securing cloud information with the use of bastion ... · cloud storage. the traditional public key...

Securing Cloud information with the useof Bastion Algorithm to enhanceCondentiality and Protection

Aravind Jeyachandran,Poongodi M∗School of Computer Science and Engineering

Vellore Institute of TechnologyChennai, Tamil Nadu 600048

Email: [email protected]: [email protected]

May 31, 2018

Abstract

Security in cloud computing is an area that needsmax-imum concentration.In this paper,we are going to use Bas-tion Algorithm that will be used to encrypt and decrypt thele and later will split the le that is to be uploaded in thecloud.The existing system has only one key to secure thedata after which the whole le can be viewed or downloaded.But in the Proposed system, We are proposing 4 keys tosecure the data.The Keys are entered one by one and ac-cordingly the user will be allowed to view the le. This willresult in better security.The project will be implemented forPublic cloud.

1 INTRODUCTION

The reason why we are concentrating on cloud computing is thatlateley the use of cloud from running a service to storing data has

1

International Journal of Pure and Applied MathematicsVolume 118 No. 24 2018ISSN: 1314-3395 (on-line version)url: http://www.acadpubl.eu/hub/Special Issue http://www.acadpubl.eu/hub/

been increasing day by day.Hence There needs to be more concen-tration on Cloud and also the neccessity for security in cloud ismore.This is because a lot of Cloud Service Providers offer Freememeberships and because of this the security aspect is being com-promised.So from the user point of view it is essential that we in-troduce some security feature to safeguard our data as much as wecould.

2 RELATED WORK

In [1] Chen proposed that byzantine is responsible for making thecomponents to misbehave and cause catastrophic results. Due toincreasing Computer use there are a lot of attacks and softwareerrors there seems to be a lot of attention on Byzantine Fault tol-erance. Earlier versions of Byzantine ault Tolerant algorithms givea strong assumption that all the imitation is synchronous and notsupport imitated calling services. This makes the earlier versionsof byzantine Fault Tolerance not work and not suitable for cer-tain computing models such as Service Oriented Architecture.Chenas mentioned proposed a new Byzantine fault tolerant algorithmbased on well-known Byzantine fault tolerant algorithm called Cas-tro Liskov Byzantine Fault Tolerance that are used for reinventedservices.This algorithm works in asynchronous environments. Op-timization window concepts are used to make this algorithm workmore effectively. The use of this is to reduce the response time.

In [2] Aguilera et al mentioned that Protection from data losscan be done with use of erasure codes that provides data redun-dancy.In order to avoid data loss erasure coded datas are kept innon-identical nodes.Aguilera proposed a new idea which was usedto support assure encoded data in a distributed system. The ideaof the approach was to use economical erasure codes. Here valuesof n and k was large and n minus k was small.There is no need oflocks, 2-phase commits and logs of obsolete data.In [3] Bsescu et al proposed a method which allowed functions tostore and retrieve values that are linked with unique keys. KeyValue Store has become one of the most popular ways to access

