A Reliable E-Service Framework Based on Cloud Computing ...

2013 IEEE Conference on e-Learning, e-Management and e-Services, December 2 - 4, 2013, Sarawak, Malaysia

A Reliable E-Service Framework Based on Cloud Computing Concepts for SaaS Applications Faraz Fatemi Moghaddam

Nogol Memari

Faculty of Computer Science and Information Technology U.P.M. University Kuala Lumpur, Malaysia [email protected]

Faculty of Engineering U.P.M. University Kuala Lumpur, Malaysia [email protected]

Aida Hakemi

Hamidreza Latifi

Faculty of Computing U.T.M. University Johor Bahru, Malaysia [email protected]

Department of Computer Science Asia Pacific University of Technology and Innovation Kuala Lumpur, Malaysia [email protected] and maintenance difficulties [3]. These considerations are divided into two main trends that affect the rate of e-services usage by enterprises and users [4]: development of computer infrastructure in the most powerful situation with less expense, and increasing user’s knowledge in information technology areas. Cloud computing is one of the newfound technologies that uses the concepts of storage and virtualization and will lead to next generation communication. This emerging technology increases the rate of efficiency in computing platforms and decreases hardware and software investment cost significantly by improving scalability, availability, agility and collaboration for enterprises and users [5]. According to the benefits of this modern and unprecedented service, a secure and efficient e-service framework based on cloud computing concepts have been proposed to achieve four main purposes:

Abstract— The rapid growth of e-services between enterprises and users is one of the most considerable topics for researchers and planners. Despite the rapid growth, many limitations and considerations have appeared especially in matters of safety and efficiency. According to these considerations, this paper offers an e-service framework based on cloud computing concepts for Software-as-a-Service (SaaS) applications and by using these concepts, the level of scalability, availability, agility and collaboration of e-services will be improved. The proposed model has been designed by introducing multi-clouds and three main agents to increase responsiveness, efficiency, security, and access control. Data source, security, and privacy agents have been presented in this model to decrease the dependency of encryption keys from main data storages and increase the reliability of using cloud computing as an emerging technology. In addition, anatomy of data packets in the proposed model has been presented and investigated for efficient communication between cloud servers and agents. Finally, the theoretical analysis of using multi-clouds and agents shows that the suggested framework could be practical to eliminate defined limitations in e-services.

•

Responsiveness: by managing and controlling software and databases in cloud servers during computing and transmission processes.

•

Efficiency: by establishing hardware infrastructure and developing optimized cost effective software in the most powerful situation.

•

Personalization and Access Control: by using role-based access control model to identify and assign specific role [6].

•

Security: by using cryptography methods to increase the reliability of e-services in cloud environments.

Keywords— E-Services; Cloud Computing; SaaS; Security; Multi-Clouds;

I.

INTRODUCTION

E-services are one of the most popular technologies among various companies with rapid growth between users, enterprises, and service providers. These services have been provided based on fast delivery, powerful computing, flexibility, responsiveness, and reliability [1] to increase the rate of efficiency in different industries. One of the most challenging issues in e-services is decreasing the present service oriented architecture e-services limitations that are confined by business boundaries. This is merely for the integration of applications [2] by eliminating users’ and enterprises’ considerations such as architecture management This work was supported in part by U.P.M. University, Selangor, Malaysia, and Medica Tak Company, Selangor, Malaysia.

978-1-4799-1574-3/13/$31.00 ©2013 IEEE

100


using multi cloud servers and due to this issue data source agent will be presented to resolve this problem.

By using the strengths of cloud computing environments and achieving defined purposes, the rate of users and enterprises considerations in using e-services will be decreased considerably.

II.

CLOUD COMPUTING SERVICE MODELS

Cloud computing service models use virtualization technologies and share concepts to store and share resources via a network (i.e. Internet). There are three predominant service models that have been provided by cloud computing service providers: Infrastructure-as-a-Service (IaaS), Platformas-a-Service (PaaS), and Software-as-a-Service (SaaS). The main aim of IaaS is to enable utilities like services for users and enterprises by using the concepts of storage, virtualization, and servers. The most challenging issue in IaaS is security concerns by running the cloud service models on top of the infrastructure and related layers [7]. It may be beneficial to assign roles to personnel, including detailed logging, and applying the security principle of least privilege, to decrease the security concerns in IaaS [8]. In PaaS services, a specified platform has been defined to allow users to develop applications without configuring the development environment by providing API accesses, programming languages, and required components. Compatibility concerns [9] about various API and programming languages, and also improving the developer’s ability according to new platforms are the most important concerns of PaaS. Accessing to software or a service in a cloud server by subscribing it is the main purpose of SaaS applications. Despite the several advantages of SaaS applications such as cost effective and ability of recovering data, there are some security issues [8] that decrease the reliability of this modern technology. These issues have been specified in small and unsecure cloud computing environments.

