International Journal of Engineering Research & Technology (IJERT)

PEMWN-2015 Conference Proceedings

Securing Data Storage in Cloud Computing

H. Guesmi, C. Ghazel and L. A. Saidane
Cristal Lab, National School of Computer Sciences.
University of Manouba – Tunisia

Abstract— This paper addresses the need for users to trust [1]. Public Cloud is made accessible to the overall public or
the commercial cloud providers and the security issues of large industrial groups and it is provided by a single supplier
storing data in a cloud storage service. The cloud storage is one offering some unique and requesting Cloud Services. Private
of the prominent services offered in cloud computing. Data Cloud is worked singularly for an association in a constrained
stored over cloud in the plain text format is a security threat.
manner with the total exclusive access of the outer
This paper proposes a method for cloud storage that allows user
to store and access the data securely. It also guarantees that no individuals from the association. The Hybrid Cloud is a blend
one can access the data neither the cloud storage provider of two or more clouds. It enables data transportability through
except the authenticated user. This method provides security load adjusting between clouds. Supplying security in the
and privacy for data stored in public servers. hybrid cloud computing is much more difficult particularly
for symmetric key distributions and mutual authentication.
Keywords— Cloud Computing Security, Cloud Storage The Community Cloud Model is shared by a few
Security, Elliptic Curve Cryptography organizations Agreement (SLA). A particular community
I. INTRODUCTION shares concerns like requirements, policy, and compliance
considerations. The expense of utility of the infrastructure is
Cloud Computing is a technology that uses central remote generally shared inside of the model organization.
servers and the internet to maintain data and applications. There are five Cloud Characteristics as determined in [2].
This technology enables businesses and consumers to use On Demand Service Clouds is a large resource and service
applications without installation and allows them to access pool that the client can get service or resource at whenever he
their personal files at any computer with internet access. needs by paying the amount of services used. Ubiquitous
Cloud Computing allows for much more efficient computing Network Access is to provide services through standard
by centralizing storage, memory, bandwidth and processing. terminal like Laptops, mobile phones, and Personal Digital
But, in addition to its advantages, cloud storage brings Assistant (PDA). The Easy Use characteristic is that most
various security issues. Data confidentiality appears as the cloud providers offer web based interfaces that are easier than
biggest interest for users of a cloud storage system. Indeed, application program interfaces which allow the clients to
the clients’ data are managed out of their governance. utilize the cloud services simpler. Cloud is a Business Model
Meeting compliance requirements and enforcing security in light of the fact that it is "pay according to use" of the
policy are tough enough when you deal with third parties and service or resource. The Location Independent Resource
their known or unknown subcontractors. means that providers computing resources are pooled to serve
In this paper we propose a method for improving data numerous clients using multitenant model with diverse
confidentiality in cloud storage systems by providing the physical and virtual resources progressively assigned and
method that encrypts the client data before sending to cloud reassigned according to demand.
storage using secret key and decrypts the data after receiving III. SECURITY CHALLENGES IN CLOUD COMPUTING
from cloud storage using the same secret key. These ENVIRONMENT
operations are done at client side making use of secret key. In
this way user is assured about security of data stored in cloud Every cloud computing based service has different sorts
and secret key never leaves the user computer. of security challenges. An intruder can utilize the
This paper is organized as follows. Section 2 covers the vulnerabilities of network infrastructure to attack the services
general model of cloud computing that embraces services on features of cloud like on demand self-service, multi-
models and Cloud computing features. Then, we review some tenancy, broad network access etc. This could make a
prevalent security challenges in cloud computing considerable measure of vulnerabilities in the service
environment in Section 3. Section 4 deals with the general delivered [3]. An overview conducted by [4] demonstrates
concept of Elliptic Curve Cryptography. The proposed model that security is a major concern toward the clients staying far
is discussed in section 5 and finally, Section 6 describes the from the cloud. In this subsection, we analyze different sorts
conclusion and the future research works. of security that back their heads prevalently in the
applications deployed on the cloud.
II. CLOUD COMPUTING MODELS
A. Security issues of Network Infrastructure
Cloud computing came into the Internet benefits as a With the services provided over the cloud Computing
computing resources because of the advancement of Environment, network infrastructures have caused several
Infrastructure as Services. The features of cloud computing security issues and challenges. The attacks Distributed Denial
are as take after that are classified into four principal models of Services (DDOS) are realized by malicious software. They

