A Grid is a collection of resources that are available for an application to perform tasks. Grid resources are heterogeneous, geographically distributed and belong to different administrative domains. Hence security is a major concern in a grid system. Authentication, message integrity and confidentiality are the major concerns in grid security. Secure group communication is brought about by effective key distribution to authenticated users of the channels serviced by resources. The proposed approach facilitates reduced computation and efficient group communication. It also ensures efficient rekeying for each communication session. The security protocol has been implemented and tested using Globus middleware.
Strong zero knowledge authentication based on the session keys (sask)IJNSA Journal
This document proposes a new authentication protocol called Strong Zero-Knowledge Authentication Based on Session Keys (SASK). The protocol aims to strengthen user authentication and provide a secure communication channel. It uses a two-step authentication process: 1) regenerating a virtual password and ensuring integrity and confidentiality of nonces exchanged via symmetric encryption with a virtual password, and 2) calculating a session key shared between the client and server to encrypt via the session key. This allows strengthening the authentication process, updating it, and providing better cyber defense against various attack types by verifying identity, creating a secure channel, and using unpredictable session keys.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
This document proposes a cloud-based access control model for selectively encrypting documents with traitor detection. It aims to address the high computational overhead of key management and secret sharing in existing attribute-based encryption approaches for cloud data security. The proposed model uses efficient algorithms and protocols like aggregate equality oblivious commitment-based envelope protocol and fast access control vector broadcast group key management to reduce overhead. It also introduces a traitor tracing technique to identify any traitors in the two-layer encryption environment for cloud computing.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Accessing secured data in cloud computing environmentIJNSA Journal
Number of businesses using cloud computing has increased dramatically over the last few years due to the attractive features such as scalability, flexibility, fast start-up and low costs. Services provided over the web are ranging from using provider’s software and hardware to managing security and other issues. Some of the biggest challenges at this point are providing privacy and data security to subscribers of public cloud servers. An efficient encryption technique presented in this paper can be used for secure access to and storage of data on public cloud server, moving and searching encrypted data through communication channels while protecting data confidentiality. This method ensures data protection against both external and internal intruders. Data can be decrypted only with the provided by the data owner key, while public cloud server is unable to read encrypted data or queries. Answering a query does not depend on it size and done in a constant time. Data access is managed by the data owner. The proposed schema allows unauthorized modifications detection
Trust Based Content Distribution for Peer-ToPeer Overlay NetworksIJNSA Journal
In peer-to-peer content distribution the lack of a central authority makes authentication difficult. Without authentication, adversary nodes can spoof identity and falsify messages in the overlay. This enables malicious nodes to launch man-in-the-middle or denial-of-service attacks. In this paper, we present a trust based content distribution for peer-to-peer overlay networks, which is built on the trust management scheme. The main concept is, before sending or accepting the traffic, the trust of the peer must be validated. Based on the success of data delivery and searching time, we calculate the trust index of a node. Then the aggregated trust index of the peers whose value is below the threshold value is considered as distrusted and the corresponding traffic is blocked. By simulation results we show that our proposed scheme achieves increased success ratio with reduced delay and drop.
Messages addressed to specific users can be decrypted by Key Generation Centre (KGC) by generating their private keys. Data owner wants the data to be delivered only to specified user and not to unauthorized person that is the data owner makes their private data accessible only to authorized person. We propose attribute based encryption and escrow problem which means written agreement delivered to a third party to overcome this problem. Attribute based Encryption (ABE) is a type of public-key encryption in which the private key of a user and the cipher text are dependent upon attributes. It is a promising cryptographic approach.
Security Check in Cloud Computing through Third Party Auditorijsrd.com
In cloud computing, data owners crowd their data on cloud servers and users (data consumers) can access the data from cloud servers. Due to the data outsourcing, however, it requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity checking method scan only serve for static records data. Thus, cannot be used in the auditing service since the data in the cloud can be animatedly updated. Thus, an efficient and secure dynamic auditing protocol is required to convince data owners that the data are correctly stored in the cloud. In this paper, we first design an auditing framework for cloud storage systems for privacy-preserving auditing protocol. Then, we extend our auditing protocol to support the data dynamic operations, which is efficient to secure the random model.
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudijsrd.com
Cloud computing is an emerging computing technology that enables users to distantly store their data into a cloud so as to enjoy scalable services when required. And user can outsource their resources to server (also called cloud) using Internet. Security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market. Attribute-based encryption (ABE) can be used for log encryption. This survey is more specific to the different security issues on data access in cloud environment.
Strong zero knowledge authentication based on the session keys (sask)IJNSA Journal
This document proposes a new authentication protocol called Strong Zero-Knowledge Authentication Based on Session Keys (SASK). The protocol aims to strengthen user authentication and provide a secure communication channel. It uses a two-step authentication process: 1) regenerating a virtual password and ensuring integrity and confidentiality of nonces exchanged via symmetric encryption with a virtual password, and 2) calculating a session key shared between the client and server to encrypt via the session key. This allows strengthening the authentication process, updating it, and providing better cyber defense against various attack types by verifying identity, creating a secure channel, and using unpredictable session keys.
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
This document proposes a cloud-based access control model for selectively encrypting documents with traitor detection. It aims to address the high computational overhead of key management and secret sharing in existing attribute-based encryption approaches for cloud data security. The proposed model uses efficient algorithms and protocols like aggregate equality oblivious commitment-based envelope protocol and fast access control vector broadcast group key management to reduce overhead. It also introduces a traitor tracing technique to identify any traitors in the two-layer encryption environment for cloud computing.
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
The document proposes a shared authority based privacy-preserving authentication protocol (SAPA) for cloud computing. SAPA addresses the privacy issue that arises when a user challenges a cloud server to request access to another user's data, as the request itself could reveal private information. SAPA uses anonymous access request matching and attribute-based access control to determine if two users' access requests are mutually compatible without revealing either user's private access desires. It also employs proxy re-encryption so the cloud server can provide temporary shared access between authorized users. The protocol aims to simultaneously achieve data access control, authority sharing between compatible users, and protection of users' privacy during the access request process.
Accessing secured data in cloud computing environmentIJNSA Journal
Number of businesses using cloud computing has increased dramatically over the last few years due to the attractive features such as scalability, flexibility, fast start-up and low costs. Services provided over the web are ranging from using provider’s software and hardware to managing security and other issues. Some of the biggest challenges at this point are providing privacy and data security to subscribers of public cloud servers. An efficient encryption technique presented in this paper can be used for secure access to and storage of data on public cloud server, moving and searching encrypted data through communication channels while protecting data confidentiality. This method ensures data protection against both external and internal intruders. Data can be decrypted only with the provided by the data owner key, while public cloud server is unable to read encrypted data or queries. Answering a query does not depend on it size and done in a constant time. Data access is managed by the data owner. The proposed schema allows unauthorized modifications detection
Trust Based Content Distribution for Peer-ToPeer Overlay NetworksIJNSA Journal
In peer-to-peer content distribution the lack of a central authority makes authentication difficult. Without authentication, adversary nodes can spoof identity and falsify messages in the overlay. This enables malicious nodes to launch man-in-the-middle or denial-of-service attacks. In this paper, we present a trust based content distribution for peer-to-peer overlay networks, which is built on the trust management scheme. The main concept is, before sending or accepting the traffic, the trust of the peer must be validated. Based on the success of data delivery and searching time, we calculate the trust index of a node. Then the aggregated trust index of the peers whose value is below the threshold value is considered as distrusted and the corresponding traffic is blocked. By simulation results we show that our proposed scheme achieves increased success ratio with reduced delay and drop.
