ISSN 2289-7615

Page 18

International Journal of Information System and Engineering

www.ftms.edu.my/journals/index.php/journals/ijise

Vol. 4 (No.1), April, 2016

ISSN: 2289-7615 DOI: 10.24924/ijise/2016.11/v4.iss1/18.39

This work is licensed under a Creative Commons Attribution 4.0 International License.

Research Paper

ENSURING DATA STORAGE SECURITY IN CLOUD COMPUTING WITH ADVANCED ENCRYPTION STANDARD (AES)

AND AUTHENTICATION SCHEME (AS)

Mohamed Ismail Senior Lecturer

FTMS Global College Cyberjaya, Malaysia. ismail@ftms.edu.my

Badamasi Yusuf

MSc. Software Engineering School of Computing, Creative Malaysia

Technologies and Technology Leeds Beckett University UK

Through FTMS Cyberjaya, Malaysia. Badamasiyusuf611@gmail.com

ABSTRACT Cloud computing service is valuable in various segment of human activities and it has been a future information technology design for organizations, education sectors and other commercial sectors. Cloud storage services allows clients to put away data and enjoy the high quality on-demand cloud applications without the stress of constant management of their own software, hardware and data. It moves data maintained by cloud service provider on the cloud storage servers which prevent too much burden on users such as control of the physical data possession. Although the welfares of cloud services are more, but there are new threats related to data safety due to physical possession of outsourced information. Users are putting away their sensitive data and since they have no more control over the services or their stored information, there is need to implement strong security strategies that will prevent unauthorized access to the system functionalities and users information. To address data security threats while in cloud storage, strong authentication scheme and data encryption scheme was introduce in this paper using Advanced Encryption Standard (AES) algorithm for the encryption of users’ data contents before putting into storage and Authentication scheme for valid user verification and protection of unauthorized access to all units of system functionalities. Keywords: cloud storage, issues in cloud storage, data protection strategies, Advanced Encryption Standard and Authentication Scheme. 1.0 INTRODUCTION Cloud computing is a developing registering worldview that can conceivably offer various imperative points of interest. One of the principal preferences is payment based on service usage evaluation model, where clients pay just as per their utilization of the service. It served as a web

ISSN 2289-7615

Page 19

based registering (Batra, et al., 2013). As stated by NIST (United State National Institute of Standard and Technology), cloud computing gives organizational potential benefit which included improved of business outcomes (Austrialian, 2015). It is powerfully conveys everything as a service over the web in view of client interest, for example, system, working framework, stockpiling, equipment, programming and assets. These services are organized into three kinds (Wang, et al., 2012) and also deployed in three models for example, public, hybrid and private clouds. Outsourcing information and associations reduce the weight of nearby information storage and upkeep. In the meantime, while one's information are outsourced, it is essential to identify whether the information is genuinely put away at the right servers and be in place as expressed in “SLA” or Service Level Agreement (Inukollu, et al., 2014). The safety of stored data while in cloud storage is in danger because of several reasons. Despite that the bases under cloud are considerably more solid than individualized computing devices. Store data security issues has been a significant aspect that determined value of service provided by cloud service provider or weaknesses (Purushothaman & Abburu, 2012). Data should be put in safe place while maintain it integrity and completeness throughout retention period (Takahashi, 2016). There are both internal and external threats that affect the honesty of stored data in cloud storage. Lack of good security techniques for storing data into cloud server or inappropriate mechanism for execution of stored data in a large portion of cloud server can cause data integrity issue. The abuse rank and data breaches in cloud computing storage are among the greatest security challenges facing this technology specifically focusing on security challenges related to shared resources and on-demand nature of cloud computing. Based on report from California data breach record by (Harris, 2016) stated that data breaches resulted due to security weaknesses like proper ways of encoding data. Data availability and confidentiality are perceived generally as major security issue in cloud computing that can easily cause customers to resist themselves from using this technology. Customers access their data frequently or regularly therefore, the data should be available at all the time for usages by the customers (Pachauri & Gupta, 2014). The key objectives of this paper includes identification of different security threats related to stored data in cloud computing storage, strategies uses to safeguard stored data while in cloud storage, system development using Advanced Encryption Standard as algorithm for data encryption and Authentication Scheme valid users verification and prevention of unauthorized access to all functional units of the system and examination of the significant of using Advance Encryption Standard and Authentication Scheme for ensuring data security while in storage. This paper contains general introduction, cloud storage and main issues in cloud storage, strategies uses to protect stored data privacy while in storage, literature review, methodology, proposed system, conclusion and future enhancement. 2.0 LITERATURE REVIEW Many scholars have done research on security issues related to cloud computing. Based on research done by (Selvamani & Jayanthi, 2015) on “A review on cloud data security and its mitigation techniques” stated that, Cloud customers are permitted to put information into cloud server via distributed storage and reducing weight of protection and recouping in close-by device. Data can be shared by a customer in a social occasion. It is essential to guarantee the uprightness of collective data and the exactness of the dispersed stockpiling. Open assessing instrument is used to survey the exactness of the regular data. Both data proprietor and the Third Party Auditor (TPA) can survey shared data respectability without transferring the data from cloud server. Based on research done by (Sookhaka, et al., 2015) on “Dynamic remote data auditing for securing big data storage in cloud computing” stated that, cloud computing has created as another preparing perspective that offers magnificent potential for securing data remotely. In a matter of moments, various affiliations have

