1 Introduction

With the prevailing of ubiquitous online access facilities, there is a great tendency to rebuild existing services using the cloud computing concept. The public cloud has a great beneficial feature with its open nature to provide a basement to widely share data between the multiple users. By its service provisioning capability, the public cloud is considered as a future social infrastructure [1]. That is, there are lots of social needs for the public cloud because highly popular services are inherently required to be rebuilt in the public cloud services [2].

Here, it is well known that security issues in the public cloud are critical for that a cloud plays a role as a basement for online service accesses [3]. However, the public cloud is known to be so week with various security attacks because it theoretically has controls to create and store customer’s private data by its own regulation. This means that the personal data committed to the public cloud would be out of control from the user, and can be intentionally and/or accidentally leaked from the cloud. Cloud users have a general fear of loss of control his personal data or secure data in the cloud domain, eventually, some attacks would be made easier after moving to a cloud. One possible way is to build the private cloud rather than the public cloud, but it may be great burden to a small organization for establishing facilities, data center, and expert engineers [4].

For last 5 years, research and industrial communities paid attention to resolve the security issues on the public cloud. As an infrastructure approach, an VPC (Virtual Private Cloud) concept is suggested and implemented by cloud service companies, such as Amazone [5] and Microsoft. It simulates the private cloud experience in public cloud by making use of the traditional virtual private network, so it is considered to be a partial solution to protect the path in-between the cloud entities. Some works [6, 7] are concentrated on providing a data security model. The model is based on the owner-write-user-read scenario; if a user wants to make use of secure data which has encrypted the other(owner), the user has to firstly obtain a token or certificate from the owner, then permitted to access secure data on the cloud. These are considered as a data centric protocol design. Security centric architectural approaches are proposed based on the cloud trust concept and outsourcing of security features from the cloud [8, 9]. These provide a management oriented conceptual and partial design. Our approach provides an exhaustive framework design, along with secure data creating and sharing procedure details. In summary, security issues should be immediately resolved on the public cloud, so that cloud services are performed on their beneficial potentials. Yet, most previous works are remained to adapt the traditional methodologies or to propose a partial solution.

This paper deals with a comprehensive cloud service framework to enable the public cloud to handle security centric data. Our approach aims to make clear the insecure security of the public cloud, and to protect the personal information as well as the private secure data. It is based on the consideration of how to balance the security roles between the user domain and the cloud domain. Theoretically, a cloud takes charge all duties for security control. Our approach tries to turn over some key security enforcement functions, such as authentication and key management, from the cloud domain to the organization which cloud users are belonged to; the cloud domain actualizes security policies, and practices the security policies and procedures in detail. To do this, three concepts, level of assurance, level of trust, and level of service, are applied in the framework. Then a security enforcement gateway is defined in the organization, while the security policies and practices roles are assigned in the cloud domain. With the proposed framework, a set of procedural sequences are suggested to create and share security critical data.

This paper is organized as follow. Section 1.2 analyzes the security threats in the public cloud and presents main strategies applied in our approach. Section 1.3 defines three parameters to formalize for security assessment model, and conceptual and procedural sequences to create and share secure data. Finally, Sect. 1.4 summarizes our work.

2 The Approach for Enabling Secure Service Framework

2.1 Security Issues on the Public Cloud

The public cloud inherently brings about a set of security issues, such as data and resource protection, availability, and privacy [10]. This mainly comes from the fact that a cloud has theoretically all controls to create and store customer’s private data by its own regulation. Therefore, the personal and/or secure data committed to the public cloud can be intentionally or accidentally leaked from the cloud. It is widely agreed that, without resolving the security problems, the public cloud will be never success in the future [4]. Security attacks on the public cloud can be considered in three points of view as below.

Insecure security: The public cloud controls main security roles by itself, such as authentication and encryption. Cloud services can be practiced to a user based on the contract between the user and the cloud. But it is very difficult to practice a security policy for many individual users and to force security details with the personal authority. To replace this uncertainty, it is required to adapt a trust system based on the obligation and responsibility between the CSPs (Cloud Service Providers) and the organizations.

Multiple tenancy and stakeholders: Many CSPs are taken part in the cloud service space, and at least 3 entities are engaged in a service, that is, user, CSP, and 3rd parties as rival or stakeholder. Because CSP may open data to an authenticated user, an integrated system is required to merge in-between CSPs. Even, the traditional attacks, such as id fraud and data theft will be possible by 3rd parties. To make clear this, one possible way is to turn over the authentication function into the organization which users belong to.

Open space security: In generally, a user is not able to control for how and where its own data will be stored, but a cloud do all of these. For data confidentiality, most common approach is that the user asks to encrypt its own data to the cloud. However, because the cloud manages the encryption key, the user would be still anxious for confiscation and theft. To resolve this paradox, the security key management role should be held by the organization which the user belongs to.

