A Proposed New Framework for Securing Cloud Data on Multiple Infrastructures using Erasure Coding, Dispersal Technique and Encryption

Abstract

Cloud computing is a technology that has come to save organizations from investing in and owning high cost IT infrastructure including its management and maintenance. The technology enables an organization to outsource its IT needs to the care of a remote third party Cloud Service Provider (CSP) while focusing on its core business processes. It enables the usage of IT resources remotely as a service on subscription basis at a per usage fee on demand. The service models available are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). These service models are deployed in one of four cloud deployment models as Public, Private, Community or Hybrid cloud. Despite the technology’s numerous benefits, it also poses serious security threats to vital business data assets as the subscriber has to surrender control over its management and maintenance to a remote CSP. The threats include: the CSP using the data for their own gains, the location of the data not known to the subscriber, the ownership of the data (for example, on contract termination or in the event of conflict or dispute), and also the subscriber not knowing who has unauthorized access to their data resource. The challenge therefore, is how to create a secure and vigorous data security solution that can mitigate these threats and alleviate the cloud subscriber fear to freely enjoy using cloud computing services. Hence, this study proposes a Six-level Cloud Data Distribution Intermediary (CDDI) Framework that enables the cloud subscriber to effectively secure its data against these threats. The framework employs Erasure Coding (based on the Galois Field Theory and Reed Solomon Coding), and a Data Dispersion technique with a Transposition Encryption technique based on Rubik’s cube transformation. In addition, it also uses this study’s proposed Erasure Coding technique based on checksum dubbed “Checksum Data Recovery” (CDR). The CDDI framework when implemented on the cloud subscriber’s gateway system will encrypt and split the subscriber’s data into chunks of data fragments which are distributed randomly to the subscribers selected multiple CSP storage infrastructures. This alleviates threats of data usage, location, ownership, and access, identified.