2

International Journal of Pure and Applied Mathematics Special Issue

Internet scale storage systems that are on cloud. It tolerates mi-nor crashes of the Key Value Store and crashes of any numberof clients.This algorithm alleviates the space overhead at the KeyValue Store and comes in two variants providing regular and atomicsemantics respectively. When comparing with prior solutions,it isscalable and allows clients to write simultaneously.The algorithmpossess multiple copies of the stored value per Key Value Store inthe common case.In [4]Filippidis et al proposes a wide survey of code lists that areconnected to capital or other concepts that are included in datasetsthat are related to budget and nance recording totally up to twohundred and thirty nine international and national classications.There is a growing need to explore and search for valuable informa-tion and knowledge that are widely broadcasted by governmentsand municipalities across Europe. A signicant element of thesecapital datasets are code lists, which serve not only for the codingand the simplicity of representation of budget concepts, but alsofor linking entities between budget datasets of different countries.While manual and automated methods are not enough for linkinglarge code lists, tools using semi-automated methods. Alignmentseems to be more suitable for the above task.In [5]Yanez-Sierra et al starts off with the information that usersconcern who are using cloud storage services is that loss of authorityover Condentiality, integrity and availability but actually it is secu-rity, availability and privacy. Users requirements were not met sincemajority of the solutions provide xed functionality which cannot beembedded into custom made tools. . In order to store and shareles inside the cloud, an end to end design was presented which al-lowed users to construct secure and strong system. The systems arebuildable structures which are executed by the user. This performsprocessing on the les with the use of chained stages. The chainedstages include compressing data and assuring les for condentialitywhen the les are shared in cloud location and able to access themwhen there is service suspension in cloud storage providers. Userscan use varied systems based on their requirements. The process-ing units are arranged with the help of pipeline which improvesperformance or with the help of stack which improves Functional-ity. The stages and processing blocks are connected with the helpof Input and Output Communication. This ensures non-stop ow

3


of data from user or company computers to cloud locations spreadacross the globe.In [6]Huang et al mentions that ever since Cloud computing cameinto use, data sharing is not easy. When there is large quantity ofusers, Efciency, data integrity and privacy are to be taken seriously.This is for the data owner. This is because the data owner data isonly shared with other users. To build an identity less but genuinedata sharing workow, Ring Signature is used. This ensures thatthe data owner can validate is data which is stored into the cloud.Due to the costly verication, ring Signature based on identity isused.Huang et al proposed Forward security which strengthens thesecurity of ring signature based on identity. Even if the secret keyis being known by some unauthorised user, already generated sig-natures will be legitimate. This can be a vital point when workingon a large data sharing workow. This is because it is not practicalto advise all data owners to re-validate their data.In [7] Yajam et al proposes a new technique for deniable encryptionbased on RivestShamirAdleman with Optimal Asymmetric Encryp-tion Padding.It has security property of sender-deniability with-out any required pre-shared keys.The proposed method is basedon widely used RSA encryption the deniable encryption raises lesssuspicion.some techniques of anti-forensics are simple and strongalternatively there are some superior techniques which include De-niable Encryption that arent most effective powerful but addition-ally found to be unbreakable within the mathematical sense.

In [8],Chen et al scrutinizes the security of a known data en-cryption and decryption method called as Public Key Encryptionwith Keyword Search that is widely used in many applications ofcloud storage. The traditional Public Key Encryption with Key-word Search framework falls short from an intrinsic insecurity calledinside Keyword Guessing Attack that is caused by the server thathas intent of harm. To address to this security Threat, Chen pro-poses a new Public Key Encryption with Keyword Search frame-work named Dual-Server Public Key Encryption with KeywordSearch.In [8]Chen et al also denes a new variant of the SmoothProjective Hash Functions referred to as linear and homomorphicSmooth Projective Hash Functions. Chen also proposes a genericconstruction of secure Dual-Server Public Key Encryption with

4


Keyword Search from linear and homomorphic Smooth ProjectiveHash Function.In [9] Gao et al proposes the rst deniably informationhiding encryp-tion construction with deniability and in distinguishability againstadaptive chosen cipher text attack which is stronger than the chosenplaintext attack. Even if the sender or the receiver is pressurizedto show the plaintext and the random coins in the encryption, adeniably information-hiding encryption scheme behaves like onlyan innocent message is encrypted. It protects privacy against ma-licious user. The deniably information-hiding encryption schemeplays a pivotal role in communication systems in storage systemsthat are on cloud during times when the communication channel iseavesdropped by a middleman. Negligible detection is one of theadvantage that is achieved from sender and receiver deniability.In [10] Amalarethinam et al proposed an Enhanced RSA that usesadditional prime numbers in standard RSA algorithm. EnhancedRSA comprises of three stages. Stage 1 is to generate private keyand public key. RSA Algorithm only uses two prime numbers.Since this is Enhanced RSA Algorithm it is uses 4 prime numbers.The second step of the stage 1 computes two X values such as X1and X2.The values are changed here. The Four prime numbers aremultiplied and computed as X1. For X2 calculation, it uses twoprime numbers. This is done just to increase the difculty of theencryption. The third step of the level 1 is used to calculate EulerTotient fee of r. The nal step of stage 1 computes the private keyPR.Enhanced RSA uses the public key and X1 values, wherein X1 is aproduct of 4 prime numbers. At the end of second stage, the ciphertext is generated. In stage 3, the unique plain textual content isretrieved by using the usage of the values of cipher textual content,decryption key PR and X2.The as public key pair is the calculatedX1 that will be used for encryption process. For decryption theprivate key pair consists of PR and X2. The main strength of theencryption system was using prime numbers in the place of ran-dom numbers. The time spent for encryption and decryption area lot less than with random numbers .The proposed work nonethe-less enhances the speed of encryption and decryption proceduresby dividing the les into blocks that are to be encrypted. GeorgeAmalarethinam D also suggested an equation for the block size.

