Encryption In Cloud Storage And Demonstration Computer Science Essay

The cloud computer science is the fresh engineering these yearss and it comes with a batch of hope but every bit good as a batch of troubles. The rapid development of engineering and user consciousness challenge the developer to construct a credible cloud that can safe as the computing machine in place. There are a batch of challenges are have to confront in the promotion of the engineering.

Scope and Aim:

During this work ; the chief aim is to analyze the cloud storage job and understand the working principal in OpenStack cloud.

The OpenStack cloud has many cloud calculating undertakings but we are largely focus on the storage system ; OpenStack Swift.

The range of this study is limited to the discovery out some proficient cardinal securities issues and demonstrates the working of the OpenStack Swift.

Get quality help now
Prof. Finch
Verified writer

Proficient in: Cloud Computing

4.7 (346)

“ This writer never make an mistake for me always deliver long before due date. Am telling you man this writer is absolutely the best. ”

+84 relevant experts are online
Hire writer

Methodology:

Study and understand some paper about cloud storage issue.

Breakdown and summarized the job.

Install the OpenStack Swift

Analyze the working of the OpenStack Swift.

Find out the any bug in the OpenStack Swift.

Outline:

The study is three parts:

Chapter 1 is dedicated to overcast storage system and its securities issues.

Chapter 2 is dedicated to the OpenStack Swift and its Working principal.

Chapter 3 is dedicated to the Codes and some consequences.

Chapter 2

Cloud Storage

Cloud computer science is the hot subject in IT industry. Cloud computer science is the cyberspace based development and is used on computing machine and so on. Users can purchase calculating resources as per their demands. If calculation and storage service can be acquired easy like electronic and H2O, it will be a revolution of IT industry.

Get to Know The Price Estimate For Your Paper
Topic
Number of pages
Email Invalid email

By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email

"You must agree to out terms of services and privacy policy"
Write my paper

You won’t be charged yet!

In cloud calculating environment, information is stored in a public storage supplier. Data security is the most of import facet of cloud storage. In cloud engineering people can hive away and recover the information as where footing that means people can entree and hive away the informations anyplace in the universe. The chief restraint for such computer science is merely the Internet entree and its velocity.

To rei¬?ne the dei¬?nition of cloud computer science, the undermentioned indispensable features are denoted

On-demand service: A client may change ( addition or lessening ) the sum of desirable calculating resources automatically with or without the human interaction with the supplier.

Network entree: the resources for calculating should be available for pre-defined clip and can be accessed by the any standard mechanism.

Resource pooling: as In the cloud calculating the resource are shared among the clients and they are dynamically assigned and reassigned harmonizing to the consumer ‘s demand. The resources may be the physical or practical or both that should be assign dynamically.

Rapid snap: the service supplier should be able to quickly alter the proviso graduated table out or graduated table in. Ideally, from the consumer point of position the resources are infinite and can be purchase on demand.

Measured service: the services which are used by the consumer should be the “ wage as you go ” theoretical account like our electricity and H2O supply theoretical accounts.

2.1 Cloud Deployment theoretical account:

Based on the entree on the cloud substructure, the theoretical accounts are distinguish in four type

Private cloud: the substructure is used by the individual organisation and the resources are allocated for merely this organisation or purely related company. This can be managed by ego or utilizing any other 3rd party.

Community cloud: this type of the substructure is used by the some group of organisation which may hold the common specific end.

Public cloud: this type of substructure is used by the general populace and can pull off by the one or more organisation.

Hybrid cloud ; this type of cloud is complex may be the combination of private and public and community cloud. The direction may be done by the individual organisation or group of organisation.

Depending upon the utilised cloud deployment theoretical account, any organisation have different degree of entree over it. For illustration ; organisation has a greater control over the private cloud than in the public cloud.

Basically the cloud calculating offers three types of services, viz.

Software as a service ( Saas ) fundamentally trades with the package and application, Platform as a service ( Paas ) provides the substructure for application development and Infrastructure as a service ( Iaas ) delivers the anchor services to run the computer science.

Fig. cloud taxonomy ( 12 )

Yes, the Iaas is the chief anchor for hive awaying informations i.e. storage. The name is given as cloud storage and defined as

Cloud Storage is “ An on-line storage service over the Internet. “ aˆ- [ DF3 ]

“ Cloud storage is a theoretical account of networked online storage where information is stored in virtualized pools of storage which are by and large hosted by 3rd parties. Hosting companies operate big information centres, and people who require their informations to be hosted bargain or rental storage capacity from them. The information centre operators, in the background, virtualizes the resources harmonizing to the demands of the client and expose them as storage pools, which the clients can themselves utilize to hive away files or informations objects. Physically, the resource may cross across multiple waiters. [ DF2 ] .

“ A cloud storage system can be considered to be a web of distributed information centres which typically uses cloud calculating engineerings like virtualization, and others some sort of interface for hive awaying informations. To increase the handiness of the informations, it may be redundantly stored at different locations. In general, all of this is non seeable to the user.aˆ- [ National Institute of Science and Technology, USA ] .

