ON CLOUD STORAGE SERVICE - Research Proposal Example

? PROPOSAL ON CLOUD STORAGE SERVICE TABLE OF CONTENTS TABLE OF CONTENTS 2 INTRODUCTION 3 LITERATURE REVIEW 5 IDEA 8 BENEFITS 12 CONCLUSION 14 WORKS CITED 15 ABSTRACT The research proposal is an attempt of the researcher to propose a new service that will be playing a crucial role in resolving one of the major issues of corporate society. In particular, the proposal includes a brief introduction of the service followed by analysis of available literature and resources related to different aspects of this service. Moreover, the proposal further includes indication of the main idea of the Cloud Storage Service that will allow the individuals, professionals, and organizations to understand different technicalities and processes associated with the proposed service. Lastly, the research proposal includes identification and discussion of anticipated benefits for organizations along with brief conclusion of the proposal. It is anticipation of the researcher that the proposed idea will be very beneficial for organizations and will facilitate them in improving and enhancing their different processes and procedures by managing huge volumes of data effectively. INTRODUCTION Due to economics of scale, cloud storage is services that are inexpensive and more consistent than services directly controlled by the ‘end user’. Nonetheless, they as well raise several security and confidentiality issues, as big suppliers become entrusted with mass of potentially ‘sensitive’ records. It is an expectation that these confidentiality issues, if not taken care of, will get in the way of implementation of cloud-supported services. In addition, developments within the field of networking technology and a rise in the requirement for computing resources have encouraged a number of businesses to outsource their ‘storage’ and ‘computing’ requirements. This latest ‘economic and computing model’ exists in the market as cloud storage services. It incorporates different forms of services, for instance, “IaaS (Infrastructure as a Service), where a client utilizes a supplier's computing, storage or networking infrastructure; PaaS (Platform as a Service), where a client controls the supplier's resources to execute custom applications; and SaaS (Software as a Service), where clients utilize software that functions on the suppliers infrastructure” (Sandrs, p. 10). Cloud storage services generally come under classification as either private or public. Within a private cloud, the infrastructure is controlled and held by the client and positioned on-premise - to be precise, within the clients region of control. Especially, this indicates that access to customer records is within its control and is simply in the hands of trusted parties. Within a public cloud, the infrastructure is held and supervised by a cloud supplier and is positioned within the supplier's area of control. This indicates that client records are outside its control and un-trusted parties could potentially use it. Storage services founded on public clouds offer clients with scalable, as well as dynamic storage. Because of shifting their records to the cloud, clientele can avoid the expenditure of building and keeping a private storage infrastructure, choosing instead to pay a supplier as a function of its requirements. For the majority of clients, this offers quite a lot of advantages together with accessibility - being capable to access records from everywhere - and trustworthiness - not having to be afraid of backups - at a comparatively lesser cost. Although the advantages of utilizing a public cloud infrastructure are obvious, it initiates considerable safety and confidentiality threats. Actually, it appears that the major obstacle to the implementation of cloud storage is concerned about the privacy and reliability of records. Whereas, until now, clients have been ready to trade privacy for the ease of software services, this is not the case for businesses and governments organizations. This lack of enthusiasm can come under attribution to quite a lot of aspects that range from a need to defend mission-critical records to regulatory compulsions to protect the privacy as well as reliability of records. The latter can take place when the client is accountable for maintaining individually identifiable information, or medical and financial data. Therefore, while cloud storage has enormous assurance, unless one tackles the concerns of privacy and reliability, a number of prospective clients will be unwilling to ‘make the move’. To deal with these issues and boost the implementation of cloud storage service, “a virtual private storage service based on recently developed cryptographic techniques is needed. Such a service should aim to achieve the best of both worlds by providing the security of a private cloud and the functionality and cost savings of a public cloud” (Sherr, 1988). More specifically, this sort of a service should offer: Privacy: the cloud storage supplier does not discover any information regarding client records; and Reliability: the customer can discover any illegal alteration of client records by the cloud storage supplier. Both privacy and reliability must come under offering while keeping in view the major advantages of a public storage service that are as follows: Accessibility: client records are accessible from any device and at any time Consistency: client records are consistently ‘backed up’ Resourceful recovery: records recovery times are “comparable to a public cloud storage service” (Toigo, p. 68) Records sharing: clients can share their numbers with ‘trusted parties’. LITERATURE REVIEW The possible architecture for a cryptographic storage service consists of three elements. First, a