UNIT-V CLOUD SERVICES AND PRIVACY

Secure Distributed Data Storage in Cloud:-

Data Storage

Distributed Storage

Considerations

 Unique issues
 Specific Security requirements not been well-defined

Concerns about data in cloud

 Privacy
 Integrity
Data Security and Privacy in Cloud-digital identity

Data Security:-
Data security has become a major problem in IT because of the data to be stored securely in
servers. From the perspective of data security, Cloud Computing creates new challenges on
security threats for many reasons like external data storage, multi-tenancy, dependency on
internet, lack of control over data and also internal security. Traditional algorithms will not be
having control over the data that is accepted by the cloud . Cloud computing shifts the data,
software and databases to the large data centres (server farms) in which repository is used to
store, manage and dissemination of the data. T Boneh et al., use digital signature for fine-grained
control over user’s security privileges. Raghavendra et al., proposes an efficient approach for
keyword search to achieve security on outsourced data by involving index generation method
along with splitting method for keyword splitting.

These keywords are stored using wildcard based techniques that are stored securely with low
cost for storage. In general, traditional symmetric encryption algorithms, such as DES and AES
provide relatively lower security and encrypted data are vulnerable to attacks. Danwei et al.
propose a strategy to secure data by splitting the data into sections by using data splitting
algorithm which assures data reliability. Prakar and Kak splits the stored data and are stored at
distinct places on the network and these pieces are backed up in a single server. Sometimes the
clients forget the password that are assigned and these leads to brute force attacks. Mazhar Ali et
al., also splits the data in the DROPS methodology into number of fragments which are
distributed to multiple nodes. These nodes are separated using T-colouring.

The fragmentation and distribution ensures that no single node reveals the information to
attackers. The performance and security of the DROPS methodology analysed in terms of
retrieval time. Nayak et al., checks the honesty of the service provider by using data reading
protocol. After verifying the honesty of the data stored, a system structure has been designed
with three data backups for rehabilitation of data.

These backups are residing in different places of primary server. This structure uses SHA Hash
algorithm for encryption, SFSPL algorithm for splitting files and GZIP algorithm for
compressing the data. Hiremath et al., first presents the network architecture to deploy and
evaluating secure data storage issues and then desired properties of public auditing services
which are depended on cloud data storage are encouraged systematically and cryptographically.
Patel and Dansena have implemented Trusted Platform Module (TPM) to compute the Trusted
Computing Group (TCG) . TPM is also used to generate the keys to decrypt the data.

DATA PRIVACY :-
Securing user’s personal information for any purpose without permission is called User Privacy.
Cui et al., addresses the issues in privacy-preserving data sharing which allocates the single key
to the client while sharing huge number of documents. Later, the user submits a single trapdoor
when all the documents inquired by the owner. Po-Wen et al., achieves user privacy in
implementing the fake user secrets and convince them to use secrets by proposing a new cloud
storage encryption scheme. Wang proposed XOR secret sharing schemes to propose privacy
preserving data distribution schemes which permits computation over encrypted texts but
difficult to prevent collusion attacks. Kalyani et al., improve the present Attribute-Based
Encryption (ABE) to manage deletion or revoking of the user on demand efficiently. Data is
secured and also access control policy is also achieved. It uses IDEA, Key Policy Attribute based
Encryption(KP-ABE) that focuses on access control policy and also uses Proxy ReEncryption
(PRE) to deliver the work of decryption key distribution to the cloud server. Jin et al., propose
Key-Policy Attribute-Based Broadcast Encryption scheme (KP-ABBE) which uses double
encryption process using both attribute-based encryption and broadcast encryption system.
Constant-size public parameters is achieved by imposing no limit on the size of attribute sets
used for encryption and has a large attribute universe. Nabeel also uses double encryption to
reduce the overhead on users. Lazy Revocation is also used for user revocation.

