International Conference on Emerging Technology Trends (ICETT) 2011 Proceedings published by International Journal of Computer ApplicationsĀ® (IJCA) 24 Data Security Mechanism for Cloud Mr. G. A. Patil. 1st Mr. S. B. Patil. 2nd 1 st Asst. Prof. & HOD. CSE Dept. 2 nd Asst. Prof. CSE. Dept. DYPCET, Kolhapur. K. I. T. COEK, Kolhapur. ABSTRACT Cloud computing is a means by which highly scalable services can be consumed over Internet and network on rental basis. Various cloud service providers are offering different services over cloud environment. Many big investors like Amazon S3, EC2, Microsoft Azure, IBM Blue, are providing cloud environments. When data is stored over cloud, vendors hold a limitless possibility to access this data. Social engineering done by cloud vendors or their employees would lead to information leak or even substantial loss of data. Commonly used authentication mechanism guarantee that authenticated users can access their data, but they do not guarantee security of data from the cloud vendor. This paper emphasizes on improving existing authentication mechanism & implementing data security schemes to secure data from the Data Flow User Cloud Data Storage Cloud Server cloud vendor and other users of cloud. GENERAL TERMS: Cloud Securit y. Keywords: Authentication by Characteristics (AC), Authentication by Knowledge (AK), Authentication by Ownership ( AO), Cloud Service Provider (CSP), Public Key Infrastructure (PKI) and One Time Password (OTP). 1. INTRODUCTION The Cloud Computing is a technology which has been in use by small, medium and large scale companies. Many end users are using cloud services. We can simply categorize users of cloud in two generalized groups. First group involving small, medium and large scale companies and second group containing end users. Depending on the size of business and requirements of infrastructure support for day to day operations, every company needs different services from Cloud Service Providers. Also, individuals will demand services as per their requirements. Here, the common issue for both categories of users is security of their data [1]. There are security concerns that prevent companies from taking advantages of the cloud [3]. Traditional mechanisms of security are not adequate for cloud environment [3]. Every single client of CSP will have different security requirements. Users will demand different levels of security. Different policies need to be decided for security provisioning [4]. The commonly used security mechanism for data access is Username and Password pair. As username password pair is concerned with authentication of user, it guarantees that only valid user will get access to data, but at the same time it is not concerned about securing data when it is stored in cloud & when it flows through network from user end to cloud and vice versa[1]. Data stored in plain text format over the cloud is a security threat. Figure1: Data Flow & Data Storage over Cloud Environment Security Issues in the scenario shown in figure 1 are as under - 1. Data Stored over cloud is in plain text format. 2. Data flow through network is in plain text format. 3. In case encryption service is provided by cloud vendor, it cannot be trusted as CSP will have access to encryption algorithm and the key used. The schemes explained in this paper will deal with tackling such security issues in several levels. Clients of cloud have to select appropriate registration and authentication levels. Accordingly the CSP will provide different registration levels for clients of cloud & further cloud clients use data security mechanism to secure data from cloud vendor [5]. The authentication module will address the issues by categorizing clients by their requirements of security. Categorizing of clients will be done first by registration process and then by authentication mechanism selected by clients. For registering to the cloud, user has to select one of the registration levels. In registration level-0, no documents are required for creating and accessing user account over cloud. Users will be asked to submit documents to Cloud Service Providers during level-1 of registration. While in registration level-2 documents as well as physical presence of user is required during registration. Client should register with cloud by selecting one of these registration levels. After registration is complete Cloud Service Provider can check which level is adopted by client for registration. Higher level of registration means the access is of more importance. After registration, authentication mechanism needs to be selected, this is also provided in different ways. In authentication level-0(AK), the user is authenticated by username & password pair. Authentication Level-1(AO) needs authentication by electronic cards and pass-keys whereas Authentication Level-2(AC) is used for biometric operations.