View of A NOVEL METHODOLOGY FOR PRIVACY AND SECURITY IN CLOUD COMPUTING

(1)

ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING

Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037

Available Online: www.ajeee.co.in/index.php/AJEEE

Vol. 06, Issue 06, June 2021 IMPACT FACTOR: 7.98 (INTERNATIONAL JOURNAL) 49 A NOVEL METHODOLOGY FOR PRIVACY AND SECURITY IN CLOUD COMPUTING

Mukku Yatheeswar¹ & Abhishek Tiwari²

1Research Scholar, Department of Computer Science, Swami Vivekanand University Sagar (M.P.)

2Assistant Prof., Department of Electronics & Comm., Swami Vivekanand University Sagar (M.P.)

Abstract- In this paper, I presented a powerful algorithm to further enhance the security of the three- stage protocol. Using this algorithm, the three-stage protocol will be provided with yet another layer of security by provisioning an initialization vector between the two communicating parties. The addition of this contrivance makes it theoretically impossible for any intruder to recover the plain text except under the condition when the intruder has simultaneous real-time access to four elements in the implementation of the protocol.

This thesis provides a concise but all-round analysis on data security and privacy protection issues associated with cloud computing across all stages of data life cycle. Then this thesis discusses some current solutions. Finally, in this thesis, it is postulated that the concept can be extended to an electronic implementation with minor enhancements. This thesis describes future research work about data security and privacy protection issues in cloud.

1 INTRODUCTION

From initial concept building to current actual deployment, cloud computing is growing more and more mature.

Nowadays many organizations, especially Small and Medium Business (SMB) enterprises, are increasingly realizing the benefits by putting their applications and data into the cloud. The adoption of cloud computing may lead to gains in efficiency and effectiveness in developing and deployment and save the cost in purchasing and maintaining the infrastructure.

Compared with the traditional IT model, the cloud computing has many potential advantages. But from the consumers perspective, cloud computing security concerns remain a major barrier for the adoption of cloud computing.

According to a survey from IDCI in 2009, 74% IT managers and CIOs believed that the primary challenge that hinders them from using cloud computing services is cloud computing security issues [2].

Another survey carried out by Garter in 2009, more than 70% CTOs believed that the primary reason not to use cloud computing services is that there are data security and privacy concerns.

2 MONOLITHIC COMPUTING

In software engineering, a monolithic application describes a single-tiered software application in which the user interface and data access code are combined into a single program from a

single platform.

A monolithic application is self- contained, and independent from other computing applications. The design philosophy is that the application is responsible not just for a particular task, but can perform every step needed to complete a particular function. Today, some personal finance applications are monolithic in the sense that they help the user carry out a complete task, end to end, and are "private data silos"

rather than parts of a larger system of applications that work together. Some word processors are monolithic applications. These applications are sometimes associated with mainframe computers.

In software engineering, a monolithic application describes a software application which is designed without modularity. Modularity is desirable, in general, as it supports reuse of parts of the application logic and also facilitates maintenance by allowing repair or replacement of parts of the application without requiring wholesale replacement.

Modularity is achieved to various extents by different modularization approaches. Code based modularity allows developers to reuse and repair parts of the application, but development tools are required to perform these maintenance functions (e.g. the application may need to be recompiled).

(2)

ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING

Vol. 06, Issue 06, June 2021 IMPACT FACTOR: 7.98 (INTERNATIONAL JOURNAL) 50 Object based modularity provides the

application as a collection of separate executable files which may be independently maintained and replaced without redeploying the entire application (e.g. Microsoft "dll" files, Sun/UNIX "shared object" files). Some object messaging capabilities allow object based applications to be distributed across multiple computers (e.g. Microsoft COM+). Service-oriented architectures use specific communication standard/protocols to communicate between modules.

Traditionally, software has been written for serial monolithic computation:

A problem is broken into a discrete series of instructions

Instructions are executed sequentially one after another

Executed on a single processor Only one instruction may execute at any moment in time

For Example:

Fig.1.1: Monolithic computing The extent to which an application is described as monolithic is dependent upon perspective. Software that is not service-oriented may be described as monolithic even though it is object-based and can be distributed. The original use of the monolithic term described enormous main frame applications with no usable modularity, therefore resulting in un-maintainable systems and the

"software crisis."

3 PARALLEL COMPUTING

In the simplest sense, parallel computing is the simultaneous use of

multiple compute resources to solve a computational problem:

 A problem is broken into discrete parts that can be solved concurrently.

 Each part is further broken down to a series of instructions.

 Instructions from each part execute simultaneously on different processors.

 An overall control/coordination mechanism is employed

Fig. 1.2: (a) Parallel Computing For Example:

Fig.1.2: (b) Parallel Computing The computational problem should be able to:

 Be broken apart into discrete pieces of work that can be solved simultaneously;

 Execute multiple program instructions at any moment in time;

 Be solved in less time with multiple compute resources than with a single compute resource.

The computing resources are typically:

 A single computer with multiple processors/cores

 An arbitrary number of such computers connected by a network 3.1 Parallel Computers:

 Virtually all stand-alone computers today are parallel from a hardware perspective:

(3)

ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING

Vol. 06, Issue 06, June 2021 IMPACT FACTOR: 7.98 (INTERNATIONAL JOURNAL) 51 4 IMPLEMENTATION

I used two representations of User and Recipient each to reduce the complexity.

It is considered that they operate in a single line and the three stage configuration is obtained by utilizing plane reflecting mirrors in their path.

