Combining Two Factor Authentication and Public Key Encryption to Ensure the Authentication in Cloud Computing

Transcription

1 Combining Two Factor Authentication and Public Key Encryption to Ensure the Authentication in Cloud Computing Rajesham Gajula *1 Dr. Ahmed Abdul Moiz Qyser *2 N. Rajender *3 *1 Assistant Professor, Department of CSE, *2 Professor and Head of the Department *12 MuffakhamJah College of Engineering and Technology, Hyderabad, Telangana, India. *3 Associate Professor, Nalla Narashima Reddy Education Societye s Group of Institutions. Abstract There is huge data explosion from diverse of data sources and this huge amount of data is stored in cloud environment. There are so many security threats for sensitive data which is stored on cloud environment. Even though there are some security measures are applied to counter the threats still the security problems are warning and worrying the cloud users. Authentication checking plays a major role in securing the data from unauthorized user s access. Here we have given a proposal to improve the security by using Combining Two Factor Authentication and Public Key Encryption to Secure the Data in Cloud Computing. Two factor authentication and public key encryption are bladed in view of increasing the security. Keywords Cloud Computing, Authentication, Factor of Authentication, Public Key Encryption. I. INTRODUCTION Cloud Computing became a buzzword in information technology world. Many software industries are coming forward with cloud computing services like Microsoft, Google and Amazon. Data is exploding from wide variety of sources as we are entered into the arena of Cloud Computing. There may be sensitive data which is to be stored on cloud hence there is robust and strong technique is in demand to secure the data. One of the standard definition National Institute of Standard and Technology (NIST) [1] defined cloud computing as a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., Network, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing is typically classified in two ways: 1) Location of the cloud computing 2) Type of services offered Based on the Location of the cloud, Cloud computing is typically classified in the following three ways: Public cloud: In Public cloud the computing infrastructure is hosted by the cloud vendor at the vendor s premises. The customer has no visibility and control over where the computing infrastructure is hosted. The computing infrastructure is shared between many different organizations. Private cloud: The computing infrastructure is dedicated to a particular organization and not shared with other organizations. Private clouds are more expensive and more secure when compared to public clouds. Private clouds are of two types: On-premise private clouds and externally hosted private clouds. Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. Externally hosted private clouds are cheaper than On-premise private clouds. Hybrid cloud: Organizations may host critical applications on private clouds and applications with relatively less security concerns on the public cloud. The usage of both private and public clouds together is called hybrid cloud. A related term is Cloud Bursting. In Cloud bursting organization use their own computing infrastructure for normal usage, but access the cloud using services like Salesforce s cloud computing for peak load requirements. This ensures that a sudden increase in computing requirement is handled efficiently. Community cloud: Involves sharing of computing infrastructure in between organizations of the same community. For example all Government organizations within India may share computing infrastructure on the cloud to manage data related to citizens residing in India. Based upon the services offered, clouds are classified in the following All Rights Reserved 118

