Abstract— Cloud computing is an emerging IT platform that helps the users to get rid of the hardware resources and complexity in storage and computational power. All the people started using cloud which led to many security concerns relating to the data confidentiality and integrity. This became a challenge to the widespread of the new cloud computing paradigm. Many measures are taken to improve the cloud security and then there came the concept of cryptography to upgrade the cloud security.
Nowadays the main problem is to maintain data confidentiality with respect to un trusted cloud service providers as well as providing correct query results to the authenticated users. Existing approach provide confidentiality using only one symmetric encryption algorithm which generates only one secret key to both encrypt and decrypt. But this is not so secured as the attacker can easily guess the algorithm and thereby find the key.
In this paper, we are going to employ a randomized encryption technique in which the files are randomly encrypted by three strong algorithms AES, Triple DES and Blowfish which improves the security and we are also implementing new techniques to improve security like key generation via OTP method, etc. In addition to this, we are also going to solve the problem of redundant or duplicate files consuming the cloud storage by using de-duplication technique using a buffered reader which can eliminate the duplicate files in the cloud, thereby saving storage and reduce the need to buy extra storage. Keywords-Cloud security, Data Confidentiality, AES, Triple DES, Blowfish, De-duplication, Randomized Encryption. INTRODUCTION In the present scenario, cloud computing is emerging as the most powerful networking as well as storage platform which is used by different users across the world. Cloud computing provides storage at free cost or at lower costs eliminating the need for costly storage and computational resources. So large amount of data is being stored and a lot of computations are being performed in the cloud.
When different kinds of operations are performed in the cloud we must consider the security of the cloud environment. Cloud security is a major concern nowadays a lot of confidential data is being uploaded on to the cloud. Even though the cloud stores the data at low costs it allows its resources to be shared among the users and individuals, servers and thereby all the files are vulnerable to the attackers causing a major threat. The other security issues include data confidentiality and data integrity.
Data Confidentiality means the data should not be disclosed to the un-trusted users and data integrity means that data should not be altered before being processed by the server. In recent years the concept of cryptography has cleared most of the security issues providing data confidentiality and integrity. There are also many security concerns even in the concept of cryptography based on the encryption algorithms. There are two types of encryption algorithms. They include symmetric encryption algorithms and asymmetric encryption algorithms.
Symmetric encryption algorithms maintain only one key and it is used to both encrypt and decrypt. Whereas asymmetric encryption algorithms have two keys public and private. Symmetric encryption is used to protect the message and is faster compared to asymmetric encryption. But the only disadvantage is that it uses only a single key. We consider key length as one of the most important factors while selecting the symmetric encryption algorithm.
This is because if the key length is large, it is difficult for the attacker to guess the key and thereby improving security.DES is the weakest encryption with the key length of just 56 bits. So it is improved and proposed as a new encryption algorithm Triple DES with the key length of 168 bits.AES and blowfish are the other stronger encryption used in the paper to improve the security by randomly allocating the three algorithms to the files by which makes it difficult for the attacker to guess the algorithm. The redundant storage of the files in the cloud is also one of the most prevailing problems which consume a lot of storage space. This can be eliminated by using the concept of de-duplication which do not allow the duplicate files into the cloud. CLOUD SECURITY THREATS Improper credential management When the information of all the users of the cloud is not properly stored, the attackers can acts as the legitimate users, enter into the system and access, modify or delete files which may cause potential harm to the organization.
Account Hijacking It is the process by which the malicious attackers enter into the system finding the system vulnerabilities and keep an eye on the activities of the organization, manipulate the data and other illegal activities. He also can steal the credentials which affect the data confidentiality and integrity. Insider attacks These type of attacks come into picture when the data is solely in the hands of the cloud service providers. Any bad system admin can cause harm to our sensitive information stored in the cloud. This is one of the greatest security risk which cannot be predicted and data breach may also happen due to this. PROPOSED SYSTEM We propose an encryption scheme where the files are randomly encrypted using three different encryption algorithms.
This randomized encryption scheme improve the security with an add on of OTP based private key generation technique and we also include a de-duplication technique which does not allow the redundancy in files stored in the cloud. Algorithms Used Triple DES(Triple Data Encryption Standard): DES encryption algorithm is a weak algorithm with the key length of only 56 bits, but is popular. So it is modified as Triple DES which is three times stronger and faster than DES with the key length of 3*56=168 bits making it strong and intense compared to DES. It uses three keys K1,k2,k3, first to encrypt and then the encrypted data is decrypted using the second key k2 and then the decrypted data is again encrypted using the third key k3.Hence it is also called as an encrypt-decrypt-encrypt process. A user first decrypts using k3, then encrypt with k2, and finally decrypt with k1.
