EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) Security Issues and Privacy Policies of Cloud Computing for E-Libraries J.Vijaya Chandra1* Dr. Narasimham Challa2 and Dr. Mohammed Ali Hussain3 1*

Research Scholar, Department of Computer Science and Engineering, K.L.University, Vijayawada, India. E-mail: [email protected] 2

Professor & HOD, Department of Computer Science and Engineering, S.R College of Engineering, Ananthasagar, Hasanparthy, Warangal, India. E-mail:[email protected] 3

Professor, Department of Electronics and Computer Engineering, K.L.University, Vijayawada, India. E-mail:[email protected]

Abstract Cloud computing provides a platform for sharing resources, in digital libraries the members of libraries can access e-books, journals, publications 24/7 through remote access. Security is the major issue in the cloud computing, In this paper we discussed web application security, Authentication and Authorization, vulnerability and virtualization, data security and privacy policies. Also focused on Financial and Revenue issues of On-line payment for Cloud library membership, the membership amount is for online reading the eBook or for downloading the eBook. Piracy is the major threat for the Electronic libraries; the security issues to overcome piracy threat are discussed. Mathematical and Algorithmic Procedures and Experimental Analysis is given to cover the major issues of cloud computing and integrity security model. Key words: Cloud Computing, Vulnerability, Security, Policies

Introduction Cloud computing is an IT model which many Libraries and organizations are adopting. It allows an organization or library to avoid locally hosting multiple servers and equipment and constantly dealing with hardware failure, software installs, upgrades and compatibility issues. Cloud computing is a style of computing in which massively scalable and elastic IT-Enabled capabilities are delivered as a service to external customers using internet technologies. Libraries have been using cloud technologies services for over a decade. Online databases are accessed as cloud applications. Large union catalogs can also be defined as cloud applications. Library automation is the general term for information and communications technologies (ICT) that are used to replace manual systems in the library. The Library and Information Centre is an important component of any educational institution, which is the hub of the teaching, and learning activities where students, researchers and teachers can NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 1 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) explore the vast resources of information. In the traditional libraries users have to spend more time for searching a small piece of information and for that they have to depend mainly on the library professional or library staff. But in the age of Information Communication Technology, computers are being used for day-to-day housekeeping activity of the library, which saves the time of the end users, and library professionals also and at the same time avoid duplication of work and make the library service smooth and effective. A library management system, also known as an automated library system is software that has been developed to handle basic housekeeping functions of a library. Realizing the importance of library management system will play in planning and implementing library automation projects.

Related Work E-Learning aims at replacing traditional time/place/content predetermined learning with a just-intime/at-work-place/customized/on-demand process of learning. The basic concept of digital and virtual libraries is the sharing of information and resources globally for providing right and nascent information to the right user at the right time. It is the computing terminals having linkage to different sources of information in electronic or digital form. Cloud Computing Services appears as a promising technology for implementing e-Learning. The Cloud uses Web based technology which constitutes an environment in which human and machine agents will communicate on a secured resource sharing basis. One of its primary characteristics viz. shared understanding based on the Cloud backbone. Cloud enables the organization of learning materials around small pieces of semantically annotated learning objects. Items can be easily organized into customized learning courses and delivered on demand to the user, according to her/his profile and business needs. The cloud computing web based could be treated as a very suitable platform for implementing an eLearning system, because it provides all means for (e-Learning) cloud based e-libraries development, and annotation of learning materials their composition in learning courses and hand-on delivery of the learning materials through e-Learning portals. A malicious user can use vulnerabilities to handcraft parameters that by pass security checks and access sensitive data in e-libraries such as eBooks and e journals. Data access issue is mainly related to security policies provided to the user while accessing the data. In E-Libraries each member can access a particular set of data. Cloud Computing has significant implications of privacy of members information as well as confidentiality of electronic database such as eBooks , e-journals and other e-library related material. The security objectives of cloud computing in e-libraries are to ensure the availability of information communicated between or held within participating systems [1]. Library community can apply the concept of cloud computing to amplify the power of co-operation and to build a significant, unified presence on the web, cloud computing helps libraries to save time and money while simplifying workflows. Most libraries depend upon web technology to connect to the cloud, where systems are distributed across the net. Now libraries are based on integrated library system where the foreground is web and the background is the cloud interconnected to libraries all-over the world [7]. Business impact assessment is the assisting the business units in understanding the impact of a disruptive event. This phase includes the execution of vulnerability assessment for securing the Cloud in Digital Library Management System. The major technology used by the cloud computing in securing the Libraries is the web-applicationbased security where once the dataset is stored remotely, a user can access required data on remote services. In the era of cloud computing web security plays a more important role than ever. Library Search Engine can search on following elements of bibliographic records: 1) Author Catalogue 2) NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 2 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) Title Catalogue and 3) Subject Catalogue. Notifications for new arrivals of e-books/e-journals are delivered to the message to inbox of the user in the Library Cloud computing portal. The Wide Area Network that allows electronic communication among remote user’s DELNET, INDONET, INFLIBNET, MALIBNET, NICNET, ADINET etc.

