X.509 Authentication Services to Enhance the Data Security in Cloud Computing

Document Sample
X.509 Authentication Services to Enhance the Data Security in Cloud Computing Powered By Docstoc
					                                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                   Vol. 10, No. 3 , 2012

      X.509 Authentication Services to Enhance the Data Security in Cloud

         Surbhi Chauhan                               Kamal Kant                                Arjun Singh
          Department of CSE                          Department of CSE                          Department of CSE
           Amity University                          Amity University                       Sir Padampat Singhania University
             Noida, INDIA                              Noida, India                               Udaipur, India
          Surbhichauhan2009@gmail.com                kamalkant25@gmail.com                    arjun.singh@spsu.ac.in

Abstract— This paper represents a method to build a Cloud
Security by giving concept of X.509 authentication services. We         B. Forms of Cloud
are discussing theory of cloud computing, feature of cloud
computing and cloud security .We proposed a X.509 format to             Cloud computing can be categories in three types:
enhances data security in cloud (Public). Cloud computing is a          1. Private Cloud: Private clouds are on demand infrastructure.
new computational paradigm that offers an innovative business              It is owned by single customer who controls the application
model for organization.
                                                                           run, and where they have their own servers, networks.
                                                                           Hence the security risk is reduced in Private cloud. Cloud
 I.    INTRODUCTION                                                        remains behind the firewall to virtualizing the servers.
Cloud computing is relay on internet, which have hardware
and software base with provision of computing infrastructure.           2. Public Cloud: Public cloud does not depend on any
Clouds concept based on existing technologies such as                      organization; the services provided in Public clouds can be
virtualization, utility computing or distributed computing.                accessed by any organization. Chances of security risk are
Cloud computing provides effective IT service delivery and                 slightly higher in public cloud.
management with efficient lower cost.
                                                                        3.   Hybrid Cloud: Hybrid cloud computing is a platform
                                                                             which acts as interface between private cloud and public
A. Service Layers in Cloud Computing                                         cloud. It depends on the organizations, which do not want
                                                                             to put everything in the external cloud (public cloud)
  1) Software as Service (SaaS): Saas is at the highest layer                while we are hosting some servers in their own internal
     and offer application such as service on demand via                     cloud infrastructure.
     multitenancy i.e. means a single instance of software
     serves multiple clients in organization. The example of
     SaaS is salesforce.com                                             C. Advantages of Cloud Computing
                                                                            i. Faster, simpler and cost effective services
  2) Infrastructure as a Service (IaaS)- Cloud outsources the
                                                                           ii. Highly elastic because resources are occupied on the
     provision of the computing infrastructure which is
                                                                               basis of demand
     required to host service. This infrastructure is provided
     as a service storage and computing resources such as                 iii. Optimized utilization of computing resources
     networking, operating system, Load balancers as a                    iv. User virtualizes more resource than they have. For
     cloud service. The high Profile Iaas operation is                         example unlimited storage
     Amazon’s Elastic Compute Cloud (Amazon EC2).                          v. Energy efficient as less power consume on hardware
                                                                               and software
  3) Platform as a Service (PaaS)- Cloud computing can
     provide software platform where systems run on                     D. Securites issues in Cloud
     execution of services is made in a transparent manner.                Each type of cloud has certain securities issues. Few
     Clouds systems provide additional abstraction level                   securities concern is discussed below.
     instead of supplying a virtualized Infrastructure. A well
     Known example is the Google Apps Engine.                           i.   Many organizations share the resources so there is no
                                                                             absolute control on physical security in cloud model.

                                                                  123                              http://sites.google.com/site/ijcsis/
                                                                                                   ISSN 1947-5500
                                                                (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                        Vol. 10, No. 3 , 2012
 ii.         Organization or government can violate the law (risk of         a.   A User from enterprise B, sends a request to get a secure
             data seizure by foreign government)                                  data from Enterprise A.
                                                                             b.   Enterprise A, sends a message consist a nonce r(a),
iii.  Storage services provided by one vendor may be                              identity of B and message signed with A’s private key.
      incompatible with another vendor’s services, if user wants                  The nonce value must be unique and it must be completed
      to move from one vendor to another.                                         within expiration time of message. It is used to detect
   iv. Ensuring and maintaining the integrity of data is a                        replay attack.
         challenge.                                                          c.   Enterprise B, sends a message, consist of nonce r(b),
                                                                                  identity of enterprise A, sign data with authenticity and
   v.          In case of Payment Card Industry Data Security                     integrity, and a session key encrypted with A’s public
               Standard (PCIDSS) data logs must be provided to                    key.
               security managers and regulators.

vi.          User must keep up to date with application improvement
             to ensure they are protected.

vii.         Due to dynamic and fluid nature of virtual machine, it
             becomes very difficult to maintain the consistency of
             security and ensure the auditability of-records.

