An Approach for Data Privacy in Hybrid Cloud Environment

Chhanda Ray1 Uttam Ganguly2

RCC Institute of Information Technology West Bengal University of TechnologyKolkata, INDIA Kolkata, INDIA

raysasmal@rediffmail.com uttamganguly.wbut@gmail.com

Abstract - The cloud computing immerges as a new computingtechnology where all required services are available as a service.In a cloud environment, location of data is generally maintainedby a third party (service provider/vendor) and hence anindividual has no control over its own data. In this context, dataprivacy is an important issue for cloud computing both in termsof legal compliance and user trust. In this paper, an approachfor data privacy in hybrid cloud environment is focused.Initially, a data privacy model for cloud computing is providedin which sensitive and non-sensitive data are maintainedseparately. In order to maintain data privacy, an authenticationmonitor is introduced in this privacy model. Finally, theauthentication algorithm is implemented in a very small setupcloud environment and experimental results are provided at theend of the paper.

Keywords - Authentication algorithm, Cloud computing, DataPrivacy, Security, Sensitive data.

I. INTRODUCTION

The cloud computing is an emerging computingtechnology in which all required services are available asa service; paradigm shifts from distributed system tovirtual centralization. It aims to share data, calculations,and services transparently among users of a massive grid.Software, platform and infrastructure as a service, arethree main service delivery models for cloud computing.Cloud computing is a promising computing paradigmwhich recently has drawn extensive attention from bothacademia and industry [5, 7]. In [5], the basic concept ofservice oriented architecture has been used in systemarchitecture and an attempt has been made to put it intocloud system. Enterprise architecture is considered as anexample of system architecture in this paper [5] and therelationship among three main computing paradigms likecluster computing, grid computing and cloud computinghave been shown. The methods to reason and model cloudcomputing is studied in [7] as a step toward identifyingfundamental research questions in this paradigm. Aqualitative comparison among cloud computing, servicecomputing and pervasive is introduced in this paper [7]based on the classic model of computer architecture and aseries of research questions in cloud computing for futureexploration is focused.

Privacy and security are important issues for cloudcomputing both in terms of legal compliance and usertrust. Since the cloud computing environment uses theinternet as communication media, this brings forth manynew challenges for data security and access control whenusers outsource sensitive data for sharing on cloudservers, which are not within the same trusted domain asdata owners. In this context, security and privacy in cloudcomputing are focus of attention of many researchers inrecent times [1, 2, 3, 4, 6, 8, 9, 10, 11]. Paper [1]presented an elaborated study of IaaS (infrastructure as aservice) components’ security and vulnerabilities andcountermeasures are determined. A security model forIaaS (SMI) to guide security assessment and enhancementin IaaS layer is also proposed in [1]. In [2], data securityin the world of cloud computing is focused while [3]presented PaaS (Privacy as a Service), a set of securityprotocols for ensuring the privacy and legal compliance ofcustomer data in cloud computing architecture.

In cloud computing environment, the service and datamaintenance is provided by some vendor which leaves theclient/customer unaware of where the processes arerunning or where the data is stored. Thus, it is very muchnecessary that the vendor has to provide some assurancein service level agreements (SLA) to convince thecustomer on security issues in cloud computing. In [4],some security issues that have to be included in SLA areproposed while the privacy challenges that softwareengineers face when targeting the cloud as theirproduction environment to offer services are assessed, andkey design principles to address these are suggested. Anapproach for data privacy in cloud computing isintroduced in [8]. Paper [9] provides some privacypreserving technologies used in cloud computing services.In [11], a secure scalable data access control in cloudcomputing is focused. By defining and enforcing accesspolicies based on data attributes and allowing the dataowner to delegate most of the computation tasks involvedin fine-grained data access control to untrusted cloudservers without disclosing the underlying data contents ispresented in [11]. In [10], a collaborative trust model offirewall-through based on cloud environment is proposed.To verify the reliability and effectiveness of thecoordinated trust model, a simulation is also carried out in

International Conference on Computer & Communication Technology (ICCCT)-2011

978-1-4577-1386-611$26.00©2011 IEEE 316

[10]. However, the problem of simultaneously achievingsecurity, privacy and data confidentiality of access controlis really challenging and still remains unresolved.

Due to different diverse architecture of cloud computing,providing security and data privacy in cloud computing isa trivial task. In this paper, an approach for data privacyof private sensitive data in hybrid cloud computingenvironment is introduced. This mechanism also ensuresthat the private and sensitive data of an enterprise in acloud environment are to be stored and maintained withinthe enterprise itself for globally distributed enterprises.