ISSN 2289-7615

Page 20

reduced the heaviness of adjacent data outsourcing in order to stockpile and upkeep data stockpiling to the cloud. In any case, reliability and security of the outsourced data continues involving noteworthy sensitivity toward data proprietors in view of the nonappearance of control and physical responsibility for data. To mitigate from the threat, they proposed remote data evaluating (RDA) techniques. In any case, most of existing RDA strategies is relevant for motionless chronicled data and is not material for inspection on or intensely updating the out-sourced data. Based on work done by (Prasanthi T., 2014) on “Efficient Auditing Protocol for secure Data Storage in Cloud computing” highlighted that cloud computing is increasing more cordiality from both academic and industrial group. It allows on-interest system access to an offer pool of configurable figuring assets. Clients leave the upkeep of IT administration to cloud service provider who is extremely well regarding giving learning and keep up the IT assets. For the security difficulties, for example, information uprightness and protection, in other to address such issues, they chip away at using the procedures of mystery key based cryptography plan called "Symmetric key cryptography" which empowers Third Party Audit (TPA) to play out his obligation "inspecting" without requesting clients put away information nearby duplicate. Best on their convention, TPA couldn't take in any thought regarding the put away information content in the cloud server amid typical evaluating process. This can accomplish by incorporating the encryption with hashing. According to research done by (Gadichha, 2013) on “Third Party Auditing (TPA) for Data Storage Security in cloud with RC5 algorithm” highlighted that, cloud computing services improve due to increase in security focuses on resources and centralization of data but the main concern is loss of control over assured of sensitive information and absence of security for stored kernels. Securing stored data in cloud storage is even more needed than in traditional system. To safeguard data correctness, Third Party Auditing is use in place of clients for verification. The fundamental requirements need to meet includes that the auditing process should transport in no any leakage toward users data and should be capable to audit data while in cloud storage in efficient way without requesting any local data copy or additional online burden to the customers. Cloud Storage: Due to rapid growth of data and necessity to keep it longer and safer and it need organizations or companies to assimilate on how to accomplish and use their information from initial phase. Because of advancement on IT and specifically international networking (internet), this bring an opportunity to store all data online. Third parties or service providers are those responsible for providing and maintaining off-site storage through the internet (Borgmann, et al., 2012). Cloud storage gives huge means of storage for use with three must important features such as access via Web services APIs on an un-determined network connection, very large storage quantity made available immediately for users and payment based on usage. This technology support rapid scalability. Below picture show an example of cloud storage model:

Figure 2.1: Simple model for cloud storage (Meyer, et al., 2014)

ISSN 2289-7615

Page 21

Cloud storage API: This serve as a method of accessing cloud storage data and utilization. Example of this application is Representational State Transfer based on Simple access protocol which are refers to as REST and SOAP (Vaquero, et al., 2009). They associated with request establishing via internet for a specific service and REST concept recognized widely as an approach to API design with quality and scalability. Another biggest advantage of REST is that, it is homeless design which means that it contains the whole thing required to complete the request to the cloud storage. Session between cloud storage and requestor not require, and this is much more important because internet has unpredictable response time. Cloud storage evolution: This serve as an offering of cloud computing that provide access to data from anywhere and storage varying from less data quantity to even the entire organization warehouse (Evans, et al., 2011). Cloud users’ payment of services due is based on resources manages within specifies period. Basically, the users of cloud storage upload their data into the server of cloud storage provider and it will be made available, service provider must ensure that the data stored by clients are safe from any malicious attack.

