SECURE AND CONTROL SENSITIVE DATA IN CLOUD

SERVERS; A CASE STUDY OF GOOGLE CLOUD

By

Rabiu Shehu Musa

DEPARTMENT OF MATHEMATICAL SCIENCES

Supervisor
DR HAMZA USMAN

August 2022.

1
 CHAPTER ONE
INTRODUCTION
1.1 Background of the study
Cloud computing is a virtual environment providing IT services on low coat and using third

party access for it. Various researchers describe cloud differently like Zhiguo Wan et. Al

(2019). states that “Cloud Computing is a new computing paradigm that is built on

virtualization, distributed computing, utility computing and service-oriented architecture”.

This can reduce complexity, Hardware requirement and client-side requirements. So, it is very

popular and can handle massive amount of data. As we know that google has now introduced

MapReduce framework and Apache uses Hadoop distributed file system for same purpose.

These technologies adapted by cloud for handling massive amount of data. Tremendous

amount of data is stored on internet and flow over the network. So, it is very important to ensure

security of our sensitive data. Cloud system must be able to store and manage such large

amount of data as well as support strong authentication and encryption of sensitive data.

Cloud computing is revolutionizing many of our ecosystems, including healthcare.

Compared with earlier methods of processing data, cloud computing environments provide

significant benefits, such as the availability of automated tools to assemble, connect, configure

and reconfigure virtualized resources on demand. These make it much easier to meet

organizational goals as organizations can easily deploy cloud services. However, the shift in

paradigm that accompanies the adoption of cloud computing is increasingly giving rise to

security and privacy considerations relating to facets of cloud computing such as multi-tenancy,

trust, loss of control and accountability Pearson (2013). Consequently, cloud platforms that

handle sensitive information are required to deploy technical measures and organizational

safeguards to avoid data protection breakdowns that might result in enormous and costly

damages. Sensitive information in the context of cloud computing encompasses data from a

wide range of different areas and disciplines. Data concerning health is a typical example of

2
the type of sensitive information handled in cloud computing environments, and it is obvious

that most individuals will want information related to their health to be secure. Hence, with the

proliferation of these new cloud technologies in recent times, privacy and data protection

requirements have been evolving to protect individuals against surveillance and database

disclosure. Some examples of such protective legislation are the EU Data Protection Directive

(DPD) Pearson (2013) and the US Health Insurance Portability and Accountability Act

(HIPAA) Pearson (2013), both of which demand privacy preservation for handling personally

identifiable information. The application has to be hosted somewhere, and here it comes to the

question of how to make the hosting process more efficient and effortless. Of course, the

application can be hosted in a classical way when it is running on a physical or a virtual private

server, but this requires tons of manual configuration and maintenance. It is often even

necessary to have an engineer or two who focuses only on maintaining and deploying the

application to such an environment.

Cloud Service Providers (CSP) are coming to the rescue bringing the Infrastructure as a

Service, Platfrom as a Service, and serverless solutions for the businesses. It allows deploying

an application to the cloud while not being concerned with the server’s security, OS

maintenance, and software updates. One of the most prominent players in the cloud market is

Google with its Google Cloud Platform. It provides many services on a different level of

abstraction from the underlying infrastructure, such as virtual machines in Cloud Compute,

clusters in Kubernetes Engine, fully manageable and automatically scalable compute platform

Cloud Run for running containerized services, and Cloud Functions. It also offers many cloud

solutions for application infrastructure components such as databases, storage, monitoring,

logging, and more. Cloud Services might be hard to understand for an average user who wants

to perform some resource-demanding computational task on a machine capable of its demand.

Some additional paid internet services are developed to build an abstraction layer above Cloud

3
Services to solve this problem. The underlying structure of paid internet services for running

Docker containers can be worked out in advance. It will simplify the implementation of such a

service.

