����������
�����������
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 1
CHAPTER – 1
������������
1.1. Overview
Cloud computing is an internet based computing. It is evolved from grid
computing, utility computing, parallel computing, distributed computing and
virtualization [Raj, 09]. It has more powerful computing infrastructure with a pool of
thousands of computers and servers [Bor, 10]. It provides computational resources like
server, storage, software, memory, network etc., as on-demand services [Pet, 11]. It
helps to reduce the computational infrastructure investment and maintenance cost of IT
requisite for Small and Medium scale Enterprises (SME) [Ali, 10]. It provides
Everything (X) as a Service (XaaS) where ‘X’ denotes software, OS, server,
hardware, storage, etc [Daw, 11]. Cloud services are scaling up and down based on
the users’ demand [Raj, 08]. Cloud has multiple datacentres placed in different
geographical locations in the world to provide reliable services to the users [Sud, 12].
It provides unlimited service provisioning without any human intervention. Cloud
automates the service provisioning by way of running a number of Application
Programming Interface (API) in the cloud storage environment.
The major feature of cloud computing is that it allows sharing and scalable
deployment of services as needed by the users from any location. Cloud computing
saves time and money during software up-gradation; cloud services are updated by the
provider; so users are always working on the latest platform [Arm, 09]. Cloud
minimizes the amount of wasted computing resources and can also reduce energy
consumption significantly.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 2
The main core area of Cloud computing is Virtualization [Zha, 10].
Virtualization empowers the cloud as a scalable and elastic service environment. It
enables a dynamic datacentre where servers provide a pool of resources that are
connected as needed, where the relationship of applications to compute, storage, and
network resources changes dynamically in order to meet both workload and business
demands.
1.1.1. Essential Characteristics
Cloud has five essential characteristics which provide unique features to the
cloud than other computing [Ila, 10].
On-Demand Self-Service: It enables users to use cloud computing resources
without human intervention between the users and the Cloud Service Providers (CSP).
Instant usage of resources and elimination of human intervention provide efficiencies
and cost savings to both the users and the CSPs.
Broad Network Access: Cloud computing is an efficient and effective
replacement for in-house data centres. High-bandwidth communication links must be
available to connect to the cloud services. High-bandwidth network communication
provides access to a large pool of computing resources.
Location-Independent and Resource Pooling: Computing resources are
pooled to serve multiple users using a multi-tenant model, with different physical and
virtual resources dynamically assigned and reassigned according to users’ demand.
Applications require resources. However, these resources can be located anywhere in
the geographic locations physically and assigned as virtual components whenever
they are needed. There is a sense of location independence that the users generally
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 3
have no control or knowledge over the exact location of the provided resources. At the
same time, this helps to specify location at a higher level of abstraction (e.g., country,
state, or datacentre).
Scalability: It enables new nodes to be added or dropped from the network
like physical servers, with limited modifications to infrastructure set up and software.
Cloud architecture can scale horizontally or vertically, according to users’demand.
Measured Service: The usage of cloud resources by the users are monitored
by APIs in the cloud. Users are billed automatically based on the usage of cloud
resources. Cloud systems automatically control and optimize resource usageby
leveraging a metering capability at some level of abstraction appropriate to the type of
service (e.g., storage, processing, bandwidth, and active user accounts). Resource
usage can be monitored, controlled, and reported by providing transparency for both
the CSPs and the users of the utilized service.
1.1.2. Cloud Services
The cloud computing services are broadly divided into three categories
namely, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software
as a Service (SaaS) [Chu, 10].
IaaS is the delivery of huge computing resources such as the capacity for
processing, storage and network. For example, when users use the storage service of
cloud computing, they just pay the consuming part without buying any storage disks
or even knowing nothing about the location of the data they deal with the cloud.
Sometimes the IaaS is also called Hardware as a Service (HaaS). The top level
infrastructure providers are Amazon EC2, Rack Space, etc.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 4
PaaS generally abstracts the infrastructures and supports a set of API to cloud
applications. It is the bridge between hardware and application. Because of the
importance of platform, many big companies want to grasp the chance of predominating
the platform of cloud computing as Microsoft does in personal computer time. The
well-known cloud platform providers are Google App Engine (GAE) and Microsoft’s
Azure Services Platform (MASP).
