jayant ghorpade - cloud computing white paper
TRANSCRIPT
A Paper Review On
Secure Storage & Practical Outsourcing of Linear Programming
in Cloud Computing Through Tag Definition
Jayant Ghorpade Sneha Mane Prajakta Ingle
Student Student Student
Department of Computer Engineering
Nutan Maharashtra Institute of Engineering & Technology, Talegaon–Pune, India
Abstract
Cloud Computing enables customers to
outsource their large workloads to the cloud
with limited computational resources, and
gives economical benefits of computational
power, bandwidth, storage, and appropriate
software that can be shared in a pay-per-use
manner. Though there are tremendous
benefits, security is the primary obstacle that
many potential users of cloud services lack
confidence that cloud providers will
adequately protect their data and deliver
safe and predictable computing results.
From the customer’s point of view,
depending upon a single service provider for
outsourcing his data is not very promising.
In order to provide better privacy as well as
to ensure data availability can be achieved
by dividing the user’s data block into data
pieces and distributing them among the
available service providers.
In this paper, we are focusing to
securely outsource the linear programming
in cloud computing in pay-per-use strategy
through Service Selector Service, Data
Distribution Service using Tag Definition to
outsource customer’s confidential data
among several service providers. Encryption
is carried out using RSA algorithm before
outsourcing data to the service providers
and while retrieving the data, decryption
also carried out using RSA algorithm.
Keywords: Cloud Computing, Linear
Programming, pay-per-use, Service Selector
Service, Data Distribution Service, Tag
Definition.
1. Introduction
Cloud computing is the use of
computing resources such as hardware and
software that are delivered as a service over a
network. Cloud computing is a practical
approach to experience direct cost benefits
and it has potential to transform a data center
from a capital intensive set up to a variable
priced environment [2]. In business planning
cloud computing promises greater flexibility
along with significant cost savings by
influencing economies of scale in the
Information Technology infrastructure. It
also offers a simplified capital and
expenditure model for compute services as
well as increased moving ability for cloud
customers who can easily expand and
contract their IT services as business needs
change. Yet many enterprise customers are
uncertain to buy into cloud offerings due to
governance and security concerns. Many
potential users of cloud services lack
confidence that cloud providers will
adequately protect their data and deliver safe
and predictable computing results [3].
1.1 Cloud Delivery Models
Cloud computing basically consists of
three service model that are used by any
cloud service provider to provide the
services to the clients, we called it as cloud
delivery models and they are [5] [6]:
1.1.1 Software as a Service (SaaS)
The consumer uses an application,
without controlling the hardware or network
infrastructure, operating system on which it
is running [5]. In this model, cloud providers
install and operate application software in
the cloud and cloud users access the software
from cloud clients. The cloud users do not
manage the cloud infrastructure and platform
on which the application is running. This
eliminates the need to install and run the
application on the cloud user's own
computers simplifying maintenance and
support.
Examples of SaaS include: Google Apps,
innkeypos, Quick books Online, Success
factors Bizx, Limelight Video Platform,
Salesforce.com and Microsoft Office 365.
1.1.2 Platform as a Service (PaaS)
The consumer can use a hosting
environment for their applications. The
consumer controls the applications that run
in the environment and possibly has some
control over the hosting environment, but
cannot control the operating system,
hardware or network infrastructure on which
they are running. The platform is typically an
application framework [5]. In PaaS model,
cloud providers deliver a computing platform
typically including operating system,
database, web server, and programming
language execution environment. Without
the cost and complexity of buying and
managing the underlying hardware and
software layers, application developers can
develop and run their software solutions on a
cloud platform.
Examples of PaaS include: Amazon Elastic
Beanstalk, Cloud Foundry, Heroku,
Force.com, EngineYard, Mendix, Google
App Engine, Windows Azure Compute and
OrangeScape.
1.1.3 Infrastructure as a Service (IaaS)
Infrastructure as a service delivers
basic storage and compute capabilities as
standardized over the network. Instead of
physically deploying servers, storage, and
network resources to support applications,
developers specify how the same virtual
components are configured and
interconnected, including how data is stored
and retrieved from storage cloud. The
consumers are able to use "fundamental
computing resources" such as processing
power, storage, networking components or
middleware as well as can control the
operating system, storage, deployed
applications and possibly networking
components such as firewalls and load
balancers, but not the cloud infrastructure
beneath them [5].
Examples of IaaS include: Amazon Cloud
Formation and underlying services such as
Amazon EC2, Rackspace Cloud, Terremark,
Windows Azure Virtual Machines and
Google Compute Engine.
