Data Security in Cloud Architecture

Published on January 2017 | Categories: Documents | Downloads: 37 | Comments: 0 | Views: 242
of 9
Download PDF   Embed   Report

Comments

Content

International Journal of Research (IJR) Vol-1, Issue-5 May 2014 ISSN 2348-6848

Data Security in Cloud Architecture
Ms Swati H. Bele
H.V.P. Mandal's College Of Engineering & Technology
Amravati , Maharashtra
ME First year computer science & Engg.
[email protected]
Prof. A.B. Raut
Assistant Professor, Department of Computer Science & Engineering
H.V.P. Mandal's College Of Engineering & Technology
Amravati , Maharashtra
[email protected]

Abstract – Mechanical progressions in distributed
computing because of expanded network and
exponentially multiplying information has brought
about relocation towards cloud construction modeling.
Distributed computing is innovation where the clients'
can utilize top of the line benefits as a part of
manifestation of programming that dwell on distinctive
servers and access information from everywhere
throughout the world. Distributed storage empowers
clients to get to and store their information anyplace. It
likewise guarantees ideal utilization of the accessible
assets. With a guaranteeing innovation like this, it
absolutely abandons clients' protection, putting new
security dangers towards the certitude of information in
cloud. The security dangers, for example, support of
information uprightness, information concealing and
information wellbeing rule our worries when the issue of
cloud security come up. The voluminous information
and tedious encryption computations identified with
applying any encryption system have been
demonstrated as an obstruction in this field. In this
exploration paper, we have mulled over a configuration
for cloud construction modeling which guarantees
secured development of information at customer and
server end. We have utilized the non brittleness of
Elliptic bend cryptography for information encryption
and Diffie Hellman Key Exchange instrument for
association foundation. The proposed encryption
instrument utilizes the mix of direct and curved
cryptography systems. It has three security checkpoints:
verification, key era and encryption of information.

Index Terms – cloud architecture, ECC, Diffie
Hellman

versatility, ease of use, asset prerequisites. The US
National Institute of Standards and Technology
(NIST) characterizes it as takes after [1]: "Distributed
computing is a model for empowering helpful, oninterest system access to an imparted pool of
configurable
registering assets (e.g., systems, servers, stockpiling,
applications, and administrations) that can be quickly
provisioned and discharged with insignificant
administration exertion or administration supplier
association." Cloud processing permits clients to get
to
programming
applications
and
figuring
administrations. They may be put away off-site at
areas instead of at neighborhood server farm or the
client's PC [4]. Distributed computing panders to
clients' solicitation for administrations. There is no
compelling reason to burn through cash on buying
and overseeing of assets. The three generally
referenced distributed computing administration
models are clarified as takes after.
1.
Software as a Service (SaaS): Also known as
Application Service Provider or ASP model. It alludes
to administration that gives clients' the viability to get
to
administrations
of
cloud
by
running
straightforward programming like a peruse.
Illustrations: Gmail, Google Groups.

I. INTRODUCTION
Characterizing distributed computing turns into a
troublesome undertaking with numerous definitions,
yet no agreement on single or one of a kind ones.
Distributed computing alludes to a system of PCs,
joined through web, imparting the assets given by
cloud suppliers coddling its client's necessities like

2.
Platform as a Service (Paas): This
administration permits the clients' to create
applications and send them. Samples: Google App
Engine permits designers to make tweaked
applications.
3.

Infrastructure as a Service (IaaS): This

administration permits clients' to get to the servers'
computational and stockpiling foundation in an
incorporated administration [2] [3] [6]. Say for a case,
we have Amazon Web Services. It permits remote
access to Amazon.com's processing administrations.
In Cloud figuring space, there are situated of critical
strategies, which incorporate issues of protection,
namelessness, security, obligation and unwavering
quality [2]. The most imperative of these issues is the
information security and how cloud suppliers
guarantees it [2]. Best system to ensure our
information is its encryption. Diverse encryption
plans for security of information have been being
used for a long time. Encryption of information is
carried out by changing over information from typical
plaintext to incomprehensible figure content. This
strategy, nonetheless, doesn't turn out to be much
powerful for cloud frameworks as this transformation
includes immense and extremely intricate numerical
calculations.
AI. ISSUES IN CLOUD SECURITY
The three issues of distributed computing security
are: classifiedness, respectability and accessibility;
known as the ACI triad [3].