SaaS aims at replacing the applications running on PC. There is no need to
install and run the special software on users’ computer if users use the SaaS in the
cloud. Instead of buying the software at a relatively higher price, users just follow the
pay-per-use pattern which would reduce their total cost. The concept of SaaS is
attractive, and softwares run well as cloud computing, but the delay of network is fatal
to real time or half real-time applications. The top level software providers are
Google, Microsoft, Salesforce.com, etc.
1.1.3. Deployment Models
Cloud is deployed in four types of deployment models as defined by NIST
such as Public, Private, Community and Hybrid cloud [Pet, 11].
Private cloud infrastructure is operated solely for a single organization and
managed by that organization or a third party. It is also known as internal cloud.
Private clouds are hosted by third parties, rather than being hosted on dedicated
servers. Hosting companies operate large datacentres and people who require their
data to be hosted, buy or lease storage capacity from providers and use it for their
storage.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 5
Public cloud or external cloud describes cloud computing in the traditional
mainstream, whereby resources are dynamically provisioned on a fine-grained, self-
service basis over the Internet, via web applications or web services. The resources
are provisioned from an off-site third-party CSPs who bill on a utility computing
basis.
Community cloud may be established where several organizations have
similar requirements and seek to share infrastructure so as to realize some of the
benefits of cloud computing, with the costs spread over fewer users than a public
cloud. This option of deployment is more expensive but may offer a higher level of
privacy, security and/or policy compliance.
Hybrid cloud is understood as two separate clouds joined together (public,
private, internal or external), or a combination of virtualized cloud server instances
used together with real physical hardware. By integrating multiple cloud services,
users may be able to ease the transition to public cloud services. A hybrid storage
cloud uses a combination of public and private storage clouds. Hybrid storage clouds
are often useful to backup functions, allowing data to be replicated to a public cloud.
1.2. Need for Cloud Data Outsourcing
The new concept introduced by the cloud is data outsourcing. Data
outsourcing in the public cloud is becoming increasingly popular and introducing a
new paradigm, called Database as a Service, where users’ data are stored at an
external CSP [Car, 11]. This scenario presents new research challenges on which the
usability of the system is based [Ric, 09].
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 6
The main advantage of outsourcing is related to the cost of on-premises versus
outsourced hosting; outsourcing provides,
• Significant cost savings and service benefits and
• Higher availability and more effective disaster protection than on-premises
operation.
Users could outsource data to cloud and retrieve the same when they are
needed. Cloud service providers should store the users’ data in the database server and
provide maximum availability of data and efficient disaster recovery. The data
outsourcing scenario in public cloud is represented in Figure 1.1 and Figure 1.2. Cloud
users may be the enterprise users or general users [Fat, 11].
Outsourced data could be accessed in following two schemes. In the first
scheme, data owners and data users are same, where as in the second scheme, data
owners and data users are different. Figure 1.1 represents the first scheme and Figure 1.2
represents the second scheme.
Figure 1.1. Data Outsourcing in Public Cloud Storage –
Owners and Users are Same
�
����������
��������� �������������������
����������������
��������������
��������� ������������
��
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 7
As an advantage of this development toward outsourcing, highly sensitive data
are now stored on systems which run in locations that are not under the control of data
owners. Therefore, data confidentiality is to be put at risk.
There is a possibility of potential unacceptable use of database information
that can be achieved by the provider itself. The traditional access control techniques
may prevent data access by external users, and not by internal administrators.
1.3. Data Management in Cloud Storage
The data management is a critical aspect for Enterprises [Wal, 13]. The
Enterprises are interested in getting the benefits from the cloud paradigm, to
outsource their data to cloud database service providers and to access their data via
internet. This data management model is referred to as Database as a Service (DaaS)
[Car, 11]. DaaS is one of the most important applications of SaaS delivery model.
DaaS model provides many benefits to enterprises as it saves the cost of database
administration, and offers reliable storage.
�
��
����������
�������������������
����������������
���������
��������� ������������
�����
��������
Figure 1.2. Data Outsourcing in Public Cloud Storage –
Owners and Users are Different
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 8
In DaaS model, enterprises store data through internet into the database that is
managed by Data Base Administrators (DBA) of the Service providers. DBA sought
to have full control over the database to perform responsibilities of DBA like database
backup, database restore, and recovery of database in case it is crashed and also to
achieve performance and tuning of the database [Ram, 03]. This situation results in
two types of attacks on the cloud data; attacks are either by CSP or other users of
cloud services. Although DaaS model is attractive, it is not successful since the DBA
can look into the data and can transfer business sensitive information to the
competitors [Sha, 11].
