Strengthen Cloud Computing Security with Enhanced Two Factor
International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 Strengthen Cloud Computing Security with Enhanced Two Factor Authentication and Encryption Divya Saraswat* M.tech CSE, IPEC(UPTU) Dr. Pooja Tripathi Professor CSE, IPEC(UPTU) Abstract: Cloud computing has become a buzzword that nearly everyone has heard but only few can truly understand its correct meaning. Today, cloud has taken over the IT landscape. Cloud computing refers to menu of hosting services usually provided over the internet on a usage or metered basis, while at the same time leveraging infrastructure shared by multiple users. Cloud itself is maintained by cloud service providers through networked “server farms”. They offer their subscribers unlimited availability and data storage, along with the seamless access to software, application provisioning and automatic upgrades. Security is one of the most concerning downsides while using cloud services. As organisations and individuals store data in cloud and if this data isn‟t properly protected loss and exposure can happen. Therefore confidentiality, authentication and access control are the challenging factors in data security. Our work attempts to overcome these types of data security concerns. In this paper to ensure authentication, a strong authentication mechanism using muti-step authentication has implemented based on dynamic one time password technique. This technique is very much secure, robust and highly efficient. The produced mobile token which is valid for only a small session is used by client to authenticate itself. For data storage security and information security over cloud AES-256 encryption and MD5 hashing is used. Access controls and permissions on data accessibility are also gets implemented. Our work mainly deals with cloud computing security model. Keywords: AES, multi factor authentication, authentication, MD5, multi auth app, mobile token, and access control. I. INTRODUCTION Cloud computing is the defining technology of twenty first century as well as it defines utility just as electricity was for twentieth. When we use any appliance that use electricity we think that power is sufficient to run our appliance. What we don‟t know is that where and from what source power comes from- whether it is from our nearby nuclear power plant or from hydroelectric facility or a wind farm. Cloud computing is similar we know it will be there and is sufficient but we don‟t know on what kind of hardware our data will be stored on, nor do we always know where it is stored on. The cloud is basically computing power plant while the various cloud providers like Azure, Amazon, Rackspace, Microsoft are computing power companies. Cloud computing offers incredible processing power, very wide storage space and a high speed of computation. Cloud computing technologies are categorized as- software as a service, platform as a service, infrastructure as a service and data storage as a service[1]. The cloud models where they are deployed are also falls in four categories: public cloud, private cloud, hybrid cloud and community cloud[2]. New challenge around the security emerge when data on cloud is to be stored. Control over the data is one of the primary need as it flows from one virtual machine to another. Traditional hardware based appliances 137 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 had no control over data once it is in cloud. Therefore it requires the use of virtual security appliance to protect and maintain the data.There are various security layers, some of them are: 1. Authentication: Authentication identifies a user. More clearly, authentication is process of determining whether someone or something is, in fact, who or what it is declared to be. Authentication level description: a. Single factor authentication: it require only one factor which “something user knows” like username and password. b. Multistep authentication: requires multi step authentication process which must be executed in consecutive order or sequence successfully. Example: Gmail, BOX c. Two factor authentication: it is the subset of two step. it requires the use of only two factors from the below list: Something you know (password, pin) Something you have (token, key) Something you are (fingerprint, retina scan etc.) Example: PKI system d. Multi factor authentication: it requires the use of three or more factors from below list: Something you know (password, pin) Something you have (token, key) Something you are (fingerprint, retina scan etc.) Example: key card entry system 2. Authorization: Authorization provides authenticated users with permissions to certain resources. These resources can be system objects like information, application programs etc. 3. Encryption of data: encryption is core basis in cryptography. It is the process of transforming information in an unreadable format or we can say it convert plain text into cipher-text and hence become unreadable. Data stored on PC, tablet, smart phones can be encrypted based on type of data. One of the biggest issue in cloud computing is that of security. As organisations and individuals moving their data to cloud, the safety of their data is a crucial factor. The main objective of this paper is to enhance data security for cloud computing. . For authentication security purpose instead of only rely on username and password, an additional multi-auth-app has introduced which is based on two factor authentication with multi steps for creating mobile token which is valid for one login session or for short period. The generated mobile token is then used by client to authenticate itself for using cloud services. The data storage security is implemented by using AES encryption technique. It is a symmetric encryption technique and is very reliable and faster algorithm. This paper resulted in authentication and registration method that is both secure. Permissions for access rights like grant or deny on data are also gets implemented. MD5 technique is used for hashing client registration and login details. Hashing is for verifying the contents of message. Hence, our approach also maintains data integrity. In this paper we are going to present work and its implementation details using azure cloud services. This paper organized in following manner: section 2 reviews related work of authors. Problem statement is given in section 3. Detailed proposed work presented in section 4. Requirement specification provide in section 5.section 6 Shows the implementation work of the proposed work. Section 7 concludes the paper. 