Messages addressed to specific users can be decrypted by Key Generation Centre (KGC) by generating their private keys. Data owner wants the data to be delivered only to specified user and not to unauthorized person that is the data owner makes their private data accessible only to authorized person. We propose attribute based encryption and escrow problem which means written agreement delivered to a third party to overcome this problem. Attribute based Encryption (ABE) is a type of public-key encryption in which the private key of a user and the cipher text are dependent upon attributes. It is a promising cryptographic approach.
Security Check in Cloud Computing through Third Party Auditorijsrd.com
In cloud computing, data owners crowd their data on cloud servers and users (data consumers) can access the data from cloud servers. Due to the data outsourcing, however, it requires an independent auditing service to check the data integrity in the cloud. Some existing remote integrity checking method scan only serve for static records data. Thus, cannot be used in the auditing service since the data in the cloud can be animatedly updated. Thus, an efficient and secure dynamic auditing protocol is required to convince data owners that the data are correctly stored in the cloud. In this paper, we first design an auditing framework for cloud storage systems for privacy-preserving auditing protocol. Then, we extend our auditing protocol to support the data dynamic operations, which is efficient to secure the random model.
A Survey on Access Control Mechanisms using Attribute Based Encryption in cloudijsrd.com
Cloud computing is an emerging computing technology that enables users to distantly store their data into a cloud so as to enjoy scalable services when required. And user can outsource their resources to server (also called cloud) using Internet. Security is one of the major issues which reduces the growth of cloud computing and complications with data privacy and data protection continue to plague the market. Attribute-based encryption (ABE) can be used for log encryption. This survey is more specific to the different security issues on data access in cloud environment.
Distributed Digital Artifacts on the Semantic WebEditor IJCATR
Distributed digital artifacts incorporate cryptographic hash values to URI called trusty URIs in a distributed environment
building good in quality, verifiable and unchangeable web resources to prevent the rising man in the middle attack. The greatest
challenge of a centralized system is that it gives users no possibility to check whether data have been modified and the communication
is limited to a single server. As a solution for this, is the distributed digital artifact system, where resources are distributed among
different domains to enable inter-domain communication. Due to the emerging developments in web, attacks have increased rapidly,
among which man in the middle attack (MIMA) is a serious issue, where user security is at its threat. This work tries to prevent MIMA
to an extent, by providing self reference and trusty URIs even when presented in a distributed environment. Any manipulation to the
data is efficiently identified and any further access to that data is blocked by informing user that the uniform location has been
changed. System uses self-reference to contain trusty URI for each resource, lineage algorithm for generating seed and SHA-512 hash
generation algorithm to ensure security. It is implemented on the semantic web, which is an extension to the world wide web, using
RDF (Resource Description Framework) to identify the resource. Hence the framework was developed to overcome existing
challenges by making the digital artifacts on the semantic web distributed to enable communication between different domains across
the network securely and thereby preventing MIMA.
147bc3d2e2ffdb1c4f10d673600dd786.Maintaining Integrity and Security for the D...Gayathri Dili
This document discusses maintaining integrity and security for data shared in the cloud. It describes how public auditing allows a third party to verify data integrity without downloading the entire files. However, this does not ensure security, as user signatures could reveal identities. The document proposes using group signatures to anonymize user identities while sharing data. It also discusses the need for verifying signatures are from authenticated users using controllable linkability, where signatures from the same user on different files can be linked. Previous literature on public auditing, group signatures, and their improvements over time to address issues like dynamic data, user revocation, and privacy are summarized.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
This document summarizes a proposed cloud security and data integrity framework that provides client accountability. The framework aims to address issues like lack of user control over cloud data, need for data transparency and tracking, and ensuring data integrity. It proposes using JAR (Java Archive) files for data sharing due to benefits like portability. The framework incorporates client-side verification using MD5 hashing, digital signature-based authentication of JAR files, and use of HMAC to ensure data integrity. It also uses password-based encryption of log files to keep them tamper-proof. The framework is intended to provide both accountability and security for data sharing in cloud environments.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
Cross domain identity trust management for grid computingijsptm
The grid computing coordinates resource sharing between different administrative domains in large scale,
dynamic, and heterogeneous environment. Efficient and secure certificateless public key cryptography (CLPKC)
based authentication protocol for multi-domain grid environment is widely acknowledged as a
challenging issue. Trust relationships management across domains is the main objective of authentication
protocols in real grid computing environments. In this paper, we discuss the grid pairing-free certificateless
two-party authenticated key agreement (GPC-AKA) protocol. Then, we provide a cross domain trust
model for GPC-AKA protocol in grid computing environment. Moreover, we analysis the GPC-AKA
protocol in multiple trust domains simulated environment using GridSim toolkit.
Control Cloud Data Access Using Attribute-Based Encryptionpaperpublications3
Abstract: Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed recently. Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Data security is the key concern in the distributed system. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.
Information Leakage Prevention Using Public Key Encryption System and Fingerp...CSCJournals
This document proposes and evaluates a system using RSA public key encryption, fingerprint authentication, and the Apriori algorithm to prevent information leakage. The system generates encryption keys for users based on registration details including fingerprints. Users encrypt messages with the public key before sending. The administrator verifies identities using fingerprints matched with the Apriori algorithm before decrypting messages with the private key. The system was tested on a university network and achieved high security preventing unauthorized access to data.
Cloud Computing Environment using Secured Access Control TechniqueIRJET Journal
This document proposes a new technique called Storage Correctness and Small-grained Access Provision (SCSAP) for secure cloud computing environments. SCSAP aims to improve on existing access control techniques by providing more fine-grained user access and ensuring correctness of outsourced cloud data storage through a token granting system. The technique constructs hierarchical user access formations and includes algorithmic phases for small-grained data access and efficient storage. If implemented, SCSAP could provide stronger security, access control and data integrity than prior cloud storage solutions.
6.designing secure and efficient biometric based secure access mechanism for ...Venkat Projects
The document proposes a new biometric-based authentication protocol to provide secure access to cloud services. It uses a user's fingerprint as a secret credential to generate a unique identity and private key, avoiding the need to store private keys on servers. It also proposes an efficient approach to generate session keys between parties using two fingerprint templates, without requiring pre-shared information. A security analysis found the approach can resist known attacks. Experiments showed it is efficient and useful compared to existing authentication mechanisms.
The paper proposes an anonymous and secure data exchange protocol for sharing medical data between organizations in a peer-to-peer cloud healthcare environment. The protocol allows cloud peers to dynamically generate temporary identities and session keys for each data exchange session. It is robust against various attacks such as man-in-the-middle, masquerade, and message manipulation attacks. The protocol aims to enable inter-organizational medical data sharing at scale while preserving privacy in an insecure network environment.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts. It also displays fake information if login is unsuccessful to avoid further intrusion attempts. Common security methods for user data protection include encryption before storage, user authentication, and secure transmission channels. Cloud computing provides on-demand access to computing resources over the Internet and allows users to access services without knowledge of the infrastructure.
