DESIGN OF A DATA SECURITY ALGORITHM FOR CLOUD COMPUTING Ruchi Shrivastava

Research Scholar, Eklavya University, Damoh (M.P.) Guide: Dr. Anil Pimpalapure

Professor & Dean Engineering, Eklavya University, Damoh (M.P.)

Abstract - Cloud computing has emerged as a promising paradigm for data storage and processing, offering scalability, cost-effectiveness, and on-demand resource allocation.

However, ensuring the security and privacy of data stored in the cloud remains a significant concern. This paper presents the design of a data security algorithm specifically tailored for cloud computing environments. The proposed algorithm aims to address the vulnerabilities and threats associated with cloud-based data storage and processing.

The algorithm incorporates a multi-layered approach to data security, encompassing encryption, access control, and authentication mechanisms. To enhance data confidentiality, a robust encryption technique is employed to encrypt the data before it is uploaded to the cloud. Access control is implemented using a fine-grained access policy, allowing authorized users to access specific data based on their privileges. Authentication mechanisms, such as user authentication and data integrity checks, are integrated to verify the authenticity and integrity of the data during transmission and storage.

Furthermore, the algorithm takes into account the dynamic nature of cloud computing environments. It includes mechanisms for key management, secure data sharing, and revocation of access rights to accommodate changes in user roles and access requirements.

Additionally, the algorithm incorporates intrusion detection and prevention techniques to detect and mitigate potential attacks on the cloud infrastructure.

1 CLOUD COMPUTING

Cloud computing represents an advancement in client-server architecture, allowing for the dynamic allocation of shared resources to users. It encompasses a broad range of delivered and hosted services over the internet. By leveraging cloud computing, organizations can achieve cost savings, flexibility, device mobility, and scalability. According to Buyya et al. (2008), a cloud is a parallel and distributed system composed of interconnected and virtualized computers that are provisioned dynamically and presented as unified computing resources based on negotiated service-level agreements between providers and consumers.

1.1 Motivation

Despite the numerous benefits of cloud computing, the design of cloud data storage systems presents several challenging issues that significantly impact the overall security of the system.

These issues place immense pressure on ensuring the confidentiality, integrity, and availability of data within the cloud storage environment.

These security issues occur due to the following reasons:

a) Cloud computing operates on the concept of "multi-tenancy," where data from multiple consumers is processed on the same physical hardware. This shared infrastructure allows for efficient resource utilization and cost savings.

b) In some cases, Cloud Service Providers (CSPs) may act unscrupulously by discarding data that is rarely accessed from the storage system. Incidents of data loss due to hardware failures or attacks, both internal and external, can occur, and CSPs may not always transparently disclose such incidents to their clients.

c) Hackers continuously target cloud systems in an attempt to compromise the stored business or personal information, regardless of the security measures implemented by the CSPs.

Numerous data loss incidents have been observed in recent years. For instance, Amazon's Simple Storage Service (S3) and Elastic Computing Cloud (EC2) experienced interruptions in 2010, Google's Gmail service suffered multiple global failures in 2009, Microsoft's Azure platform faced a major outage, and

approximately 100Dropbox accounts were affected in 2011.

2 CLOUD COMPUTING ENVIRONMENT Buyya et al. (2008) presented a 21st- century computing vision and a new definition of cloud computing after identifying numerous computing paradigms. They featured undertaking Cloud benefits presently utilized by Endeavors by taking instances of market framework in that show how market catalog permits different members to find suppliers or customers and play out a relative investigation of some well known Cloud goliaths (Amazon, Google, Microsoft, SunGrid and Networks Lab) administrations like help type, virtualization, Client access interface, web Programming interface and programming system and so on. Additionally, examined some condition of-craftsmanship Distributed computing stages and introduced Cloud endeavors by and by according to showcase arranged viewpoint to effective making of outsider administrations to empower the reception to the IT business.

3 PROPOSED SECURITY FRAMEWORK In this section, we propose a flexible, secure framework for the cloud computing environment, where the client device is typically small and the cloud system must manage millions of cloud services per second. When it comes to providing Security-as-a-Service (SaaS), the cost of service registration and secure data transmission is of the utmost importance.

Our proposed data security framework is shown in Figure 3.1. The operation of each security module was discussed in Section 3.3.1.

