ACS – International Journal in Computational Intelligence, Volume – 07, Issue – 02 October 2015
Page No: 38
AUTHENTICATION AND
AUTHORIZATION FOR FILE SHARING
AND ACCESSING IN CLOUD
R.Venkatesan
1, R.Saraswathy
2, R.Suganya
3, E.Anupriya
4Assistant Professor
1, UG Scholar
2, UG scholar
3, UG Scholar
4Department of Computer Science and Engineering
CARE Group of Institutions – Trichy.
[email protected]
1, [email protected]
2, [email protected]
3,
[email protected]
4Abstract
-
In many real world applications very sensitive information’s are kept in log which is less on an un-trusted machine. This kind of sensitive information is can be hacked or misused at anytime. Basically whatever the information uploaded into the cloud environment its moves over the internet. Cloud which means moving data. While moving such data items security mechanisms are not so good. The basic security goals could not be achieved for even a small document. It seems like all the data are freely accessed under GPL. To overcome the above problem, the development of authentication and authorization in file sharing and accessing in cloud introduces some security mechanism. Security can be provided with the concept of cryptographic and steganography method. In this system the data owner can able to set the privileges to their files. Once uploaded the file will be processed under cryptography and steganography method along with the privileges grand by the data owner. Also they can able to track their log through the status about the each file and security level which they grant.Keywords - Trusted Storage Systems, Authentication, Authorization, Secured Logs, Integrity, Encryption, Cryptography, Steganography, lumberjack, log harmonizer.
I.
INTRODUCTIONCloud computing is the use of computing resources that are delivered as a service over the internet and its sharing the resources to individuals and business also. The name comes from the use of a cloud-shaped Cloud computing entrust remote services with a user's data(files),software’s. Cloud Computing, has the ability to transform a large part of the IT sectors.
And making software even more attractive as a service and shaping the way IT hardware is designed and purchased. Moreover, companies with large batch-oriented tasks can get results as quickly as their programs can scale, since using thousand servers for less time costs no more than using one server for more time. This uses of resources, while not paying a quantity for big scale, is new within the history of IT.
The Cloud information responsible framework [1] projected during this work conducts machine-driven work and distributed auditing of relevant access performed by any entity, taken out at any purpose of your time at any cloud service supplier. It has two major components: lumberjack and log harmonizer. The JAR file includes a group of straightforward access management rules specifying, whether and the way the cloud servers and presumably alternative information stakeholder’s area unit licensed to access the content itself. Apart from that we have a tendency to area unit planning to check the integrity of the JRE on the systems on that the lumberjack parts are initiated. This integrity checks area unit disbursed by exploitation oblivious hashing .The projected methodology will take concern of the JAR file by changing the JAR into obfuscated code which is able to adds an extra layer of security to the infrastructure. Apart from that we have a tendency to area unit planning to enlarge the safety of user’s information by demonstrable information possessions for integrity verification. Based on the configuration settings outlined at the time of creation, the JAR can provides the details of user’s usage related to logging, or can offer solely work
ACS – International Journal in Computational Intelligence, Volume – 07, Issue – 02 October 2015
Page No: 39
practicality. As for the work, whenever there is an access to the info, the JAR can automatically manufacture a log record.
A log may be a record of events occurring at intervals an organization’s system or network [1] Laws like HIPAA [2], Payment Card Industry information Security commonplace [3], or Sarbanes-Oxley [4] often need forensically sound preservation of knowledge. To befits these laws, proof created in an exceedingly, together with log records, should be unbiased, non tampered with, and complete before they'll be used. Since log files contain record of most system events together with user activities, they become a vital target for malicious attackers. An assaulter, breaking into a system, typically would strive to not leave traces of his or her activities behind. Consequently, the primary factor an assaulter usually will is to damage log files or interrupt the work services. What is more, the sensitive information contained in log files usually directly contributes to confidentiality breaches. An example of this is once logs contain information dealings information.
II. RELATED WORK
We briefly summarize the most recent and closely related We Work here as follows,
Secure Audit Logs to Support Computer Forensics. In the work done by B.Schneier and J. Kelsey[1]. In many real-world applications, sensitive information is kept in logs which are less on an un-trusted machine. When an event occurs as an attacker captures this machine, it is guaranteed that the attacker will gain little or no information from the log less and to limit his ability to corrupt the log files. Their system describes a computationally cheap method for making all log entries generated prior to the logging machine's com-promise impossible for the attacker to read and also impossible to undetectably modify or destroy. A New Approach to Secure Logging is done by Di Ma and Gene Tsudik[2]. They were developed a special approach to secure work based mostly upon recently developed Forward-Secure ordered mixture (FssAgg) authentication techniques. Their approach offers each space-efficiency and obvious security. They illustrate 2 concrete schemes – one private-verifiable and one public verifiable – that supply sensible secure work
with none reliance on on-line trusted third parties or secure hardware. Here as a data owner cannot able to change their scheme of verifiability in a dynamic manner. Also the data owner’s logs cannot be viewed by them. The entire log history of a data owner will be hided. FAL: A Forensics Aware Language for Secure Logging the work done by S Zawoad, R Hasan [3]. Using FAL, they outlined log structure, which represents the format of logs and ensures the protection properties of a selected secure work scheme. This log structures are often later utilized by FAL to serve two purposes. Also a software package security analyst can outline the desired audit path structure generate code for a generic purpose language (GPL), e.g., Java, C# to store the audit logs firmly. To deal with the matter of secure work mechanism, they have got designed and enforced the domain-specific language FAL with the subsequent limitations: Needed code to use specialized API for secure application logging is mechanically generated. Hence, the effort and cost for developing secure work theme is lower. Heterogeneous formats of logs with any secure work schemes are often simply handled.