138 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 II. RELATED WORK Various research has done in the field of security of cloud computing environment. Lin, Shen, and Hwang [3] has proposed a strong password authentication scheme in which they discussed to make use of smart cards. With the help of the proposed scheme they can resist guess attack, replay attack, impersonation attack and stolen attack. Later on, W. C .Ku. [4] has proposed a hash-based strongpassword authentication scheme to enhance the security without using smart card. However, it still has the some weakness and suffers attacks. As per Saxena [5] proposed a technique in which he suggested to use one time password for authentication. The generated OTP was based on event synchronization technique. Jing-Jang Hwang et al. [6], surveyed a business model for cloud computing for data security using data encryption and decryption algorithms. In this method cloud service provider has responsible for data encryption/decryption tasks for data storage and it results in more computational overhead for process of data in cloud server. There is no control of data for data owner in this type of scheme. III. PROBLEM STATEMENT In vast majority of online experiences and logins, people mostly rely on Static passwords based on only username and passwords which are easy to crack. The problem with this methodology is that once you shared this secret it does not remains a secret. Security can be enhanced by using strong authentication. Also as, data is stored anywhere in cloud and has no borders so this creates various confidentiality, integrity and privacy issues in cloud environment and hence demanded a trusted environment wherein data security can be maintained. In current approaches there are several issues in authentication mechanism. The need is for determining a certain scheme that will provide authentication, confidentiality and integrity to a single server. IV. PROPOSED WORK This section describes a proposed data security model and focuses on enhancing security by using two factor authentication with multi steps ,encryption, hashing, and access rights policy. The security framework will take care of authorization and authentication, confidentiality and integrity of user while accessing any cloud server. Registration Firstly users who want to access the cloud services have to register themselves. A registration form have to be filled by them which include client information. All the user information now gets stored in cloud database. As registration mechanism includes crucial information, this must be protected from others. For the security purpose MD-5 hashing is used by the authors on registration information. User information now gets stored in cloud where password and all the other details are stored in hash format using MD-5 hashing so that any attack by malicious users would be ineffective and hence also maintains integrity. Md-5 hashing is a one way system and is unbreakable[7]. Login and Data Authentication with multi steps The authentication method used in our scheme is based on multi steps with two factor authentication that add an extra layer of security to the existing schemes[8] and make it more stronger. Figure 1 and figure 2 showing authentication and multi auth app flowchart. 139 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 USER EXISTING NON-EXISTING USER USER ENTER USERNAME & PASSWORD REGISTER WITH THE SERVER NO IS VALID YES ENTER OTP NO IS VALID YES ACCESS TO USER PROFILE END Figure 1. Flowchart showing AUTHENTICATION 140 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 Two factor with multi step authentication: a. In first phase a user firstly logs in his/her account by firstly providing details like something you know. For example: when a user firstly wants to login, a username and password must be required. These details are also gets stored in hash format. b. In second phase, multi auth app has created for providing access. Multi auth app is an application that users have to install in their mobile phones. Cloud provider send OTP through this app. This app also has various factors. As in traditional OTP based message anyone who has access to others mobile phones can check the message that contains the otp information and use it illegally but in this type of application to get a mobile token, the mobile owner firstly have to entered its own created or updated password and then have to enter its mobile number on personal device interface only then the user have gained an access to the mobile token or OTP. FIGURE 2. Flowchart showing multi-auth-app 141 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 So as soon as user correctly entered the log in details in first phase, that user have to enter the OTP which the users only gets through their mobile phones by using multi auth app means something you have. This results in more extra credentials requirement for accessing mobile token. These extra credential requirement like password for mobile device, mobile number are the multi steps of authentication. This form strong security for accessing the OTP. This multifactor authentication is much more safer than static password methods. The mobile token or OTP generated is valid only for a very short duration time or you can say for only one session. OTP are immune to password sniffing attacks. For example: suppose if a hacker use any software to collect your data traffic or other valuable information, there is not to worry as the password he will get will of no use. This solution offers greater benefits when compared to other types of authentication solutions: Username and the OTP are the only crucial information, sent over the network. Since the OTP is only valid for very short time it will be of no value for an attacker. PIN code is only known to the user which is used to generate the OTP on mobile phones. The cost will be absolutely free for both user and provider, since this is an open source solution. The user only have to carry his mobile phone with him and their is no need to carry any extra authentication device Easy registration process where everything can be done from home, no need to order an external authentication device or get the device from a local office. As a result only authorized users can gain access to the cloud system. Secure storing and accessing of data After successful authentication, a user can now connect with the system. User can now have access to file storage system. For Encryption during file upload AES-256 has implemented in this application for secure data storage on server. AES as compare to