Cloud Computing: Security inside the Cloud Bhimsingh Bohara, Shreyas Mulay, Mayank Sharma and Sanjay Jain Amity School of Engineering and Technology, Amity University Rajasthan, Jaipur, Rajasthan shreyasmulay23@gmail.com, bj.bohara@gmail.com, mankash70@gmail.com and jainsanjay17@yahoo.co.in Abstract- Cloud Computing as the name suggests, it is a style of computing where scalable and elastic IT-related capabilities are provided as a service to customers using Internet technologies. In recent era everybody wants to have the data on go, nobody wants to carry their lot of data with them i.e. on external hard drives etc. This Technology is a set of resources and services which are given to the consumers through internet. Cloud Computing can also be called as Data on Internet i.e. consumers can store their data over servers with the help of internet and can access it from anywhere. But there are so many security concerns arise by which the data can be lost or the secure data can be stolen and to overcome these security issues many control methods are already discussed in research papers but what about the security inside the cloud. So this paper introduces the security concerns inside the cloud and how to overcome those security aspects to have the data secured and safe for the consumer at every level of computing. Keywords— Cloud Computing, Cloud, SaaS, PaaS, IaaS, Cloud Security. I. INTRODUCTION What is cloud computing? Cloud computing is the next stage in the history of the Internet. The cloud in cloud computing provides the means through which everything from computing power to computing with infrastructure, applications, business computing to personal collaboration and can be delivered to you as a service whenever and wherever you need. In general the cloud, it is similar to its namesake of the cumulus type, is fluid and can easily expand and contract. This elasticity means that users can request additional resources on demand whenever they want and if the demand is not fulfilled by any cloud, users can go to some other cloud for those resources and can release them when they’re no longer needed. This elasticity is one of the main reasons why individual, businesses, and IT users are moving to the Cloud Computing technology. In the traditional data center it has always been possible to add and release resources. However, this process couldn’t be done in an automated or self-service manner as it can be done now and a at a very low price. The cloud itself is a set of hardware, networks and storage, services that enable the delivery of strong computing as a service. Cloud services include the delivery of software, infrastructure, and storage over the Internet (either as separate components or a complete platform) based on user demand and preferably on time. The world of the cloud has lots of participants: 1) The end user doesn’t really have to know anything about the technology. In small businesses, for example, the cloud provider becomes the existing data center. In larger organizations, the IT organization, where there is a need of the inner workings of both internal resources and external cloud resources. 2) Business management needs to take responsibility for overall management of data or services inside the cloud. Cloud service providers must provide a predictable and guaranteed service level and security to all their constituents. 3) The cloud service provider is responsible for IT assets and maintenance. II. THE CONCEPT OF CLOUD COMPUTING AND FEATURES Over time, it became easier for IT to add hardware to the data center rather than to focus on making the data center itself more effective. And this plan worked. By adding more and more resources into the data center, IT ensured that critical applications wouldn’t run out of resources. At the same time, these companies built or bought software to meet business needs. The applications that were built internally were often large and complex. They had been modified repeatedly to satisfy changes without regard to their underlying architecture. Between managing a vast array of expanding hardware resources combined with managing huge and unwieldy business software, IT management found itself under pressure to become much more effective and efficient. This tug of war between the needs of the business and the data center constraints has caused friction over the past few decades. Clearly, need and money must be balanced. To meet these challenges, there have been significant technology advancements including virtualization, service-oriented architecture, and service management. Each of these areas is intended to provide more modularity, flexibility, and better performance. center space) as a service. It may also include the delivery of Servers and virtualization technology to manage the resources. While these technology enablers have helped companies to become more efficient and cost effective, it isn’t enough. Companies are still plagued with massive inefficiencies. The promise of the cloud is to enable companies to improve their ability to leverage what they’ve bought and make use of external resources designed to