CLOUD DATA STORAGE SECURITY AND PRIVACY

Cloud Computing provides many technologies for security issues like Service Oriented
Architecture (SOA), virtualization, Web 2.0 etc., Virtualization allows multiple users to share a
physical server. In virtualization environment, storage strengthening at the file system is
desirable, because it enables data sharing, administration efficiency and performance
optimization. Here, the security requirements in multitenant file systems are analysed first. Then
the Dike authorization architecture is introduced by Kappes et al., combines access control with
tenant’s namespace isolation that is backwards compatible to object based file systems. Fig 1:
Architecture of Owner-Consumer Relationship Fig 2: The Architecture of Data Storing Security
and Privacy. Chintada et al., classifies the security affairs related to Cloud Computing is broadly
into two categories, i.e., Security issues accepted by cloud providers and the cloud customers.
The Cloud provider must protect their infrastructure, so that the client’s information and
applications are secured while the customer must satisfy the provider’s infrastructure is secured
completely to secure the customers information. High Availability and Integrity Layer (HAIL)
model helps in developing a tool to improve the security and efficiency. HAIL helps in managing
the file integrity and helps in availability of file across the set of servers or independent storage
device. HAIL offers some benefits like Strong file intactness assurance, Low overhead, Strong
adversarial model, direct client-server communication and Static/dynamic file protection.
Spillner [10] explores the life-cycle of consumer by accomplishing the storage service by
optimality with resource provider. An architecture has been proposed which contains three
components i.e., data processor that
Content Level Security:-

In the cloud, there are three primary areas of content storage: public cloud storage, private cloud
storage, and hybrid cloud storage. Each has its own advantages and disadvantages in cloud
computing. With so many options for storing data in the cloud, it’s important to understand how
each type affects security levels and what they mean for your company or organization. Read on
to learn more about content level security in a cloud computing environment!

Content level security (CLS) is the level of security provided to certain types of data. Any data
that is regulated by federal or industry-specific law must be secured according to the law’s
specifications. CLS also applies to data that is highly sensitive or critical to your organization’s
operations.

In a cloud computing environment, you can regulate the amount of protection that you apply to
different types of data. This can be done at the level of the content itself or by using a cloud
service that has built-in security protections.
Public Cloud Storage

Public cloud storage, also known as open cloud storage, is a type of cloud storage that is
accessible to the public. This means that the data stored in the cloud is available to anyone who
has access to the internet, regardless of who they are or what their affiliations are. Public cloud
storage is often used for data that is accessible to the general public, like articles published by
news organizations or images published by stock photo websites.

Public cloud storage is a good option for storing data that is accessible to the general public, like
publishing a news story. It is also a good choice if you need to quickly expand or contract your
data storage capacity.

Private Cloud Storage

Private cloud storage is a type of cloud storage that is only accessible to individuals or
organizations that are authorized to access it. Data stored in a private cloud is typically
encrypted so that only authorized individuals can see the files.

With private cloud storage, you have complete control over who has access to your data. Private
cloud storage is generally used to store sensitive or confidential data, such as medical records or
financial information. This type of cloud storage is ideal if you want to limit access to certain
files or documents to only certain individuals.

Hybrid Cloud Storage

Hybrid cloud storage is a blend of public cloud storage and private cloud storage. This type of
cloud storage combines the ease of use of public cloud storage with the security of private cloud
storage.

Users with accounts at a hybrid cloud service can access their files from an internet browser or
an application. But only the account holder has the keys to unlock the data and view the files.
Hybrid cloud storage is a great option for companies that need to share a lot of data but doesn’t
want to give employees direct access to systems.

Hybrid clouds make it easy to control who has access to what data.

Data Privacy Issues:-

Cloud computing is a widely well-discussed topic today with interest from all fields, be it
research, academia, or the IT industry. It has seen suddenly started to be a hot topic in
international conferences and other opportunities throughout the whole world. The spike in job
opportunities is attributed to huge amounts of data being processed and stored on the servers.
The cloud paradigm revolves around convenience and easy the provision of a huge pool of
shared computing resources.
The rapid development of the cloud has led to more flexibility, cost-cutting, and scalability of
products but also faces an enormous amount of privacy and security challenges. Since it is a
relatively new concept and is evolving day by day, there are undiscovered security issues that
creep up and need to be taken care of as soon as discovered. Here we discuss the top 7 privacy
challenges encountered in cloud computing:

1. Data Confidentiality Issues

Confidentiality of the user’s data is an important issue to be considered when externalizing and
outsourcing extremely delicate and sensitive data to the cloud service provider. Personal data
should be made unreachable to users who do not have proper authorization to access it and one
way of making sure that confidentiality is by the usage of severe access control policies and
regulations. The lack of trust between the users and cloud service providers or the cloud
database service provider regarding the data is a major security concern and holds back a lot of
people from using cloud services.