5


The equation is as follows:BS=(2*KS)-1 Where BS is Block Size and KS is Key Size The

reason is that the block size depends on the key size. The blockswith different sizes are generated for the same le size and hence sizeof the key varies In [11] Rahman et al proposed a double stage en-cryption algorithm for multimedia content security using arbitrarykey generation approach. The reason why Rahman et al proposed adouble stage encryption and decryption is because it is more difcultto stop or identify the side channel attack. In double stage encryp-tion, the virtual machine stores the encrypted text and from thevirtual machine the original data is restored.With the help of traditional encryption method, the multimediacontents are encrypted.The Encryption method include AdvancedEncryption Standard and Data Encryption Standard.The encryptedtext one is again encrypted using an oddly generated asymmetrickey to produce cipher text two.The decryption process starts off bywhen encrypted cipher texttwo is decrypted with the aid of irreg-ular key. This is then again decrypted using equal key generationmethods to get back the original multimedia content. In [12] Liuintroduced a light-weight key alternate protocol which can be suit-ably applied on resource-conned smart gadgets to guard the privacyof communications in cellular networks. Safety and lightweight aresome of the features of this protocol. This new protocol puts lowcomputational load and also low reminiscence consumption makethis new KE protocol to be certainly carried out within the re-sourcerestricted devices. The primary KE scheme affords key settle-ment between events with the preferred function of Key afrmation,Implicit Key Authentication, and protection by key recognition.

3 PROPOSED WORK

Bastion algorithm is used for both encryption and decryption. InEncryption, rst a key is generated. Subsequently the cipher textis created with the usage of algorithm for example: AES. Now thephrases in the report are split up into bytes and encrypted alongwith the generated key. This can be decrypted only by entering

6


the correct key that is to be present in the user inbox which is sentby the admin. Even when an attacker has access to one or morekeys, only a part of the le can be viewed with a single key. Theidea here is that a le is stored in two or more servers, the attackercannot attack all the servers that hosts this le which is encryptedwith bastion algorithm. In the proposed system, instead of storingthe same le in different servers, the le is spilt into 4 halves depend-ing on the le size. If the le consists of 20 pages, the le is split in to4 halves where each half contain content of 5 pages. The le is splitusing le split method in Eclipse and is encrypted using Bastion al-gorithm. If the attacker is aware of the user login credentials he orshe can easily compromise the security A. Steps for EncryptionStep 1:File is uploaded.Step 2:File is split into 4 halves.Step 3:Key is generated for the 4 halves.Step 4:Cipher Text is created using an instance.Step 5:Cipher Text and the key is combined to encrypt the le.Step 6:The contents of the le are split into bytes.Step 7:This Encrypted value is stored as string with encoding.Step 8:The Encrypted value is returned.B. Steps for Decryption Step 1:Key is Generated.Step 2:Cipher Text is generated with instance.Step 3:Cipher Text is decrypted using key that is generated.Step 4:The text is decoded to bring back the end content in theform of value.Step 5:The value is decoded to bring original text.Step 6:Original text is saved as string.Step 7:The text is returned.For this reason, when user registers user details the user has to alsoregister a user id eld. So even if the attackers knows the users loginusername and password, the attacker would not know the user idthat the user has registered. So here after the admin accepts theuser request to view the contents of the le. The key details are sentto users inbox. In order to view the inbox, the user has to enteruser id that was registered in the registration page. In this paperwe are proposing to splitting the les and generating the keys forindividual parts of the le. The les will be encrypted while upload-ing to enhance security. The les will be listed in cloud for usersaccess. If the admin accepts the users request, the les will be sent

