Scur Usr Data in Using Encrypt Algorithms Rachna Arora*, Anshu Parashar ** *(Rsarch Scholar, HCTM, Kaithal, Haryana) ** (Associat Profssor, HCTM, Kaithal, Haryana) ABSTRACT is transming inmat tchnology. As inmat and procsss ar migra to th cloud, it is transming not only whr compu is don, but also fundamntally, how it is don. As incrasingly mor corporat and acadmic worlds invst in this tchnology, it will also drastically chang IT profssals working nvironmnt. solvs many problms of convntal compu, including handling pak loads, installing softwar updats, and, using xcss compu cycls. Howvr, th nw tchnology has also cratd nw challngs such as data scurity, data ownrship and trans-cod data storag. In this papr w hav discussd about cloud compu scurity issus, mchanism, challngs that cloud srvic r fac during cloud nginring and prsntd th mtaphoric study of various scurity algorithms. Kywords - Algorithms:, Blowfish, DES, RSA,, Data Scurity I. INTRODUCTION is th ability to accss a pool of compu rsourcs ownd and maintaind by a third party via th Intrnt. It is not a nw tchnology but a way of dlivring compu rsourcs basd on long xis tchnologis such as srvr virtualizat. Th cloud is composd of hardwar, storag, ntworks, intrfacs, and srvics that th mans through which usrs can accss th infrastructurs, compu powr, applicats, and srvics on dmand which ar indpndnt of locats. compu usually involvs th transfr, storag, and procssing of inmat on th rs infrastructur, which is not includd in th customrs control policy. Th concpt is linkd closly with thos of Inmat as a Srvic (IaaS), Platm as a Srvic (PaaS), Softwar as a Srvic (SaaS) all of which mans a srvic orintd architctur [1]. Hr coms th first bnfit of th i.. it rducs th cost of hardwar that could hav bn usd at usr nd. As thr is no nd to stor data at usr s nd bcaus it is alrady at som othr locat. So instad of buying th whol infrastructur rquird to run th procsss and sav bulk of data which You ar just rn th assts according to your rquirmnts. Th similar ida is bhind all cloud ntworks [2]. It uss rmot srvics through a ntwork using various rsourcs. It is basically mant to giv maximum with th minimum rsourcs i.. th usr nd is having th minimum hardwar rquirmnt but is using th maximum capability of compu. This is possibl only through this tchnology which rquirs and utilizs its rsourcs in th bst way. Th advantag of cloud compu ovr tradital compu includ: agility, lowr ntry cost, dvic indpndncy, locat indpndncy, and scalability [1]. In ordr to solv th problm of data intgrity chcking, many schms ar proposd undr diffrnt systms and scurity modls [2], [3], [4], [5], [6]. In all ths works, grat fts ar mad to dsign soluts that mt various rquirmnts: high schm fficincy, statlss vrificat, unboundd us of quris and rtrivability of data, tc. Considring th rol of th vrifir in th modl all th schms prsntd b fall into two catgoris: privat auditability and public auditability. Although schms with privat auditability can achiv highr schm fficincy, public auditability allows anyon not just th clint (data ownr), to challng th cloud srvr corrctnss of data storag whil kping no privat inmat. II. SECURITY ISSUES AND CHALLENGES OF CLOUD COMPUTING Scurity is considrd as on of th most critical aspcts in vryday compu and it is not diffrnt cloud compu du to snsitivity and importanc of data stord on th cloud. infrastructur uss nw tchnologis and srvics, most of which havn t bn fully valuatd with rspct to th scurity. has svral major issus and concrns, such as data scurity, trust, xpctats, rgulats, and prmancs issus. On issu with cloud compu is that th managmnt of th data which might not b fully trustworthy; th risk of malicious insidrs in th cloud and th failur of cloud srvics hav rcivd a strong attnt by companis. 1922 P a g
