Cloud banking security through third party auditing with a digital signature

Abstract

Cloud computing from the last few years has rapidly grown from a business initiative into one of the fastest growing Emerging Technologies of Information and Communication Technology. It is an Internet based model that allows customers and enterprises to have an appropriate service that is paid per use and there is a network access to a shared collection of resources such as services, storage area, networks, servers and application programs that may not require end-user know-how of the site location and other computing infrastructure details. Financial institutions, especially the banking sector have slowly but reluctantly started embracing this technology with a view of reaping these benefits. This diverse exemplar makes available other security huddles. This work looks at the dilemma of ensuring the integrity of customer data that is stored in Cloud through the realization of the Third Party Auditor (TPA) with a digital signature. For this, since the services offered by the cloud service providers are accessible through the web this work demonstrates a security scheme or model that permits only the required data through the web and database applications. The objective of this work is to evaluate the security of the cloud alongside the Third Party Auditor performance under two scenarios that are dissimilar. The simulation tool used is the OPNET IT guru and a set of two scenarios are fashioned. Scenario number one does not have security across the cloud and scenario two has the authentic TPA implementation and this particular TPA has security policies to allow only the required traffic. Traffic of the database and http are used as the required applications across the cloud as a source of data and the TPA will take action on these applications. Evaluation of the performance of the cloud will be done across the database and web applications are estimated alongside the TPA way or conditions for working. The two test scenarios are compared against the metrics for the individual applications and also the performance of the cloud is estimated. The protection of data to be done by other authorized parties apart from the Cloud Service Providers (CSP) and Cloud Clients (CC) in a way that provides better security and performance than the prevailing ones.