The organization of this paper is as follows. Section 2represents a data privacy model for data protection inhybrid cloud computing environment. The role ofauthentication monitor is provided in Section 3. Thedetails of authentication algorithm are focused in Section4. In Section 5, the implementation results ofauthentication algorithm in a very small setup cloudenvironment are illustrated and Section 6 introduces aconclusion to the work.

II. DATA PRIVACY MODEL FOR CLOUDCOMPUTING

The concept of Cloud Computing evolved from severalconcepts of virtualization, distributed computing, cluster,grid and utility computing. Computing resources aredynamically provided to the cloud customer based uponthe Service Level Agreement (SLA) established betweenthe service provider and the customer. Basically threemain services are provided by the cloud provider;Platform as a service (PaaS), Software as a Service(SaaS), and Infrastructure as a service (IaaS). The usercan get any of the above services by paying charges to theprovider. There are three different types of cloud, namely,Private cloud, Public Cloud, and Hybrid cloud. In case ofprivate cloud, the infrastructure for implementing thecloud is completely controlled by the customer himself.Since the data resides and processed within the customersprivate network, these data are more secured than that ofthe public cloud. In case of public cloud, data are storedanywhere in the cloud and the customer may not have anyknowledge about where the data is stored. This is apotential threat to the sensitive data used by thecustomers. In contrast, a large amount of data needs to bestored by an organization (customer), where all of themare not sensitive.

In a cloud environment, it is most suitable that a smallamount of data is sensitive and need to keep within owncontrol and the remaining large amount of insensitive datamay be managed by the public cloud. In this context, it isnecessary to separate sensitive and insensitive data for aparticular customer. However, another problem arises

when the processes running somewhere in the publiccloud and using the sensitive data. The process may beinternal or external to the organization. In order to addressthese problem, the following privacy model for cloudcomputing is considered in this paper.

Hence, the proposed privacy model is based on theexisting model of cloud computing with advancement.Like the existing model of cloud computing, it has twomain components, namely Cloud provider, and Cloudcustomer. The advancement or up gradation to theexisting cloud model is made by introducing the idea ofseparating the sensitive and non-sensitive data of anorganization in an existing hybrid cloud model. In thismodel, the customer can uses two level categories of data;Private Sensitive Data (PSD) and Public Non-SensitiveData (PNSD). It has been assumed that Private SensitiveData (PSD) need not to be accessed from computersoutside of the organization, i.e. external to theorganization. The Private Sensitive Data (PSD), which isobviously of lesser amount, should be stored within theorganization’s own private network, so that theorganization has full control over these data.

For any access request to Private Sensitive Data (PSD), itshould pass through an authentication procedure. In thismodel, an Authentication Monitor is introduced which isresponsible for identifying whether the access requests toPrivate Sensitive Data (PSD) is external or internal to theorganization and provides the gate way to the serverconnected with Private Data Storage. This model alsoconsiders the globally distributed structure of anorganization connected via internet. The role of the

Figure 1: Privacy Model for Cloud Computing

International Conference on Computer & Communication Technology (ICCCT)-2011

317

authentication monitor is discussed in the followingsection.

III. ROLE OF AUTHENTICATION MONITOR

In order to maintain data security in cloud computing, twodifferent types of data access request is considered in thiswork, namely, confidential request and public request.Confidential request are those that want to access thePrivate Sensitive Data (PSD) where as public request arethose that want to access Public Non-Sensitive Data(PNSD) of an organization. Moreover, the requests arealso categorized by origin with respect to an organization,namely, Internal Request (IR) and External Request (ER).The request originated from internal terminals of anorganization is known as internal request while therequest originated from external terminals to anorganization is known as external request. Thecategorized data are stored accordingly to internal orexternal storage at the time of uploading. The completetaxonomy of requests is listed in the following figure.

In this privacy model, Private Sensitive Data (PSD) is tobe stored and controlled by the organization itself whereas Public Non-Sensitive Data (PNSD) is to be stored andmaintained by the public cloud. Thus, any request topublic data is to be handled by the public cloud, but theconfidential requests are to be directed to theorganization’s private network. The AuthenticationMonitor attached with the server owned by theorganization receives and check all the requests to verifywhether it is internal or external. Only internal requestsare granted and external requests are simply rejected.