Figure 3.1 Proposed Data Security framework

4 ARCHITECTURE OF SECURITY AGENT

After the survey of numerous NoSQL information security issues, dangers and weaknesses, we proposed a security specialist based arrangement that is skilled in validation and checking the consent that are relegated by the manager during the enlistment of new cloud user[47]. Figure 4.1 demonstrate the architecture of the security agent we propose. It has two sub-agents: the authenticator sub-agent, which takes important client data as input and provides authentication if all data are correct. Additionally, it sends a copy of the message to the appropriate client and stores the timestamp information. After effective verification, it passes the client detail to next sub-specialist. ( ii) The authenticator sub-agent's client details will be received by the validator sub- agent, which will cross-check the corresponding permission in the attached XML file before granting access to the client in accordance with the cluster's assigned access permission for the requested data. It fills in as a foundation cycle in the bunch.

Figure 4.1 Architecture of Security Agent

5 OVERVIEW OF ENCRYPTION

The process of transforming the original digital data into a format that is unintelligible to humans is known as encryption. The transformed data is referred to as encrypted data or cipher text. Prior to the modern era, encryption and cryptography were virtually identical.

The word "cryptography" derives from the Greek words "kryptos," which means

"hidden" or "secret," and "graphy," which means "a method of writing." The theory of mathematical and computer science underpins much of the current encryption. In most cases, the computational complexity of cryptographic algorithms is designed to

make it difficult for any adversary to break them. Encryption is the method for getting information and just approved clients will be permitted to change over into a discernible form[35].

The use of encryption is in keeping with the long history of communication methods. The primary motivation behind encryption is to give the secrecy to carefully communicated or put away information over the nearby organization as well as web.

6 CLOUD DEPLOYMENT AND RESULTS 6.1 Introduction

Distributed computing is one of the significant development of IT industry that gives practical advantages, yet in addition gives the quick adaptability, ondemand general availability and considerably more. The primary draw for IT-related organizations and users is each of these features. However, many users are still hesitant to use cloud computing services due to data security concerns. In this section, we give the execution of our proposed information security calculation, utilizing Java programming language that is the most appropriate for web application advancement. The following is how this chapter is laid out. The need for cloud data's security is discussed in Section 6.2. In Segment 6.3, we depict the outline of proposed information security calculation momentarily. In contrast, the Java programming environment and Bluemix IBM's open Cloud Architecture are highlighted in Section 6.4. In Section 6.5, we demonstrate how to use sample input to evaluate performance on a 64-bit processor, and in Section 6.6, we provide a summary as well as recommendations for future work.

6.2 Cloud Data Security Requirement We learn about cloud computing security risks and threats every day by listening to new news or reading blogs about security attacks on the cloud related to availability, data security, and many other topics. As Distributed computing required the web availability, accordingly it is generally on the objective of the programmers. Methods for identity management, authentication, authorization, and auditing (IAAA) are required by all cloud-related services. The

majority of IAAA-related vulnerabilities should be considered cloud-specific because they are prevalent in cutting-edge cloud services[56]. A portion of the weaknesses are as per the following:

1. Unapproved admittance to the executives interface.

2. Vulnerabilities in the internet protocol

3. Possibilities for data recovery 4. Billing evasion and metering.

5. SQL infusion.

6. Through account lockout, a denial of service.

7. Deficient or broken approval checks.

8. restricted authorization and control 6.3 Overview of Security Algorithm In the Part 5, we proposed an information security and encryption calculation for distributed computing climate to give protection and security to our dynamic cloud information. As a result, we present a binary tree that stores special characters and alphanumeric characters on each node and assigns a binary value (zero or one) to each link in the tree. Each character in the input string is broken down into a binary value using the proposed binary tree to convert it to encrypted text or ciphertext. The input text, for instance, is asdf. Following the binary tree shown in Figure 6.1, a binary value will be assigned to each character in Step 1.

Figure 6.1 A Binary Tree showing alpha-numeric values 6.3.1 Advantages

It increases security by making it possible to authenticate without having to remember long passwords. The

representation of numerical values also increases the server's throughput by reducing the amount of time it takes to calculate and generate encrypted data.

We are aware that authentication is used to identify the user and establish confidentiality assurance.

6.4 Overview of Java

Java is an item arranged, stage free, hearty, secure and multithreaded programming language that was created by James Gosling and authoritatively first form 1.0 was sent off by Sun Microsystems in 1995[67]. Later, in a press release issued in January 2010, Oracle Corporation, USA (2010) announced the official acquisition of Sun Microsystems. Oracle Corp. (2013) claims that there are over 9 million Java developers and 3 billion mobile devices running Java. As per Prophet Corp.(2015) most recent rendition of Java is 8 that is authoritatively sent off in November, 2015 which improved the help of Cryptography, more grounded calculations for secret phrase put together encryption and considerably more with respect to Kerberos 5, client-side TLS and SSL/TLS also[66].