Security Threats in E-libraries E-libraries are the web based applications related to the Cloud which provides services to the members of the E-library where the most common security threats which are found are injection flaws like SQL,OS and LDAP injection, Cross -Site Scripting and Forgery , Broken Authentication and Session Management, insecure direct object references, security mis-configuration, Insecure Cryptographic storage, Failure to restrict URL access, Insufficient Transport layer Protection, invalidated redirect and forwards[2]. An intruder is an individual, who performs security attacks on others domain, in a networked computing environment. The intruder may attempt to read privileged data like password cracking, perform unauthorized modification of data or disrupt normal functioning of a system. There are three classes of intruders such as Masquerader, Misfeasor and Clandestine User. Intrusion Detection refers to determining whether some unauthorized entity has attempted to gain access or has gained access to a protected system. The Intrusion Detection relies on the assumption that the behavior of an intruder differs from that of a legitimate user, in parameters that can be qualified. A fundamental tool for intrusion detection is audit records, i.e., records of ongoing activities of the users that form a vital input for intrusion detection. But there will be some overlaps between the behavior of legitimate users and intruders. So, an intrusion detection system is likely to generate some false alarms; and at the same time it may also fail to detect some actual intrusions. Cloud security mainly deals with anti-virus, identity management, access management and data loss prevention. Cloud Computing offers the easy retrieval of digital libraries using search engines. The primary interface between the user and the digital library is the Web application which has the backbone of the Cloud.

Solutions for Security Threats in E-libraries Digital libraries can be viewed from different perspectives; observes that the term digital library implies different things to different people, ranging from the simple act of transferring traditional libraries to an online medium to digital libraries with a space in which people communicate, share, and produce new knowledge, and knowledge products. When data is stored in the cloud it offers several advantages common data can now be easily shared among services and users. The need for local storage, maintenance and backup is removed. The main disadvantage is the centralized data base can be attacked by the intruders where they forge the agreements and can access the data. They convert the secured data to an unsecured data. The cloud computing solutions can create the new workflows needed by librarians because it offers the opportunities for a cooperative platform. The basic key principles they are openness, extensibility, data richness and collaboration. The openness NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 3 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) means that services and data are made available to support greater interoperability, not only within and between cloud services, but also with library developed and third-party applications. Extensibility means that the platform can easily accommodate the addition of new services and applications, developed either by the service provider or by members of the community. Data richness means that a library can interact with and expose a wide variety of information about purchased, licensed, and digital content through this platform and collaboration means that libraries can harness the collective power of the community of libraries to innovate and share solutions.

Securing the Cloud There are three fundamental tenets of information security-confidentiality, integrity and availability (CIA) – define an organizations security posture. All of the information security controls and safeguards, and all of the threats, vulnerabilities, and security processes are subject to the CIA. 





Confidentiality is the prevention of the intentional and unintentional unauthorized disclosure of contents. Loss of confidentiality can occur in many ways. For example, loss of confidentiality can occur through the intentional release of private company information or through a misapplication of network rights. Some of the elements used in securing the cloud computing that used to ensure the confidentiality are Network and Data Security Protocols, Network Authentication Services, Data Encryption Services. Integrity is the guarantee that the message sent is the message received and that message is not intentionally or unintentionally altered. Loss of integrity can occur through an intentional attack to change information for example, website defacement or more commonly, unintentionally data is accidentally altered by an operator. Integrity also contains the concept of non-repudiation of a message source, which some elements used to ensure integrity are firewall services, communications security management, intrusion detection services. Availability concept refers to the elements that create reliability and stability in networks and systems. It ensures that connectivity is accessible when needed, allowing authorized users to access the network or systems. Also included assurance is the guarantee that security services for the security practitioner are usable when they are needed. The concept of availability also tends to include areas in an information system (IS) that are traditionally not through of as pure security such as guarantee of service, performance and up time, yet are obviously affected by breaches such as a denial-of-service (DOS) attack. Availability is ensured by the fault tolerance for data availability, such as backups and redundant disk systems, Acceptable logins and operating process performance, reliable and interoperable security processes and network security mechanisms.

NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 4 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) System Model Security is for the Centralized Database, A System Model involves Four Parties they are cloud server, Group of Libraries, public verifier and Author/Publisher. There are two types of users in a group; they are the librarian and library member. The librarian creates shared data in the cloud and shares it with library members, where as members are of two types they are Faculty member and Student member. A student member can read e-books or e-journals where they did not have any privilege to download or share the data. Whereas Faculty member can read and download the data which is in PDF format where as he will not have any access to modify the data, The access to modify data will be given to Author / publisher which will be monitored by the public verifier. Every member of the group is allowed to access when username and password provided by the member is correct and he will able to access only according to the permissions provided to him by the public verifier according to the type of account. A public verifier, such as a third-party auditor providing expert data auditing services or a data user outside the group intending to utilize shared data, is able to publicly verify the integrity of shared data stored in the cloud server [3]. When a public verifier wishes to check the integrity of shared data, it sends an auditing challenge to the cloud server. After receiving the auditing challenge, the cloud server responds to the public verifier with an auditing proof of the possession of shared data. Then, this public verifier checks the correctness of the entire data by verifying the correctness of the auditing proof. Essentially, the process of public auditing is a challenge andresponse protocol between a public verifier and the cloud server. Cloud computing offers significant challenges for global organizations for facing multiple global and sometimes conflicting privacy rules, regulations, and guidance. Organizations need to adopt a systematic approach to addressing privacy in the cloud.

Figure 1: Library Management System in Cloud Environment NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 5 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) Secured Cloud Storage Cloud Computing provides reliable customized and quality of service guaranteed computation environments for cloud users. Common measureable benefits to cloud consumer include on-demand access to pay-as-you-go computing on a short-term basis, the cost savings offered by clouds is the “as-a-service” usage model, where by technical and operational implementation details of IT resource provisioning are abstracted from cloud consumers and packed into “ready-to-use”. Applications and databases are moved to the large centralized data centers of clouds. In the real world, data will be under lock and key, is subject to theft and is certainly open to accidental or malicious misuse. In the digital world, this analogy of lock-and-key protection of information has persisted, most often in the form of container-based encryption. So, cryptographic techniques are used to protect the cloud from intruders. Data security risks are compounded by the open nature of cloud computing. Access control becomes a much more fundamental issue in cloud-based systems because of the accessibility of the data therein. If you use a system that provides improved accessibility and opens up the platform to multi-node access, then you need to take into account the risks associated with this improvement. Digital identity holds the key to flexible data security within a cloud environment.

Cloud Storage Service The cloud storage service (CSS) relieves the burden of storage management and maintenance. However, if such an important service is vulnerable to attacks or failures, it would bring irretrievable losses to users since their data or archives are stored into an uncertain storage pool outside the enterprises. These security risks come from the cloud infrastructures, which should be much more powerful and reliable than personal computing devices. To overcome from the risks the cloud audit system architecture should be maintain properly and every actor in this architecture to fulfill their duties. Data owner is the publisher who owns the data of e-book or e-journals who will have the copyrights, different authors writes there papers or books and handovers to the publisher, the security of the data is main responsibility of the data owner so he stores his large amount of data in the cloud data server. Cloud Service Provider is one who provides data storage service and has enough storage spaces and computation resources; The Third Party Auditor is who has capabilities to manage or monitor outsourced data under the delegation of data owner.