Figure 2.2: Cloud storage evolution (Meyer, et al., 2014)

Reference model of cloud: Quality of storage in cloud is due to its simplicity in terms of uses or management, payment based on usage and the impression of unlimited elasticity. It is important for any cloud storage interface that support attribute that define cloud services while allowing multiple business cases and gives long in to future such as the model developed and issued by Storage Networking Industry Association (Venugopal, 2006). The model contains various kinds of interfaces for cloud storage which can both backing new applications and legacy and allow storage provision based on pool of resources demanded as shown in below figure (Carlson, 2009).

ISSN 2289-7615

Page 22

Figure 2.3: Reference model of cloud storage

MAIN ISSUES IN CLOUD STORAGE Data control: Information is exist in outside of enterprises base and is realized that, they may loss protection over information. In spite of the fact that the worries are to a great extent speculative and mental as opposed to real, because of the youthfulness of this services, measures of conveyance for services and developing plan of action, clients may have bona fide worries about the service provider reasonability and operational procedures (Yang, et al., 2013). The new model of data access services or information hosting brings about access control challenge. Application suitability: A sort of more static information, inert information, for example, applications that incorporate online reinforcement and chronicling is the best fit for distributed storage. The chronicling sort of information functions admirably in the cloud in light of the fact that the information changes less every now and again. This information doesn’t require fast value-based access. Mass information can be effectively packed utilizing information lessening advances and also it can be effortlessly scrambled (Innovator, 2015). Data security threat: This is the fundamental reasons for most of the commercial enterprises which kept them down from cloud system services. Data security can be fluctuated like in normal stockpiling or even more. The cloud innovation is a language registering which is conveyed on top of all these corporate systems (Parekh & Sridaran, 2013). Lack of data encryption in cloud storage help to encourage risks in users’ data which could lead to the expose of various data information to illegible clients (Blumenthal, 2010).

ISSN 2289-7615

Page 23

STRATEGIES USES TO PROTECT DATA WHILE IN CLOUD STORAGE Authentication scheme: This is the way toward guaranteeing that only valid clients are accessing the information. In cloud, this scheme means to ensure clients are putting away the information by giving a legitimate client name and secret key which is a solitary variable verification strategy utilized (Khalid, et al., 2013). The client needs to demonstrate his or her personality to the cloud administration supplier in order to get access to information put away in cloud. Data encryption: This is the way toward making plaintext into an indiscernible organization by a client or an outsider. The change made into figure content is unscrambled up to destination. The information is scrambled and put away into the cloud in order to protect the integrity of information while in cloud storage. Cloud service provider offers ways of protecting users’ information by using of good encryption scheme (Wang, et al., 2011). Access control: This is the technique for guaranteeing that the entrance is given just to the approved clients and consequently the information is put away in a safe way. Different access control instruments, for example, the intrusion location and isolation of obligations are empowered at different system layers of cloud services and uses of firewall (Joseph, et al., 2014). Authorization: This is a way of guarantees that only client with a specific identification can login to a specific administration (Bernabe, et al., 2014). This technique is the progression trailed validation. Forecaster planned an Oracle Database Vault where application information are shield from different authoritative clients furthermore gives approval (Chadwick & Fatema, 2012). An entrance control system taking into account Role Based Access was proposed using multi-tenure technique for ensuring the information in cloud situations. 3.0 RESEARCH DESIGN Proposed system design and implementation was done using two different authentication scheme. The first authentication scheme consists of valid username and password. Second authentication scheme is secret key, each user has secret key and the storage location for those keys are in safe location. Even if hackers or malicious attackers eavesdrops or hacked the database and get access to username and password, that will not grant them access to the system. Once users entered wrong key, the system will automatically logout. Based on system design, new users can fill request form and submit, service provider will verify new user before grant or deny access. Advanced Encryption Standard (AES) algorithm serve as scheme for data encryption which is the most secured algorithm as of now. The system is divided into two functionalities, cloud service provider and cloud users. Below use case describe flow of system information:

ISSN 2289-7615

Page 24

Figure 4: Service provider flow of information

Figure 3.1 Clients side flow of information

ADVANCED ENCRYPTION STANDARD (AES) Encryption Standard is selected by the researcher as technique for data encryption and decryption. The AES served as symmetric encryption standard of information processing for United State Government (Gueron, 2012). This encryption method was announced by (NIST) National Institute of Standard Technology on November 26, 2001 as the best symmetric encryption standard after a 5 years standardization processes. A. AES KEY AND BLOCK

ISSN 2289-7615

Page 25

For the 128 bits, there is 2128 which is equal to 3.4 x 1038 possible keys. For instance as tested by APC, they tried 255 keys per second needed almost 149.00 billion years to break the AES cipher.