Design and implementation of a privacy preserved off premises cloud storagesarfraznawaz
Despite several cost-effective and flexible characteristics of cloud computing, some clients are reluctant to adopt this paradigm due to emerging security and privacy concerns. Organization such as Healthcare and Payment Card Industry where confidentiality of information is a vital act, are not assertive to trust the security techniques and privacy policies offered by cloud service providers. Malicious attackers have violated the cloud storages to steal, view, manipulate and tamper client's data. Attacks on cloud storages are extremely challenging to detect and mitigate. In order to formulate privacy preserved cloud storage, in this research paper, we propose an improved technique that consists of five contributions such as Resilient role-based access control mechanism, Partial homomorphic cryptography, metadata generation and sound steganography, Efficient third-party auditing service, Data backup and recovery process. We implemented these components using Java Enterprise Edition with Glassfish Server. Finally we evaluated our proposed technique by penetration testing and the results showed that client’s data is intact and protected from malicious attackers.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
This document proposes a novel role-based cross-domain access control scheme for cloud storage. It aims to address problems with time constraints and location constraints when accessing data across different cloud domains. The proposed scheme combines domain RBAC, role-based access control, and attribute-based access control. Each user is assigned attributes and roles. Data is encrypted with attribute-based encryption before being uploaded. Domains are separated and manage their own users, roles, and permissions to allow cross-domain access while minimizing time delays in accessing data located in different domains.
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...IJCERT JOURNAL
Security is one of the extensive and complicated requirements that need to be provided in order to achieve few issues like confidentiality, integrity and authentication. In a content-based publish/subscribe system, authentication is difficult to achieve since there exists no strong bonding between the end parties. Similarly, Integrity and confidentiality needs arise in published events and subscription conflicts with content-based routing. The basic tool to support confidentiality, integrity is encryption. In this paper for providing security mechanism in broker-less content-based publish/subscribe system we adapt pairing-based cryptography mechanism. In this mechanism, we use Identity Based Encryption (IBE) technique to achieve the needs of publish/subscribe system. This approach helps in providing fine-grained key management, effective encryption, decryption operations and routing is carried out in the order of subscribed attributes
Attribute based encryption with privacy preserving in cloudsSwathi Rampur
This document proposes a new decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. The key points are:
1) It allows for multiple key distribution centers (KDCs) so the architecture is decentralized. This prevents any single point of failure.
2) It provides anonymous authentication of users storing data in the cloud so their identity is protected from the cloud.
3) Only authorized users with valid attributes can access data, so it enables fine-grained and distributed access control. The scheme is resilient against replay and collusion attacks.
SURVEY ON DYNAMIC DATA SHARING IN PUBLIC CLOUD USING MULTI-AUTHORITY SYSTEMijiert bestjournal
The continuous development of cloud computing,seve ral trends are opening up to new forms of outsourci ng. Public data integrity auditing is not secure and efficient for shared dynamic data. In existing scheme figure out the collusion attack and provide an efficient public integrity au diting scheme,with the help of secure group user r evocation based on vector commitment and verifier�local revocation group signature. It provides secure and efficient s cheme which support public checking and efficient user revocati on. Problem of existing work they used TPA (Third p arty auditor) for key generation and key agreement. Use of TPA as central system if it fails then whole system gets failed. If we are working with cloud,user identity is major conc ern because user doesn�t want to reveal his persona l information to public. This concept not included in it. In this paper,based these con�s we proposed a dynamic dat a sharing in public cloud using multi-authority system. The prop osed scheme is able to protect user�s privacy again st each single authority. .
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
This document proposes a Shared Authority based Privacy preserving Authentication protocol (SAPA) for handling privacy issues in cloud storage. SAPA achieves shared access authority through an anonymous access request matching mechanism. It applies attribute-based access control to allow users to reliably access their own data fields. It also uses proxy re-encryption to provide temporary authorized data sharing among multiple users. The goal is to preserve user privacy during data access and sharing in the cloud.
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
This paper portrays security advancements and
components utilized as part of Grid computing environment. The
Grid Security Infrastructure (GSI) executed in the Globus
Toolkit also, is portrayed in detail. The principle concentrate is
on strategies for distinguishing proof, verification and approval,
in view of X.509 endorsements and SSL/TLS conventions. At
long last an answer of group based get to control over the
network assets is displayed, which is make over on the usage of
the Globus Toolkit
The document discusses precision controlled privacy preservation in relational data. It proposes a multilevel anonymization technique that combines generalization and suppression to provide improved security and minimum precision in retrieved data compared to previous methods. An experimental evaluation on a medical dataset shows the proposed method retrieves more tuples than previous privacy preserving access control and workload-aware anonymization methods, especially with increasing numbers of query predicates. The aim is to satisfy accuracy constraints for authorized data retrieval while preserving privacy through this combined anonymization approach.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
TO GET THIS PROJECT COMPLETE SOURCE CODE PLEASE CALL BEOLOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM ,EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
Distributed Digital Artifacts on the Semantic WebEditor IJCATR
Distributed digital artifacts incorporate cryptographic hash values to URI called trusty URIs in a distributed environment
building good in quality, verifiable and unchangeable web resources to prevent the rising man in the middle attack. The greatest
challenge of a centralized system is that it gives users no possibility to check whether data have been modified and the communication
is limited to a single server. As a solution for this, is the distributed digital artifact system, where resources are distributed among
different domains to enable inter-domain communication. Due to the emerging developments in web, attacks have increased rapidly,
among which man in the middle attack (MIMA) is a serious issue, where user security is at its threat. This work tries to prevent MIMA
to an extent, by providing self reference and trusty URIs even when presented in a distributed environment. Any manipulation to the
data is efficiently identified and any further access to that data is blocked by informing user that the uniform location has been
changed. System uses self-reference to contain trusty URI for each resource, lineage algorithm for generating seed and SHA-512 hash
generation algorithm to ensure security. It is implemented on the semantic web, which is an extension to the world wide web, using
RDF (Resource Description Framework) to identify the resource. Hence the framework was developed to overcome existing
challenges by making the digital artifacts on the semantic web distributed to enable communication between different domains across
the network securely and thereby preventing MIMA.
147bc3d2e2ffdb1c4f10d673600dd786.Maintaining Integrity and Security for the D...Gayathri Dili
This document discusses maintaining integrity and security for data shared in the cloud. It describes how public auditing allows a third party to verify data integrity without downloading the entire files. However, this does not ensure security, as user signatures could reveal identities. The document proposes using group signatures to anonymize user identities while sharing data. It also discusses the need for verifying signatures are from authenticated users using controllable linkability, where signatures from the same user on different files can be linked. Previous literature on public auditing, group signatures, and their improvements over time to address issues like dynamic data, user revocation, and privacy are summarized.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
This document summarizes a proposed cloud security and data integrity framework that provides client accountability. The framework aims to address issues like lack of user control over cloud data, need for data transparency and tracking, and ensuring data integrity. It proposes using JAR (Java Archive) files for data sharing due to benefits like portability. The framework incorporates client-side verification using MD5 hashing, digital signature-based authentication of JAR files, and use of HMAC to ensure data integrity. It also uses password-based encryption of log files to keep them tamper-proof. The framework is intended to provide both accountability and security for data sharing in cloud environments.
Appraisal of the Most Prominent Attacks due to Vulnerabilities in Cloud Compu...Salam Shah
Cloud computing has attracted users due to high speed and bandwidth of the internet. The e-commerce systems are best utilizing the cloud computing. The cloud can be accessed by a password and username and is completely dependent upon the internet. The threats to confidentiality, integrity, authentication and other vulnerabilities that are associated with the internet are also associated with cloud. The internet and cloud can be secured from threats by ensuring proper security and authorization. The channel between user and cloud server must be secured with a proper authorization mechanism. The research has been carried out and different models have been proposed by the authors to ensure the security of clouds. In this paper, we have critically analyzed the already published literature on the security and authorization of the internet and cloud.
Cross domain identity trust management for grid computingijsptm
The grid computing coordinates resource sharing between different administrative domains in large scale,
dynamic, and heterogeneous environment. Efficient and secure certificateless public key cryptography (CLPKC)
based authentication protocol for multi-domain grid environment is widely acknowledged as a
challenging issue. Trust relationships management across domains is the main objective of authentication
protocols in real grid computing environments. In this paper, we discuss the grid pairing-free certificateless
two-party authenticated key agreement (GPC-AKA) protocol. Then, we provide a cross domain trust
model for GPC-AKA protocol in grid computing environment. Moreover, we analysis the GPC-AKA
protocol in multiple trust domains simulated environment using GridSim toolkit.
