Analysis of Secure Computational Outsourcing Issues in Cloud Computing

Abstract Cloud computing now became new trend in

IT world. It provides on-demand services through internet for computational outsourcing and other IT services with minimal management effort or service provider interaction. It adds efficient working capabilities without much investment in new infrastructure or licensing new software.

This paper presents detail analysis on secure computational outsourcing and security concerns issues over cloud computing.

Keywordscloud computing, outsourcing, security concerns, cloud services

I.

INTRODUCTION

Cloud computing is defined in [1] as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing model nowadays faces new challenges for secure computational outsourcing over cloud network.Fig-1 describe the sample architecture of cloud computing.

There are some designs on secure outsourcing of scientific computations, sequence comparisons, and matrix multiplication etc. have been proposed but it is still hardly possible to apply them directly in a practically efficient manner. In those approaches, either heavy cloud-side cryptographic computations, or multi-round interactive protocol executions, or huge communication complexities, are involved. Cloud computing model provides data outsourcing that it appears to raise new concerns. Owner or clients sends data processing tasks or computational tasks to grid resources or the large data centres offered by cloud providers. Such a computing model also creates an increasing challenge for automatically and dynamically placing the data in the globally distributed computers or data centres in order to achieve scalability over cloud.

Secure outsourcing of computational data with cryptography only is not feasible and with hardware only has large online latency. The given figure shows a secure model for outsourcings of data where a client can outsource the data to cloud server and a third party auditor provides security measures.Fig-2 describe the sample model for cloud outsourcing.

Fig-1

Fig2

II. SECURITY CONCERNS

Legal Aspects Ensure ProperData

When we think to use the cloud services, our first concern became how much the cloud is secure and what are the risks, mainly if we are an enterprise or we have private data to outsource. It is an important step before selecting a cloud service because private information must be secured during outsourcing. The given graph (Fig-3) shows seven types of security risks provided by Ponemon Institute in 2012.

Segregation User Access

20

40

60

80

Although cloud service providers can offer benefits to users, security risks play a major role in the cloud computing environment [2]. Users of online data sharing or network facilities are aware of the potential loss of privacy [3]. According to a recent IDC survey [4], the top challenge for 74% of CIOs in relation to cloud computing is security. Protecting private and important information such as credit card details or patients medical records from attackers or malicious insiders is of critical importance [5]. Moving Databases to a large data centre involves many security challenges [6] such as virtualization vulnerability, accessibility vulnerability, and privacy and control issues related to data accessed from a third party, integrity, confidentiality, and data loss or theft. Subashini and Kavitha [7] present some fundamental security challenges, which are data storage security, application security, data transmission security, and security related to third-party resources.

Fig-3

III. LITERATURE SURVEYA. Managing the Risk of an Extreme Form of IT Outsourcing

In different cloud service models, the security responsibilities between users and providers are different. According to Amazon [8], their EC2 addresses security control in relation to physical, environmental, and virtualization security, whereas, the users remain responsible for addressing security control of the IT system including the operating systems, applications and data.

Ensure recovery from significant IT rules Ensure Data A ssets

P R O V ID E R S C O N F ID E N C E L E V E L

are

in safe environments Investigate Illigale activity Ensure Viability and Availibilty Of IT

Obtaining cloud computing services can be viewed as a form of outsourcing, and as such it shares the essential risk profile of all outsourcing contracts concerning opportunistic behaviour, shirking, poaching, and opportunistic renegotiation. Developing cloud computing is also an advanced technological development effort, and as such it shares all of the risks of large and uncertain development efforts and the essential risk profile of all development efforts where for a variety of reasons success cannot be ensured, including functionality, political, project, technical, and financial risks[10].

a long-standing security problem that overshadows large scale computing in general. Attaining the high assurance qualities in implementations has been an elusive goal of computer

Standards for cloud computing may reduce many of the risks of opportunistic behaviour on the part of vendors. Cloud computing is a form of outsourcing, and it shares the essential risk profile of all outsourcing contracts concerning opportunistic behaviour. Despite the enormous concerns of potential cloud customers for lock-in, hold-up, and opportunistic reprising, almost no significant standardization efforts under way today are aimed at ensuring interoperability or portability. Cloud computing is an advanced technological development effort and shares the risks of large and uncertain development efforts. We do not yet know how some of these risks can be addressed. Standards efforts cannot mitigate most of the development risks of cloud computing. No amount of legislation or standardization can make it possible for firms to do that which they could not have done, or that which is indeed algorithmically or computationally infeasible. A good outsourcing contract is probably even more important in the cloud computing environment than it is for traditional outsourcing. Given the magnitude of the losses that can occur due to loss of intellectual property or breach of security, its also essential that the contract protect the clients rights to litigate in a forum that is likely to be fair and unbiased, and likely provide fair and accurate valuation of any losses. The best contract, of course, is meaningless if the vendor is both unable to perform in accordance with the terms of the contract and unable to make adequate restitution. In cloud computing, like any other critical form of outsourcing, the vendor must be both technically and financially qualified. [10]

Future research will address the evolving status of standards, their ability to protect clients, especially from risks caused by limited interoperability, the contracting mechanisms available to manage risks as standards evolve.

