Download   Report
  1. technology and computing

Enhancement in OTP generation process for cloud data security

International Journal of scientific research and management (IJSRM)
\||Volume||3||Issue||4||Pages|| 2515-2518||2015||
Website: www.ijsrm.in ISSN (e): 2321-3418
Enhancement in OTP generation process for cloud data security
using Diffie-Hellman and HMAC - A Review
Komalpreet Kaur, Rohit Sethi
mtech student lovely professional university.
Phagwara Punjab 144411
[email protected]
, Assistant Professor lovely professional university.
Phagwara Punjab 144411
[email protected]
ABSTARCT: Cloud Computing is a latest technology and used in every field where storing large amount of data is required.
Security is the main problem while storing data. Encryption is used to protect the private data and provides the security in cloud
computing. In this paper, the comparison between FHE and FDE is being carried out and a propose scheme is discussed which is
used to enhance the security in cloud using OTP generation process in which Diffie-Hellman and HMAC is used to establish a
secure channel between the user and the server.
Keywords : Keywords: OTP, Diffie-Hellman, HMAC
Vimmi Pandey (2013) introduces Dynamic mobile token
1. Introduction
application. This is the application in mobile phones which is
Cloud Computing is the environment which provides on-
used to generate a code with the help of OTP (One Time
demand and convenient access of the network to a computing
Password) which is used only for one time to login session. To
resources like storage, servers, applications, networks and the
generate a OTP, there are two phases- Registration phase and
other services which can be released minimum efficiency way
Login phase. OTP is generated from the credentials filled by
[1]. Cloud Service Provider plays an important role in cloud.
the user. This code is valid for three minutes only. This ensures
Users need not to buy software licenses or hardware to access
protection against eavsdroppers attack and man-in-middle
any service. Users demand services from CSP or ISP and can
attack. Hence, they prove OTP is very secure.
access the internet services. This reduces the customer’s
Sanjoli Singla (2013) propose a design and architecture that
expenditure and called “pay-per-use” service [7]. Example,
can help to encrypt and decrypt the file at the user side which
GMAIL and icloud, in which user can access their data
provides data security in both cases while user is at rest or is
anywhere anytime with the internet accessibility. Dropbox is a
transferring data.
service of cloud where any user either with premium account
along with EAP-CHAP is used. Focus is on client side security
(account with some extra features) or free account can use their
in which only the authorized user can access the data. Even if
cloud. There are some security threats in it. Security techniques
some intruder (Unauthorized user) gets access of the data then
are used to overcome these problems.
the data will not be decrypt. Rijndael Encryption algorithm is
In Cloud, there are three service models-Software as a Service
used by the user to provide better security.
(SaaS), Platform as a Service (PaaS), Infrastructure as a
Dawn Song (2012) described the data-protection-as-a-service
Service (IaaS) [6] and four deployment models- Public Cloud,
where different services are provided for protecting data. Two
Private Cloud, Hybrid Cloud, Community Cloud [1].
techniques have discussed- FDE (Full Disk Encryption) and
For this, Rijndael Encryption Algorithm
FHE (Fully Homomorphic Encryption). Both techniques are
LITRATURE REVIEW
compared on the basis of key management, sharing, and ease of
Komalpreet Kaur, IJSRM volume 3 issue 4 April 2015 [www.ijsrm.in]
Page 2516
development, maintenance, aggregation and performance. The
scheme in which OTP is generated on the basis of Diffie
key management and access control are moved by DpaaS
Hellman and HMAC algorithms in which keys are managed
(Data-Protection-as-a-service) approach for purpose of balance
and shared by two users for the security of data. In this new
easy maintenance and rapid development by user-side
model, secure channel establishment algorithm will used for
verification.
key management and key sharing. The secure channel
Young-Gi Min (2012) describes three service models and five
establishment algorithm is Diffie- Hellman. In Diffie-Hellman
layers in cloud computing. Different security attacks are
algorithm if two parties, say, Master and Slave wishes to
defined which need to be overcome by applying security
exchange data. Before starting the communication, secure
algorithms and another techniques. To have secured cloud
channel is established. Both parties select their own random
deployment, Encryption and key management, identity and
number. On the basis of the selected random numbers, secure
access management must be considered. The best way to
channel and shared key is established. We have embedded the
minimize the unauthorized access is using Digital ID’s for the
Diffie Hellman key exchange algorithm for authentication