Control Cloud Data Access Using Attribute-Based Encryptionpaperpublications3
Abstract: Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. Those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed recently. Data access control is an effective way to ensure the data security in the cloud. However, due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Data security is the key concern in the distributed system. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.
Information Leakage Prevention Using Public Key Encryption System and Fingerp...CSCJournals
This document proposes and evaluates a system using RSA public key encryption, fingerprint authentication, and the Apriori algorithm to prevent information leakage. The system generates encryption keys for users based on registration details including fingerprints. Users encrypt messages with the public key before sending. The administrator verifies identities using fingerprints matched with the Apriori algorithm before decrypting messages with the private key. The system was tested on a university network and achieved high security preventing unauthorized access to data.
Cloud Computing Environment using Secured Access Control TechniqueIRJET Journal
This document proposes a new technique called Storage Correctness and Small-grained Access Provision (SCSAP) for secure cloud computing environments. SCSAP aims to improve on existing access control techniques by providing more fine-grained user access and ensuring correctness of outsourced cloud data storage through a token granting system. The technique constructs hierarchical user access formations and includes algorithmic phases for small-grained data access and efficient storage. If implemented, SCSAP could provide stronger security, access control and data integrity than prior cloud storage solutions.
6.designing secure and efficient biometric based secure access mechanism for ...Venkat Projects
The document proposes a new biometric-based authentication protocol to provide secure access to cloud services. It uses a user's fingerprint as a secret credential to generate a unique identity and private key, avoiding the need to store private keys on servers. It also proposes an efficient approach to generate session keys between parties using two fingerprint templates, without requiring pre-shared information. A security analysis found the approach can resist known attacks. Experiments showed it is efficient and useful compared to existing authentication mechanisms.
The paper proposes an anonymous and secure data exchange protocol for sharing medical data between organizations in a peer-to-peer cloud healthcare environment. The protocol allows cloud peers to dynamically generate temporary identities and session keys for each data exchange session. It is robust against various attacks such as man-in-the-middle, masquerade, and message manipulation attacks. The protocol aims to enable inter-organizational medical data sharing at scale while preserving privacy in an insecure network environment.
This document proposes a scheme to enhance security in cloud computing. It discusses how a user's data stored with a cloud provider could be at risk if the provider's internal staff can access the encrypted data. The proposed scheme aims to avoid unauthorized access of user data by sending a message to the user's mobile number when a transaction starts. It also displays fake information if login is unsuccessful to avoid further intrusion attempts. Common security methods for user data protection include encryption before storage, user authentication, and secure transmission channels. Cloud computing provides on-demand access to computing resources over the Internet and allows users to access services without knowledge of the infrastructure.
Design and implementation of a privacy preserved off premises cloud storagesarfraznawaz
Despite several cost-effective and flexible characteristics of cloud computing, some clients are reluctant to adopt this paradigm due to emerging security and privacy concerns. Organization such as Healthcare and Payment Card Industry where confidentiality of information is a vital act, are not assertive to trust the security techniques and privacy policies offered by cloud service providers. Malicious attackers have violated the cloud storages to steal, view, manipulate and tamper client's data. Attacks on cloud storages are extremely challenging to detect and mitigate. In order to formulate privacy preserved cloud storage, in this research paper, we propose an improved technique that consists of five contributions such as Resilient role-based access control mechanism, Partial homomorphic cryptography, metadata generation and sound steganography, Efficient third-party auditing service, Data backup and recovery process. We implemented these components using Java Enterprise Edition with Glassfish Server. Finally we evaluated our proposed technique by penetration testing and the results showed that client’s data is intact and protected from malicious attackers.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
This document proposes a novel role-based cross-domain access control scheme for cloud storage. It aims to address problems with time constraints and location constraints when accessing data across different cloud domains. The proposed scheme combines domain RBAC, role-based access control, and attribute-based access control. Each user is assigned attributes and roles. Data is encrypted with attribute-based encryption before being uploaded. Domains are separated and manage their own users, roles, and permissions to allow cross-domain access while minimizing time delays in accessing data located in different domains.
Augmenting Publish/Subscribe System by Identity Based Encryption (IBE) Techni...IJCERT JOURNAL
Security is one of the extensive and complicated requirements that need to be provided in order to achieve few issues like confidentiality, integrity and authentication. In a content-based publish/subscribe system, authentication is difficult to achieve since there exists no strong bonding between the end parties. Similarly, Integrity and confidentiality needs arise in published events and subscription conflicts with content-based routing. The basic tool to support confidentiality, integrity is encryption. In this paper for providing security mechanism in broker-less content-based publish/subscribe system we adapt pairing-based cryptography mechanism. In this mechanism, we use Identity Based Encryption (IBE) technique to achieve the needs of publish/subscribe system. This approach helps in providing fine-grained key management, effective encryption, decryption operations and routing is carried out in the order of subscribed attributes
Attribute based encryption with privacy preserving in cloudsSwathi Rampur
This document proposes a new decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. The key points are:
1) It allows for multiple key distribution centers (KDCs) so the architecture is decentralized. This prevents any single point of failure.
2) It provides anonymous authentication of users storing data in the cloud so their identity is protected from the cloud.
3) Only authorized users with valid attributes can access data, so it enables fine-grained and distributed access control. The scheme is resilient against replay and collusion attacks.
SURVEY ON DYNAMIC DATA SHARING IN PUBLIC CLOUD USING MULTI-AUTHORITY SYSTEMijiert bestjournal
The continuous development of cloud computing,seve ral trends are opening up to new forms of outsourci ng. Public data integrity auditing is not secure and efficient for shared dynamic data. In existing scheme figure out the collusion attack and provide an efficient public integrity au diting scheme,with the help of secure group user r evocation based on vector commitment and verifier�local revocation group signature. It provides secure and efficient s cheme which support public checking and efficient user revocati on. Problem of existing work they used TPA (Third p arty auditor) for key generation and key agreement. Use of TPA as central system if it fails then whole system gets failed. If we are working with cloud,user identity is major conc ern because user doesn�t want to reveal his persona l information to public. This concept not included in it. In this paper,based these con�s we proposed a dynamic dat a sharing in public cloud using multi-authority system. The prop osed scheme is able to protect user�s privacy again st each single authority. .
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
This document proposes a Shared Authority based Privacy preserving Authentication protocol (SAPA) for handling privacy issues in cloud storage. SAPA achieves shared access authority through an anonymous access request matching mechanism. It applies attribute-based access control to allow users to reliably access their own data fields. It also uses proxy re-encryption to provide temporary authorized data sharing among multiple users. The goal is to preserve user privacy during data access and sharing in the cloud.
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
This paper portrays security advancements and
components utilized as part of Grid computing environment. The
Grid Security Infrastructure (GSI) executed in the Globus
Toolkit also, is portrayed in detail. The principle concentrate is
on strategies for distinguishing proof, verification and approval,
in view of X.509 endorsements and SSL/TLS conventions. At
long last an answer of group based get to control over the
network assets is displayed, which is make over on the usage of
the Globus Toolkit
The document discusses precision controlled privacy preservation in relational data. It proposes a multilevel anonymization technique that combines generalization and suppression to provide improved security and minimum precision in retrieved data compared to previous methods. An experimental evaluation on a medical dataset shows the proposed method retrieves more tuples than previous privacy preserving access control and workload-aware anonymization methods, especially with increasing numbers of query predicates. The aim is to satisfy accuracy constraints for authorized data retrieval while preserving privacy through this combined anonymization approach.
