International Journal of P2P Network Trends and Technology (IJPTT) – Volume 8 – May 2014
Secure Access of Enterprise Data from Third Party Cloud Rashmi Zilpelwar Department of Computer Engg., MITCOE-Pune University, India Abstract— Cloud computing is an emerging computing paradigm in which resources of the computing infrastructure are provided as services over the Internet. This paradigm also brings out many new challenges for data security and access control when users outsource their sensitive data on cloud servers for sharing, which are not within the same trusted domain as data owners. Existing solutions suffer from heavy computational overhead on the data owner as well as the cloud service provider for key distribution and management. The paper discusses this challenging open problem using various techniques that ensures only valid users will access the outsourced data. I. INTRODUCTION Cloud Computing provides, on demand and convenient network access of a computing resources [7]. In Cloud Computing, computing resources and hosted services are delivered over the Internet. Cloud computing is a type of distributed system which consists of a collection of virtualized computers which are interconnected and that are dynamically provisioned and presented as one or more unified computing resources based on service-level agreements established through negotiation between the service provider and consumers[9]. Cloud computing is an promising computing concept in which the resources of computing infrastructure are provided as services over the internet. As promising as it is, this also brings forth many new challenges for data security and access control when users outsource their sensitive data for sharing on cloud servers. In healthcare application scenarios use and disclosure of protected health information (PHI) should meet the requirements of Health Insurance Portability and Accountability Act (HIPAA) and keeping user data confidential against the storage servers is not just an option, but a requirement. Cloud Computing is an initiative proposed and taken up by big organizations such as IBM, Dell, Oracle, Google and Amazon. They are in strong positions with respect to cloud provisions. [8] Different service-oriented cloud computing models are available. Various commercial cloud computing systems are built at different levels like Amazon’s EC2, Amazon’s S3, and IBM’s Blue Cloud is an example of IaaS systems, where as Google App Engine and Yahoo Pig are envoy PaaS systems and Google’s Apps and Salesforce’s Customer Relation Management (CRM) system belong to SaaS systems. With the help of cloud computing systems,
ISSN: 2249-2615
enterprise users are no longer need to invest in hardware/software systems or hire some IT professionals to maintain the sensitive data, thus cost on IT infrastructure and human resources is saved[10]. On the other hand, computing utilities provided by cloud computing are being offered at a relatively low price in a pay-as-you-use style. The Remainder of this paper is prepared as follows. Section 2 discusses the related work of the different methods for securing data on cloud. Section 3 draws some conclusions. II. RELATED WORK A few research efforts have directly undertake the issues of access control in cloud computing model. Sanka et al [1] proposed the scheme, in order to address the security and access control problems in which data owner as well as the cloud service provider suffer from heavy computational overhead for key distribution and management, it used capability based access control technique that ensures only valid users will access the outsourced data. It also proposes a modified Diffie-Hellman key exchange protocol between cloud service provider and the user for secretly sharing a symmetric key for secure data access that look up the problem of key distribution and management at cloud service provider. It assumes that the system is composed of a Data Owner (DO), many Data consumers called as Users, and a Cloud Service Provider (CSP). The authentic users get the data file that is stored on the CSP by the DO in a confidential manner, neither the DO nor the User be always online. DO comes online when a new user is to be registered or when the capability list is to be updated at CSP. The data owner computes a message digest using MD5 for every file belonging to the data set available with it. This ensures data confidentiality and integrity between data owner and the user. DO then updates the capability list for every user with a new entry and the entire data item that can be accessed by the user. DO then send everything encrypted using its private key first and then using public key of the CSP for the purpose of authentication and confidentiality between CSP and DO. When a new user is to be added, it needs to send a registration request with UID, FID, Nonce, Timestamp and access rights required for the data file to the data owner. After receiving a
http://www.ijpttjournal.org
Page 1