Fig 1: The AIC Triad

Since distributed computing is utility accessible on
web, so different issues like client protection,
information robbery and spillage and unauthenticated
gets to are raised [6]. Cryptography is the art of safely
transmitting and recovering data utilizing an
unreliable channel [9]. It includes two methods:
encryption and decoding. Encryption is a procedure in
which sender changes over information in type of an
indiscernible string or figure content for transmission,
so that a spy couldn't think about the sent information.
Unscrambling is simply the converse of encryption.
The collector changes sender's figure content into an
important content known as plaintext [13].
III. LITERATURE REVIEW

A. Accessibility
Accessibility is the authentication that information
will be accessible to the client in a ceaseless way
independent of area of the client. It is guaranteed by:
adaptation to internal failure, system security and
verification.
B. Respectability
Respectability is the certification that the information
sent is same as the message got and it is not adjusted
in the middle. Uprightness is encroached if the
transmitted message is not same as gotten one. It is
guaranteed by: Firewalls and interruption discovery.
C. Secrecy
Secrecy is evasion of unapproved confession of client
information. It is guaranteed by: security conventions,
confirmation administrations and information
encryption administrations.

In 2010, Joshi et al. [1] give an outline of diverse
information security issues identified with distributed
computing. This bit of work spotlights on
guaranteeing security in distributed computing by
giving secured dependable cloud environment. Farzad
Sabahi [2] clarifies about the extent of different
ventures moving to cloud. The creator discloses how
relocation to cloud can advantage different ventures.
Distributed
computing
movement
includes
considering the gravity of issue of security.
In 2011, Ashish Agarwal et al. [3] discuss security
issues concerned with distributed computing. This
paper has discussed a few genuine security dangers
that wins this field. Ashutosh Kumar et al. [4]
focussed on giving a safe building structure to
imparting and information gathering. This cynosure
of this work is that the creators have made a consent
progressive system at distinctive levels. The creators
have focussed on security however with perspective
of utilization chain of command. In 2012,
M.Venkatesh el al [5] proposes RSASS framework

for information security. The plan utilizes RSA
calculation for encoding vast records and putting
away the date. The framework can be utilized for
putting away extensive databases. At the same time
the utilization of direct routines bargains with the
information recovery speed. Henceforth, this
framework is useful for static information. Prashant

P=(q, FR ,a, b, c, G, n. h) (1)

Rewagad et al. [6] propose a framework for giving
security in cloud system. The structural planning uses
the blend of computerized mark calculation of Diffie
Hellman and AES encryption.

Elliptic Curves (EC) over limited fields are utilized to
actualize open key conventions. The Elliptic bend is
characterized on either prime field GF (p) or parallel
field GF (2n). Since number-crunching in last field is
much quicker, we work in GF (2n). An elliptic bend E
is characterized by the disentangled projective
facilitates as take after:

IV. Issue STATEMENT

Y2Z + XYZ = X3 + aX2Z + bZ3 (2)

The security of information of the client is prime
obligation of cloud supplier. In this way, for
productive information security we require an
instrument that gives secure information encryption
and secure shield against information burglary. The
related works said above have focussed on cloud
security issues. They have given diverse systems to
information security in cloud environment. Diverse
looks into have focussed on the way that client for the
most part needs to get to vast volumes of information
from the cloud in a secured way. However the
intricacy of the cryptographic calculation utilized,
hasn't been given much significance. The multifaceted
nature of the calculation straightforwardly influences
the velocity of information access. We require some
calculation that will help in proficient and fast
secured information access.