Whnvr w discussd about scurity of cloud compu, thr ar various scurity issus aris in path of cloud. Som of th scurity concrns and soluts of thm ar listd and dirctd blow: 2.1 SECURITY CONCERN 1 With th cloud physical scurity is lost bcaus of sharing compu rsourcs with othr companis. No knowldg or control of whr th rsourcs run. ENSUE: Scur Data Transfr 2.2 SECURITY CONCERN 2 Ensuring th intgrity of th data (transfr, storag, and rtrival) rally mans that it changs only in rspons to authorizd transacts. A common standard to nsur data intgrity dos not yt xists. ENSUE: Scur Softwar Intrfacs 2.3 SECURITY CONCERN 3 Customr may b abl to su cloud srvic rs if privacy rights ar violatd, and in any cas th cloud srvic rs may fac damag to thir rputat. Concrns aris whn it is not clar to individuals why thir prsonal inmat is rqustd or how it will b usd or passd on to othr partis. ENSUE: Data Sparat 2.4 SECURITY CONCERN 4 Who controls th / kys? Logically it should b th customr. ENSUE: Scur Stord Data 2.5 SECURITY CONCERN 5 In cas of Paymnt Card Industry Data Scurity Standard (PCI DSS) data logs must b to scurity mangrs and rgulators [6], [7], [8]. ENSUE: Usr Accss Control III. PROBLEM FORMULATION Thr ar various policis issus and thrats in cloud compu tchnology which includ privacy, sgrgat, storag, rliability, scurity, capacity and mor. But most important among ths to concrn is scurity and how srvic r assurs it to maintain. Gnrally cloud compu has svral customrs such as ordinary usrs, acadmia and ntrpriss who hav diffrnt motivats to mov to cloud. If cloud clints ar acadmia, scurity ffct on prmanc of compu and thm cloud rs hav to find a way to combin scurity and prmanc. For ntrpriss most important problm is also scurity but with diffrnt vis. So, w mainly concntrat on USER_CLOUD scurity of cloud compu using algorithm using particular proposd plan. IV. PROPOSED WORK PLAN W hav proposd diffrnt scurity algorithms to liminat th concrns rgarding data loss, sgrgat and privacy whil accssing wb applicat on cloud. Algorithms lik: RSA, DES,, Blowfish hav bn usd and comparativ study among thm hav also bn prsntd to nsur th scurity of data on cloud. DES,, Blowfish ar symmtric ky algorithms, in which a singl ky is usd / of mssags whras DES (Data Encrypt Standard) was dvlopd in arly 1970s by IBM. Blowfish was dsignd by Bruc Schnir in 1993, xprssly us in prmanc constraind nvironmnts such as mbddd systm. (Advancd Encrypt Standard) was dsignd by NIST in 2001. RSA is a public ky algorithm invntd by Rivst, Shamir and Adlman in 1978 and also calld as Asymmtric ky algorithm, th algorithm that uss diffrnt kys and purposs. Th ky sizs of all th algorithms ar diffrnt from ach othr. Th ky lngth of DES algorithm is 56. Th ky siz of algorithm is 128, 192, 256. Th ky siz of Blowfish algorithm is 128-448. Th ky siz of RSA algorithm is 1024. Using Nt bans IDE 7.3, and Java Run Tim Environmnt, w hav implmntd our ida in th m of and algorithms which hav discussd abov and also w hav mad comparison btwn thm on th basis of thir charactristics. V. SECURITY ALGORITHM USED IN CLOUD COMPUTING 5.1 RSA ALGORITHM Th most common Public Ky algorithm is RSA, namd its invntors Rivst, Shamir, and Adlman (RSA). RSA is basically an asymmtric / algorithm. It is asymmtric in th sns, that hr public ky distributd to all through which on can th mssag and privat ky which is usd is kpt scrt and is not shard to vryon. How RSA is going to work in cloud nvironmnt is xplaind as: RSA algorithm is usd to nsur th scurity of data in cloud compu. In RSA algorithm w hav d our data to scurity. Th purpos of scuring data is that only concrnd and authorizd usrs can accss it. Aftr data is stord in th cloud. So that whn it is rquird thn a rqust can b placd to cloud r. r authnticats th usr and dlivrs th data to usr. As RSA is a Block Ciphr in which vry mssag is mappd to an intgr. In th proposd cloud nvironmnt, Public known to all, whras Privat Ky known only to usr who originally owns th data. Thus 1923 P a g
