Analysis of Sensitive Data Security on Trusted Third Party in Cloud Computing
Sophiya Sheikh and Amit Kumar Chaturvedi. Article: Analysis of Sensitive Data Security on Trusted Third Party in Cloud Computing. IJCA Proceedings on National Seminar on Recent Advances in Wireless Networks and Communications NWNC(2):42-47, April 2014. Full text available. BibTeX
@article{key:article,
author = {Sophiya Sheikh and Amit Kumar Chaturvedi},
title = {Article: Analysis of Sensitive Data Security on Trusted Third Party in Cloud Computing},
journal = {IJCA Proceedings on National Seminar on Recent Advances in Wireless Networks and Communications},
year = {2014},
volume = {NWNC},
number = {2},
pages = {42-47},
month = {April},
note = {Full text available}
}
Abstract
Cloud is now tremendously growing technology in market. It provides us services beyond of our imagination, not only in the field of virtualization but it also facilitates in models like client/server deployment models. It provides advantage of distributed computing, grid computing, utility computing, autonomic computing, as well as various services like web services and software services. Cloud Computing provide various facilities and services to its user like, easy to use architecture, less cost and provide a delivery platform for customer and corporate world. The cloud has adapted technologies like SOA (Service Oriented Architecture) and virtualization. Basically, it is outsourced from the third party e. g. Amazon, which now becomes world's largest online book store. If a technology provides us various facilities and services on demand in all cases using virtualization than there will be some sort of security issues. Although Cloud provide us security at all levels but still it have various security issues like lack of security and access control, insecure information can flow on the network that can be access by multiple virtual machines. Most of the customers are nervous while they are using cloud because they are concern about risks. So, our sensitive data is not secure in cloud. In this paper, our main concern is to review the sensitive data security on trusted third party because it is responsible for providing cloud virtual environment. We also discuss various risks, threats and vulnerabilities present in cloud and various solutions proposed for securing it.
References
- International Telecommunication Union, X-509 | ISO/IEC 9594-8, The directory: Public-key and attribute certificate frameworks, ITU, X-Series, 2001.
- National Institute of Standards and Technology, The NIST Definition of Cloud Computing, Information Technology Laboratory, 2009.
- Shen, E. , Shi, E. , and Waters, B. Predicate Privacy in Encryption Systems. In TCC. 2009.
- Shi, E. Bethencourt, J. , Chan, H. , Song, D. , and Perrig, A. Multi-Dimensional Range Query over Encrypted Data. In IEEE Symposium on Security and Privacy. 2007.
- Song, D. , Wagner, D. , and Perrig, A. Practical Techniques for Searches on Encrypted Data. In IEEE Symposium on Research in Security and Privacy. 2000.
- Boneh, B. , Di Crescenzo, G. , Ostrovsky, R. , and Persiano, G. Public Key Encryption with Keyword Search. In EUROCRYPT. 2004.
- Nuno Santos Krishna P. Gummadi Rodrigo Rodrigues, "Towards Trusted Cloud Computing", Conference on Hot Topics in Cloud Computing 2009, pages 1-5, USA.
- Hyukho Kim, Hana Lee, Woongsup Kim, Yangwoo Kim, "A Trust Evaluation Model for QoS Guarantee in Cloud Systems", International Journal of Grid and Distributed Computing, March, 2010.
- William Stallings, Cryptography and Network Security Principles and Practices, Prentice Hall, New Delhi.
- M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, On Technical Security Issues in Cloud Computing. IEEE, 2009.
- J. Brodkin, Loss of Customer Data Spurs Closure of Online Storage Service 'The Linkup,' Network World,August 11, 2008.
- Syed A. Ahson,; Mohammad Ilyas, Florida Atlantic University, Boca Raton, USA, "Cloud Computing and Software Services: Theory and Techniques" , CRC Press, 2010.
- B. Rajkumar, C. Yeo, S. Venugopal, S. Malpani, Cloud computing and emerging IT platforms: vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems (2009).
