Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

vii ii iv

advertisement 
vii
TABLE OF CONTENTS
CHAPTER
1
2
TITLE
PAGE
DECLARATION
ii
ACKNOWLEDGEMENT
iv
ABSTRACT
v
ABSTRAK
vi
TABLE OF CONTENTS
vii
LIST OF TABLES
xiii
LIST OF FIGURES
xiv
LIST OF ABBREVIATIONS
xvii
LIST OF SYMBOLS
xx
LIST OF APPENDICES
xxi
INTRODUCTION
1
1.1
Overview
1
1.2
Problem Background
2
1.3
Problem Statement
6
1.4
Research Objectives
7
1.5
Scope of Research
9
1.6
Significance of Research
10
1.7
Contribution of Research
10
1.8
Thesis Organization
11
1.9
Summary
13
LITERATURE REVIEW
14
2.1
14
Introduction
viii
2.2
2.3
Cloud Deployment Models
16
2.2.1
Public Cloud
16
2.2.2
Private Cloud
17
2.2.3
Hybrid Cloud
18
2.2.4
Community Cloud
19
Cloud Service Delivery Models
20
2.3.1
Software as a Service
20
2.3.2
Platform as a Service
21
2.3.3
Infrastructure as a Service
21
2.4
Cloud Storage Services
22
2.5
Cloud Storage Data Security Concerns
23
2.5.1
Data Confidentiality
23
2.5.2
Data Integrity
24
2.6
2.7
2.8
Data Protection Mechanisms for Cloud Storages
25
2.6.1
Cryptography and Key Management
25
2.6.2
Trusted Computing
26
2.6.3
Access Control Mechanisms
27
2.6.4
Service Level Agreement
27
2.6.5
Data Auditing Services
28
Industry Based Implementations of Cloud Storage
Services
29
2.7.1
Amazon Simple Storage Service
29
2.7.2
Google Cloud Storage
33
Limitations of Industry Implemented Cloud Storage
Services
37
2.8.1
Vulnerable Key Management Approach
39
2.8.2
Inadequate Cryptographic Support
40
2.8.3
Exclusion of Security Assurance in Service
Level Agreements
2.8.4
Untrustworthy Data Integrity Verification
Services
2.9
40
41
Confidentiality and Integrity Preserving
Cloud Storage Models
42
ix
2.9.1
Secure Cloud Storage Integrator for
Enterprises
2.9.2
43
Data Confidentiality and Integrity
Verification Using User Authenticator
Scheme in Cloud
45
2.9.3
Secure Storage Services in Cloud
47
2.9.4
Data Confidentiality in Storage-Intensive
Cloud Applications
2.9.5
Cloud Storage Integrity Checking Using
Encryption Algorithm
3
4
49
51
2.10
Critical Analysis on Related Work Solutions
52
2.11
Contribution and Road Map of Research
56
2.12
Summary
59
RESEARCH METHODOLOGY
60
3.1
Introduction
60
3.2
Research Methodology
62
3.2.1
Literature Review
62
3.2.2
Analysis
64
3.2.3
Design
65
3.2.4
Implementation
66
3.2.5
Evaluation
67
3.3
Research Activities and Outcomes
68
3.4
Summary
71
SECURE CLOUD STORAGE MODEL
72
4.1
Introduction
72
4.2
Building Blocks of SCSM
73
4.3
Description and Architecture of SCSM
74
4.3.1
76
4.4
Roles and Responsibilities
Components of SCSM
4.4.1
77
Multi-factor Authentication and Authorization
Process
78
x
4.4.1.1
Role Based Access Control
4.4.1.2
Complex Random Security
Code Generator
5
6
79
81
4.4.2
Partial Homomorphic Cryptography
82
4.4.3
256-bit Secure Socket Layer
86
4.4.4
Service Level Agreement
87
4.4.5
Trusted Third Party Services
96
4.4.5.1
Key Management Approach
96
4.4.5.2
Data Auditing Process
98
4.5
Process of SCSM
101
4.6
Summary
103
IMPLEMENTATION OF THE SECURE CLOUD
STORAGE MODEL
104
5.1
Introduction
104
5.2
Software Development Process of SCSM
106
5.3
Systematic Workflow of SCSM
112
5.3.1
Data Transfer and Retrieval
113
5.3.2
Encrypted Data Processing
115
5.3.3
Verification Metadata Generation
and Secure Transfer of Parameters
117
5.3.4
Data Integrity Verification
118
5.3.5
Data Recovery
122
5.3.6
Private Key Retrieval and Data
Downloading
123
5.4
Deployment of SCSM
125
5.5
Summary
127
EVALUATION AND RESULTS
128
6.1
Introduction
128
6.2
Evaluation Strategy of Research
129
6.3
Evaluation and Results of SCSM Components
130
6.3.1
131
Qualys Web-based Evaluation Methodology
xi
6.3.1.1
SSL Certificate Inspection
131
6.3.1.2
