Cloud Computing Security and Privacy

Abstract

Cloud computing paradigms are gaining widespread acceptance due to the various benefits they offer. These include cost-effectiveness, time savings and efficient utilization of computing resources. However, privacy and security issues are among the major obstacles holding back the widespread adoption of this new technology. The nature of these paradigms requires the customers to move their data to the cloud. As security and privacy of the data are usually handled by the service providers, the data owners may not even be fully aware of the underlying security challenges and solutions. The research to find solutions to these issues is very active in several directions. Some research is focused on improving the security at the application, operating system, Virtual Machine (VM) or hardware levels. These solutions do not normally provide a comprehensive solution and they still keep the data security measures under the control of the cloud provider. Another direction of research is based on Trust Computing (TC) concepts. In essence, these provide a set of trusted third party technologies to secure the VM from the cloud provider. While these approaches provide the users with tools to monitor and assess the security aspects of their data, they do not provide the users with much control capability. In contrast, Data Centric Security (DCS) is an emerging approach that aims to provide data owners with full control of their data security from within the data itself, throughout the data’s lifecycle on the cloud. However, the concept of the DCS approach is interpreted in various ways in the literature and there is not yet a standardized framework of applying this approach to the cloud model. This thesis aims to enhance cloud computing security by proposing a solution based on the DCS approach. The research towards achieving this aim starts with a systematic review of the literature to establish a framework to utilize DCS concepts for improving data security and privacy in cloud environments. The DCS concept is based on providing security at the data level. Hence, the data are self-describing, self-defending and selfprotecting during their lifecycle in the cloud environments. The data owner is solely responsible to set and manage the data privacy and security measures. These requirements can be achieved without depending on trusting the cloud provider or/and a trusted third party assistance. Then, this conceptual framework is developed into an applied solution. The proposed solution is based on the Chinese Remainder ix Theorem (CRT) and utilizes symmetric and asymmetric encryption techniques. To reduce the computational and management overheads, access control policy enforcement and sharing the symmetric key of encrypted data are accomplished in an efficient manner based on the CRT. For enhancing security, the data owner is able to use a unique symmetric key for encrypting each set of data and to attach it securely to the encrypted data. Only authorized users are given access to the key. Additionally, the privacy of access is improved by keeping the number of authorized users and their identities hidden even from the cloud provider. Moreover, secure search capabilities on the encrypted data are an integral part of the proposed solution. All the required security parameters, including integrity and authenticity proof parameters, are attached to the encrypted data to create a secure file container, which is referred to as a DCS file. Only authorized users can search and access DCS files, based on the embedded policies that are set and managed exclusively by the data owner. This work also examines the relevant implementation issues and overheads of the proposed solution, mainly in terms of the required computation and storage capabilities. The experimental evaluations and the implementations use Java for the main operations. These operations include; creating the DCS files at the data owner side, searching through them at the server, and decrypting their contents at client side. The implementation and experiments show that the proposed solution can be used practically and efficiently. In summary, one of the main contributions of this work is to take advantage of the benefits of the DCS approach in achieving practical solutions to security and privacy issues encountered in the cloud computing environments. In approaches developed here, all the security measures are created and managed by the data owner and are tightly attached to the data without requiring additional key management overhead or complex computations. The solutions strengthen the security to the level that even the cloud provider cannot compromise the integrity and privacy of users’ data.