Index-Terms - S-Box Key Exchange, DSKE Method, And Three Layer Security, Modified Diffie-Hellman Key Exchange.

Transcription

1 Secured and Authenticated Communication in Cloud Using Dynamic Key Exchange Protocol Abstract -Cloud computing is a new type of service which provides large scale computing resources to each customer. Cloud computing systems can be easily threatened by various passive and active attacks, because most of the cloud vendors provide services to so many people who are not proven to be trustworthy. Therefore cloud computing systems need to have some security mechanism to protect the user data from unauthorized people. In this paper we proposed a modified Diffie-Hellman Cryptographic Public key algorithm which provides secure and dynamic key exchange for mutual exchange of the session key between cloud user and cloud provider which can be used for secure and authenticated transmission of the user data.[14]. Index-Terms - S-Box Key Exchange, DSKE Method, And Three Layer Security, Modified Diffie-Hellman Key Exchange. I. INTRODUCTION Cloud Computing makes computer infrastructure and services available "on-need" basis. The computing infrastructure could include hard disk, development platform, database, computing power or complete software applications. To access these resources from the cloud vendors, organizations do not need to make any large scale capital expenditures. Organization need to "pay per use" i.e. organization need to pay only as much for the computing infrastructure as they use. The billing model of cloud computing is similar to the electricity payment that we do on the basis of usage. In the description below vendor is used for cloud computing service provide and organization is used for user of cloud computing services. A Characteristics of Cloud Computing i. Availability of large computing infrastructure on need basis: Cloud vendors provide appearance of infinite computing infrastructure availability. This is available to organizations on need basis. This ensures that organizations do not need to set up servers for their peak requirements. In general organizations do not need to bear the cost of computing infrastructure for their peak loads. The usage of computing resources can be increased or reduced on need basis, is called elastic computing. ii. Cloud computing uses a "pay-per-use" billing model. Cloud billing model are very different when compared to traditional IT billing techniques. Typical billing models include per user billing, per GB billing or per-use billing (i.e. an organization is billed on each usage of the computing service). iii. Cloud computing typically does not involve long-term commitment to use the computing infrastructure. The vendor does not enforce long-term usage of services. iv. Cloud computing does not involve any significant capital expenditure for the organization. Unlike J.V.Anchitaalagammai, R.Kavitha, S.Padmadevi traditional IT infrastructure, in cloud computing organizations just use the computing services without procuring it. In some sense cloud computing involves renting the computing resources instead of buying them. As the figure below displays, unlike traditional computing model, Cloud computing requires no capital expenditure to acquire initial computing resources v. Since the cloud computing vendor provides services over the web, these are available from any location. vi Cloud computing can be ordered online without detailed formal contracts. B Types of cloud computing Cloud computing is typically classified in two ways: 1. Location of the cloud computing 2. Type of services offered 1. Location of the cloud computing Cloud computing is typically classified in the following three ways: 1. Public cloud: In Public cloud the computing infrastructure is hosted by the cloud vendor at the vendor s premises. The customer has no visibility and control over where the computing infrastructure is hosted. The computing infrastructure is shared between any organizations. 2. Private cloud: The computing infrastructure is dedicated to a particular organization and not shared with other organizations. Some experts consider that private clouds are not real examples of cloud computing. Private clouds are more expensive and more secure when compared to public clouds. Private clouds are of two types: On-premise private clouds and externally hosted private clouds. Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. Externally hosted private clouds are cheaper than On-premise private clouds. 3. Hybrid cloud Organizations may host critical applications on private clouds and applications with relatively less security concerns on the public cloud. The usage of both private and public clouds together is called hybrid cloud. A related term is Cloud Bursting. In Cloud bursting organization use their own computing infrastructure for normal usage, but access the cloud for high/peak load requirements. This ensures that a sudden increase in computing requirement is handled gracefully. 4. Community cloud involves sharing of computing infrastructure in between organizations of the same community. For example all Government organizations within the state of California may share computing infrastructure on the cloud to manage data related to citizens residing in California. 2 Classification based upon service provided: Based upon the services offered, clouds are classified in the following ways: 78