Server Configuration Inspection
133
6.3.1.3
Final Score and Grade Assignment
138
6.3.2
Mathematical Evaluation
140
6.3.3
Compliance Evaluation
144
6.3.4
Security Analysis
146
6.3.5
Survey Based Evaluation
147
6.3.5.1
Structure of Survey
148
6.3.5.2
Survey Analysis for Multi-factor
Authentication and Authorization
Process
6.3.5.3
Survey Analysis for Service
Level Agreement
6.4
Evaluation of SCSM using Survey and Skipfish
6.5
Benchmarking of SCSM with Industry and Academia
Best Practices
6.5.1
7
167
168
170
Extremely Secure Multi-factor Authentication
and Authorization Process
6.6
165
Trusted and Secure Key Management
Approach
6.5.5
161
Trusted, Secure and Efficient Data Auditing
Service
6.5.4
156
Security and Privacy Guaranteeing Service
Level Agreement
6.5.3
152
Secure and Flexible Partial Homomorphic
Cryptography
6.5.2
150
Summary
171
173
CONCLUSION AND FUTURE WORK
174
7.1
Introduction
174
7.2
Contributions and Significance
175
7.3
Potential Applications of SCSM
178
7.4
Limitations and Future Directions of Research
179
xii
7.5
7.4.1
Fully Homomorphic Encryption
179
7.4.2
Heterogeneous Data
180
7.4.3
Performance
180
7.4.4
Multi-user Computing Environment
181
Summary
REFERENCES
Appendices A - C
181
182
197 - 201
xiii
LIST OF TABLES
TABLE NO.
TITLE
PAGE
1.1
Analysis of Research Problem Area
4
3.1
Research Activities and Outcomes
69
4.1
Service Level Agreement
89
6.1
Protocol Support Rating Guide
134
6.2
Key Exchange Rating Guide
135
6.3
Cipher Strength Rating Guide
137
6.4
Evaluation Criteria
138
6.5
Letter Grading Translation
139
6.6
Keys of Alice and Bob
141
6.7
Key Management Compliance and Auditing
144
6.8
Participation of the Industry Experts in Survey
149
6.9
Analysis of Multi-factor Authentication and
Authorization Process
151
6.10
Analysis of Service Level Agreement
155
6.11
Analysis of SCSM
157
6.12
SCSM Benchmarking with Industry and Academia
Implemented Solutions
163
xiv
LIST OF FIGURES
FIGURE NO.
TITLE
PAGE
1.1
Survey for Research Problem Area
4
1.2
Thesis Organization
12
2.1
Server Side Encryption
30
2.2
Encryption with Client’s Key
31
2.3
Client Side Encryption
32
2.4
Data Migration Process
34
2.5
Authentication Process
36
2.6
Limitations of Amazon S3 and GCS
38
2.7
Cloud Storage Integrator
44
2.8
Preserving Data Confidentiality
45
2.9
Data Integrity Verification
46
2.10
Data Updating
46
2.11
TrustStore Hybrid Cloud Service
48
2.12
Key Management and Data Confidentiality
50
2.13
Cloud Storage Security using Broker
51
2.14
Academia Implemented Cloud Storage Models
53
2.15
Research Road Map
58
3.1
Research Methodology
61
4.1
Architecture of SCSM
74
4.2
Components of SCSM
78
4.3
RBAC Privileges
80
4.4
Access Logs Report
100
4.5
Process of SCSM
102
5.1
HTTP based Authentication
106
5.2
Role Mapping
107
xv
5.3
Roles and Security Annotations
108
5.4
RSA Partial Homomorphic Cryptography
109
5.5
Metadata Generation
110
5.6
Metadata Verification
110
5.7
Sound Steganography
111
5.8
Operations of SCSM
113
5.9
Encryption Process
114
5.10
Decryption Process
115
5.11
Data Processing
116
5.12
VMD Generation and Transfer Process
117
5.13
VMD Decoding Process
119
5.14
Data Auditing Process
119
5.15
Auditing Report
120
5.16
Data Integrity Violation
121
5.17
Auditing Report After Violation
121
5.18
Data Recovery Process
122
5.19
Auditing Report after Data Recovery Process
123
5.20
Private Key Decoding Process
124
5.21
Data Retrieval Process
124
5.22
Module based Deployment Using Glassfish Server
126
6.1
Evaluation Strategy
130
6.2
Implemented SSL Certificate Details
132
6.3
SSL Certificate Inspection
133
6.4
Protocol Support
135
6.5
Key Exchange
136
6.6
Cipher Strength
138
6.7
SSL Evaluation Results
140
6.8
Results for Multi-factor Authentication and
