OVERVIEW
INTRODUCTION
SINGLE CLOUD MODEL
SOME SECURITY RISKS
WHY MOVING TO MULTI
CLOUD
SECRET SHARING
MULTI CLOUD DATABASE
MODEL
THE MCDB DATA FLOW
WHAT MAKES MCDB
DIFFERENT
EVALUATION
CONCLUTION
REFERENCES
“ A Style of Computing where massively scalable IT enabled capabilities are delivered ‘as a service’ to external customers using
internet technologies ”
Basic Cloud
Characteristic
“no-need-to-know”
“flexibility and elasticity”
“pay as much as used and needed”
“always on!, anywhere and any place”
Types of Clouds
Public Cloud –Available to the general public or large industry group and is owned by an organisation selling cloud services
Community Cloud –Shared by several organisations and supports a specific community that has shared concerns
Private Cloud –Operated solely for an organisation or company
Hybrid Cloud –Combination of two of the above, they remain unique entities but are bound together by standardised technologies
CLOUD
3 Approaches to Cloud Computing
access to software and its functions remotely through internet browsers.
computing platform is being delivered as a service, eg. purchase and manage hardware remotely.
defined as computer infrastructure, such as virtualization, being delivered as a service.
Benefits of Using Cloud
cloud
High productivity
Less deployment
Time
Increased Moblity
Environmently Friendly
High Availability
Easy to manage
shared resources
Pay as you do
WHY MOVING TO MULTI
CLOUD??
Avoids the dependency on single cloud
The main purpose of moving to inter cloud is to improve what was offered in single cloud by distributing the reliability,trust and security among multiple cloud providers
What is "Secret
Sharing"?
In cryptography, a secret sharing scheme is a method for distributing a
secret amongst a group of participants, each of which is allocated a share
of the secret. The secret can only be reconstructed when the shares are
combined together; individual shares are of no use on their own.
in a secret sharing scheme there is one dealer and n players. The dealer
gives a secret to the players.
The dealer accomplishes this by giving each player a share in such a way
that any group of t (for threshold) or more players can together
reconstruct the secret but no group of less than t players can. Such a
system is called a (t,n)-threshold scheme.
Shamir's Secret Sharing
• Suppose we want to use (k,n) threshold scheme to share our secret S where k < n.
• Choose at random (k-1) coefficients a1,a2,a3…ak-1 , and let S be the a0
1
1
2
210 .....)(
k
kaxaxaaxf
• Construct n points (i,f(i)) where i=1,2…..n• Given any subset of k of these pairs, we can
find the coefficients of the polynomial by interpolation, and then evaluate a0=S , which is the secret
Example
• Let S=1234• n=6 and k=3 obtain random integers a1=166
and a2=94
2941661234)( xxxf
• Secret share points(1,1494),(2,1942)(3,2598)(4,3402)(5,4414)(6,5614)
• We give each participant a different single point (both x and f(x) ).
Reconstruction
• In order to reconstruct the secret any 3 points will be enough
• Let us consider
2
2222
0
2
1210202
2
2120101
2
2021010
221100
941661234)(
)3/2223/1(4414)52/312/1(3402)3/312/116/1(1942)()(
3/2223/145/4*25/2/*/
52/312/154/5*24/2/*/
3/312/116/152/5*42/4/*/
sin
)4414,5(),(),3402,4(),(),1924,2(),(
xxxf
xxxxxxxlyxf
xxxxxxxxxxxxl
xxxxxxxxxxxxl
xxxxxxxxxxxxl
olynomialsgLagrangepU
yxyxyx
j
jj
MULTI CLOUD
DATABASE MODEL
DBMS is responsible for rewriting the user's query (one for each CSP), generating polynomial values handling the user's query to each CSP and then receiving the result from CSP.
CSP is responsible for storing the data in its cloud storage that is divided into n shares and then returning the relevant shares to the DBMS that consists of the user's query result
The Servlet Engine communicates with the data source through the JDBC protocol.
HTTP server is responsible for managing the communication between the application and the browser..
THE MCDB MODEL DATA FLOW
Sending Data Procedure
User sends a request through user interface and web browser through an HTTP request
User query will be sent to servlet engine Servlet engine and DBMS communicates through
JDBC protocol DBMS manage the query and send to CSP Result is send to DBMS and it returns the result to
servlet Servlet returns the result to HTTP server and it
returns to user
Procedure between DBMS and CSP
• DBMS divides the data into n shares and stores it into CSP• DBMS Generates a random polynomial function in the same
degree for each value of the valuable attribute that the client wants to hide from the untrusted cloud provider
• When users query arrives at DBMS it rewrites the polynomial for each CSP
• Relevant shares are retrieved from CSP
WHAT MAKES MCDB
DIFFERENT??
Data Integrity
The stored data may suffer from any damage occur during transition from or to cloud storage provider
Data will be distributed in 3 different providers in MCDB model
If the malicious insider wants to know the hidden information they should have at least three values from different cloud
Data Intrusion
a. If anyone gains access to the account in single cloud ,then they will be able to access all of the accounts instances and resources
b. MCDB replicates the data among three different clouds c. Hackers need to retrieve all information from 3 different
service providers to be able to reconstruct the real datad. Replicating data into multi cloud reduces the risk of data
intrusion
Service Availability
The users web service may terminate for any reason at any time if any users files break the cloud storage policy
There will be no compensation for the service failure MCDB distributes the data into different clouds ,so data
loss risk will be reduced If one cloud provider fails the users can still access there
data live in other service provider
EVALUATION
Data storing
procedure
Data storing involves data distribution from data source to different cloud providers
Multi cloud may suffer from time and cost
The time cost increases with increasing no of shares
Increased no of shares increases the scurity
Data retrieval time
The data retrieval process in MCDB starts from rewriting the users query in the DBMS and then sends these queries,onefor each CSP,after constructing the polynomial and order of secret value
The relevent tuple will be returned to the DBMS to compute the polynomial function
Data retrieval time for exact match query is less than aggregate query
The time to retrieve data increases linearly with increase in no of shares
CONCLUSION
Customers do not want to lose their private
information as a result of malicious insiders in the
cloud.
the loss of service availability has caused many
problems for a large number of customers recently.
Furthermore, data intrusion leads to many
problems for the users of cloud computing.
The purpose of this work is to propose a new model
called MCDB which use Shamir’s secret sharing
algorithm with multi-clouds providers instead of
single cloud.
The main aim of this model reduce the security
risks occurs in cloud computing and addresses the
issues that related to data integrity, data intrusion,
and service availability.
[1] H. Abu-Libdeh, L. Princehouse and H. Weatherspoon, RACS: a case for cloud storage diversity, ACM, 2010, pp. 229-240.
[2] D. Agrawal, A. El Abbadi, F. Emekci and A. Metwally, Database Management as a Service: Challenges and Opportunities, Data Engineering, 2009. ICDE '09. IEEE 25th International Conference on, 2009, pp. 1709-1716.
[3] S. Akioka and Y. Muraoka, HPC benchmarks on Amazon EC2, IEEE, 2010, pp. 1029-1034.
REFERENCES
Top Related