Therefore cloud storage consist at least a storage and the resources should be virtualized and have an internet entree.

Harmonizing to Cloud Computing Security Alliance the cloud storage ( Iaas ) is has the following option to hive away informations:

2.2Types of storage we need?

Suppose we have some informations like back up files, images, Pdf, databases etc. they can non be fit in the same sort of storage. For an illustration, paperss can non work expeditiously on the database. Different types of informations can hold different types of entree form so that it is better to salvage in different type of storage system. So of course the informations storage system is loosely categorized in the three different classs ; viz. :

1. ) Block storage

2. ) File storage

3. ) Object storage

Block storage:

A block is the sequence of bytes or spots holding the length usually called block size. In this system natural volume of storage are created which found in difficult thrusts. It is universally deployed, like difficult thrusts, floppy phonograph record and optical devices. The block can be entree straight through the I/O devices and SCSI or any fiber channel. They are wake up with operating system wakes up. For illustration, the databases are created on block storage and work expeditiously to recover the relational information.

File storage:

File storage takes the formatted difficult thrusts and exposes the file system on it. It is an abstraction to hive away, recover and update a set of files. The operating system needs to hold the appropriate client package installed to be able to entree the remote file system. For illustration, Network Attach Storage.

Block storage:

With object storage, files are exposed through an HTTP interface, typically with a REST API. All client informations entree is done at the user degree: the operating system is incognizant of the presence of the distant storage system. In OpenStack, the Object Storage service provides this type of functionality. Users entree and modify files by doing HTTP petitions. Because the informations entree interface provided by an object storage system is at a low degree of abstraction, people frequently build on top of object storage to construct file-based applications that provide a higher degree of abstraction. For illustration, the OpenStack Image service can be configured to utilize the Object Storage service as a backend. Another usage for object storage solutions is as a content bringing web ( CDN ) for hosting inactive web content ( e.g. , images, and media files ) , since object storage already provides an HTTP interface. It is now going more popular because of dependability to hive away immense sum of informations in low cost. The fleet uses the block storage system and is one of the ground to derive popularity in short period of clip.

2.3Problem in cloud storage:

The information is non stored in the user ‘s ain computing machine and hence ; there is ever fright of losing the information. The information is really of import and should n’t be mismatch with others informations. The confidence of information is another issue in the cloud storage security. “ Data is safe until it is in my pen thrust but how can I guarantee that the information is non accessed, mismatch and is available when I want? ”

The biggest concerns about cloud storage are dependability and confidentiality and Integrity. Clients are n’t likely to intrust their informations to another company without a warrant that they ‘ll be able to entree their information whenever they want and no 1 else will be able to acquire it. They besides must guarantee about the informations unity, data-stolen and mandate. Therefore, there are a batch of security stairss are carried out from the measure of the door. The unity, confidentiality and handiness are the bosom of the cloud computer science. [ 6 ] There is several techniques are implemented to accomplish the demand of cloud service.

Encoding: This is the complex method to encode information in cloud because informations security is more concern in the cloud. Different techniques of encoding are implemented by different cloud storage supplier.

The information is should be transportation in web. So there are two stages of informations ; informations at remainder in cloud storage and information is traveling ( in the web ) . The encoding procedure may use to all of them or none of them depending upon the service degree understanding between supplier and endorser. But Cloud Computing Security Alliance ( subsequently CSA ) has given the three options for making the encoding regardless the technique usage by the supplier or endorser.

The encoding strategy must supply the protection against the snapshot cloning/exposure.

It must protect volume from expose loss of thrusts ( physical jeopardy ) .

They may utilize:

File/folder encoding: they can utilize standard file booklet encoding tools to code the information before puting the storage.

Client/Application encoding: when the object is used as back- terminal for an application, encrypt the informations utilizing encoding engine embedded in your application or client.

Proxy encoding: Data should go through through the encoding placeholder before stored in the placeholder waiter.

Regardless the type of storage there are different type of the encoding method are propose. Sonami et. Al proposed the RSA encoding algorithm to procure the information in the cloud. [ 1 ] Craig Gentry proposed an to the full homomorphic encoding [ FHE ] in his PHD thesis in 2009 A.D [ 2 ] . But the some research shows that lone encoding is non plenty for the secure informations in cloud. Van Dijk et. al [ 3in pdf ] proved that impossibleness of the encoding to procure the informations in cloud. Therefore, they need privateness and unity on besides informations. Wang et. al [ 10in pdf ] proposed the privateness continuing scrutinizing system where they involve a 3rd party that is responsible for continuing privateness in cloud.

