Securing Cloud Data On Multiple Infrastructure Using Erasure Coding, Dispersal Technique And Encryption

No Thumbnail Available
Date
2017-12
Journal Title
Journal ISSN
Volume Title
Publisher
KNUST
Abstract
Cloud computing is a technology that has come to save organisations from investing in and owning high cost IT infrastructure including its management and maintenance. The technology enables an organisation to outsource its IT needs to the care of a remote third party Cloud Service Provider (CSP) while focusing on its core business processes. It enables the usage of IT resources remotely as a service on subscription basis at a per usage fee on demand. The service models available are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These service models are deployed in one of four cloud deployment models as Public, Private, Community or Hybrid cloud. Despite the technology’s numerous benefits, it also poses serious security threats to vital business data assets as the subscriber has to surrender control over its management and maintenance to a remote CSP. The threats include: the CSP using the data for their own gains, the location of the data not known to the subscriber, the ownership of the data (for example, on contract termination or in the event of conflict or dispute?), and also the subscriber not knowing who has unauthorised access to their data resource. The challenge therefore, is how to create a secure and vigorous data security solution that can mitigate these threats and alleviate the cloud subscriber fear to freely enjoy using cloud computing services. Hence, this study proposes and implements a Six-level Cloud Data Distribution Intermediary (CDDI) Framework that enables the cloud subscriber to effectively secure its data against these threats. The framework employs Erasure Coding (based on the Galois Field Theory and Reed Solomon Coding), Data Dispersion technique with a proposed Transposition Encryption technique based on Rubiks cube transformation. In addition, it also uses this study’s proposed Erasure Coding technique based on checksum dubbed “Checksum Data Recovery”. The CDDI framework implemented on the cloud subscriber’s gateway system encrypts and splits the subscriber’s data into chunks of data fragments and distributes them randomly to the subscribers selected multiple CSP storage infrastructures. This alleviates threats of data usage, location, ownership, and access, identified. By employing design research methodology, the CDDI framework is developed into software following a Plan-Driven Incremental software development approach. The system dubbed ‘SecureMyFiles (SMF)’ was developed in an experimental lab set-up using JAVA, SQL, and PHP. The SMF system provides users a choice of selecting one of four data priority levels (Low, Normal, Important, Critical) at the time of uploading data resources to the cloud. The priority level selected determines the uploading and downloading process the system uses, the amount of data that can be recovered in the event of data corruption and the performance during recovery. The security strength of the SMF system in relation to assuring the cloud subscriber of the Confidentiality, Integrity, and Availability of their data was found to be much stronger than the existing direct architecture model provided by DropBox, Box, Google, Backblaze B2, or the indirect architecture model provided by CASB/SECaaS providers. This is because with the SMF system the subscriber data does not reside with one single provider but distributed across many providers distributed storage infrastructure.
Description
A Thesis submitted to the Department of Computer Science, Faculty of Physical Sciences, College of Science, KNUST, in partial fulfilment of the requirements for the degree of DOCTOR OF PHILOSOPHY IN COMPUTER SCIENCE
Keywords
Citation