Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network.
Today, cloud computing generates a lot of hype; it’s both promising and scary. Businesses see its potential but also have many concerns. This Emerging computing paradigm offers attractive financial and technological advantages. Although the concept of time-shared remote services isn’t new, cloud computing infrastructures use new technologies and services, some of which haven’t been fully evaluated with respect to security.
Security is considered one of the most critical aspects in everyday computing, and it is no different for cloud computing due to the sensitivity and importance of data stored in the cloud (AlZain, Soh, & Pardede, 2012). Cloud computing infrastructures use new technologies and services, most which haven’t been fully evaluated with respect to security.
Cloud Computing has several major issues and concerns, such as data security, trust, expectations, regulations, and performance issues. The aim of this research is to examine the major security issues affecting Cloud Systems and the solutions available.
Cloud systems are very economical and useful for businesses of all sizes. Cloud computing is a technology that everyone would love to take full advantage of, it offers so much:
With access to millions of different databases, and the ability to combine them into customized services.
Better Reliability and Security
Users no longer need to worry about their hardware failure, or hardware being stolen.
By enabling online sharing of information and applications, the cloud offers users new ways of working together.
Users can access their data from anywhere.
With data stored and processed in the cloud, users simply need an interface to access and use this data, play games, etc.
Users have access to lightning quick processing power and practically limitless storage.
Cloud services are very exciting and useful, but have many open security issues (Weis & Alves-Foss, 2011). One issue with cloud computing is that the management of the data might not be fully trustworthy; the risk of malicious insiders in the cloud and the failing of cloud services have received a strong attention by companies (AlZain, Soh, & Pardede, 2012).
Security is a troubling concern for cloud computing as shown in a Survey conducted by the IDC enterprise panel which confirms that Security is the top concern of cloud users (Behl & Behl, 2012). Cloud systems has lots of potential; however, several concerns such as those discussed in this article slows the adoption, and in turn, the growth and usage of cloud systems; therefore, cloud Security is one of the issues that need to be addressed in allow faster growth of cloud computing.
Current Problems and Solutions
The main problems cloud computing faces are preserving confidentiality and integrity of data in aiding data security. The primary solution for these problems is encryption of data stored in the cloud. However, encryption of data also brings up new problems. Here is an overview of some of the main problems faced by cloud systems and some solutions.
Trust between the Service provider and the customer is one of the main issues cloud computing faces today. There is no way for the customer to be sure whether the management of the Service is trustworthy, and whether there is any risk of insider attacks. This is a major issue and has received strong attention by companies. The only legal document between the customer and service provider is the Service Level Agreement (SLA). This document contains all the agreements between the customer and the service provider; it contains what the service provider is doing and is willing to do (Weis & Alves-Foss, 2011). However, there is currently no clear format for the SLA, and as such, there may be services not documented in the SLA that the customer may be unaware that it will need these services at some later time.
There are several regulatory requirements, privacy laws and data security laws that cloud systems need to adhere to. One of the major problems with adhering to the laws is that laws vary from country to country, and users have no control over where their data is physically located.
Confidentiality is preventing the improper disclosure of information. Preserving confidentiality is one of the major issues faced by cloud systems since the information is stored at a remote location that the Service Provider has full access to. Therefore, there has been some method of preserving the confidentiality of data stored in the cloud. The main method used to preserve data confidentiality is data encryption; however encryption brings about its own issues, some of which are discussed later.
Authenticity (Integrity and Completeness)
Integrity is preventing the improper modification of information. Preserving Integrity, like confidentiality is another major issue faced by cloud systems that needs to be handled, and is also mainly done by the use of data encryption.
In a common database setup, there would be many users with varying amount of rights. A user with a limited set of rights might need to access a subset of data, and might also want to verify that the delivered results are valid and complete (that is, not poisoned, altered or missing anything) (Weis & Alves-Foss, 2011).
A common approach to such a problem is to use digital signatures; however, the problem with digital signatures is that not all users have access to the data superset, therefore they cannot verify any subset of the data even if they’re provided with the digital signature of the superset; and too many possible subsets of data exist to create digital signatures for each.
Recently, researchers have tried to find solutions to this problem. The primary proposal is to provide customers with the superset’s signature and some metadata along with the query results. This metadata (called verification objects) lets customers fill in the blanks of the data which they don’t have access to and be able to validate the signature. There are two primary variations of this idea, one based on Merkle trees and the other based on signature aggregation (Weis & Alves-Foss, 2011).
The main method used for ensuring data security in the cloud is by encryption. Encryption seems like the perfect solution for ensuring data security; however, it is not without its drawbacks. Encryption takes considerably more computational power, and this is multiplied by several factors in the case of databases (Weis & Alves-Foss, 2011). Cryptography greatly affects database performance because each time a query is run, a large amount of data must be decrypted; and since the main operation on a database is running queries, the amount of decryption operations quickly become excessive. There are several approaches developed to handle data encryption; each having its own compromises and downsides, some provide better security mechanisms, and some focus on facilitating more operations to the customers. Some of these methods are mentioned below:
Early approaches have used extensions to the query language that simply applied encryption before writing to the database and apply decryption before reading from the database.
Querying Encrypted Data
There are several methods that were proposed to handle Querying of Encrypted Data, one such method was proposed by Purushothama B.R. and B.B. Amberker in (Purushothama & Amberker, 2013).
In the proposed scheme, several cryptographic methods were used to encrypt the data in each cell of each table to be stored in the cloud. When a user needs to query this data, the query parameters are encrypted and checked against the stored data. No data decryption is done in the cloud, thus protecting the Authenticity and integrity of the information. When the results of the query is returned (in encrypted form) to the user, the user then decrypts the data and uses it.