Cloud Storage Maintenance Authentication and Authorization is the procedure to secure data stored in the clouds so that Authorized persons only can access eBooks or e-journals. Password is the biggest defense against intruders. Each user, in a multi-user environment will be assigned a User ID and Password. A user can change the password anytime. A fundamental principle of Password Management is that it should be known only to its owner. Authentication is the process of reliably verifying the identity. A Secure method for the initial distribution of passwords is for the user should be authenticating by NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 6 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) the system administrator or librarian. Several Important concepts that are used in Cloud Storage maintenance are Identification, Authentication, Accountability, Authorization and Privacy where as the Identification means by which users claim their identities to a system. Most commonly used for access control, identification is necessary for authentication and authorization. Authentication is the testing or reconciliation of evidence of a user’s identity. It establishes the user’s identity and ensures that the users are who they say they are. Accountability is a systems capability to determine the actions and behaviors of a single individual within a system and to identify that particular individual. Audit trails and logs support accountability. Authorization is the rights and permissions granted to an individual or process that enable access to a computer resource. Once a user’s identity and authentication are established, authorization levels determine the extent of a user’s system rights. Privacy is the level of confidentiality and privacy protection given to a user in a system. This is often an important component of security controls. Privacy not only guarantees the fundamental tenet of confidentiality of company data, but also guarantees the data level of privacy, which is being used by the operator. From a security management perspective, a key issue is the lack of enterprise-grade access management features. Since access control features will vary with the service delivery model and provider, customers will have to understand what access control features are available such as strong authentication, user provisioning and what their responsibilities are in managing the life cycle of user access to the cloud service.

Conclusion Cloud computing is a globalised communication system, based on web applications which benefits the modern e-libraries. Cloud environments in Globalized libraries are comprised of highly extensive infrastructure that offers pools of electronic books and electronic resources that can be leased using a pay-for-use model where by only the actual usage of the IT resources and e resources is billable, when compared to equivalent on premise environments, cloud provide the potential for reduced initial investments and operational costs proportional to measured usage. Globalizing Academic Libraries meet the needs of the 21st-century academic Web user. In developing interactive learning environments cloud computing plays a great role the concept of library is changing. The use of IT in library environment has changed the way library functions. Nowadays the digital library and paperless office etc. are much talked about. All Library and attached departments must globalize for the best practices to improve the services. The acquisition of knowledge has therefore been the thrust area throughout the world. The economy of present times depends no longer on visible resources and capital goods but on invisible knowledge and information. Therefore, poor nations as well as poor individuals can create wealth through active contacts and use of knowledge and information.

NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 7 of 8

EMERGING TRENDS AND TECHNOLOGIES IN ACADEMIC LIBRARIES IN DIGITAL ERA (ETTALDE-2014) References 1. Addressing cloud computing security issues, Dimitrios Zissis, Dimitrios Lekkas, Future Generation Computer Systems,Elsevier,2012, pp[583-592]. 2. A Survey on Security Issues in service delivery models of cloud computing, S.Subashini, V.Kavitha, Journal of Network and Computer Applications, Elsevier, 2011,pp[1-11]. 3. Oruta: Privacy-Preserving Public Auditing for Shared Data in the Cloud, Boyang Wang, Baochun Li and Hui Li - IEEE Members, IEEE TRANSACTIONS ON CLOUD COMPUTING, VOL. 2, NO. 1, JANUARY-MARCH 2014, pp[43-56]. 4. Cloud Computing: A Digital Libraries Perspective , Pradeep Teregowda, Bhuvan Urgaonkar, C. Lee Giles, Computer Science & Engineering, Pennsylvania State University, University Park, PA, USA. IEEE 3rd International Conference on Cloud Computing, 5-10 July 2010, pp [115 – 122]. 5. Winds of challenge: Libraries and cloud computing, oclc: The world libraries connected http://www.oclc.org/content/dam/oclc/events/2011/files/IFLA-winds-of-change-paper.pdf

6. Research on Cloud Computing-Based online Payment Mode, Zhiran Wang ; Dept. of Ecommerce, Wuhan Univ., Wuhan, China, Third International Conference on Multimedia Information Networking and Security (MINES), 2011, pp[559-563]. 7. Based on Cloud E-Commerce Models and its Security, Shen Juncai and Qian Shao, International Journal of e-Education, e-Business, e-Management and e-Learning, Vol 1, No 2, June 2011, pp[175-180]. 8. Performance Testing in Cloud: A Pragmatic A pragmatic approach , Neha thakur, white paper submitted to STC 2010.

NATIONAL SEMINAR ON 23rd & 24th August, 2014

Page 8 of 8