IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

Similar documents
CSCE 465 Computer & Network Security

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Securing MANET Using Diffie Hellman Digital Signature Scheme

Client Server Registration Protocol

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

CS 758: Cryptography / Network Security

The Mathematics of the RSA Public-Key Cryptosystem

Computer Security: Principles and Practice

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

A Novel Approach to combine Public-key encryption with Symmetric-key encryption

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Authentication. Authorization. Access Control. Cloud Security Concerns. Trust. Data Integrity. Unsecure Communication

An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm

Secure Key Exchange for Cloud Environment Using Cellular Automata with Triple-DES and Error-Detection

Lecture 6 - Cryptography

CRYPTOGRAPHY IN NETWORK SECURITY

SFWR ENG 4C03 - Computer Networks & Computer Security

Cryptography and Network Security Chapter 9

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Notes on Network Security Prof. Hemant K. Soni

A Security Integrated Data Storage Model for Cloud Environment

Lukasz Pater CMMS Administrator and Developer

Associate Prof. Dr. Victor Onomza Waziri

Public Key (asymmetric) Cryptography

Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

EXAM questions for the course TTM Information Security May Part 1

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

Chapter 10. Network Security

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Software Tool for Implementing RSA Algorithm

CIS 5371 Cryptography. 8. Encryption --

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

IoT Security Platform

Bit Chat: A Peer-to-Peer Instant Messenger

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

CS Computer Security Third topic: Crypto Support Sys

A Factoring and Discrete Logarithm based Cryptosystem

Cryptography and Network Security

Sync Security and Privacy Brief

Analysis on Secure Data sharing using ELGamal s Cryptosystem in Cloud

Overview of Public-Key Cryptography

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Security Policy Revision Date: 23 April 2009

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Cloud Courses Description

Cryptography and Network Security Chapter 10

A REVIEW ON ENHANCING DATA SECURITY IN CLOUD COMPUTING USING RSA AND AES ALGORITHMS

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

7! Cryptographic Techniques! A Brief Introduction

Journal of Electronic Banking Systems

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

Security Strength of RSA and Attribute Based Encryption for Data Security in Cloud Computing

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Secure File Transfer Using USB

A Study of Data Management Technology for Handling Big Data

CSE/EE 461 Lecture 23

Public Key Cryptography Overview

Enhance data security of private cloud using encryption scheme with RBAC

Security Issues with Implementation of RSA and Proposed Dual Security Algorithm for Cloud Computing

HYBRID ENCRYPTION FOR CLOUD DATABASE SECURITY

Keywords- Cloud Computing, Android Platform, Encryption, Decryption, NTRU, RSA, DES, throughput.

IT Networks & Security CERT Luncheon Series: Cryptography

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Introduction to Cryptography CS 355

Data Security in Cloud Using Elliptic Curve Crytography

THE UNIVERSITY OF TRINIDAD & TOBAGO

An Efficient data storage security algorithm using RSA Algorithm

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO

Table of Contents. Bibliografische Informationen digitalisiert durch

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Cryptography and Network Security: Summary

Symmetric Key cryptosystem

Cryptography and Key Management Basics

Cloud Courses Description

Secure Authentication of Distributed Networks by Single Sign-On Mechanism

Fully homomorphic encryption equating to cloud security: An approach

Module 7 Security CS655! 7-1!

Introduction. Digital Signature

Advanced Cryptography

Security Sensor Network. Biswajit panja

Transcription:

INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT Merlin Shirly T 1, Margret Johnson 2 1 PG Full Time Student, Computer Science Department, Karunya University, Coimbatore 2 Assistant Professor, Computer Science Department, Karunya University, Coimbatore 1 merlinshirly@gmail.com, 2 margret_cse@karunya.edu Abstract The Cloud Environment provides the distributed facilities to the user that reduce the cost of purchasing their own Computing Environment. The Vast storage is needed for storing the Big data for scheduling in Hybrid Environment. The data security is the main concern in Cloud Environment. So, the data are encrypted before storing in cloud. The asymmetric Encryption algorithm provides more security in insecure medium. Since, the private key of the RSA algorithm is known only to the authorized user. Here, the controller after receiving the data from the user starts the key exchange in order to authenticate the Instances. The key exchange is done using Diffie-Hellman Key Exchange Algorithm. The digital Signature Algorithms are also used along with the Diffie-Hellman Key Exchange Algorithm in order to prevent man-inmiddle attack. After the authentication of the Instances by the Controller, the Controller split the big data and Encrypt the data using public key of RSA algorithm. Then, the controller splits data and sends it to the Instances for Computation. Keywords: Cloud Environment, Hybrid Environment, Authentication. 1. Introduction Cloud Computing is a new technology that uses the Central s in order to maintain data. The data over the cloud storage needs encryption. The encryption of the data uses RSA algorithm. The algorithm features are as Secrecy, Authentication, Non-Repudiation, Integration and Privacy [2]. The Cloud storage is the storage of data in the cloud. The advantages of cloud storage are Cloud storage greater accessibility, reliability, strong protection for data back, archival and disaster recovery [1].The type of cloud storages are Personal Cloud Storage, Public Cloud Storage, Private Cloud Storage and Hybrid Cloud Storage. The Public-key cryptography is referred to the algorithm that has two keys for encryption and decryption. The Keys are mathematically linked together even though the keys are different. The public key is known to everyone but the private key cannot be calculated from the public key. In RSA Encryption algorithm, the public key is known to everyone so anyone can encrypt the data. But, the decryption key is known only to the authorized individual. So, the authorized receiver can only decrypt the data. 2. Proposed Method M a r l i n S h i r l y. T e t a l Page 153

The proposed approach for Key Exchange uses Diffie-Hellman Key Exchange along with the authentication step for each of the controller and the Instances. The Encryption of data using RSA algorithm provides strong security for data over insecure medium. Already the Digital Signature is used along with the Diffie- Hellman approach in order to authenticate each other [3]. After the authentication of each s and the Controller, the user data is split and encrypted and sent to the Instances for computation. 2.1 Architecture The Architecture diagram of the Improved Security Measure of Data in Key Exchange scheme is shown below. The user gives the data to the Cloud Controller for computation. The controller starts the key exchange in order to authenticate the cloud server instances. After the authentication of by the Controller the data are encrypted using RSA encryption algorithm. The encrypted data are split and sent to the Instances. The Instances decrypts the split data and computes the data. After computation the data are encrypted and sent back to the Controller. User 1 o/p i/p Encrypted Data 1 Instance 1 Computed Data 1 User 2 o/p i/p Cloud Controller (CLC) Encrypted Data 2 Instance 2 Computed Data 2 i/p o/p (CLC) Encrypted Data n Computed Data n User n Instance n Figure 1: Architecture Diagram of Improved Security Measure in Key Exchange Scheme 2.2 Flow Chart The user submits data to the Cloud Controller and the controller validates the Instances by exchanging the Session key. The Session Key is exchanged between the Controller and the Instances by using the Diffie-Hellman Key Exchange Algorithm. After the verification of the Instances and the Controller identity, the data are encrypted using RSA Algorithm. Then, the encrypted data are split and send to the Instances. The Instances decrypt the split data using the RSA Algorithm. The Decrypted split data are computed in the Instances. The computed data are Encrypted and sent to the Controller. The Controller decrypts and assembles the data from the Instances M a r l i n S h i r l y. T e t a l Page 154

Start User submits data to Cloud Controller Calculates Session Key using Diffie-Hellman Algorithm A A Cloud Controller Identity is validated Instance Identity is validated No Yes No End Encrypt Data Using RSA Algorithm, split and give to Serve Instances Yes End Instances Decrypts data using RSA Algorithm and Computes Split data Instance Encrypts, and sends the computed data to Cloud Controller M a r l i n S h i r l y. T e t a l Page 155