Fig. Architecture of cloud informations storage service

This system bring forth four algorithm ( keygen, siggen, genproof, verifyproof ) . The keygen is coevals of the key and siggen will bring forth the metadata used to verify the signature. The genproof will bring forth by the waiter to look into the unity ( rightness ) of the informations in the waiter. The verifyproof is run by the 3rd party to look into the rightness of the information. The strategy has two solution mac based solution and HLA based solution. In the mac-based solution user upload the information with mac reference and direct the corresponding secret key to third party which helps to look into the rightness by naming the information with mac and cipher the information rightness.

Drawback: it is applicable merely for the inactive informations.

Another solution proposed is to alter the model to procure the information. it will portion the duties between supplier and consumer. Xiao Zhang et. al [ 13 in pdf ] proposed the such a frame work that will portion the duty. The information lost, stolen and clang is borne by consumer and service supplier is responsible for informations transportation, mandate and storage of informations.

Fig. Model to guarantee informations security [ 13 in pdf ]

This model speaks about secure storage, transportation and authorization. The informations can be made safe by retroflexing in the different zone to protect from natural catastrophe such as fire, storm. This model besides talks about the construct of reproduction of informations. The information may be replicated in the individual waiter platform or multi server platform. The encoding system is proposed to give the more security on informations [ } 6in pdf ] . For the transportation of informations ; it proposed the two solutions. One solution is cut down the computation clip, scheduling and plan the new scheduling theoretical account that offer these services. Another method is push informations near to the user. This is may be the construct of content bringing web ( CDN ) .

This paper proposed the black box operation of the informations so the even the system decision maker besides non authorized to make anything to informations. Each user has own authorization to respective belonging to him. Yan et. Al proposed the federal individuality direction in cloud which means each user and waiter has alone individuality and this is allocated by the system hierarchally. [ 19in pdf ]

Authentication: This is used to authenticate the individual is legal for work on that information. The validating of any user is normally done in two stage. First stage is disambiguating the individuality and 2nd stage is formalizing the certificate that already provided to the user. In general instance the hallmark method is username and watchword. The harmonizing to server flat understanding between supplier and endorser, it may be rigorous like hardwired hallmark or VPN connexion or anything that is favourable for both.

Mandate: Client may be the individual user or organisation. And Individual employee in the organisation has specific occupation and should hold the entree right to data harmonizing to his right. The regulation separation is based on endeavor or group of user. And it can be pre-defined by the endeavor or harmonizing to SLA.

Integrity: This includes how the information is integrated and can I acquire the fresh one? Data is vulnerable and leads to human mistake and it should besides guarantee the informations back-up with fresh transcript even if the information is removed or deleted accidently.

Dependability: This will assures us the how the information will acquire that I uploaded without any failure of web.

The CSA, ENSIE and NIST already proposed the general model for the cloud calculating. in the every point of position. I am traveling to show the comparative position of the securities issues.

+ denotes the issues discuss in the papers and – agencies it is omitted.

Table: comparing issues raise by CSA [ A ] , ENSIE [ B ] and NIST [ C ] .

Chapter 2

OpenStack Swift

OpenStack Swift ( afterwards merely Swift ) is extremely available, distributed and consistent object/blob storage shop. The OpenStack Object Store undertaking, known as Swift, offers cloud storage package so that you can hive away and recover tonss of informations in practical containers. It ‘s based on the Cloud Files offering from Rackspace. [ defined by openstack ]

2.1General architecture of Swift

The undermentioned Swift features are of import to understand to cognize about fleet storage.

All objects stored in Swift have a Uniform resource locator

All objects stored are replicated 3x in as-unique-as-possible zones, which can be defined as a group of thrusts, a node, a rack etc.

All objects have their ain metadata

Developers interact with the object storage system through a RESTful HTTP API

Object informations can be located anyplace in the bunch

( Via hypertext transfer protocol: //swiftstack.com/openstack-swift/architecture/ )

Datas

Storage

Get/Put/Deleteee

Fig. the accessing of informations in fleet storage system

The Swift contains different constituents which are describe below

Proxy waiter:

This is the chief interface for communicate with client. It is the first interface that every client must travel through it. For each petition, it will look into the location of the history, container, or object in the ring and route the petition consequently. The public API is besides exposed through the Proxy Server. The hardware failures besides handle by the proxy waiter ; when hardware failure occurs, this waiter will inquire the ring for handoff or path alternatively.

The Ring:

A Ring represents a function between the names of entities stored on disc and their physical location. There are separate rings for the Containers, histories and objects. Whenever any subject/component wants to interact with the corresponding objects, histories or container, it should be first interact with the ring to cognize their specific location. The ring is besides responsible for finding which devices are used for handoff in failure scenarios.

Partition

Partition

Partition

The Ring

Storage Node

Fig. The Ring Concept

Object waiter:

Object waiters are really simple blobs storage waiter to hive away, recover, update and cancel the objects stored in local devices. Objects are stored as binary files on the filesystem with metadata stored in the file ‘s extended properties ( xattrs ) . Each object is stored utilizing a way derived from the object name ‘s hash that besides contains container and history hash and the operation ‘s timestamp. Last write ever wins, and ensures that the latest object version will be served.