III.

Fig. 1. Proposed Framework Scheme

B. Data Source Agent Data source agent is a cloud-based service to aggregate required data from cloud servers and to send them to SaaS applications. Moreover, this agent manages and splits data before storing in cloud servers. The most important obligation of data source agent is to provide secure data to SaaS applications and to store reliable data in cloud servers. This task was done by using cryptography algorithms and by transferring public and private keys between security agent and itself.

PROPOSED FRAMEWORK

The proposed framework has been designed and described based on multi clouds [10] and agent [11] concepts. In this model, data has been stored in several cloud servers and there are three agents to increase the reliability and efficiency of the framework. The general form of this algorithm has been shown in Fig.1. and has been described in following parts.

C. Security Agent Applying cryptography algorithms is the most popular method to increase the security in cloud servers. Based on this solution, data will be encrypted in data source agent before storing in cloud servers and will be decrypted in same place before being transferred to SaaS applications. According to the nature of cloud computing environments that is based on sharing concepts, asymmetric models are more appropriate for these types of communication. However, it’s not completely reliable because the security level of keys is same as data and stored in same cloud server [12]. Security agent is a cloud

A. Multi Cloud Servers for Storing Data In the proposed model, to increase the security and the ability of responsiveness, data was stored in several cloud servers. The most important advantage of this type of storage is general data protection even after losing a server during an attack or unpredictable occurrences. In addition, the ability of responsiveness in multi cloud servers will be increased by simultaneous data transmission in multi cloud servers. However, data aggregation is the most challenging issue in

101


server and service that has been suggested to resolve all the described issues. When data is transferred from SaaS application to data source agent, security agent will generate a pair of keys (public key and private key) and send it to data source agent according to the request that has been sent by data source agent. Data will be encrypted in data source agent and transferred to cloud servers for storage. This process will be performed inversely when data is transferred from cloud servers to SaaS applications. Furthermore, the security of generated key, all of the public and private keys are stored in security agent cloud server separate from data cloud servers. This will help to protect data and key even after losing them. The performance of data source and security agents has been shown in Fig. 2.

4.

The request is sent to SaaS application after privacy agent confirmation and the application sends required data request to data source agent.

5.

Data source agent sends a request to data cloud servers and a request to security agent.

6.

Encrypted data is sent to data source agent from data cloud servers and the related key is sent from the security agent server.

7.

Data is decrypted in data source agent by the related keys and is sent to SaaS application.

8.

The request of user is done in SaaS application and new data is sent to data source agent.

9.

Data source agent requests a pair of keys from security agent.

10. Security agent generates a pair of keys and sends it to data source agent and also stores it to security agent cloud server. 11. Data is encrypted in data source agent by the generated keys and is sent to data cloud servers for storage. 12. The result of user’s request will be transferred to client side using HTML format and after final detection by privacy agent.

V. Fig. 2. Performance of Data Source and Security Agents

D. Privacy Agent Access control and personalization are two obligations of privacy agent. This agent is an intelligent service that manages access controls by various methods such as managing registered devices, detecting IP histories, and location detection before accessing to SaaS applications. Moreover, privacy agent detects the safety of data before transferring from SaaS applications to clients.

IV.

In the proposed model, data will be stored in a number of cloud servers and for aggregation process a set of attributes is needed. Furthermore, the control packets are defined to transmit between explained agents and authorities. Format of data and control packets in the proposed framework is shown in Fig. 3:

ID

ALGORITHM OF PROPOSED FRAMEWORK

The following steps show the algorithm of using SaaS applications in proposed framework in detail: 1.

A client sends a request for using a SaaS application via his browser by entering his username and password.

2.

After sending request to HTTP Server, the request is sent to privacy agent.

3.