The two components of Java security are as follows: First, JCA (Java Cryptography Architecture), which supports digital signatures and message digests, and JCE (Java Cryptography Extension), which focuses on key generation, message authentication, and encryption[69], are the two main components.

6.5 Deployment on IBM Bluemix Cloud Platform

Several Cloud providers, including Google, Microsoft, Amazon, OpenStack, and IBM, offer Platform-as-a-Service (PaaS) for the deployment of user-created applications based on supported languages environments like Java, Phython, C#, and others. To implement our Java-based data security algorithm, we chose IBM Open Cloud Architecture, also known as Bluemix. IBM's most recent cloud product, Bluemix, makes it easier for developers and organizations to quickly access the cloud service for creating, deploying, and managing applications. We can undoubtedly consolidate venture level

administrations with our cloud applications without the information on establishment or setup. Bluemix execution depends on open source Stage as a Help (PaaS) known as Cloud Foundry that give the office to send and oversee engineers cloud applications in simple manner. It offers a list of services, including: giving extra structures and administrations, Bluemix gives a dashboard to you to make, view, and deal with your applications and administrations as well as screen your application's asset use. Additionally, the Bluemix dashboard lets you control user access, spaces, and organizations.

Bluemix provides a wide range of services that are simple to incorporate into our own application. These services are provided by means of IBM-provided and third-party tools like Cloud Foundry[31].

Figure 6.2 depicts the welcome page for the IBM Cloud computing Bluemix service, which provides a free trial period of thirty days for the deployment of user-created Java-based web applications on its Bluemix platform.

Anybody can get enrolled effectively utilizing his/her email and get beginning to utilize IBM cloud Stage as-a- Service(PaaS) free for a month, Figure 6.3 portray the Single-Sign-On(SS)) login page that necessary enlisted email as an IBM id and a secret key to get to the Bluemix various administrations like dashboard, UI and information store etc[32].

Figure 6.2 IBM Bluemix Cloud platform welcome page

(WebSource: http://www.ibm.com/cloud- computing/bluemix/)

Figure 6.3 IBM Bluemix Login Panel with IBM Id and password.

6.6 Validation and Verification

Software verification, according to Sommerville (2009), is the process of checking the work product to see if it satisfies the specified requirements. It guarantees that the item is being worked by the necessities and details. It includes the activities of reviews, walkthroughs, and inspections. It is carried out at the outset. Confirmation process offers the response of the inquiry "Would we say we are building the right item?" The Quality and Assurance team checks whether the implemented software complies with the specifications; it does not involve running the code. It occurs prior to the validation procedure. It is essentially manual checking of the prerequisite particular reports and records.

Programming approval is the most common way of assessing the product toward the finish of the advancement cycle. The validation process is used to check that it meets the needs of the user as well as the specific requirements of the business. It includes the software evaluation testing activity. Approval offers the response of the inquiry "Would we say we are building the item right?". Approval process incorporates the execution of the code and it's completed by the testing group. After the verification process, this procedure is carried out[102]. It is essentially checking of the created program in view of the prerequisite and portrays regardless of whether the created programming is acknowledged. Both are necessary to discover a flaw in its own way. Consequently, we have included our proposed algorithm's test cases in section 6.6.1.

6.6.1 Test Cases

On the IBM Bluemix cloud platform, we have tried out the proposed data security algorithm. We have included a few test cases in this section that display their encrypted output and the execution time in milliseconds and nanoseconds after receiving the input string.

Test Case 1

Figure 6.4 appearance the Information page that taking information string "acng"

and Figure 6.5 portrays the result page that is showing the scrambled text and execution time 18978 in nanosecond(ns).

Figure 6.4 Test case 1 with input string

“acng”

Figure 6.5 Output page of Test Case 1.

Test Case 2

Figure 6.6 depicts the input page that accepts the string "adsf," while Figure 6.7 depicts the output page that displays the encrypted text and the execution time of 21020 nanoseconds.

Figure 6.6 Test case 2 with input string

“adsf”

Figure 6.7 Output page of Test Case 2.

Test Case 3

Figure 6.8 appearance the Information page that taking info string "yes"

Figure 6.8 Test case 3 with input string

“yes”

6.7 Summary

To implement our proposed data security algorithm and to calculate the execution time in a cloud environment, the IBM Bluemix cloud platform was chosen in the chapter. We will attempt to implement this algorithm on well-known cloud mobile platforms like Android, Windows, iOS, and others in the future. Likewise, attempt to involve it as a module in security system.