This open key cryptography plan is characterized
more than two fields: prime Galois Field, GF (p), or
over double augmentation Galois Field, GF (2m). In
GF (p), the

q: the prime umber or 2m that characterizes bend's
structure. FR: field representation. a, b: the bend
coefficients. G: the base point (Gx, Gy). n: the request
of G. It must be enormous prime number. h: cofactor
co-productive [7] [12].

mathematical statement of Elliptic Curve is:
Y2modP=x3+ax+bmodp (3)
Where:
4a3+27b2modp≠0 (4)
with components of GF (p) as numbers somewhere
around 0 and p-1 [7]. In GF (2m), the comparison of
Elliptic Curve is given by:
y2+xy=x2+ax2+b (5)

V. ELLIPTIC CURVE CRYPTOGRAPHY
1. Diagram
Elliptic Curve Cryptography (ECC) was proposed by
Koblitz [14] and Miller [15] in 1980s. ECC is an open
key cryptographic plan. It utilizes properties of
Elliptic Curves to create cryptographic calculations.
Security of ECC is taking into account the
immovability of ECDLP i.e. Elliptic Curve Discrete
Logarithm Problem. Elliptic Curve Cryptography is
characterized with help of taking after parameters as:

where: b ≠ 0. Over GF (2m), guidelines for point
expansion and point multiplying can be actualized
[12] [14] [15].
2. Elliptic Curves on R
Elliptic bends, known and mulled over since hundreds
of years, utilized by
Andrew Wiles in his confirmation of Fermat's
keep going hypothesis are logarithmic bends or
Weierstra bends. y2 = x3+

VII. PROPOSED SYSTEM
In this paper we go for uprooting the security dangers
for cloud structural planning by utilizing two
encoding strategies: Diffie Hellmann Key Exchange
and Elliptic Curve Cryptography. To convey these
two routines, we have proposed another building
design which can be utilized to plan a cloud
framework for better security and dependability on
the cloud servers in the meantime keeping up the
information honesty from client perspective.
Our framework includes taking after steps:
Fig 2: Elliptic curves for two equations

3. Discrete Logarithm Problem (DLP)
Elliptic curve system is based on DLP. A group
structure given by elliptic curves over finite field is
used to implement these schemes. Group elements are
some rational points lying curve. They have a special
point called point at infinity [7] [10] [11]. The group
operation is addition of points. It is carried out by
arithmetic operations in finite field. Major building
block of ECC is scalar point multiplication. We take a
point P and add it to itself. This operation is
performed some n no of times to get resulted point Q.
Number of times P is added is called k. To obtain k
from Q and P is called as Elliptic Curve Discrete
Logarithm Problem (ECDLP).
4. Advantages
Till date, there is no sub exponential-time algorithm
to solve ECDLP in selected elliptic curve group ..
Hence, cryptosystems that rely on ECDLP provide
high strength-per-bit. This makes ECC work on
smaller key sizes. It requires less memory than other
DLP-based systems. The general key size for ECC is
around 163 bits, providing the same security level as
1024 key bits of RSA. This makes ECC’s very
attractive for implementations in areas where we have
memory limitations and computational overhead is a
concern.
VI. DIFFIE HELLMANN KEY EXCHANGE
Diffie-Hellman key exchange protocol is first
public key cryptography scheme. It was proposed by
Witfield Diffie and Martin Hellman in 1976 [8]. It
uses two keys -- one secret and other private key. If
Sender wants to communicate with the receiver, he
encrypts the message with his private key and
senders’ public key. On the receiving end, receiver
decrypts the sent message using his private key and
sender’s public key [8] [13]. This scheme is based on
the difficulty of computing logarithmic functions for
prime exponents. This is known as Discrete
Logarithm Problem (DLP) [11].

1. Foundation of association
When the client logs in our framework shockingly, he
is asked to make a record in the framework. The
starting association is made with the assistance of
HTTPS and SSL conventions.
2. Account Creation
Surprisingly when a secured association is structured,
the client is asked to fill in the record points of
interest needed for record creation in our cloud
framework. These points of interest are sent over the
web to our server. The record is made in the
framework. Further, the association is then settled by
Diffie Hellmann Key Exchange convention. The
server likewise produces the client id which goes
about as extraordinary client identifier, its Diffie
Hellman proportionate stream, obliged private and
open key for ECC encryption. The client id is sent to
the client over the secured channel.
Client is asked to keep this id as a mystery on the
grounds that it is utilized as an apparatus to confirm
him each time he sign on to the framework.