Figure 1.1 Delivery Models in Cloud Computing
1.3 Pay per Use
Cloud computing enables customers
to outsource their large amount of data or
information on the cloud with limited
computational resources that can be shared
in a pay-per-use manner [1]. One of the
important services offered in cloud
computing is the data storage on cloud. A
concept called as the Cloud Service Provider
in which instead of storing data on own
server, subscriber can store their data on the
cloud service provider‟s servers. For storing
data on cloud service provider‟s server a
subscribers have to pay the service providers
for this storage service. The advantage of
this service is nothing but the customer can
only pay for the amount of data he need to
store for certain amount of time period along
with the benefit of flexibility and scalability
for the data storage. In addition to these
benefits, customers can easily access their
data from any geographical location where
the Internet or Cloud Service Provider‟s
network can be accessed. It does not cause
any maintainability issues of large amount of
data storage [4].
1.4 Linear Programming
Linear programming i.e. LP or linear
optimization is a mathematical method for
determining a way to achieve the best
outcome (such as maximum profit or lowest
cost) in a given mathematical model for
some list of requirements represented as
linear relationships. Linear programming is a
specific case of mathematical programming.
More formally, linear programming is a
technique for the optimization of a linear
objective function, subject to linear equality
and linear inequality constraints. It‟s feasible
region is a convex polyhedron, which is a set
defined as the intersection of finitely many
half spaces, each of which is defined by a
linear inequality [2]. Linear programming
can be applied to various fields of study. It is
used in business and economics, but can also
be utilized for some engineering problems.
Industries that use linear programming
models include transportation, energy,
manufacturing and telecommunications. It
has proved useful in modelling diverse types
of problems in planning, scheduling,
assignment, routing, and design.
2. Problem Description
From the cloud customer‟s
viewpoint, treating the cloud as an intrinsic
insecure computing platform, we are
designing a mechanism that protects
sensitive information as well as protect
customers from malicious behaviours. We
are protecting the sensitive information by
enabling linear computations with encrypted
data, also protecting customers by enabling
the validation of the computation result.
Recently such mechanisms of securely
outsourcing the various computations was
shown to be suitable in theory only, but to
design such mechanism that are practically
efficient have remained very challenging
problem. For this we are considering two
different entities involving in securely
outsourcing computation architecture, the
cloud customer, who has large amount of LP
computation problem to be outsourced to the
cloud; and the cloud server, which provides
significant computation resources and
services such as hosting the public linear
programming solvers in pay/use manner [1].
Figure 2.1 Architecture of Secure outsourcing Linear Programming Problems in Cloud Computing
The customer may have large amount
of linear programming problem to be solved.
But due to lack of computing resources, like
storage capacity, memory, processing power,
etc., it is difficult for customer to carry out
such expensive computations locally. To
avoid this, customer forces Cloud Servers for
solving the LP computations by controlling
its computations in pay/use manner. Here the
encryption and decryption can be carried out
in such a manner that instead of sending
original problem directly, customer first uses
a key to map original problem into encrypted
form. The key used by customer is nothing
but the secrete key. After the mapping of
original problem into encrypted form the
problem get outsourced to cloud server. This
overall process gets carried out using RSA
algorithm for encryption and decryption.
2.1 Audience
Users in our proposed application are:
2.1.1 Service Provider Admin
Root user for the entire infrastructure.
Scope: Access to all cloud instances within
the service provider domain, access to all
customers.
2.1.2 Cloud admin
Root user for a particular cloud within the
service provider infrastructure. There could
be multiple clouds in a service provider
environment. For each cloud there should be
a cloud admin.
Scope: Has visibility to own cloud infra
resources, not the entire service provider
infrastructure.
2.1.3 End user
End consumer. Regular user without any
administration privileges. Can use resources,
see utilization reports, but cannot select
reports outside privilege scope.
Scope: Very limited scope down to the
virtual machine level access.
Figure 2.2 Users in application
2.2 RSA algorithm
RSA is a public key algorithm
invented in 1977 by 3 scientists Ron Rivest,
Adi Shamir, Leonard Adleman (RSA).
Today RSA is used worldwide to encrypt the
data which is confidential and RSA gives
best security policy that‟s why all the service
providers such as Gmail, hotmail, media fire
etc. are using RSA algorithm to ensure their
users full of confidentiality [7].
The RSA algorithm is based on the
mathematical fact that it is easy to find and
multiply large prime numbers together, but it
is extremely difficult to factor their product.
The private and public keys in RSA are
based on very large i.e., made up of 100 or
more digits prime numbers. The algorithm
itself is quite simple. However, the real
challenge in the case of RSA is the selection
and generation of public and private keys
[8].