data processor that processes information before it is ready for forwarding to the cloud. Second, a records verifier that ensures whether the information within the cloud has come under alteration. Third, a token creator that creates tokens that allow the cloud storage supplier to recover parts of client records; and fourth, a credential maker that applies a restricted access strategy by issuing credentials to the different parties within the structure - these credentials will allow the parties to decrypt encrypted records in accordance with the strategy. The following example will allow understanding of how cloud storage services used to work and the need for secure data storage, which includes three parties. Client A, who stores his records in the cloud; Client B, with whom Client A would like to share records; and a cloud storage supplier that stores Client A’s records. To utilize the service, Client A, and B start by downloading a consumer application that comprises of a data processor, a records verifier, and a token maker. On its initial implementation, client A’s application produces a cryptographic input (Time Life Books, p. 63). This is a master key and it is stored on Client A’s system and it is kept confidential from the cloud storage supplier. Each time Client A wants to upload records to the cloud, the ‘data processor is invoked’. It adds a number of metadata and encrypts the records and metadata with a range of cryptographic primitives (Time Life Books, p. 63). Every time Client A wants to confirm the reliability of his records, the data verifier is started. The latter uses Client A’s master key to cooperate with the cloud storage supplier and determine the reliability of the records. When Client A would like to recover records, the token maker is used to produce a token. The token is forwarded to the cloud storage supplier who utilizes it to recover the suitable records, which it gives back to Client A. After that, Client A applies the decryption key to decrypt the records. Records sharing between Client A and B moves on in a similar fashion (Time Life Books, p. 63). Every time Client A wants to share records with Client B, the application uses the token maker to produce a suitable token, and the credential producer to make a credential for Client B. Both the token, as well as credentials are forwarded to Client B that sequentially forwards the token to the supplier (Time Life Books, p. 63). The latter utilizes the token to recover and return the suitable encrypted documents that Client B decrypts by his credential. 1 6 Client A 2 5 4 3 (Time Life Books, p. 63) Figure 1: (1) Client A’s data processor creates the records ahead of forwarding it to the cloud storage service. (2) Client B requests for Client A’s authorization to search a keyword. (3) Client A’s token and credential makers forward a token for the keyword and a credential to Client B. (4) Client B forwards the token to the cloud storage service. (5) the cloud storage service uses the token to look for the suitable encrypted records and sends them to Client B. (6) On any moment, Client A’s data verifier can authenticate the reliability of the records (Time Life Books, p. 63). By now, it is an understanding that data encryption is a strict condition while utilizing ‘third-party storage services’. Cloud storage suppliers themselves announce that fact and recommend their clients to make use of encryption although this task is left up to the cloud ‘application implementer’. Such extemporized plans are entirely transparent for the storage supplier, and cause no particular disputes. “Their implementation, on the other hand, may prove tricky to get right, and their security properties beyond confidentiality may not be well understood, and it is thus sensible to address these problems with a common storage security layer” (Time Life Books, p. 77). It is tough to achieve privacy for long-standing stored records than it is for temporary communications. Stored records may have to remain accessible for ‘tens, if not hundreds of years’. No temporary keys can be utilized, and systems are usually planned with a “fixed set of cryptographic algorithms that cannot be changed immediately” (Time Life Books, p. 54). Beyond privacy, wanted properties for a reliable storage layer incorporate reliability protection, as there cannot be any alteration in the records without the client’s awareness. In addition, there is incorporation of defense against old records, as well as obscurity, as one cannot recognize the records’ owner easily. Other properties are advantageous for the storage supplier: security - a client should not be able to violate the system and obstruct accessibility of the service for other clients, and responsibility - clients must take accountability for resources they use. IDEA A range of procedures, a few of which were developed particularly for cloud storage, can execute the core constituents of a cryptographic storage service. “While preparing records for storage in the cloud, the data processor starts by indexing it and encrypting it with a symmetric encryption plan within an exclusive key” (Analog Devices Inc, p. 392). After that, it encrypts the records by means of a searchable encryption system and encrypts the exclusive key with an ‘attribute-based’ encryption system within a suitable strategy. Finally, it encodes the encrypted records and file in such a method that the records verifier can afterwards authenticate their reliability by means of a proof of storage. Whereas conventional procedures like ‘encryption’ as well as ‘digital signatures’ could be utilized to apply the core factors, they would do so at large expenditure in ‘communication and computation’. On a high level, a searchable encryption system offers a