2 Infrastructure as a service (IaaS) involves offering hardware related services using the principles of cloud computing. These could include some kind of storage services (database or disk storage). Famous vendors those offering Infrastructure as a service are Amazon EC2, AmazonS3, Rackspace Cloud Servers and Flexiscale [2]. Platform as a Service (PaaS) involves offering a development platform on the cloud. Platforms provided by different vendors are not compatible. Some vendors of PaaS are Google s Application Engine, Microsoft s Azure, Salesforce.com s force.com, etc[2]. Software as a service (SaaS) includes a complete software offering on the cloud. Users can access a software application hosted by the cloud vendor on pay-per-use basis. This is a well-established sector. The pioneer in this field has been Salesforce.com s offering in the online Customer Relationship Management (CRM) space. Other examples are online providers like Google s gmail and Microsoft s hotmail, Google docs and Microsoft s online version of office called BPOS (Business Productivity Online Standard Suite)[2]. There are different issues in cloud computing like reliability, availability of services and data, security, complexity, costs, regulations and legal issues, performance, migration, issues of privacy etc. In this paper we are proposing a different and efficient approach of authentication. II. LITERATURE SURVEY Data is more crucial resource in information space. We have to give priority to secure the data by using various techniques to fulfill the availability characteristic of data. Authentication checking is vital in pursuit of data security in any environment. Authentication can be defined as a process by which a system validates the identity of a User who wishes to access it. In remote authentication there are three factors of authentication are present those are 1) Something the client knows 2) Something the client has 3) Something the Client is In something the client knows [3] comes under the One Factor Authentication. In this authentication generally passwords are used check the authentication. This authentication is not strong because the passwords can be cracked easily. Something the Client has [2] is Two Factor Authentication. In this authentication the client authentication provide by the smart card, Wireless RFID based tokens, USB tokens and Audio Port tokens, one time passwords. The third type of authentication is three factor authentications using something the user is. This authentication is achieved by biometric authentication like finger print scan, voice scan and iris scan. This three factor authentication improves the security more than the remaining two types of authentication schemes. Different authentication mechanisms are discussed in Multi factor Authentication in Cloud Computing for Data Storage Security [4]. In Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing, proposed a shared authority based privacy-preserving authentication protocol (SAPA) to address privacy issue for cloud storage [5]. An Efficient Protocol with Bidirectional Verification for Storage Security in Cloud Computing in this first they design an auditing framework for cloud storage systems and propose an efficient and privacy-preserving auditing protocol. Then, they extended auditing protocol to support dynamic data operations, which is efficient and has been proven to be secure in the random oracle model. Further they extended auditing protocol to support bidirectional authentication and statistical analysis [6]. Feasibility of implementation of various types of multi-factor authentication protocols are discussed in Feasibility of Implementing Multi-factor Authentication Schemes in Mobile Cloud Computing [7]. In this paper the security and privacy of these algorithms are analyzed and some future directions are also recommended. In Membership proof and verification in authenticated skip lists based on heap an authenticated skip list is used for authentication verification. Authenticated skip list is designed using two stacks in which one stack is for storing traversal chain and another one for storing authentication path [8]. In Authentication in the Clouds: A Framework and its Application to Mobile Users, the authors proposed a framework for authentication to mobile user where there are limited resources like processor and power All Rights Reserved 119

3 Different ciphers are used to provide security to data. Cipher is combination of Encryption and Decryption algorithms. There basically two types of ciphers based on key used. One is Symmetric Key Encryption. The Second one is Asymmetric Key Encryption which is known as Public Key Encryption. The meaning of the word Symmetric is same or identical. In symmetric Key encryption same keys are used for encryption and decryption. Block ciphers like DES (Data Encryption Standard), AES (Advanced Encryption Standard) and IDEA (International Data Encryption Algorithm) are comes under the category of Symmetric Encryption. The Symmetric Key Encryption requires more computational power and time as more complex operations are performed iteratively. Further there should be a trusted third party to carry out the key exchange operation between the end user/clients. In Asymmetric Key Encryption different keys are use at encryption site and decryption site. One Key is used for encryption and another key used for decryption and it is not possible to get the encryption key with the help of decryption key. The examples of Asymmetric Key Encryption algorithms are RSA, ElGamal and Elliptical Curve Cryptography. III. PROPOSED SYSTEM In this paper we are proposing a different authentication scheme to provide security to data in cloud computing by combining the Two Factor Authentication and Public Key Encryption. Authentication checking is done in two phases in the proposed system. In first phase two factor authentication [9] is used and in second phase public encryption is used. In two factor authentication password and one more token which is a pseudorandom number is used for checking authentication. In second phase any public key encryption is use like RSA [10], ElGamal Cryptosystem [11] or Elliptic Curve Cryptography (ECC) [12]. Every public key cryptosystem exhibits advantages and disadvantages. We are proposing Two Factor Authentication to improve security and public key encryption as the public key encryption is strong, consumes less computation power and in which Key distribution is not required. Two Factor Authentications: User login remote system with the User Id and Password. Upon receiving the user id and password the cloud server check for authentication if the given User Id and Passwords are valid then for two factor authentication purpose the cloud server sends an encrypted pseudorandom number to client by using the public key. The client has to decrypt the pseudorandom number which is sent by the cloud server with its key. After the decryption then the client re-encrypt the pseudorandom number with the public key and send back to the cloud server. Clouds Sever will check compare the sent pseudorandom number and receive pseudorandom number. If those are same then it allows accessing the data or it rejects the client for further access of the data. The schematic diagram of the proposed system is given in Fig1 The Notations of Fig 1: UId, PW => User Id and Password (PN)PK => PN is Pseudorandom Number and PK is Public Key. (PN)PK means Pseudorandom Number encrypted using public Key Our proposed system Combining Two Factor Authentication and Public Key Encryption to Secure the Data in Cloud Computing is depicted in the fig2 and the process is as follows Step1: Client Login with login credentials Setp2: Cloud Server validates the password. If the password is valid then it proceeds to next step3 else cloud rejects that the client as unauthenticated client. Step3: Cloud Server Generates a pseudorandom number and it encrypt that with public key. Step 4: The encrypted pseudorandom number will be sent to client. Step5: Client receives the encrypted pseudorandom number and decrypts with its private key. Step6: The Client sends the pseudorandom number by encrypting with public key. Step7: The Cloud Server decrypts the encrypted pseudorandom number. Step8: If the generated pseudorandom number and received pseudorandom number is same All Rights Reserved 120