IV. AN ALGORITHM FOR CHECKINGAUTHENTICATION

A variation of Message Authentication Code (MAC) isused here to authenticate the message as well as to verifywhether the access request is internal or external to theorganization. The brief description of the authenticationalgorithm from sender side as well as receiver side is asfollows.

Assumption:

For every globally distributed private cloud of the sameenterprise has a unique key for MAC, say, KCID. All theprivate clouds have these set of keys, i.e, the set of keysare shared internally.Similarly, All the private cloud have a shared encryptionkey set, say, {PUCID, PRCID}, for encrypting the requestmessage.When a terminal of one private network sends a dataaccessing request to other private network the followingsteps will be followed in order to ensure data privacy.

SENDER side:

Step 1: The MAC is produced from Request Message byKCID and the MAC is used.Step 2: The Request Message is encrypted by the sharedencryption key set {PUCID, PRCID}.Step 3: The encrypted Request Message and the MACfrom original Request Message sent together to theintended receiver.

RECEIVER side:

Step 1: When the receiver receives this pair, it firstdecrypts the request message to get original requestmessage.Step 2: Then it produces the MAC from the originalrequest message using the set of {KCIDi}. Since KCID iswithin the set of {KCID i} at least one of the key producingMAC will match with the received MAC and thus, KCID idetermines the origin of request.Step 3: If the request is internal the decrypted requestmessage is used to process further. If the MAC does notmatch at all the request is simply rejected.

The working principle of the authentication algorithm isillustrated below with the help of following figure.

Figure 2: Taxonomy of Requests

International Conference on Computer & Communication Technology (ICCCT)-2011

318

The block diagram shows the process of authentication ina remote connection between two machines having sameMAC algorithm with a set of customer identification key{KCID i}, where each private cloud having unique KCID andshared encryption key to secure the transmission ofrequest messages.

V. EXPERIMENTAL RESULTS

This section provides the implementation result ofauthentication algorithm in a very small setup cloudenvironment. In the first example, DES algorithm is usedfor message encryption and decryption while in thesecond example RSA algorithm is used for messageencryption and decryption. In both cases, generated MACand encrypted request message are combined into one fileof size 20 byte. In this work, replay attack has not beenconsidered which can be removed by including timestampfield in the combined message file. Hence, timestamp isthe time just before the file is created. The MACalgorithm is implemented for a given Secret Key (KCID)shared by all internal users and the algorithm is used bothat SENDER and RECEIVER sides. The Keyed-HashMessage Authentication Code (HMacSHA1) is takenfrom Federal Information Processing Standards (FIPS).

Example 1:

In this case, DES algorithm is used for encryption anddecryption of message. Oracle database has been used asdata repository. A table (containing admin_data) havingtwo fields adminid and password is selected as test datawhere adminid data is considered as non-sensitive dataand password data is considered as sensitive data. The

data access process of the sensitive data is shown step bystep by using the algorithm.

SENDER Side:

Input: Key file (containing key KCID) and Data file(containing request message).

Output: Hmac file (20 byte Resultant MAC in Hex for therequest message using key).

Key file: 00010203 04050607 08090a0b 0c0d0e0f10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f30313233 34353637 38393a3b 3c3d3e3f

Data file: SELECT * FROM admin_data whereadminid='admin'

Output Hmac file: 41 03 7b ce 0f 5c a3 84 7f e7 57 be 0abd 83 8b f9 0c 26 64

Output (Encrypted message):

2uEEgvKjKjpk80fJY0iy3YDr75tXo2ja01JXGew1qw6mAPpwz3Xbd8VcDwnenW37

RECEIVER side:

Input: Hmac file and Encrypted message

Output:

Decrypted file: SELECT * FROM admin_data whereadminid='admin'

Decrypted Key file: 00010203 04050607 08090a0b0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f30313233 34353637 38393a3b 3c3d3e3f

In this case, Access request is granted since SENDER andRECEIVER key files are same, that is, {Public Key,Private Key} pairs are same.

Example 2:

In this experiment, RSA algorithm is used for encryptionand decryption of message. Hence, the values have taken. p=11, q=3, and d=7

Like previous example, the same oracle database hastaken as data repository.

Figure 4: Working Principle of Authentication Algorithm

International Conference on Computer & Communication Technology (ICCCT)-2011

319

SENDER Side:

Input: Key file & Data file.

Output: Hmac file (20 byte Resultant MAC in Hex for therequest message using key).

