Data Storage and Processing on the Cloud: Approaches and Technologies
The purpose of the research study was to examine technologies and approaches used in data storage and processing on the cloud. Selected literature on cloud data storage and processing was reviewed to establish issues and challenges associated with data storage and processing on the cloud. According to current literature, major issues and challenges of a cloud environment include management of extremely large amount of data, analytical processing and parallel querying, and security. As literature reveals, these challenges can be solve through various approaches and technology including virtualization, parallel processing, and encryption.
Cloud computing has emerged as a popular technology and business model characterized by offering and utilization of hardware, platforms and software as services. Massive data centres, computers in clusters and virtualization support the provision of these services. Platform as a service (PaaS), software as a service (SaaS), hardware as a service (HaaS) are the main category of services offered commercially (Dikaiakos, et al, 2009). A cloud service is provided per on-demand basis and the user pays for what he or she has utilized. Platform as a service involves provision of virtual platforms such as operating systems. Hardware as a service involves provision of virtual hardware such as storage space, and software as a service involves typically provision of application software.
Businesses are increasingly adopting the concept of cloud-based storage, management and processing of data, which has significantly minimized the cost of delivering and storing data. A cloud user does not need to purchase unnecessary huge data storage hardware and/or software to manage the data. A cloud system offers the advantage of scalability. The need to lower cost, boost reliability, and support and manage virtualization in a cloud environment presents many challenges. Data storage and processing challenges associated with a cloud environment include sizeable parallel execution of queries, analytical processing and massive data storage and retrieval.
In this section, the core theme of the paper is addressed. The challenges addressed are those of security and privacy in cloud computing. In cloud computing, there are numerous security issues since it encompasses many technologies including operating systems, networks, Virtualization, databases, transaction management, resource scheduling, concurrency control, load balancing and memory management (Pearson and Mowbray, 2009).
Security challenges for these technologies and systems are mostly applicable to cloud computing. For instance, for the network that is interconnected the cloud must always be secure. Moreover, Virtualization paradigm leads to several security issues in cloud computing (Takabi and Joshi, 2010). For instance, the mapping of the virtual machines to the physical machines must be secure.
The process of customers in cloud computing to invoke their own electronic procedures of investigation within the cloud can be limit the model of delivery in use, and the complexity and access of the cloud architecture. The customers have no the ability to deploy the monitoring systems on the sites they do not own (Shen and Wu, 2010). They must always depend on the in the systems being used by the cloud service provider to support investigations.
The cloud data disposal and deletion are a risk, especially in the cases where hardware is issued dynamically to customers on the basis of their needs. The risk of data to continue being stored in the data stores, physical and backups media during decommissioning is well adhered to. Providers of cloud computing have generally unlimited access to the data of the user, and therefore controls are required to address the risk of privileged user access hence compromised customer data (Zhou, Zhang and Qian, 2010).
In addition, the customers may not be aware of where their data is being stored and due to this; there must be a risk of data being stored besides the customer’s information. The users can not be able to assure the security of systems that they do not control directly without the use of SLAs and also been given the right to audit security controls in the agreements (Kaufman, 2009).
Confidentiality Protection in Cloud Computing Systems
Cloud computing systems are today facing serious challenges to protect data confidentiality of the user. When the data of the user appear in unencrypted forms to remote machines operated and owned by a third party provider, the risks of users’ unauthorized disclosure of sensitive data from the providers of the services may be higher than expected (Pearson and Benameur, 2010). There are several techniques for data protection from external attackers are available, although there are no ways that are effective in protecting users sensitive data from service providers in cloud computing.
This research paper has given much approach to protect the confidentiality of the data of the user from service providers, and makes sure that the users confidential data that is stored or processed in the cloud computing cannot be accessed or disclosed by the service providers. This approach follows three major aspects: 1) by separation of infrastructure service providers with software service providers in cloud computing, 2) making the information of the user confidence, and 3) data obfuscation (Pearson and Mowbray, 2009).
Encrypted protection in cloud computing
As the cloud computing becomes more and more prevalent, information or data that is sensitive is increasingly stored in the cloud. In to ensure data privacy, the sensitive data must be encrypted before it is outsourced, which makes the utilization of effective data to be a very challenging task (Siersch, 2013). Although there are traditional searchable encryption techniques that give the user to search over encrypted data securely through key words, these techniques only support Boolean search, without being able to capture any relevance of data files. However, this approach faces two challenges when applies in cloud computing. First, the users who have no idea of the encrypted cloud data must post process all the files they retrieve so that they could find those of matching interest. Secondly, invariably by accessing all files that contain queried keyword incur unnecessary network traffic, which is not desirable in today’s pay as you use cloud computing (Chen and Katz, 2010).
Searchable encryption ensures that the owners of data outsources the data in an encrypted manner while at the same time ensuring that the selectivity search capability is maintained over the encrypted data. In this regard, searchable encryption can be received totally from the use of oblivious RAMs. Although hiding everything in the search for a malicious server and utilizing RAM leads the cost of the logarithmic number of interactions between the server and the user for each search request (Dikaiakos and Mehra, 2009). For more efficient solutions to be achieved, all the work presented on the searchable encryption literature resort to security guarantee that is weak, i.e., revealing the search and the access pattern and nothing else.