Container waiter:

The Container Server ‘s primary occupation is to manage listings of objects. It does n’t cognize where those object ‘s are, merely what objects are in a specific container.

Account waiter:

The Account Server is really similar to the Container Server, demuring that it is responsible for listings of containers instead than objects.

Container informations

Container database

Container

Object

Accountdatabase

Container database

Fig. relation among Account, Container and Object

Reproduction:

Reproduction is used to do the system consistent in impermanent failure like web outages or drive failures. The process is simple, it compare the information in the object waiter which written last with latest remote transcript to guarantee the fresh handiness of informations. during the reproduction procedure it will see the hast list to rapidly compare subdivisions of each divider, and container and history reproduction use a combination of hashes and shared high H2O Markss. By default the reproduction is done in every 30 seconds. It can be configure as per user demand.

Updaters:

If there in any clip, the object, container or history are non updated ; so updater is used for updating these.

Hearers:

They are those who are responsible for unity of object, container and history. If corruptness if found, so file is quarantine and can be replace by any of the fresh transcript that is placed in the any of the several reproduction.

Partitions:

acoount database, container and objects are jointly stored in the partiion.this is the anchor for reproduction system.the every operation like reproduction, upload/download are done in divider. . The execution of a Partition is conceptually simple ; a divider is merely a directory sitting on a disc with a corresponding hash tabular array of what it contains

Object

Object

Object

Object

Account database

Container database

Partition is assign to three disc in different zone.

Zone 3

Zone 2

Zone 1

Fig. Relation among zone, divider and container database

Zone: In Swift ; zones are the specific location created by the user. It may be the individual computing machine or multiple computing machines or may be the different geographical country. Zones are created to guarantee the informations handiness and if a zone is failed by any agencies so the information is can be conveying up by another zone.

The zone plays an of import function in the clip of hardware failure of accidently deleted objects.

Zone1

Zone2

Zone3

Fig. Date reproduction in footings of zone failure

2.2How it works:

The Swift shops all the information as an object. Whenever user wants to upload or to read the informations from OpenStack from his history. He has to authenticate himself as a fleet user. To authenticate himself he should hold some hallmark parametric quantities such as username and watchword or hallmark item. Whenever uses attempt to entree the Object, the placeholder waiter look into the genuineness of that user. He may look into with the hallmark token or may be utilizing other key-managers. Whatever ; the placeholder is merely door to pass on with object.

So in the first stage, user has to authenticate with the waiter

Account, username watchword

Authentication Token and URL for storage History

Authentication waiter

Fig. hallmark of user

Load balancer

Proxy node

Storage

Storage node

Storage node

Fig. uploading the information in the openstack Swift

2.3Key direction:

The OpenStack offer different hallmark middleware. By default it is tempauth. But we can utilize the anchor or swauth hallmark. Swauth is an external undertaking for the hallmark and anchor is freshly comparatively immature than the swauth. The tempauth is by and large used for the proving intent.

Normally, the hallmark item is valid for 24 hours but can be managed. After clip expired ; the user demand to be hold another item. The keys are can be placed in the MySQL database utilizing the keymanger ( separate undertaking ) .

Whenever we used the databases to hive away the keys ; the hallmark middleware asks the database for the keys.

3.3 Encoding

Swift does n’t supply ant encoding by default if we want to code our informations. We must supply external faculty. The information in the Swift is topographic point with the hash map of it container, history, object and salt. There informations is indecipherable if I want to recover illicitly. Salt is the hash map that is ne’er alteration. It is besides used to co-ordinate with different zones. So when we store informations in our history ; informations is wrote on disc with the hash. The hash created by utilizing MD5 and placed along with informations. Whenever we change on the information, the waiter will look into the hash, and placed the newest hash.

So, in Swift

account+container+object+salt MD5 Path to the file on the storage node.

So, may be there is merely one onslaught is seen clearly that is hit attack.we ca n’t make the hash like that but we can alter the hash map utilizing

H ( m ‘ ) =h ( m ) .

The some research institute are seeking to do the encoding faculty for OpenStack Swift as an Open beginning but yet there is no great accomplishment. Mirantis [ web ] is claimed that he made one on disc encoding faculty with keymanager and anchor and it used the m2crypto as a cryptanalytic faculty.

Chapter-3

Installation of OpenStack Swift

For put ining Openstack Swift we should hold following libraries. I did it on Ubuntu 10.04 desktop platform.

Software needed: python 2.6, rsync 3.0

For presentation purpose we can either do one node 4 divider or 4 node with individual divider each for each node. I did individual 4 node and each divider for each. I have choosen individual node with 4 divider and I am utilizing openstack Swift 1.7.7.

Before istalling the openstack Swift you need to add excess difficult disc in your VMware or Virtual machine. For this bash as shown in screen shooting

First of all we need to put in some package

$ sudo su – # that will be take you in root

$ apt-get-repository ppa: swift-core/release # this is optional if you want to add repository into your # beginning list.

