![5) A Biometric scanner is used to verify the fingerprints.
Install a java code in Host and client, which must identify
the Disk number and Mother Board number of the system,
verify their respective passwords and then produce a
suitable 16 character code by calculating the time, an
arbitrary Hash function on the Disk number and Mother
board number and the user's password.
4) When the client logs in by the UEG-16 code, the Master
server accepts the code from the client. Simultaneously it
would notify the host to generate the UEG-16 code from its
end.
5) The UEG-16 code of the host is generated automatically
upon receiving the notification from the Master server, and
is then sent to the Master server for authentication. If it is
beyond Office hours a notification is sent to the admin of
the Client organization and awaits his/her permission to
generate the UEG 16 code. A time window of 2 minutes is
granted to complete the process
6) If the Master server receives a one sided request, it would
deny access and create a "log" about the failure after 5
unsuccessful attempts.
7) If the client or host enters their respective password
incorrectly for 5 attempts, then it closes the respective
connection and creates a log entry.
8) If the UEG-16 code is correct, the access to Cloud is
granted.
Merits:
1) The Client and the Host have complete isolation in terms
of Passwords. The Cloud provider need not know the
Client's password or key.
2) The Host cannot attempt to steal the user's data, if any
attempt is made, the Client will be notified by Log
statements.
3) A third party regulates and checks the data access;
therefore it does not come under the control of the Cloud
provider.
4) The Key is generated within the system. Therefore
Hackers can’t hack the network to track or take the Network
packet carrying the Hash key-code.
5) As the parameters cannot be spoofed, it is fool proof.
6) The time window for entering the UEG-16 code is 2
minutes, after which the code becomes invalid. Thus it is
more secure with an optimal time-out mechanism.
Requirements:
1) The system time and date must be in synchronization
with the I.S.T (Indian Standard Time)
2) Due to the involvement of the regulating body, the Client
should bear a small increase in cost for greater security.
3) Any change of Mother Board or formatting the Drives
must be intimated to the Regulating body.
Growth of UEG-16:
Due to time constraints, GUI models for the Registration
phase and the incorporation of Biometric scanner is in the
pipeline. It is expected to be completed in 3 weeks.
VI. CONCLUSION AND FUTURE WORK
To sum up, Cloud computing is an efficient way to power
the IT industry, however security is a major concern that we
must consider before moving our data to the Cloud. By
using a User End Generated security system and reducing
the role of the third party just to verify the code, we can
heighten security. This method gives the Client complete
anonymity about the password to the Cloud Host. Thus
Cloud security can be enhanced by this "User-End
Generated 16 character key code ".
REFERENCES
[1] Amazon Web Services, Online at http://aws.amason.com.
[2] Google App Engine, On line at http://code.google.com/appengine/.
[3] Shucheng Yu, Cong Wang, Kui Ren, Wenjing Lou, “Achieving
Secure, Scalable, and Fine-grained Data Access Control in Cloud
Computing”,IEEE INFOCOM 2010 proceedings.
[4] M. R. Tribhuwan, V. A. Bhuyar, Shabana Pirzade, “Ensuring Data
Storage Security in Cloud Computing through Two-way
Handshake based on Token Management”, IEEE ARTCom 2010
[5]Qian Wang, Cong Wang, Jin Li, Kui Ren, Wenjing Lou, “Enabling
Public Verifiability and Data Dynamics for
Storage Security in Cloud Computing”, ESORICS 2009
[6]Cong Wang, Qian Wang, Kui Ren, Wenjing Lou,“Ensuring Data Storage
Security in Cloud Computing”, IEEE, IWQoS. 17th
International 2009.