Authorization Process
151
6.9
Results for SLA
154
6.10
Results for SCSM
158
6.11
Skipfish Security Scanning Report
159
6.12
Skipfish Interactive Report
160
xvi
6.13
Performance Analysis of Encryption Process
166
6.14
Performance Analysis of Decryption Process
166
6.15
Performance Analysis of Data Integrity Verification
Process
169
6.16
Security Experiment on CRSCG
172
7.1
Contributions, Publications and Certificates
177
xvii
LIST OF ABBREVIATIONS
ACL
-
Access Control List
ACM
-
Access Control Mechanism
ACP
-
Access Control Policy
AES
-
Advanced Encryption Standard
API
-
Application Programming Interface
AWS
-
Amazon Web Services
CA
-
Client’s Admin
CAT
-
Computer Associates Technologies
CentOS
-
Community Enterprise Operating System
CRC
-
Cyclic Redundancy Check
CRSCG
-
Complex Random Security Code Generator
CSA
-
Cloud Security Alliance
CSP
-
Cloud Service Provider
CSPA
-
Cloud Service Provider’s Admin
CSSP
-
Cloud Storage Service Provider
DAC
-
Discretionary Access Control
DBAN
-
Darik’s Boot and Nuke
DSA
-
Digital Signature Algorithm
ECC
-
Elliptic Curve Cryptography
EJBs
-
Enterprise Java Beans
FHE
-
Fully Homomorphic Encryption
GCS
-
Google Cloud Storage
GFIS
-
German Federal Office of Information Security
HIPAA
-
Health Insurance Portability and Accountability Act
HMAC
-
Keyed-Hash Message Authentication Code
HTML
-
Hypertext Markup Language
HTTPS
-
Hypertext Transfer Protocol Secure
xviii
IaaS
-
Infrastructure as a Service
IM
-
Integrity Management
JSF
-
Java Server Faces
JSP
-
Java Server Pages
KM
-
Key Management
MAC
-
Mandatory Access Control
MITM
-
Man-in-the-Middle
NAS
-
Network Attached Storage
NIST
-
National Institute of Standards and Technology
NSA
-
National Security Agency
OS
-
Operating System
PaaS
-
Platform as a Service
PCI
-
Payment Card Industry
PCIDSS
-
Payment Card Industry Data Security Standard
RBAC
-
Role-based Access Control
RSA
-
Rivest, Shamir and Adleman
S3
-
Simple Storage Service
SaaS
-
Software as a Service
SCSM
-
Secure Cloud Storage Model
SDK
-
Software Development Kit
SDLC
-
Software Development Life Cycle
SE
-
Software Engineering
SHA
-
Secure Hash Algorithm
SLA
-
Service Level Agreement
SMBs
-
Small and Medium Businesses
SMS
-
Short Message Service
SQL
-
Structured Query Language
SSE
-
Server Side Encryption
SSE-C
-
Server Side Encryption with Customer-Provided Key
SSL
-
Secure Socket Layer
SSO
-
Single Sign-On
TCG
-
Trusted Computing Group
TDEA
-
Triple Data Encryption Algorithm
xix
TED
-
Trusted Extension Device
TLS
-
Transport Layer Security
TPM
-
Trusted Platform Module
TTP
-
Trusted Third Party
TTPA
-
Trusted Third Party’s Admin
TVD
-
Trusted Virtual Domain
UML
-
Unified Modelling Language
VF
-
Virtual Firewall
VM
-
Virtual Machine
VMD
-
Verification Metadata
VPC
-
Virtual Private Cloud
VPS
-
Virtual Private Server
vTPM
-
Virtual Trusted Platform Module
XHTML
-
Extensible Hypertext Markup Language
XML
-
Extensible Markup Language
XSS
-
Cross-site Scripting
xx
LIST OF SYMBOLS
|
-
Such That
d
-
Private Key Exponent
e
-
Public Key Exponent
n
-
Modulus for Private and Public Key
ⱷ(n)
-
Phi Euler’s Function
R
-
Random Factor
xxi
LIST OF APPENDICES
APPENDIX
A
TITLE
Papers published during the author’s
candidature
B
C
PAGE
197
Certificates obtained during the author’s
candidature
200
Survey design and delivery
201
Related documents
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
One of the lead activities assigned to ITU-T Study Group... presentation gives an overview on the ongoing work of Study... SG13 Activities and Achievements Related to Cloud Computing
Cloud Based Business Growth Support Processes
Cloud Based Business Growth Support Processes
Download
advertisement