1.4. Confidentiality of Outsourced Data
Data sent to the cloud are not stored in a single cloud storage server. It is
replicated to different cloud data centers located in different places in the world. Data
centers are controlled and maintained by different experts from CSPs. The data can be
hacked from any data center [Ram, 10]. In cloud storage, maintaining the confidentiality
of the data is the primary issue.
In [Wil, 05], confidentiality is defined as the assurance that sensitive information
is not disclosed to unauthorized persons, processes, or devices. Hence, it must make
sure that the users' confidential data, which the users do not want to be accessed by
CSPs, are not disclosed to CSPs in the cloud computing systems, including applications,
platforms, CPU and physical memories.
It is noted that users' confidential data are disclosed to a CSP only if all the
following three conditionsare satisfied simultaneously [Yau, 10]:
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 9
1) The CSPs know where the users' confidential data are located in cloud
computing systems.
2) The CSPs have the privilege to access and to collect the users' confidential
data in cloud computing systems.
3) The CSPs can understand the meaning of the users' data.
The above three conditions arise from the following reasons, in order to
collect users' data. The CSPs must know the location of the data in cloud systems and
have the privilege to access the data. Even if the CSPs could collect users' data
successfully, they may not be able to understand the meaning of the data unless the
CSPs have at least some of the following information to understand the meanings of
the data:
• Types of data
• Functionalities and interfaces of the application using the data
• Format of the data.
Hence, it is needed to prevent the CSPs from satisfying all the above three
conditions, and then protect the confidentiality of users' data in cloud storage.
1.5. Cloud Computing System Architecture
The current cloud computing system consists of three layers: software layer,
platform layer and infrastructure layer, as shown in Figure 1.3 [Ila, 10]. The software
layer provides the interfaces for users to use CSPs’ applications running on a cloud
infrastructure. The platform layer provides the operating environment for the software
to run using system resources. The infrastructure layer provides the hardware resources for
computing, storage and networks [Ari, 13].
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 10
Figure 1.3. Current Cloud Computing Architecture
Platforms or infrastructures could be provided as virtual machines. The
following are the major problems of current cloud computing system:
• Each CSP has a software layer, a platform layer and a infrastructure layer.
When users use a cloud application from a CSP, then the users are forced to
use the platform and infrastructure provided by the same CSP. Hence the CSP
knows where the users' data are located and has full access privilege to the
data.
• The users are forced to use the interfaces provided by the CSP, and users' data
have to be in a fixed format specified by the CSP. Hence, the CSP knows all
the information required for understanding the data.
Therefore, it is difficult to avoid CSPs from satisfying all the three conditions
in Section 1.4.
Software as a Service
Platform as a Service
Infrastructure as a Service
Public
Cloud
Private
Cloud
Community
Cloud
HybridCloud�
�
Cloud
Users
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 11
1.6. Need for Data Security in Cloud Storage
Data protection is a crucial security issue for most of the enterprises [Ram, 13].
The main issue focused in cloud computing is data security. However, users are more
concerned about the security ofthe data in the cloud. Enterprises’ critical data are
moved to geographically dispersed cloud infrastructure, not under the direct control of
the enterprises. Moreover, data are stored in a multitenant environment and they are
always in a decrypted form when used. Given the large number of issues concerning
data security, many organizations want clear answers regrading security before
migrating into the cloud. Data security in the cloud includes the following [Shu, 12].
Security of data-at-rest: Users’ data stored on the physical storage should not
be modified. Encrypting the data may be the solution for this but in case of PaaS and
SaaS, encryption of data are not always feasible and hence the probability of
unauthorized access is very high.
Security of data–in-transit: Data must be secured, while transferring
between servers. It should not be viewed or changed by other user. So it requires an
appropriate encryption algorithm as well as a secure protocol.
Security of data during process: Users’ data should not be viewed or
changed by other user at runtime.
Security of data lineage: It deals with maintaining the origin and custody of
data in order to prevent tampering or to assure integrity of data. However, this is time-
consuming job. Trying to provide accurate reporting on data lineage for public cloud
servicesis not possible [Tim, 09].