method to encrypt a search catalog so that its contents are concealed apart from the party that is provided suitable tokens. More accurately, consider a search file produced over a set of records - this could be a complete text file or only a keyword file. By means of a searchable encryption system, the file comes under encryption in a way that: 1. “Given a token for a keyword, one can recover indicators to the encrypted records that have the keyword” (DeHerrera, p. 102) 2. Without a token, the contents of the file are concealed. Additionally, the tokens can merely come under production with knowledge of a private key and the recovery process exposes nothing regarding the records or the keywords apart from that the records have a keyword in general. There are several forms of searchable encryption systems, every one suitable to specific application settings. For instance, the data processors within the client and small project designs could be executed by means of SSE - ‘symmetric searchable encryption’, - whereas the data processors within the large project design could be founded on ASE - ‘asymmetric searchable encryption’. “Symmetric searchable encryption is appropriate in any setting where the party that searches over the data is also the one who generates it, and borrowing from storage systems terminology, we refer to such scenarios as single writer/single reader (SWSR)” (DeHerrera, p. 102). The major benefits of symmetric searchable encryption are competence as well as security whereas the major drawback is functionality. Symmetric searchable encryption plans are resourceful both for the party carrying out the encryption and - at a few instances - for the party carrying out the search. Encryption is resourceful for the reason that the majority of symmetric searchable encryption systems are founded on symmetric primitives similar to ‘block ciphers and pseudo-random functions’. Search can be resourceful for the reason that the classic usage situations for symmetric searchable encryption let the records to be pre-processed and stored in resourceful records arrangements. The security assurances offered by symmetric searchable encryption are, more or less speaking that: (1) with no any tokens, the server finds out nothing regarding the records apart from its duration (2) provided a token for a keyword Q, the server finds out which encrypted records have Q without learning Q. At the same time, as these security assurances are stronger as compared to the ones offered by both asymmetric, as well as resourcefully searchable encryption, the paper stresses that they do have their restraints. In addition to these concerns, all presently recognized structures have deterministic tokens, which indicate that the service supplier can inform if an inquiry is recurring, despite the fact that it will not identify what the inquiry is. Asymmetric searchable encryption systems are “suitable within any setting where the party searching over the records is different from the party that produces it. We refer to such scenarios as many writer/single reader (MWSR). Several works have shown how to achieve more complex search queries in the public-key setting, including conjunctive searches and range queries. Other issues related to the application of asymmetric searchable encryption in practical systems have been studied, as well as very strong notions of asymmetric searchable encryption that can guarantee the complete privacy of queries at the cost of efficiency” (Altman & Rana, p. 92). The major benefit of asymmetric searchable encryption is functionality whereas the major drawbacks are incompetence and lesser security assurances. In view of the fact that the writer and person who read can be different, asymmetric searchable encryption systems are functional in a bigger amount of settings as compared to symmetric searchable encryption systems. The inadequacy comes from the actuality that every recognized asymmetric searchable encryption systems have need of the assessment of combinations on elliptic arcs, which is a comparatively sluggish process in comparison with the assessments of cryptographic ‘hash tasks or block ciphers’. In addition, within the usual usage situations for asymmetric searchable encryption, the records cannot be stored within resourceful records arrangements. The security assurances offered via asymmetric searchable encryption are: (1) without any tokens, the server discovers nothing regarding the records with the exception of its duration, (2) provided a token for a keyword Q, the server discovers which encrypted records have Q. “Efficient asymmetric searchable encryption systems” (Baldridge, p. 22) are suitable within any situation where the party that looks for the records is different from the party that creates it and where the keywords are difficult to guess (Baldridge, p. 22). The major benefit of resourceful asymmetric searchable encryption is that search is more resourceful than basic asymmetric searchable encryption. The major drawback, on the other hand, is that efficient asymmetric searchable encryption systems are also susceptible to vocabulary attacks. Above all, the vocabulary attacks against efficient asymmetric searchable encryption can be carried out directly against the encrypted file. Multi symmetric searchable encryption systems are suitable in every situation where several parties wish to search the records that are produced by a single party. Within a multi symmetric searchable encryption system, along with being capable to encrypt files and produce tokens, the owner of the records can as well insert as well as invalidate clients' search opportunities regarding his records. “An evidence of storage is a protocol implemented between a customer and a server with which the