2 1. Infrastructure as a service (IaaS) involves offering hardware related services using the principles of cloud computing. These could include some kind of storage services (database or disk storage) or virtual servers. Leading vendors that provide Infrastructure as a service are Amazon EC2, Amazon S3, Rack space Cloud Servers and Flexi scale. 2. Platform as a Service (PaaS) involves offering a development platform on the cloud. Platforms provided by different vendors are typically not compatible. Typical players in PaaS are Google s Application Engine, Microsoft s Azure, and Salesforce.com s force.com 3. Software as a service (SaaS) includes a complete software offering on the cloud. Users can access a software application hosted by the cloud vendor on payper-use basis. This is a well-established sector. Other examples are online providers like Google s Gmail and Microsoft s Hotmail, Google docs and Microsoft s online version of office called BPOS (Business Productivity Online Standard Suite). II. CLOUD SECURITY CHALLENGES Although virtualization and cloud computing can help companies accomplish more by breaking the physical bonds between an IT infrastructure and its users, heightened security threats must be overcome in order to benefit fully from this new computing paradigm. This is particularly true for the SaaS provider. Some security concerns are worth more discussion. With the cloud model, you lose control over physical security. In a public cloud, you are sharing computing resources with other companies. In a shared pool outside the enterprise, you don't have any knowledge or control of where the resources run. Exposing your data in an environment shared with other companies could give the government "reasonable cause" to seize your assets because another company has violated the law. Simply because you share the environment in the cloud, may put your data at risk of seizure. Storage services provided by one cloud vendor may be incompatible with another vendor's services should you decide to move from one to the other. Data integrity is assurance that the data is consistent and correct. Ensuring the integrity of the data really means that it changes only in response to authorized transactions. III. KEY EXCHANGE METHODS There are many session key exchange methods and algorithms but the most popular method use private and public key. In conventional Public Key Infrastructure (PKI), there is an essential to provide guarantee to the client about the relationship between a public key and the public key authority of the corresponding private key. In practice there are many challenges which are facing PKI like distribution of certificates, Storage and revocation. In order to solve the above problem, certificate less Public Key Cryptography (CL-PKC) was introduced. The new prototype called Self-Generated-Certificate Public Key cryptography without pairing (SGC-PKC) proposed by J. Lai and W. Kou [2] to protect the above attack while preserving all advantages of Certificate less Public Key Cryptography. In [3], this paper writer proves that Lai and Kou's method cannot defend against a type of middle attack. In order to solve this problem to propose a new SGC-PKE method by giving small difference to the original method. Therefore and propose a rescue SGC- PKE scheme by giving little change to the original scheme [4]. The USA Department of Defense developed HAIPE (The High Assurance Internet Protocol Encryptor) having compliant gateways to communicate securely over untrusted networks. In [5] this paper created automated security association by using Internet Key Exchange (IKE) and HIPEs mutually. In Off-line password guessing the hacker first guess password and then verifies it online. In this method the hackers bypass the server. Therefore server can not verify the attack. Ding and Hoster proposed [6], in their paper on line and offline guessing attacks on Stener's Protocol. There are many password based efficient key exchange protocols. The Bellovin and Merrit first proposed (PAKE) two Party key exchange protocols [7]. After that Steiner et al [8] in his paper proposed the 3-party protocol. Two type of improved three party protocol proposed by Lin et al [9].One type used with server and other without server. Chang and Chang [10] proposed without server novel 3-party encrypted key exchange method and claim that this method is efficient and secure. But Yoon and Yoo claim an undetectable password guessing attack on their method [11] and proposed new method which avoid these attacks. Further Lo, Yes proposed an enhance method which handles undetectable password guessing attacks [12]. IV. PROPOSED DYNAMIC KEY EXCHANGE PROTOCOLSS There are different Session Key Exchange methods / algorithms Like Diffie-Hellman, Secure Hill Cipher Modifications and Key Exchange Protocol, Integration of Signature Encryption and Key Exchange, Secure Key Exchange and Encryption Mechanism for Ad Hoc Networks, Password Key Exchange Protocol. But every one has some weakness like insecure, huge calculation, slow and complex. We are trying to overcome these problems. The Dynamic Session Key Exchange (DSKE) Method is computationally attractive as using multiplication of a key matrix [14]. Our method has several advantages such as masquerading letter frequencies using matrix. The key exchange method is one of the well-designed ways of establishing secure communication between couple of users by using a session key. The session key, which is exchanged between two users, guarantee the secure communication for later sessions. The first practical key exchange method is proposed by Diffie-Hellman [1]. Since the introduction of key exchange method by Diffie-Hellman, a variety of versions and enhancement in key exchange 79

3 method have been developed. In the line of key exchange method based key exchange mechanism achieved attention due to its complexity, dynamic security and wide range of applicability. In This method we take two S- Boxes S1 and S2. S1 is secret and S2 is chosen / taken from standard S2 box. S2 Standard box is open for all. S1 is very secret; only two users understand this box. Using of these two S-Boxes, we can exchange session key between two users.[14] In our method both users take any 3x3 or 4x4 or 5x5 box from S2 Box. Then select 3x3 or 4x4 or 5x5 S1 box which is hidden. After the selection / chosen of S1 and S2 Boxes, both cloud provider and cloud user decide two large prime numbers P and Q and third number n which is small. All the three numbers are secret. Both parties create their S1 Box using this method. P=5, Q=25, and n=3 80