4 client will be treated as authentic otherwise it will be treated as unauthentic. gradation of this system by using multi factor authentication for real time cloud communication. REFERENCES IV. CONCLUSIONS This system provides more security as we are using two factor authentication and public key encryption combination for authentication purpose. Though it is more secure there is still scope for up [1] P. Mell and T. Grance, The NIST Definition of Cloud Computing, September [2] Taxonomy of cloud computing services C.N. Hoefer and G. Karagiannis [3] A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems, Xinyi Huang, Yang Xiang, Ashley Chonka, Jianying Zhou, and Robert H. Deng, IEEE Transactions On Parallel And Distributed Systems, Vol. 22, NO. 8, August 2011 [4] Multi factor Authentication in Cloud Computing for Data Storage Security, by Deepa Panse, P. Haritha, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 4, Issue 8 August 2014 [5] Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing, in Cloud Computing Hong Liu, Student Member, IEEE, Huansheng Ning, Senior Member, IEEE, Qingxu Xiong, Member, IEEE, and Laurence T. Yang, Member, IEEE, in IEEE Transactions On Parallel And Distributed Systems, Vol. 26, NO. 1, January 2015 [6] An Efficient Protocol With Bidirectional Verification for Storage Security in Cloud Computing, Bin Feng, Xinzhu Ma, Cheng Guo, Hui Shi, Zhangjie Fu, (Member, IEEE) and Tie Qiu (Senior Member, IEEE) [7] Feasibility of Implementing Multi-factor Authentication Schemes in Mobile Cloud Computing Mojtaba Alizadeh, Wan Haslina Hassan, Touraj Khodadadi in 2014 Fifth International Conference on Intelligent Systems, Modeling and Simulation [8] Membership Proof and Verification in Authenticated Skip Lists Based on Heap by Shuanghe Peng, Zhige Chen, Deen Chen [9] Authentication in the Clouds: A Framework and its Application to Mobile Users, Richard Chow, Markus Jakobsson and Ryusuke Masuoka [10] Using Two - factor Authentication Systems to Prevent Social Phishing & Man in the Browser Attacks for Internet Banking, Zhe SUN (Zsun012) [11] The RSA Algorithm Evgeny Milanov 3 June 2009 [12] The ElGamal Cryptosystem Andreas V. Meier June 8, 2005 [13] I. Blake, G. Seroussi, and N. Smart: Elliptic Curves in Cryptography. Cambridge, U.K.: Cambridge University Press, 1999, Vol All Rights Reserved 121

5