Encryption in TDES: Ciphertext= encyption(k3)(decryption(k2)(encryption(k1)(plaintext))) Decryption in TDES: Plaintext=Decryption(k1)(encyption(k2)(decryption(k3)(ciphertext())) Advantages: 1.It is easy to implement.2.It is stronger than DES with a key length of 168 bits. Disadvantages: 1.
Performance is poor.2.It is slow when compared to other block cipher methods of encryption. AES(Advanced Encryption Standard): AES is a symmetric encryption algorithm recommende by NIST(National Institute of Standards and Technology). It is stronger and faster than DES and Triple DES.It is so strong that no cryptanalytic attack has been registered against that. It is the most widely accepted algorithm and is adopted by almost all the cloud users across the world.
It is more secured compared to DES and Triple DES.In AES the cipher takes a plaintext block size of 128 bits or 16 bytes.The key length can be 128/192/256 bits.The input to the encryption and decrypttion algorithms is a single 128-bit block.
This is interpreted as a 4*4 square matrix of bytes. This block is copied into the State array, which is modified at each stage of encryption or decryption. After the final stage, state is copied to an output matrix. The cipher consists of N rounds, where the number of rounds depend on the key length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key. Operation of AES The schematic of AES structure is given in the following illustration ? There are four possible transformation functions: SubBytes, ShiftRows, MixColumns, and AddRoundKey.
Substitute bytes: This uses an S-box to perform a byte-by-byte sustitution of the block. ShiftRows: A simple permutation MixColumns: A substitution that makes use of arithmetic function and transform four bytes of each column AddRoundKey: A simple bitwise XOR of the current block of the expanded key. Each round comprises of four sub-processes. The first round process is depicted below ? Key Exapansion Algorithm KeyExpansion (byte key[16], word w[44]){ word temp for (i=0; i<4; i++) w[i] = (key[4*i], key[4*i+1], key[4*i+2], key[4*i+3]) for(i=4; i<44; i++) { temp = w[i-1]; if(i mod 4 = 0) temp = SubWord (RotWord (temp)) (EXOR) Rcon[i/4]; w[i] = w[i-4] (EXOR) temp }}Advantages: 1.It is stronger and faster than DES and Triple DES.2.Flexibility in key length.
3.Resistant to all types of cryptanalytic attacks. For example, if the key length is 128 bits we require 2^128 attempts to break the encryption.
Disadvantages: 1.The software implementation of this is somewhat difficult.2.It is complex algorithm because of its key length sometimes.
Blowfish: Blowfish is also a symmentric encryption algorithm which is upcoming and being accepted now-a-days. It is more secured algorithm compared to DES, 3 DES, AES etc,.It is fast and strong encryption algorithm because it has not been cracked till date. Blowfish is 64 bit block cipher with its key length varying from 32 to 448 bits.
There are total 16 rounds of encryption performed in blowfish. Encryption: Blowfish encryption algorithm is divided into 2 parts.1. Key expansion2.
Data encryption Key Expansion: In the key expansion process, the key length of 48 bits is converted into 4168 bytes. Data encryption: The data encryption process involves the iteration of simple mathematical function 16 times. Each round contains a key dependent permutation and key and data dependent substitution. The encryption process of blowfish encryption algorithm is explained using the figure below: Algorithm: Ø S is 64 bits input dataØ S is divide into two equal parts x1 and x2Ø for i=0 to 15 x1= x1 xor Pi. x2= f(x1) xor x2Ø swap x1 and x2Ø Swap x1 and x2(undothe previous swap)Ø x1=x2 xor P18Ø x2=x2 xor P17Ø Combine xi and x2 Advantages: 1.It is unpatented and license free.
2.It is secure and easy to implement. Disadvantages: 1.It require more space for cipher text because of difference in key size and block size.h2.It can’t provide authentication and non-repudiation as two people have same key. Private key generation via OTP method: This is the newly introduced technique to enhance the security of the cloud using time schedulers inserted into the web application using simple SQL queries.
These queries are used for timely generation of private key(owner key). To clearly elucidate this technique, when user request the private key from the owner the owner must respond with the private key to the authorized users. Even if the attaker try to get the posession of the private key to break the encryption, as in the proposed technique key will be available only for a particular amount of time generaly a minute or two . So this timely generation of the private key using OTP improves the security by restricting the key to a particular amount of time as like the bank transactions are being secured by using OTP. De-duplication technique: Using this technique , duplicate or redundant files are not allowed to be stored in the cloud.
