KEMBAR78
Secure Distributed Data | PDF | Cloud Computing | Databases
Scribd
Upload
5K views33 pages

Secure Distributed Data

This document discusses secure data storage in cloud computing. It covers cloud storage technologies moving from local to wide area networks. It also examines technologies for ensuring data security, including database outsourcing, data integrity protocols, web application security, and multimedia data protection. Several open challenges are mentioned around technical issues and nontechnical concerns regarding secure cloud data storage.

Uploaded by

bhargavi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
5K views33 pages

Secure Distributed Data

This document discusses secure data storage in cloud computing. It covers cloud storage technologies moving from local to wide area networks. It also examines technologies for ensuring data security, including database outsourcing, data integrity protocols, web application security, and multimedia data protection. Several open challenges are mentioned around technical issues and nontechnical concerns regarding secure cloud data storage.

Uploaded by

bhargavi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 33

SECURE DISTRIBUTED DATA

STORAGE IN CLOUD COMPUTING


Contents to be covered…

 INTRODUCTION

 CLOUD STORAGE: FROM LANs TO WANs

 TECHNOLOGIES FOR DATA SECURITY IN CLOUD COMPUTING

 OPEN QUESTIONS AND CHALLENGES


Introduction
 One of the core services provided by cloud computing is data storage.
 This poses new challenges in creating secure and reliable data storage and access
facilities over remote service providers in the cloud.
 The security of data storage is one of the necessary tasks to be addressed before the
blueprint for cloud computing is accepted.
 data security is the foundation of information security,a great quantity of efforts has
been made in the area of distributed storage security [13].
 However, this research in cloud computing security is still in its infancy [4].
 security aspects can be well-managed using existing techniques such as digital
signatures, encryption, firewalls, and/or the isolation of virtual environments ,and so
on [4].
 Another consideration is that the specific security requirements for cloud computing
have not been well-defined within the community.
 One concern is that the users do not want to reveal their data to the cloud service
provider.
 users are unsure about the integrity of the data they receive from the cloud.
CLOUD STORAGE: FROM LANs TO
WANs
 Moving From LANs to WANs
 Existing Commercial Cloud Services
 Vulnerabilities in Current Cloud Services
 Bridge the Missing Link
Moving From LANs to WANs
 distributed storage take the form of either storage area networks
(SANs) or network-attached storage (NAS) on the LAN level.
 SANs are constructed on top of block-addressed storage units
connected through dedicated high-speed networks.
 In contrast, NAS is implemented by attaching specialized file
servers to a TCP/IP network and providing a file-based interface
to client machine [6].
 For SANs and NAS, the distributed storage nodes are managed by
the same authority.
 The confidentiality and integrity of data are mostly achieved using
robust cryptographic schemes.
 security system would not be robust at cloud environment
 the confidentiality and the integrity of the data would be violated
when an adversary controls a node or the node administrator
becomes malicious.
Existing Commercial Cloud Services

 As shown in Figure 8.1, data storage services on the platform


of cloud computing are fundamentally provided by
applications/software based on the Internet.
 Amazon’s Web Service.
 Microsoft Windows Azure.
 Google App Engine (GAE).
Vulnerabilities in Current Cloud
Services
 Storage services that accept a large amount of data (.1
TB),service accept a smaller data amount (#50 GB) allow
the data to be uploaded or downloaded
 data integrity, the Azure Storage Service stores the uploaded
data MD5 checksum and email.
 Confidentiality can be achieved by adopting robust
encryption schemes.
 However, the integrity and repudiation issues are not handled
well on the current cloud service platform.
Bridge the Missing Link
 bridge the missing link based on digital signatures and
authentication coding schemes.
 there is a third authority certified (TAC) by the user and
provider and whether the user and provider are using the
secret key sharing technique (SKS).
 There are four solutions to bridge the missing link of data
integrity between the uploading and downloading
procedures.
TECHNOLOGIES FOR DATA SECURITY IN
CLOUD COMPUTING
 Database Outsourcing and Query Integrity Assurance.
 Data Integrity in Untrustworthy Storage.
 Web-Application-Based Security.
 Multimedia Data Security.
Database Outsourcing and Query
Integrity Assurance
 outsourcing model has the benefits of reducing the costs for
running DBMS independently and enabling enterprises to
concentrate on their main businesses [12].
 Figure 8.7 demonstrates the general architecture of a
database outsourcing environment.
 Let T denote the data to be outsourced. The data T are is
preprocessed, encrypted, and stored at the service provider.
For evaluating queries, a user rewrites a set of queries Q
against T to queries against the encrypted database.
 there are two security concerns in database outsourcing: data
privacy and query integrity.
Data Integrity in Untrustworthy Storage
 A PDP-Based Integrity Checking Protocol
 An Enhanced Data Possession Checking Protocol.
A PDP-Based Integrity Checking
Protocol
 Allows users to obtain a probabilistic proof from the storage
service providers.
 proof will be used as evidence that their data have been
stored there.
 advantages of this protocol is that the proof generated by the
storage service provider with small portion of the whole
dataset.
 the amount of the metadata that end users are required to
store is also small—that is, O(1).
 Figure 8.8 presents the flowcharts of the protocol for
provable data possession [28].
An Enhanced Data Possession
Checking Protocol.
 PDP-based protocol does not satisfy Requirement #2 with
100% probability. An enhanced protocol has been proposed
based on the idea of the DiffieHellman scheme.
 protocol satisfies all five requirements and is computationally
more efficient than the PDP-based protocol [27].
Web-Application-Based Security
 In cloud computing environments, resources are provided as a
service over the Internet in a dynamic, virtualized, and scalable
way.
 Web security plays a more important role than ever.
 The types of attack can be categorized in
 Authentication,
 Authorization,
 Client-Side Attacks,
 Command Execution,
 Information Disclosure,
 and Logical Attacks [31].
Multimedia Data Security Storage
 Protection from Unauthorized Replication.
 Protection from Unauthorized Replacement
 Protection from Unauthorized Pre-fetching.
OPEN QUESTIONS AND CHALLENGES
 Concerns at Different Levels
 Technical and Nontechnical Challenges
Concerns at Different Levels
Technical and Nontechnical Challenges

You might also like