2. Data Loss Issues

Data loss or data theft is one of the major security challenges that the cloud providers face. If a
cloud vendor has reported data loss or data theft of critical or sensitive material data in the
past, more than sixty percent of the users would decline to use the cloud services provided by
the vendor. Outages of the cloud services are very frequently visible even from firms such as
Dropbox, Microsoft, Amazon, etc., which in turn results in an absence of trust in these services
during a critical time. Also, it is quite easy for an attacker to gain access to multiple storage
units even if a single one is compromised.

3. Geographical Data Storage Issues

Since the cloud infrastructure is distributed across different geographical locations spread
throughout the world, it is often possible that the user’s data is stored in a location that is out of
the legal jurisdiction which leads to the user’s concerns about the legal accessibility of local
law enforcement and regulations on data that is stored out of their region. Moreover, the user
fears that local laws can be violated due to the dynamic nature of the cloud makes it very
difficult to delegate a specific server that is to be used for trans-border data transmission.

4. Multi-Tenancy Security Issues

Multi-tenancy is a paradigm that follows the concept of sharing computational resources, data
storage, applications, and services among different tenants. This is then hosted by the same
logical or physical platform at the cloud service provider’s premises. While following this
approach, the provider can maximize profits but puts the customer at a risk. Attackers can take
undue advantage of the multi-residence opportunities and can launch various attacks against
their co-tenants which can result in several privacy challenges.
5. Transparency Issues

In cloud computing security, transparency means the willingness of a cloud service provider to
reveal different details and characteristics on its security preparedness. Some of these details
compromise policies and regulations on security, privacy, and service level. In addition to the
willingness and disposition, when calculating transparency, it is important to notice how
reachable the security readiness data and information actually are. It will not matter the extent
to which the security facts about an organization are at hand if they are not presented in an
organized and easily understandable way for cloud service users and auditors, the transparency
of the organization can then also be rated relatively small. 

6. Hypervisor Related Issues

Virtualization means the logical abstraction of computing resources from physical restrictions\
and constraints. But this poses new challenges for factors like user authentication, accounting,
and authorization. The hypervisor manages multiple Virtual Machines and therefore becomes
the target of adversaries. Different from the physical devices that are independent of one
another, Virtual Machines in the cloud usually reside in a single physical device that is
managed by the same hypervisor. The compromise of the hypervisor will hence put various
virtual machines at risk. Moreover, the newness of the hypervisor technology, which includes
isolation, security hardening, access control, etc. provides adversaries with new ways to exploit
the system.

7. Managerial Issues

There are not only technical aspects of cloud privacy challenges but also non-technical and
managerial ones. Even on implementing a technical solution to a problem or a product and not
managing it properly is eventually bound to introduce vulnerabilities. Some examples are lack
of control, security and privacy management for virtualization, developing comprehensive
service level agreements, going through cloud service vendors and user negotiations, etc.
Legal issues in Cloud Computing:-
In order to obtain successful cloud-based computing services, with the benefits of safety and
security as well as legal compliance, an organization must first make an informed business
decision about the type and sensitivity of data and service it plans to migrate to the cloud,
specific configurations and type of cloud service required (e.g., private, hybrid or public), in
order to comply with the organization's legal obligations. The enterprise must consider whether
certain components of its data, information and ICT operations are compatible with data
computing being resident, and control being held at least partially, outside of the enterprise.
Some mission-critical and reputation ally-sensitive ICT functions may not be amenable to any
type of outsourcing. When ICT functions which are amenable to migration to the cloud are
identified, the functions, goals, system requirements, and enterprise aspirations for those
 functions can be analyzed and potential cloud services and providers can be identified and
examined. Prior to contracting with a particular cloud service provider the enterprise should
insist upon transparency, identifying all of the parties involved (e.g., subcontractors), the data
process flow, uses and locations. A detailed audit and assessment of the cloud service provider's
security protocols and technology is recommended, and a roadmap of the service provider's
future plans is also helpful. As well, a migration plan should be developed, including an
assessment of current state architecture, applications, data and performance metrics, so that one
knows what needs to be changed and to have a baseline to make future service level
measurements meaningful. Similarly, a transition plan for exiting the cloud service relationship
should be constructed in advance.