employee; this also addresses the issue of non-repudiation.
procedure. The new scheme will provide reliable key storage
Simarjeet Kaur (2012) describes various data encryption
and key management services. This will enhance the reliability
schemes like homomorphic encryption, searchable and
and security of the existing fully homomorphic encryption
structured encryption, Identity based encryption, signature
scheme. In our work, we are using Diffie-Hellman algorithm
based encryption. These are emerging technique in cloud world
for secure channel establishment and OTP for more security. It
security to provide day night full protection to critical data
is more secure than the existing OTP generation process.
information.
Shui Han (2011) introduces third party auditor in which the
CONCLUSION
user can operate and store their data securely in cloud. The
FHE is more secure and reliable then FDE. Security in cloud is
third party auditor provides techniques like RSA and Bilinear
enhanced by using OTP (One Time Password). In existing
Diffie-Hellman. By using RSA algorithm, encrypted data is
paper, methodology of OTP is defined. By this methodology of
flow from sender to the receiver and by using Bilinear Diffie-
generating OTP, brute force attack is possible which is no more
Hellman; secure channel is established between the user and
secure. We proposed a new model of generating OTP by using
the sender. With the exchanging of keys, data is always sent to
Diffie Hellman and HMAC which is more secure. Diffie
the valid and authorized users only.
Hellman and HMAC establish a secure channel between user
and the server.
PROPOSED METHODOLOGY
FHE and FDE are two encryption schemes which provide more
security in the cloud. FHE and FDE are compared on the basis
of some factors- Key management and Trust, Sharing,
Aggregation,
Performance,
Ease
of
development
and
References
[1] Bhavna Makhija, V. G. (2013). Enhanced Data Security in
Cloud Computing with Third Party Audito. International
Journal of Advanced Research in Computer Science and
Software Engineering, pp 341-345 .
Maintenance. From these factors, it is concluded that FHE is
more reliable. It gives more privacy and security as compare to
[2] Dawn Song, E. S. (2012). Cloud Data Protection for the
Masses. IEEE Computer Society, pp 39-45 .
FDE. The main problem in Fully Homomorphic Encryption is
key sharing and key management. To solve the problem of Key
management and Key Sharing, third party auditor is introduced.
The main advantage of this is that cloud service provider can
offer the functions which were provided by the traditional third
party auditor and make it trustful. The third party auditing
[3] Deyan Chen, H. Z. (2012). Data Security and Privacy
Protection Issues in Cloud Computing. International
Conference on Computer Science and Electronics
Engineering, pp 647-651 .
[4] Kaur, S. (2012). Cryptography and Encryption In Cloud
Computing. VSRD-IJCSIT, Vol. 2 (3), 2012, 242-249, pp 242249 .
scheme will be failed, if the third party’s security is
compromised. To solve this problem, we proposed a new
Komalpreet Kaur, IJSRM volume 3 issue 4 April 2015 [www.ijsrm.in]
Page 2517
[5] Pandey, V. (2013). Securing the Cloud Environment Using
OTP. International Journal of Scientific Research in Computer
Science and Engineering .
[6] Sanjoli Singla, J. S. (2013). Cloud Data Security using
Authentication and Encryption Technique. International
Journal of Advanced Research in Computer Engineering &
Technology (IJARCET) Volume 2, Issue 7, July 2013, pp 22322235
[7] Sean Carlin, K. C. (2011). Cloud Computing Security.
International Journal of Ambient Computing and Intelligence,
pp 14-19 .
[8] Shui Han, J. X. (2011). Ensuring Data Storage Through A
Novel Third Party auditor Scheme in Cloud Computing. IEEE
computer science & Technology, pp 264-268
[9] Young-Gi Min, H.-J. S.-H. (2012). Cloud Computing
Security Issues and Access Control Solutions. Journal of
Security Engineering, pp 135-140 .
Profile
Komalpreet Kaur is student of Lovely Professional University,
Jalandhar (INDIA). She has received B.Tech Degree from
Lovely Professional University, Jalandhar. Her main research
interest includes networking.
Komalpreet Kaur, IJSRM volume 3 issue 4 April 2015 [www.ijsrm.in]
Page 2518
Please this as a Flyer TODAY!

Please this as a Flyer TODAY!

Going Digital Workshop Outline

Going Digital Workshop Outline

Master Thesis Proposals Eric Jul, Professor II Bell Labs Ireland Fall 2014

Master Thesis Proposals Eric Jul, Professor II Bell Labs Ireland Fall 2014

Case Cloud - Harvard Cloud & DevOps

Case Cloud - Harvard Cloud & DevOps

A Platform in the Cloud

A Platform in the Cloud

Avaya Simply IPO - Introduction

Avaya Simply IPO - Introduction

Cloud Curious? – How to make cloud computing work for you

Cloud Curious? – How to make cloud computing work for you

View - ABS India

View - ABS India

HOW TO CHOOSE THE BEST PLATFORM OFFER IN THE MARKET TODAY?

HOW TO CHOOSE THE BEST PLATFORM OFFER IN THE MARKET TODAY?

top global mega trends and their impact on business, cultures

top global mega trends and their impact on business, cultures

abcdocz.com

© Copyright 2024