In this case, to access pattern is defined as the search result, i.e. the retrieved files. The search pattern includes equality pattern and any other information derived from this statement. The stored data in the cloud is encrypted by the use of asymmetric algorithms (RSA algorithm) before it is stored so as to enforce the integrity of data in a cloud environment (Li, Tian and Yang, 2009). The process of the algorithm uses public key cryptography with two different keys private and public key, one for encryption and the other for decryption. This ensures that the privacy of data of the client is enforced over the cloud and hence making the other user not to access the original cloud data since it has been encrypted (Chen and Katz, 2010).
Cryptography for Cloud Security
In this study, the security issues of data storage in a cloud storage service and the need for this user to continue trusting the commercial cloud providers. In this regard, a cryptographic scheme is proposed for cloud storage, which is based on an original usage of Cryptography. This solution has several advantages (Pearson and Mowbray, 2009). To begin with, it gives secrecy for any encrypted data stored in the servers of the public. Secondly, it gives controlled access of data and sharing among users, so that untrusted servers or unauthorized users cannot search or access over data without the authorization of clients.
Cryptography provides entities with private and public key pairs without CS and certificate deployment. It is assumed that each entity uses one of the identifiers as a public key. From these identifiers, they must always be unique (Takabi and Joshi, 2010). The private key generation is assigned to function to a special entity known as a public key generator (PKG). Therefore, before the network is accessed, all the entities must contact PKG so as to retrieve the private key. There is always computation of the private key so as to bind to the public key of the entity (Lim and Paterson, 2007).
Confidentiality Protection in Cloud Computing Systems
Confidentiality can be defined as the assurance given to sensitive data so that it is not disclosed to any unauthorized processes, persons or devices. It ensures any confidential data of the user is not disclosed to service providers in the systems including platforms, applications, physical and CPU memories (Subashini and Kavitha, 2011).
It can be noted that the confidential data of the user are disclosed to a service provider when all the following three conditions are fulfilled:
- the provider of the service must be sure were the confidential data of the user is located in the cloud computing systems.
- the service providers can be allowed to access and collect any confidential data needed by the user in the cloud computing systems.
- the provider of the services must be able to understand the meaning user’s data.
This can be because of the following reasons: for the user’s data to be collected, the service provider must have the privileges to access the data and must know the location of the data in cloud computing systems (Lim and Paterson, 2007). When the service provides retrieves the user’s data, they may not be able to understand the meaning of the data unless they have the following information: the interfaces and functionalities of the application using the data, types of the data, and the data format. Therefore, when a service provider is prevented from fulfilling the above three conditions, and then the confidentiality of the user’s data can be protected in cloud computing systems from the service providers (Brian, and Brunschwiler, 2008).
ID-Based Cryptography for Secure Cloud Data Storage
In this study, the informal security of the proposal is given. It also gives other possible refinements for mitigation of other threats.
By the use of cryptographic as the solution of keeping data content secret, there are sensitive information added in the meta-data. In this regard, ID-based cryptographic solution is given on hashed meta-data (Dikaiakos, katsaros and Vakali, 2009). Due to this, the meta-data forms the identifier of the data. To begin with, the content of meta-data can never be disclosed to the CSP, since the hashed information is the only one accessed. Secondly, it is not possible for CSP to reveal the content of the stored data. This is because it has no the secret sC which is required to derive the private key and also decipher data. When searching for storing data, in a backup process, privacy may be endangered (Jansen and Grance, 2011). This means that general retrieval methods are formed on the basis of keywords search.
ID based cryptographic solution was performed to ensure the confidentiality of data for secure data storage, sharing and backup. It was first proposed to outsource encrypted data to cloud servers. In this approach, the user is always in charge of enciphering and also managing his secrets (Yan, Zhao and Rong, 2009). The user acts as a PKG entity and is therefore responsible for managing and generating his secrets of his own. In this regard, the user is the only entity that knows the IBC secret. This kind of secret located on the user is required for deciphering key to be derived. It is therefore not possible for the CSP or any malicious user to access the deciphering key for data to be decrypted (Kaufman, 2009). On the other hand, it proposes the use of a per data key for enciphering data. This kind of proposal is well suited for sharing process, since the client relies on different ID based pair of keys for data storage.
Data access control
The proposed sharing scheme is designed to give backward and forward secrecy of data that is outsourced. In this case, the issue of unauthorized access of data is twofold. To begin with, the given rights to recipients are granted by the depositor and managed by the CSP. Again, when they need to access the outsourced data by the recipient, authentication with the CSP would be the first. Secondly, even when a malicious or CSP recipient can be allowed to access the data, there will still be a guarantee of data confidentiality. The only data they can only access is the encrypted one. They have no the private key needed to decipher data (Hwang and Li, 2010).