For the 192 bits, there is 2198 which is equal to 6.2 x 1057 possible keys. For the 256 bits, there is 2256 which is equal to 1.1 x 1077 possible keys.

For a key with variable length equal to (128, 192 and 256 bit). They are represented with a matrix of byte with Ai column and 4 rows where Ai representing key length divided by 32 bit as stated below:

128 bits of key = 16 bytes represented by (Ai = 4) 192 bits of key = 24 bytes represented by (Ai = 6) 256 bits of key = 32 bytes represented by (Ai = 8)

For a block of length 128 bit which is equivalent to 16 bytes can be represented in a matrix of byte with 4 rows and Ab columns, where Ab = block length divided by 32 as shown below:

ai0 ai4 ai8 ai12

ai1 ai5 ai9 ai13

ai2 ai6 ai10 ai14

ai3 ai7 ai11 ai15

Table 2: Block of length 128 bit (ai representing input)

B. ENCRYPTION PROCESS Encryption procedure using AES, it consisted of four different steps as stated below (Kak, 2016):

The first step: Bytes substitution Second step: Shift row Third step: Mix columns and Fourth step: Add round key

The final step consisted of exclusive-OR (XOR) of the output for the first three steps with key schedule of four word. Last round in encryption doesn’t involve any mix column. C. DECRYPTION PROCESS Decryption process also involved four round as in encryption process. The differences between the encryption and decryption process is that, the shifting and substitution operation in decryption process in a reverse of encryption process. The steps of decryption are as follows:

First step: Inverse shift round Second step: Inverse bytes substitution Third step: Add round key Fourth step: Inverse mix column.

The third step consisted of exclusive oaring (XOR) of the first two step. Last round in decryption doesn’t involve any inverse mix column. Below picture shown an example of AES encryption and decryption:

ISSN 2289-7615

Page 26

Figure 6: AES encryption and decryption process

SIGNIFICANCE OF AES

AES work in parallel over the whole block of input. The design of AES is efficient for both software and hardware across varieties of platforms. It has uniform and parallel composition of four steps in each round except in the last round. It has long key length which is difficult to guess by unauthorized users. It has block size of 128 bit with strong key scheduling.

AUTHENTICATION SCHEME The authentication scheme used in the proposed system design and implementation is categorized in to two as described above. Each user has username and password, both are saved in same database, to avoid possibility of unauthorized access to the database, each user has secret key, this help to strength authentication scheme. The secret key is in separate and save space with username and password. Despite user login with valid username and password, that doesn’t grant access to the system functionality, secret key must be valid. The system will automatically log user out if the key isn’t valid. Users’ secret keys are embedded inside system source code and transform in to executable, this will help to avoid unauthorized access to users key. ADVANTAGES OF AUTHENTICATION SCHEME USED Prevent clients from burden of self-data auditing scheme while in cloud storage, where by users are responsible for verifying data integrity at all times. Prevent problem of public auditing scheme from third party where by in some situation, attacker can use the privilege of third party auditor to have access to users stored data in cloud computing. 4.0 RESULTS AND DISCUSSION

ISSN 2289-7615

Page 27

The approach use for research fact finding is questionnaire, closed ended question format used for questionnaire design. Detail of research questionnaire stated below: Target audience selection: Since the area of research is IT related field, the target audience selected as respondents for this research are those with experience in IT field especially those with cloud computing knowledge. The research questionnaire is targeted for about 100 respondents in order to have useful data for effective analysis. Questionnaire design: Having got an advice and direction on how the research question should be formulated in line with research objectives. The next procedure is designing the research question, closed ended format used in designing the question. . The supervisor checked all questions carefully and makes necessary correction. Research questions was printed out and distributed to target audience. Questionnaire management: This is administering the questionnaire to ensure that all distributed question rich target audience. To prevent obtaining wrong result management is important in fact finding. Constant follow up help author to receive responses of distributed research question. This step helps to receive all feedback without missing any of the respondents’ result. Analysis based on collected result: Immediately after receiving responses, the researcher carefully separated each of response option for percentage calculation and analysis of result. This to ensure that, the correct result is reflected in the research document based on responses collected from audience. RESULT AND DATA ANALYSIS The result is shown in form of 3D pie chart with analysis of data for each. In order to accurately analyze the results of responses collected from respondents, researcher transferred questionnaire responses into spreadsheet; each question has column and rows used for response. The data entry was check carefully to ensure accuracy result entries based on respondents output.

