An approach for secured data transmission at client end in cloud computing

472 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
472
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

An approach for secured data transmission at client end in cloud computing

  1. 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 381 AN APPROACH FOR SECURED DATA TRANSMISSION AT CLIENT END IN CLOUD COMPUTING Suvendu Chandan Nayak, Sasmita Parida Department of Computer Science & Engineering, C.V. Raman College of Engineering, Bhubaneswar, India ABSTRACT- Now a day’s cloud computing is the most recent network infrastructure architecture model which provides convenient, on-demand access to a shared pool configurable computing resources. In this paper we proposed an algorithm for data security for Software as a Service (SaS) model. When a client is accessing the applications from the cloud service provider the client is not aware of getting the right data from the authorized cloud or unauthorized cloud. Because during transmission the attacker may hack the authorization and bypass to any fake cloud. In this paper we are using the authorization function along with a key .The key is updated in both end at client and cloud server. During transmission the updated key is verified for authorization. Though the key is updated during transmission it is too difficult for middle ware attacker in cloud as compared to private key and public key concept. Keywords: Authorization, Attacker, Private Key, Public Key, SaS. I. INTRODUCTION In today’s competitive environment, the service dynamism, elasticity, and choices offered by the highly scalable technology are too attractive for enterprises. The most suitable emerging technology is cloud computing which provides many opportunities for enterprises by offering a range of computing services. Cloud computing demanding from m its audience to such as “secure cloud” or “Trust me” do not help much to boost the trust level of consumers [5]. Cloud computing is typically classified based on either their deployment or service models represents cloud models based on the NIST definition framework [1]. Cloud deployment models can be classified as private, public, community, and hybrid cloud. According to IDC [2], the most beneficial aspects of using cloud include fast and easy deployment, the pay-per-use model, and reduction of in-house IT costs. However, they also point out that security is the most important issue to be addressed in order to promote the widespread use of cloud computing. Broadly speaking, trust means an act of faith confidence and reliance in something that’s expected to behave or deliver as INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) ISSN 0976 – 6367(Print) ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), pp. 381-389 © IAEME: www.iaeme.com/ijcet.asp Journal Impact Factor (2013): 6.1302 (Calculated by GISI) www.jifactor.com IJCET © I A E M E
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 382 promised [3].Belief in the competence and expertise of others, such that you feel you can reasonably rely on them to care for your valuable assets is described in [4]. Security plays a central role in preventing service failures and cultivating trust in cloud computing. In particular, cloud service providers need to secure the virtual environment, which enables them to run services for multiple clients and offer separate services for different clients. Cloud computing security concerns all the aspects of making cloud computing secure. Many of these aspects are not unique to the cloud setting: data is vulnerable to attack irrespective of where it is stored. Therefore, cloud computing security encompasses all the topics of computing security, including the design of security architectures, minimization of attack surfaces, protection from malware, and enforcement of access control. But there are some aspects of cloud computing security that appear to be specific to that domain [6]. Researchers have proposed number of security algorithms, security challenges, and security issues for cloud computing within a few years, till it is a big challenge for the researchers. The proposed security algorithms are based upon the traditional security solutions using public or private key concept . During transmission of the data or information the middle ware attacker can modify the integrity and scalability of these data or information. In this paper we proposed an algorithm by using authentication function and key which is updated during transmission of the data or information in both ends. The key value will be checked by sending the request message at any instance during transmission for secured data or information transmission in between client and service provider. The layout of the remainder of this paper is given as follows: In Section II, a review of literature has been presented in the area of security issues, security challenges and different solutions. The proposed system is described in Section III. In section IV the algorithm is proposed for middle man attack and packet dropping. However conclusion and possibilities for future work are illustrated in Section V. II. STATE OF THE ART When enterprises consign their data to cloud computing (data representing both their own interests and those of their clients), it creates two folds of a complex trust relationship. First, the enterprise must trust the cloud provider. Second, the enterprise must ascertain that its clients have enough reason to trust the same provider[7] .In a typical application, the user is compensated if the service isn’t delivered as expected. Cloud