Grid computing is concerned with the sharing and use of resources in dynamic distributed virtual
organizations. The dynamic nature of Grid environments introduces challenging security concerns that
demand new technical approaches. In this brief overview we review key Grid security issues and outline
the technologies that are being developed to address those issues. We focus on works done by Globus
Toolkits to provide security and also we will discuss about the cyber security in Grid.
TO GET THIS PROJECT COMPLETE SOURCE CODE PLEASE CALL BEOLOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM ,EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
TO GET THIS PROJECT COMPLETE SOURCE CODE PLEASE CALL BEOLOW CONTACT DETAILS
MOBILE: 9791938249, 0413-2211159, WEB: WWW.NEXGENPROJECT.COM ,EMAIL:Praveen@nexgenproject.com
NEXGEN TECHNOLOGY provides total software solutions to its customers. Apsys works closely with the customers to identify their business processes for computerization and help them implement state-of-the-art solutions. By identifying and enhancing their processes through information technology solutions. NEXGEN TECHNOLOGY help it customers optimally use their resources.
Big data as a service (BDaaS) platform is widely used by various
organizations for handling and processing the high volume of data generated
from different internet of things (IoT) devices. Data generated from these IoT
devices are kept in the form of big data with the help of cloud computing
technology. Researchers are putting efforts into providing a more secure and
protected access environment for the data available on the cloud. In order to
create a safe, distributed, and decentralised environment in the cloud,
blockchain technology has emerged as a useful tool. In this research paper, we
have proposed a system that uses blockchain technology as a tool to regulate
data access that is provided by BDaaS platforms. We are securing the access
policy of data by using a modified form of ciphertext policy-attribute based
encryption (CP-ABE) technique with the help of blockchain technology. For
secure data access in BDaaS, algorithms have been created using a mix of CPABE with blockchain technology. Proposed smart contract algorithms are
implemented using Eclipse 7.0 IDE and the cloud environment has been
simulated on CloudSim tool. Results of key generation time, encryption time,
and decryption time has been calculated and compared with access control
mechanism without blockchain technology.
This document summarizes and reviews several techniques for secure clustering in vehicular ad hoc networks (VANETs). It first provides background on VANETs and discusses why secure clustering is important. It then reviews five specific secure clustering techniques that have been proposed: 1) using public key infrastructure for key management between cluster heads, 2) Shamir's secret sharing scheme for data authentication, 3) using threshold cryptography for decentralized certificate authorities, 4) establishing trust through physical/logical domain grouping, and 5) methods for secure message aggregation and using onion signatures. The document aims to provide a comprehensive understanding and comparison of these different secure clustering techniques to help guide further research.
International Refereed Journal of Engineering and Science (IRJES)irjes
The core of the vision IRJES is to disseminate new knowledge and technology for the benefit of all, ranging from academic research and professional communities to industry professionals in a range of topics in computer science and engineering. It also provides a place for high-caliber researchers, practitioners and PhD students to present ongoing research and development in these areas.
A SECURE KEY COMPUTATION PROTOCOL FOR SECURE GROUP COMMUNICATION WITH PASSWOR...cscpconf
Providing security in group communication is more essential in this new network environment. Authentication and Confidentiality are the major concerns in secure group
communication. Our proposed approach uses an authenticated group key transfer protocol that relies on trusted key generation center (KGC). KGC computes group pair for each
individual and transport the pair of values to all group members in a secured manner. Password based authentication mechanism is used to avoid the illegal member access in a
group Also, the proposed approach facilitates efficient key computation technique such that only authorized group members will be able to computer and retrieve the secret key and unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the pair generated for the computation of key is also very strong since the cryptographic techniques are used which provides efficient computation.
A secure key computation protocol for secure group communication with passwor...csandit
Providing security in group communication is more essential in this new network
environment. Authentication and Confidentiality are the major concerns in secure group
communication. Our proposed approach uses an authenticated group key transfer protocol
that relies on trusted key generation center (KGC). KGC computes group pair for each
individual and transport the pair of values to all group members in a secured manner.
Password based authentication mechanism is used to avoid the illegal member access in a
group Also, the proposed approach facilitates efficient key computation technique such that
only authorized group members will be able to computer and retrieve the secret key and
unauthorized members cannot retrieve the key. The proposed algorithm is more efficient and
relies on NP class. In addition, the distribution of key is also safe and secure. Moreover, the
pair generated for the computation of key is also very strong since the cryptographic
techniques are used which provides efficient computation.
IRJET- Blockchain based Certificate Issuing and ValidationIRJET Journal
This document proposes a blockchain-based system for issuing, storing, and validating education certificates to prevent certificate forgery. The system would use blockchain technology to store certificate hashes and public key cryptography for authentication. When a company requests a certificate, the system would verify the certificate hash against the blockchain and get signatures from the student and institution to validate the certificate's authenticity before providing it. The system aims to create an efficient, secure mechanism for managing and sharing education credentials.
Multipath Dynamic Source Routing Protocol using Portfolio SelectionIRJET Journal
This document discusses a multipath dynamic source routing protocol that uses portfolio selection to allocate traffic across multiple paths in a jamming-aware manner. It proposes using portfolio selection theory, originally developed for financial investments, to make routing decisions robust to jamming. The source node considers jamming statistics and portfolio selection to efficiently allocate traffic across paths, improving throughput and reducing congestion or jamming possibilities. A simulation showed the proposed mechanism was effective at improving network performance. It also reviews related work on jamming-aware routing and distributed data storage systems.
STRONG ZERO-KNOWLEDGE AUTHENTICATION BASED ON THE SESSION KEYS (SASK)IJNSA Journal
In this article, we propose a new symmetric communication system secured, founded upon strong zero knowledge authentication protocol based on session keys (SASK). The users’ authentication is done in two steps: the first is to regenerate a virtual password, and to assure the integrity and the confidentiality of nonces exchanged thanks to the symmetric encryption by a virtual password. The second is to calculate a session key shared between the client and the web server to insure the symmetric encryption by this session key. This passage allows to strengthen the process of users’ authentication, also, to evolve the process of update and to supply a secure communication channel. This evolution aims at implementing an authentication protocol with session keys able to verify the users’ identity, to create a secure communication channel, and to supply better cyber-defense against the various types of attacks.
Advanced Data Protection and Key Organization Framework for Mobile Ad-Hoc Net...AM Publications,India
Key organization and protect routing are two major subjects for Mobile Ad-hoc Networks nonetheless preceding explanations tend to contemplate them distinctly. This indicates to Key organization and protects routing inters dependency cycle problem. In this paper, we recommend a Key organization and protection of routing integrated scheme that speeches Key organization and protection of routing inter dependency cycle problem. By using identity based cryptography this scheme delivers produced including confidentiality, honesty, verification, cleanness, and non-repudiation. Connected to symmetric cryptography and conventional asymmetric cryptography as well as preceding IBC arrangements, this arrangement has developments in many features. We deliver hypothetical resistant of the refuge of the scheme and validate the efficiency of the scheme with applied simulation.
Secure and efficient handover authentication and detection of spoofing attackeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
IRJET - Study Paper on Various Security Mechanism of Cloud ComputingIRJET Journal
The document discusses various security mechanisms for cloud computing including encryption, hashing, digital signatures, public key infrastructure, identity and access management, single sign-on, cloud-based security groups, hardened security server images, user behavior profiling, and decoy technology. It focuses on how user behavior profiling and decoy technology can play an important role in detecting unauthorized access by monitoring a user's behavior and sending fake data to verify genuine user information. The document concludes that while most security mechanisms provide a level of protection, user behavior profiling and decoy technology are particularly effective for enhancing cloud computing security.