VOLUME 4, ISSUE 04 [Link] 60

 International Journal of Engineering Research & Technology (IJERT)

PEMWN-2015 Conference Proceedings

prevent the server from providing services to its users by When cloud is used, in most cases, the user does not know
sending un-accessible request to the client. DDOS attack is Data where the cloud is hosted. The cloud providers should
Location give specific locations of their services if they expect trust
performed on other machines when a system on the cloud is and advantageous patronize of their services by the
hacked and used as base. To obtain the main information customers. This would also improve data recovery should
about the user, attacker can analyze all packets passing the data is lost for want of recovery mechanism
through the system. But to find out the open port that can be technology.
This is a worrisome problem; investigation on cloud
attacked, scanning is done. Attackers use SQL injections to Investigative computing in the aftermath of fraud is a significant issue.
attack the cloud based database [5]. Support This is more observable because laws demarcation
divergence in countries of perpetration of the heinous act.
B. Security issues of the Web Services
The web services are vulnerable to many sorts of attacks.
IV. ELLIPTIC CURVE CRYPTOGRAPHY
These vulnerabilities emerge because of the implementation
mechanism and existing protocols in web services. These are
Neal Koblitz and Victor Miller independently suggested,
described in table1.
in 1985, the use of elliptic curves in public key cryptography
TABLE I. VULNERABILITIES OF WEB SERVICES
[6, 7]. While maintaining an equal level of security,
supporters of elliptic curve cryptography (ECC) claim that
Vulnerabilities Description ECC requires much smaller keys than those used in
conventional public key cryptosystems. Therefore, the use of
Xml can be forced to call itself severally elliptic curves cryptography allows faster encryption and
thereby overflowing the memory. This could
Buffer Overflows trigger error message and makes the decryption.
application reveal information about itself. Elliptic curve cryptography Diffie- Hellman Algorithm
XML injections are used to insert a parameter was described in [6,8]. If a user wants to communicate
Xml Injection into a query and let the server execute the data. (sends/downloads data) with cloud service provider securely
An attacker can inject a soap message and over an insecure network they can exchange a private key
obtain the session digital identity thereby over this network in the following way:
Session Hijacking representing himself as an authenticated user to
the server. Later on, he can go on to perform  P is a particular rational base point that is published in
some serious mischief to the server. a public domain for use with a particular elliptic curve
Service user losses control over the data as it E(Fq) also published in a public domain.
Security Risk due to stores on other’s servers, the user has to  User and cloud service provider pick random integers
Cloud Features depend on the provider’s security arrangement a and b respectively as private keys.
and its analyses.
 User and cloud provider compute a*P and b*P and
C. Security Issues of Applications Available over the Cloud exchange values over an insecure network.
The applications available on cloud computing can  Using the information exchanged, both User and cloud
confront some sort of attacks like that are on model of client- provider compute (a*b)*P = a*(b*P) = b*(a*P). This
server. To deliver their services to the client, SaaS value is then the shared secret that only User and
applications depend on the web browsers and web services. Cloud provider possess.
The services PaaS and IaaS are hardware dependent and face The difficulty of the ECDLP (Elliptic
more challenges emerging out of features of the cloud Curve Discrete Logarithm Problem) ensures that the private
computing than SaaS infrastructure [4]. Security challenges keys a and b and the shared secret (a*b)*P are difficult to
emerging out of the network infrastructure and web services compute given a*P and b*P. Thus, cloud providers and their
are described in table2. clients do not compromise their private keys or their shared
One of the different ways that could deal with these issues secret in the exchange.
is the Public key Infrastructure (PKI). There are different A. ELliptic curve cryptography Encryption/Decryption
sorts of public key cryptographic schemes. Elliptic Curve There are different approaches using elliptic curves, to
Cryptography is one of them and it is the covering of next encryption/decryption, have been analyzed. This paper
research in the next section. presents one of them. The first object is to encode the
plaintext message m to be sent as an x-y point Pm. The point
TABLE II. SECURITY ISSUES OF CLOUD APPLICATIONS Pm will be encrypted as a cipher text and thereafter
Security Description
decrypted. This system requires a point G and an elliptic
Issues group Ep(x,y) as parameters. Each user A selects a private key
In some cases, some cloud computing providers do not nA and generates a public key PA.
Regulatory make an external audits and security certifications. In
compliance view of this, it is strongly suggested that cloud computing PA = nA x G (1)
as a body should have a regulatory and disciplinary outfit To encrypt a message Pm and send it to B, A chooses a
that would consistently meet the target of the consumers.
Sensitive data processed outside the organization brings random positive integer a and produces the cipher text C
Privilege malicious data that are inherent in raising the level of risk. consisting to the pair of points [8].
User Access Cloud Providers should ensure they have adequate and
strong anti-virus mechanisms in the processing of their C = {aG, Pm + aPB} (2)
outputs for dispensing such cloud critical systems to the
consumers.