7 CONCLUSIONS

In this part, we close our proposition and present future exploration bearings. 7.1 Conclusions The problem of ata security persists in the cloud computing environment. Because of the dishonest climate of distributed computing, in arrangements of conveyance and sending models, cloud actually wants a nonexclusive and secure system for additional reception of clients and associations. The design and implementation of a brand-new cloud computing platform data security algorithm is the primary focus of our thesis. Despite the algorithm's

deployment and delivery model, the entire concept of encryption and cryptography can be easily added to any computing platform. It was portrayed in Part 5 and execution with cloud organization was displayed in Section 6. To test the time complexity, we selected the IBM Bluemix cloud platform and Java programming language for the web-based implementation of our proposed data security algorithm.

A new data security framework is proposed, which was briefly discussed in Chapter 3, and we also conduct analysis on the current cloud-related data security concerns. In addition, we investigate the security issues associated with Big Data in the Cloud and NoSQL Big Databases.

Following our investigation, we also proposed an Agent-based security model that has the potential to provide additional security upon successful implementation.

7.1 Future Directions

The design of a new data security algorithm and its implementation in a web-based cloud environment using the Java programming language were the primary focuses of this study. To find the out the execution time or time intricacy, we sent on IBM Bluemix cloud stage. We likewise make examination on Huge Information and proposed a specialist based information security model to make safer distributed computing climate.

With regard to Confidentiality, Integrity, and Authenticity (CIA) and activities in this area, we will need to carry out mobile cloud deployment of our proposed data security algorithm as well as more inclusive observations in the field of Cloud Big Data and information security.

The following are a few examples:

1. More work should be possible in the space of cloud clients character, protection, and secrecy.

2. Information security model proposed must be carried out, tried and sent on cloud stage.

3. In order to make our algorithm available for mobile applications, mobile cloud deployment is also required. This is so that we can quickly identify security risks and vulnerabilities.

4. Our proposed algorithm must be integrated into a cloud-based ERP or data security framework in order to analyze real-time performance and issues.

REFERENCES

1. Almorsy M., Grundy J., Ibrahim A.S.,

―Collaboration-Based Cloud Computing Security Management Framework‖, IEEE Int. conference on Cloud computing (CLOUD), pp. 364- 371, 2011.

2. Alva A., Caleff O., Elkins G., and Venkitaraman R., ―The Notorious Nine: Cloud Computing Top Threats in 2013‖ ,pp. 1-21, Cloud Security Alliance(CSA) White paper, 2013.

3. Arnold S., ―Cloud computing and the issue of privacy‖, KM World, pp14-22. Available:

www.kmworld.com [Aug. 19, 2009

4. Avram M., ―Advantages and challenges of adopting cloud computing from an enterprise perspective‖, The 7th International Conference Interdisciplinary in

5. Engineering (INTER-ENG 2013), Elsevier Procedia, pp: 529 – 534, 2014.

6. Barua M, Liang X, Lu X, et al., ―ESPAC:

enabling security and patient-centric access control for eHealth in cloud computing‖, International Journal of Security and Networks, 6(2), pp. 67-76, 2011.

7. Basescu C., Carpen-Amarie A., Leordeanu C., Costan A., and Antoniu G., ―Managing Data Access on Clouds: A Generic Framework for Enforcing Security Policies‖, In proceeding of the IEEE International Conference on Advanced Information Networking and Applications (AINA), 2011.

8. Bowers KD., Juels A, ―Oprea A. Proofs of retrievability: Theory and implementation‖, In:

Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co- Located with the 16 th ACM Computer and Communications Security Conf., CCS 2009.

New York: Association for ComputingMachinery, pp. 43.54,2009.

9. Broadkin J., ―Gartner: Seven cloud-computing

security risks‖,

http://www.infoworld.com/article/2652198/

security/gartner--seven-cloud- computing- security-risks.html, 2008.

10. Brunette G. and Mogull R., ―Cloud Security Alliance (CSA)- Security Guidance for Critical Areas of Focus in Cloud Computing V2.1‖, http://www.cloudsecurityalliance.org/csaguide.

pdf, 2009.

11. Brunozzi S., ―Big Data and NoSQL with Amazon DynamoDB‖, In Proceedings of the 2012 workshop on Management of big data systems (MBDS '12). ACM, pp. 41-42, 2012.

12. Buyya R., Yeo C.S. and Venugopal S., ―Market- oriented Cloud Computing: Vision, Hype and Reality for Delivering IT Services as Computing Utilities‖, In Proc. 10 th IEEE Int. Conference High performance computing and communications HPCC’08, Dalian, China, IEEE, ISBN: 978-0-7695-3352-0, pp. 5-13, 2008.

