REPUTATION BASED TRUST MANAGEMENT FOR CLOUD SERVICES T. Sandeep 1, G. Priya* 2

Transcription

1 ISSN: X CODEN: IJPTFI Available Online through Research Article REPUTATION BASED TRUST MANAGEMENT FOR CLOUD SERVICES T. Sandeep 1, G. Priya* 2 1 PG Student, School of Computer Science and Engineering, VIT University, Vellore. 2 Assistant Professor (Senior), School of Computer Science and Engineering, VIT University, Vellore. gpriya@vit.ac.in Received on Accepted on Abstract Trust Management is one of the most important factors for the success and adaption of the cloud computing. Cloud Services are distributed, non-transparent and highly dynamic in nature. These introduce more issues like availability, security and privacy. Trust management and consumers have interactions between them. These interactions may involve consumer s information which is more sensible. So protecting consumer s privacy is not an easy task. Malicious users may create problems for cloud services. In this paper, we are presenting a reputation based trust management model which consist of identity management which is used for the registration and list the malicious users. Trust management is used to take feedback of the user, provide the trust result of the cloud service and used to add the cloud services which are available in the internet. Keywords: Trust management, Privacy, Security, Reputation. 1. Introduction The highly dynamic, distributed, and non-transparent nature of cloud services make the trust management in cloud environments a significant challenge [1],[2],[3],[4]. According to researchers [5], trust and security are ranked one of the top 10 obstacles for the adoption of cloud computing. Indeed, Service-Level Agreements (SLAs) alone are inadequate to establish trust between cloud consumers and providers because of its unclear and inconsistentclauses [6]. Consumers feedback is a good source to assess the overall trustworthiness of cloud services. Several researchers have recognized the significance of trust management and proposed solutions to assess and manage trust based on feedbacks collected from participants [7],[6],[8],[9]. In reality, it is not unusual that a cloud service experiences malicious behaviours (e.g., collusion or Sybil attacks) from its users [10]. This paper focuses on improving trust management in cloud environments by proposing a model to ensure the credibility of trust feedbacks. In particular, we distinguish the following key issues of the trust management in cloud environments. IJPT Sep-2016 Vol. 8 Issue No Page 15541

2 The adoption of cloud computing raise privacy concerns [11]. Consumers can have dynamic interactions with cloud providers, which may involve sensitive information. There are several cases of privacy breaches such as leaks of sensitive information (e.g., date of birth and address) or behavioural information (e.g., with whom the consumer interacted, the kind of cloud services the consumer showed interest, etc.). Undoubtedly, services which involve consumers data (e.g., interaction histories) should preserve their privacy [12]. It is not unusual that a cloud service experiences attacks from its users. Attackers can disadvantage a cloud service by giving multiple misleading feedbacks (i.e., collusion attacks) or by creating several accounts (i.e., Sybil attacks [16]). Indeed, the detection of such malicious behaviours poses several challenges. Firstly, new users join the cloud environment and old users leave around the clock. This consumer dynamism makes the detection of malicious behaviours (e.g., feedback collusion) a significant challenge. Secondly, users may have multiple accounts for a particular cloud service, which makes it difficult to detect Sybil attacks. Finally, it is difficult to predict when malicious behaviours occur [13]. 2. Related Work Many mechanisms and approaches are adopted to support the cloud users in verifying and selecting the trustworthy cloud providers. 2.1 Service Level Agreement A cloud service level agreement is a negotiated agreement between the cloud users and the cloud service providers. The cloud service are required to follow standardized SLA, and SLA specification of cloud service providers can be estimate based on the accepted standards. The SLAs generally include definition of services, warranties, problem management, customer duties, performance measurement and termination of agreement. And SLA management encompasses the SLA contract definition: basic schema with the SLA negotiation, quality of service parameters, SLA monitoring and so on. Shared resources are the underlying and important nature of cloud computing and SLAs conduct the monitoring, measuring on cloud performance according to the cloud users experiences or the cloud users ability to consume resources. 2.2 Cloud Audit While transferring data between service providers and users in cloud computing, it is not easy to avoid attacks from the cloud or the outside, even on encrypted data. Cloud Audit is one of the best choice of the authentication mechanism based on the third party. The audit mechanism can help users selecting the most reliable one among all of service providers. At the same time, audit mechanism will help service providers to increase reliability to attract more IJPT Sep-2016 Vol. 8 Issue No Page 15543