ISBN-13: 978-1535305198
www.iirdem.org
Proceedings of ICTPEA-2016
©IIRDEM 20164](https://image.slidesharecdn.com/iirdemanovelapproachforenhancingsecurityinmulti-cloudenvironment-160719015852/85/Iirdem-a-novel-approach-for-enhancing-security-in-multi-cloud-environment-4-320.jpg)
Iirdem a novel approach for enhancing security in multi cloud environment
- 1. A Novel Approach for Enhancing Security in Multi- Cloud Environment (Static System Component based Dynamic Key Generation) * Nandha raj.C– III Year Student, # K.Sudharson - Asst.Professor Department of Information Technology, S.A.Engineering College, *sudharson@saec.ac.in, # nandha6197@gmail.com Abstract- Cloud computing provides a large scale computing resources to various customers and developers. The resource transformation between customers and cloud maintenance can be easily threatened by the various cyber attacks, because cloud computing provide the service to many customers who are not proven to be trustworthy. Therefore cloud computing system needs to provide some fair and secure resource exchanges between customers. Cloud computing is an efficient way to power the IT industry, however security is a major concern that we must consider before moving our data to the Cloud, Hence we proposed User-End Generated 16 character key code to provide security to the cloud computing environment. Based on User End Generated security system we can reduce the role of the third party just to verify the code, we can heighten security. This method gives the Client complete anonymity about the password to the Cloud Host. Keywords— cloud computing; authentication; UEG-16; data storage, security I. INTRODUCTION In the 1990s, telecommunications companies, who previously offered primarily dedicated point-to-point data circuits, began offering virtual private network (VPN) services with comparable quality of service, but at a lower cost. By switching traffic as they saw fit to balance server use, they could use overall network bandwidth more effectively. They began to use the cloud symbol to denote the demarcation point between what the providers was responsible for and what users were responsible for. Cloud computing extends this boundary to cover servers as well as the network infrastructure. As computers became more prevalent, scientists and technologists explored ways to make large-scale computing power available to more users through time sharing, experimenting with algorithms to provide the optimal use of the infrastructure, platform and applications with prioritized access to the CPU and efficiency for the end users. After the dot-com bubble, Amazon played a key role in all the development of cloud computing by modernizing their data centers, which, like most computer networks, were using as little as 10% of their capacity at any one time, just to leave room for occasional spikes. Having found that the new cloud architecture resulted in significant internal efficiency improvements whereby fast-moving teams that were quite small could add new features faster and more easily, Amazon initiated a new product development effort to provide cloud computing to external customers, and launched Amazon Web Services (AWS) on a utility computing basis in 2006. In early 2008, Eucalyptus became the first open- source, AWS API-compatible platform for deploying private clouds. In early 2008, OpenNebula, enhanced in the RESERVOIR European Commission-funded project, became the first open-source software for deploying private and hybrid clouds, and for the federation of clouds. In the same year, efforts were focused on providing quality of service guarantees (as required by real-time interactive applications) to cloud-based infrastructures, in the framework of the IRMOS European Commission-funded project, resulting to a real-time cloud environment. By mid- 2008, Gartner saw an opportunity for cloud computing "to shape the relationship among consumers of IT services, those who use IT services and those who sell them and observed that organizations are switching from company- owned hardware and software assets to per-use service- based models so that the projected shift to computing will result in dramatic growth in IT products in some areas and significant reductions in other areas. ISBN-13: 978-1535305198 www.iirdem.org Proceedings of ICTPEA-2016 ©IIRDEM 20161
- 2. II. CHARACTERISTICS OF CLOUD COMPUTING Cloud Computing has the following characteristics: Availability of large computing infrastructure on need basis: Cloud vendors provide appearance of infinite computing infrastructure availability. This is available to organizations on need basis. This ensures that organizations do not need to set up servers for their peak requirements. As an example consider the official Wimbledon site. The site gets extremely high traffic in the two weeks when the championship happens. For this two weeks period this site will have high server usage. For rest of the year the site will need to only pay for the reduced usage. In general organizations do not need to bear the cost of computing infrastructure for their peak loads. The usage of computing resources can be increased or reduced on need basis, is called elastic computing. Cloud computing does not involve any significant capital expenditure for the organization. Unlike traditional IT infrastructure, in