PRIVACY IN THE MULTI TENANT CLOUD - Bikki Sainath (11713559) To: Chavi Rahlan ABSTRACT This document outlines the ERP security challenges in the cloud and their existing solutions. Initially, a number of definitions associated with ERP systems, cloud computing and multi-tenancy are provided, along with their respective security and privacy challenges and issues. A number of security issues are listed, discussed and assigned to the existing solutions below to resolve these issues. This thesis aims to build an effective approach to the ERP cloud security management model in terms of data storage, data virtualization, data isolation and access security in the cloud ERP. The following proposed techniques are used to improve SaaS security for multiple tenants: database virtualization, implementation of data encryption and search functionality in databases and developed systems, data distribution between tenant and ERP provider, secure application implementation in multi-environments tenant, authentication implementation and systems developed together as two-factor authentication and advanced user access control for multi-tenant cloud ERP. 1. INTRODUCTION This section focuses on the primary objective of protecting enterprise resource planning (ERP) systems in the cloud, a new model proposed to protect the ERP environment in the cloud. The main focus is on the services provided by Saas, PaaS and IaaS to analyze them in relation to problems and privacy security issues. In addition, this research addresses the issue of how to improve the privacy and security of the multi-tenant cloud. 1) provide an overview of the models, approaches and requirements of the cloud computing service; 2) understand the relationship between cloud computing security risks and cloud computing models 3) understand the risks, success factors, benefits and main drivers of ERP 4) analyze existing security controls, threats and cloud legal issues; 5) discuss the main security problems of the ERP cloud infrastructure; 6) improve data storage and access security in the ERP cloud; 7) improve the security of the cloud ERP application; 8) propose reliable platform models of the IT environment for cloud computing without vulnerabilities; is 9) propose flexible data storage for cloud computing. The research methodology is based on a review of the literature on cloud ERP systems to define the challenges and security problems arising from cloud ERP from the point of view of both the user and the service provider. We use the best ideas and suggestions collected from the literature review to propose a model to improve security and privacy in the ERP cloud. In addition, we analyze ERP cloud architecture to determine security improvement points. Additionally, potential security attributes are defined to show how our model can meet these requirements taking into account the challenges discussed. Finally, we designed a model to improve data security and privacy based on authentication, authorization and encryption. This document is organized as follows: Section 2 details the background of ERP systems, cloud computing, cloud ERP and timeshare architecture. Section 3 is a literature review of previous work related to the above mentioned topics. Section 4 describes the model proposed for 2. BACKGROUND In this section, we present the theoretical background of the two main topics in this document, namely, cloud computing service models, cloud computing modes, cloud ERP and multi-tenancy. 2.1. BUSINESS RESOURCE PLANNING (ERP) With the advent of e-business and the need to exploit multiple sources of information within the company, ERP (Enterprise Resource Planning) software has emerged as an area of great interest for many companies. ERP systems currently deal with every aspect of the organization as they provide a highly integrated solution to meet the requirements of the information system. ERP has become a fundamental requirement for processing corporate information for large leading companies. Today, ERP systems are considered an essential information systems infrastructure. ERP is a software architecture that facilitates the flow of information between the different functions within a company. Likewise, ERP helps to share information between organizational units and geographic locations. ERP consists of the administration, documentation, planning and control of all the company processes and resources of a company. ERP is used to manage and integrate all business functions within an organization, which generally include a suite of mature business applications and tools for financial and cost accounting, materials management, sales and distribution, production planning. , human resources and production. integrated by computer, supply chain and customer information . Successful implementation of ERP systems must result in an organization's excellent project management to successfully implement it. The ERP implementation project consists of clearly defining the objectives, developing resources and work plans and keeping track of the progress of the project in programs that improve the perception of urgent and dependent tasks . 