International Journal of Innovative Research in Engineering & Science ISSN 2319-5665

(September 2013, issue 2 volume 9)

“CLOUD COMPUTING SECURITY ARCHITECTURE

- IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA
SECURITY”

Varun Gandhi1
Department of Computer Science and Engineering,
Dronacharya College of
Engineering, Khentawas, Farukhnagar, Gurgaon, India
Sanchit Bansal2, Raveesh Kapoor3, Aakarsh Dhawan4
Department of Computer Science and Engineering,
University of Petroleum and Energy Studies, Dehradun, India

ABSTRACT:

The Cloud Computing offers service over internet with dynamically scalable resources. Cloud
Computing services provides benefits to the users in terms of cost and ease of use. Cloud
Computing services need to address the security during the communication of sensitive data and
critical applications to shared and public cloud environments. The cloud environments are
scaling large for data processing and storage needs. Cloud computing environment have various
advantages as well as disadvantages on the data security of service consumers. This paper aims
to emphasize the main security issues existing in cloud computing environments. The security
issues at various levels of cloud computing environment is identified in this paper and
categorized based on cloud computing architecture. This paper also focuses on the usage of
Cloud services and security issues to build these cross-domain Internet-connected collaborations.

Keywords: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-

Service (SaaS), Virtual Machine (VM).

INTRODUCTION:

Cloud computing is a hot topic in IT industry. Cloud computing is internet based development
and is used in computer technology. Cloud computing manages and schedules the computing
resources through network, and constitutes a large computing resources pool which can provide
service to users on their demand .The network is called ―cloud‖. Resources in cloud is seems that
can be extended unlimitedly, got anytime, used on-demand and paid according to apply. It
dynamically delivers everything as a service over the internet based on user demand, such as
network, operating system, storage, hardware, software, and resources. These services are
classified into three types: Infrastructure as a Service (IaaS) , Platform as a Service (PaaS) and
Software as a Service (SaaS).

Overview of High-level Cloud Architecture:

11
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

We provide an architectural view of the security issues to be addressed in cloud computing

environment for providing security for the customer. We have defined four layers based on cloud
computing services. The cloud computing categorization based on services as Software-as-a-
Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS). This section
elaborates the four layers shown in figure 1 and mapping the different security issues in each
layer.

Some of the important components of User layer are Cloud Applications, Programming, Tools
and Environments. Some of the popular examples for these applications are B2B, Facebook,
MySpace, Enterprise, ISV, CDNs, Web 2.0 Interfaces, Aneka, Map Reduce, Dryad, Workflows
and libraries. Some of the security issues related to the user layer are Security as a Service,
Browser security, and Authentication are elaborated in the next sections.

FIGURE 1: Security Architecture of Cloud Computing

12
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

THERE ARE FOUR MAIN TYPES OF CLOUD:

Public Cloud: The cloud computing resource is pooled outside, anyone can use it and some
amount of charges will be required for the same.

Private Cloud: It is opposite to public cloud, private cloud’s resource is limit to a group of
people, like employees of an organization etc.

Hybrid Cloud: This is a mixture of previous two clouds, some cloud computing resource is
shared outside but the others aren’t.

Community Cloud: This is a special cloud to make use of cloud computing features. More than
one community shares a cloud to share and reduce the cost of computing system.

FIGURE 2: Deployment models operated by Cloud Computing

Data storage in cloud offers so many benefits to users:

a. It provides unlimited data storage space for storing user’s data.

b. Users can access the data from the cloud provider via internet anywhere in the world not
on a single machine.

c. We do not buy any storage device for storing our data and have no responsibility for local
machines to maintain data. Within the cloud computing world, the virtual environment
lets users’ access computing power that exceeds that contained within their own
physical worlds. To enter this virtual environment, it does not require the exact location
of their data nor the other sources of the data collectively stored with theirs. To ensure

13
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

data confidentiality, integrity and availability (CIA), the storage provider must offer
capabilities that, at a minimum, include:

 a tested encryption schema to ensure that the shared storage environment safeguards all
data;
 harsh access controls to prevent unauthorized access to the data; and
 Scheduled data backup and safe storage of the backup media.

SECURITY ISSUES FACED BY CLOUD COMPUTING:

When it comes to security, cloud really suffers a lot. The vendor for Cloud must make sure that
the customer does not face any problem such as loss of data or data theft. There is also a
possibility where a malicious user can penetrate the cloud by impersonating a legitimate user,
there by infecting the entire cloud thus affecting many customers who are sharing the infected
cloud. Some of the problem which is faced by the Cloud computing are:

1. Data Integrity
2. Data Theft
3. Privacy issues
4. Infected Application
5. Data loss
6. Data Location
7. Security on Vendor level
8. Security on user level

Data Integrity:0
When a data is on a cloud anyone from any location can access those data’s from the cloud.
Cloud does not differentiate between a sensitive data from a common data thus enabling anyone
to access those sensitive data’s. Thus there is a lack of data integrity in cloud computing.