cloud computing organizations just use the computing services without procuring it. In some sense cloud computing involves renting the computing resources instead of buying them. As the figure below displays, unlike traditional computing model, Cloud computing requires no capital expenditure to acquire initial computing resources III. ISSUES IN CLOUD COMPUTING Cloud risk No. 1: Shared access One of the key tenets of public cloud computing is multitenancy, meaning that multiple, usually unrelated customers share the same computing resources: CPU, storage, memory, namespace, and physical building. Multitenancy is a huge known unknown for most of us. It's not just the risk of our private data accidentally leaking to other tenants, but the additional risks of sharing resources. Multitenancy exploits are very worrisome because one flaw could allow another tenant or attacker to see all other data or to assume the identity of other clients. Several new classes of vulnerabilities derive from the shared nature of the cloud. Researchers have been able to recover other tenants' data from what was supposed to be new storage space. Other researchers have been able to peek into other tenants' memory and IP address space. A few have been able to take over another tenant's computing resources in totality by simply predicting what IP or MAC addresses were assigned. Multitenancy security issues are just now becoming important to most of us, and the vulnerabilities within are starting to be explored. The best precursor example is a single website placed on a Web server with hundreds or even thousands of other, unrelated websites. If history is any guide -- it usually is -- multitenancy will be a big problem over the long haul. Cloud risk No. 2: Virtual exploits Every large cloud provider is a huge user of virtualization. However, it holds every risk posed by physical machines, plus its own unique threats, including exploits that target the virtual server hosts and the guests. You have four main types of virtual exploit risks: server host only, guest to guest, host to guest, and guest to host. All of them are largely unknown and uncalculated in most people's risk models To up the ante, the cloud customer typically has no idea what virtualization products or management tools the vendor is running. To shed some light on this risk, ask your vendor the following questions: What virtualization software do you run? What version is it on now? Who patches the virtualization host and how often? Who can log into each virtualization host and guest? Cloud risk No. 3: Authentication, authorization, and access control Obviously, your cloud vendor's choice of authentication, authorization, and access control mechanisms is crucial, but a lot depends on process as well. How often do they look for and remove stale accounts? How many privileged accounts can access their systems -- and your data? What type of authentication is required by privileged users? Does your company share a common namespace with the vendor and/or indirectly with other tenants? Shared namespaces and authentication to create single-sign-on (SSO) experiences are great for productivity, but substantially increase risk. ISBN-13: 978-1535305198 www.iirdem.org Proceedings of ICTPEA-2016 ©IIRDEM 20162
- 3. Data protection is another huge concern. If data encryption is used and enforced, are private keys shared among tenants? Who and how many people on the cloud vendor's team can see your data? Where your data is physically stored? How is it handled when no longer needed? Many are not sure how many cloud vendors would be willing to share detailed answers to these questions, but we have to at least ask if we want to find out what is known and unknown. Cloud risk No. 4: Availability When you're a customer of a public cloud provider, redundancy and fault tolerance are not under your control. Usually what's provided and how it's done are not disclosed. It's completely opaque. Every cloud service claims to have fantastic fault tolerance and availability, yet month after month we see the biggest and the best go down for hours or even days with service interruptions. Of even bigger concern are the few instances in which customers have lost data, either due to an issue with the cloud provider or with malicious attackers. The cloud vendor usually states that they do awesome, triple-protected data backups. But even in cases where vendors said that data backups were guaranteed, they've lost data -- permanently. If possible, your company should always back up the data it's sharing with the cloud or at least insist on legalese that has the right amount of damages built in if that data is lost forever. Cloud risk No. 5: Ownership This risk comes as a surprise to many cloud customers, but often the customer is not the only owner of the data. Many public cloud providers, including the largest and best known, have clauses in their contracts that explicitly states that the data stored is the provider's -- not the customer's. Cloud vendors prefer owning the data because it gives them more legal protection if something goes wrong. Plus, the Cloud service provider could search and mine customer data to create additional revenue opportunities for themselves. We must make sure that this known unknown is on lockdown: Who owns client’s data and what can the cloud provider do with it? IV. CURRENT TECHNOLOGIES TO SECURITY IN CLOUD Single Sign On: Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems. Drawback: This system relies heavily on a single “Master password”. If it is compromised, the security fails. One Time Password: This involves receiving a password that is randomly generated. The user must key in the OTP within a specific time frame. Drawback: Intercepting the data packet carrying the OTP over a period of time, may expose the innate algorithm of the OTP. The larger the time frame, the greater risk of decryption. V. PROPOSED SYSTEM We propose to develop a code, with the following algorithm. A small working model is built in Java. 1) Identify two systems which are related in the cloud as Host and Client. 