3 users. Its goal is to provide a common interface that allows service providers to automate the Audit, Assurance, Assessment, and Assertion of their environments. Cloud service providers use audit standards as guarantee for the existence of organizational and technical controls related to their services. The Cloud Audits assess issue certificates based on the assessment reports for the cloud service providers. 2.3 Self-assessment questionnaires The self-assessment questionnaires mechanism developed by CSA.CSA makes specific questionnaire documents for self-assessments. These questionnaire documents available to the users or public for conducting third-party security assessments and self-assessments. The self-assessment questionnaires help the cloud user to know more about a cloud service provider and in the selecting process of trusted cloud service provider. 2.4 Cloud Accreditation Accreditation for cloud computing would cover three main areas which are technology, personnel and operations. In formal accreditation, a cloud service provider who provides a professional service is assessed against official standards, and is issued with certification of its competency, authority, or credibility. The certification is provided by an accreditation operator, who is a third party independent authorized national standard body or professional association. If formal accreditation is applied to clouds, the cloud attribute assessment from a formal accreditation will be another important information source for cloud trust judgment. Currently, one of the main problems is that there are many fragmented activities going in the direction of cloud accreditation, but a common body for the coordination of those activities is missing. Accreditation for cloud computing, in general, focuses on the qualification of the accredited service provider with respect to conducting a specific type of professional services, which perhaps takes place in a longer period. 2.5 Reputation based trust management Reputation based trust management is important because the feedback of the various cloud service consumers can dramatically influence the reputation of a particular cloud service either positively or negatively. It has been used in the cloud environment, the grid, P2P, as well as the service-oriented environment.reputation can have direct or indirect influence on the trustworthiness of a particular entity (e.g., cloud service).there are several online reputationbased systems such as the auction systems (e.g., ebay [ebay 2011] and Amazon [Amazon 2011]) where new and used goods are found, and the review systems where the consumers opinions and reviews on specific products or services are expressed. IJPT Sep-2016 Vol. 8 Issue No Page 15544

4 3. Proposed Model G. Priya*et al. /International Journal of Pharmacy & Technology The purpose of this paper is to provide an application which allows cloud user to provide the trustworthiness of the cloud services. The scope of the paper is to get the trust worthiness of the services based on the user ratings. User has to register and login to the application to know the privileges of this application. 3.1 System Architecture The proposed model consist of three different layers, namely Cloud service providers, Trust Management and Cloud Service Consumer. Figure Reputation based trust management for cloud services Cloud Service Provider This layer consists of different cloud service providers who offer one or several cloud services i.e., IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service) [14], [15], publicly on the Web. These cloud services are accessible through Web portals and indexed on Web search engines such as Google, Yahoo, and Baidu. Interactions for this layer are considered as cloud service interaction with users and TM, and cloud services advertisements where providers are able to advertise their services on the Web Trust Management This layer consists of Trust manager and cloud services. Trust manager expose interfaces so that users can give their feedback or inquire the trust results of cloud services. TM contains the cloud services which are available in the internet. Interactions for this layer include cloud service discovery through the Internet to allow users to assess the trust of new cloud services and user feedbacks will be published by the trust manager. IJPT Sep-2016 Vol. 8 Issue No Page 15545