7


to the specic user who requests for the le.The le keys will not beposted in public. The keys will be sent to the specic user, so theuser can access the les with the assigned key. After getting the lekeys, the user can access the les and revocation process. If we wantto change the keys, we have to request for the revocation. If theadmin accepts the revocation, the keys will automatically changein database for le security.

Fig.1. System Architecture

4 IMPLEMENTATION

Registration Design: In Fig.3,the user registers using his/hername,password,conrm password,mobile number and 4 security ques-tion answers which will be used when the user is trying to upload ale.The user can act both as a user of the le and also as data ownerof the le.

Fig.2. Front page

The front page shown in Figure 1 has a user login,data owner,registerand trusted authority who is the admin.

Fig.3. Registration

8


User Interface Design: The important role for the user is to movelogin window to user window.In this login page The user enters username and password.The username and password is checked in thedatabase.Before logging in we have to rst register in the registrationpage with username, password,conrm password, security questions1-4 answers and register.This registration can be used for both userlogin and data owner login as well.We are preventing from unau-thorized user entering into the login window to user window.TheDatabase contains user id and password and also checks the au-thenticity of the user.In this work,we are using JSP for creatingdesign. Here we validate the login user and server authentication.In Fig.4,The data owner is the one who uploads the les. Data owneruploads the le in the cloud storage for users view.The keys are gen-erated when the data owner uploads the le and it is encrypted.

Fig.4. Data Owner

For added security the owner logs in using the user name andpassword.Shown in Fig.5,The data owner has to enter 4 securitynumber or security question answers.Only if these 4 elds are right,theowner can enter to upload the le.In Fig.6 the user uploads the le.

Fig.5. Data owner security

Fig.6. File Upload Page

Admin Design: In Fig.7 ,In this admiin login page we haveto enter login user id and password of the admin.The admin logs

9


in and either accepts or rejects the user request to access the leuploaded by the data owner.

Fig.7. Admin page

Admin is also responsible for replying to the user revocationrequest sent by the user.The admin either accepts or rejects therequest.Once the request is accepted,the key is changed in thedatabase and also in the users inbox.

User File access: In Fig.8,the data user sends request for the leto be accessed.The admin handles the le access key and providingthe key to the authorized user.If there is need to change the key,thenuser sends revocation request to admin(Trusted Authority).

Fig.8. User Access

Once admin accepts the request from user.In Fig.8,The user canlog in and view keys in the inbox.Before viewing the inbox the userhas to enter userid when the user registers at the beginning.Afterthat the user can go inside the inbox see that the keys are visiblefor the user alone.Only when the user enters the correct userid,theuser can view the key required to view the contents of the le.

Fig.9. File View

10


Once the keys are entered.In Fig.9,The user can view the con-tents of the le.For example if the user enters the key1,the user willbe able to view the rst split of the le only.By doing this,even if awrong user has the key for the rst split the user cannot view therest of the contents of the le in Fig.10.

Fig.10. File Contents

User Revocation: In Fig.11,The user revocation is when theuser wants to change the keys so that the old key will not bevalid.This will avoid the unwanted access from users who are notgenuine users and even they access,The old key will not allow toview the le contents.

Fig.11. User Revocation

After the request has been sent to change the keys.The Admin logsin and goes inside revocation response to accept or reject the re-quest in Fig.12.