13. Buyya R. Yeo C.S., Venugopal S and Brandic I.,

―Cloud computing and emerging IT platforms:

Vision, hype, and reality for delivering computing as the 5th utility, Future Generation

Computer Systems‖, Volume 25, Issue 6, pp.

599–616, 2009.

14. Buyya R., Broberg J., Goscinski A., ―Cloud Computing Principles and Paradigms‖, Wiley, 2011.

15. Chahar R.K., Datta G., Rajpal N., ―Design of a new Security Protocol‖, In proceedings of the International Conference on Computational Intelligence and Multimedia Applications, IEEE,pp.132 –136, 2007.

16. Chan W.K., Mei L., and Zhang Z., "Modeling and testing of cloud applications", In Proceedings of the 2009 IEEE Asia-Pacific Services Computing Conference (APSCC 2009), (Singapore, December 7-11, 2009), IEEE Computer Society Press, Los Alamitos, CA, USA, 2009.

17. Chandrasekaran A., ―Verifying Integrity &

Availability in Multi Cloud usin PDP‖, International Journal of Computer Science and Mobile Computing(IJCSMC), Vol. 2, Issue. 4, pp.

84- 87, 2013.

18. Chen D. and Zhao H, ―Data Security and Privacy protection Issues in Cloud Computing‖, In Proceedings of the International Conference on Computer Science and Electronics Engineering, IEEE, 2012. DOI 10.1109/ICCSEE.2012.193.

19. Chen D. and Zhao H., ―Data Security and Privacy Protection Issues in Cloud Computing‖, In Proceedings of 2012 International Conference on Compute Science and Electronics Engineering, IEEE, pp. 647-651, 2012.

20. Chen Y., Paxson V. and Katz R.H, ―What's New About Cloud Computing Security?‖, Technical

Report No. UCB/EECS-2010-5.

http://www.eecs.berkeley.edu/Pubs/TechRpts/

2010/EECS-2010-5.html

21. Cloud Security Alliance (CSA), ―Big Data Working Group Big Data Taxonomy‖, https://cloudsecurityalliance.org/research/big- data/, 2014.

22. Cloud Security Alliance(CSA), Security Guidance for Critical Areas of Focus in Cloud

Computing, V2.1,

http://www.cloudsecurityalliance.org/

guidance/csaguide.v2.1.pdf.

23. Cloud Security Front and Center. Forrester

Research. 2009-11-18.

http://blogs.forrester.com/srm/2009/11/

cloud-security-front-andcenter.html

24. Current Data Security Issues of NoSQL Databases, White paper. Fidelis Cybersecurity, https://www.fidelissecurity.com/files/NDF InsightsWhitePaper.pdf, 2013.

25. Deletre C., Boudaoud K. and Riveill M., ―Cloud computing security and data concealment‖, IEEE symposium on computers and communications (ISCC), Greece, pp. 2011.

26. DoD, National Industrial Security Program Operating Manual, 5220.22-M, February 28, 27. Gadepally V., Hancock B., Kaiser B., Kepner J.,

Michaleas P., Varia M., Yerukhimovich A.,

―Computing on Masked Data to improve the security of big data‖, In Proceedings of the 2015 IEEE International Symposium on Technologies for Homeland Security(Waltham, MA, April 14- 16 2015) HST’15,IEEE,pp. 1-6, 2015.

28. Gajanayake R., Iannella R., Sahama T.,―Sharing with Care An Information Accountability Perspective‖, Internet Computing, IEEE, vol. 15, pp. 31-38, 2011.

29. George M., Gnanadhas C.S. and Saranya K., ―A Survey on Attribute Based Encryption Scheme in Cloud Computing‖, International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE), Vol. 2, Issue 11, pp. 4408-4412, November 2013.

30. Gomathisankaran et al., ―HORNS: A Homomorphic Encryption Scheme for Cloud Computing using Residue Number System‖, Information Sciences and Systems (CISS), 45th Annual Conference, 2011, Print ISBN: 978-1- 4244-9846- 8, pp. 1-5, 2011.

31. Hausman K., Cook S. and Sampaio T., ―Cloud Essentials‖, Sybex, 2013.

32. IBM Corp., Creating Cloud Foundary Apps, 2015,

https://console.ng.bluemix.net/docs/cfapps/in dex.html.

33. IBM Corp., IBM Bluemix, 2015, http://www.ibm.com/cloud-

computing/bluemix

34. IBM Discovers Encryption Scheme That Could Improve Cloud Security, Spam Filtering at http://www.eweek.com/c/a/Security/IBMUnco vers- Encryption- Scheme-That-Could-Improve- Cloud-Security- Spam-Filtering-135413/.