5 3.1.3 Cloud Service Consumer G. Priya*et al. /International Journal of Pharmacy & Technology Finally, this layer consists of different users who use cloud services. Interactions for this layer include service discovery where users are able to discover new cloud services and other services, trust and service interactions where users are able to give their feedback or retrieve the trust results of a particular cloud service, and registration where users establish their identity through registering their credentials in IDM before using TM Identity Management (IDM) Since trust and identification are closely related, we believe that IDM can facilitate TM in the detection of Sybil attacks against cloud services without breaching the privacy of users. When users attempt to use TM for the first time, TM requires them to register their credentials at the identity registry in IdM to establish their identities. The identity registry stores an identity record for each user. This record contains user s primary identity (e.g., user name), set of credentials attributes (e.g., passwords, postal address, and IP address) and the user s registration time in TM Trust Manager(TM) In a typical interaction of the TM, a user either gives feedback regarding the trustworthiness of a particular cloud service or requests the trust assessment of the service. From users feedback, the trust behaviour of a cloud service is calculated. In this calculation we use user s primary identity, cloud service s identity, and a set of Quality of Service (QoS) feedbacks (i.e., the feedback represent several QoS parameters including availability, security, response time, accessibility, price). Each trust feedback is represented as negative, positive, and neutral feedback respectively. Whenever a user c requests a trust assessment for cloud service s, TM calculates the trust result, denoted as Tr(s), from the collected trust feedbacks as follows: Tr(s)= where f(c,s) denotes feedback form user c and V(s) denotes total number of feedbacks. 4. Assumptions and Attack Models In this paper, we assume that TM is handled by a trusted third party. We also assume that TM communications are secure because securing communications is not the focus of this paper. Attacks such as Man-in the-middle(mitm) is therefore beyond the scope of this work. We consider the following types of attacks: Collusion Attacks. Also known as collusive malicious feedback behaviours, such attacks occur when several vicious users collaborate together to give numerous misleading feedbacks to increase the trust result of cloud services (i.e., a self-promoting attack) or to decrease the trust result of cloud services (i.e., a slandering attack). This type of malicious behaviour can occur in anon-collusive way where a particular malicious user gives multiple misleading IJPT Sep-2016 Vol. 8 Issue No Page 15546

6 feedbacks to conduct a self-promoting attack or a slandering attack. If a particular user gives feedbacks more than threshold value then we consider him as a malicious user. Sybil Attacks. Such an attack arises when malicious users exploit multiple identities to give numerous misleading feedbacks (e.g., producing a large number of transactions by creating multiple virtual machines for a short period of time to leave fake feedbacks) for a self-promoting or slandering attack. It is interesting to note that attackers can also use multiple identities to disguise their negative historical trust records. When a user registering in IdM with his credentials then we compare with the values of already registered users. 5. Results and Discussions This paper is divided into three modules. They are as follows: TM Module IDM Module User Module 5.1 TM Module As a starting step the Trust Manager has to login himself to the site. After successful login into the site he can check for the feedbacks form the users. Trust Manager can publish the user comments. If he wants to revoke the comment he can also revoke it. Trust manager can also see the user details but all the details of the user will be in encrypted form except ip-address and Signup time. Because Trust Manager is third party so IDM provides users in a encrypted form only. Trust manager can also add the services into the database. Trust manager can also remove the cloud service details from the database. Figure TM login page. IJPT Sep-2016 Vol. 8 Issue No Page 15547

7 Figure ADD service page. Figure product feedback page. 5.2 IDM Module As a starting step Identity manager has to login himself to the site. After successful login into the site he can check for the newly added users. Identity manager only has the right to activate and deactivate the user. After activating the user, the user status will be changed to yes. If the Identity Manager is not activate the user then user unable to login into the site. Identity manager wants to deactivate the user, he can deactivate then user status will be changed to no. Identity manager can only see the attackers list. He can see both Sybil and collision attackers list in a table. Figure IDM login page. Figure attackers list page IJPT Sep-2016 Vol. 8 Issue No Page 15548