Figure 1.1 shows possible security attacks on the public cloud, and explains the main reasons why the public cloud is inherently so week with the security attacks. Firstly, a user cannot practice and impose security details with the personal authority. As a counterpart, an organization which the user belongs to is much reasonable to do that. Secondary, a user’s data will be opened to other users based on a cloud’s authentication. So the personal information for authentication is highly liable to be leaked from the cloud. Lastly, secure data may be encrypted by a security key managed by cloud service domain. Therefore, a user is never willing to commit secure data into the cloud with worrying about its leakage.

Fig. 1.1
figure 1figure 1

Security analysis on the public cloud

Full size image

2.2 The Proposed Approach

According to the security analysis in the previous subsection, we propose a security centric comprehensive service framework for the sake of handling security critical data on the public cloud. It consists of mainly two points. One is to tune over the authentication and key management controls into the organization which the user belongs to, rather than the cloud carries out all of them. The other is that the cloud regulates its own service level with considering of the user assurance level which is passed from the organization and the trust level which is evaluated from the security contract.

Figure 1.2 shows the conceptual diagram for proposed security service framework. In comparison with the theoretical public cloud, it includes two new components, that is, CSPPs (Cloud Service provider’s Security Policies and Practices) and AKG (Authentication and Key management Gateway), along with the security contract. CSP basically controls a set of cloud services. So, CSPP is defined into CSP with appending the role of security policies and practices. An organization defines its own service domain by agreeing a security contract with a set of CSPPs. Then, it assigns an AKG which plays a role of user authentication and security key management.

Fig. 1.2
figure 2figure 2

The proposed security service framework

Full size image

Thus, an organization should undertake a security contract with each CSPPs in which are interested. The security contract is actually established between the CSPP and AKG which are responsible for security related functionalities. It may include the organization’s trust level, a sort of services and their level which are permitted to a group of users, constraints, and the scope of security policies and practices. These all provide a basement for constructing a security assessment model.

An organization’s user has to pass through the AKG in order to pass authentication to take a cloud service. Even if the security policy is practiced in cloud domain, so CSPP, the organization which manages the personal information for authentication can protect the security threats, such as leak of personal information and identity fraud. Besides, the organization gets a control of key management for encrypting and decrypting its own user’s private data even if the data is stored in the public cloud. Here, it is assumed that CSPP guarantees “one-time-use” of the security key which has passed to, and that AKG and CSPP make use of a security association to protect the communication channel, such as eavesdropping and men in the middle attacks.

3 Security Critical Data Handling Procedure

The proposed security framework is a structural and comprehensive approach that security functionalities are preserved in the gateway within an organization, rather than they are committed into the public cloud.

3.1 Security Assessment Model

On requesting a cloud service, the user will be authenticated from the AKG on his organization. The AKG evaluates LoA (Level of Assurance) of the user, and passes it to the CSPP which will manage the requested service. The CSPP decides LoT (Level of Trust) based on the security contract which conducted between the organization (AKG) and the cloud (CSPP). Eventually, the CSPP determines LoS (Level of Service) with considering of LoA and LoT, along with its own security policies and practices.

For the cloud service requested by a user, CSPP decides LoS based on a trust-based security assessment model which is mainly borrowed from [11]. Figure 1.3 shows a demonstrative example of LoS decision method. A tuple < LoA for the user, LoT for the organization, security policies and practices for the service > is defined to describe security assessment information that CSPP deals with. For each tuple element, LoA and LoT are represented from 0 to 1. For a service A from user a in organization A, its LoS can be defined as a function of LoA a , LoT A , CSPP A , that is,

$$ {\text{LoS}}_{A} = f({\text{LoA}}_{a} ,{\text{ LoT}}_{A} ,{\text{ CSPP}}_{A} ). $$
Fig. 1.3
figure 3figure 3

Level of Service (LoS) decision method

Full size image

Let’s assume that the cloud service requests A and B are issued from the different users, a and b, even from the different organizations, A and B, and want to execute a service which shares secure data created from user a or b. This service request will be defined as a new service request, so C . An operation “*” is defined as follows:

$$ {\text{LoS}}_{C} = f\left( {{\text{LoA}}_{a} ,{\text{ LoT}}_{A} ,{\text{ CSPP}}_{A} } \right) \, *f\left( {{\text{LoA}}_{b} ,{\text{ LoT}}_{B} ,{\text{ CSPP}}_{A} } \right), $$

where, \( {\text{LoA}}_{c} = { \min }\left( {{\text{LoA}}_{a} ,{\text{ LoA}}_{b} } \right),{\text{ LoT}}_{C} = { \min }\left( {{\text{LoT}}_{A} ,{\text{ LoT}}_{B} } \right), \) and \( {\text{CSPP}}_{C} = { \max }\left( {{\text{CSPP}}_{A} ,{\text{ CSPP}}_{B} } \right) \)