$ apt-get update # to review the source.list

Now add some package:

$ apt-get install coil gcc git-core memcached python-coverage python-dev python-nose python-setuptools python-simplejson python-xattr sqlite3 xfsprogs python-eventlet python-greenlet python-pastedeploy python-netifaces python-pip

# imporatant this is required for install and run the Swift.

Now put in the package that you need like openssh energy etc. ( optional )

$ apt-get install openssh-server

$ apt-get install openssl # it may be already in the Ubuntu

$ apt-get install m2crypto # faculty for encoding of objects ( optional if you want encoding )

now adduser for openstack Swift

$ adduser fleet # it will inquire you password set it

$ adduser fleet Swift # the latter one is group

arrange the disc utilizing

$ fdisk /dev/sdb

so imperativeness ( thousand, n,1, enter, enter, tungsten )

Now make the file system. We need to take xfs file system because it supports metafile that is used by Swift.

$ mkfs.xfs -f -i size=1024 -L /dev/sdb1

Now trial with “ blkid ”

$ blkid

You ‘ll see merely the merely the old all file system.

Degree centigrades: UserssujitAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.WordScreenshot.png

# To mount the disc into the system we have to compose in /etc/fstab

# Use you favourite text editor to open /etc/fstab

$ gedit /etc/fstab # and add the undermentioned lines

/dev/sdb1 /mnt/sdb1 xfs noatime, nodiratime, nobarrier, logbufs=8 0 0

Now create the direactory for saddle horse the discs.

$ mkdir /mnt/sdb1

$ mount /mnt/sdb1

$ mkdir /mnt/sdb1/1 /mnt/sdb1/2 /mnt/sdb1/3 /mnt/sdb1/4

Change the rights in node

$ chown -R Swift: Swift /mnt/sdb1/* # antecedently created user

$ mkdir /srv

Make the directory /etc/swift where you can set all the necessary information and constellation file.

$ mkdir /etc/swift

$ mkdir -p /etc/swift/object-server

$ mkdir -p /etc/swift/container-server

$ mkdir -p /etc/swift/account-server

$ mkdir -p /srv/1/node/sdb1 /srv/2/node/sdb2 /srv/3/node/sdb3 /srv/4/node/sdb4 /var/run/swift

Do n’t bury this cut # this will make the all necessary directory

# Now change the permission

$ chown -R Swift: fleet chown -R Swift: fleet /etc/swift /srv/ [ 1-4 ] / /var/run/swift

Degree centigrades: UserssujitAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.WordScreenshot-2.png

Now create the distant synchronism file and paste the followers

[ container6011 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/container6011.lock $ gedit /etc/rsyncd.conf

uid = Swift

gid = Swift

log file = /var/log/rsyncd.log

pid file = /var/run/rsyncd.pid

reference = 127.0.0.1

[ container6021 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/container6021.lock [ account6012 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/account6012.lock

[ container6031 ]

soap connexions = 25

way = /srv/nod

read merely = false

lock file = /var/lock/container6031.lock [ account6022 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/account6022.lock

[ container6041 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/container6041.lock [ account6032 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/account6032.lock

[ account6042 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/account6042.lock

[ object6030 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/object6030.lock

[ object6040 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/object6040.lock

[ object6010 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/object6010.lock

[ object6020 ]

soap connexions = 25

way = /srv/node/

read merely = false

lock file = /var/lock/object6020.lock

goto /etc/default/rsync and do RSYNC_ENABLE=true

$ gedit /etc/default.rsync

good after this about complete the synchronism merely re-start it.

$ service rsync restart

Now log in as invitee in the system

$ issue

If you want to run all the system utilizing book so you can make the bin booklet ( optional ) .

$ mkdir ~/bin

Copy the Swift package from any location e.g. github or launchpad etc.

$ git ringer hypertext transfer protocol: //github.com/openstack/swift.git

$ cadmium Swift ; sudo python setup.py develop

Again download the python Swift client because we are traveling to entree utilizing through CLI.

$ git ringer hypertext transfer protocol: //github.com/openstack/python-swiftclient.git

$ cadmium python-swiftclient ; sudo python setup.py develop

Now edit the ~/.bashrc and set

export SWIFT_TEST_CONFIG_FILE=/etc/swift/test.conf

export PATH= $ { PATH } : ~/bin

now we are traveling to make /etc/proxy-server.conf. It is really of import because every petition is through the placeholder. And we are traveling to compose minimal codification that should work in our demo.