is don by th cloud srvic r and is don by th cloud usr or consumr. Onc th data is d with th Public ky, it will b d using th corrsponding Privat Ky only. 5.2 ALGORITHM Advancd Encrypt Standard (), also known as Rijindal is usd scuring inmat. is a symmtric block ciphr that has bn analyzd xtnsivly and is usd widly now-a-days. How works in cloud nvironmnt?, symmtric ky algorithm is usd with ky lngth of 128- this purpos. As is usd widly now-a-days scurity of cloud. Implmntat proposal stats that First, Usr dcids to us cloud srvics and will migrat his data on cloud. Thn Usr submits his srvics rquirmnts with Srvic Providr (CSP) and chooss bst spcifid srvics offrd by r. Whn migrat of data to th chosn CSP happns and in futur whnvr an applicat uploads any data on cloud, th data will first d using algorithm and thn snt to r. Onc d, data is uploadd on th cloud, any rqust to rad th data will occur aftr it is d on th usrs nd and thn plain txt data can b rad by usr. Th plain txt data is nvr writtn anywhr on cloud. This includs all typs of data. This solut is transparnt to th applicat and can b intgratd quickly and asily without any changs to applicat. Th nvr stord nxt to th d data, sinc it may compromis th ky also. To stor th kys, a physical ky managmnt srvr can b installd in th usr s prmiss. This protcts data and kys and guarants that thy rmain undr usr s control and will nvr b xposd in storag or in transit. has rplacd th DES as approvd standard a wid rang of applicats. 5.3 DES ALGORITHM Th Data Encrypt Standard (DES) is a block ciphr. It s data in blocks of siz 64 ach. That is 64 of plain txt gos as input to DES, which producs 64 of ciphr txt. Th sam algorithm and ky ar usd and, with minor diffrncs. Th ky lngth of this algorithm is 56 ; howvr a 64 actually input. DES is thr a symmtric ky algorithm. 5.4 BLOWFISH ALGORITHM Blowfish is a symmtric ky cryptographic algorithm. Blowfish s 64 bit blocks with a variabl lngth ky of 128-448. According to Schnir, Blowfish was dsignd with th followings objctivs in mind: a) Fast- Blowfish rat on 32-bit microprocssors is 26 clock cycls pr byt. b) Compact- Blowfish can xcut in lss 5 kb mmory. c) Simpl-Blowfish uss only primitiv oprat -s, such as addit, XOR and tabl look up, making its dsign and implmntat simpl. d) Scur- Blowfish has a variabl ky lngth up to maximum of 448-bit long, making it scur and flxibl. Blowfish suits applicats whr th ky rmains constant a long tim (.g. Communicats link ), but not whr th ky changs frquntly (.g. Packt Switching). 5.5 IMPLEMENTATION AND RESULTS Implmntat of algorithms has bn don using NtBans IDE with Java. Coding s usd algorithms hav shown blow: Coding 1 usd making data scur Coding 2 usd making data scur 5.6 RESULTS 5.6.1 CHARACTERISTICS AND COMPARISON OF ALGORITHMS TABLE 1 Charact RSA BLOW DES ristics Platm Ky Siz 128,19 2,256 1024 FISH 32-448 56 Ky Usd Sam Public Sam For 1924 P a g