Privacy agent controls the request by IP, location, and device detection and if the intelligent control system suspects some problems, it will request further information from the client for confirmation.

ANATOMY OF DATA PACKETS IN PROPOSED MODEL

According to different types of data packet that were transmitted between described parties and agents, a set of meaningful attributes should be defined to manage accesses and control the unauthorized process. In the proposed model, there are two types of packets that are transmitted between parties and agents: Data Packets, and Control Packets.

Header

Body

Fig. 3. Format of a Data and Control Packets in Proposed Framework

A unique ID belongs to a pocket for identification and aggregation process. Moreover, a set of attributes has been defined in header part to manage data pockets and to control accesses. The following table shows the attributes that have been used in the header part:

102


separate cloud servers isolated from data. In the proposed model, all private and public keys are to be managed by security agent and stored in the cloud server of this agent. It helps to increase the security level of stored keys during the storage, transmission, and sharing processes. It is to achieve an efficient key-exchanging and re-encryption performance after reaching a high security risk level in data files.

TABLE I: DEFINED ATTRIBUTES IN HEADER PART OF DATA AND CONTROL POCKETS FOR THE PROPOSED MODEL Description

Notation PT KS ES KI PI DI USK SUI CSI SUL DC DU DV SRL SAI RAI

Packet Type (Control {0} or Data {1}) Key Status (Public Key or Private Key) Encryption Status (Data is encrypted {1} or not) Key ID Parent ID Data Owner ID User Secret Key Sharer User ID Cloud Server ID System User List Date Created Date Updated (Last Update) Data Version Security Risk Level Sender Agent ID Receiver Agent ID

For the encryption process, HE-RSA [15] or XBMRSA [16] are the most appropriate algorithms due to the nature of the framework that is based on sharing concepts, and the advantages of each model. HE-RSA is more secure but with a large data overhead however, XBMRSA algorithm has lower data overhead and more appropriate for XML environments. In addition, using several cloud servers to store data helped to protect data even after losing a server during an attack or unpredictable event. Overall, based on the theoretical analysis, all the defined actions and legislations might be effective in increasing the reliability and security in e-services based on cloud computing communications.

VII. CONCLUSION

The following table describes the process of accessing data from data owner according to the request of SaaS application:

The main aim of this paper was to design an efficient and reliable framework to decrease the limitations of e-service models by using cloud computing concepts for Software-as-aService applications. According to this purpose, a multi-clouds model was presented by introducing security, data source, and privacy agents, to provide responsiveness, efficiency, security, personalization, and access control for cloud-based e-services. Storing key in different server from encrypted data and with different security level, using security agent to generate keys and providing them for encryption process, storing data in various cloud servers, and using data source agent for decrypting and aggregation processes, are some of the performed actions to increase the reliability and efficiency of the proposed model. Finally, based on the theoretical analysis, the suggested framework could be practical to decrease the limitations of e-services and increase the reliability of cloud computing environments.

TABLE II: PROCESS OF ACCESSING DATA BY SAAS APPLICATION Function Agent Data Agent

SetControl (C1, PT=0, SAI= DAgent, RAI= Server, DI1, CSIi, SRLi….)

Cloud Server

GetControl (C1)

Cloud Server

SetData (D1, PT=1, ES=1, PIk, SAI= Server, RAI= DAgent, DI1, CSIi, SRLi….)

Data Agent

GetData (D1)

Data Agent

SetControl (C2, PT=0, SAI= DAgent, RAI= SAgent, DI1, KIj, ...)

Security Agent

GetControl (C2), GetKeyfromSAServer(K1)

Security Agent

SetControl (C3, PT=0, SAI= SAgent, RAI= DAgent, KS =0, KIj, USKm, KIj , ....)

Data Agent

GetControl (C3), DecryptData(D1, KIj)

Data Agent

SetData (D1, PT=1, ES=0, PIk, SAI= DAgent, RAI= SaaSApp, DI1, CSIi, SRLi….)

VI.

ACKNOWLEDGMENT We acknowledge the assistance and logistical support provided by U.P.M. University, Medica Tak Company (Meta Soft), Dr. Pardis Najafi, Dr. Shaiful Jahari B. Hashim, Dr. Khairulmizam B. Samsudin, Ms. Fatemeh Afsahi, and the bright memory of Dr. Enayat Fatemi Moghaddam.