$ gedit /etc/swift/proxy-server.conf # and compose the undermentioned codification

[ DEFAULT ]

bind_port = 8080

user = Swift # the username that we created before

log_facility = LOG_LOCAL1

eventlet_debug = true

[ grapevine: chief ]

grapevine = healthcheck cache tempauth proxy-logging proxy-server

[ app: proxy-server ]

usage = egg: fleet # placeholder

allow_account_management = true

account_autocreate = true

[ filter: healthcheck ]

usage = egg: fleet # healthcheck

[ filter: cache ]

usage = egg: fleet # memcache

[ filter: tempauth ]

usage = egg: fleet # tempauth

user_admin_admin = admin.admin.reseller_admin

user_test_tester = proving.admin

user_test2_tester2 = testing2.admin

user_test_tester3 = testing3

[ filter: proxy-logging ]

usage = egg: fleet # proxy_logging

We are traveling to do the Swift hash that is ne’er alteration and that is used while making object hash.

$ sudo gedit /etc/swift/swift.conf # write the followers

[ swift-hash ]

# random alone twine that can ne’er alter ( DO NOT LOSE )

swift_hash_path_suffix = I will ne’er alter

now we need to compose the some line for container object and history server.as said earlier there is 4 conatiner, 4 accoutn waiter and 4 object server so we are traveling to compose for all.

[ grapevine: chief ]

grapevine = recon account-server

[ app: account-server ]

usage = egg: fleet # history

[ filter: recon ]

usage = egg: fleet # recon

[ account-replicator ]

vm_test_mode = yes

[ account-auditor ]

[ account-reaper ] $ cadmium /etc/swift

$ sudo gedit account-server/2.conf

[ DEFAULT ]

devices = /srv/1/node

mount_check = false

disable_fallocate = true

bind_port = 6012

user = & lt ; your-user-name & gt ;

log_facility = LOG_LOCAL2

recon_cache_path = /var/cache/swift

eventlet_debug = true

$ sudo gedit account-server/4.conf

[ DEFAULT ]

devices = /srv/4/node

mount_check = false

disable_fallocate = true

bind_port = 6042

user = Swift

log_facility = LOG_LOCAL5

recon_cache_path = /var/cache/swift4

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon account-server

[ app: account-server ]

usage = egg: fleet # history

[ filter: recon ]

usage = egg: fleet # recon

[ account-replicator ]

vm_test_mode = yes

[ account-auditor ]

[ account-reaper ]

$ sudo gedit account-server/3.conf

[ DEFAULT ]

devices = /srv/3/node

mount_check = false

disable_fallocate = true

bind_port = 6032

user = Swift

log_facility = LOG_LOCAL4

recon_cache_path = /var/cache/swift3

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon account-server

[ app: account-server ]

usage = egg: fleet # history

[ filter: recon ]

usage = egg: fleet # recon

[ account-replicator ]

vm_test_mode = yes

[ account-auditor ]

[ account-reaper ]

$ sudo gedit account-server/2.conf

[ DEFAULT ]

devices = /srv/2/node

mount_check = false

disable_fallocate = true

bind_port = 6022

user = Swift

log_facility = LOG_LOCAL3

recon_cache_path = /var/cache/swift2

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon account-server

[ app: account-server ]

usage = egg: fleet # history

[ filter: recon ]

usage = egg: fleet # recon

[ account-replicator ]

vm_test_mode = yes

[ account-auditor ]

[ account-reaper ]

$ sudo gedit container-server/1.conf

[ DEFAULT ]

devices = /srv/1/node

mount_check = false

disable_fallocate = true

bind_port = 6011

user = Swift

log_facility = LOG_LOCAL2

recon_cache_path = /var/cache/swift

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon container-server

[ app: container-server ]

usage = egg: fleet # container

[ filter: recon ]

usage = egg: fleet # recon

[ container-replicator ]

vm_test_mode = yes

[ container-updater ]

[ container-auditor ]

[ container-sync ]

$ sudo gedit container-server/2.conf

[ DEFAULT ]

devices = /srv/2/node

mount_check = false

disable_fallocate = true

bind_port = 6021

user = Swift

log_facility = LOG_LOCAL3

recon_cache_path= /var/cache/swift2

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon container-server

[ app: container-server ]

usage = egg: fleet # container

[ filter: recon ]

usage = egg: fleet # recon

[ container-replicator ]

vm_test_mode = yes

[ container-updater ]

[ container-auditor ]

[ container-sync ]

$ sudo gedit container-server/3.conf

[ DEFAULT ]

devices = /srv/3/node

mount_check = false

disable_fallocate = true

bind_port = 6031

user = Swift

log_facility = LOG_LOCAL4

recon_cache_path = /var/cache/swift3

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon container-server

[ app: container-server ]

usage = egg: fleet # container

[ filter: recon ]

usage = egg: fleet # recon

[ container-replicator ]

vm_test_mode = yes

[ container-updater ]

[ container-auditor ]

[ container-sync ]

$ sudo gedit container-server/4.conf

[ DEFAULT ]

devices = /srv/4/node

mount_check = false

disable_fallocate = true

bind_port = 6041

user = Swift

log_facility = LOG_LOCAL5

recon_cache_path = /var/cache/swift4

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon container-server

[ app: container-server ]

usage = egg: fleet # container

[ filter: recon ]

usage = egg: fleet # recon

[ container-replicator ]

vm_test_mode = yes

[ container-updater ]