2.1.1 LIFE CYCLE ERP In 1999 Estaves and Pastor proposed an ERP life cycle framework that included structured phases and consisted of several phases that host organizations had to follow throughout the ERP life cycle . This section focuses on the structured phases of ERP systems, as follows: • Adoption decision-making phase: this phase allows managers to identify their requirements for ERP implementation by facing their critical challenges, selecting the best approach. • Acquisition phase: in this phase, managers must select the product that best suits and is compatible with the specific and minimized c. • Use and maintenance phase: ERP packages are applied in this phase to return the expected benefits with the cloud 2.2. CLOUD INFORMATION Cloud computing changes the way companies and industries create a new opportunity to run their processes across the Internet in virtualized dynamic resources provided by the Internet . Cloud computing refers to both applications provided as Internet services and to the hardware and software systems in the data centers that provide these services. Cloud computing offers the main opportunities known as X-as-a-Service offerings. This payment model based on public services is considered one of the main advantages of cloud computing . Prepaid software licenses are not required; and investments in hardware infrastructure and related maintenance and personnel. Cloud services users use only the required volume of IT resources and pay only for the volume of IT resources used. Take advantage of the scalability and flexibility of the cloud. Cloud computing allows for quick and easy scaling of processing resources required on demand    . Commercial cloud computing generally comprises three divisions: platform as service (PaaS), infrastructure as service (IaaS) and software as service (SaaS). Different models of cloud computing services help to understand cloud communications. PaaS allows customers to distribute their applications by accessing different cloud platforms. On the lower level, IaaS provides access to network, system, operating system management and storage service requirements. SaaS is the best-known segment and allows customers to purchase the cloud-hosted service by logging into an application . The ERP software that is implemented in a cloud environment becomes "ERP Cloud Software". Most (if not all) cloud environments are created using virtualization and load balancing technology that allows applications to be distributed across multiple servers and database resources. Cloud ERP is positioned as a revolutionary approach to implement ERP solutions. It provides scalable, flexible, convenient, adaptable and efficient solutions. Cloud ERP as business management software has delivered immense successes to critical business data  . Figure 1 illustrates the security structure of cloud computing, showing the structure of the security certification framework. This facility allows users to register and have authentication measures to access the private cloud of cloud computing. Authentication verifies that users are using the data security model, which allows users to transmit their information to the clouds for storage in protected databases and that the clouds must be certified to ensure continuous security updates . 2.2.1 COMPUTER CLOUD PLATFORM The first key trends in corporate technology, such as the cloud, the Internet of Things and collaboration, have been identified as important factors in the reform of international business. One of these intelligent technologies is cloud computing, which is the main contribution to the transformation of the manufacturing industry to be enabled with intelligent technologies and IT. In distributed environments, The analysis of the convergence of IT trends and the evolution of the various cloud computing technologies has led to be considered multidisciplinary research fields, including utility services, distributed processing, Internet distribution, virtualization, storage, network computing, 2.2.2 CLOUD COMPUTER DISTRIBUTION MODELS The cloud computing implementation models are: private, public, community cloud and cross-cloud, providing a single access point for omnipresent cloud services suitable for different situations and models. The public cloud computing model can be used in multi-tenant cloud environments by sharing third-party services and infrastructure located at the external provider. In contrast, the private cloud computing model can be used in a single tenant environment by sharing the provider's infrastructure and the services of organizations. The private cloud is suitable for archiving mission-critical and core business applications, a specific community that shares the most common concerns and interests and can be shared by multiple companies. The fourth cloud model is the hybrid cloud that contains multiple public and private clouds, making the provision of cloud services more challenging due to the greater complexity in determining the applications distributed through internal and external clouds . 2.3. ERP IN THE CLOUDS ERP software in the cloud serves multiple clients as a platform with a new solution. This concept of cloud ERP could be confused with ERP hosting, which acts as a third-party supporting software infrastructure and application services provided by the cloud environment. Others flexible in carrying out their processes . SaaS supports cloud computing services for companies integrated with communication capabilities, such as ERP systems . Cloud-based software companies can quickly develop their capabilities because cloud computing can improve the prospects for ERP implementation in innovative ways. ERP cloud users cloud for the ERP cloud environment have critical problems with greater responsibilities, such as the possibility of attacks from the Internet environment or by internal and external security consultants of the cloud provider . Cloud-based ERP is an integrated business suite development that supports ERP, CRM and electronic delivery model and where application users have the flexibility to configure and subscribe Security control problems can be reduced through the use of cloud ERP, which helps users avoid conventional ERP systems, due to advanced security concerns that cloud vendors can use hardware using IT security experts, which it can be provided by cloud providers with high levels of security, power processing and storage units. Another essential challenge for ERP in the cloud is to establish adequate authentication and authorization mechanisms because the cloud provider shares the service with multiple tenants. The