Data Theft:
Most of the cloud Vendors instead of acquiring a server tries to lease a server from other service
providers because they are cost affective and flexible for operation. The customer doesn’t know
about those things, there is a high possibility that the data can be stolen from the external server
by a malicious user.

Privacy Issues:
The Vendor must make sure that the Customer Personal information is well secured from other
operators. As most of the servers are external, the vendor should make sure who is accessing the
data and who is maintaining the server thus enabling the vendor to protect the customer’s
personal information.

Infected Application:

14
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

Vendor should have the complete access to the server for monitoring and maintenance, thus
preventing any malicious user from uploading any infected application onto the Cloud which
will severely affect the customer.

Data Loss:
Data loss is a very serious problem in Cloud computing. If the vendor closes due to financial or
legal problems there will be a loss of data for the customers. The customers won’t be able to
access those data’s because data is no more available for the customer as the vendor shut down.

Data Location:
When it comes to location of the data nothing is transparent even the customer don’t know where
his own data is located. The Vendor does not reveal where all the data is stored. The Data’s
won’t even be in the same country of the Customer, it might be located anywhere in the world.

Security on Vendor level:

Vendor should make sure that the server is well secured from all the external threats it may come
across. A Cloud is good only when there is a good security provided by the vendor to the
customers.

Security on User level:

Even though the vendor has provided a good security layer for the customer, the customer should
make sure that because of its own action, there shouldn’t be any loss of data or tampering of data
for other users who are using the same Cloud.

Security issues faced by cloud providers :

Infrastructure as a Service (IaaS):
Infrastructure as a Service is a running model in which an organization outsources the equipment
used to support operations, including storage, hardware, servers and networking components.
The service provider owns the equipment and is responsible for housing, running and
maintaining it. The client typically pays on a per-use basis.

Platform as a Service (PaaS):

Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network
capacity over the Internet. The service delivery model allows the customer to rent virtualized
servers and associated services for running existing applications or developing and testing new
ones.
Platform as a Service (PaaS) is an outgrowth of Software as a Service (SaaS), a software
distribution model in which hosted software applications are made available to customers over
the Internet. PaaS has several advantages for developers. With PaaS, operating system features
can be changed and upgraded frequently. Geographically distributed development teams can
work together on software development projects. Services can be obtained from diverse sources
that cross international boundaries. Initial and ongoing costs can be reduced by the use of
infrastructure services from a single vendor rather than maintaining multiple hardware facilities
15
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

that often perform duplicate functions or suffer from incompatibility problems. Overall expenses
can also be minimized by unification of programming development efforts.

Software as a Service (SaaS):

Software as a Service (SaaS) is a software distribution model in which applications are hosted by
a vendor or service provider and made available to customers over a network, typically the
Internet. SaaS is becoming an increasingly prevalent delivery model as underlying technologies
that support Web services and service-oriented architecture (SOA) mature and new
developmental approaches, such as Ajax, become popular.
Meanwhile, broadband service has become increasingly available to support user access from
more areas around the world. SaaS is closely related to the ASP (application service provider)
and on demand computing software delivery models. IDC identifies two slightly different
delivery models for SaaS. The hosted application management (hosted AM) model is similar to
ASP: a provider hosts commercially available software for customers and delivers it over the
Web. In the software on demand model, the provider gives customers network-based access to a
single copy of an application created specifically for SaaS distribution.

DIFFERENT SECURITY ALGORITHMS :

RSA:
RSA is an algorithm for public-key cryptography, involves a public key and a private key. The
public key can be known to everyone and is used for encrypting messages. Messages encrypted
with the public key can only be decrypted using the private key. User data include encryption
prior to storage, user authentication procedures prior to storage or retrieval, and building secure
channels for data transmission.

MD5- (Message-Digest algorithm 5)

A widely used cryptographic hash function with a 128-bit hash value, processes a variable-length
message into a fixed-length output of 128 bits. The input message is broken up into chunks of
512-bit blocks. The message is padded so that its length is divisible by 512. In this sender use the
public key of the receiver to encrypt the message and receiver use its private key to decrypt the
message.