be used on demand. We don’t want to give you the idea that everything will be perfect when you get yourself a cloud. The world, unfortunately, is more complicated than that. For example, complex, brittle applications won’t all be successful if they are just thrown up on the cloud. Virtualization adds performance implications. And many of these applications lack architecture to achieve scale. Cloud computing is has many technologies such as SaaS i.e. "Software as a Service", PaaS i.e. "Platform as a Service", IaaS i.e. Infrastructure as a Service". Cloud Computing is a paradigm that focuses on sharing data and computations over a network of nodes. Examples of such nodes include end user’s computers, large data centers and Cloud Services. Cloud Service is divided among three layers and various other combinations. The three fundamental classification of Cloud Computing can be called as layered Architecture of Cloud Computing. Cloud Computing Layered Architecture: • Cloud Software as a Service (SaaS): The service provided to the consumer is to use the provider's ―software‖ to get the desired output which is running on a cloud infrastructure. These applications are accessible from various client devices. • Cloud Platform as a Service (PaaS): The service provided to the consumer is to deploy or run onto the cloud infrastructure. With Platform as a Service (PaaS), the provider delivers more than infrastructure. It delivers what you might call a solution stack — an integrated set of software that provides everything a developer needs to build an application — for both software development and runtime. • Cloud Infrastructure as a Service (IaaS): Infrastructure as a Service (IaaS) is the delivery of computer hardware (servers, networking technology, storage, and data Fig. 1 CLOUD COMPUTING LAYERED ARCHITECTURE Cloud computing is offered in different forms: 1) Public Cloud: The cloud infrastructure is made available to the public or a large industry and is owned by an organization selling cloud computing services. 2) Private Cloud: The cloud infrastructure is operated only for a single organization. It may be managed by the organization or a third party, and may exist on- premises or off premises. 3) Hybrid Cloud: The cloud infrastructure is a combination of two (private or public) that remain unique entities but are combined together by standardized technology that enables data and application portability and management. 4) Community Cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or a third party. III. CLOUD COMPUTING SECURITY PROBLEMS Security problems which exist in the cloud are so high, and the whole IT industry had undergone this drawback of technology some well known examples are, in Feb. 2009, Google Gmail mailbox stops its service for more than 4 hours, the fault is maintenance of data centres’ in Europe, eventually Google Gmail mail service interruption occurs worldwide. In middle of the March, Microsoft's Azure stopped running about 22 hours. And more, the 2008 Amazon S3 service was stops for 6 hours. All these situations shows that cloud computing is not so perfect; cloud computing services with its own security risks in the application is exposed at a great extent. Despite the fact that Cloud computing allows business users and individual user access many benefits, when the user start using cloud computing services, there will be a lot of security risks. These problems are mainly from two aspects: one is the existence of their own cloud computing services security risks; the other hand, cloud computing applications for customers and their specific security risk services, rights related to access and manage Data Location , Data Isolation and Data Recovery and third-party audits, and other aspects of laws and regulations. Existing security technology cannot solve these problems, so many characteristics of the cloud is difficult to give fully display .Security policy is needed to proposed to ensure healthy and stable development of cloud computing. Since there are many problems in the Cloud Computing and also there are many solutions given by the researchers. However, there is a problem which is not being discussed till date i.e. security inside the cloud. Let us take the example of the well known cloud computing system or application known as the Dropbox. In this Application, the users get registered for free and have a space of 2 GB over the Internet. Now to Log In, Dropbox had provided the Login ID and Password to the users so they can access their stored data from anywhere in the world and from any device i.e. from Personal Computer, from Mobile Device etc. But the security point comes here i.e. if the Login Id and Password is misplaced by user via any means so his data will be insecure. So this is the most important security problem through Software point of view. IV. RELATED WORK 1) Meiko Jensen et al. [1] have shown that to improve cloud computing security, the security has to be strengthened in web browsers and web services. This can best be done by integrating the latter into the former. 