8 Figure user details page. 5.3 USER Module As a starting step user has to register himself by creating username and password. Registration page contains all the details about the user. id is mandatory. Identity manager will send a mail about your activation. After Activation only user can login into the site. User can login by entering username and password. User can see his own profile. User can search for the cloud services. User can give the feedback about the cloud services. User can also see the other user comments of particular cloud service. User can see the trust rated cloud services in order. Figure user registration form. Figure 5.3-2user login page. Figure 5.3-3feedback page. IJPT Sep-2016 Vol. 8 Issue No Page 15549

9 Figure 5.3-4trust services page. 6. Conclusion Trust Management is the one of the most important factors for the success and adaption of the cloud computing. Cloud Services are distributed, non-transparent and highly dynamic in nature. These introduces more issues like availability, security and privacy. Trust management and consumers have interactions between them. These interactions may involve consumer s information which is more sensible. So protecting consumer s privacy is not an easy task. Malicious users may create problems for cloud services. We are providing trustworthiness of the cloud services to the users by using user feedbacks. We are identifying Sybil attacks and collusion attacks. User can also search and choose cloud services based on trust rate. User can also view the comments given by other users for particular cloud service. References 1. S. M. Khan and K. W. Hamlen, Hatman: Intra-Cloud Trust Management for Hadoop, in Proc. CLOUD 12, S. Pearson, Privacy, Security and Trust in Cloud Computing, in Privacy and Security for Cloud Computing, ser. Computer Communications and Networks, 2013, pp J. Huang and D. M. Nicol, Trust Mechanisms for Cloud Computing, Journal of Cloud Computing, vol. 2, no. 1, pp. 1 14, K. Hwang and D. Li, Trusted Cloud Computing with Secure Resources and Data Coloring, IEEE Internet Computing, vol. 14, no. 5, pp , M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, A View of Cloud Computing, Communications of the ACM, vol. 53,no. 4, pp , S. Habib, S. Ries, and M. Muhlhauser, Towards a Trust Management System for Cloud Computing, in Proc. of TrustCom 11,2011. IJPT Sep-2016 Vol. 8 Issue No Page 15550

10 7. I. Brandic, S. Dustdar, T. Anstett, D. Schumm, F. Leymann, and R. Konrad, Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds, in Proc. of CLOUD 10, W. Conner, A. Iyengar, T. Mikalsen, I. Rouvellou, and K. Nahrstedt, A Trust Management Framework for Service-Oriented Environments, in Proc. of WWW 09, T. H. Noor, Q. Z. Sheng, and A. Alfazi, Reputation Attacks Detection for Effective Trust Assessment of Cloud Services, in Proc. of TrustCom 13, T. H. Noor, Q. Z. Sheng, S. Zeadally, and J. Yu, Trust Management of Services in Cloud Environments: Obstacles and Solutions, ACM Computing Surveys, vol. 46, no. 1, pp. 12:1 12:30, S. Pearson and A. Benameur, Privacy, Security and Trust Issues Arising From Cloud Computing, in Proc. CloudCom 10, E. Bertino, F. Paci, R. Ferrini, and N. Shang, Privacy-preserving Digital Identity Management for Cloud Computing, IEEE DataEng. Bull, vol. 32, no. 1, pp , K. Ren, C. Wang, and Q. Wang, Security Challenges for the Public Cloud, IEEE Internet Computing, vol. 16, no. 1, pp , T. Dillon, C. Wu, and E. Chang, Cloud Computing: Issues and Challenges, in Proc. of AINA 10, Y. Wei and M. B. Blake, Service-oriented Computing and Cloud Computing: Challenges and Opportunities, Internet Computing, IEEE, vol. 14, no. 6, pp , J. R. Douceur, The Sybil Attack, in Proc. of IPTPS 02, Corresponding Author: T. Sandeep*, gpriya@vit.ac.in IJPT Sep-2016 Vol. 8 Issue No Page 15551