A.Yavuz, Peng Ning and their group introduced a novel system called Log Forward-secure and Append-only Signature (LogFAS)[4]. LogFAS achieves the foremost fascinating properties of each isosceles and PKC based schemes at the same time. LogFAS will turn out in public verifiable forward-secure and append-only signatures without requiring any on-line trustworthy server support or time issue. Most notably, LogFAS is that the solely PKC-based theme that achieves the optimum booster procedure and storage potency. This can be fascinating since any dependence on the timely communication with a trustworthy server might be exploited by an energetic mortal to defeat the theme. AD Dhongade[5] done a survey on Secure Logging Techniques which describes The Log Records hold on in log file of a corporation could contain sensitive knowledge that ought to be protected properly for correct operating of a corporation. Maintaining security of such log records is one in the entire vital task. Also, over a protracted amount of your time maintaining integrity of such log knowledge is incredibly vital. However, deploying such a system for security of log records is an
ACS – International Journal in Computational Intelligence, Volume – 07, Issue – 02 October 2015
Page No: 40
overhead for a corporation and conjointly it needs further value. M Bellare[6] developed a system called Secure audit log. They define the forward integrity security property, inspire its appropriateness as a systems security demand, and demonstrate styles that deliver the goods this property. Applications embody secure audit logs (e.g., syslog data) for intrusion detection or answerableness, communications security, and authenticating partial results of computation for mobile agents. They proved security theorems on their forward integrity message authentication theme, and discuss the secure audit log application thoroughly. A technically tougher doside is to style digital signature schemes with the forward security property. This has been done by Bellare and labore. The above systems were commonly have some limitation such as, No security for user’s data. No authentication or security provided. High resource costs needed for the implementation. Not suitable for small and medium level storage users. Craig Gentry [7] constructed a secret writing theme that allows analysis of arbitrary circuits, it suffices to construct a secret writing scheme which will judge its own decoding circuit. Next, They describe a public key secret writing theme exploitation ideal lattices that's virtually bootstrap. Lattice-based cryptosystems usually have decoding algorithms with low circuit quality. Homomorphic secret writing schemes that aren't semantically secure, like basic RSA, May additionally have stronger attacks on their one-way. “Ensuring Distributed Accountability for Data Sharing in Cloud Securing data owners using cryptography in cloud” The work done by a karthick[8] and their group. They proposed a CIA framework, based on the notation of information accountability.unlike privacy protection technologies which are built on the hide-it-or-lose-it perspective. information accountability focuses on keeping the data usage transparent and trackable.Their proposed CIA framework provides end-toned accountability in a highly distributed fashion. Here no secure cloud database is maintained and need to apply secret key algorithm to avoid the risk of data loosing and stealing. III. SECURING DATA OWNERS USING
CRYPTOGRAPHY IN CLOUD
Our system introduces a comprehensive solution for storing and maintaining log records in
a server operating in a cloud-based environment. We address security goals and integrity issues not only just during the log generation phase. The major contributions of this system, as follows, the propose architecture for the various components of the system and develop cryptographic protocols to address integrity and confidentiality issues with storing the data, managing data, and viewing log records at the honest but curious cloud provider and in transit. To overcome the above problems, we introduce a novel method, namely Cloud Information Accountability (CIA) framework, based on the notion of information accountability. Data Owner will transfer the information into the cloud server once encrypted the information. User will subscribe into the cloud server with sure access polices like browse, write and replica of the first information. The Loggers and Log Harmonizer can have a track of the access logs and reports to the data owner. This entire Cloud information accountability has the following sub sections namely,
i. Log Generators
ii. Logging Client or Logging Relay iii. Logging Cloud
iv. Log Monitor
SYSTEM ARCHITEURE
Fig. 1 Architecture Diagram (i)Log Generators
These are the computing devices that generate log data. Each organization hat adopts the
ACS – International Journal in Computational Intelligence, Volume – 07, Issue – 02 October 2015
Page No: 41
cloud-based log management service has a number of log generators. Each of these generators is up to with logging capability. The log files generated by these hosts are not stored locally except temporarily till such time as they are pushed to the logging client.