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
An interactive Study on secure data sharing in the IOT through BlockchainIRJET Journal
This document summarizes a research paper that proposes using blockchain technology to securely share data in the Internet of Things (IoT). It first discusses the growing amounts of user data and issues with cloud-based data storage solutions regarding user privacy and access control. It then introduces blockchain as a decentralized solution and reviews previous research on using techniques like proxy re-encryption and attribute-based encryption to realize fine-grained access control of encrypted data. However, most existing solutions have high computational costs or security issues. The document concludes by stating the research will further elaborate on a proposed approach using blockchain and proxy re-encryption to securely store IoT medical data on public clouds.
A Trust Conscious Secure Route Data Communication in MANETSCSCJournals
The document proposes a mechanism for establishing trust-based secure routes for data communication between mobile nodes in a mobile ad hoc network (MANET). It aims to dynamically increase the trust level between nodes from low to high using proxy nodes. When nodes need to securely communicate, they will generate dynamic secret session keys either directly or through proxy nodes using message digest and Diffie-Hellman protocols. The mechanism is implemented on reactive routing protocols and finds routes through trusted intermediate nodes that share secret keys. This may result in non-optimal routes but guarantees security. It also describes how a new node can join and how trusted nodes can act as proxies to help other nodes establish shared keys.
EXPLORING THE EFFECTIVENESS OF VPN ARCHITECTURE IN ENHANCING NETWORK SECURITY...IJNSA Journal
The rapid development of technology in communications has transformed the operations of companies and institutions, paving the way for increased productivity, revenue growth, and enhanced customer service. Multimedia calls and other modern communication technologies boost mobile network, thus their utilization is critical to moving the business forward. However, these widely used networks are also vulnerable to security threats, leading network vendors and technicians to implement various techniques to ensure network safety. As the need to safeguard technologies grow and there has been a significant increase in growth the idea of a virtual private network (VPN) emerged as a key strategy for tackling the threat to network security. the authors suggested looking into this issue and presenting the findings of a study that contained insightful observations from the literature reviews that served as the primary source of research besides questionnaire responses as opinions from those who have experience in the network industry and its security. Through this research, it became evident that several technologies and approaches exist to safeguard networks, but the Transport Layer Security (TLS) architecture stood out as a superior solution, particularly for mobile networks.
Integrity and Privacy through Authentication Key Exchange Protocols for Distr...BRNSSPublicationHubI
This document summarizes an article about authentication key exchange protocols for distributed systems. It discusses how authenticated key exchange (AKE) protocols allow users and servers to authenticate each other and generate session keys for secure communication. The document then provides background on network security goals like integrity, availability, and privacy. It also discusses challenges like attacks that can compromise these goals in distributed systems and the need for scalable key exchange protocols.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
Similar to Secure Group Communication in Grid Environment (20)
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
1. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 17
Secure Group Communication in Grid Environment
Dr Sudha Sadasivam G sudhasadhasivam@yahoo.com
Professor/Department of Computer Science
PSG College of Technology
Coimbatore – 641 004, India.
Ruckmani V ruckmaniv@yahoo.com
PhD Research Scholar/Department of Computer Science
PSG College of Technology
Coimbatore – 641 004, India.
Anitha Kumari K kesh_chse@yahoo.co.in
ME (SE) Student/Department of Computer Science
PSG College of Technology
Coimbatore – 641 004, India.
ABSTRACT
A Grid is a collection of resources that are available for an application to
perform tasks. Grid resources are heterogeneous, geographically distributed
and belong to different administrative domains. Hence security is a major
concern in a grid system. Authentication, message integrity and
confidentiality are the major concerns in grid security. Our proposed approach
uses a authentication protocol in order to improve the authentication service
in grid environment. Secure group communication is brought about by
effective key distribution to authenticated users of the channels serviced by
resources. The proposed approach facilitates reduced computation and
efficient group communication. It also ensures efficient rekeying for each
communication session. The security protocol has been implemented and
tested using Globus middleware.
Keywords: authentication, grid computing, grid security, multicasting, encryption.
1. INTRODUCTION
Grid protocols and technologies are being adopted in academic, government,
and industrial organizations. Grid computing facilitates remote access to high–
end resources for computation and data intensive jobs. Researchers can
access heterogeneous and geographically distributed hardware and software
resources efficiently. Two important requirements in grid include the formation
of virtual organizations (VO) dynamically and establishment of secure
communication between the grid entities. A VO is a dynamic group of
2. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 18
individuals, groups, or organizations that have common rules for resource
sharing [1].
Security in computational grids encompasses authentication, authorization,
non-repudiation, integrity, confidentiality and auditing. To avoid the illegal
users from visiting the grid resources strong mutual authentication between
grid entities should be guaranteed. Password-based authentication is
extensively used because of its simplicity. Authorization allows a specific
permission for a particular user on a specified resource (channels).
Confidentiality of information in a VO should also be ensured [4]. The
necessity for secure communication between grid entities has motivated the
development of the Grid Security Infrastructure (GSI). GSI provides integrity,
protection, confidentiality and authentication for sensitive information
transferred over the network in addition to the facilities to securely traverse
the distinct organizations that are part of collaboration [2]. Authentication is
done by exchanging proxy credentials and authorization by mapping to a grid
map file. Grid technologies have adopted the use of X.509 identity certificates
to support user authentication. GSI is built on top of the Transport Layer
Security (TLS) protocol. Both TLS and GSI operate at the transport layer.
They require an ordered reliable transport connection, so typically they are
implemented over Transmission Control Protocol (TCP). This approach is not
suitable for web service-based technologies on the grid. Simple Object
Access Protocol (SOAP) protocol [13] is used by the emerging Open Grid
Service Architecture (OGSA). This necessitates for support message layer
security using XML digital signature standard and the extensible markup
language (XML) encryption standard [14]. Enhancements of SOAP
messaging to provide message integrity and confidentiality are standardized
in Organization for Advancement of Structured Information Standards
(OASIS). The WS-secure conversation specification [15] describes how two
entities can authenticate each other at the message layer. Grid middleware
like Globus Toolkit™ Version 4.0, pyGridWare and Open Grid Services
Infrastructure (OGSI).NET/Web Services Resource Framework (WSRF).NET
(Wasson et al., 2004) use WS-secure conversation based on TLS
authentication handshake in the SOAP message layer. Globus Toolkit [3]
provides security services for authentication, authorization, management of
user credentials and user information.
Wei Jiea et al. [5] have proposed a scalable GIS architecture for information
management in a large scale Grid Virtual Organization (VO) with facilities to
capture resource information for an administrative domain. The framework
also incorporates security policies for authentication and authorization control
of the GIS at both the site and the VO layers. Haibo Chena et al. [6] have
applied trusted computing technologies in order to attain resource
virtualization to ensure behavior conformity and platform virtualization for
operating systems. Yuri Demchenko [7] has analyzed identity management in
VOs and usage of Web Service (WS)-Federation and WS-Security standards.