35. Illias et. al, ―Advantages and Disadvantages of Cloud Computing – Cloud computing pros and cons‖,

https://www.javacodegeeks.com/2013/04/adv antages-and-disadvantages-of- cloud- computing-cloud-computing-pros-and-

cons.html, 2013.

36. Jahid S., Mittal P., and Borisov N., ―Easier:

Encryption-based access control in social networks with efficient revocation‖, ASIACCS, Hong Kong, March 2011.

37. Johnson D. and Menezes A., ―The elliptic curve Digital Signature Algorithm‖, Certicom, 2009.

38. Jyoti S., Manish S. and Rupali g.,

―Virtualization as an Engine to Drive Cloud Computing Security‖, International Conference, HPAG pp:62-66,Springer- Verlag, 2011.

39. Kamara S. and Lauter K., ―Cryptographic cloud storage‖, 14th International Conference on Financial Cryptography and Data Security, LNCS, IFCA/Springer-Verlag, pp.136-149, 2010.

40. Kissel R and Scholl M and Skolochenko S and Li X, Guidelines for Media Sanitization, NIST Special Publication 800-88,September 2006, http://csrc.nist.gov/publications/nistpubs/800 -88/NISTSP800-88_rev1.pdf.

41. Klein J., Gorton I., Ernst I., Donohoe P., Pham K., Matser C., ―Performance Evaluation of NoSQL Databases: A Case Study‖, In Proceedings of the 1^st Workshop on Performance Analysis of Big Data Systems (PABS '15). ACM, pp. 5-10, 2015.

42. Kleinrock L., A vision for the Internet, ST journal of Research 2(1), pp. 4-5, 2005.

43. rutz RL and Vines RD., ―Cloud security: A comprehensive guide to secure Cloud computing‖, Wiley, 2010.

44. Kumar R. S. and Saxena A., ―Data integrity proofs in cloud storage‖, Third International Conference on Communication Systems and Networks (COMSNETS), 2011.

45. Kumar S. and Sharma V., ―Working of Cloud Architecture and Components‖, In Proceedings of the International Multi Track Conference on

Sciences, Engineering & Technical Innovations(IMTC-14), June3-4,2014, Vol.1, pp.313- 316, 201

46. Kumar S. and Shekhar J., ―Current security problems and solutions of Cloud storage: An Analysis‖, In Proceedings of the International Multi Track Conference on Sciences, Engineering & Technical Innovations(IMTC-14), June34,2014, Vol.1. pp.317-321, 2014.

47. Kumar S., Shekhar J., ―Current Security problems and solutions of Cloud storage: An Analysis‖, In Proceedings of International Multi Track Conference on Sciences, Engineering &

Technical Innovation (Jalandhar, Punjab, India, June 04-06 2014) IMTC’14, Vol.1, 317-321, 2014.

48. Kumar S., Shekhar J., Gupta H., ―Agent based security model for Cloud Big Data‖, In Proceedings of the 2nd International Conference on Information and Communication Technology for Competitive Strategies (ICTCS-2016), March 04-05, 2016, Udaipur, India, ACM,2015.

49. Kumar S., Shekhar J., Singh JP, ―Data security and encryption technique for cloud storage‖, In Proceedings of CSI-2015 50th Golden Jubilee Annual Convention, 02-05 December 15, Springer,(in Press).

50. Kumar S., Shekhar J., Singh JP, ―Data security framework for secure cloud computing‖, International Journal of Innovations and Advancement in Computer Science(IJIACS), Volume 4, Special Issue, May 2015, pp:182- 189, ISBN: 2347-8616, Impact Factor 2.65.

51. KumarN. Saravana, RajyaLakshmi G.V, Balamurugan B., ―Enhanced Attribute Based Encryption for Cloud Computing‖, In Proceedings of the International Conference on Intelligent Computing, Communication &

Convergence (ICCC- 2014) Procedia Computer Science, Elsevier, pp. 689 – 696, 2015.

52. Lei X., Chunxiao J., Jian W., Jian Y., Yong R.,

―Information Security in Big Data: Privacy and Data Mining‖, IEEE Access, vol.2, pp. 1149- 1176, 2014.

53. Lewko A., T. Okamoto, A. Sahai, K. Takashima, and B. Waters. ―Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption‖. In Advances in Cryptology - EUROCRYPT 2010.

Springer, 2010

54. Li X., Shen X., Chen H., ―Encryption Digital Signature Algorithm of Adding a Random Number‖, JOURNAL OF NETWORKS, vol. 6, no.

5, pp. MAY 2011.