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 12
1.7. Security Requirements for Cloud Storage
Security measures assumed in the cloud must be made available to the users to
gain their trust [Hyu, 12]. There is always a possibility that the cloud infrastructure is
secured with respect to some requirements and the users are looking for a different set
of security mechanisms [Mas, 10]. The reason why users are very anxious for the
safety of their data being saved in the cloud is that they don’t know who is managing
it in the server of the CSP. Typical users, who use the cloud service like storing their
files on the server to access it anywhere they want through internet, don’t bother
much about the security of their files. Those documents are common files that don’t
need to be secured. But in the case of big companies which have very important data
to be taken care of need to have secured cloud computing system. In order to have
secured cloud system, the following aspects of security parameters are considered for
data protection.
1.7.1. Authentication
Authentication is the process of verifying a user’s or other entity’s identity.
This is typically done to permit someone or something to perform a task. A strong
authentication system ensures that the authenticators and messages of the actual
authentication protocol are not exchanged in a manner that makes them vulnerable to
being hijacked by an intermediate malicious node or person. That is, the information
used to generate a proof of identity should not be exposed to anyone other than the
person or machine it is intended for.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 13
1.7.2. Authorization
Authorization is when the system decides whether or not a certain entity is
allowed to perform a requested task. This decision is made after authenticating the
identity of users. When considering an authentication system for a particular application,
it is crucial to understand the type of identifier required to provide a certain level of
authorization.
1.7.3. Confidentiality
Confidentiality is needed when the message sent or stored in the cloud contains
sensitive data which should not be read by others. Hence it must not be sent in a
comprehensible format. A loss of confidentiality is the unauthorized disclosure of
information. Confidentiality relates to security and encryption techniques can be obtained
by encrypting messages so that only intended recipients have access to read them.
1.7.4. Integrity
Integrity is ensuring that the data presented are true and valid. It also includes
guarding against improper data modification. A loss of integrity is the unauthorized
modification, insertion, or destruction of information. One way of ensuring data
integrity is using simple checksums which prevent an attacker from forging or
replaying messages.
1.7.5. Non-Repudiation
Non-repudiation is a process of ensuring that a traceable legal record is kept
and has not been changed by a malicious entity. A loss on non-repudiation would
result in the questioning of the transaction that has occurred. A simple example of
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 14
non-repudiation is signing a contract. The signers cannot claim that they did not agree
a contract, because there is an evidence that they did agree.
1.8. Motivations
Cloud storage is widely popular and it is used by millions of people in the
world. The users are eager to adopt the cloud storage by outsourcing their IT
requisites. Cloud computing has numerous advantages such as easy to use and
maintain, low power consumption for operation and reductions in the overhead for
storing the data. Despite several advantages, cloud also suffers from different security
threats and risks. Protecting from security threats and attacks is the primary concern
for the enhancement of a more secured cloud infrastructure. Traditional techniques for
data security are not enough for protecting data in the cloud, because they become
obsolete with respect to ever-evolving security threats. Moreover data stored in cloud
are not just stored, also it gets accessed by a large number of times and changes in the
form of insertion, deletion or updation that take place from time to time.
Security with traditional information systems has become difficult to satisfy
the data security in cloud environment, and this is also a challenging job for the public
cloud storage. Hence, it is imperative to ensure the confidentiality of the data in cloud
storage. Moreover, the CSPs do not clearly answer till now, some of the questions
related to security.
1. Where are the data stored?
2. Are the data encrypted or not?
3. Is any encryption technique used for data security?
4. How to maintain the key for different data users?
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 15
5. How are the data retrieved from cloud storage?
6. Who are responsible for accessing the data from cloud provider?
Motivated by this fact, this research work aims at ensuring the confidentiality
of the outsourced data by achieving the following goals.
• To propose a security service mechanism as a cloud service for protecting data
in cloud storage.
• To ensure that the data stored in the cloudare accessed only by the data owners.
• To propose security service algorithms suitable for cloud environment using
encryption and obfuscation.
• To reduce the size of data being stored in the cloud storage.
• To design a framework to provide security by ensuring the confidentiality of
outsourced data stored in the public cloud storage.