2) Obtain the Disk number of the Host and Client during the “Registration phase”, these details are sent to the Master server. Note: A Disk number is a unique identification number that identifies the Drive of a computer. This is generated as the system partitions the drives. 3) obtain the mother-board number of the Host and Client system, this is sent to the Master server. Note: A Mother Board number is etched during manufacture. It cannot be spoofed or modified. 4) Obtain the Client’s password and fingerprint. The Host’s password is obtained processed and then stored by the Master server. ISBN-13: 978-1535305198 www.iirdem.org Proceedings of ICTPEA-2016 ©IIRDEM 20163
- 4. 5) A Biometric scanner is used to verify the fingerprints. Install a java code in Host and client, which must identify the Disk number and Mother Board number of the system, verify their respective passwords and then produce a suitable 16 character code by calculating the time, an arbitrary Hash function on the Disk number and Mother board number and the user's password. 4) When the client logs in by the UEG-16 code, the Master server accepts the code from the client. Simultaneously it would notify the host to generate the UEG-16 code from its end. 5) The UEG-16 code of the host is generated automatically upon receiving the notification from the Master server, and is then sent to the Master server for authentication. If it is beyond Office hours a notification is sent to the admin of the Client organization and awaits his/her permission to generate the UEG 16 code. A time window of 2 minutes is granted to complete the process 6) If the Master server receives a one sided request, it would deny access and create a "log" about the failure after 5 unsuccessful attempts. 7) If the client or host enters their respective password incorrectly for 5 attempts, then it closes the respective connection and creates a log entry. 8) If the UEG-16 code is correct, the access to Cloud is granted. Merits: 1) The Client and the Host have complete isolation in terms of Passwords. The Cloud provider need not know the Client's password or key. 2) The Host cannot attempt to steal the user's data, if any attempt is made, the Client will be notified by Log statements. 3) A third party regulates and checks the data access; therefore it does not come under the control of the Cloud provider. 4) The Key is generated within the system. Therefore Hackers can’t hack the network to track or take the Network packet carrying the Hash key-code. 5) As the parameters cannot be spoofed, it is fool proof. 6) The time window for entering the UEG-16 code is 2 minutes, after which the code becomes invalid. Thus it is more secure with an optimal time-out mechanism. Requirements: 1) The system time and date must be in synchronization with the I.S.T (Indian Standard Time) 2) Due to the involvement of the regulating body, the Client should bear a small increase in cost for greater security. 3) Any change of Mother Board or formatting the Drives must be intimated to the Regulating body. Growth of UEG-16: Due to time constraints, GUI models for the Registration phase and the incorporation of Biometric scanner is in the pipeline. It is expected to be completed in 3 weeks. VI. CONCLUSION AND FUTURE WORK To sum up, Cloud computing is an efficient way to power the IT industry, however security is a major concern that we must consider before moving our data to the Cloud. By using a User End Generated security system and reducing the role of the third party just to verify the code, we can heighten security. This method gives the Client complete anonymity about the password to the Cloud Host. Thus Cloud security can be enhanced by this "User-End Generated 16 character key code ". REFERENCES [1] Amazon Web Services, Online at http://aws.amason.com. [2] Google App Engine, On line at http://code.google.com/appengine/. [3] Shucheng Yu, Cong Wang, Kui Ren, Wenjing Lou, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing”,IEEE INFOCOM 2010 proceedings. [4] M. R. Tribhuwan, V. A. Bhuyar, Shabana Pirzade, “Ensuring Data Storage Security in Cloud Computing through Two-way Handshake based on Token Management”, IEEE ARTCom 2010 [5]Qian Wang, Cong Wang, Jin Li, Kui Ren, Wenjing Lou, “Enabling Public Verifiability and Data Dynamics for Storage Security in Cloud Computing”, ESORICS 2009 [6]Cong Wang, Qian Wang, Kui Ren, Wenjing Lou,“Ensuring Data Storage Security in Cloud Computing”, IEEE, IWQoS. 17th International 2009. ISBN-13: 978-1535305198 www.iirdem.org Proceedings of ICTPEA-2016 ©IIRDEM 20164