The algorithm carried out in 3 steps:
1. Key generation
2. Encryption
3. Decryption
2.3 Proposed Algorithm
Step 1. Declaration
Declare e as encryption exponent and d as
decryption exponent. p,q ← Integer numbers
n ← Modulus for keys.
Ø (n) ← Euler‟s Totient.
e ← Public key exponent.
d ← Private key exponent.
Step 2. Key Generation
2.1 Choose two large prime numbers p and
q.
2.2 Calculate n = p*q.
2.3 Calculate Ø (n) = (p-1) * (q-1).
2.4 Select integer „e‟ should be prime
number such that „e‟< Ø (n).
2.5 Select „d‟ such that (d*e mod Ø (n)) = 1.
2.6 Public key PU = [e,n].
2.7 Private key PR = [d,n].
Step 3. Encryption
3.1 Sender A obtain receiver B‟s public key
PU.
3.2 Plaintext message as integer M.
3.3 Compute cipher text C = Me mod n.
3.4 Sends this message (cipher text) to B.
Step 4. Decryption
4.1 Uses his private key PR to compute M =
Cd mod n.
4.2 Extract plain text
3. Proposed Mechanism
3.1 Service Selector Service (SSS)
Here in this paper, we are introducing a
new concept called SSS i.e. Service Selector
Service. It is used for temporary or
communicative purpose. Multiple users can
run one application in Cloud as User1,
User2…..User n from various locations Loc
1, Loc 2….Loc n. User1 of location1 &
user2 of location2 interacts with application,
which works on Service Selector Service.
SSS will decide whether the
requesting data is for Encryption Service or
Decryption Service. Firstly SSS will
recognize the request message coming from
Application and will decide to which service
the request should get forwarded either
Encryption Service or Decryption Service. If
a user wants to write any data then SSS will
forward request message to Encryption
Service whereas in case of reading any
particular data, a SSS will forward request to
Decryption Service.
Consider an example if User1 wants
to write the data then SSS will forward that
request to Encryption Service and if User2
wants to read the data then SSS will forward
that request to Decryption Service. By using
SSS the workload gets divided.
3.2 Encryption Service (ES)
An Encryption Service receives the data
from SSS which is for data encryption
purpose. ES will encrypt the plain text to
cipher text. If any user wants to write the
data then SSS transmits the data to
encryption service.ES service communicates
with Distributed Database System for data
distribution.
3.3 Data Distribution Service (DDS)
DDS coordinates with encryption service
and works on multiple strategies. Here the
basic strategy used is Tag Definition. Tag
Definition refers to use of database
according to the user interaction that means
using tag definition strategy DDS will divide
requested data into High Level entities and
Low level entities form and then data will be
passed to ES for encryption.
Consider user is performing banking
operation &database contains table attributes
as ID, Date, Bank_Name, Account and
Amount etc. DDS with Tag Definition will
decide the high level entities & low level
entities from these attributes.
3.4 Outsourcing Service (OS)
The Outsourcing Service will
perform the task of outsourcing the data from
encryption service to service providers and
from decryption service back to the
application. Whenever the data is transferred
from encryption service to outsourcing
service, outsourcing service will decide,
which service provider to be select to store
or outsource the data. Then it will transfer
the data to appropriate service provider
depending on its quality factor. After sending
the data to the service provider, outsourcing
service will check whether service providers
have received the data or not.
3.5 Decryption Service (DS)
Decryption service is used to convert
the encrypted cipher text into plain text using
keys. If the application user wants to read the
data then SSS will transmit that data to
Decryption service. Decryption service then
communicates with the master database
server which contains tables having
encryption keys and then decryption service
will fetch the data from the appropriate
service provider with the help of keys and
decrypt it.
3.6 Service Provider (SP)
Basically service provider does two
main tasks that‟s nothing but the hosting and
the resource selection. Whatever data have
been transferred from ES and received from
DS gets stored into Service Provider.
Providing better privacy as well as ensuring
data availability can be achieved by dividing
the user‟s data block into data pieces and
distributing them among the available
Service Providers [4]. A service provider that
offers customers storage or software services
available via a private or public network
cloud. Usually, it means the storage and
software is available for access via the
Internet.
Figure 3.1 Proposed System Architecture
4. Mechanism Design Framework
In this framework, the process on cloud
server can be represented by ProofGen
algorithm and the process on customer can
be represented by three algorithms
KeyGeneration, ProbEncryption,
ProofGeneration, ResultDecryption.
4.1 KeyGeneration Key generation is the process of
generating keys for cryptography. A key is
used to encrypt and decrypt whatever data is
being encrypted/decrypted [1]. Modern
cryptographic systems include symmetric-
key algorithms (such as DES and AES)
and public-key algorithms (such as RSA).
