Subject Areas: Information and Communication, Security, Privacy, and Trust
1. Introduction
The world we live in produces huge amount of data continuously every day. This can lead to the data resource storage of the data center. Cloud computing adds capabilities dynamically without investing new infrastructure and increases the computing capacity [1] . Cloud computing offers many benefits such as lower cost, rapid provisioning, fast deployment, rapid re-constitution of services, etc. The application software and database has been moved to the large data centers. Unfortunately, the management of services and data is not reliable. At the meanwhile, the target of cloud computing is to provide better utilization of software and data using virtualization technology [2] . The unique attribute poses a lot of security risks in the cloud environment.
In order to enhance the security and save the resource of the cloud platform, in this paper, we present the essentials of Security Management of the cloud computing. The management contains a distributed authentication method and device based on the cloud platform. The management is based on the Embedded Cloud Branch Server which has multiple cloud server as the node branch. The Embedded Cloud Branch Server is connected with the central server through the network.
2. The Characteristic of Cloud Computing Platform
The cloud computing platform refers to hardware and software which in the data centers and the applications transmitted as services through the Internet [3] . The cloud computing platform has been referred to as SaaS (Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) as shown in Figure 1.
The cloud computing is the combination of utility computing and SaaS. The public cloud refer to the cloud is made obtainable to the general public [4] . The service being sold is called utility computing. The private cloud refers to the internal data center of a business and cannot be available to the general public. The individuals can be providers or users of utility computing and SaaS.
There are three new fields in cloud computing from pricing point and hardware provisioning of views.
1) The ability to pay for use of computing resources and release them on a short-term basis as needed.
2) The ability to get infinite computing resources available quickly enough to start load surges.
3) The ability to let company to start small and increase hardware resource when needed.
The cloud computing platform uses SaaS, PaaS angulad IaaS as the transmission models to delivery different types of services to the end users. The IaaS is the base of the cloud services and PaaS and SaaS build on it. The service model places a varied level of security necessity in the cloud surroundings.
A recent survey by Cloud Security Alliance (CSA) & IEEE indicates that enterprises across sectors are eager to adopt cloud computing but that security are needed both to accelerate cloud adoption on a wide scale and to respond to regulatory drivers [5] .
SaaS is a software arrangement model where application can be hosted remotely by the service provider or the application and made obtainable to the client through the internet.
In this paper, we introduce a Cloud platform which structure is the integration of SaaS, IaaS and PaaS. In today’s cloud computing environment, IaaS, is mainstream, not only Amazon EC2 but also Linode and Joyent both have a place. With the emerge of Google App Engine, sales force force.com and Microsoft Windows azure, the
PAAS platform begin to play an important role in the cloud platforms [8] . The Micro Cloud has high integration rate which can bring economy to developers and can solve challenges such as general and support to the application, we think the Micro Cloud can make benefits for the developer of cloud platform.
3. A Distributed Security Authentication Method Based on the MICRO Cloud
The advantages of the distributed security authentication method based on the Micro Cloud have are listed as below:
1) The user’s authentication speed is fast. Using the signature and authentication to solve the problem of security, it can also register to the Embedded Cloud Branch Server in case the Internet failure.
2) The user’s database is stored in the central server not in the Embedded Cloud Branch Server. Reduce the amount of Micro cloud platform, improving the processing efficiency of Micro cloud platform.
3) The methods of the user’s registration are flexible. The user register can not only through the Embedded Cloud Branch Server but also through the Internet.
a) Set up
Our Cloud platform is based on the cloud branch server and taking multiple cloud branch servers as nodes. The cloud branch server is connected to the central server through the network.
b) Register and Login in to the Embedded Cloud Branch Server
The users register and login in to the Embedded Cloud Branch Server by the cloud branch server, and the cloud branch server receives the user’s registration information in real time. The Embedded Cloud Branch Server receives the user’s name and password etc. After verifying the registration information, the Embedded Cloud Branch Server generates the encrypted database file which contains the user’s information. At mean time the Embedded Cloud Branch Server removes all the unencrypted user’s information.
c) Encrypt
The Embedded Cloud Branch Server generates the encrypted registration file on the base of the user’s register and login in information and uploads to the central server.
d) Generate a HASH Signature File
The central server receives the user’s register’s information from the Embedded Cloud Branch Server and store the information to the database, at the same time generating a HASH signature file containing all the user’s information.
e) Download Information to the Embedded Cloud Branch Server
The central server download the HASH signature file which containing all user’s information to the cloud branch server.
f) Signature and Authentication to the Embedded Cloud Branch Server
The user authenticates and login in to the Embedded Cloud Branch Server, Embedded Cloud Branch Server using HASH algorithm to signature and authenticate.
1) Signature
Among them, Hash is the one-way hash algorithms, such as MD5, SHA-1.
Let p, q, d are the private data of signer, they all included in the private key SK; n, e are the public data of the signer, they are all included in the signer’s public key PK, these data meet the following requirements:
n = pq, where p ≠ q, q, p are the big prime number.
e, d Î R Zn, and e = d − 1, ed ≡ l mod(n), here
Then use the signer’s private key to encrypt h can get the signature value s.
2) Authentication
Comparing h" with h'. If they are not same, then the authentication is failure.
a distributed SECURITY authentication DEVICE based on the cloud platform
The characters of the distributed security authentication devices based on the cloud platform contain central server and Embedded Cloud Branch Server.
The central server is used to receive the user’s register’s information from the Embedded Cloud Branch Server and store the information to the database, at the same time generating a HASH signature file containing all user’s information. It contains database module, file generating module and network module.
The database module is used to receive the user’s register’s information from the Embedded Cloud Branch Server and store the information to the database.
The file generating module is used to generate a HASH signature file which containing all the user’s information.
The network module is used to receive the new user’s register’s information from the Embedded Cloud Branch Server and send out a HASH signature file to the Embedded Cloud Branch Server.
The Embedded Cloud Branch Server is used for the users to login in, authentication and registration.
The user authentication module is used for login and authentication.
The user registration module is used to receive new user’s register’s information from the Embedded Cloud Branch Server.
The network module is used to upload new user’s register’s information to the central server and receive a HASH signature file from the central server.
The verification module is used to sign and verify take advantage of the HASH algorithm.
4. Conclusion
In this paper, we present the essentials of Security Management of the cloud computing. The management contains a distributed authentication method and device based on the cloud platform. The speed of user authentication of this method is fast. At the same time, this method and device has resolved the security problem of the cloud computing platform commendably.