Chart 3.1: Data integrity, privacy and availability issues

As shown above, once cloud services lack good techniques of protecting stored data privacy and integrity while in storage, will cause a lot of lost to the service provider or collapse of services especially when clients realize such issue.

ISSN 2289-7615

Page 28

Chart 3.2: Causes of like of data integrity, breaches and loss in cloud storage

As shown in the above result, access control, system protection, encryption scheme and network protection all have role to the success of cloud computing service. One of the promising security solutions for data and provision is access control, all system layers and component must have access control policy such as access to file and web servers.

Chart 3.3: Causes of lack of good security strategies for stored data in cloud storage

The above result show that one of the factor which determine the success of service provider by cloud service provider is to have good strategies for securing stored data privacy while in storage. If the design approach allow chances for sets of attacks to the stored data, then this can affect data integrity, privacy and in some instance it can lead to data breaches, loss and availability issues.

ISSN 2289-7615

Page 29

Chart 3.4: Scheme suitable for securing stored data privacy in cloud storage

The strategies uses to prevent stored data privacy and integrity in cloud computing included both authentication, encryption, access control and authorization as shown from the above chart based on result collected. All of the scheme play vital role to the success of the services provided in cloud computing.

Chart 3.5: Important of end to end encryption to data in transit and at rest

The suitable secured method for data transfer from one end to another is by using end to end encryption as shown from the above result. If user data is open, then it integrity is put into doubt because of different strategies uses for attacking data while in transit through network especially international network or at rest in cloud storage.

Chart 3.6: Important of chosen encryption algorithm to stored data integrity

The selected algorithm for data encryption has important role to the protection of data integrity as shown from the above result because some of algorithms uses are vulnerable to different set of attacks.

ISSN 2289-7615

Page 30

Chart 3.7: Important encryption and authentication scheme for data security

As shown from the above result, authentication and encryption become intertwine technologies for ensuring that the data maintain it integrity both at transit and at rest.

Chart 3.8: Strength of Advanced Encryption Standard to stored data privacy

From the above result indicated that Advanced Encryption Standard (AES) is one of the recent and strong algorithm uses to protect data from different sets of attackers.

Chart 3.9: Advantage of system design model used

As shown from the above result, the approach used for system development is very important to the success of the entire system. Each of system development methodology has it strengths and weaknesses, choosing of methodology depend on system requirements and functionalities.

ISSN 2289-7615

Page 31

Chart 3.10: Advantage of using more storage location in cloud computing

In cloud computing, using more than one storage location for storing user’s information has advantages as shown from the above result. An incident can occur that may affect the storage, and once all users data are residing in same location, any destruction could lead to damage or loss of the entire data. PROPOSED SYSTEM The structure created during system design and results of system analysis are considered in system implementation, so that to ensure all stated requirements are meet. The system elements are integrated into intermediate aggregate and finally into complete system. The system will automatically recognize users and service provider based on username, password and secret key entered. Below figures show screenshot of the system interfaces and functionalities. System home page: This is the first interface that will display when user run the system. It contains file menu, about and exit menu. The file menu contains login and new user submenu, when user click on login the login window will display, new user sub menu is a link to new users request form. The system home page is shown in below figure:

Figure 4.1: System welcome page

User login page: This page has two functions, the first is service provider login and second is cloud users login, but for security reason, the system will automatically detect user type based on username and password entered and link user to appropriate system functionalities. Below figure shows example of valid admin login.