This thesis aims to implement a framework for a paid internet service and deploy it to the

Google Cloud Platform with the lowest operation price. It will provide a boilerplate code for

developing, testing, and deploying the service. It includes the library, which simplifies the

communication of the front-end client and the back-end worker with the database. Moreover,

the library for the worker provides a mechanism for locking the resource that the worker is

processing in order to prevent the simultaneous processing by 3other possible worker instances.

Thanks to this mechanism, it is possible to scale the application safely. Also, the thesis will

cover the security aspects of implementing the service on top of Google Cloud and Firebase

product, which is built on top of Google Cloud.

1.2 Statement of Problem

Cloud computing has become a social phenomenon used by most people every day. As with

every important social phenomenon there are issues that limit its widespread adoption. Most

issues start from the fact that the user loses control of his or her data, because it is stored on a

computer belonging to someone else (the cloud provider). This happens when the owner of the

remote servers is a person or organization other than the user; as their interests may point in

different directions (for example, the user may wish that his or her information is kept private,

but the owner of the remote servers may want to take advantage of it for their own business).

1.3 Aim and Objective of the Study

The aim of this study is to identify and understand the security issues which affect the

performance of Cloud Computing. Also, to understand the security techniques which are being

4
used to mitigate these security issues. Thereby providing the standard guidelines for the Cloud

service providers and as well as Cloud users.

The main objectives of this research are:

i. To understand the security issues and to identify the appropriate security techniques

those are being used in the current world of Cloud Computing.

ii. To identify the security challenges those are expected in the future of Cloud Computing.

iii. To suggest some counter measures for the future challenges to be faced in Cloud

Computing.

1.4 Research Questions

1. What are the various security techniques being used by the leading Cloud Computing

providers, to prevent active and passive attacks when the data is being transferred

between the Cloud and a local network?

2. What are the various security techniques being used to prevent unauthorized access to

data within the Cloud?

3. What are the major security challenges we expect in future Cloud Computing?

1.5 Scope and Limitations of the Study

The study used google cloud as a case study. The study identifies the most relevant issues in

Cloud Computing which consider vulnerabilities, threats, risks, requirements and solutions of

security for Cloud Computing. This question had to be related with the aim of this work; that

is to identify and relate vulnerabilities and threats with possible solutions. Therefore, the

research question addressed by our research was the following: What security vulnerabilities

and threats are the most important in Cloud Computing which have to be studied in depth with

the purpose of handling them? The keywords and related concepts that make up this question

and that were used during the review execution are: secure Cloud systems, Cloud security,

5
delivery models security, SPI security, SaaS security, Paas security, IaaS security, Cloud

threats, Cloud vulnerabilities, Cloud recommendations, best practices in Cloud. This led into

this research work by the researcher.

Limitations of study

1. Financial constraint- Insufficient fund tends to impede the efficiency of the

researcher in sourcing for the relevant materials, literature or information and

in the process of data collection (internet, questionnaire and interview).

2. Time constraint- The researcher will simultaneously engage in this study with

other academic work. This consequently will cut down on the time devoted for

the research work.

1.6 Significance of the Study

The users of cloud computer on the security challenges and how to resolve these issues.

Enhance the use and the effectiveness of the cloud computing among the people. Remove the

fear of using cloud computing from the people since the research will come up with a new

design that will solve the issue of privacy and third party.

1.7 Operational Definition

Authentication: The authorized client can get to its own information field. Further, protected

path was used as Two Factor Authentication (2FA). This 2FA is exceptionally regular between

e-Saving money managements. Despite a username/secret word, the client should have the

gadget to show a One Time Password (OTP).

Data Anonymity: The unrelated entity that cannot recognize the exchanged data. Data

aggregation either at a centralized location or at any one of the individual sites is also

impractical due to communications and storage costs of big data. Data anonymization means

hiding identity and delicate information which provides the secrecy of an individual is

6
successfully safeguarded though certain data be able to still present to information clients for

different examination and mining tasks. Efficient integrity auditing scheme supports checking,

fault detection probability, multiuser alteration and user revocation.

User Privacy: The data should not be accessed, until and unless both the users have the interest

to share their respective data.