providers similarly use service-level agreements (SLAs) to boost consumers’ trust. Unfortunately, these might not help in cloud computing. The basic challenge is in poor key management procedures. As noted in a recent European Network and Information Security Agency study,[8] cloud computing infrastructures require management and storage of many different kinds of keys.Besause virtual machines don’t have a fixed hardware infrastructure and cloud-based content is often geographically distributed, it’s more difficult to apply standard controls—such as hardware security module (HSM) storage—to keys on cloud infrastructures. Finally, security metrics aren’t adapted to cloud infrastructures. Currently, there are no standardized cloud-specific security metrics. that cloud customers can use to monitor the security status of their cloud resources. Until such standard security metrics are developed and implemented, controls for security assessment, audit, and accountability are more difficult and costly, and might even be impossible to employs standardized cloud-specific security metrics, that cloud customers can use to monitor the security status of their cloud resources. Until we develop and implement usable logging and monitoring standards and facilities, it’s difficult—if not impossible— to implement security controls that require logging and monitoring [9]. The importance of ensuring the remote data integrity has been highlighted by the researcher in [10]–[11]. These techniques, while can be useful to ensure the storage correctness without having
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 383 users possessing data,can not address all the security threats in cloud data storage, since they are all focusing on single server scenario and most of them do not consider dynamic data operations. As an complementary approach, researchers have also proposed distributed protocols [12]–[13] for ensuring storage correctness across multiple servers or peers. In order for enterprises to extend control to data in the cloud, the researcher proposed shifting from protecting data from the outside (system and applications which use the data) to protecting data from within. We call this approach of data and information protecting itself information-centric [14], [15], [16] . This self-protection requires intelligence be put in the data itself. Data needs to be self- describing and defending, regardless of its environment. Data needs to be encrypted and packaged with a usage policy. When accessed, data should consult its policy and attempt to re-create a secure environment using virtualization and reveal itself only if the environment is verified as trustworthy (using Trusted Computing). Information-centric security is a natural extension of the trend toward finer, stronger, and more usable data protection. In Fig-1 the user’s data is stored in the cloud server. The cloud service provider has number of cloud servers in distributed manner. The user is unknown where the data is stored or accessed. To provide the trust different mechanism are proposed for cloud security which is discussed early.TPA (Third Party Auditor)is one of them which is optional. When an user communicating for data flow with cloud server TPA monitors communication for security purpose. If security fails the TPA alarms both the user and cloud service provider.TPA is completely depends upon the user’s trust, though the security is provided by third party. K. Vieira, A. Schulte have discussed Intrusion Detection System (IDS) is the most popular method of defense the attacks [17]. Fig-1: Cloud data storage and access architecture In case IDS each cloud should be loaded with separate IDS. The different intrusion detection systems work on the basis of information exchange. In case a specific cloud is under attack, then the co-operative IDS alert the whole system. IDS is provides security to the cloud not the client. It is not providing any mechanism for man in middle attack when data flow takes place. A detailed study towards preventing man in the middle attacks has been presented in [18]. In this work we proposed an algorithm which can implemented for secured data transmission. When the client gets authentication from the cloud server for use of any application the middle ware attacker may hack the data during transmission. The client may not sure about the application from authorized cloud or fake cloud. This proposed work also detect the packet loss during transmission using the key and key function.
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 384 III. PROPOSED SYSTEM The cloud acts as a big black box, nothing inside the cloud is visible to the clients. The Clients have no idea or control over what happens inside a cloud even if the cloud provider is honest, it can have malicious system admins who can tamper with the VMs and violate confidentiality and integrity. Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy issues, plus some additional attacks. Cloud computing definitely makes sense if your own security is weak, missing features, or below average. Ultimately, if • The cloud provider’s security people are “better” than yours (and leveraged at least as efficiently), • The web-services interfaces don’t introduce too much new vulnerability. The cloud provider aims at least as high as you do, at security goals, then cloud computing has better security. In case of private cloud computing it is very challenging one to provide the proper security for the client. Data encryption using private and public are used .But encryption does not provide any information about the secured communication instead of data security during data communication .Our proposed system provides both secured communication and packet loss during transmission. The proposed system uses a function which is called key_function ( ) and the random number which is called key.The key value is initially assigned with 0 (zero).The basic mechanism for the key is that the key is incremented by one using key_function ( ) when the packet is sent or received .The key will be updated by one for every packet in both the ends for receiving and sending of packets .The packet may be request packet or acknowledgement packet or data packet. During transmission of packet an user can sent a verifying packet along with the current key to match the key values at sender end.Though the key is updated at both ends, by verifying the key a client can be conform that the application transmitted from the sever is right one and there is no middle man attack or in the middle of transmission the data packet is secured. Fig-2 Data flow between client and cloud server Fig-2 shows the data flow between client and cloud server by authorization. There are many cloud servers, the cloud service provider verifies the authentication for the user. The basic problem is after authorization the data should be securely transmitted to client end. Suppose the client is accessing very sensitive data from the cloud server. The cloud service or the cloud server is not providing any mechanism for the security of sensitive data. All responsibility goes to client. The data
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 385 packet may be tampered or may be modified or raw data packet may be send by a middle man during transmission. Fig-3 Man in middle attack Fig-3 shows the work of a middle man attacker. The attacker may added some duplicate packet and send to the client where the client is unable to get the actual data send by the server. In the fig-4 green color packets are actual data packet and the red color packets are the modified packets of actual packets modified by the middle man attacker. The attacker can take any data packet(frame) and finding the source address, destination address and packet ID.Then creates the new packets with the same identification and starts sending to the client instead of actual packet send by cloud server. In this work we proposed an algorithm to avoid this type of problems. When a client sends request to the cloud server for communication, the server provides authentication and sends the Key_function ( ) to authorized client along with the key value as 0(zero).Then starts sending the packets.For each packets the key value is updated by one.After receiving few packets if the client wants to verify the whether the communication is secured or not,the client sends the verifying packet with the key.The key will be verified at the server end if key is mismatched the server stop sending packets and disconnected the communication.Then reconnection request may send by the client.The proposed system works as follows. For Requesting Server Client request Key_function( ) Key=1 Fig-4 connecting to server When the replay packet along with the key_function( ) is received at client the key is set as 1(key=1). Now both the end the key is equal i.e 1.Let assume that the key_function( ) is denoted as kf( ) .And the key is a set of integer numbers denoted as K={k1,k2,k3,k4…..kn } starting from 0 to n.
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 386 Packet Transmission and packet loss detection Client Server Key=1 Key=1 K=2 K=2 K=5 K=5 K=6 K=5 Drop K=6 NACK with k=5 K=6 K=7 K=7 Fig-5: Mechanism for packet loss and transmission In the above discussion when the connection is established both end have the same key value k=1 which is possible when the +ve ACK signal send by the server.The server sends the key_function( ) along with +veACK signal and set its k=1 by the key_function( ).When the +veACK received at client end the Key_function( ) sets client key i.e k=1.For every packet send by the srever the key value k will be incremented by 1(one) by key_function( ). Similarly for every packet received by the client the key will be incremented by 1(one) with the key_function( ) provided by server. Let a packet is dropped when the k=6 at server end. Though the packet is dropped client will not received the packet. So the key at client end is k=5.When time out occurs the client sends NACK with key value k=5.The key is received and matched with original key value k=6 at server end by which the same packet is resend and key is again updated to k=7. Man in Middle In case of man in middle the packets containing data may be modified by the key hacked by attacker. Attacker may send some duplicate packets to the client which is not containing actual data. So the client should know that there is middle man attacker which is changing the actual data.In the below scenario in the middle of data transmission client verifies whether the transmission is secured or not and the transmitted from the authorized cloud or not.