Moreover, it is further assumed that these two Users and two Recipients are mutually trusted parties and authenticated to each other.

Fig. 5.1 (a): The actual setup for a Three Stage Quantum Cryptography

Algorithm

Fig. 5.1 (b): The actual setup for a Three Stage Quantum Cryptography

Algorithm 5 CONCLUSION

Although cloud computing has many advantages, there are still many actual problems that need to be solved.

According to a Gartner survey about cloud computing revenues, market size for Public and Hybrid cloud is $59 billion and it will reach USD 149B by2014 with a compound annual growth rate of 20[22]. The revenue estimation implies that cloud computing is a promising industry. But from another perspective, existing vulnerabilities in the cloud model will increase the threats from hackers. According to service delivery models, deployment models and essential features of the cloud computing, data security and privacy protection issues are the primary problems that need to be

solved as soon as possible. Data security and privacy issues exist in all levels in SPI service delivery models and in all stages of data life cycle.

REFERENCES

1. Kak S., ― A Three-Stage Quantum Cryptography Protocol‖, Foundations of Physics Letters, vol. 19, pp.293-296, 2006.

2. Mandal S., Macdonald G., El Rifai M., Punekar N., Zamani F., Chen Y., Kak S., Verma P. K, Huck R. , Sluss J.,

―Implementation of Secure Quantum Protocol using Multiple Photons for Communication‖, presented at International Conference on Information Networking 2013, Bangkok, January 28-30, 2013.

3. Bennett C.H. and Brassard G., ―Quantum Cryptography: Public key distribution and coin tossing‖, in Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p.

175 (1984).

4. Yuhua Chen, Subhash Kak, Pramode K.

Verma, Gregory Macdonald, Mayssaa El Rifai, Nikhil Punekar ―Multi-Photon Tolerant Secure Quantum Communication - From Theory to Practice‖ accepted at IEEE ICC 2013 - Communication and Information Systems Security Symposium.

5. N. Gisin1, S. Fasel1, B. Kraus, H.

Zbinden, G. Ribordy ―Trojan Horse attacks on Quantum Key Distribution systems‖, ar Xiv:quant- ph/0507063v2 26 Jul 2005.

6. Huttner, B., Imoto, N., Gisin, N., Mor, T, Quantum cryptography with coherent states.

Phys.Rev, (1995)90. A 51(3), : p. 1863–1869.

7. Brassard, G., L¨utkenhaus, N., Mor, T., Sanders, B.C, Limitations on practical quantum cryptography. Phys. Rev. Lett., (2000) 90, 91.85(6): p. 1330-1333.

9. Se-Wan Ji and Hai-Woong Lee, Secure Quantum Key Expansion between Two Parties Sharing a Key, Journal of the Korean Physical Society, Vol. 51, No. 4, October 2007, pp. 1245_1251.

10. Sivakumar, P., Implementing the Three-Stage Quantum Cryptography Protocol. Computer Science- Cryptography and Security, 03/2006. ARXIV.

11. Huttner, B., Imoto, N., Gisin, N., Mor, T, Quantum cryptography with coherent states. Phys. Rev, (1995) 90. A 51(3), p. 1863–

1869.

12. Brassard, G., L¨utkenhaus, N., Mor, T., Sanders, B.C, Limitations on practical quantum cryptography. Phys. Rev. Lett., (2000) 90, 91.85(6): p. 1330-1333.

13. Basuchowdhuri, P., Classical Authentication Aided Three-stage Quantum Protocol. arXiv:

cs/060508.

14. OASIS Key Management Interoperability Protocol (KMIP) TC‖, http://www.oasis- open.org/committees/tc_home.php?wg_abbre v=kmip.

15. Zeng K, "Publicly verifiable remote data integrity," In: Chen LQ, RyanMD, Wang GL,

(4)

ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING

Vol. 06, Issue 06, June 2021 IMPACT FACTOR: 7.98 (INTERNATIONAL JOURNAL) 52 eds. LNCS 5308. Birmingham: Springer-

Verlag, 2008.419.434.

16. Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou, "Ensuring Data Storage Security in Cloud Computing," in Proceedings of the 17th International Workshop on Quality of Service.2009:1-9.

17. Bowers KD, Juels A, Oprea A. Proofs of retriev ability: Theory and implementation.

In: Sion R, ed. Proc. of the 2009 ACM Workshop on Cloud Computing Security, CCSW 2009, Co-Located with the 16th ACM Computer and Communications Security Conf., CCS 2009. New York:

Association for Computing Machinery, 2009. 43.54.

18. Muntés-Mulero V, Nin J. Privacy and anonymization for very large datasets. In:

Chen P, ed. Proc of the ACM 18th Int‘l Conf. on Information and Knowledge Management, CIKM 2009. New York:

Association for Computing Machinery, 2009. 2117. 2118.

19. Randike Gajanayake, Renato Iannella, and Tony Sahama, "Sharing with Care An Information Accountability Perspective,"

Internet Computing, IEEE, vol. 15, pp. 31-38, July-Aug. 2011.

20. DoD, "National Industrial Security Program Operating Manual",5220.22-M, February 28, 2006.

21. Richard Kissel, Matthew Scholl, Steven Skolochenko, Xing Li, "Guidelines for Media Sanitization," NIST Special Publication 800-88, September 2006, http://csrc.nist.gov/publications/nistpubs/8 00-88/NISTSP800-88_rev1.pdf.

22. Gartner DataQuest Forecast on Public Cloud Services DocID G00200833, June 2, 2010.