Symmetric-key algorithms use a single
shared key; keeping data secret requires
keeping this key secret. Public-key
algorithms use a public key and a private
key. The public key is made available to
anyone. A sender encrypts data with the
public key; only the holder of the private
key can decrypt this data.
4.2 ProbEncryption This algorithm encrypts the input
with the secrete key. According to problem
transformation, the encrypted input has the
same form as given input [1].
4.3 ProofGeneration This algorithm solves the problem to
produce both the output and a proof. The
output later decrypts and the proof are used
by the customer to verify the correctness of
output [1].
4.4 ResultDecryption
The mechanism must produce an output
that can be decrypted and verified
successfully by the customer [1]. It is also
called as Symmetric-key algorithms. Here, a
correct output is produced by decryption
using the secret .When the validation fails; it
indicates that the cloud server was not
performing the computation faithfully.
Symmetric-key algorithms are a class of
algorithms for cryptography that use the
same cryptographic keys for both encryption
of plaintext and decryption of cipher text.
The keys may be identical or there may be a
simple transformation to go between the two
keys. The keys, in practice, represent a
shared secret between two or more parties
that can be used to maintain a private
information link. This requirement that both
parties have access to the secret key is one of
the main drawbacks of symmetric key
encryption, in comparison to public-key
encryption.
5. Performance Analysis
Whenever SSS transmits the data to
the DDS through ES, using tag definition
DDS will divide the requested data into High
Level entities and Low level entities form
and then data will be passed to ES for
encryption. At the same time DDS gets
connected with each of the SPs parallely
which increases workload over DDS. In our
mechanism this workload is balanced using
task manager by dividing the task into
subtasks. The execution framework takes
care of splitting the job into subtasks [10].
Both customer and cloud server
computations can conduct the same work
station with an Intel Core 2 Duo processor
with 4 GB RAM. In this way, the practical
efficiency of the proposed mechanism can be
assessed without a real cloud environment.
We can also ignore the communication
latency between the customers and the cloud
for this application since the computation
dominates the running time as evidenced by
our mechanism.
According to our mechanism,
customer side computation overhead consists
of key generation, problem encryption, and
result verification operation respectively. For
cloud server, its only computation overhead
is to solve the encrypted computation as well
as generating the result [1]. Security is the
key factor of our experiment. RSA is
strongest public key encryption algorithm
used over the internet now a day. RSA is one
of the algorithms having asymmetric key
encryption policy. Any invalid user
accessing encrypted data then it is hard to
interpret [7]. Security of cloud is enhanced
by storing the confidential data on to the
several SPs.
6. Conclusion
In this paper, we achieve the problem
of securely outsourcing LP computations in
cloud computing, and provide such a
practical mechanism design which fulfills
input/output privacy, cheating resilience, and
efficiency. By explicitly decomposing the
input data, our mechanism design is able to
explore appropriate security and efficiency
tradeoffs. We seeks to provide each customer
with a better cloud data storage decision, by
considering the user budget as well as
providing him with the best quality of
service offered by available cloud service
providers. By dividing and distributing
customer‟s data, our application has shown
its ability of providing a customer with a
secured storage under his affordable budget.
7. Reference
[1] Cong Wang, Kui Ren, and Jia Wang”
Secure and Practical Outsourcing of
Linear Programming in Cloud
Computing” IEEE 2011.
[2] Special Publications 800-145
“National Institute of Standard and
Technology (NIST)”
[3] Sun Microsystems, Inc., “Building
customer trust in cloud computing
with transparent security,” 2009,
[4] https://www.sun.com/offers/
details/sun transparency.xml.
[5] Yashaswi Singh, Farah Kandah, Weiyi
Zhang,”A Secured Cost-effective
Multi-Cloud Storage in Cloud
Computing”, IEEE Infocom 2011
workshop on Cloud Computing.
[6] Cloud Computing Usecase Discussion
Group, “Cloud Computing Use Cases
White Paper”, Version 2.0, Oct 2009.
[7] Anthony T. Velte, Toby J. Velte,
“Cloud Computing: A Practical
Approach”, Tata McGraw Hill
Publications.
[8] Pekka Riikonen, “RSA Algorithm”,
2002.
[9] Atul Kahate “Cryptography and
Network Security” Second Edition.
http://www.webopedia.com/TERM/C/
cloud_provider.html
[10]Daniel Warneke, Odej Kao,
“Exploiting Dynamic Resource
Allocation for Efficient Parallel Data
Processing in the Cloud”, January 2011