ID based cryptography mainly suffers from escrow attacks because PHG needs to be defined. However, the proposed solutions mitigate this kind of problem since each client acts as a PKG for their own data (Shen and Wu, 2010). This is a meaning that each client has the responsibility to generate the private keys required for the decryption of the outsourced ciphered data. In the case of a classical asymmetric cryptographic system, there remains a burden of public keys as it needs a classical asymmetric cryptographic system, and therefore the distribution of public keys still remains to be a burden since they require the usage of certificates and certification authority. In this proposal, the need for public key distribution is avoided for the other users because of IBC (Subashini and Kavitha, 2011).
Encrypted Cloud Data
Encrypted cloud data clearly satisfies the security guarantee of SSE. This means that only the search pattern and access pattern is leaked. In this case, the ranking is done on the side of the user, which may oversee huge post processing and computation overhead. In addition, sending back all files leads to large consumption of undesirable bandwidth (Pearson and Benameur, 2010). One of the many possible ways of reducing the overhead of communication is that the server sends back all the entries that are valid. The user then decrypts the relevance score and sends another request to the cloud server to retrieve the relevant files by the rank ordered decrypted scores (Chen and Katz, 2010). When the sized of the valid entries are much less than the corresponding files, a significant amount of bandwidth must be saved, but only if the user does not access all the files that match.
In this case, the only obvious disadvantage is the two round trip time search that is requested for every user. It should also be noted that the server learns nothing about the relevance score value, but on the other hand it knows the requested files are more important than the others, which in the process leaks more information than the search pattern and access pattern (Siersch, 2013).
In the distribution scenario, the idea of revoking user’s access privileges arises but this can be handled by the use of data encryption and key re-distribution. For this computation cost to be returned a new group member cannot decrypt the previous data outsourced with the decrypting keys and a revoked user will not be able to decrypt any published data with the keys later. This is made possible by the key refreshing process (Pearson and Mowbray, 2009).
The evaluation of the performance leads to study of performance time of some ID-based encryption schemes. It is expected to have a better IBE in the future with new definitions of new pairing functions (Brian, Brunschwiler, 2008). However, according to the results of the study, IBE schemes remain slower than those of the AES encryption algorithm used mostly today by many storage providers. Furthermore, IBC should be considered as a compromise between memory storage and computation time.
In the proposal of this study, it analyses how the server performs that ranking quickly without actually knowing the relevance scores (Dikaiakos, Katsaros and vakali, 2009). In order to support the ranked search effectively over the encrypted file collection, the newly developed cryptographic primitive is resorted in a certain order preserving symmetric encryption for the achievement of a more practical performance. When OPSE is resorted, then the RSSE security guarantee is inherently weakened in comparison to SSE. This is the kind of information that is needed to be traded off for efficient RSSE (Lim and Paterson, 2007).
In the world of today, cloud computing is being talked and defined across the ICT industry under different definitions and contexts attached to it. The main point is that cloud computing means the process of having a server firm that is able to host the services for the users who are connected to it through the network. Technology has moved in this direction because of dynamics witnessed in communication, computing and networking technologies. Reliable and fast connectivity are one of the main factors for presence of cloud computing.
For secure cloud storage services, and properties that are attractive of ID-based cryptography lead to the definition of an innovative solution to the outsourcing of security issue. In cryptography, the solution is based on the use of IBC. To being with, the cloud storage clients are assigned the PKG-IBC function. This is for them to issue their own public elements, and hence keeping their results confidential resulting to IBC secret. Secondly, there is per data key that is retrieved from data identifiers and is used to encipher data. The IBC properties were important because it leads to support of data confidentiality and privacy since it employs original ID-based client side encryption approach. In addition to this, the lightweight ID-based public key contrary and computation process for the sharing schemes, the proposal does not need the depositors to be connected, when the recipients need to access the data that is shared.
In the encryption approach, the study attempted, motivate and solved the problem of the support of keyword searches for the achievement of the stored data and for its effective utilization in the stored cloud computing. Firstly, a basic scheme is given that shows that by using similar existing searchable encryption framework, then it would be very inefficient to have a ranked search. This regard, the security guarantee is weakened, they resorted to the newly developed crypto primitive OPSE, where an efficient one to many orders are derived hence preserving mapping function, which ensures that effective RSSE is designed. By the use of thorough security analysis, it can be proved that the proposed solution is privacy preserving and secure, and at the same time realizing the keyword search goals.
On the confidentiality issue, several approaches of protecting confidential data of the user in cloud computing from the cloud service providers. This approach is based on: hiding information about the owner of data, separation of infrastructure service providers and software service providers, and data obfuscation.
CAUTION! Free research paper samples and research proposal examples on Cloud Computing are 100% plagiarized!!!
At EssayLib.com custom writing service you can buy a custom research paper on Cloud Computing topics. Your research paper will be written from scratch. We hire top-rated Ph.D. and Master’s writers only to provide students with professional research paper assistance at affordable rates. Each customer will get a non-plagiarized paper with timely delivery. Just visit our website and fill in the order form with all paper details:
Enjoy our professional research paper writing service!