تحقیق و طراحی چارچوب ابری رمزنگاری Research and design of cryptography cloud framework

I. INTRODUCTION At present, information technology with the rapid development promotes the rhythm and pace of society. With the assistance of characteristics of cloud computing that include high scalability, high reliability and flexibility, more and more application systems migrate to the cloud to deployed, for achieving the goal of centralized management of data and efficient use of resources. Cloud computing technology has been widely used in the information system of industry, finance and government, which greatly facilitates the work and life of people; at the same time, network information has become an important strategic resource, whose security can’t be underestimated. To protect security of information data in the network environment, cryptography application mode under the cloud computing environment becomes particularly important. While the traditional cryptography technology is limited to fixed carrier and non-scalable cryptography computing resource, so that it can’t satisfy the encryption requirements of massive cloud data [1]. The conception of Crypto as a Service (CaaS) [2] [3] developed the concept of cloud computing from the aspect of information security, it finds a new way for the application of the cryptography technology in the cloud environment, also helps to innovate the new method. According to the report of cloud computing standard [4] published by the NIST in 2011, the security of cloud computing can be divided into 3 parts, which are the security of cloud application, the security of cloud data and the security of cloud hardware with the virtualization. Thereinto, the security of cloud application is mainly about the research on terminal equipment and network equipment supported by trusted technology, also on the reliability and security of outsourcing calculations; the research on cloud data security includes confidentiality, integrity, consistency and reliability of cloud storage data; the major research on the security of cloud hardware with the virtualization are vulnerabilities of hardware facilities in terms of virtualization, security protocols and strategy of virtualized network and security technology of cloud resource pool as well as the upper virtual machine [5]. Cloud cryptography service providers that include Amazon Web Services (AWS), Alibaba Cloud, JN TASS and Sansec have put forward highavailable security solutions of the cloud, such as AWS CloudHSM service that is the first one to be achieved commercialization. In addition to that, CloudHSM service mainly provides key management functions for the AWS cloud, and hardware security module (HSM) in which has the function of storage and management of users’ private key, and has the characteristics of high-speed calculation and high-level security requirements [6]. Alibaba Cloud launched cloud data encryption service [7] jointed JN TASS, which is to provide credible data security solutions for users that based on hardware cipher machine certified by State Cryptography Administration (SCA). Sansec put forward a series of cloud security solutions from the perspective of infrastructure security, application platform security and network transmission security, all of which have the responsibility of a guarantee to protect security of keys and the credibility of cloud cryptography service. At the present stage, most of cryptography applications have provided protection of business application information by the cloud cipher machine and other hardware devices. So that, research on cloud cryptography service that is based on facilities with virtualization function is becoming gradually mature, but it still lacks the cryptography service system with cloud computing model to provide cryptography services. Therefore, to improve the flexibility of cryptography service in cloud environment. this paper studied and designed a cryptography cloud (CC) framework, and analyzed its usability and security.