Second, the organization must properly negotiate and draft the legal contract between the
organization and the cloud service provider. IT managers may not have the authority to agree to
the terms of the contract or accept the risks. Organizations sometimes find that cloud providers,
in particular the low-cost online service providers, present “take it or leave it” contracts that are
non-negotiable. The risks of doing business with these cloud service providers and accepting
their boilerplate contracts are that many of them:

 lack critical enterprise-protective terms, 

 do not adequately protect the customer's data, 
 do not contain any guarantee as to quality of service, and 
 allow for more liberal usage of personal information, which would not be sufficient for an
organization to meet its privacy and other legal obligations.

Often, cloud service contracts fail to deal with proper transitioning of the data and services to
another cloud provider (or back to the customer organization) when the contract or the
relationship comes to an end, leaving the organization vulnerable to loss of, or inaccessible, data
and interruption of critical services. This is why engagement of experienced IT counsel can be
invaluable. Generally speaking, more industry-specific cloud offerings are available, but at costs
which are higher than consumer-based or generic services that are more suitable to non-
enterprise or non-regulated businesses.

A successful procurement of cloud services takes time and requires the involvement of informed
and experienced legal counsel who can spot the issues and advise on whether the cloud services
contract terms are adequate. If the contract terms are not acceptable and cannot be amended, the
 business leaders should consider finding a different cloud service provider, or maintain certain
services in-house and restrict the type of data or service that will be migrated to the cloud.

Terms which need to be thoroughly covered in a cloud service contract include:

 ownership of data,
 termination rights and termination assistance, 
 uptime, 
 service availability, 
 performance levels, 
 security warranties, 
 allocation of liability risk, 
 privacy, 
 data security and breach notification requirements, 
 compliance with laws and regulations,
 representations about jurisdictional exposure of information and operations, and
 remedies for breach of the contract.

Cloud service contracts should also include proper terms dealing with:

 change,
 problem resolution,
 subcontracting, 
 use of open source software, 
 application re-development, 
 ownership of any intellectual property, 
 trade-secret protection, 
 confidentiality,
 testing, 
 data integrity, 
 potential secondary uses of data,
 assurance of data segregation and isolation, 
 encryption in transit and in storage, 
 backup and data recovery, 
 what happens to the data and the infrastructure upon termination of the agreement or in the event of
a failure or insolvency of one of the parties, 
 how maintenance or service interruption will be handled, 
 what geographical limitations must be imposed, 
 the right to audit the entities and the technology, etc.

The foregoing is not an all inclusive list. Each cloud service needs to be looked at separately and
carefully analyzed to determine the full extent of the business and legal risks, before your legal
counsel can advise on what contract terms are appropriate and which ones need to be revised.

The third step to achieve success with cloud-based computing is to implement appropriate
internal organizational and transitional governance, policies and controls. Business processes and
operations may need to be realigned. Monitoring and reporting structures up to senior
management and Board levels need to be implemented. Policies dealing with confidentiality,
security, privacy, business continuity plans, ongoing risk identification and management,
technical problem escalation, and electronic data retention need to be prepared or revised as well
as disseminated, clarified and enforced throughout the organization. Data cleansing, encryption
and backup activities may need to be incorporated into the organization's business processes.
Employee policies should also be developed or modified to deal with employee use of cloud-
based services (in particular when accessed via their own personal devices for business
purposes), such as e-mail for business correspondence, customer database/sales management,
document sharing or presentations, etc. Business leaders need to remember that they are
accountable for their organization's use and outsourcing of data or other services to a cloud
provider and must ensure that their organization's information management and privacy practices
are compliant with the law and consistently applied across the organization at all levels.

Cloud-based computing can have numerous advantages and be accomplished successfully if all
the legal considerations are taken into account. Failing to take the appropriate steps or rushing
through to secure a cloud deal without thorough legal review, can have a large negative impact to
the business and its stakeholders.