- Armbrust, M. Fox, A, Griffith, R. Joseph, D. A. Katz, R. Konwinski, A. et al. 2009, February. "Above the clouds: A Berkeley View of cloud computing. ")
- Bendandi, S. (2009). "Cloud computing: Benefits, risks and recommendations for information security".
- A. Giddens, The Consequences of Modernity, Polity Press, UK, 1991.
- R. Sherman, Distributed systems security, Computers & Security 11 (1) (1992).
- D. Lekkas, S. Gritzalis, S. Katsikas, Quality assured trusted third parties for deploying secure Internet-based healthcare applications, International Journal of Medical Informatics (2002).
- National Institute of Standards and Technology. Guide for mapping types of information and information systems to security categories, NIST 800-60,2008.
- Cloud Security Alliance. Top threats to cloud computing, Cloud Security Alliance, 2010.
- D. Polemi. Trusted third party services for health care in Europe, Future Generation Computer Systems 14 (1998) 51–59.
- S. Castell, Code of practice and management guidelines for trusted third party services, INFOSEC Project Report S2101/02, 1993.
- Commission of the European Community. Green paper on the security of information systems, ver. 4. 2. 1, 1994.
- VeriSign. Directories and Public—Key Infrastructure. PKI.
- A. Alshamsi, T. Saito, A technical comparison of IPSec and SSL, Cryptology(2004).
- C. P. Pfleeger, S. L. Pfleeger, Security in Computing, Prentice Hall, 2002.
- B. Lang, I. Foster, F. Siebenlist, R. Ananthakrishnan, T. Freeman, Attribute based Access control for grid computing, 2008.
- James B. D. Joshi, Walid G. Aref, Arif Ghafoor, Eugene H. Spafford, Security models for web-based applications, Communications of theACM44 (2) (2001).
- Armbrust, M. Fox, A, Griffith, R. Joseph, D. A. Katz, R. Konwinski, A. Above the clouds: A Berkeley View of cloud computing. Retrieved on March 10,2010. )
- Cloud Security Alliance (2010). Top Threats to Cloud Computing. Cloud Security Alliance Retrieved from http://www. cloudsecurityalliance. org/topthreats/csathreats. v1. 0. pdf
- Cohen, D. Farber, M. Fontecilla, R. Cloud computing a transition methodology. (2008).
- Edwards, J. Cutting through the fog of cloud security. Computerworld. (2009).
- Ateniese, G. , Burns, R. , Curtmola, R. , Herring, J. , Kissner, L. , Z. , Peterson, and Song, D. Provable Data Possession at Untrusted Stores. CCS. 2007.
- Boneh, B. , Di Crescenzo, G. , Ostrovsky, R. , and Persiano, G. Public Key Encryption with Keyword Search. In EUROCRYPT. 2004.
- Boneh, D and Waters, B. Conjunctive, Subset, and Range Queries on Encrypted Data. In The Fourth Theory of Cryptography Conference (TCC 2007), 2007.
- Chor, B. , Kushilevitz, E. , Goldreich, O. , and Sudan, M. Private Information Retrieval. J. ACM, 45, 6 (1998), 965-981.
- Shen, E. , Shi, E. , and Waters, B. Predicate Privacy in Encryption Systems. In TCC. 2009.
- Shi, E. Bethencourt, J. , Chan, H. , Song, D. , and Perrig, A. Multi-Dimensional Range Query over Encrypted Data. In IEEE Symposium on Security and Privacy. 2007.
- Song, D. , Wagner, D. , and Perrig, A. Practical Techniques for Searches on Encrypted Data. In IEEE Symposium on Research in Security and Privacy. 2000.
- Sweeney, L. Weaving technology and policy together. J. of Law, Medicine and Ethics, 25, 2-3 (1997).
- Waters, B. and Shacham, H. Compact Proofs of Retrievability. In ASIACRYPT. 2008.
- S. Subashini, V. Kavitha. A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications 34(2011)1-11.
- Mohamed Al Morsy, John Grundy, Ingo Müller, "An Analysis of The Cloud Computing Security Problem," in Proceedings of APSEC 2010 Cloud Workshop, Sydney, Australia, 30th Nov 2010.