Fig.12. Response

Cloud Module For cloud we have used Dropbox.Once the leis uploaded that is explained in the data owner design.The le getsuploaded into the dropbox directly shown in Fig.14.The le storedboth locally and in the cloud as well.

11


Fig.13. Dropbox Cloud

5 CONCLUSION

Thus Cloud data is secured in cloud using Bastion algorithm.Inthese settings, the adversary would need to acquire the encryptionkey to compromise all servers and in order to recover any singleblock of plaintext.Proposed concept deals with the concept of gen-eration of the user keystion is most suitable for settings in whichthe ciphertext blocks are stored in multi-cloud storage structures.

References

[1] L. Chen and W. Zhou, Byzantine Fault Tolerance with Win-dow Mechanism for Replicated Services, 2015 Fifth Interna-tional Conference on Instrumentation and Measurement, Com-puter, Communication and Control (IMCCC), Qinhuangdao,2015, pp. 1255-1258.

[2] M. K. Aguilera, R. Janakiraman and L. Xu, Using erasurecodes efciently for storage in a distributed system, 2005 In-ternational Conference on Dependable Systems and Networks(DSN05), 2005, pp. 336-345.

[3] C. Basescu et al., Robust data sharing with key-value stores,IEEE/IFIP International Conference on Dependable Systemsand Networks (DSN 2012), Boston, MA, 2012, pp. 1-12.

[4] P. M. Filippidis, S. Karampatakis, K. Koupidis, L. Ioannidisand C. Bratsas, The code lists case: Identifying and linking thekey parts of scal datasets, 2016 11th International Workshopon Semantic and Social Media Adaptation and Personalization(SMAP), Thessaloniki, 2016, pp. 165-170.

[5] J. Yanez-Sierra, A. Diaz-Perez, V. Sosa-Sosa and J. L. Gon-zalez, Towards Secure and Dependable Cloud Storage Based

12


on User-Dened Workows, 2015 IEEE 2nd International Con-ference on Cyber Security and Cloud Computing, New York,NY, 2015, pp. 405-410.

[6] X. Huang et al., Cost-Effective Authentic and AnonymousData Sharing with Forward Security, in IEEE Transactionson Computers, vol. 64, no. 4, pp. 971-983, April 1 2015.

[7] H. A. Yajam, Y. Karimi Ahmadabadi and M. Akhaee, De-niable Encryption based on Standard RSA with OAEP, 20168th International Symposium on Telecommunications (IST),Tehran, 2016, pp. 84-88.

[8] R. Chen, Y. Mu, G. Yang, F. Guo and X. Wang, Dual-ServerPublicKey Encryption With Keyword Search for Secure CloudStorage, in IEEE Transactions on Information Forensics andSecurity, vol. 11, no. 4, pp. 789-798, April 2016.

[9] C. z. Gao, D. Xie, J. Li, B. Wei and H. Tian, Deniably In-formationHiding Encryptions Secure against Adaptive ChosenCiphertext Attack, 2012 Fourth International Conference onIntelligent Networking and Collaborative Systems, Bucharest,2012, pp. 377-384.

[10] I. G. Amalarethinam and H. M. Leena, Enhanced RSA Algo-rithm with Varying Key Sizes for Data Security in Cloud, 2017World Congress on Computing and Communication Technolo-gies (WCCCT), Tiruchirappalli, 2017, pp. 172-175.

[11] H. Rahman, N. Islam, M. H. R. Jany, Shariful and M. M. Rah-man, Multimedia content security with random key generationapproach in cloud computing, 2017 IEEE International Con-ference on Imaging, Vision and Pattern Recognition (icIVPR),Dhaka, 2017, pp. 1-6.

[12] J. Liu, A new lightweight key exchange protocol with provablesecurity for securing cloud-assistec. Mobile communications,2017 IEEE Conference on Computer Communications Work-shops (INFOCOM WKSHPS), Atlanta, GA, 2017, pp. 772-777

13


securing cloud information with the use of bastion ... · cloud storage. the traditional public key...

Documents