ISSN 2289-7615

Page 32

Figure 4.2: Admin login

Second phase of authentication: this is the phase of verifying user secret key as shown below:

Figure 4.3: Second phase of admin authentication

Service provider main interface: There are various functionalities in the service provider side which includes data security by encryption, composing email, viewing new user request record, grant or deny user access, viewing valid users record, viewing admin record, uploading resources to clients side, uploading and saving data, uploading image for personal use, adding new user, removing existing user and viewing available resources. The interface shows below:

ISSN 2289-7615

Page 33

Figure 4.4: Cloud service provider interface

Cloud users interface: cloud user can upload data file, encrypt the uploaded data and save to selected storage. Other functionalities includes viewing all available resources uploaded by service provider, saving selected data file for usage, updating record, immediate notification will be send to user through email for the successful record update and changing of password. User interface shown in below figure:

Figure 4.5: Users’ main system interface

ISSN 2289-7615

Page 34

Data uploading process:

Figure 4.6: Data security file upload process

Encrypted data

Figure 4.7: Cypher text (encrypted version of plaintext)

Saving encrypted data

Figure 4.8: Saving secured data

Grant new user access

ISSN 2289-7615

Page 35

Figure 4.9: Grant new user access to the service

ISSN 2289-7615 Page 36

Deny user access

Figure 4.10: Deny new user access

User request record 18 denied as shown below:

Figure 4.11: New request record

ISSN 2289-7615 Page 37

5.0 CONCLUSION In this paper, problems related to data security in cloud computing storage such as data privacy, data loss and data availability have been discussed with strategies uses to prevent store data integrity. Reviewed of related work, research fact finding and development methodology also stated in this paper. Detail description of proposed system was discussed with screenshot of some important part of system interface and functionalities. Additional functionalities for futures work includes Auto verification of users’ encrypted data while in transit over internet to ensure that it doesn’t contain any harmful data. Provide means of secured communication between cloud clients while monitoring their activities and protection of network layers. References Austrialian, A.,( 2015) Cloud Computing Security for Tenants , Australia: Australian Government

Cyber security center. Batra, K., Sunitha, C. & Kumar, S., 2013. An Effective data storage security sheme for cloud

computing. International Journal of Innovative Research in Communication Engineering, 1(4), pp. 808-810.

Bernabe, J. B. et al., 2014. Semantic- Aware – multitenancy-authorization system for cloud architectures. Future Generation Computer Systems, Volume 32, pp. 154-167.

Blumenthal, M. S., 2010. Hide and Seek in the Cloud. IEEE, pp. 57-58. Borgmann, M. et al., 2012. On the Security of Cloud Storage Services, Germany: Fraunhofer Institute

for Secure Information Technology SIT Rheinstraße 75 64295 Darmstadt. Carlson, M., 2009. Cloud Storage Reference Model, s.l.: SNIA Technical Council and the Cloud Storage

TWG. Storage Networking Industry Association. . Chadwick, D. W. & Fatema, K., 2012. A privacy preserving authorization system for the Cloud.

Journal of Computer and System Sciences, 78(5), pp. 1359-1373. Evans, M., Huynh, T., Le, K. & Singh, M., 2011. Cloud Storage, Uk: MIS 304 – Fall 2011 Professor: Fang

Fang . Gadichha, N. M. Y. a. V. B., 2013. Third Party Auditing (TPA) for Data Storage Security in Cloud with

RC5 Algorithm. International Journal of Advanced Research in Computer Science and Software Engineering , Volume 3(11), pp. 1032-1037 .

Gueron, S., 2012. Intel Advanced Encryption Standard (AES) New instruction set, Israel : Intel Architecture Group, Israel Development Center.

Harris, K. D., 2016. California Data Breach Report, United State of America: California Department of Justice.

Innovator, 2015. The Path to Clarity in the Cloud, s.l.: NTT DATA, Inc. 2015_03-FSH-m2cloud. Inukollu, V. N., Arsi, S. & Ravuri, S. R., 2014. Security issues associated with big data in cloud

computing. International Journal of Network Security & Its Application (IJNSA), 6(3), p. 46. Joseph, A. O., Kathrine, J. W. & Vijayan, R., 2014. Cloud security mechanism for data protection.

survey. International Journal of Multimedia and Ubiquitous Engineering, 9(9), p. 84. Kak, A., 2016. AES: The Advanced Encryption Standard, India: Purdue University.\ Khalid, U., Ghafoor, A., Irum, M. & Shibl, M. A., 2013. Cloud Based Secure and Privacy Enhanced

Authentication and Authorization Protoco. Procedia, Volume 22, pp. 680-688. Kokane, M., Jain, P. & Sarangdhar, P., 2013. Data Storage Security in Cloud Computing. International

Journal of Advanced Research in Computer and Communication Engineering , 2(3), pp. 1388-1389.