VOLUME 4, ISSUE 04 [Link] 61

 International Journal of Engineering Research & Technology (IJERT)

PEMWN-2015 Conference Proceedings

Note that A has used the public key of B: PB. To decrypt A. Authentication
the cipher text, B multiplies the first point in the pair by the Authentication Model treats the cloud security problem
secret key of B and subtracts the result from the second point: that is based on the critical information on transmission:
authentication and non-repudiation between client and cloud.
Pm + aPB – nB(aG) = Pm + a(nBG) – nB(aG) = Pm (3) To access the service from cloud, user must be
authenticated. Username and password pair is the used
B. Operations of ECC
security mechanism for data access. After the user provides
In cryptography the Elliptic Curve used consists of set of
the username and password, the authentication model (Au-
points which are imposed on the curve equation. Suppose P=
Model) computes A = hash (password) and encrypts A with
(x1,y1) and Q= (x2,y2) are two points on the elliptic curve y2 client's secret key then with cloud's private key to have C and
= x3+ax+b, then the two points can be added together to send it to cloud service provider to verify the authenticity of
produce another point R on the curve such that -P= (x3,y3)=
the user. Then, user will be allowed to access cloud services.
P+Q as depicted in figure1.
The architecture Au- Model is shown in figure 2.

Fig. 1. Addition points P and Q in elliptic curve E/R : y2 = x3 + ax+ b Fig. 2. Authentication-Model

V. PROPOSED SOLUTION B. Encryption/ Decryption

Data storage model (DS-Model) treats data security on
The ECC discrete points over a finite field are used as a cloud-based virtual infrastructure, which should ensure
cyclic group. All types of schemes based in public confidentiality, integrity and availability.
cryptography can be implemented as analogous using the As this method is founded on secret key cryptography, the
ECC. Elliptic Curve Cryptography has not gained the same data stored on private data section is encrypted by ECC
popularity like the ELGamal and RSA schemes although it private key and the data stored on shared data section is
gives the level of security as the other public cryptographic encrypted by ECC public key. When a user wants to send a
based schemes. The ECC is based on elliptic curve discrete message he must have a key pair suitable for the elliptic
logarithm [9,10]. The Elliptical Curve Discrete Log Problem curve cryptography which consists of a secret key x (that is a
(ECDLP) makes it difficult to break an ECC as compared randomly selected integer) and a public key Q (where Q = xG
with the RSA and DSA algorithms where the problems of and G is the base point of primes order of the curve chosen
factorization or the discrete log problem can be solved in sub- from the elliptic curve equation). The data that has to be
exponential time. This signifies that in ECC smaller stored in a cloud cannot be stored in plaintext format so it
parameters can be used than in order competitive systems must be changed into an encrypted format. Cryptographic
such as the DSA and RSA. This advantage greatly helps to model encrypt the user’s data using the secret key of user
minimize energy in processing. then public key of cloud provider.
We exploit the technique of elliptic curve cryptography When user requests to download data stored on cloud,
encryption, in order to achieve secure storage and access on server send the data in encrypted format. Cryptographic
outsource data in the cloud. The proposed model can treats model will decrypt it, and original file is available to client.
two parts in the cloud storage server, private data section and
C. Signature
shared data section. The user use the private data section to
The data I received by cloud will be decrypted using
store his private data that is accessible to particular user only,
client’s public key then cloud’s secret key to have the file K.
and use the shared data section to store the data that needs to
Data storage model decrypts the data encrypted G to have the
be shared among trusted users. All the data stored in both
original file named DATA then computes hash (DATA) and
section will be encrypted by using data storage model (DS-
compares it to the signature K to verify if the original file is
Model).
not modified during its transmission. The architecture DS-
Model is shown in figure 3.

