DATA STORAGE SECURITY IN CLOUD COMPUTING USING THIRD PARTY AUDITOR (TPA)

Cloud Computing is evolving and considered next generation architecture for computing. Typically cloud computing is a combination of computing recourses accessible via internet. Historically the client or organisations store data in data centres with firewall and other security techniques used to protect data against intrudes to access the data. Since the data was confined to data centres in limits of organisation, the control over the data was more and well defined procedures could be used for accessing its own data. However in cloud computing, since the data is stored anywhere across the globe, the client organisations have less control over the stored data. To built the trust for the growth of cloud computing the cloud providers must protect the user data from unauthorised access and disclosure. One technique could be encrypting the data on client side before storing it in cloud storage, however this technique has too much burden from client perspective in terms of key management, maintainence perspective etc. Other way could be this kind of security service like computing hash of data and verifying integrity of data, encryption/decryption service if provided by same cloud storage provider, the data compromise cannot be ruled out since same provider has access to both storage and security service. Divide and rule can be one of the techniques, meaning dividing the responsibilities amongst different cloud services providers can benefit the client. A trusted 3rd party cloud provider be used to provide security services, while the other cloud provider would be data storage provider. The trusted 3rd party security service provider would not store any data at its end, and its only confined to providing security service. The application or software will provide data integrity verification by using hashing algorithm like SHA-1,provide encryption/decryption using symmetric algorithm like AES, and defining band of people who can access the shared data securely can be achieved by defining access list. The Software is only responsible for encryption/decryption, computing/verifying the hash of the data and does not store any data in trusted 3rd party security system server. The encrypted data along and original data hash are stored in Separate Cloud (Security Cloud), therefore even if the storage cloud system administrator has access user data, since the data is encrypted it will be difficult for the system administrator to understand the encrypted data. While the user downloads the data from Storage Cloud, it is decrypted first and then new hash is calculated which is then compared with hash of original data stored in Security Cloud. Finally, this software/application provides the user with the ability to store the encrypted data in Storage cloud and hash and encryption/decryption keys in security cloud service, and no single cloud service provider has access to both. Other benefit of delegating responsibility to trusted 3rd party is that it reliefs the client from any kind of key management or over head is maintainance of any key information related to data on it device, because of which it allows the client to use any browser enabled devices to access such service.