2) M. Jensen et al. [2] focus on special type of Denial of Service attacks on network based service that relies on message flooding techniques, overloading the victims with invalid requests. They describe some well known and some rather new attacks and discuss commonalities and approaches for countermeasures. 3) Armbust M Fox et al. [3] discuss that resources should be virtualized to hide the implementation of how they are managed and shared. 4) Rituik Dubey et al. [4] define different types of attacks that can be arises in this technology and propose some counter schemes for each of them. 5) Alok Tripathi and Abhinav Mishra et al. [5] explained the security threats which are present in cloud and also given their mitigation. They presented the Secure Cloud Architecture to overcome these security threats. 6) Jianfeng Yang and Zhibin Chen et al. [8] done the research on cloud computing and given some security issues. V. CLOUD COMPUTING SECURITY STRATEGY OF PROTECTION OF DATA Since there are many problems associated with the cloud computing but many researchers have given their views to tackle these problems. Such as Single Sign On, Defense in Depth Approach, Single Management Control etc. But the problem discussed above cannot be solved till now. So, to overcome this problem some observations and suggestions has been identified. These solutions are as follows: 1) Double Authentication:When User Logged In after logging in if user wants to edit data i.e. wants to copy or download the data, the system or application will again ask for a password. And if the password is correct then user can access the data and can manipulate the changes inside his cloud. 2) Data Encryption:The data which is inside the cloud is already in an encrypted form i.e. private key cryptography can be used so that whenever the user download any data it is downloaded in encrypted form. By doing this the data remain secured if unauthorized users try to access it or download it. 3) Use Secure Channel: Use of Secure channel i.e. SSL, HTTPS, etc can be used to secure the data from hackers. 4) Using Biometric Sensors:By using biometric sensors such as Thumb Expression, Retina Scan, Heart Beat Scan etc. the data can be called as highly secured because the data cannot be accessed or edited through any other medium. Only authenticated users are allowed to use the data. REFERENCES [1] Meiko Jensen, Jorg Sehwenk et al., ―On Technical Security,Issues in cloud Computing ‖IEEE International conference on cloud Computing, 2009. [2] M.Jensen, N.Gruschka et al., ―The impact of flooding Attacks on network based services‖Proceedings of the IEEE International conference on Availiabilty,Reliability and Security (ARES) 2008. [3] Armbrust, M. Fox, A., Griffth, R., et al., ―Above the clouds: A Berkeley View of Cloud Computing‖, UCB/EECS2009-28, EECS Department University of California Berkeley, 2009. http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS2009-28.pdf Fig. 2 SECURITY CONTROL IN CLOUD COMPUTING The Above Figure shows the Solution to the problem of Security inside the Cloud. In fig.2, it is shown that when user Log In into his account(it is stated as Log In Wall in fig) then the user again has to log in through Double Authentication Wall by entering password, or retina scan, Heartbeat Scan, or Thumb Expression etc. By doing this type of Authentication user is assured that nobody other than him can access the secured data which is shown in the yellow region of the fig. VI. CONCLUSION Cloud computing is still in its infancy. This is an emerging technology which will bring new innovations in terms of business models and applications. By using this technology both the business users and normal users gets the benefit. The widespread use of smart phones will be a major factor in driving the adoption of cloud computing. Cybercriminal activities impacting cloud computing environments − for example, fraud and malicious hacking − are threats that can undermine user confidence in the cloud. Cloud computing providers face multiple, and potentially conflicting, laws concerning disclosure of information. However, cloud computing faces challenges related to privacy and security. And for these types of security concerns this paper discusses some key control techniques through which the data can be secured at a great extent i.e. for both the users. [4] Rituik Dubey et al., ―Addressing Security issues in Cloud Computing‖. http://www.contrib.andrew.cmu.edu/~rdubey/index_files/clou d%20com puting.pdf [5] Alok Tripathi and Abhinav Mishra et al., ‖Cloud Computing Security Considerations‖ 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC). [6] Privacy in Cloud Computing, ITU-T Technology Watch Report, March 2012. [7] Cloud computing – Wikipedia. http://en.wikipedia.org/wiki/Cloud_computing [8] Jianfeng Yang and Zhibin Chen et al., ―Cloud Computing Research and Security Issues‖,2010 International Conference on Computational Intelligence and Software Engineering (CiSE). [9] John W. Rittinghouse and James F. Ransome, ―Cloud ComputingImplementations, Management and Security‖. [10] Anthony T. Velte, Toby J. Velte and Robert Elsenpeter,‖Cloud Computing- A Practical Approach‖.