ERP cloud provider, a third party, and the user must have logon roles to access the ERP cloud application interface using authentication credentials. In the ERP cloud, there are many access control methods that can be used to secure 2.4. MULTITENENCE ARCHITECTURE The multi-tenancy concept defines the main objective of increasing the exchange of resources between SaaS The customer, called the tenant, pays according to a certain subscription package with remote Internet hosting for the delivery model of the SaaS software. SaaS has high reliability of services provided at low cost to offer customers the freedom and ability to own, host and maintain the infrastructure and software application of the hosting environment . Application-level multi-tenancy is an example of a SaaS application and includes an architectural design principle that allows multiple clients to be hosted by a single application or server instance. Current multitenant application design models are not flexible, despite multiple variations of multi-client software. The multi-tenancy architecture is designed for SaaS applications, which allow multiple clients (tenants) to share the same application. However, this app is flexible enough to allow tenants to customize it to their specific needs. It is based on a predictable monthly subscription; tenants pay only for what they use   . REVIEW OF THE LITERATURE Security tends to be more complex in cloud computing and this trend is becoming more pronounced. Although there are some studies on techniques used in cloud computing, little research enters the field of cloud ERP. In, the authors said that providing an ERP platform for small and medium-sized businesses raises numerous new questions. Many of them are concerned about the emergence of multiple possession. Therefore, mastering multiple ownership is one of the keys to providing an efficient and customizable platform for business applications. They identified two pillars of a multi-tenancy conscious infrastructure in the context of personalization, namely the dynamic composition of the instance and the abstraction of the persistence layer. In , the authors said that cloud computing can be highly efficient and effective; However, along with these benefits, the vulnerability and security risk have increased, particularly regarding privacy and data loss. They provided a security threat assessment model to be used to measure threats and negotiate security service level agreements (SLAs) covering emerging security issues, as well as traditional aspects of security, such as integrity and confidentiality. In, the authors proposed an algorithm through which the cloud service provider can provide In the authors he proposed a double cryptography strategy; one on the client side when uploading files and the other when distributing files. In addition, they provide backup of data stored in the cloud. They used the hash message authentication code (HMAC) scheme for data encryption. However, the use of two encryptions results in twice the duration, which increases the time complexity. In , the authors designed a new reliability model for cloud storage security, which examines all outgoing cloud requests in real time to identify sensitive data and uses the Trusted Platform Module (TPM) to encrypt these data. They used the Kerberos authentication service for user authentication. Kerberosis is an authentication method for authentication requests for a service and they have been used to authenticate Trustedgateway end users. In , the authors stated that security is a key requirement that must be addressed when designing new SaaS applications or redesigning existing applications to support multi-tenancy. They proposed a model called TOSSMA, a tenant-oriented SaaS security management architecture. TOSSMA mitigates four main problems in multi-tenant cloud applications: loss of security control, integration of SaaS application security, customization of SaaS application security and provision of isolation between tenant data. In the study of , the authors attempted to understand data confidentiality by reviewing encryption techniques. This study concluded that the most common approaches to data encryption are based on RSA, indicating that most researchers in the cloud computing environment are interested in RSA encryption techniques. The revealing result of this study showed that the proposed approaches lack validation in cloud computing, which must be addressed to improve trust . In , the authors focused on the security of data storage in the cloud. They evaluated several modern encryption techniques randomly tested in the cloud computing environment using the pseudo-random number generator (PRNG) according to NIST statistical tests. The results of In  multi-client without modification. The discussion on designing and implementing multiple tenants assesses the architectural performance of multiple tenants, including grouping architecture into tenants and exchanging data between them. In detail, multiple ownership can be used as an important component of PaaS services, including sharing resources in private clouds. The study by  analyzed security threats and opportunities to provide secure cloud services. It introduced requirements for secure cloud services, helping to introduce a new research attitude in the context of security. This study investigated security technologies to establish a secure cloud computing environment. Analysis of security threats, security technologies and security requirements for cloud computing services from the perspective of the supplier and the end user. The authors of  provided an overview of the essential differences between multi-tenancy architecture and other related concepts. The main contribution was the discussion of the multiple relationships between the main architectural concerns of multi-tenant design. Furthermore, this