server can prove to the client that it did not tamper with its data. The client begins by encoding the data before storing it in the cloud, and from that point on, whenever it wants to verify the integrity of the data it runs a proof of storage protocol with the server” (Unavai, p. 4). The most important advantages of an evidence of storage are that (1) they can be implemented a random amount of times; and (2) the quantity of records swapped between the customer and the server is very little as well as independent of the amount of the records. Evidences of storage can be either confidentially or openly confirmable. Confidentially confirmable evidences of storage simply let the customer to authenticate the reliability of the records. With an openly confirmable evidence of storage, in contrast, any person that has the customer's ‘public key’ can authenticate the records' reliability. BENEFITS Some of the main benefits of a cryptographic cloud storage service are retaining of control of the records by the client, the security aspects are obtainable from cryptography, as opposed to officially authorized means, physical defense, or control over right to use. In addition, the majority of nations have regulations in position that make businesses accountable for the security of the records that is delegated to them. This is mostly so for the case of individually identifiable records, medicinal account as well as financial documentations. In addition, in view of the fact that businesses are regularly held in charge for the acts of their service providers, the utilization of a public cloud storage service can enclose considerable legal threats. Within a “cryptographic storage service, the records are encrypted on-premise by the data processor” (Baldridge, p. 43). This way, clients can receive guarantee that the privacy of their records is sealed regardless of the acts of the cloud storage supplier. This considerably decreases any official exposure for both the client as well as the supplier (Baldridge, p. 43). Records that are stored within some specific officially authorized jurisdictions may be cause to experience laws even if it was not gathered there. Since it can be complicated to find out exactly where one's records are being stored once it is forwarded to the cloud, a number of clients may be hesitant to apply a public cloud for apprehension of raising their legal experience. Within a cryptographic storage service, records are just stored in encrypted shape so any regulation that is relevant to the stored records has slight or no effect on the client. This decreases legal exposure for the client and lets the cloud storage supplier to make best possible utilization of its storage infrastructure, in that way decreasing expenditures. If a business turns into the topic of an inquiry, law enforcement agencies may demand right to use to its records. If the records are stored within a public cloud, the demand may be made to the cloud supplier and the latter could even be avoided from informing the client. This can have strict outcomes for clients. First, it anticipates the client from demanding the request. Second, it can bring about law enforcement having right to use the records from customers that are not under inquiry (Baldridge, p. 92). Digital records have a significant part in legal happenings and frequently businesses are requisite to defend and create report for proceedings. Businesses with high levels of proceedings may want to keep a duplicate of huge amounts of records on-premise with the intention of assuring its reliability. This can clearly contradict the advantages of using a cloud storage service. In view of the fact that a cryptographic storage service, a client can authenticate the reliability of its records on any point in time a supplier has every inducement to preserve the records’ reliability. CONCLUSION In addition to easy storage, several enterprise clients will have a requirement for a number of linked services. These services can incorporate any amount of business procedures together with sharing of records with trusted associates, legal action support, checking, and conformity, back up, documentation and audit records. One can refer to a cryptographic storage service together with a suitable place of enterprise services as a safe extranet and consider this could offer a priceless service to business clients (Baldridge, p. 86). In conclusion, the proposal included a discussion and analysis of some of the significant aspects of Cloud Storage Service. The proposal has identified and analyzed different studies related to the service that will be beneficial for a number of organizations in achieving major economies of scale, as well as greater control over huge data volumes. It is an expectation that the proposed project will be beneficial for students, organizations, and professionals in better understanding of this beneficial service. WORKS CITED Altman, J. and Rana, O. F. Economics of Grids, Clouds, Systems, and Services. Springer, 2010 Analog Devices Inc. Analog-Digital Conversion Handbook. Prentice Hall, 1997. Baldridge, A. Organize Your Digital Life: How to Store Your Photographs, Music, Videos, and Personal Documents in a Digital World. National Geographic, 2009. DeHerrera, J. Y. A Guide to Customizing Your Computer and Other Digital Devices. TechTV, 2003. Sandrs, L. “Stored in cloud.” Science News. Volume 177, Issue 2, p. 10. Sherr, S. Input Devices. Academic Press, 1988. Time Life Books. Memory and Storage. Time Life Education, 1990. Toigo, J. W. The Holy Grail of Data Storage Management. Prentice Hall, 1999. Unavai, A. “EMC simplifies storage configuration management as customers accelerate journey to private cloud.” SAN/LAN. Volume 28, Issue 5, pp. 4-5, 2010. Read More