B. Cloud Hooks: Security and Privacy Issues in Cloud computing

In emphasizing the cost and performance benefits of the cloud, some fundamental security problems have receded into the background and been left unresolved. Several critical pieces of technology, such as a solution for federated trust, are not yet fully realized, impinging on successful deployments. Determining the security of complex computer system is also

security researchers and practitioners, and is also a work in progress for cloud computing.

computable in log-space uniform N C. Second, Ran Canetti et al. [12] show that first protocol works for essentially any sequential program, and Ran Canetti et al present an implementation of the protocol, called QUIN, for Windows executables. It describes its architecture and experiment with several parameters on live clouds.D. Secure Outsourced Computation in a Multi-tenant Cloud

Security of the cloud infrastructure relies on trusted computing and cryptography. Organizational data must be protected in a manner consistent with policies, whether in the organizations computing centre or the cloud. No standard service contract exists that covers the ranges of cloud services available and the needs of different organizations. Having a list of common outsourcing provisions, such as privacy and security standards, regulatory and compliance issues, service level requirements and penalties, change management processes, continuity of service provisions, and termination rights, provides a useful starting point [9].

The migration to a cloud computing environment is in many ways an exercise in risk management. Both qualitative and quantitative factors apply in an analysis. The risks must be carefully balanced against the available safeguards and expected benefits with the understanding that accountability for security remains with the organization. Too many controls can be inefficient and ineffective, if the benefits outweigh the costs and associated risks. An appropriate balance between the strength of controls and the relative risk associated with particular programs and operations must be ensured. [11]

C. Verifiable Computation with Two or More Clouds

The current move to Cloud Computing raises the need for verifiable delegation of computations, where a weak client delegates his computation to a powerful cloud, while maintaining the ability to verify that the result is correct. Although there are prior solutions to this problem, none of them is yet both general and practical for real-world use.

Ran Canetti et al. [12] proposed to extend the model as follows. Instead of using one cloud, the client uses two or more different clouds to perform his computation. The client can verify the correct result of the computation, as long as at least one of the clouds is honest. Ran Canetti et al. [12] believe that such extension suits the world of cloud computing where cloud providers have incentives not to collude, and the client is free to use any set of clouds he wants. The results are twofold. First, it shows two protocols in this model: first, computationally sound verifiable computation for any efficiently computable function, with logarithmically many rounds, based on any collision-resistant hash family and second ,a 1-round (2-messages) unconditionally sound verifiable computation for any function

Seny Kamara et al. [15] present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n - 1 machines can recover any information about the client's input or output. The protocol makes black-box use of multi-party computation (MPC) and secret sharing and inherits the security properties of the underlying MPC protocol (i.e., passive vs. adaptive security and security in the presence of a semi-honest vs. malicious adversary).

to the general circuit representation the resulting flexibility allows exploring appropriate security/efficiency trade-off via higher-level abstraction of NLP computations. It is possible to construct a set of effective privacy-preserving transformation techniques for any problem, by framing a private data possessed by the client for NLP problem as a combination of matrices and vectors, which allow customer

Using this protocol, a client can securely delegate any computation to a multi-tenant cloud so long as the adversary is not co-located on at least one machine in the cloud. Alternatively, a client can use our protocol to securely delegate its computation to multiple multi-tenant clouds so long as the adversary is not co-located on at least one machine in one of the clouds.

E. Harnessing the Cloud for Securely Outsourcing Large-scale Systems of Linear Equations

Cong Wang et al. [14] investigated the problem of securely outsourcing large-scale LE in cloud computing. Different from previous study, the computation outsourcing framework is based on iterative methods, which has the benefits of easyto-implement and less memory requirement in practice. This is especially suitable for the application scenario, where computational constrained customers want to securely harness the cloud for solving large-scale problems. Cong Wang et al. also investigated the algebraic property of the matrix-vector multiplication and developed an efficient and effective cheating detection scheme for robust result verification. Thorough security analysis and extensive experiments on the real cloud platform demonstrate the validity and practicality of the proposed mechanism.

F. An Efficient and Secure Nonlinear Programming Outsourcing in Cloud Computing

R.Santosh et al. [16] proposed approach they are dealing with the non-linear programming approach. In order to achieve practical efficiency, their mechanism design explicitly decomposes the NLP computation outsourcing into public NLP solver.It provides a practical mechanism design which fulfils input/output privacy, cheating resilience, and efficiency. In the proposed approach practical efficiency is achieved by explicit decomposition of NLP into NLP solvers running on the cloud and private NLP parameters owned by the customer. When compared