G. Laccetti and G. Schmid [8] have introduced a unified approach for access
control of grid resources. (PKI) Public Key Infrastructure and (PMI) Privilege
Management Infrastructure infrastructures were utilized at the grid layer after
authentication and authorization procedures. Xukai Zoua et al. [9] have
3. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 19
proposed an elegant Dual-Level Key Management (DLKM) mechanism using
Access Control Polynomial (ACP) and one-way functions. The first level
provided flexible and secure group communication whereas the second level
offered hierarchical access control. Li Hongweia et al. [10] have proposed an
identity-based authentication protocol for grid on the basis of the identity-
based architecture for grid (IBAG) and corresponding encryption and
signature schemes. Being certificate-free, the authentication protocol aligned
well with the demands of grid computing. Yan Zhenga et al [11] use identity-
based signature (IBS) scheme for grid authentication. Hai-yan Wanga. C and
Ru-chuan Wanga [12] have proposed a grid authentication mechanism, which
was on the basis of combined public key (CPK) employing elliptic curve
cryptography (ECC).
Once the grid entities are authenticated, key distribution occurs between the
grid entities to ensure secure communication. Some existing key distribution
schemes include manual key distribution, hierarchal trees and secure lock.
Manual key distribution lacks forward and backward secrecies, whereas
hierarchical model requires more footprints. Secure lock method is
computation intensive. The proposed system encrypts session keys thereby
reducing computational costs, communication costs, and key storage
footprint. Although the method is simple, it ensures good accuracy. The
proposed work aims at authenticating the users and allocating channel
resources to the users based on the availability of the resource and security
weights. It ensures both user and resource authentication. Then encryption
key to ensure secure communication among these members is distributed
among the channel members. The message digest of the information to be
transferred is encrypted for confidentiality using the key and then transferred
to authenticated grid entities.
Reconcilable key management mechanism is proposed by Li [16] in which
the key management middleware in grid can dynamically call the optimum
rekeying algorithm and rekeying interval is based on the rates that the group
members join and leave.
Li [18] proposed an authenticated encryption mechanism for group
communication in term of the basic theories of threshold signature and basic
characteristics of group communication in grid. In this mechanism, each
member in the signing group can verify the identity of the signer, and the
verifying group keeps only private key.
A scalable service scheme for secure group communication using digital
signatures to provide integrity and source authentication is proposed by Li [17]
. In this approach, Huffman binary tree is used to distribute keys in VO and
complete binary tree is used to manage keys in administrative domain. Sudha
[20] proposed to use tree-based approach for secure group key generation
and establishment of communication among domains in a VO using trust
relationships.
The proposed work aims at authenticating the users and allocating channel
resources to the users based on the availability of the resource and security
4. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 20
weights. Then encryption key to ensure secure communication among these
members is distributed among the channel members. Digest of the
information to be transferred is formed and then it is encrypted for
confidentiality and then transferred to its peers. The remaining of the paper is
organized as follows: Section 2 is constituted by the proposed authentication
and channel distribution mechanism. Section 3 discusses about the analysis
done so far. Section 4 discusses about implementation results and Section 5
concludes the paper.
2. PROPOSED SYSTEM ARCHITECTURE
The components of the system depicted in figure 1 are described as follows..
1) Registration component to register the legitimate users/managers of the
channel.
2) Join/leave component to take care of authentication of the channel users.
3) Key generation system that generates the encryption key randomly.
4) Key distribution system that distributes the keys to the authenticated
members of the channel.
5) Channel to distribute the encrypted information among the group members.
When legitimate entities (users and resources) register to the channel, the
encrypted hash value of their passwords is stored in the authentication server.
The proposed approach initially authenticates the user by matching its
encrypted hash value with that stored in the authentication file. If
authenticated, a random key is generated and distributed among the
members in the channel or group. The message digest of the message to be
transferred is encrypted and multicast to the group through the channel.. The
receivers then decrypt and decode to get the original message (figure 2)
Members/
Resources
Manager
Registration
Join/Leave
Authentication
Key Distribution
Key Generation
EncryptionChannel
Authentication
Server
Key distribution
5. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 21
The entire process consists of two major activities – authentication and key
distribution for secure group communication. These activities are described in
the following paragraphs.
2.1. Authentication Process:
The block diagram illustrating the registration process of the users is
depicted in the Figure 3. Users who require services from the VO register
using their username and password. The hash value of the password is
calculated using Message Digest (MD5) algorithm and the encrypted
password is stored in the authentication file.
The user who wants the services of VO has to login using the
username and password. Here, ui and pwi refers to username and
password of ith
user. The Authentication server calculates the hash value of
the password and compares it with the decrypted value maintained in the
authentication file. If the user is a valid user then the authentication server
allows the user to join the channel and distributes the encryption key to the
user.
FIGURE 1: System Architecture
Grid
Entities
Authentication
Server
Controller
key
generation
Channel
register
OK
Authentication
database
Login
Pwd hash/encrypt
Check pwd hash
OK
OK
OK
join
Distribute keys
Distribute keys
Secure group communication
FIGURE 2: Process of secure group communication
Registration
Authentication
Gen Key
6. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 22
FIGURE 3: Authentication Scheme
2.2. Key Distribution And Secure Group Communication:
Confidentiality in information transfer in a distributed system is enabled
by encrypting the information. Keys should be distributed securely among the
members of the group. In existing approaches, each member shares a secret
key with the group controller. If the information is to be transferred to ‘n’
members, ‘n’ encryptions followed by ‘n’ unicasts are needed. The
computational complexity of the existing approach is overcome by using
encoded session keys. Hence the proposed approach uses only an encoding
followed by a multicast operation. This leads to reduced computation and
provides efficient group communication. Further, the proposed approach
ensures dynamic and secure group communication, forward secrecy and
backward secrecy. The encoded key is used to manage member join, leave
operations and for group communication. The security of the communication
is achieved using one-way hash function to maintain integrity and encryption
for confidentiality. Since a key is maintained for each channel/group, secure
group communication is facilitated. The computation time of the key
Choice?
User registers with username
and password in Authentication
file
Authentication file stores the
encrypted value of the password
User
logins
AF calculates MD5 value of the
password
AF authenticates the user
Warns the user
AF Issues Token to the user
Is User
Valid?
Registration Authentication
NO
YES
AF -
Authentication
File
7. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 23
distribution is fast when compared to the key distribution by traditional
algorithms like AES.
MD5 is used to generate the message digest. MD5 verifies data integrity by
creating a 128-bit message digest from a message of arbitrary length. It can
be used for digital signature applications, where a large file must be
compressed in a secure manner before being encrypted using a public-key
system. Steps in MD5 approach is listed as follows.
1) Arbitrary length message is padded with a ‘1’ followed by ‘0’s, so that its
length is congruent to 448, modulo 512.
2) Then the length of the message (64 bits) is appended to it.
3) The MD5 algorithm uses four 32-bit state variables. They are initialized with
constant values. These variables are sliced and diced to form the message
digest.
4) 512-bit message blocks are used to modify the state in 4 rounds. Each
round has 16 similar operations based on a non-linear function F, modular
addition, and left rotation. Function F is different for each round. At the end of
4 rounds, the message digest is formed from the state variables. The
message digest is then encrypted using Data Encryption Standard (DES)
algorithm [19] and transmitted to its peer group member.
3. ANALYSIS
The analysis of the work has been done under the following heads:
3.1. Md5 Analysis:
The probability of two messages having the same message digest is
on the order of 2^64 operations. The probability of coming up with any
message having a given message digest is on the order of 2^128 operations.
This ensures uniqueness of the message digest.
3.2. Replay attack:
Usually replay attack is called as ‘man in the middle’ attack. Adversary
stays in between the user and the file and hacks the user credentials when
the user contacts file. As key matching between the users is checked before
file transfer and the information is encrypted before transfer, the probability of
this attack is minimized.
3.3. Guessing attack:
Guessing attack is nothing but the adversaries just contacts the files by
randomly guessed credentials. The effective possibility to overcome this
attack is to choose the password by maximum possible characters, so that the
probability of guessing the correct password can be reduced. As the proposed
approach uses random generation of key, it is more difficult to guess the
password.