ISSN 2289-7615 Page 38

Madhavi, K., R.Tamilkodi & R.BalaDinakar, 2012. Data Storage Security in Cloud Computing for Ensuring Effective and Flexible Distributed System. International Journal of Electronics Communication and Computer Engineering , 3(1), pp. 133-134.

Meyer, D. T., Shamma, M., Wires, J. & Zhang, Q., 2014. Fast and Cautious Evolution of Cloud Storage, Columbia: Department of Computer Science Univesity of British.

Pachauri, G. & Gupta, S. C., 2014. Ensuring data integrity in cloud data storage. IJISET- International Journal of Innovative Science, Engineering and Technology, 1(3), p. 54.

Parekh, M. D. H. & Sridaran, D. R., 2013. An Analysis of Security Challenges in cloud copmuting. (IJACSA) International Journal of Advanced Computer Science and Applications,, 4(1), pp. 38-41.

Prasanthi T., B. C. K. S. S. a. K. K., 2014. An Efficient Auditing Protocol for Secure Data Storage in Cloud Computing. London UK, Proceedings of the World Congress on Engineering

Purushothaman, D. & Abburu, D., 2012. An Approach for Data Storage Security in Cloud Computing. IJCSI International Journal of Computer Science Issues, 9(2), pp. 100-101.

Rao, K. N., Naidu, G. K. & Chakka, P., 2011. A case study of the Agile Software Development Methods, Applicability and implication in industry. International Journal of Software Engineering and Its Applications, 5(2), pp. 35-38.

Sabale, R. G. & Dani, D. A., 2012. Comparative Study of Prototype Model For Software Engineering With System Development Life Cycle. OSR Journal of Engineering (IOSRJEN), 2(7), pp. 22-23.

Sarkar, M. K. & Chatterjee, T., 2014. Enhancing Data Storage Security in Cloud Computing Through Steganography. ACEEE Int. J. on Network Security , 5(1), pp. 13-14.

Selvamani, K. & Jayanthi, S. b., 2015. A REVIEW ON CLOUD DATA SECURITY AND ITS MITIGATION TECHNIQUES. Odisha India, Interscience Institute of Management and Technology, Bhubaneswar,.

Sharma, S., Sarkar, D. & Gupta, D., 2012. Agile Processes and Methodologies: A Conceptual Study. International Journal on Computer Science and Engineering (IJCSE), 4(5), pp. 893-894.

Singh, R., Kumar, S. & Agrahari, S. K., 2013. Ensuring Data Storage Security in Cloud Computing. International Journal Of Engineering And Computer Science ISSN:2319-7242 , 2(3), pp. 825-826.

Sommerville, L., 2011. Software Engineering. Ninth Edition ed. United State of America: Pearson Education, Inc., Permissions Department, 501 Boylston Street, Suite 900, Boston, Massachusetts 02116..

Sookhaka, M., Gania, A., Khanb, M. K. & Buyyac, R., 2015. Dynamic remote data auditing for securing big data storage in cloud computing. Information Sciences, 25 September, pp. 1-16.

Takahashi, K., 2016. Data Integrity and Compliance With CGMP Guidance for Industry, United State: U.S. Department of Health and Human Services Food and Drug Adminis. Center for Drug Evaluation and Research (CDER).

Tidke, P. M. P. a. P. B., 2014. Improving Data Integrity for Data Storage Security in Cloud Computing. International Journal of Computer Science and Information Technologies (IJCSIT), 5(5), pp. 6680-6684.

Vaquero, L. M., Rodero, L., Caceres, J. & Lindner, M., 2009. A Break in the Clouds: Toward a Cloud Definition.. s.l., ACM SIGCOMM Computer Communication Review.

Venugopal, S., 2006. Scheduling Distributed Data-Intensive Applications on Global Grids, Australia: Department of Computer Science and Software Engineering, The University of Melbourne,.

Wang, C. et al., 2012. Toward Secure and Dependable Storage Services in Cloud Computing. IEEE TRANSACTIONS ON SERVICES COMPUTING, 5(2), pp. 220-223.

Wang, G., Q. Liu, J. W. & Guo, M., 2011. Hierarchical Attribute Based Encryption and Scalable User Revocation for Sharing Data in Cloud Servers. Computers and Security, 30(5), pp. 320-331.

Yang, K., Jia, X., Ren, K. & Zhang, B., 2013. DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems. Proceedings IEEE INFOCOM, Volume 7, p. 2895

ISSN 2289-7615 Page 39

IJISE is a FTMS Publishing Journal