SECURE DISTRIBUTED DATA

STORAGE IN CLOUD COMPUTING

 Contents to be covered…

 INTRODUCTION

 CLOUD STORAGE: FROM LANs TO WANs

 TECHNOLOGIES FOR DATA SECURITY IN CLOUD COMPUTING

 OPEN QUESTIONS AND CHALLENGES

 Introduction
 One of the core services provided by cloud computing is data storage.
 This poses new challenges in creating secure and reliable data storage and access
facilities over remote service providers in the cloud.
 The security of data storage is one of the necessary tasks to be addressed before the
blueprint for cloud computing is accepted.
 data security is the foundation of information security,a great quantity of efforts has
been made in the area of distributed storage security [13].
 However, this research in cloud computing security is still in its infancy [4].
 security aspects can be well-managed using existing techniques such as digital
signatures, encryption, firewalls, and/or the isolation of virtual environments ,and so
on [4].
 Another consideration is that the specific security requirements for cloud computing
have not been well-defined within the community.
 One concern is that the users do not want to reveal their data to the cloud service
provider.
 users are unsure about the integrity of the data they receive from the cloud.
CLOUD STORAGE: FROM LANs TO
WANs
 Moving From LANs to WANs
 Existing Commercial Cloud Services
 Vulnerabilities in Current Cloud Services
 Bridge the Missing Link
Moving From LANs to WANs
 distributed storage take the form of either storage area networks
(SANs) or network-attached storage (NAS) on the LAN level.
 SANs are constructed on top of block-addressed storage units
connected through dedicated high-speed networks.
 In contrast, NAS is implemented by attaching specialized file
servers to a TCP/IP network and providing a file-based interface
to client machine [6].
 For SANs and NAS, the distributed storage nodes are managed by
the same authority.
 The confidentiality and integrity of data are mostly achieved using
robust cryptographic schemes.
 security system would not be robust at cloud environment
 the confidentiality and the integrity of the data would be violated
when an adversary controls a node or the node administrator
becomes malicious.
Existing Commercial Cloud Services

 As shown in Figure 8.1, data storage services on the platform

of cloud computing are fundamentally provided by
applications/software based on the Internet.
 Amazon’s Web Service.
 Microsoft Windows Azure.
 Google App Engine (GAE).
Vulnerabilities in Current Cloud
Services
 Storage services that accept a large amount of data (.1
TB),service accept a smaller data amount (#50 GB) allow
the data to be uploaded or downloaded
 data integrity, the Azure Storage Service stores the uploaded
data MD5 checksum and email.
 Confidentiality can be achieved by adopting robust
encryption schemes.
 However, the integrity and repudiation issues are not handled
well on the current cloud service platform.
Bridge the Missing Link
 bridge the missing link based on digital signatures and
authentication coding schemes.
 there is a third authority certified (TAC) by the user and
provider and whether the user and provider are using the
secret key sharing technique (SKS).
 There are four solutions to bridge the missing link of data
integrity between the uploading and downloading
procedures.
TECHNOLOGIES FOR DATA SECURITY IN
CLOUD COMPUTING
 Database Outsourcing and Query Integrity Assurance.
 Data Integrity in Untrustworthy Storage.
 Web-Application-Based Security.
 Multimedia Data Security.
Database Outsourcing and Query
Integrity Assurance
 outsourcing model has the benefits of reducing the costs for
running DBMS independently and enabling enterprises to
concentrate on their main businesses [12].
 Figure 8.7 demonstrates the general architecture of a
database outsourcing environment.
 Let T denote the data to be outsourced. The data T are is
preprocessed, encrypted, and stored at the service provider.
For evaluating queries, a user rewrites a set of queries Q
against T to queries against the encrypted database.
 there are two security concerns in database outsourcing: data
privacy and query integrity.
Data Integrity in Untrustworthy Storage
 A PDP-Based Integrity Checking Protocol
 An Enhanced Data Possession Checking Protocol.
A PDP-Based Integrity Checking
Protocol
 Allows users to obtain a probabilistic proof from the storage
service providers.
 proof will be used as evidence that their data have been
stored there.
 advantages of this protocol is that the proof generated by the
storage service provider with small portion of the whole
dataset.
 the amount of the metadata that end users are required to
store is also small—that is, O(1).
 Figure 8.8 presents the flowcharts of the protocol for
provable data possession [28].
An Enhanced Data Possession
Checking Protocol.
 PDP-based protocol does not satisfy Requirement #2 with
100% probability. An enhanced protocol has been proposed
based on the idea of the DiffieHellman scheme.
 protocol satisfies all five requirements and is computationally
more efficient than the PDP-based protocol [27].
Web-Application-Based Security
 In cloud computing environments, resources are provided as a
service over the Internet in a dynamic, virtualized, and scalable
way.
 Web security plays a more important role than ever.
 The types of attack can be categorized in
 Authentication,
 Authorization,
 Client-Side Attacks,
 Command Execution,
 Information Disclosure,
 and Logical Attacks [31].
Multimedia Data Security Storage
 Protection from Unauthorized Replication.
 Protection from Unauthorized Replacement
 Protection from Unauthorized Pre-fetching.
OPEN QUESTIONS AND CHALLENGES
 Concerns at Different Levels
 Technical and Nontechnical Challenges
Concerns at Different Levels
Technical and Nontechnical Challenges