27-06-2012, 04:28 PM
A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service
A Business Model for Cloud Computing.pdf (Size: 314.03 KB / Downloads: 89)
Abstract
Enterprises usually store data in internal storage and
install firewalls to protect against intruders to access the data.
They also standardize data access procedures to prevent insiders
to disclose the information without permission. In cloud
computing, the data will be stored in storage provided by service
providers. Service providers must have a viable way to protect
their clients’ data, especially to prevent the data from disclosure
by unauthorized insiders. Storing the data in encrypted form is a
common method of information privacy protection. If a cloud
system is responsible for both tasks on storage and
encryption/decryption of data, the system administrators may
simultaneously obtain encrypted data and decryption keys. This
allows them to access information without authorization and thus
poses a risk to information privacy.
INTRODUCTION
In recent years, cloud computing has become a hot topic in
the global technology industry. The initiatives include
Google’s research project for building an infrastructure to
support research needs of top-tier American universities. Weiss
noted that cloud computing services include several existing
computing technologies [1], such as service-oriented utility
computing [2], grid computing with large amount of computing
resources [3], and that using data centers for data storage
services.
Prior to the development of the concept of cloud
computing, critical industrial data was stored internally on
storage media, protected by security measures including
firewalls to prevent external access to the data and including
organizational regulations to prohibit unauthorized internal
access. In the cloud computing environment, storage service
providers must have in place data security practices to ensure
that their clients’ data is safe from unauthorized access and
disclosure. More importantly, the regulations and measures for
preventing privileged users such as system administrators from
unauthorized access must be rigorously established and
implemented.
A BUSINESS MODEL FOR CLOUD COMPUTING BASED ON
A SEPARATE ENCRYPTION AND DECRYPTION SERVICE
Core Concepts
This study proposes a Business Model for Cloud
Computing Based on a Separate Encryption and Decryption
Service. The concept is based on separating the storage and
encryption/decryption of user data, as shown in Fig. 3. In this
business model, Encryption/Decryption as a Service and
Storage as a Service (SaaS) are not provided by a single
operator. In addition, the SaaS provider may not store
unencrypted user data and, once the provider of
Encryption/Decryption as a Service has finished encrypting the
user data and handed it off to an application (e.g. a CRM
system), the encryption/decryption system must delete all
encrypted and decrypted user data.
BENEFIT ANALYSIS AND DISCUSSION
Cloud computing environments include three types of
service: infrastructure, platform and software. To the user,
cloud computing virtualizes resources and, to access services,
the user only requires a means of accessing the Internet, e.g., a
smart phone or PDA, or even a Smart Card or other active
smart chip, thus reducing purchasing and maintenance costs for
software and hardware. Because key industrial data is stored on
the service provider’s equipment, the service provider must
protect the user’s data, for example by encrypting the user’s
data prior to storage. However, this leaves the service
provider’s high-privilege internal staff (e.g., system
administrators) with access to both the Decryption Key and the
user’s encrypted data, exposing the user’s data to risk of
potential disclosure.