1.9. Scope of the Research Work
Security is a major challenge in cloud storage owing to the conduct of
outsourced computing. Unless robust security scheme is implemented, cloud storage
will be vulnerable to various attacks by the unauthorized users. Cloud data may be
hacked by either insiders or outsiders. So, the users must be very careful while storing
the data in cloud storage. It is necessary to ensure that even though the data in the
cloud are accessed by hackers, they should not be able to get the actual information.
Data security is ensured by different security parameters namely Authentication,
Authorization, Confidentiality, Integrity and Availability. Out of these, Confidentiality,
Integrity and Authentication are the important areas. Among these security
parameters, confidentiality is the most important parameter for data security in cloud
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 16
storage. Confidentiality ensures that the data can only be accessed by the privileged
cloud users. The scope of this research work concentrates only on confidentiality
parameter to ensure data security and other parameters are out of scope of this
proposed research work. Data in the cloud are categorized into two forms, namely,
Data in Transit and Data at Rest. This research work concentrates on Data at Rest.
The types of data considered for this research work are numerical and non-numerical.
This research work aims at providing a secured confidentiality framework to
cloud users and to service providers in order to protect the data stored in the public
cloud storage environment. This is to improve the usability of cloud and to minimize
the cost of storing and maintaining data by cloud storage.
1.10. Definition of the Problem
Data security is a critical area in cloud computing environment. Cloud has no
limits, and the data can be physically placed at any datacentres which are
geographically distributed. The users are forced to use the platform and infrastructure
provided by the same CSP. Hence the CSP knows where the data are located and have
full access to the data. This scenario of cloud raises several issues regarding
confidentiality of data.
Users’ data sent to the cloud are controlled and monitored by CSPs. CSPs as
privileged administrators have the rights to look into the users’ data. So, there is a
possibility that data are hacked from CSPs. Users do not have any control over the data
in cloud storage. Moreover, cloud is a public environment. Hence, data may have the
chance to be mingled with data of other users.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 17
Users do not know whether the data are encrypted in the cloud storage or not.
Maintaining keys for each user is more difficult for CSPs, and the same key is used
for all users’ data [Tim, 09]. Users’ data have to be in a fixed format specified by the
CSP, and hence the CSP knows all the information required for understanding users'
data. Here are the issue raised up for data protection.
1.11. Significance of the Proposed Research Work
The major problem found in the existing cloud frameworks is data security for
outsourced data. Security for data stored in the cloud is the top most issue in public
cloud environment. Security issue is raised owing to different functionality of existing
cloud framework. Users are forced to use the platform and infrastructure of the same
CSP. Hence, the CSPs have control over the users’ data. CSPs can easily access the
users’ data stored in their infrastructure. Users do not know whether the data are
encrypted in the cloud storage or not. Some CSPs use a single key to hide all the
users’ data. In most of the existing framework, users have to work more for securing
their data and have to maintain the component in the framework in their own
premises. The proposed framework reduces the work burden for the users and
separates the cloud services from different independent CSPs. Security is provided as
a service to the users to secure the data in the cloud storage. The users should decide
which security service mechanism is to be used to secure the data before it is sent to
the cloud. Keys used for data security are generated in the cloud and are provided to
the users as a service.
Cloud provides huge storage resources to the users without any concern about
the place restriction. Users could outsource their data at any time to the cloud. Size of
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 18
the data outsourcing is not a big concern in the cloud environment. Data uploaded to
the clouds are secured by using SSA in the proposed framework. The main
considerations for designing the SSAs is to provide security for data in cloud and
time taken for processing, because in view of the processing time delay of the SSA,
the data uploading may become slow. The proposed SSAs are specially designed for
the cloud environment to process the data without any delay.
Security service algorithms in the proposed framework are more suitable for
the cloud environment due to their minimum execution time and high security (as
shown in the tables and graphs in upcoming chapters) provided to the data in the
cloud storage. Three SSAs are provided from the cloud to the users. These algorithms
are used for a specific type of users’ data.
Many researchers proposed several security frameworks, but, a complete
security framework has not yet been proposed. In this research work, a framework
called, AROMO is developed, and it gives better results during simulation. Three security
services are used for data protection. These services are provided by three independent
CSPs. All security services in the framework are simulated in the cloud environment.