study discussed and classified the concepts of performance isolation, quality of service, personalization and persistence. The authors of  aimed to present an investigation into the potential security problems of legacy ERP deployment in the cloud and cloud computing from both the customer and the vendor's perspective. This study used a qualitative research methodology when interviewing ERP, cloud computing and ERP cloud professionals. The results of this study classified architectural security threats, threats, authentication, authorization and data security into three groups: ERP and ERP cloud security issues, contemporary challenges in ERP cloud and ERP solutions in the cloud. The study of  showed that configuring the SaaS environment with multi-tenancy ERP can change all levels of the application. The authors proposed a secure multi-tenant environment using a central configuration with flexibility to solve security and privacy concerns. In addition, they addressed the performance issue by using different configuration isolation techniques and tenant database isolation, providing a high-performance solution for multi-tenant SaaS environments. Despite the many advantages of cloud ERP systems, there are many likely challenges, problems and recovery problems. Other issues such as system, performance, system reliability and security issues have been addressed in . Customers need to make a compromise between different ERP arrangements in the cloud, such as scalability, security, performance, interoperability and network support services . In , a number of cloud ERP solutions were discussed to determine the benefits of adopting internal solutions. In this document, the authors motivate large companies to use internal ERP solutions because of their greater customization capabilities. In addition, cloud ERP solutions are limited to their suppliers. ERP solutions in the cloud are difficult to modify according to the needs of organizations because their flexibility is still adequate. Multiple leasing solutions increase the complexity of ERP systems, despite their proportionate advantages. Customization of the multi-tenancy ERP cloud is partially solved. In addition, all tenants can be updated at the same time, however it is difficult to configure customer specific topics because it requires the redistribution of each tenant from the configuration data . PaaSandSaaScausedatasicurità challenges and problems. The challenges of SaaS applications are similar to those of Web applications, but protecting them from attacks requires more than traditional security solutions. SaaS providers must protect the software provided and PaaS must protect the platforms of these services and new security approaches are required . The literature provides limited resources related to ERP cloud security issues. Some cloud services use a multi-tenant architecture so that multiple users can access it. The security of the data associated with cloud applications is the responsibility of the suppliers, while the data must be protected during processing, transfer and storage . A practical solution is to use dynamic credentials to change their values based on the location of the user or data packets . An alternative solution is to use digital signatures for data security using recognizable RSA algorithms for data transferred over the Internet to the cloud environment . At the same time, advanced encryption techniques such as SSL and AES can be used to protect the sending and archiving of sensitive data included. Some encryption algorithms are used to mitigate attacks on cloud storage . The use of data prevention tools aims to prevent the leakage of sensitive data from the clouds through data transmission. In addition, they can help direct the most important data to protect and identify users' rights and actions with respect to confidential data stored in the clouds. Data integrity is an additional concern for cloud service providers; ensure that the data is updated, integrated and available in such a way as to meet the needs and expectations of users. Cloudsservicescanimprovethesecuritybycontinuallykeepingabackupforeachupdate.Thus a provider setofprotocolscanbeusedtointegratethenetworksecurity But differentversions thebackupscanmaintain, partiallyorfullybasedonaspecifiedamountoftime.Fromaphysicalsecurity perspective, the service provider must support the cloud physical access with strong security measuresandadisasterrecovery.Incontrast, eachusershouldberesponsibleforhis / herdutiesto ensuretraceabilityandtousedatalogsfordatarecoveryfromdataloss. Tenanted authentication and computing have modern opportunities and challenges. Some parties, such as cloud providers and users in the cloud environment, share general responsibility. In this context, network security is the user's responsibility to access services on the Internet, while physical security and additional network security policies, such as firewall rules, are the responsibility of the cloud . Data stored aloud must be taken care of by the security management module to allow users to access stored data. In addition, business logic is available on the systems used by users and must be open only to legal users and must be separated from other users' data. The cloud data storage management module includes three important components: encryption component, privacy component and backup component. First, encryption uses private or public keys to encrypt sensitive data stored in the cloud database to ensure that direct access is prevented by business and application logic. However, the encryption process requires decryption and both are expensive for the clouds; therefore, to minimize remaining costs, non-confidential data can be stored without encryption. Second, the privacy component must limit a clear boundary between the data of different users to allow multiple users to simultaneously