In this technique we use a simple hashing algorithm which allocates the hash values to the files and on comparision the duplicate files are detected i.e files with same hash value are not allowed into the cloud. Overall Implementation: The proposed system is an extension to the existing cloud security architecture which uses cryptography. In this system, when a data owner upload files into the cloud, the files get randomly encrypted using three strong encryption algorithms AES, Triple DES, and Blowfish which are resistant to cryptanalytic attacks. This randomized encryption does not allow the attacker to reuse the key to break other encrypted files. The key generation one of the most important parts of encryption, to improve the efficiency of key generation we implement timely access of private key via OTP method.
While the owner upload the file, a duplication detect is implementd to detect the duplicate files into the cloud using the technique of hashing(by comparing the hash values). This saves the storage by eliminating the redundant files. Now, the encrypted data is stored in the cloud. When the user want to download a file, he must request the cloud key from the cloud admin which is generally the location key and private key from the owner which is the encrpted key. If the user is authorized, he gets both the private key and the cloud key and there by he is able to download the needed file from the cloud. Thus, our project mainly concentrate on enhancing the cloud security and storage efficiency. All the above implementation of the project is done mainly in five modules.
They are Ø User Interface DesignØ Private key generationØ Duplication detectØ Encrypt and storeØ Download User Interface Design: All the login and registration pages for the users, Owners and Admin are created. Private key generation: In this private key is generated based on the time schedulers using simple SQL quries via OTP method. Duplication detect: In this duplicate or redundant files are detected during the owner fie upload time. Encrypt and Store: The data is encrypted with the private key generated by OTP method and is stored in the cloud. Download: User can download the file by requesting the private key from the owner and cloud key from the cloud admin.
Conclusion : Cloud Computing has many advantages but, cloud security is always a majour concern of Cloud ComputingIn our system we try to enhance the cloud security by using three strong encryption algorithms Triple Des, AES and Blowfish. In these no cryptanalytic attaks have been registered on AES and blowfish till date. Thus we solve the problem of Data Confidentiality with respect to untrusted cloud service providers. Duplication detect is implemented in our system helps to eliminate redundancy in file storage in the cloud. Future Enhancement: We can include MD5 algorithm and digital signatures to improve the security by providing data authentication using the concept of hashing. References:[1] Miss Shakeeba S.Khan and Prof. Ms.
R.R.Tuteja “Cloud Security Using Multilevel Encryption Algorithms” International Journal of Advanced Research in Computer and Communication Engineering vol. 5, Issue 1, January 2016.[2] Mitali and Vijay Kumar “A Survey on Various Cryptography Techniques” International Journal of Emerging Trends & Technology in Computer Science(IJETTCS)[3] Ayesha M.Talha and Ibrahim Kamel “Facilitating Secure and Efficient Spatial Query Processing on the cloud” IEEE[4] Hui Cui and Robert H.
Deng “Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud” IEEE[5] MD Asif Mushtaque, Harsh Dhiman and Shahnawaz Hussain “Evaluation of DES, TDES, AES, Blowfish and Two fish Algorithm: Based on Space Complexity” International Journal of Engineering Research (IJERT).[6] William Stallings “Cryptography and Network Security(Principles and Practice)” Pearson Education sixth Edition.[7] E.
Surya and C.Divya,”A Survey on Symmentric Key Encryption Algorithms”, International Journal of Computer Science Networks, Vol.2(4),475-477.[8] Tingyuan Nie, and Teng Zhang ,”A Study of DES and Blowfish Encryption Algorithm”, IEEE, 2009. [9] Singh, S preet, and Maini, Raman “Comparision of Data Encryption Algorithms”, International Journal of Computer science and Communication,vol.
2,No.1,January-June 2011, pp.125-127.A. [10] Bruce Schneier.
“The Blowfish Encryption Algorithm Retrieved”, October 25, 2008.[11] Daemen, J., and Rijmen, V.
“Rijndael: The Advanced Encryption Standard.” Dr.Dobb’s Journal, March 2001.[12] Mounika Agarwal, Pradeep Mishra, ” A Comparative Survey on Symmentric Key Encryption Techniques”, International Journal on Computer Science and Engineering(IJCSE), Vol.4 No.05 May 2012, PP877-882.
[13] Gurujeevan Singh, Ashwani kumar and K.S. Sandha, “A Study of New Trends in Blowfish Algorithm”,International Journal of Engineering Research and Applications, Vol.1, Issue 2,pp.321-326.
[14] Cloud Security Alliance. Top threats to Cloud Computing, Cloud Security Alliance, 2010.[15] K.Hashizume, D.G.Rosado, E.B.Fernandez, “An analysis of Security issues for cloud computing”, Journal of Internet Services and Applications, Vol.4,2013,pp.1-13.[16] https://www.tutorialspoint.com/cryptography/triple_des.html[17] https://googleweblight.com/i?u=https://www.incapsula.com/blog/top-10-cloud-security-concerns.html&hl=en-IN