3.1 Introduction
One of the key technologies in cloud computing is data. Cloud Service
Provider (CSP) such as Microsoft Azure, Google, Dropbox and Amazon deal
with a lot of data. It is not like the data in computers drives which con
tains mostly 2 terabytes but these CSP can handle up to petabytes of data
especially when Big Data becomes a trend in this era. So, of course, one of
the cloud computing services is to store data. Based on Data Security Basis,
there are 2 important things which are life cycle of data and Con?dentiality,
Integrity and Availability (CIA).
However, there are security issues happen
when handling the data. (Kumar, Raj, & Jelciana, 2017)
3.2 Data security basics
3.2.1 Data life cycle
In data life cycle, there are six stages; Create, Store, Use, Share, Archive and
Destroy. Firstly, when the user enter a data, it is automatically created. In
this stage, the data can move freely between any stages based on what the
user wants. Next, once it is created, the data will be stored outside the users
place, which means in CSPs side.
The data is called as data-at-rest since
there is no activity happens to the data. When the data is being used or in
use stage, the stage is called as data-in-use. (Kumar et al., 2017)
10
Data sharing stage is called as data-in-transit as it will be moved from
one location to another. The archive stage is also called as data-at-rest.
The destroy stage is called as data-after-deleted. All of these stages are
self-explanatory. To protect the data while it is in share stage, encryption
methods is used. When a data is deleted, there may be some digital data
that remains that allowing data to be reconstructed. It is called as data
remanence. (Kumar et al., 2017)
3.2.2 CIA triad
CIA triad is the three important properties of the data while three impor
tant properties associated to people who access the data are authentication,
authorization and nonrepudiation. Con?dentiality is data privacy; data that
is belong to CSC is not revealed to any unauthorized parties in any occasion.
Integrity of data is refers as the con?dence of data that stored in the cloud
is not ?ddled by any unauthorized parties. It is happens in data-in-transit.
Availability of data refers to whenever CSC needs or wants the data, the data
should be available to them without any occasion. (Kumar et al., 2017)
3.3 Data security issues
3.3.1 CIA Triad related
There are three main data security issues discussed in this research paper.
Firstly, CIA related security issues. It is happens when one of the triad is
not secured. For con?dentiality, there are a few examples of attacks such as
11
sensitive data are given to unauthorized parties by employees via a SD cards
or hard disks. Installing a spyware on a data server in order to send private
information to the attackers also one of the attacks on con?dentiality. Lastly,
doxxing, which is leaking private information such as social security numbers
or phone numbers about someone or an organization to do harm. (Kumar
et al., 2017)
Next is integrity. Threats on integrity are including penetrating a web
server in order to embed malware into webpages and web server-side script
ing. Next, is accessing a ?nancial server in order to falsify ?nancial records
maliciously. Lastly, turning a machine into a zombie computer in order to
control it through botnet. (Kumar et al., 2017)
The A in CIA triad is availability. Attacks on availability such as De
nial of Service (DoS) and Distributed Denial of Service (DDoS) attacks on
servers. Next is ransomware attacks. It happens when data is encrypted
on targeted device to make sure the authorized parties cannot use it until a
ransom is paid. Lastly is when an employee disrupting a server rooms power
supply in order to make the server o?ine. (Kumar et al., 2017)
There are a few ways to improve data security related to CIA triad.
Firstly, apply data encryption when data is not in motion (store, archive
and share stage). Generally, encryption method can provide con?dentiality
against attacks from cloud provider. Next, Third Party Auditing (TPA) can
be employed to check for the data integrity. Lastly, encryption keys should
not be stored along with encrypted data. (Kumar et al., 2017)
12
3.3.2 Authentication and Access Control (AAC) related
The second data security issues is in Authentication and Access Control
(AAC). When a user want to access a data, an authentication is needed.
There are many types of authentications but mostly people use passwords.
Password-based authentication are more subject to vulnerability especially in
a public cloud. It can be cracked by using brute force attacks, dictionary at
tack and phishing. A brute force attack is a repetition of successful attempts
of trying passwords combinations to break a website. It is a trial-and-error
method. (Kumar et al., 2017)
Next is dictionary attack. Di?er to brute force attack, a dictionary at
tack is an attempt to gain illicit access to a computer system by using a
very large set of words to generate potential passwords. The attacker use
a list of known or commonly used passwords. A dictionary of passwords is
tried to break a website. Lastly, phishing is also another way to crack a
password-based authentication. Phishing is a fraudulent attempt to obtain
sensitive information such as usernames, passwords and credit card details
by disguising oneself as a trustworthy entity in an electronic communication.
Some people would call it as scamming. (Kumar et al., 2017)
There are some important methods that can overcome AAC security chal
lenges. For example, multi-factor authentication can avoid attackers from
breaching a website. Next, Intrusion Detection System (IDS) or ?rewalls
can be implemented on di?erent network and cloud layers to enable access
control in cloud computing. Lastly, employing third-party identity manage
ment solutions also can prevent data security challenges in AAC. Examples
of third-party solutions are Microsoft Azure Active Directory, Okta identity
13
management and McAfee cloud identity manager. (Kumar et al., 2017)
3.3.3 Data Loss
The next data security issues is data loss. Data loss is a process or event
when that data being corrupted, deleted and/or made unreadable by a user,
software or application. It is also called as data leakage and occurs when one
or more data can no longer be utilized by the authorized parties. Data loss
can happen during data-at-rest and also when in motion. (Kumar et al.,
2017)
Data loss can occur for a lot of reasons such as data corruption. It is
occur the data become inaccessible to a user or an application. When a data
element loses its base integrity, it transform into a form that is unreadable or
not understandable by a user or application. Thus, it is inaccessible. Data
corruption usually happens when the data in sharing stage. (Kumar et al.,
2017)
The next reason for data loss to occur is when data being intentionally
or accidentally deleted or overwritten by a user or an attacker. Lastly, data
loss also occur when data is stolen over the network by network penetration
or any network intervention attack. (Kumar et al., 2017)
Data loss can be avoided by implementing backup and recovery for data.
(Kumar et al., 2017)