               SECURITY IN CLOUD

      Security is always an issue in cloud computing. In this
  paper we are proposing X.509 authentication service technique
  to secure the data in public cloud.
  In public cloud there is always a high risk for data, system
  files, and network traffic and host security as they are                                                   Figure 1.0
  vulnerable to attack and has lack of strong authentication
  mechanism. In this paper, we are proposing the concept of                  d. A final message from enterprise A to enterprise B sends,
  X.509 authentication service to ensure the security of data in             which includes a signed copy of the nonce r(b)
  cloud. X.509 is relay on asymmetric key cryptography and
  digital signature. Asymmetric key cryptography and digital                 In three-way authentication, no need to check the timestamp.
  signature scheme enhance the security of cloud computing.                  Each side can check the returned nonce value to detect the
  X.509 technique is widely used in S/MIME IPsec, SSL/TTL                    replay attacks. On the other hand in two-way authentication,
  and SET.                                                                   timestamp must be checked.

  X.509 has three alternatives authentication procedure, one way                                 III. CERTIFICATE
  authentication, two way authentication and three-way
  authentications. All these procedures relay on asymmetric key
  cryptography and digital signature. In asymmetric key                      The main part of X.509 is the public key certificate related to
  cryptography it is assumed that two parties (sender and                    each user. These user certificates are created by certification
  receiver) share their public key. Here we will apply three way             authority (CA). Let’s assume, Enterprise A has obtained the
  authentication techniques due to its extra advantages over two             certificate from CA, called X1 and enterprise B obtain the
  other procedures.                                                          certificate called X2. If enterprise A securely knows the public
                                                                             key of X2(Certification Authority), then A can read B’s
  Let’s assume there is two enterprise called A and B as shown               certificate and verifies the signature.
  in figure 1.0. Enterprise A has public cloud and providing
  Saas, Paas, Iass services and Database.                                    CA signs the certificate (X1) of Enterprise A. User in B must
                                                                             have a copy of the CA’s own public Key.
  A user from enterprise B wants to access the data in secure
  manner from the public cloud. Three-way authentications                    So in cloud computing integrity and authenticity can be
  involve transfer of information from A to B in X.509, and                  enhanced by the X.509 certificate service.
  establish the following:

                                                                       124                              http://sites.google.com/site/ijcsis/
                                                                                                        ISSN 1947-5500
                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                  Vol. 10, No. 3 , 2012
As cloud becoming the part of everyone life and mid-size to
small-size organizations relaying on cloud, it is essential to
secure the data and privacy of transaction done through the
cloud computing. In the paper we have discussed a new
aspect of implementing existing technology (X.509 service) to
enhance the security and integrity of data. X.509 technique
also        neutralized        the       replay        attack.

                    IV.   REFERENCES

[1] Amazon Web Services Blog, “Amazon S3, Bigger and
    BusierThan Ever.”[Online]. Available.
    http ://aws.typepad.com/aws/2011/01/amazon-s3-bigger-

[2] Survey by IEEE and Cloud Security Alliance details
     importance and urgency of Cloud Computing security
     standards,                                        CSA,

[3] Top Threats to Cloud Computing V1.0, CSA, March 2010,

[4] M. Ouedraogo, H . Mouratidis, D. Khadraoui, and E.
    Dubois, “An      Agent-based       System    to Support
    Assurance of Security Requirements,” in Proceedings
    of the 4th International conference on Secure Software
    Integration and Reliability Improvement, 2010.

[5] S. Ferretti, V. Ghini, F. Panzieri, M. Pellegrini, and E.
   Turrini,“QoS-aware Cloud,” in Proceedings of the IEEE
   3rd International Conference on Cloud Computing,

[6] P. Saripalli and B. Walters, “QUIRC: A Quantitative
   Impact and       Risk Assessment Framework for Cloud
   Security,” in Proceedings of the IEEE 3rd International
   Conference of Cloud Computing, 2010.

[7] S. A. de Chaves, C. B. Westphall, and F. R. Lamin, “SLA
    Perspective    in Security Management for Cloud
    Computing” in Proceedings of the 6th International
    Conference on Networkingand Services, 2010.

                                                                 125                           http://sites.google.com/site/ijcsis/
                                                                                               ISSN 1947-5500

Description: International Journal of Computer Science and Information Security (IJCSIS) provide a forum for publishing empirical results relevant to both researchers and practitioners, and also promotes the publication of industry-relevant research, to address the significant gap between research and practice. Being a fully open access scholarly journal, original research works and review articles are published in all areas of the computer science including emerging topics like cloud computing, software development etc. It continues promote insight and understanding of the state of the art and trends in technology. To a large extent, the credit for high quality, visibility and recognition of the journal goes to the editorial board and the technical review committee. Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences. The topics covered by this journal are diversed. (See monthly Call for Papers) For complete details about IJCSIS archives publications, abstracting/indexing, editorial board and other important information, please refer to IJCSIS homepage. IJCSIS appreciates all the insights and advice from authors/readers and reviewers. Indexed by the following International Agencies and institutions: EI, Scopus, DBLP, DOI, ProQuest, ISI Thomson Reuters. Average acceptance for the period January-March 2012 is 31%. We look forward to receive your valuable papers. If you have further questions please do not hesitate to contact us at ijcsiseditor@gmail.com. Our team is committed to provide a quick and supportive service throughout the publication process. A complete list of journals can be found at: http://sites.google.com/site/ijcsis/ IJCSIS Vol. 10, No. 3, March 2012 Edition ISSN 1947-5500 � IJCSIS, USA & UK.