Cloud Controller Decrypts and assembles the split data and sends to User 2.3 Methodology Figure 2: Flow Chart of Improved Security Measures in Key Exchange Approach The main steps involved in Improved Security Measures in Key Exchange Scheme are Task Submission and System Setup, Controller Key Transformation and Instance Key Transformation. These 3 modules are given below. 2.3.1 Task Submission and System Setup In task submission module, a user task is submitted by the user. The user task contains larger data and it is submitted to the Controller. For task execution process, the system setup is processed. For secure data execution and transformation, the system chooses a large prime integer p to form a Diffie Hellman group, and a generator g of group. The prime number that is chosen should be a Sophie Germain prime where (p 1)/2 is also prime, so that the group Z p maximizes its resilient against square root attack. 2.3.2 Controller Key Transformation The Cloud Controller needs to distribute the user tasks on the computing infrastructure. The Cloud Controller picks a secret value x<p, then computes public keying material g x in Z * p, and sends the message to server instances. The Cloud Controller picks a secret value x. The secret value x should be less than the prime integer chosen by System Setup. By using that secret value x, CLC computes its public keying material in, and broadcasts the following message to the domain of server instances S which contains n instances S 1, S 2,...S n. The Secret Key is calculated by using Diffie-Hellman Key Exchange Algorithm. The Cloud Controller calculates the Controller s Public Value X C. The Controller sends the Public Value, X C to the Instances. After receiving the Controller s Public Key X C, the Instance calculates the Session Key. 2.3.3 Instance Key Transformation End The Instance calculates the Public Key, X S and sends the Instance s Public Key to the Cloud Controller. After receiving the Controller s Public Key, the Instance calculates the Session Key. Thus, the Session Keys are calculated at the Cloud Controller Side as well as in the Instances by using Diffie- Hellman Key Exchange Algorithm. 2.3.4 Signature Generation The Cloud Controller loads the encrypted data into Hadoop Distributed File System. The RSA Algorithm is used for Encryption and Decryption of data. The Hadoop Distributed File System has five nodes namely Data Node, Name Node, Secondary Name Node, Job Tracker and Task Tracker. These nodes serve as the Instances. The Cloud Controller split the encrypted data and sends it to the nodes. The Cloud Controller generates signature using its secret key for n messages to be sent. The Cloud Controller sends the signature and task details for successful task execution and task transformation. Signature generation will be done in windows using java language and it will be transformed to Ubuntu platform through eclipse IDE using MapReduce perspective. Hadoop will be configured and opened as a virtual machine in VMware workstation which enables a system to run more than one operating system. Each server instance follows the same procedure to send back the executed task to Cloud Controller. M a r l i n S h i r l y. T e t a l Page 156

Key Size (bits) INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS 2.4 Use of Diffie-Hellman Key Exchange Algorithm 2.4.1 Session Key Calculation at the Controller The Controller chooses a larger Prime number P, a generator g, the primitive root of the prime number P. Choose a secret Value X C, the private key. Calculate Y C, the public key. Y C = (g) X C mod p Send Y C, the Controller s public key to the side Receive Y S, the s public key from the side. Calculate S, the Controller s Session Key. S = (Y S ) X C mod p. 2.4.2 Session Key Calculation at the Instance The Instance choose the large prime number p, a generator g, the primitive root of the prime number p. Select secret value X S, the private key Calculate Y S, the public key. Y S = (g) X S mod p. Send Y S, the s public key to the Controller side. Receive Y C, the Controller s public key from the Controller side. Calculate S, the s Session Key. S = (Y C ) X S mod p. 3 Results and Analysis The Improved Security Measures for Data in Key Exchange over Cloud Environment provides high security in terms of Big data Encryption. The Key Size of RSA Algorithm is up to 4096 bits. Thus security increases as the Key size increases. This approach provides perfect forward Secrecy and also reduces the computation load due to the decreased number of exponential calculations in the Secret key calculation rounds. In Big data, Security is the main concern and it is achieved using the Asymmetric algorithm such as RSA. 2500 2000 1500 1000 500 0 Algorithm and Key Sizes AES Algorithms RSA Figure 3: AES and RSA with 2048 bit Key Size The Secret key need not to be sent in the insecure medium since it is calculated by the Authorized individual. In fact the secret key cannot be generated from the public key that is broadcasted. The RSA algorithm Key Size can be from 2048 bit to 4096 bit M a r l i n S h i r l y. T e t a l Page 157

Key Size (bits) INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS 5000 4000 3000 2000 1000 0 Algorithm and Key Sizes AES Algorithms RSA Figure 4: AES and RSA with 4096 bit Key Size 4. Conclusion In Improved Security Measures for Data in Key-Exchange Approach the jobs are efficiently executed in parallel processing environment called Hadoop and the this scheme aims at efficient security aware scheduling of data intensive applications in hybrid computing environment such as cloud computing. The Asymmetric Encryption Algorithm provided high security with the increased Key size used for Encryption and Decryption because security is the main concern in Cloud Storage Environment. 5. Reference [1] Cloud storage. Available: http://www.webopedia.com/term/c/cloud_storage.html, accessed on 13 March, 2014 [2] RSA Algorithm. Available: http://en.kryptotel.net/rsa.html, accessed on 13 March, 2014 [3] L. Harn, Digital signature for Diffie-Hellman public keys without using a one-way function, Electronic Letters 33(2), 1997. [4] Chang Liu, Xugun Zhanh, Chi Yang, Jinjun Chen, CCBKE Session Key Negotiation for Fast and Secure Scheduling of Scientific Applications, Future Generation Computer Systems (29) 2013. M a r l i n S h i r l y. T e t a l Page 158

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information