AES- (Advanced Encryption Standard)

In cryptography, the Advanced Encryption Standard (AES) is a symmetric-key encryption
standard. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits,
respectively. AES algorithm ensures that the hash code is encrypted in a highly secure manner.
AES has a fixed block size of 128 bits and uses a key size of 128 in this paper. Its algorithm is as
follows: 1. Key Expansion - 2. Initial Round - 3.Add Round Key - 4.Rounds - 5.Sub Bytes—a
non-linear substitution step where each byte is replaced with another according to a lookup table.
6. Shift Rows—a transposition step where each row of the state is shifted cyclically a certain
number of steps. 7. Mix Columns—a mixing operation which operates on the columns of the
state, combining the four bytes in each column 8. Add Round Key—each byte of the state is

16
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

combined with the round key; each round key is derived from the cipher key using a key
schedule. 9. Final Round (no Mix Columns) 10. Sub Bytes 11. Shift Rows 12. Add Round Key
IMPLEMENTING DES Algorithm IN CLOUD FOR DATA SECURITY:

In Cloud computing, we have problem like security of data, files system, backups, network
traffic, and host security. Here we are proposing a data security using encryption decryption with
DES algorithm while we are transferring it over the network. The Data Encryption Standard
(DES) is the name of the Federal Information Processing Standard (FIPS) 46-3, Which Describes
the data encryption algorithm (DEA). The DES has been extensively studied since its publication
and is the most widely used symmetric algorithm in the world. The DES has a 64-bit block size
key during execution. DES is a symmetric cryptosystem, specifically a 16-round Feistel Cipher.

When used for communication, both sender and receiver must know the same secret key, which
can be used to encrypt and decrypt the message, or to generate and verify a Message
Authentication Code (MAC). The DES can also be used for Single – user encryption, such as to
store files on a hard disk in encrypted form .The DES has a 64-bit block size and uses a 56 bit
key during execution. In Cipher Block Chaining mode of operation of DES, each block of ECB
encrypted cipher text is XORed with the next plain text block to be encrypted, thus making all
the blocks dependent on all the previous blocks .this means that in order to find the plaintext of a
particular block, you need to know the cipher text, the key and the cipher text for the previous
block.

The first block to be encrypted has no previous cipher text, so the plaintext is XORed with a 64-
bit number called the initialization vector (referred as IV).So if data is transmitted over network
or phone line and there is a transmission error, the error will be carried forward to all the
subsequent blocks since each block is dependent upon the last .this mode of operation is more
secure than ECB (electronic code book) because the extra XOR step adds one more layer to the
encryption process.

FIGURE3

17
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

FIGURE4
Compositions of Encryption and Decryption :

Encryption E = eL1 o eL2 …………… o eL16

Decryption D = dL16 o dL15 o ……………o dL1
Leader L is derived from the Password. Here we have 16 rotations. So we need 16 Leaders (L1
to L16) from Password.
L1 = First two bits of Password.
L2 = Second two bits of Password
L3 = Third two bits of Password and so on
Steps:

Get the Plain text.

Get the Password.
Convert the Characters into binary form.
Derive the Leaders (L1 to L16) from the Password.
Apply the Formula to get the encrypted and decrypted message.

Encryption:
x1 x2 x3
L y1 y2 y3

Decryption:
y1 y2 y3
L x1 x2 x3

CONCLUSION:

Among the many IT hulks driven by trends in cloud computing, it seems almost everyone has
brought good news in this field of research. For enterprises, cloud computing is worthy of
consideration and try to build business systems as a way for businesses. Cloud computing
undoubtedly brings about lower costs, higher profits and more choices for large scale industry,
Data security has become the most important issue of cloud computing security.

Though many results have been proposed, many of them only consider one side of security. We
proposed that the cloud data security must be considered to analyze the data security risk, the
18
International Journal of Innovative Research in Engineering & Science ISSN 2319-5665
(September 2013, issue 2 volume 9)

data security requirements, deployment of security functions and the data security process
through encryption. The main contribution of this paper is the fresh view of data security
solution with encryption, which is significant and can be used as reference for designing the
complete security solution.

FUTURE EXPECTATIONS:

In future work, we believe that data storage security in Cloud Computing, an area full of
challenges and of dominant importance, are still in its infancy now, and many research problems
are yet to be identified to enhance the security structures by using enhanced techniques of data
security through cryptosystems and other procedures.
REFERENCES:

1) http://www.squidoo.com/types-of-malware
2) http://www.webopedia.com/TERM/V/virus.html
3) http://compnetworking.about.com/cs/worldwideweb/g/bldef_worm.htm
4) http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
5) http://searchsecurity.techtarget.com/definition/spyware

19