3.4. Stolen-verifier attack:
8. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 24
Instead of storing the original password, the verifier of the password is
stored. As the encrypted hash value of the password is stored, the proposed
protocol is also more robust against the attack.
.
4. RESULTS AND DISCUSSIONS
The
proposed authentication and distribution of channels has been implemented
and tested on Globus middleware. It is tested with five valid and five invalid
users. Each of the five valid users has their own username and password.
Initially, they have created their user account using their username and
password (Table 1). The authentication server stores the encrypted hash
values of the passwords. As the hash values of the passwords are different,
it ensures uniqueness.
Sl. No Username Password Hash value
1 user1 admin 4c56ff4ce4aaf9573aa5dff913df913d
2 user2 Test2 Dfg45f4ce4aaf9573aa5dff913df913e
3 user3 test5 dddd6ffsdfdfdffffff913df997art567fg
4 user4 test8 4c56ff4ce4aaf9573aa5dff913df913d
5 user5 test10 sfggce4aaf9573aa5dff913df913fget
TABLE 1: Authentication File with unique hash value of passwords
9. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 25
0
1
2
3
4
5
6
7
8
9
1 2 3 4 5 6
Number of Nodes
TimeinSec
Channel / Key Distribution Time Join Time
Leave Time Encrypted File Transfer
Users join in the distributed channels across multiple machines in the grid.
Once authenticated, key distribution and secure file transfer takes place.
Figure 4 shows that the key distribution time and time for node join/leave
remains almost a constant, irrespective of the number of nodes, incontrast to
the hierarchical approach. Once the user joins the channel, secure file
transfer occurs by encryption the information and multicasting it to the group
members. Hence file transfer time also remains a constant in contrast to the
unicast approach.
5. CONCLUSION
Grid Computing enables virtual organizations, to share geographically
distributed resources. This paper proposes an effective approach for
authentication and key distribution to ensure secure group communication in
the grid environment. As the interpreted and distinct form of user credentials
are maintained in the authentication files, there is very less chance to reveal
the user credentials to the adversary. The implementation of our
authentication protocol showed its effective performance in pinpointing the
adversaries and paving the way to valid users to access resources in the VO
by establishing as efficient computational channel distribution. Finally it is
worth fit to host this scheme as a service in globus , also this basic scheme
simply reduces computation complexity by replacing cryptographic encryption
and decryption operations. Computation complexity further reduced by using
algorithms like SHA , RIPEMD , IDEA .
FIGURE 4: Experimental Results
10. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 26
6. REFERENCES
[1] Foster. I., Kesselman. C. and Tuecke. S, “The Anatomy of the Grid:
Enabling Scalable Virtual Organizations”, International Journal of High
Performance Computing Applications”, vol. 15, no.3, pp. 200-222, 2001.
[2] V.Vijayakumar and R.S.D.Wahida Banu, “Security for Resource
Selection in Grid Computing Based On Trust and Reputation
Responsiveness”, IJCSNS International Journal of Computer Science and
Network Security, Vol.8, no.11, November 2008.
[3] I.Foster, “Globus Toolkit Version 4: Software for Service-Oriented
Systems,” in the proceedings of the IFIP International Conference on
Network and Parallel Computing, vol .1 ,pp. 11-33, 2004.
[4] Von Welch, Frank Siebenlist, Ian Foster, John Bresnahan, Karl
Czajkowski, Jarek Gawor, Carl Kesselman, Sam Meder, Laura Pearlman
and Steven Tuecke, “Security for Grid Services”, in proceedings of the
12th IEEE International Symposium on High Performance Distributed
Computing, pp.48- 57, June 2003.
[5]Wei Jiea,Wentong Caib, Lizhe Wangc and Rob Proctera, “A secure
information service for monitoring large scale grids”,Parallel Computing,
Vol.33, no. 7-8, pp. 572-591, August 2007.
[6]Haibo Chena, Jieyun Chenb, Wenbo Maoc and Fei Yand, "Daonity –
Grid security from two levels of virtualization",Information Security
Technical Report, Vol.12, no.3, pp. 123-138, 2007.
[7]Yuri Demchenko, “Virtual organizations in computer grids and identity
management”, Information Security Technical Report, vol.9, no. 1,pp.59-
76, January-March 2004.
[8]G. Laccetti and G. Schmid, "A framework model for grid security”,
Future Generation Computer Systems, vol. 23, no. 5, pp.702-713,June
2007.
[9]Xukai Zoua, Yuan-Shun Dai and Xiang Rana, "Dual-Level Key
Management for secure grid communication in dynamic and hierarchical
groups", Future Generation Computer Systems,Vol. 23, no. 6,pp. 776-
786,July 2007.
[10]Li Hongweia, Sun Shixina and Yang Haomiaoa, “Identity-based
authentication protocol for grid”,Journal of Systems Engineering and
Electronics, Vol. 19, no. 4,pp.860-865, August 2008.
[11]Yan Zhenga, Hai-yan Wanga and Ru-chuan Wang, "Grid
authentication from identity-based cryptography without random oracles",
The Journal of China Universities of Posts and Telecommunications,
Vol.15,no. 4,pp.55-59, December 2008.
[12]Hai-yan Wanga. C and Ru-chuan Wanga,"CPK-based grid
authentication: a step forward",The Journal of China Universities of Posts
and Telecommunications, Vol.14, no. 1, pp.26-31, March 2007.
[13]Gudgin, M., Hadley, M., Mendelsohn, N., Moreau, J-J. and Nielsen,
H.F. (2003) SOAP Version 1.2 Part 1: Messaging Framework. W3C
Recommendation, Available at http://www.w3.org/TR/soap12-part1/
(accessed on June 2003).
[14] Eastlake, D. and Reagle, J. (Eds.) (2002) XML Encryption Syntax and
Processing. W3C Recommendation, available at
http://www.w3.org/TR/xmlenc-core/ (accessed on December 2002).
11. Dr Sudha Sadasivam G, Ruckmani V & Anitha Kumari K
International Journal Of Security (IJS), Volume (4): Issue (1) 27
[15] Della-Libera, G. et al. (2002) Web Services Secure Conversation
Language (WS-Secure Conversation). Version 1.0, available at
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/dnglobspec/html/ws-secureconversation.asp (accessed on 2002).
[16] Li1, Y., Xu, X., Wan, J., Jin, H. and Han, Z. (2008) ‘Aeolus:
reconcilable key management mechanism for secure group communication
in grid’, 2008 IEEE Asia-Pacific Services Computing Conference.
[17] Li, Y., Jin, H., Zou, D., Chen, J. and Han, Z. (2007) ‘A scalable service
scheme for secure group communication in grid’, 31st Annual International
Computer Software and Applications Conference (COMPSAC 2007).
[18] Li, Y., Jin, H., Zou, D., Liu, S. and Han, Z. (2008) ‘An authenticated
encryption mechanism for secure group communication in grid’, 2008
International Conference on Internet Computing in Science and
Engineering.
[19] William M. Daley, Raymond G. Kammer,”DES”, U.S. DEPARTMENT
OF sCOMMERCE published in FIPS October 25, 1999.
[20] Sudha, G, Geetha J, “Secure communication between grid domains
based on trust relationships and group keys”, accepted in Int. J.
Communication Networks and Distributed Systems, 2010.
[21] G Geethakumari, Dr Atul Negi, Dr V N Sastry ,” RB-GDM: A Role-
Based Grid Delegation Model”, 2008 International Journal of Computer
Science and Security (IJCSS) ,Volume :2 Issue: 1, Pages 61-72.