RSA, DSA, and RC4 is much better encryption technique because its algorithm fast and reliable. AES-256 is symmetric key encryption technique. For other information transmission including registration and login details MD-5 hashing is used. Permissions A permission is an authorization to perform an operation on a specific object, such as file. While uploading data, permissions also gets applied on the data. These permissions can be granted to a user, group, special identities, any trusted domain, or computer. In role based access control list, permissions are assigned to roles. A user must be a registered member of that role. Permissions are associated with roles not with users. Below table 1 shows an instance of the permission module. All the data including access rights like allow and deny on a particular file also send in cipher form to the server using AES encryption technique. Current UID Search UID Add Teacher Teacher No Teacher Student Yes Student Student No Student Teacher Yes Current UID can't search Own UID Table 1. permissions on search and add of users 142 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 V. REQUIREMENT SPECIFICATION Hardware requirements The system running the application should have following system requirements: Intel(R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.39 GHz processor, 3 GB of RAM Microsoft Windows 7 Ultimate 62 bit Operating System Android device such as smart phone or tablet Software requirements Android SDK ADT Plugin Some Android SDK packages USB drivers Java development kit(jdk) Visual studio 2012 VI. IMPLEMENTATION DETAILS The system is implemented in two phases. For authentication security phase, multi auth app has been created for android mobile phones. For multi auth app android developer tool is used. Eclipse is used where xml is graphic user interface and java is a command user interface. In visual studio environment c# is used as a backend language. We have also hosted this implemented model in Azure cloud. Module 1 The proposed system is divided into two parts: Client Server Figure(3) shows the home page including login and registration sections. Figure 3. Home page 143 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 Module 2: Registration of clients Figure(4) shows new registration form for users. The form includes user id, password, mobile no., job type: student/teacher. Figure 4. registration page Module 3: authentication of client Authentication is divided into two parts : First factor: it is based on „something you know‟ i.e. username and password. Figure 5. login panel Second factor: It is based on „something you have‟ in which a user have to enter the mobile token generated in their mobile phones by accessing multi-auth app displayed in figure(6). 144 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 Figure 6 : OTP panel Multi-auth-app : this is an application run on users mobile phones. This application also have various steps for authentication. That is why known as multi-step authentication. Fig(7) shows various steps multi-auth-app. Figure 7. multi-auth-app Module 4. User interface for sharing data and permissions: Figure(8) shows user profile which includes features of uploading data, add friends, search friends, delete friends, permissions for viewing data- allow/ deny. Figure 8. user‟s profile 145 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 Encryption and decryption data: the data uploaded to the cloud is in encrypted form using AES as shown in figure(9) and decrypted while accessing by authenticated users shown in figure(10). Also details of users information while login, registration and profile management are stored in encrypted form using MD-5 on the cloud server shown in fig(11) and fig(12). Encryption figure 9. data uploaded on cloud Decryption Figure 10. Decryption Figure 11 Login details in encrypted form 146 Divya Saraswat* , Dr. Pooja Tripathi International Journal of Innovations & Advancement in Computer Science IJIACS ISSN 2347 – 8616 Volume 4, Special Issue May 2015 Figure 12. profile management in encrypted form VII. CONCLUSION A two factor authentication approach is employed for the authentication and authorization of the client, which increase the confidentiality and integrity of the data. One time password to authenticate users and MD5 hashing for hiding information. This model ensures security for whole cloud computing structure. In this paper we propose different ways to securely and easy login to a cloud service using OTPs with the user's mobile phone as an authentication device. AES encryption technique is used for data storing security in cloud. With the authentication, registration and encryption method proposed and implemented in this paper, all of those factors are accomplished. Algorithms like AES, MD-5 and OTP with multi-auth app makes the model highly secure. REFERENCES [1] Nandini Mishara, Kanchan Khushwha, Ritu Chasta, Er. Abhishek Choudhary, “Technologies of Cloud Computing – Architecture Concepts based on Security and its Challenges, International Journa of Advanced Research in Computer Enginering and Technology (IJARCET), Volume 2, Issue 3, March 2013 [2] R. Kalaichelvi et al., "Research Challenges and Security Issues in Cloud Computing", International Journal of Computational Intelligence and Information Security, Vol. 3, No. 3 pp 42-48, March 2012 [3] C.W. Lin, J. J. Shen, and M. S. Hwang, "Security enhancement for optimal strong password authentication protocol," ACM Operating Systems Review, vol. 37, no. 2, pp. 7-12, April 2003. [4] W. C., Ku, "A hash-based strong-password authentication scheme without using smart card" ACM Operating Systems Review, vol. 38, no. 1, pp. 29-34, Jan. 2004. [5] A.Saxena, “Dynamic Authentication: Need than a Choice”, Communication Systems Software and Middleware and Workshops, 2008. 3rd International Conference, 10 (1) (2008), 214, IEEE conference. [6] Jing-Jang Hwang, Taoyuan, Taiwan,Yi-Chang Hsu, Chien-Hsing Wu, “A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service”, International Conference on Information Science and Applications (ICISA), pages 1-7, [2011]. [7] Ronald Rivest, “MD5 Message-Digest Algorithm”, rfc 1321, April 1992. [8] S.Zhang & X. Chen,“ The Comparison Between Cloud Computing and Grid Computing”, Computer Application and System Modeling (ICCASM), 2010 International Conference. 22- 24 Oct . 2010. Page (s) : V11-72. [9] Joan Daemen, Vincent Rijmen,“Announcing the Advanced encryption standarad(AES)”,Federal Information Processing Standards Publication 197, November 26, 2001. 147 Divya Saraswat* , Dr. Pooja Tripathi
© Copyright 2024