4 If we check S1 Box there are many repeated numbers. If we take large prime numbers P and Q then there is very less repeated numbers. Choose S1 Box has no repeated number. In second session the S1 box changes Now we take 3x3 S1 and S2 Boxes Both parties cloud user and cloud provider understand S1 and S2 boxes. When cloud user send 17 to cloud provider, cloud user send 3b to cloud provider. Cloud provider receives 3b and understands as 17. In this way both parties shares the session key securely which can be further used for secure communication between them.[14] V. SECURITY ANALYSIS The correctness of this method can be easily seen from the description of the method, it do synthetically achieve the goals of DH key agreement. And the security of the encryption depends on the p, q and n are at layer 1. The selection of S1 Box is at layer2. The selection S2 Box is at layer3. The p, q and n are selected for long time unless both parties feel insecurity of p, q and n. But layer 2 and layer 3 changes every session. In this method the security is presented in three layers. [14] B Case II: In case the layer 1 and layer 2 are broken or hacked in a session. The session is secure. In next session layer2 and layer 3 changes so the next session will be secure. In First session C Case III: In case only one layer is broken.the session is secure. In the light of above three cases we analyze that if we decrease the time of changing layer1. The security of session key is highly secure. In this paper we present such security that depends upon both users. A. Case I: If layer 2 and layer 3 are broken or hacked in a session. The rest of the part is open. But the next session remains secure. Because layer 2 and layer 3 will be change in the next session. Let us see this scenario Bob wants to send 21 to Alice. On the other side Alice receives 4c and after using of S boxes we will get 21. If this session hacked the next session will be secured because they chose another number. In First session VI. CONCLUSION Security is the major issues in cloud computing. Their characteristics make them vulnerable to passive and active attacks in which the unauthorized user can access the data from cloud without any mutual authentication. In this paper we presented a Dynamic Key exchange protocol which is the modified Diffie Hellman cryptographic algorithm to have secure and authenticated exchange of session keys between cloud user and cloud provider. This session key can be further used for secure and authenticated communication between both parties. Also since it is dynamic protocol, for every session the session keys can be changed with same set of S-boxes which provide better security than other key exchange protocol. REFERENCES [1] W. Diffie and M. Hellman, "New Directions in cryptography", IEEE Transactions on Information theory, Vol 22,no. 6, pp , (1976). [2] Junzuo Lai, Weidong Kou. Self-Generated-Certificate Public Key Encryption without Pairing[C]. PKC 2007, Beijing, China, April 16-20, Springer-Verlag, 2007, LNCS 4450, pp [3] Xu an Wang, Xiaoyuan Yang and Yiliang Han. Cryptanalysis of Self-Generated-Certificate Public Key Encryption without Pairing in PKC07 [EB/OL], Cryptology

5 eprint Archive: Report 2008/191, [4] Hua Jiang, Rui Zhang and Yongxing Jia, "Authenticated Key- Exchange Scheme Based on SGC-PKE for P2PSIP", NSWCTC '10 Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing - IEEE Computer Society, Vol 02, pp , (2010). [5] ZHANG Chuan-fu#1, YU Jiang#2, SunWan-zhong#3, SU Jin-hai#4, "Internet Key Exchange Protocol Simulation of HAIPE in Security Network", 2010 International Conference on Cyber- Enabled Distributed Computing and Knowledge Discovery. [6] Y. Ding and P. Hoster, "Undetectable Online password guessing attacks", ACM operating system review, vol 29, no 4,pp (1995). [7] SM. Bellovin and M. Merrit, "Encrypted key exchange: password based protocols secure against dictionary attacks". IEEE symposium on re-search in security and privacy, IEEE Computer society press: 72-84, (1992). [8] M. Steiner and G. Tsudik, M. Waidner "Refinement and extension of encrypted key exchange", ACM Operating Systems Review, vol 29, no 3, pp 22-30, (1995). [9] CL. Lin, HM. Sun, M. Steiner, T. Hwang " Three-party excerpted key exchange without server public Keys" IEEE Communication letters, vol 5, no.12,pp 497-9, (2001). [10] CC. Chang and YF. Chang, "A novel three party encrypted key exchange protocol", Computer Standards and Interfaces, vol 26, no 5, (pp 471-6),(2004). [11] EJ. Yoon and KY. Yoo, "Improving the novel three-party encrypted key exchange protocol", Computer Standards and Interfaces, 30: , (2008). [12] N.W.Lo, Kuo-Hui Yeh, "Cryptanalysis of two three-party Encrypted key exchange protocols", in press, computer standards and interfaces. [13] Jean Bacon, David Evans etl, "Enforcing End-to-End Application Security in the Cloud", Indranil Gupta and C. Mascolo (Eds.): Middleware 2010, LNCS 6452, pp , 2010, IFIP International Federation for Information Processing [14] Sohail Abid and Shahid Abid, Dynamic key exchange method using two S-boxes in International Journal of Computer Science, Engineering and Applications (IJCSEA) Vol.1, No.6, December 2011.