Agenda• Introduction• Industrial Motivation• Literature Review• Problem Statement• Proposed Architecture• Tools and Technologies• Timeline• References

2

NoSQL Database

• Open source• High Scalability and Performance• Flexible Data model• Handles Large volumes of unstructured

data• Best suitable for Cloud• Integrated Caching

3

Types of NoSQL Databases

4

Sharding

• Horizontal Scalability

• Can be based on Various parameters (Chunk size, data Relevance, key ranges etc)

5

ShardingTwo basic operations

– Chunk Splitting

– Chunk Migration

6

Cloud Computing

7

Essential CharacteristicsEssential Characteristics

Service ModelsService Models

Deployment ModelsDeployment Models

Software as a Service

Platform as a Service

Infrastructure as a Service

Public Private Hybrid Community

Broad Network Access

Rapid Elasticity

On-Demand Self Service

Resource Pooling

Measured Service

Cloud Security Threats

8

Data Breaches

Data Loss

Account Hijacking

Insecure APIs

Denial of Services

Malicious Insider

Abuse of Cloud Services

Insufficient Due Diligence

Shared Technology Issues

Cloud Database Issues

9

Cloud Database

Availability

Performance

Security & Privacy

Consistency

Fault Tolerance

Scalability

Inter-operability

Simplified Queries

Cloud Federation

Cloud service providers collaborate dynamically to share their virtual infrastructure for

Load Balancing Preven

tion from

VendorLock-

ins

Prevention

from Power Outage

s &Failure

s

Capacity

Manageme

nt

Efficient use

of Surplu

s Resources

Scaling

Data to

other CSPs

10

Industrial Motivation

11

Reference: http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/

Industrial Motivation

12

Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214

Industrial Motivation (cont.)

13

Reference: http://www.darkreading.com/database/does-nosql-mean-no-security/232400214

zNcrypt for MongoDB

Reference: MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013].

14

Sqrrl Enterprise

Reference: http://sqrrl.com/product/architecture/

15

Literature Review

16

An analysis of security issues in CC

Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4, no. 1 (2013): 1-13..

17

A Study on Cloud Databases

Chandra, Deka Ganesh, Ravi Prakash, and Swati Lamdharia. "A Study on Cloud Database." In Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on , pp. 513-519. IEEE, 2012.

18

MetaStorage

• Replicates data across various service providers

• Extends Traditional quorum systems (N, R,W)

• (Np, R, W) where Np >1 is the total number of replica |Np | that are hosted with the set of n providersBermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to manage

consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on , pp. 452-459. IEEE, 2011.

19

RACS• Redundant Array of Cloud

Storage

• RAID technique at cloud storage level with redundancy for high availability

• Reduces one time cost of switching storage providers in exchange for additional operational overhead

Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.

20

Management of Symmetric Cryptographic Keys in

cloud• On the fly key computation

on client’s terminal• Enhance Shamir’s

Algorithm for key splitting• Recoverable keys• PKCS7 is used to transfer

key components• Provision of Symmetric

cryptographic key as cloud service

Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013

21

Problem Statement

22

“Security and confidentiality have proven to be an increasing problem for the distribution of sharded data across multiple service providers”

Proposed Architecture

23

For first time data “PUT” request

NoSQL Database

Server

NoSQL Database

Server

NoSQL Database

Server Distributer

Authentication

Authorization

Client Applicatio

n

Key Distributio

n Store

NoSQL Database

Server

NoSQL Database Server NoSQL

Database Server

Encryption/Decryption Engine

Query Router

Distributer

HCSP

FCSP

Config.

Server

Contribution

In our proposed system, security would be ensured by:

• Authentication and authorization• Encryption of data• Distributed and encrypted keys

management

24

Tools and Technologies

• NoSQL database• C++ (MS Visual Studio)• Open Stack• XACML

25

Proposed Timeline# Milestone Duration

1 Preliminary Literature Review Done

2 Implementation

2.1 Sharding in NoSQL database 2 weeks

2.2 Encryption and Decryption Module 1 month

2.3 Client side authentication and authorization

2 weeks

2.4 Cloud federation establishment and Distributer implementation

1 month

2.5 Integration of all modules 2 weeks

3 Testing and Evaluation 1 month

4 Final Documentation 1 month

26

References[1] Fox, Armando, Rean Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, and I. Stoica. "Above the clouds: A

Berkeley view of cloud computing." Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS 28 (2009).

[2] Arora, Indu, and Anu Gupta. "Cloud Databases: A Paradigm Shift in Databases." International J. of Computer Science Issues 9, no. 4 (2012): 77-83.

[3] https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

[4] Mell, Peter, and Timothy Grance. "The NIST definition of cloud computing (draft)." NIST special publication 800, no. 145 (2011): 7.

[5] MongoDB, Gazzang, "Securing Data in MongoDB with Gazzang and 10Gen," 10 July 2012. [Online]. Available: http://www.mongodb.com/presentations/securing-data-mongodb-gazzang. [Accessed 19 November 2013].

[6] http://www.forbes.com/sites/benkepes/2013/11/04/was-garantia-is-now-redisdb-either-way-nosql-is-hot/[7] http://www.darkreading.com/database/does-nosql-mean-no-security/232400214[8] Bermbach, David, Markus Klems, Stefan Tai, and Michael Menzel. "Metastorage: A federated cloud storage system to

manage consistency-latency tradeoffs." In Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 452-459. IEEE, 2011.

[9] Abu-Libdeh, Hussam, Lonnie Princehouse, and Hakim Weatherspoon. "RACS: a case for cloud storage diversity." In Proceedings of the 1st ACM symposium on Cloud computing, pp. 229-240. ACM, 2010.

[10] Fakhar, F.; Shibli, M.A., "Management of Symmetric Cryptographic Keys in cloud based environment," Advanced Communication Technology (ICACT), 2013 15th International Conference on , vol., no., pp.39,44, 27-30 Jan. 2013

[11] Hashizume, Keiko, David G. Rosado, Eduardo Fernández-Medina, and Eduardo B. Fernandez. "An analysis of security issues for cloud computing." Journal of Internet Services and Applications 4, no. 1 (2013): 1-13.

[12] Chandra, Deka Ganesh, Ravi Prakash, and Swati Lamdharia. "A Study on Cloud Database." In Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on, pp. 513-519. IEEE, 2012.

27

28