Key file: 00010203 04050607 08090a0b 0c0d0e0f10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f30313233 34353637 38393a3b 3c3d3e3f

Data file: “SELECT * FROM admistn_data whereadminid='admin'”

Output Hmac file: 41 03 7b ce 0f 5c a3 84 7f e7 57 be0a bd 83 8b f9 0c 26 64

Output (Encrypted message): 13 14 12 14 9 26 30 28 2 306 27 7 7 1 16 7 15 20 13 16 1 26 1 14 23 2 14 6 14 4 1 167 15 20 15 16 9 5 1 16 7 15 20 27

RECEIVER side:

Input: Receive Hmac file and Encrypt message

Output:Decrypted File: SELECT * FROM admin_data whereadminid='admin'

Decrypted Key file: 00010203 04050607 08090a0b0c0d0e0f 10111213 14151617 18191a1b 1c1d1e1f 20212223 24252627 28292a2b 2c2d2e2f30313233 34353637 38393a3b 3c3d3e3f

In this case, Access request is denied since SENDER andRECEIVER key files are not same, that is, {Public Key,Private Key} pairs are not matches.

VI. CONCLUSION

This paper presents an approach for data privacy in hybridcloud environment. In order to provide data privacy, adata privacy model for cloud computing is introducedhere. However, this privacy model relies on the fact thatsensitive data of an enterprise should be maintained bythe enterprise itself. Moreover, the authenticationalgorithm is implemented in a very small setup cloudenvironment and experimental results are provided.

In future scope, the authentication algorithm can be testedin an established hybrid cloud computing environment.Moreover, encryption and authentication algorithms canbe enhanced in order to provide more data privacy andsecurity. Further, a new approach for data privacy,

information security monitoring, can be implemented byinferring identity from user behavior in cloudenvironment.

REFERENCES

[1] Wesam Dawoud, Ibrahim Takouna, Christoph Meinel,“Infrastructure as a Service Security: Challenges andSolutions”, Proceedings of the 7th International Conferenceon Informatics and Systems, March 2010, pp 1-8.

[2] John Harauz, Lori M. Kaufman, Bruce Potter, “Data Securityin the World of Cloud Computing”, Proceedings of the IEEEConference on Security and Privacy, July/August 2009, pp61-64.

[3] Wassim Itani, Ayman Kayssi, Ali Chehab, “Privacy as aService: Privacy-Aware Data Storage and Processing inCloud Computing Architectures”, Proceedings of the 8th

IEEE International Conference on Dependable, Autonomicand Secure Computing, 2009, pp 711-716.

[4] Balachandra Reddy Kandukuri, Ramakrishna Paturi V, AtanuRakshit, “Cloud Security Issues”, Proceeding of IEEEInternational Conference on Services Computing, 2009, pp517-520.

[5] Lijun Mei, W.K. Chan, T.H. Tse, “A Tale of Clouds:Paradigm Comparisons and Some Thoughts on ResearchIssues”, Proceedings of the IEEE Asia-Pacific ServicesComputing Conference, 2008, pp 464-469.

[6] Siani Pearson, “Taking Account of Privacy when DesigningCloud Computing Services”, Proceedings of the WorkshopICSE 2009, May 2009, pp 44-52.

[7] Manish Pokharel, YoungHyun Yoon, Jong Sou Park, “CloudComputing in System Architecture”, Proceedings of theInternational Symposium on Computer Network andMultimedia Technology, January 2009, pp 1-5.

[8] Ganguly Uttam, “An Approach to Data privacy in CloudComputing: Keep Sensitive Data Private”, InternationalConference on Computing and Systems 2010, The Universityof Burdwan.

[9] Jian Wang, Yan Zhao, Shuo Jiang, Jiajin Le, “ProvidingPrivacy Preserving in cloud computing”, Proceedings ofInternational Conference on Test and Measurement, 2009, pp213 - 216.

[10] Zhimin Yang, Lixiang Qiao, Chang Liu, Chi Yang,Guangming Wan, “A Collaborative Trust Model of Firewall-through based on Cloud Computing”, Proceedings of the 14th

IEEE International Conference on Computer SupportedCooperative Work in Design, 2010, pp 329-334.

[11] Shucheng Yu, Cong Wang, Kui Ren, Wenjing Lou,“Achieving Secure, Scalable, and Fine-grained Data AccessControl in Cloud Computing”, Proceedings of the IEEEINFOCOM, March 2010, pp 1-9.

[12] HMAC, Federal Information Processing Standards, PUB 1982002.

International Conference on Computer & Communication Technology (ICCCT)-2011

320