55. Liu F, Tong J, Mao Jian, ―NIST Cloud Computing Reference Architecture‖, Special Publication 500-292,September 2011.

56. Marinescu DC, ―Cloud Computing :Theory and Practice‖, Elsevier, 2013.

57. Mather T., Kumaraswamy S. and Latif S.,

―Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance‖, O’Reilly, ISBN: 978-0-596- 802769

58. Mather T., Kumarswamy S. and Latif S., ―Cloud Security and Privacy‖, O’Reilly, 2009.

59. Mathisen E., ―Security Challenges and Solutions in Cloud Computing‖, In Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies (IEEE DEST 2011), Daejeon, Korea, pp. 2011.

60. Merlin S.T, Johnson M., ―Improved security measures for data in key exchanges in cloud environment‖, International Journal of research in Computer Applications and Robotics, Vol. 2, Issue 3, ISSN 2320-7345, pp. 153-158, 2014.

61. Min-Sheng L., Chien-Yi C., Yuh-Jye L., Hsing- Kuo P., ―Malicious URL filtering — A big data application‖, In Proceedings of the 2013 IEEE International Conference on Big Data(Silicon Valley, CA, Oct. 6-9 2013),IEEE, pp. 589-596, 2013.

62. Morsy M.I and Grundy J. and Müller I., An Analysis of The Cloud Computing Security Problem, In Proceedings of the APSEC 2010 Cloud Workshop, Sydney, Australia, 2010.

63. Mowbray M., Pearson S., ―A Client-based privacy manager for cloud computing‖, In Proceedings of the Fourth International ICST Conference on Communication System software and middleware (COMSWARE '09), ACM, pp. 1- 8, 2009.

64. Muntés-Mulero V, Nin J., ―Privacy and anonymization for very large datasets. In: Chen P‖, In Proc. of the ACM 18th Int. Conf. on Information and Knowledge Management, CIKM 2009. Association for Computing Machinery(ACM),pp. 2117.2118, 2009.

65. Naone E., ―Technology overview, conjuring clouds‖, MIT Technology Review, July–August, 2009.

66. Okman L., Gal-Oz N., Gonen Y., Gudes E.,Abramov J., ―Security Issues in NoSQL Databases‖, In Proceedings of the 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications(Changsha, China, Nov. 16-18 2011), TrustCom’11, IEEE, pp. 541-547, 2011.

67. Oracle Corp., Java Releases, 2015, https://www.java.com/en/download/faq/releas e_dates.xml.

68. Oracle Corp., Java Technology, 2013, https://www.java.com/en/about/.

69. Oracle Corp., Oracle Completes Acquisition of

Sun, 2010,

http://www.oracle.com/us/corporate/press/04 4428.

70. Oracle Corp., What’s new in JDK 8 secuirty, 2015,

http://www.oracle.com/technetwork/java/java se/8-whats-new-2157071.html

71. P.M., Grance T., ―The NIST Definition of Cloud Computing, Information Technology Laboratory‖, pp. 1-7, Septerber 28, 2011.

72. Pirretti M., Traynor P., McDaniel P., and Waters B., ―Secure attribute-based systems‖ Journal of Computer Security, vol. 18, no. 5, pp. 799–837, 2010.

73. Popa R.A, Lorch J R, Molnar D, et al. ―Enabling security in cloud storage SLAs with CloudProof‖, Microsoft Tech Report MSR-TR-2010,Vol. 46, pp. 1-12, 2010.

74. Rohloff K., Cousins D.B.,―A Scalable Implementation of Fully Homomorphic Encryption Built on NTRU‖, Springer- Berlin Heidelberg, pp. 1-12,

75. Roy I., Ramadan HE, Setty STV, Kilzer A., Shmatikov V. and Witchel E. , ―Airavat: Security and privacy for MapReduce‖, In: Castro M, eds.

Proc. of the 7^th Usenix Symp. on Networked Systems Design and Implementation. San Jose:

USENIX Association, pp. 297.312, 2010.

76. Schridde C., T. Dornemann, E. Juhnke, B.

Freisleben, M. Smith, ―An Identity- Based Security Infrastructure for Cloud Environments,‖ 2010 IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS), pp. 644 – 649, 2010.

77. Selvamani K., Jayanthi S., ―A Review On Cloud Data Security And Its Mitigation Techniques‖, In Proceedings of the International Conference on Intelligent Computing, Communication &

Convergence (ICCC-2014), Procedia Computer Science, Elsevier, pp.347 –352, 2015.