[ container-auditor ]

[ container-sync ]

# do n’t bury to compose this.

$ sudo gedit object-server/3.conf

[ DEFAULT ]

devices = /srv/3/node

mount_check = false

disable_fallocate = true

bind_port = 6030

user = Swift

log_facility = LOG_LOCAL4

recon_cache_path= /var/cache/swift3

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon object-server

[ app: object-server ]

usage = egg: Swift # object

[ filter: recon ]

usage = egg: fleet # recon

[ object-replicator ]

vm_test_mode = yes

[ object-updater ]

[ object-auditor ]

$ sudo gedit object-server/1.conf

[ DEFAULT ]

devices = /srv/1/node

mount_check = false

disable_fallocate = true

bind_port = 6010

user = Swift

log_facility = LOG_LOCAL2

recon_cache_path = /var/cache/swift

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon object-server

[ app: object-server ]

usage = egg: Swift # object

[ filter: recon ]

usage = egg: fleet # recon

[ object-replicator ]

vm_test_mode = yes

[ object-updater ]

[ object-auditor ]

$ sudo gedit object-server/2.conf

[ DEFAULT ]

devices = /srv/2/node

mount_check = false

disable_fallocate = true

bind_port = 6020

user = Swift

log_facility = LOG_LOCAL3

recon_cache_path = /var/cache/swift2

eventlet_debug = true

[ grapevine: chief ]

grapevine = recon object-server

[ app: object-server ]

usage = egg: Swift # object

[ filter: recon ]

usage = egg: fleet # recon

[ object-replicator ]

vm_test_mode = yes

[ object-updater ]

[ object-auditor ]

[ grapevine: chief ]

grapevine = recon object-server

[ app: object-server ]

usage = egg: Swift # object

[ filter: recon ]

usage = egg: fleet # recon

[ object-replicator ]

vm_test_mode = yes

[ object-updater ]

[ object-auditor ]

$ sudo gedit object-server/4.conf

[ DEFAULT ]

devices = /srv/4/node

mount_check = false

disable_fallocate = true

bind_port = 6040

user = Swift

log_facility = LOG_LOCAL5

recon_cache_path= /var/cache/swift4

eventlet_debug = true

Let ‘s make the ring where we can specify the figure of reproduction that we need default is 3.

rebalance # it will take sometimes we have wait a small spot more clip.

$ swift-ring-builder object.builder

$ swift-ring-builder object.builder create 18 3 1

$ swift-ring-builder object.builder add z1-127.0.0.1:6010/d1 1

$ swift-ring-builder object.builder add z2-127.0.0.1:6020/d2 1

$ swift-ring-builder object.builder add z3-127.0.0.1:6030/d3 1

$ swift-ring-builder object.builder add z4-127.0.0.1:6040/d4 1

$ swift-ring-builder container.builder create 18 3 1

$ swift-ring-builder container.builder add z1-127.0.0.1:6011/d1 1

$ swift-ring-builder container.builder add z2-127.0.0.1:6021/d2 1

$ swift-ring-builder container.builder add z3-127.0.0.1:6031/d3 1

$ swift-ring-builder container.builder add z4-127.0.0.1:6041/d4 1

$ swift-ring-builder container.builder rebalance

$ swift-ring-builder account.builder create 18 3 1

$ swift-ring-builder account.builder add z1-127.0.0.1:6012/d1 1

$ swift-ring-builder account.builder add z2-127.0.0.1:6022/d2 1

$ swift-ring-builder account.builder add z3-127.0.0.1:6032/d3 1

$ swift-ring-builder account.builder add z4-127.0.0.1:6042/d4 1

$ swift-ring-builder account.builder rebalance

Now lets run

$ swift-init start all # work without mistake so you code is all right. There may be one info that object expirer could happen merely neglect it.

Now run with the coil.

$ coil -v -H ‘X-Storage-User: trial: examiner ‘ -H ‘X-Storage-Pass: testing ‘ hypertext transfer protocol: //127.0.0.1:8080/auth/v1.0

if it is all right so reply should be like

And now seeking to link with storage utilizing this hallmark and URL.

$ coil -v -H ‘X-Auth-Token: & lt ; token-from-x-auth-token-above & gt ; ‘ & lt ; url-from-x-storage-url-above & gt ;

Now look into the position of storage can be check as

$ fleet -A hypertext transfer protocol: //127.0.0.1:8080/auth/v1.0 -U trial: examiner -K proving stat

Degree centigrades: UserssujitAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.Word est3.png

we can utilize external middleware for authentication.swauth is old but still dependable hallmark middleware. To utilize swauth ; we have to download

$ git ringer hypertext transfer protocol: //github.com/gholt/swauth

Below is constellation for swauth and swauth with SSL certification.