This scheme also has significant improvements for select queries over previous related schemes.
Since encryption is the main method used to ensure data security, naturally we would be faced with the problem of key management. The encryption keys cannot be stored on the cloud, therefore the customer must manage and control a key management system for any cryptographic method used (Weis & Alves-Foss, 2011). For simple encryption schemas such as the “Early Approaches” described above, there might not be a problem since a single encryption and decryption key can be used for the entire system. However, almost any real database requires a more complex system (Weis & Alves-Foss, 2011). This simple system to manage keys might even have to take the form of a small database which would have to be a secure local database; which again, may defeat the purpose of moving the original database to the cloud.
Clearly Key Management is a real problem for cloud systems using encryption, and recent research has been done on using two-level encryption which allows the Key Management system to be stored in the cloud. This scheme is efficient, and may be the solution to the Key Management problems cloud systems faces; however, it hasn’t yet been applied specifically to database encryption.
Some methods have been developed that serve as alternatives to encryption. These methods are generally faster than encryption but have their own drawbacks.
Data Splitting was initially developed by Divyakant Agrawal and his colleagues. The idea is to split the data over multiple hosts that cannot communicate with each other; only the owner who can access both hosts can collect and combine the separate datasets to recreate the original. This method is extremely fast compared to encryption but it requires at least two separate, but homogeneous service providers.
Multi-clouds Database Model (MCDB)
(AlZain, Soh, & Pardede, 2012)
This is a method of Data Splitting which uses multiple clouds and several other techniques to ensure data is split in across clouds in a manner that preserves the data Confidentiality, Integrity and ensures Availability.
MCDB provides cloud with database storage in multi-clouds. MCDB model does not preserve security in a single cloud; rather security and privacy of data will be preserved by applying multi-shares technique on multi-clouds. By doing so, it avoids the negative effects of single cloud, reduces the security risks from malicious insiders in cloud computing environment and reduces the negative impact of encryption techniques (AlZain, Soh, & Pardede, 2012).
MCDB preserves security and privacy of user’s data by replicating data among several clouds, using a secret sharing approach that uses Shamir’s secret sharing algorithm, and using a triple modular redundancy (TMR) technique with the sequential method. It deals with the cloud manager to manage and control operations between the clients and the multi-clouds inside super cloud service provider (AlZain, Soh, & Pardede, 2012).
Cloud systems share computational resources, storage, services between multiple customer applications (tenants) in order to achieve efficient utilization of resources while decreasing cost, this is referred to as multi-tenancy. However, this sharing of resources violates the confidentiality of tenants’ IT Assets. This implies that unless there’s a degree of isolation between these tenants, it is very difficult to keep an eye on the data flowing between different realms which make the multi-tenancy model insecure for adoption (Behl & Behl, 2012). Some multi-tenancy issues are:
Virtual Machine Attacks
Typically, in a cloud, business data and applications are stored and ran within virtual machines. These virtual machines are usually running on a server with other virtual machines, some of which can be malicious. Research has shown that attacks against, with and between virtual machines are possible.
If one of the virtual machines on a server hosts a malicious application that breaches legal or operational barriers; this may lead legal authorities, the service provider or other authorities to shutting down and blocking access the entire server. This would greatly affect the users of the other Virtual Machines on the server.
Assuming the cloud system isn't running on a virtual machine, the hardware is now an issue. Research has shown that it is possible for information to flow between processor cores, meaning that an application running on one core of a processor can get access to information of another application running on another core. Applications can also pass data between cores.
Multicore processors often have complex and large caches. With these hardware resources, if data is decrypted in the cloud, if even for a moment for comparison, it would then exist unencrypted in the memory of some one of the cloud machines. The problem is that we don’t know what other application is running on these machines. Other malicious cloud users or the service provider can me monitoring the machine memory and be able to read our data. However, the likelihood of these hardware attacks is very small (Weis & Alves-Foss, 2011).
If one of the applications on a server hosts is malicious, this may lead to the service provider or some other authority shutting down and blocking access the entire server in order to investigate and determine the malicious application. This would greatly affect the users of the other applications on the server.
Cloud Computing offers some incredible benefits: unlimited storage, access to lightening quick processing power and the ability to easily share and process information; however, it does have several issues, and most of them are security related. Cloud systems must overcome many obstacles before it becomes widely adopted, but it can be utilized right now with some compromises and in the right conditions. People can enjoy the full benefits of cloud computing if we can address the very real security concerns that comes along with storing sensitive information in databases scattered around the internet.
We have discussed several security issues that currently affect cloud systems; however, there may be many unmentioned and undiscovered security issues. Research is currently being done on the different known issues faced by cloud systems and possible solutions for these issues, however there is still a need for better solutions if cloud systems are to be widely adopted.
One of the main problems that need to be addressed is coming up with a clear and standardized format for the Service Level Agreement (SLA), a format that fully documents all of the services, what services and processes would be provided by the service provider to back up its assurances. When customers have the right level of expectations and the insecurities are deemed manageable, cloud computing as a whole will gain ground and take hold as usable technology (Weis & Alves-Foss, 2011).
Another major issue cloud systems face is Encryption. Encryption is the main method of ensuring security of data stored in the cloud; however, encryption is computationally expensive. Encryption methods specific to DaaS (Cloud Databases) has been developed and more research is currently being done on Encryption mechanisms for cloud systems, however, more efficient methods are still needed to help accelerate the adoption of cloud systems.