Fig 3: Account creation process

id from the server repository. If the key matches, then
the connection is established by this protocol again
and user is logged in to the server. At the back end of
user, its private key and the ECC algorithm is sent for
encryption.
4. Data Exchange

3. Authentication
As soon as the user opens the home page of cloud
A.
server, SSL connection is established. As the account
is created, the user is asked to authenticate himself
giving all the necessary details and the secret user id
sent to him earlier.
B.
The cloud server checks the validity of user by first
finding out the Diffie Hellman equivalent of the user

The data exchange here includes 2 steps:
The client side: The client wants to fetch a data from
server repository; his query is converted in a form of
file and encrypted using his public key. This
encrypted data is then sent to client for processing.
The server side: The server receives the encrypted
data. It decrypts it using the private key and processes
user query. The result of so obtained is encrypted
again and sent to the client side.

.

VIII. COMPUTATION

OF KEY

FOR CRYPTOGRAPHY

The key era in this
construction
modeling
happens at two levels: one
for ECC and other for Diffie
Hellman.
1. For ECC
People in general key is
point on the bend. Private
key is an irregular number.
General society key is
produced by increasing
private key with generator
point G [11]. This point era
and different components are
examined underneath.

Fig 5: Data
Processing
view of Client

A. Reckoning of Point on
the Curve
ECC calculation can figure
another point on the bend
given the item focuses. We
encode this point as data to
be traded between the end
clients [9].
B. Decision of Field
To break down calculations
with littler reckonings, we
utilize polynomial time
calculations and for complex
processings can be assessed
with
exponential
time
calculations
[9].
The
comparison of an elliptic
bend is given as,
y2=x3+ax+b

Fig 6: Data
Processing
view of Server

C.
Whole
Factorization

number

Given a whole number n

which is the result of two
expansive primes' p and q,
we have:

given it a chance to be B1
and B2.
B1=k*p

y2=x3+ax+b
B2=M+(k*p)
It is anything but difficult to
figure n for given p and q. It
is computationally infeasible
to focus p and q for
expansive estimations of n.
Its security relies on upon
the trouble of figuring the
huge prime numbers. The
strategy used to tackle
Integer Factorization issue is
the Number Field Sieve
which is sub exponential
calculation [11].
D. Key Generation
Key era is an essential part.
A calculation ought to
produce both open and
private key. The sender will
encode
the
message
information
with
the
beneficiary's open key and
recipient will decode with its
private key. Select a number,
d in scope of n. We produce
the general population key
utilizing after comparison,
Q= d*p

F. Decoding
Utilize the accompanying
mathematical statement to
acquire unique message that
was sent i.e 'm'.
M=B2-d*B
M is unique information that
was sent.
2. Diffie
Exchange

Hellman

Key

This convention is one of the
pioneers in conception of
open key cryptography. It
takes after the accompanying
steps.
Info: G is an abelian bunch;
g G, m is prime
multiplicative request.
Yield: A mystery s G which
will be impacted by both the
sides.

d = the irregular number in
scope of (1 to n-1). P is a
point on bend. Q is open
key. d is private key.

Steps:

E. Encryption

gdA.

Let "m" be message to be
sent. Consider "m" has point
"M" on the bend 'E'.
Arbitrarily select a worth "k"
from [1 - (n-1)]. Two figure
writings will be produced

Sender sends eA to recipient.

Sender creates arbitrary dA
{2,....,m-1} and register eA =

Recipient creates an
arbitrary dB
{2,....,m1} and registers

eB = gdB.
Recipient sends eB to
beneficiary. Sender figures s
= (eB)dA = gdAdB Receiver
computes s = (eA)dB =
gdAdB
IX.
CONCLUSION
AND
FUTURE
SCOPE
In this paper, we have
investigated the security
issues confronted by client's
private information in the
cloud framework and the
certain need to discover an
answer for the issue.
Information security can be
extremely
decently
guaranteed by utilization of
direct
cryptographic
calculations
yet
the
monstrous
measure
of
information in distributed
computing
put
an
obstruction to the thought. In
this way, we have proposed
a structural planning which
can be executed in cloud
environment taking the
favorable circumstances of
straight cryptography for
creating
a
protected
association and exponential
cryptography for scrambling
the information. The two
calculations utilized are
Diffie
Hellman
Key
Exchange and Elliptical
Curve Cryptography. With
help
of
these
two
calculations, we give a four
stage
strategy
to
guaranteeing credibility of
client. The principal step is
to make the association,
second is record creation,