3.2 Secure Data Creating

Based on the security contract with the CSPP, an organization’s AKG regulates main security enforcement roles, that is, authentication and key management, for the users subscribed to the organization. On the one hand, CSPP performs some roles to decide the service level for requested service, with considering three security parameters as: the level of assurance passed from AKG, the level of trust assessed from the security contract, and the security policies and practices defined for the service. Based on the evaluated service level, CSPP disciplines the security details of the cloud service requested by the user, while the cloud service carries actually out the service which the user wanted to do, if necessary, along with creating and storing of secure data.

In order to take a cloud service, the user has to register with AKG, actually on subscribing into the organization. The registration includes an enlistment of the user’s personal information for authentication procedure, and a master key. The key is utilized for generating a series of encryption and decryption keys to produce secure data by the cloud service, and session keys to establish a security association between AKG and CSPP. Based on the user’s request and/or CSPP’s security policy, CSPP requests an encryption key to AKG. AKG decides, and passes the corresponding key and its security strength with the trust level of CSPP. CSPP will eventually pass the key to the cloud service. Thus, it is strongly assumed that CSPP should control the “one-time-use” regulation of the key on the cloud service, to protect leak of the key.

Figure 1.4 shows a conceptual and procedural diagram to create secure data. Firstly, AKG on the organization A authenticates user a with its own regulation. It assesses the level of assurance of the user, and passes it to CSPP which will control the requested service. CSPP evaluates the level of service, and activates the corresponding cloud service to the user’s request. If the user or CSPP’s security policy wants to produce secure data, CSPP requests an encryption key to AKG. AKG generates the encryption key based on the level of trust with CSPP. Eventually, the cloud service creates and stores secure data for the user a, under the security control of CSPP.

Fig. 1.4
figure 4figure 4

Secure data creating procedure

Full size image

3.3 Secure Data Sharing

Without permitting to share secure data between the different users, even from the different organization, it is well known that cloud computing will never outperform its potential capabilities. The proposed framework aims to comprehensively improve the public cloud security by creating secure data with the key generated by an organization rather than by the public cloud itself. In addition, it provides a novel means to share secure data with other user, possibly from other organization. This mainly comes from the fact that the key security functionalities, such as authentication and key management, are separated from the cloud which is considered as an open domain, but privately managed by the organization which is a private domain.

Figure 1.5 shows a conceptual and procedural diagram to enable to share secure data between the two users who belong to the different organizations. To do this, a security contract should be undertaken between two organizations which want to share secure data. The security contract is established beforehand between the AKGs of the organizations. Let’s assume that user b in organization B invokes the cloud service which makes use of secure data created by user a in organization A. So, the data has been encrypted with the key managed by AKG in organization A.

Fig. 1.5
figure 5figure 5

Secure data sharing procedure

Full size image

Firstly, AKG on the organization B authenticates user b with its own regulation, and assesses the level of assurance of the user and passes it to CSPP which will control the requested service. CSPP evaluates the level of service form the service request from user b, then calculates a new level of service with considering the level of services from user a (who is the owner of requested secure data) and user b. It activates the corresponding cloud service with the new level of service. After that, CSPP requests the corresponding decryption key being used by user a to AKG in organization A. AKG on the organization A generates and passes the decryption key to CSPP based on the level of trust with CSPP. Eventually, the cloud service decrypts secure data created from the user a, and perform the cloud service to create secure data for user b under the security control of CSPP.

3.4 Discussion

Here, our work is concentrated on suggesting a secure cloud service framework and its corresponding two procedures, secure data creating and sharing. At a moment, we need to refine the security assessment model and to elaborate the detailed protocols on a framework prototype. And then, some experimental results, with simulation and/or prototyping, are required to validate the stability and completeness of our framework, and to evaluate the soundness and time complexity of the provided security procedures

4 Conclusions

With widely spreading of cloud computing platform, security issues are getting to become important in the research and commercial societies. Nevertheless, many of previous works are remained to concentrate on partial and/or cryptographic solutions, even adaptation of the traditional methodologies. In this paper, we suggested an overall and comprehensive framework to enable security critical data handling on the public cloud. The framework resolves the insecure security by making use of clear security contract between the responsible entities. It enhances privacy and confidentiality issues on the public domain, by pulling down the authentication and key management functions from a public cloud to the user’s organization. Additionally, with the security key, a security association can be effectively constructed to protect open space between the organization and the cloud. Finally, our work permits a novel means to share encrypted data between the users, possibly on the different organizations.