Nitin Singh Chauhan

A Green Software Development Life Cycle for Cloud Computing

Cloud computings recent proliferation has received attention from green crusaders hoping to mitigate the carbon footprint of large datacenters and IT infrastructures, but what about the software? A new framework for a greener cloud focuses on energy-efficient software development.

An Approach to Measure Security of Cloud Hosted Application

Recent time has seen rampant proliferation in the cloud services. However cloud services characteristics has also increased opportunities for attacks on data and applications hosted in the cloud. Unsecure practices at technical or/and at operational level by cloud service providers (CSP), dependency on web based service delivery and cloud technology related vulnerabilities could lead to application and data compromise. These threat scenarios require cloud customer to look for more transparency and controls. SLAs and contracts do not provide technical and measurable method to find the security control status of cloud hosted application/data. In this paper,we propose an approach and system for security measurement, which can help cloud customers to have realistic view of their application/data security posture in the cloud environment.

Energy analysis of security for cloud application

Cloud brings in a set of unparalleled benefits as well as a host of security threats. Strong security is the key to reap the benefits of cloud computing. While it is a known fact that cloud adoption saves energy consumption as it leverages technologies like virtualization, there are times when cloud also increases instances of energy consumption due to extra security controls required. This paper highlights some of the key security challenges and controls in cloud and compares energy consumption prospect of these controls with traditional data center scenarios. In this paper, we try to formulate extra energy requirements for the desired level of security controls in cloud environment. Different cloud deployment model were considered while doing this analysis. In the concluding section, we also discuss the possible recommendations that can bring down the energy consumption while maintaining the required security level for cloud data and applications.

A New Scheme for Mobile Based CAPTCHA Service on Cloud

CAPTCHAs are popularly used techniques to distinguish humans and automated applications. Such techniques are often useful in banking transactions, email creation, online surveys, data downloads etc. Starting from a very primitive stage of providing the users with a simple alphabetical string to asking using to do complex calculations, CAPTCHAs have come a long way in terms of sophistication of human-bot distinction. However in this process, these CAPTCHAs have lost their human friendliness, either because of the noise being added to the CATPCHA tests or because of the complications of the challenges thrown to the user resulting in bad experience. The traditional CAPTCHAs also fail to take into account the unique needs of the ubiquitous mobile devices. These mobile devices have few limitations like small display area, limited display resolution, color combinations of the display, processing power etc. Also, they have unique advantages of touch sensitive input devices, voice inputs, voice outputs etc. In this paper, we present a scheme for a CAPTCHA service on Cloud, which is specific to mobile application. We duly consider the need of usability and presentation that is required for a mobile device in our implementation. The proposed CAPTCHA framework offers scalable and flexible implementation opportunities in many verticals and domains. Another unique feature of our framework is that we provide the facility for distributed verification. This greatly improves the efficiency at the CATPCHA generation as well as reduces the response time for the user authentication as human.

A security analysis of smartphone data flow and feasible solutions for lawful interception

Smartphones providing proprietary encryption schemes, albeit offering a novel paradigm to privacy, are becoming a bone of contention for certain sovereignties. These sovereignties have raised concerns about their security agencies not having any control on the encrypted data leaving their jurisdiction and the ensuing possibility of it being misused by people with malicious intents. Such smartphones have typically two types of customers, independent users who use it to access public mail servers and corporates/enterprises whose employees use it to access corporate emails in an encrypted form. The threat issues raised by security agencies concern mainly the enterprise servers where the encrypted data leaves the jurisdiction of the respective sovereignty while on its way to the global smartphone router. In this paper, we have analyzed such email message transfer mechanisms in smartphones and proposed some feasible solutions, which, if accepted and implemented by entities involved, can lead to a possible win-win situation for both the parties, viz., the smartphone provider who does not want to lose the customers and these sovereignties who can avoid the worry of encrypted data leaving their jurisdiction.

A robust scheme on proof of data retrievability in cloud

In the era of rampant adoption of information technology and social networking, data generation is rapidly outpacing data storage resources. Cloud computing has emerged as cost effective, flexible and scalable alternate to address issue of increasing resource requirements. Though the advantages offered by such services appear attractive, there are certain inherent challenges related to trust and data security. Ensuring data integrity and retrievability of data in cloud is one such challenge. Proof of retrievability (POR) concept tries to establish assurance for cloud customer regarding correctness and completeness of their data. In this paper, we evaluate an already existing POR scheme and propose a new crypto based scheme which helps in reducing the amount of computation and storage at cloud customer side while establishing POR. In our scheme client is not required to store any large set of data locally except a secret key which is required for encryption. Compare to previous scheme, we also avoid the necessity of encrypting entire data at client side, thereby saving client computational resources. The proposed scheme is relevant for large static data such as video files, audio files and social networking data etc.

Credit Based Micro Licensing Scheme for Digital Services

Digital piracy poses a serious threat to majority of digital content and services, whether available offline or over the Internet. To combat against piracy, various licensing models are in practice. Further, with the proliferation of smart gadgets, distribution of digital contents becomes more prudent in multiple forms. In this work, we propose a new scheme of licensing to utilize licenses at micro level and to re-utilize un-used licenses for future transactions. Our licensing scheme allows effective utilization of licenses and is especially suited in the scenarios of catering digital services.