SECURITY ANALYSIS OF THE PROPOSED FRAMWORK

Analysis and evaluation of the suggested model was done according to the defined parameters for investigating strengths and weaknesses of this framework in cloud computing environments and communications.

REFERENCES [1]

Applying cryptography methods is the most popular solution to increase reliability in cloud servers [13]. However, because of raising security issues by storing keys in same data cloud servers and the same security level in comparison to encrypted data, it has been suggested [14] to store keys in

[2]

103

C. K. Ke, S. F. Chang, and Z. H. Lin, “An Adaptive E-service for Bridging the Cloud Services,” in Proc. Sixth International Conf. on Genetic and Evolutionary Computing (ICGEC), Kitakyushu, Japan, 2012, pp. 554-557. C. Schroth, and T. Janner, “Web 2.0 and SOA: Converging Concepts Enabling the Internet of Services,” IEEE Trans. IT Professional, vol. 9, pp. 36-41, May 2007.


[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

M. Randles, A. T. Bendiab, and D. Lamb, “Robustness in Autonomic EService Systems,” in Proc. International Conf. on Developments in Esystem Engineering (DESE), London, UK, 2010, pp. 243-248. A. Tripathi, and B. Parihar, “E-Governance Challenges and Cloud Benefits,” in Proc. IEEE International Conf. on Computer Science and Automation Engineering (CSAE), Shanghai, China, 2011, pp. 351-354. I. Bojanova, and A. Samba, “Analysis of Cloud Computing Delivery Architecture Models,” in Proc. IEEE International Conf. on Advanced Information Networking and Applications (WAINA), Biopolis, Singapore, 2011, pp. 453-458. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “RoleBased Access Control Models,” IEEE Trans. Computer, vol. 29, pp. 3847, Feb 1996. W. Dawoud, I. Takouna, and C. Meinel, “Infrastructure as a Service Security: Challenges and Solutions,” in Proc. 7th International Conf. on Informatics and Systems (INFOS), Cairo, Egypt, 2010, pp. 1-8. J. Gibson, R. Rondeau, D. Eveleigh, and Q. Tan, “Benefits and Challenges of Three Cloud Computing Service Models,” in Proc. 4th International Conf. on Computational Aspects of Social Networks (CASoN), São Carlos, Brazil, 2012, pp. 198-205. Z. Mahmood, “Cloud Computing: Characteristics and Deployment Approaches,” in Proc. IEEE 11th International Conf. on Computer and Information Technology (CIT), Computer and Information Technology (CIT), Pafos, Cyprus, 2011, pp. 121-126. M.A. Alzain, B. Soh, and E. Pardede, “MCDB: Using Multi-Clouds to Ensure Security in Cloud Computing,” in Proc. IEEE Ninth International Conf. on Dependable, Autonomic and Secure Computing (DASC), Sydney, Australia, 2011, pp. 784-791. F. Q. Zhang, and D. Y. Han, “Applying Agents to the Data Security in Cloud Computing,” in Proc International Conf. on Computer Science and Information Processing (CSIP), Shaanxi, China, 2012, pp. 11261128. S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” in Proc. IEEE INFOCOM, 2010, San Diego, USA, 2010, pp. 1-9. V. Kandasamy, and E. Papitha, “Flexible Access Control for Outsourcing Personal Health Services in Cloud Computing Using Hierarchical Attribute Set Based Encryption,” in Proc. International Conf. on Information Communication and Embedded Systems (ICICES), Tamilnadu, India, 2013, pp. 569-571. J. J. Hwang, H. K. Chuang, Y. C. Hsu, and C. H. Wu, “A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service,” in Proc. International Conf. on Information Science and Applications (ICISA), Jeju Island, South Korea, 2011, pp. 1-7. F. Fatemi Moghaddam , M. T. Alrashdan, O. Karimi, “A Hybrid Encryption Algorithm Based on RSA Small-e and Efficient-RSA for Cloud Computing Environments,” Journal of Advances in Computer Networks (JACN), IACSIT Press, vol. 1, no. 3, pp. 238-241, September 2013. N. Nithin, and A.M. Bongale, “XBMRSA: A New XML Encryption Algorithm,” in Proc. World Congress on Information and Communication Technologies (WICT), Trivandrum, India, 2012, pp. 567-571.

104