1.12. Aim and Objectives
The primary aim of this research work is to propose a security framework to
ensure confidentiality of outsourced data in public cloud storage. The objectives to
achieve primary aim of the proposed research work are as follows:
1. To propose a security service mechanism to store the data in the cloud storage.
2. To propose security service algorithm AROcrypt to ensure the confidentiality
of non-numerical data stored in cloud storage.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 19
3. To propose security service algorithm MONcrypt to ensure the confidentiality
of numerical data stored in the cloud storage.
4. To propose security service algorithm AROMONcrypt to ensure the confidentiality
of non-numerical and numerical data stored in the cloud storage.
5. To design a secured framework AROMO to ensure the confidentiality of data
in cloud by incorporating the proposals.
1.13. Organization of the Thesis
The thesis consists of seven chapters. The format of the thesis is as follows:
In Chapter 1, introduction to the research work is given. It provides fundamental
details of the research work. It gives details about the cloud computing and its
characteristics. The services and nature of cloud storage are explained. The scope of
this research work and the definition of the problem are elucidated. The motivation
behind this research work is also projected. The aim and the objectives of the research
work are stated. Chapter 2 explains the related research works carried out by various
researchers. It carries the information regarding the existing research works and the
reviews.
In chapter 3, a framework called AROMO is proposed to provide security by
ensuring the confidentiality of the data stored in the cloud storage. The framework
comprises three primary services namely, SEaaS, KGMaaS and STaaS. SEaaS
provides security services; KGMaaS generates key and maintains a log for key
management; STaaS provides cloud storage servers for data storage. SEaaS has three
different security service algorithms, namely, AROcrypt, MONcrypt and AROMONcrypt.
These algorithms are used to hide user’s data by use of encryption or obfuscation
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 20
technique before they are uploaded to the cloud storage. Users should select any one
of the security service algorithms to secure the user’s data in the cloud. KGMaaS
generates keys, based on a particular security algorithm selected by the users. Keys
are directly forwarded to the users. The users’ details for forwarding the keys are
received from SEaaS to KGMaaS.
In chapter 4, a security service algorithm, namely, AROcrypt is proposed.
AROcrypt SSA is used to encrypt the non-numerical data uploaded to the cloud.
AROcrypt SSA encrypts the user’s data using four keys. Keys for AROcrypt SSA are
generated in KGMaaS and forwarded to the users. Users apply those generated keys
and data into AROcrypt SSA to encrypt the data. The data are encrypted, and then
they are sent to cloud storage. Keys used for encryption are not communicated to
CSPs; So CSPs could not access data from cloud storage.
In chapter 5, MONcrypt security service algorithm is proposed to obfuscate
the numerical necessary data. MONcrypt security service algorithm is based on
obfuscation technique. It is one of the security service algorithms in SEaaS.
MONcrypt SSA uses different mathematical functions and program logic to obfuscate
the data. A key is used to rotate the digits. The same key is used for de-obfuscation.
MONcrypt SSA not only ensures the confidentiality of the data but also reduces the
size of the data sent to cloud storage.
In chapter 6, a security service algorithm, namely, AROMONcrypt is
proposed to encrypt and obfuscate the non-numerical and numerical data respectively.
Both encryption and obfuscation are applied on the data simultaneously. The users
submit the data to the AROMONcrypt SSA, and then it analyzes the type of data.
���������� � � � ���� ����� ��
������������ ������������������������������������������������������������������ 21
AROMONcrypt starts encrypting the non-numerical type of data and obfuscate the
numerical type of data. The users keep the keys for decryption and de-obfuscation.
CSPs of SEaaS or STaaS are not aware of the keys used by SSAs.
Chapter 7 concludes the thesis. It explains the essence of the proposed security
framework of cloud storage, research findings and interpretations, salient features, and
limitations and future research directions. All these chapters explain the research work
and the results with suitable figures, tables and graphs.
1.14. Chapter Summary
Cloud gains more attention of the IT Enterprises, because of its advantages.
Cloud supports on-demand computing. It reduces the cost of installing and
maintaining storage servers. Though the cloud storage provides many benefits and
advantages to cloud users, it has many security related issues. Hence, it is necessary to
propose a new security framework to protect the outsourced data in public cloud
storage environment. This chapter has provided the fundamentals of the proposed
research work. The motivation behind this research work and the aim and the
objectives are given. The scope of the research work and the security issues related to
Cloud are also given. The next chapter presents the literature review and it lists the
related research works along with the issues of the existing mechanisms.
Top Related