Despite the fact that cloud computing is currently adopted on a wide scale, the security and maintenance of privacy of accounts in various cloud computing environments are still questionable. Securing data in a cloud setting utilizes the same methods employed to secure data on a conventional data centre. Many methods are now used to secure cloud storage accounts including identity and authentication; encryption; access control; integrity checking; secure deletion and data masking. Nevertheless, all those protection methods can be insufficient to mitigate certain forms of attacks.
Throughout this article, we will discuss a newly proposed security protocol that uses Pretty Good Privacy (PGP) along with bitcoin, to maximize PGP’s validation mechanism of Web of Trust.
Current Security Protection Methods For Cloud Storage:
To date, the following represents the current security protection methods used by various cloud storage providers:
User authentication can take multiple forms, but all of those are dependent on combining a group of authentication factors including a passphrase known by the user (e.g. password), something he/she possesses (e.g. security token) and/or something unique for the user (e.g. fingerprint).
2- Access Controls:
Access controls refer to two elements; individuals and/or processes running on their behalf and objects including files, directories…etc. There are 3 popular models for access controls including role based access control, discretionary access control and mandatory access control.
Encryption is by far the most crucial component in the process of securing data stored on the cloud. There are multiple approaches for encrypting data on the cloud including directory level, application level or file level encryption. Implementation of encryption is reliant on successful management of the keys used to encrypt and/or decrypt data.
4- Integrity Checking:
Integrity checking utilizes a hash function, or a Cyclic Redundancy Check CRC, that is computed whenever a file is saved to the cloud. Integrity checking is accomplished via computation of the output of the hash function or CRC before allowing file editing to confirm that the original values match.
Sanitation and clearing are techniques that are used when deleting data stored on the cloud.
6- Data Masking:
Data masking is a method that clears all distinguishing and identifiable features from data in an attempt to render it anonymous without affecting its operability.
Maximizing Security of Cloud Storage Using PGP and Bitcoin’s Blockchain Technology:
A group of researchers have published a paper that proposes the use of PGP along with the bitcoin technology to enhance security of cloud storage. The elements of the newly proposed security protocol can be summarized as follows:
1- Bitcoin based PGP certificate:
This will include a bitcoin address that will be used to verify identity and revoke certificates.
2- Verification of identity and revocation of transactions:
This will comprise an alternative method for verification of a public key possessed by a certificate owner which will be included in a bitcoin based PGP certificate. Furthermore, this will also utilize the included bitcoin address for various revocation purposes.
3- PGP trust levels:
This will enable users to outline the amount of bitcoins they would “risk” in the process of verification of a given bitcoin based PGP certificate. The amount specified by the verifier will be correlated to the level of trust between the verifier and the owner of the certificate in question.
4- Certificate signing endorsements:
This will add a trivial incentive bitcoin fee whenever an endorser, who owns a valid bitcoin address, signs one of the enhanced PGP certificates which are stored on a bitcoin based PGP key server.
5- Bitcoin based PGP key server design:
The server design will permit utilization of bitcoin’s blockchain for storage of PGP keys. This will offer a decentralized software application that enables users to store and/or retrieve bitcoin based PGP certificates stored on the blockchain. The application will cut down each certificate into smaller pieces that can fit within the “byte” storage limit of the blockchain. Accordingly, whenever requested (via the key id of the PGP key) the client will promote the retrieval of all fragments of the PGP certificate and reassemble them to be ready for use by the requesting user.
Implementation of PGP and the bitcoin technology can heighten the level of security on various cloud storage platforms. Just like blockchain cloud storage solutions, conventional cloud storage providers will start a new era of security when this new security protocol is deployed.
Posted by Dr007