third is validation and last
one is information trade. We
have utilized ECC on the
grounds
that
its
computational cost and rate
of this calculation is less
contrasted with straight
calculations present. One
more playing point is that it
has a sub exponential time
many-sided quality which
makes it hard to split. We
have utilized Diffie Hellman
convention
as
it
fundamentally better for
foundation of associations.
In future, we accentuate on
the usage of the proposed
building design alongside
distinctive correlations to
demonstrate the adequacy of
our proposed construction
modeling.
X. R
EF
ER
EN
CE
S
[1]

Gail-Joon Ahn. Security and
Privacy Challenges in Cloud
Computing
Environments.
IEEE
Security
Privacy
Magazine, Vol 8, IEEE
Computer Society, 2010, p.2431.

[2]

Cloud Computing Security
Threats
and
Responses.
Communication Software and
Networks (ICCSN), 2011
IEEE
3rd
Conference.

[3]

International

Ashish
Agarwal,
Aparna
Agarwal. The Security Risks
Associated
with
Cloud
Computing.
International
Journal
of
Computer
Applications in Engineering
Sciences [VOL I, SPECIAL
ISSUE ON CNS, JULY 2011]
[ISSN: 2231-4946].

[4]

[5]

[6]

[7]

Ashutosh Kumar Dubey,
Animesh
Kumar
Dubey,
Mayank Namdev, Shiv Shakti
Shrivastava.
Cloud-User
Security Based on RSA and
MD5 Algorithm for Resource
Attestation and Sharing in
Java Environment. Software
Engineering (CONSEG), CSI
Sixth
International
Conference, Sept. 2012
M.Venkatesh, M.R.Sumalatha,
Mr.C.SelvaKumar. Improving
Public Auditability, Data
Possession in Data Storage
Security
for
Cloud
Computing. Recent Trends In
Information
Technology
(ICRTIT), 2012 International
Conference, April 2012.
Prashant Rewagad, Yogita
Pawar in. Use of Digital
Signature with Diffie Hellman
Key Exchange and AES
Encryption Algorithm
to
Enhance Data Security in
Cloud
Computing.
2013
International Conference on
Communication Systems and
Network Technologies.
Hai Yan, Zhijie Jerry Shi.
Software Implementations of
Elliptic Curve Cryptography.
Information Technology: New
Generations,
Third
International
Conference,
April 2006.

[8]

W. Diffie and M.E. Hellman.
New
directions
in
cryptography.
IEEE
Transactions on Information
Theory, 1976.

[9]

Ravi
Gharshi,
Suresha.
Enhancing Security in Cloud

Storage using ECC Algorithm.
International
Journal
of
Science and Research (IJSR),
India Online ISSN: 2319-7064
Volume 2 Issue 7, July 2013.
[10] H. Modares, M. T. Shahgoli,
H.
Keshavarz,
A.
Moravejosharieh, R. Salleh.
Make a Secure Connection
Using Elliptic Curve Digital
Signature.
International
Journal of Scientific &
Engineering Research Volume
3, Issue 9, September-2012
ISSN 2229-5518 IJSER ©
2012.
[11] Aqeel Khalique Kuldip Singh
Sandeep
Sood.
Implementation of Elliptic
Curve
Digital
Signature
Algorithm.
International
Journal
of
Computer
Applications (0975 – 8887)
Volume 2 – No.2, May 2010
[12] Alfred Menezes, Minghua Qu,
Doug Stinson, Yongge Wang.
Evaluation of Security Level
of Cryptography: ECDSA
Signature Scheme. Certicom
Research. January 15, 2001.
[13] W. Stallings. Cryptography
and
Network
Security:
Principles and Practice. (3rd
ed.). Prentice Hall, Upper
Saddle River, New Jersey,
2003.
[14] Koblitz, N., 1987. Elliptic
curve
cryptosystems.
Mathematics of Computation
48, 203-209.
[15] Miller, V., 1985. Use of
elliptic
curves
in
cryptography. CRYPTO 85.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close