value (Ex) relies on upon the information
content, though entropy (En) and hyper-entropy (He) include a random number generated
by the encryption algorithm, which are anonymous of the information content and known
just to the cloud user. All things considered, these three capacities produce a collection of
cloud drops to shape a remarkable "colouring" that cloud providers or other cloud clients
cannot distinguish.
Data Analysis
Once all the above metric data is calculated it is easy to analysis the data. The qualitative
information will uncover the examples and recognize variables that researchers were not
appraised of. This statistical approach will provide the clear outcome of the cloud users
requirement and behaviour towards cloud services. The data analysis will keep track of how
the data is been stored and retrieved from the cloud data centres. The data will be
watermarked and fragmented into data bits and stored in the data centres. It shows the
methodology used to store the data securely using the encryption. Data analysis shows
physically how the watermarked data is stored on the server. The encryption key is been
used to store the data and retrieve the data we use the decryption key to decrypt the data
present in the cloud server. The efficiency of the analysis will be calculated in accordance to
the storing and retrieval of data. After this watermarking even the Cloud Service Providers
cannot able to view the data present in the cloud server without the permission of the data
owner.
Potential Outcomes and Limitations
The proposed reputation framework and data colouring system to ensure data centre
access at a coarse-grained level and secure information access at a fine-grained document
level. These are important to the universal acknowledgement of Web-scale cloud computing
in individual, business, finances, and computerized government applications. Internet clouds
11. Vinoth Kanna Kolapakkam Venkatesan
10
request that we globalize operating and security models. The interoperability and mesh-up
among diverse clouds are completely different issues. Cloud security framework and trust
administration will assume an essential part in redesigning combined cloud services.
From the above consequences, the possible outcomes can be subdivided as:
1. Better Service Level Agreements (SLAs) between service providers and users
2. Fine-grained access control over the data on the cloud servers
3. The security as a service (SECaaS) and data protection as n service (DPaaS) may grow
quickly.
The watermarking and data colouring technique used in this research paper will only
encrypt the selective types of files, all formats of images. It can be researched and
developed to encrypt even videos format data.
Limitations
There are several limitations in this research study which should be acknowledged. The
technical part of the research study is not been implemented professionally. So the
resultant output may vary.
The research study is conducted only to secure certain types of data over the cloud, not
every data types and formats can be secure using this research study. The basic purpose of
this research is to create trust between the cloud service providers and cloud users. In order
to implement those aspects in real life the technical and system limitations may arise.
The data gathering for the study is been done by the student, who lack in trained
experience. The system requirement to implement the study is not been properly discussed
The lack of technical knowledge may lead to complex cloud application, which will
eventually tend to be time consuming during data migration.
Ethical Limitations
The study utilizing overview is taking measures to ensure that the individuals from the
survey are aware of their rights. A participant should feel empowered and taught about
12. Vinoth Kanna Kolapakkam Venkatesan
11
their advantage, and that the endeavour is taking every measure to hold quickly to their
rights.
Contribution in every period of the audit is wilful and people have the benefit to not share
in any or most of the activities. Someone's withdrawal from one activity does not square
them from the others; however a couple of results may not be accomplished when uniting
data transversely over stages. The framework checking hubs may be configurable, with the
objective that individuals can pick not to have specific discernments assembled from their
frameworks.
The study is generally identified with the associations and is in view of the examination done
till now inside different associations and people. An information hand-out will be
orchestrated on these analysed rights and the errand by and large. It will have a layout
highlighting the noteworthy concentrates moreover contain more all around information for
those wishing to request further. This is so individuals are taught.
Exactly when data is submitted to the review, it will contain this identifier for association,
yet at no time is the identifier joined with the character of the person. The identifier will be
given to the individual so they can use it to withdraw at whatever point they need to be
barred from the review. Withdrawal from the endeavour will never be tended to.
This errand needs to be careful in the data it is get-together to guarantee protection. The
data required is about tradition likeness and perceiving device sorts. No record of certified
substance on the framework is set away whenever.
Conclusion
Even though the cloud computing is considered the future of information technology and
growing in a fast pace. It is relatively new concept which provides a good application and
service to its customers; however there are some security concerns in the cloud computing
which make it to not to reach its full potential. Although most of the study deals only with
security in cloud either trusts between cloud service providers and cloud users. But this
study provides both the trust and security on cloud. Since Cloud Computing influences
numerous advances, it likewise acquires their security issues. Conventional web
applications, information facilitating, and virtualization have been looked over, yet a
13. Vinoth Kanna Kolapakkam Venkatesan
12
percentage of the arrangements offered are juvenile or in-existent. We have exhibited
security issues for cloud models: IaaS, PaaS, and IaaS, which change dependencies upon the
model.
Reference
[1]K. Hwang and D. Li, 'Trusted Cloud Computing with Secure Resources and Data Coloring', IEEE
Internet Comput., vol. 14, no. 5, pp. 14-22, 2010.
[2]A. Rashidi, 'A Model for User Trust in Cloud Computing', IJCCSA, vol. 2, no. 2, pp. 1-8, 2012.
[3]J.Huang and D. Nicol,'Trustmechanismsforcloudcomputing', JCloud ComputAdv SystAppl, vol.
2, no. 1, p. 9, 2013.
[4]S. Syed and P. Teja, 'Contemporary Computing and Informatics (IC3I), 2014 International
Conference on', Novel data storage and retrieval in cloud database by using frequent access node
encryption, vol. 13, no. 2, pp. 353-356, 2014.
[5]N. Gonzalez, 'A quantitative analysis of current security concerns and solutions for cloud
computing', J Cloud Comput Adv Syst Appl, vol. 1, no. 1, p. 11, 2012.
[6]C. Collberg and C. Thomborson, 'Watermarking, tamper-proofing, and obfuscation - tools for
software protection', IIEEE Trans. Software Eng., vol. 28, no. 8, pp. 735-746, 2002.
[7]D. Li, C. Liu and W. Gan, 'A new cognitive model: Cloud model', Int. J. Intell. Syst., vol. 24, no. 3,
pp. 357-375, 2009.
[8]G. Garrison, S. Kim and R. Wakefield, 'Success factors for deploying cloud computing', Commun.
ACM, vol. 55, no. 9, p. 62, 2012.
[9]J. Rittinghouse and J. Ransome, Cloud computing. Boca Raton: CRC Press, 2010.
[10]A.Rahbar and O. Yang, 'PowerTrust:A Robustand Scalable ReputationSystem for Trusted Peer-
to-Peer Computing', IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 4, pp. 460-473, 2007.
[11]T. Carvalho, 'A quantitative analysis of current security concerns and solutions for cloud
computing', J Cloud Comput Adv Syst Appl, vol. 1, no. 1, p. 11, 2012.
[12]S. Subashini and V. Kavitha, 'A survey on security issues in service delivery models of cloud
computing', Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1-11, 2011.
14. Vinoth Kanna Kolapakkam Venkatesan
13
[13]R. Bhadauria and S. Sanyal, 'Survey on Security Issues in Cloud Computing and Associated
Mitigation Techniques', International Journal of Computer Applications, vol. 47, no. 18, pp. 47-66,
2012.
[14]S. ., 'A SURVEY ON DATA SECURITY IN CLOUD COMPUTING: ISSUES AND MITIGATION
TECHNIQUES', IJRET, vol. 02, no. 14, pp. 26-30, 2013.
[15]S. Zhu and X. Yang, 'Protecting data in cloud environment with attribute-based encryption',
International Journal of Grid and Utility Computing, vol. 6, no. 2, p. 91, 2015.