[ DEFAULT ]

cert_file = /etc/swift/cert.crt

key_file = /etc/swift/cert.key

bind_port = 443

user = $ SWIFT_USER

log_facility = LOG_LOCAL1

[ grapevine: chief ]

grapevine = healthcheck cache swauth proxy-server

[ app: proxy-server ]

usage = egg: fleet # placeholder

allow_account_management = true

account_autocreate = true

[ filter: swauth ]

usage = egg: swauth # swauth

set log_name = swauth

super_admin_key = swauthkey

default_swift_cluster = local # hypertext transfer protocol: //127.0.0.1/v1

[ filter: healthcheck ]

usage = egg: fleet # healthcheck

[ filter: cache ]

usage = egg: fleet # memcache

[ DEFAULT ]

bind_port = 8080

user = Swift

log_facility = LOG_LOCAL1

[ grapevine: chief ]

grapevine = healthcheck cache swauth proxy-server

[ app: proxy-server ]

usage = egg: fleet # placeholder

allow_account_management = true

account_autocreate = true

[ filter: swauth ]

usage = egg: swauth # swauth

set log_name = swauth

super_admin_key = swauthkey

default_swift_cluster = local # hypertext transfer protocol: //127.0.0.1:8080/v1

[ filter: healthcheck ]

usage = egg: fleet # healthcheck

[ filter: cache ]

usage = egg: fleet # memcache

The SSL certification should be saved in /etc/swift and self-signed certification can be created utilizing the bid.

$ openssl req -new -x509 -nodes -out cert.crt -keyout cert.key

Degree centigrades: UserssujitAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.Wordssl.png

Now here is the some bid utilizing the swauth with and without SSL.

$ swauth-prep -K swauthkey

$ swauth-add-user -A hypertext transfer protocol: //127.0.0.1:8080/auth/ -K swauthkey -a testaccount testuser testpassword

$ coil -v -H ‘X-Storage-User: testaccount: testuser ‘ -H ‘X-Storage-Pass: testpassword ‘

hypertext transfer protocol: //127.0.0.1:8080/auth/v1.0

$ fleet -A coil -v -H ‘X-Storage-User: testaccount: testuser ‘ -H ‘X-Storage-Pass: testpassword ‘

hypertext transfer protocol: //127.0.0.1:8080/auth/v1.0

$ coil -v -H ‘X-Auth-Token: & lt ; Authentication token & gt ; ‘ & lt ; storage URL & gt ;

$ coil -v -H ‘X-Auth-Token: & lt ; Authentication token & gt ; ‘ & lt ; storage URL & gt ; stat

$ coil -v -H ‘X-Auth-Token: & lt ; Authentication token & gt ; ‘ & lt ; storage URL & gt ; upload mydata informations

$ coil -v -H ‘X-Auth-Token: & lt ; Authentication token & gt ; ‘ & lt ; storage URL & gt ; list

Using SSL we can besides add user but you must authenticate ourselves. We can pretermit the waiter certification utilizing -k. so

$ swauth-prep -K swauthkey -A hypertext transfer protocol: //127.0.0.1:443/auth/

$ swauth-add-user -A hypertext transfer protocol: //127.0.0.1:443/auth/ -K swauthkey -a ssl1account ssl1user ssl1password

$ coil -v -H ‘X-Storage-User: rage-Pass: ssl1password ‘ -k hypertext transfer protocol: //127.0.0.1:443/auth/v1.0

$ coil -k -v -H ‘X-Auth-Token: & lt ; hallmark token & gt ; ‘ & lt ; storage URL & gt ; stat

Decision

In this undertaking, we learned some interesting facts about the cloud storage system. We went both practical and theoretical attack. As we have seen in the research subject, the execution is non easy and has to confront a batch of troubles to do the encrypted system. During the undertaking we learned the construction of cloud storage, and how it works with informations, what may the possible onslaught on the information on cloud. And what is being the best solution in the cloud to procure the informations. We are besides able to see the security consciousness of the different cloud calculating organisation.

We besides learned the basic about the unfastened beginning OpenStack Swift. We studied about the he Swift storage system and its working rule. We are able successfully installed the Swift1.7.7. The working of Swift we found much interesting because it automatically replicate the informations in different zone. When one zone is failed, the informations can be acquiring from another zone. So we can state this system is made for “ hardware failure ” . We tested with canceling some informations in one divider but it will automatically retroflex the information to that topographic point. When we analyze system ; I found it may be vulnerable to the hit onslaught. We tried to implement “ Mirantis ” unfastened beginning execution of on disc encoding in my undertaking but we did non win. But we are able to analyse how it works with different authenticate middleware.

Cite this page

Encryption In Cloud Storage And Demonstration Computer Science Essay. (2020, Jun 02). Retrieved from https://studymoose.com/encryption-in-cloud-storage-and-demonstration-computer-science-new-essay

👋 Hi! I’m your smart assistant Amy!

Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.

get help with your assignment