VOLUME 4, ISSUE 04 [Link] 62

 International Journal of Engineering Research & Technology (IJERT)

PEMWN-2015 Conference Proceedings

VI. CONCLUSION

The main object is to securely store and access data in

cloud that is not controlled by the owner of the data. To
secure storage and accessing data files in the cloud we exploit
the technique of elliptic curve cryptography. The ECC
algorithm used for encryption is an advantage to improve the
performance during encryption and decryption process. We
assume that this method of storing data have high
performance and is much secure.
In this scheme just member of group can access the data
stored over shared data section. The future research
inclination in cloud computing models is going on to treat the
problem of group sharing of data in the shared data section.

REFERENCES

[1] G. Veerraju, I. Srilakshmi, M. Satish, “Data Security in Cloud

Computing with Elliptic Curve Cryptography,” International Journal
Fig. 3. Data Storage Model of Soft Computing and Engineering (IJSCE), 2012.
[2] J. Don , M. Alfred , V. Scott, “The Elliptic Curve Digital Signature
The Cryptographic model defines a set of hash functions Algorithm (ECDSA),” International Journal of Information Security,
1(1), 36-63, 2000.
in accordance to the ECC encryption and signature schemes
[3] P. Liu, “The definition and Characteristics of cloud computing.”
in use [11]. The Signature sent with data is computed as an Retrieved from [Link]
encryption of hash (DATA): Signature = encrypt (Hash 2011.
(DATA)). [4] T. Abhuday, Y. Parul, “Enhancing Security Cloud Computing
Using Curve Cryptography.” International Journal of Computer
Applications, 57(1), 26-30, 2001.
40*1260The different notations used in fig.3 are listed in [5] M. Dijk, J. Ari, “On the Impossibility of Cryptography Alone for
Table3. Privacy-Preserving Cloud Computing.” Computing, 305, 2001.
[6] V. Miller. “Uses of Elliptic Curves in cryptography,” CRYPT’85,
TABLE III. NOTATIONS USED LNCS 218, pp.417-426, 1986.
[7] N. Koblitz, “Elliptic Curve Cryptosystems”, Mathematics of
Notation Description Computation, vol. 48, pp. 203- 209, January 1987.
[8] W. Stallings. “Cryptography and Network Security: Principles and
SK_client Client Secret key Practice.” (3rd ed.). Prentice Hall, Upper Saddle River, New Jersey,
2003.
PK_client Client Public key [9] H. Liao, Y. Shen, “On Elliptic Curve Digital Signature Algorithm”
SK_cloud Cloud Secret key Tunghai Science, 8, 109-126, 2006.
[10] NIST, “NISt Brief Comments on Recent Cryptanalytic Attack on SHA-
PK_cloud Cloud Public key 1.” Retrieved from [Link]
(2005).
[11] D. Ratna, B. Rana, S. Palash. “Pairing-based cryptographic protocols :
A survey.” 2004.

VOLUME 4, ISSUE 04 [Link] 63