78. Shawish A. and Salama M., ―Cloud Computing:

Paradigms and Technologies‖, DOI:

10.1007/978-3-642-35016-0_2, pp:39- 67,Springer-Verlag Berlin Heidelberg 2014 79. Singh JP, Mamta, Kumar S., ―Authentication

and encryption in cloud computing‖, In Proceedings of the 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), Vel Tech Rangarajan Dr. Sagunthala R & D Institute of Science and Technology, Chennai, T.N., India. 6 - 8 May 2015. pp.230-233, 2015.

80. Singh K., Sood S., Khalique A., ―Implementation of Elliptic Curve Digital Signature Algorithm‖, International Journal of Computer Applications (IJCA), Vol. 2, 2010.

81. Sommerville I, ―Software Engineering 9 th Edition, Addision-Wesley, ISBN-13: 978-0-13- 703515-1

82. Somorovsky J, Meyer C, Tran T, et al. ―SEC2:

secure moblie solution for distributed public cloud storages‖, In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER), pp. 555-561, 2012.

83. Stanoevska-Slabeva K., T. Wozniak, ―Grid and Cloud Computing-A Business Perspective on Technology and Applications‖, Springer-Verlag, Berlin, Heidelberg, 2010.

84. Subashini S. and Kavitha V., ―A survey on security issues in service delivery models of cloud computing‖, Journal of Network and Computer Applications, vol. 34, no.1, pp. 1-11, 2011.

85. Subasree S., Sakthivel N. K., ―Design of a New Security Protocol Using Hybrid Cryptographic Algorithms‖, IJRRAS, vol. 2, issue 2, pp. 95- 103, 2010.

86. Sun J. Y., C. Z, Zhand Y. C., Fang Y. G., ―An Identity-Based Security System for User Privacy in Vehicular Ad Hoc Networks‖, IEEE Transactions on Parallel and Distributed Systems, vol. 21, no.9, pp. 1227-1239, 2010.

87. Sun Y.,Zyang J., Xioang Y., Zho G., ―Data Security and Privacy in Cloud Computing‖

,International Journal of Distributed Sensor Networks, Volume 2014, pp. 1-9, 2014.

88. Sung-Hwan K., Nam-Uk K., Tai-Myoung C,

―Attribute Relationship Evaluation Methodology for Big Data Security‖, In Proceedings of the 2013 International Conference on IT Convergence and Security( Macao, China, Dec.

16-18 2013). ICITCS’13,IEEE, pp. 1-4, 2013.

89. Tebaa M., Hajji SE., GHAZI AE., ―Homomorphic Encryption Applied to the Cloud Computing Security‖, Proceedings of the World Congress on

Engineering 2012, London, U.K., WCE 2012, Vol- I , pp. 1-4, July 4 - 6, 2012

90. Tripathi A. and Mishra A., ―Cloud computing security considerations‖, In Proceedings of the IEEE Int. Conference on signal processing, communication and computing (ICSPCC), pp. 1- 5, 2011

91. Tripathi A., Yadav P. , ―Enhancing security of cloud computing using Elliptic Curve Cryptography‖, International Journal of Computer Application, Vol 1, 2012

92. Tsai W. T., Sun X. and Balasooriya J., "Service- Oriented Cloud Computing Architecture," 2010 Seventh International Conference on Information Technology: New Generations (ITNG), Las Vegas, NV, pp. 684-689, 2010.

93. Ukil A., Jana D., ―A Security Framework In Cloud Computing Infrastructure‖, International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.5, pp:11-24, 2013.

94. Velte A.T, Velte TJ. And Elsenpeter R., ―Cloud Competing: A Practical Approach‖, TMH, 2010.

95. Wang C., Wang Q., Ren K., and Lou W.,

"Ensuring Data Storage Security in Cloud Computing", In Proceedings of the 17^th International Workshop on Quality of Service, pp.1-9, 2009.

96. Xueli H., Xiaojiang D., ―Achieving big data privacy via hybrid cloud‖, In Proceedings of the 2014 IEEE Conference on Computer Communications Workshops (Toronto, ON, April 27 2014-May 2 2014),INFOCOM WKSHPS’14, IEEE, pp.512-517, 2014.

97. Yang Y., Xianghan Z, Bogang L., ―Type Based Keyword Search for Securing Big Data‖, In Proceedings of the 2013 International Conference on Cloud Computing and Big Data (Fuzhou, China, Dec. 16-19 2013), CloudCom- Asia’13, pp. 354-359, 2013.

98. Youssef AE. and Alageel M., ―A Framework for Secure Cloud Computing‖, IJCSI (International Journal of Computer Science Issues), Vol. 9, Issue 4, No 3, pp:487-500, 2012.