Addressing Security Issues in Cloud Computing

Only available on StudyMode
  • Download(s) : 114
  • Published : April 6, 2011
Open Document
Text Preview
Addressing Security Issues in Cloud Computing
Rituik Dubey, Muhammad Asim Jamshed, Xiaohui Wang, Rama Krishna Batalla Carnegie Mellon University Pittsburgh, PA 15213 Email: {rdubey, mjamshed, xiaohuiw, rbatalla}@andrew.cmu.edu

Abstract—This paper discusses the security issues that arise in a cloud computing framework. We concentrate on what is typically called the metering problem or “proof of work” where the client can ascertain that the amount it is being billed for by the cloud service is in accordance with the amount of work done by it. We define many different attack scenarios and propose counter schemes for each. Our simulation and theoretical analysis show that the schemes require a reasonably low verification effort at the client side, and provide non-repudiation property.

reservations whether the server performed a complete search, scanning the table(s) in entirety before returning the results to the client. A. Proposed solution Fig.1 illustrates our proposed solution. Our architecture requires that our entire database also be stored in a trusted backup storage facility. Therefore, any updates to the data stored in the cloud service also have to be propagated to the backup trusted store. The entire data stored by the service can hypothetically be divided into n data slices. The first slice, M1 is stored both at the client and the server end. M1 has an extraneous x bytes of region known as the nonce (small region in M1 in Fig. 4). Whenever a client sends a new search request to the cloud, it also sends an updated randomly generated nonce to M1. This prompts the cloud service to calculate the intermediate iterative hashes of each data slice as it completes the search through the entire database. Once the search is complete the search results along with the set of digests are sent back to the client for processing/verification of its authenticity. In order to verify that the server scanned the entire table, the client can authenticate each slice’s digest in the following way. It always checks whether H(M1 ) it receives matches with the copy of M1 ’s hash it holds within it. Then, consider that the client wishes to authenticate whether M4 was fully read by the server. It sends the < H(M4 ), H(H(M1 ), M2 ), M3 ) > tuple to the trusted storage device which is required to first seek the M4 slice from its store and calculate its hash. If the digest matches the given H(M4 ) from the client it proceeds and calculates the H(H(H(M1 ), M2 ), M3 ), M4 ) digest and returns it to the client. The client can then check whether it matches with the one it got from the server. The client can either (i) send all the digest slice tuples to the data store to exhaustively check the authenticity of the server or (ii) selectively send the tuples through which it can gain the authenticity of the result with a certain confidence level. B. Assumptions & Optimizations We assume that by calculating the hash of each slice the server is effectively reading the entire data chunk and, therefore, completely going through the entire table when a search query is requested on it. While the CPU load on the cloud service is sustainable, we assume that the client uses the backup storage facility intelligently by reducing the number of authenticating checks

I. I NTRODUCTION Clouds are large pools of easily usable and accessible virtualized resources. These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing optimum resource utilization. It’s a pay-per-use model in which the Infrastructure Provider by means of customized Service Level Agreements (SLAs) offers guarantees typically exploiting a pool of resources. Organizations and individuals can benefit from mass computing and storage centers, provided by large companies with stable and strong cloud architectures. Security issues in cloud computing have been drawing growing interests in recent times. There have been a lot of proven security attacks ([7]) on different...
tracking img