Scalabilit y Initial Vctor Siz Scurity Data Encrypti on Capacity Authnti cat Typ Mmory Usag Excutio n Tim usd to and th blocks. 128 Scur r and usr. Usd of larg amount of data Bst authnt icity r Low RAM ndd Fastr othrs usd and privat ky, Not 1024 Scur usr only Usd of small data Robust authnt ic impl mntat Highst mmor y usag algorith m Rquir s maxim um tim usd and of data. and sam usd. 64 64 Scur rs and usr/cli nt sid Lss Compa rabl to Can xcut in lss 5 kb Lssr tim to xcut Scurit y applid to rs and usr Lss Lss authnt ic. Mor Equals to VI. CONCLUSION AND FUTURE PROSPECTS In this papr algorithms hav bn proposd to mak cloud data scur, vulnrabl and gav concrn to scurity issus, challngs and also comparisons hav bn mad btwn, DES, Blowfish and RSA algorithms to find th bst on scurity algorithm, which has to b usd in cloud compu making cloud data scur and not to b hackd by attackrs. Encrypt algorithms play an important rol in data scurity on cloud and by comparison of diffrnt paramtrs usd in algorithms, it has bn found that algorithm uss last tim to xcut cloud data. Blowfish algorithm has last mmory rquirmnt. DES algorithm consums last tim. RSA consums longst mmory siz and tim. By doing implmntat all algorithms in IDE tool and JDK 1.7, th dsird output th data on cloud compu has bn achivd. In today s ra dmand of cloud is incrasing so th scurity of th cloud and usr is on top concrn. Hnc, proposd algorithms ar hlpful today s rquirmnt. In futur svral comparisons with diffrnt approachs and rsults to show ffctivnss of proposd framwork can b d. ACKNOWLEDGEMENT Our Thanks to HCTM, Kaithal dvlopmnt of this papr. REFERENCES Journal Paprs: [1] Zhidong Shn, Li Li, Fi Yan, Xiaoping Wu, Systm Basd on Trustd Platm, Intrnatal Confrnc on Intllignt tat Tchnology and Automat, Volum 1, May 2010, On pag(s): 942-945. [2] Parson, S., Bnamur, A., Privacy, Scurity and Trust Issus Ariss from, Tchnology and Scinc (Com), IEEE Scond Intrnatal Confrnc 2010, On pag(s): 693-702. [3] Rohit Bhadauria and Sugata Sanyal, A Survy on Scurity Issus in and Associatd Mitigat Tchniqus. Intrnatal Journal of tr Applicats, Volum 47- Numbr 18, Jun 2012, On pag(s): 47-66. [4] Mohammd, E.M, Amblkadar, H.S, Enhancd Data Scurity Modl on, 8 th Intrnatal Confrnc on IEEE publicat 2012, On pag(s): cc-12- cc-17 [5] Sang Ho. Na, Jun-Young Park, Eui- Nam Huh, Prsonal Scurity Framwork, Srvic Confrnc (APSSC), Dc 2010 IEEE, On pag(s): 671-675. [6] Wang, J.K.; Xinpi Jia, Data Scurity and Authnticat in hybrid cloud compu modl, Global High Tch Congrss on Elctronics (GHTCE), 2012 IEEE, On pag(s): 117-120. [7] Ptr Mll, Timothy Granc, Th NIST Dfinit of, January 2011. http://docs.ismgcorp.com/fils/xtrnal/draf t-sp-800-145_cloud-dfinit.pdf. 1925 P a g
[8] Iankoulova, I.; Danya, M., compu scurity rquirmnts: A systmatic rviw, Rsarch Challngs in Inmat Scinc (RCIS), Sixth Intrnatal Confrnc on, 2012, On pag(s): 1-7. [9] Scurity Allianc, Top Thrats to V1.0,http://www.cloudscurityall ianc.org/topthrats. [10] Lizh Wang, Grgor von Laszwski, Marcl Kunz, Ji Tao, Chng Fu, Xi H, Andrw Young, : A Prspctiv Study, Nw Gnrat - Advancs of Distributd Inmat Procssing, Volum 28, Issu 2, April 2010, On pag(s): 137-146. [11] Punt Jai Kaur, Sakshi Kaushal, Scurity Concrns in, Communicat in tr and Inmat Scinc Volum 169 in 2011, On pag(s): 103-112. [12] Shui Zhang, Shufn Zhang, Xubin Chn, Xiuzhn Huo, Rsarch and Dvlopmnt Trnd, Scond Intrnatal Confrnc on Futur Ntworks (ICFN), IEEE Publicats, January 2010, On pag(s): 93-97. [13] Parson, S., Bnamur, A., Privacy, Scurity and Trust Issus Ariss from, Tchnology and Scinc (Com), IEEE Scond Intrnatal Confrnc,2010, On pag(s): 693-702. Books: [14] McGraw Hill,, A Practical Approach, By Toby Vlt, Anthony Vlt, Robrt Elsnptr. [15] Furht,B., and Escalant,A. (2010). Handbook of. Nw York: Springr. Chaptrs in Books: [16] Toby Vlt, Anthony Vlt, and Robrt Elsnptr,, A Practical Approach, Chaptr 8, Storag, in 2012, On pag(s): 234-253. [17] Vams Krishna Yarlagadda and Sriram Ramanujam, Data Scurity in, Volum 2 (1) in 2011, On pag(s): 15-23. Procding Paprs: [18] W.J. Book, Europan Ntwork and Inmat Scurity Agncy (ENISA), 29 th IEEE Confrnc on Bnfits, Risks and Rcommndats. 1926 P a g