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 387 Fig-6: Mechanism for detecting middle man attack When the key value k=5 at server end, let the packet is modified by the middle man attacker. The modified packet is receiver at client end and the key is set k=5.Now client verifies the transmission by send the verifying packet with the updated key k=6.The verifying packet received at server end and key is updated to k=7.After receiving verifying packet server sends an ACK with the key k=7 and set k=8.Now the ACK packet contains k=7 .Though there is middle man attack the ACK packet will be tampered or modified so the key which is not known to the attacker will be modified. The packet received at client end matches the key in the ACK packet and its own key value of k by key_function( ).If mismatch then there is middle man attack. IV. PROPOSED ALGORITHM In the proposed algorithm the key i.e k and key_function( ) are used in the server end and initially k=0.For requesting server by the client the k anf key_function( ) are not used.It is provided by server when the request is granted. Server End(For Receiving packet) [Initialize k=0]. Step 1:[verify received packet P] if ( P is request packet) Send ACK with key_function( ) and k=0 Call key_function( ) Step 2: if( P is verifying packet) Send ACK with current value of k
  8. 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 388 call key_function( ) step 3: if(P is NACK) Match received k value with current k value(Kr and Kc) if(Kr is not equal Kc) resend packet from k=kr call key_function( ) Server End(Sending Packet) Step 1: keep key value k and send packet Call key_function( ) Client End(Receiving packet) Step 1 :Match the both key If(Kr is equal Kc ) Call key_function( ) else data is not secured disconnect and resend request to server for reconnection . key_function( ) key_function( k) { Increment k by 1 } V. CONCLUSION AND FUTURE WORK The paper has proposed an algorithm and mechanism for detection of middle man attack and packet drop during transmission. We have used a simple function and the key in the system which is cost effective and easy to implement. This technique is robust and adaptive for secured data transmission in cloud computing for sensitive data. This technique is robust and adaptive for secured data transmission in cloud computing for sensitive data. The proposed system also provides the mechanism for the client to know whether the data transmitted from the authorized server or not. The mechanism that is proposed is completely client based instead of TPA. In the middle of data transmission the client can verify whether the transmission is secured or not. The above proposed system can be implemented and verified in different network topology for secured data transmission. Instead of key_function( ) different hashing function can be used and implemented in future. REFERENCE [1] Mell Peter, Grance Tim. Effectively and securely using the cloud computing paradigm, <http://csrc.nist.gov/groups/SNS/cloud-omputing/cloudcomputing- v26.ppt> retrieved 18.04.11, 2011 [2] IDC Blogs. IT cloud services user survey, pt.2: top benefits & challenges; 2011. <http://blogs.idc.com/ie/?p=210> retrieved 20.04.11. [3] C. Costa and K. Bijlsma-Frankema, “Trust and Control Interrelations,” Group and Organization Management,vol. 32, no. 4, pp. 392–406,2007. [4] M. Lund and B. Solhaug, “Evolution in Relation to Risk and Trust Management,” Computer,pp. 49–55, May 2010. [5] D. Gambetta, “Can We Trust Trust?” Trust: Making and Breaking Cooperative Relations, Basil Blackwell , pp. 213–237,1988.
  9. 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976- 6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME 389 [6] Chen, Y., Paxson, V., Katz, R.H. What’s new about cloud computing security? Technical Report UCB/EECS-2010-5, Electrical Engineering and Computer Sciences, University of California at Berkeley, 2010. [7] B. Michael, “In Cloud Shall We Trust?” IEEE Security & Privacy, Sept./Oct. p. 3,2009. [8] European Network and Information Security Agency (ENISA), Cloud Computing: Benefits, Risks and Recommendations for Information Security, www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- NOV,2009. [9] Bernd Grobauer, Tobias Walloschek, and Elmar Stöcker “Understanding Cloud Computing Vulnerabilities” IEEE computer and reliability societies, march/april 2011 [10] A. Juels and J. Burton S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc. of CCS ’07, pp. 584–597, 2007. [11] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, “Scalable and Efficient Provable Data Possession,” Proc. of SecureComm ’08, pp. 1–10, 2008. [12] T. S. J. Schwarz and E. L. Miller, “Store, Forget, and Check: Using Algebraic Signatures to Check Remotely Administered Storage,” Proc.of ICDCS ’06, pp. 12–12, 2006. [13] K. D. Bowers, A. Juels, and A. Oprea, “HAIL: A High-Availability and Integrity Layer for Cloud Storage,” Cryptology ePrint Archive, Report 2008/489, 2008, http://eprint.iacr.org/. [14] Amazon's terms of use. http://aws.amazon.com/agreement. [15] EMC, Information-Centric Security. http://www.idc.pt/resources/PPTs/2007/IT&Internet_Security/12.EMC.pdf. [16] Don’t cloud your vision. http://www.ft.com/cms/s/0/303680a6-bf51-11dd-ae63-0000779fd18c.html?nclick_check=1. [17] K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, “Intrusion detection techniques for Grid and Cloud Computing Environment,” IT Professional, IEEE Computer Society, vol. 12, issue 4, pp. 38-43, 2010. [18] Kapil Tomar, Niraj Singhal and Sunil Kumar, “Software as a Service Security: Challenges and Solutions”, International Journal of Computer Engineering & Technology (IJCET), Volume 2, Issue 1, 2011, pp. 53 - 60, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375. [19] A.Madhuri and T.V.Nagaraju, “Reliable Security in Cloud Computing Environment”, International Journal of Information Technology and Management Information Systems (IJITMIS), Volume 4, Issue 2, 2013, pp. 23 - 30, ISSN Print: 0976 – 6405, ISSN Online: 0976 – 6413. [20] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security in Cloud Computing”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012, pp. 258 - 265, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.

×