save their data in a location that other users can use. Multiple location allows cloud computing to be accepted by major users, but the interruption between the data of different users makes it accessible . Third, the backup component ensures that all archived data is periodically backed up for a specific company to allow the cloud-based corporate system in disaster recovery to restore all archived data. In addition, all stored backup data must be encrypted to prevent illegal access to confidential data. 3. PROPOSED MODEL In our proposed security model for the multi-tenant architecture, we provide storage and communication overhead for verifying authorized cloud users and for accessing the cloud. Our design model can block design-level data operations by designing efficient block-level encrypted data operations. Furthermore, we offer a confidential and complete design for data encryption before outsourcing to the cloud server, while the decryption algorithm can be used on the user side. The data owner can encrypt the data in the desired file before sending it to the cloud. Our proposed encryption algorithm has several factors; information is the highest factor when applying a series of rotations for each block character. The advantages of our proposed encryption in the ERP cloud environment are: • The encryption algorithm can guarantee the confidentiality of the organization's data based on the states of the encrypted data; in transmission, in use and in storage location. • The proposed encryption algorithm can help achieve a secure multiple mandate in the encryption of cloud data in the ERP cloud environment. • Data owners can prevent the cloud service provider from accessing data by holding down the encryption key. • Optional encryption algorithm provides security for secure data backup in the ERP cloud environment. • Our proposed model can be expanded to customize it according to customer needs. Only the data owner can manage access to the data. You answer a query for a constant period of time that does not reach the size of the request. Even with all the benefits of public cloud infrastructure, it is widely recognized that cloud storage presents important obstacles. These obstacles, such as data integrity, confidentiality, accountability and accessibility, only by authorized users are the main concerns in public clouds. The customer is assured of cloud data security from internal and external threats, as data security ensures that only cloud providers can provide access to the data. In the cloud infrastructure, all channels used to communicate with data owners, customers and cloud service providers are protected for the exchange of cloud 4. CONCLUSIONS This research investigated various problems in multiple client applications: loss of security control; integration of SaaS application security; Customization of SaaS application security; and providing privacy of tenant data. One of the main purposes is to protect ERP systems in the cloud by using a new proposed way to protect the ER cloud environment. The main problems limiting the performance of ERP systems are network requirements, large storage requirements and employee training requirements. In addition, there are a number of disadvantages, including privacy issues, prohibitive costs compared to small budgets for small businesses, ERP installation and implementation requirements and maintenance, training requirements that affect ERP efficiency and time and costs. consumed for ERP Customization. A practical solution that has been proposed is to use dynamic credentials to change values based on the location of the user or data packets. Another proposed solution is to use digital signature for data security using recognizable RSA algorithms for data transferred over the Internet in a cloud environment. The goal of this study is to develop an effective approach to the ERP cloud security management model in terms of data storage, data virtualization, data isolation and access security in the cloud ERP. REFERENCES  M.A. Vouk, (2008) “Cloud computing–issues, research and implementations”, CIT. Journal of Computing and Information Technology, Vol. 16, No. 4,pp235-246.  A. Patel & M. Kumar, (2013) “A Proposed Model for Data Security of Cloud Storage Using Trusted Platform Module”, International JournalofAdvanced Research in Computer Science and Software Engineering, Vol. 3, No.4.  D.P.D.S. Abburu, (2012). “An Approach for Data Storage Security in Cloud Computing”, IJCSI International Journal of Computer Science Issues, Vol. 9, No.2.  M. Almorsy, J. Grundy, & A.S. Ibrahim, (2012, June) “Tossma: A tenant-oriented saas security management architecture”, In Cloud computing (cloud), 2012 IEEE 5th international conference on (pp. 981-988).IEEE.  S. Subashini & V. Kavitha, (2010), “A Survey on Security Issues in Service Delivery Models of Cloud Computing”, JournalofNetwork and Computer Applications, Vol. 34, No.1, pp1-11.  M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, Konwinski, A., ... & M. Zaharia, (2010) “A view of cloud computing”, Communications of the ACM, 53(4),50-58.  A. Azeez, S. Perera, D. Gamage, R. Linton, P. Siriwardana, D. Leelaratne, ... & P. Fremantle, (2010, July), “Multi-tenant SOA middleware for cloud computing”, In Cloud computing (cloud), 2010 ieee 3rd international conference on (pp. 458-465).IEEE.  D. Banks, J. Erickson, & M. Rhodes, (2009), “Multi-tenancy in cloud-based collaboration services”, Information Systems Journal. BCG(2012).  M. Armbrust et al., (2009), “A viewofcloud computing”, Communicationsofthe ACM, 53(4), p.50. Available at:http://inst.cs.berkeley.edu/~cs10/fa10/lec/20/2010-11-10-CS10-L20-AFCloudComputing.pdf [Accessed July 30,2012].  S.L. Dinesh Kumar Saini, Yousif,, J.H. Sandhya, & V. Khandage, (2011), “Cloud Computing and EnterpriseResourcePlanningSystems”,ProceedingsoftheWorldCongressonEngineering,Vol.4.