(ii)Logging Client or Logging Relay
The logging client might be a collector that receives groups of log records generated by one or plenty of log generators, and prepares the log data therefore it should be pushed to the cloud for long-term storage. The log data is transferred from the generators to the patron in batches, either on a schedule, or as and once needed looking on the quantity of log data waiting to be transferred. The logging client incorporates security protection on batches of accumulated log data and pushed..The logging client incorporates security protection on batches of accumulated log knowledge and pushes every batch to the logging cloud. once the logging client pushes log knowledge to the cloud it acts as a logging relay. This system use the terms logging client and logging relay interchangeably. The logging client or relay are often enforced as a bunch of collaborating hosts. For simplicity but, we have a tendency to assume that there's one logging client
(iii) Logging Cloud
The logging cloud provides future storage and maintenance service to log knowledge received from totally different logging clients happiness to different organizations. The logging cloud is maintained by a cloud service owner. solely those organizations that have signed to the logging cloud’s services will transfer knowledge to the cloud.Its, for the asking from a data owner can even delete log knowledge and perform log deletion. Before the logging cloud can delete or update log knowledge it desires a signal from the requester that the latter is allowed to form such a call for participation. The logging client generates such a signal. However, the proof are often given by the logging client to any entity that it needs to authorize
(iv) Log Monitors
These area unit hosts that area unit accustomed monitor and review log knowledge. they'll generate queries to retrieve log knowledge
from the cloud. supported the log knowledge retrieved, these monitors can perform any analysis as needed. It will additionally raise the log cloud to delete log knowledge for good, or rotate logs
ALGORITHM
Pushing or pulling strategies have interesting tradeoffs. The pushing strategy is beneficial when there are a large number of accesses to the data within a short period of time. In this case, if the data are not pushed out frequently enough, the log file may become very large, which may increase cost of operations like copying data. The pushing mode may be preferred by data owners who are organizations and need to keep track of the data usage consistently over time. For such data owners, receiving the logs automatically can lighten the load of the data analyzers. The maximum size at which logs are pushed out is a parameter which can be easily configured while creating the logger component. The pull strategy is most needed when the data owner suspects some misuse of his data; the pull mode allows him to monitor the usage of his content immediately. A hybrid strategy can actually be implemented to benefit of the consistent information offered by pushing mode and the convenience of the pull mode.
Logging mechanism: The Logger Structure Log Record Generation Dependability of Logs JARs Availability Log Correctness Examples
In this twenty examples are provided for the MAC generation process. The underlying block cipher is either the AES algorithm or TDEA. A block cipher key is fixed for each of the currently allowed key sizes, i.e., 128, 192, AES-256, two key TDEA, and three key TDEA. For each key, the generation of the associated sub keys is given, followed by four examples of MAC generation with the key. The messages in each set of examples are derived by truncating a common fixed string of 64 bytes. All strings are represented in hexadecimal notation, with a space (or a new line) inserted every 8 symbols, for readability. As
ACS – International Journal in Computational Intelligence, Volume – 07, Issue – 02 October 2015
Page No: 42
in the body of the Recommendation, K1 and K2denote the sub keys, M denotes the message, and T denotes the MAC. For the AES algorithm examples, Tlen is 128, i.e., 32 hexadecimal symbols, and K denotes the key. For the TDEA examples, Tlen is 64, i.e., 16 hexadecimal symbols, and the key, K, is the ordered triple of strings, (Key1, Key2, Key3). For two key TDEA, Key1 = Key3. D.1 AES-128
For Examples 1–4 below, the block cipher is the AES algorithm with the following 128 bit key: K 2b7e1516 28aed2a6 abf71588 09cf4f3c. Subkey Generation
CIPHK(0 128
) 7df76b0c 1ab899b3 3e42f047 b91b546f K1 fbeed618 35713366 7c85e08f 7236a8de K2 f7ddac30 6ae266cc f90bc11e e46d513b
IV EXPERIMENTAL RESULTS
According to the method described above and the structure of cloud for data owner who were registered with this system. We build an experimental system with 25 data owners. They were requested to upload the various forms of data such as images, documents, pdf, etc. Each user can able to set the level of security for the every data which they uploaded. Based on the findings of the probability value for the security issues on various forms of data can be assessed with the help of P-test and T-Test method. Data owner1 uploaded the 3 forms of data such as, images, documents and pdf files. These data items were supposed to view by any number of users over the internet. During the visibility of data the system achieved the security level for protecting such data from un-authorized users in network. The following table demonstrates the proof of the achieved security level,
TABLE 1 EXPERIMENT TABLE
users
Owners
Uploaded data
Probability Value
Total
Cumula
tive
Value
Share(
0.25)
View(0
.5)
Download(0.
05)
Status(0
.2)
1
Data
Owner1
Images
0
0.5
0
0.2
0.7
0.74
Documents
0.25
0.5
0
0.2
0.95
0.25
0
0
0.2
0.45
Audio
0
0.5
0
0.2
0.7
.exe files
0
0.5
0
0.2
0.7
As per above table more than 10 users were used the data which are uploaded by the various data owners. By considering the parameters and values obtained through those parameters are recorded. For all 10 users cumulative probability values are generated depends on their action. The obtained cumulated probability values are given to the input of the t-test calculator to verify the significant level of security.
The positive result will be considered by taking the value of T-test result. The obtained value should be lesser than that of the predefined significant value as 0.10 as per mathematical rule. From the above table the system proves that the Cloud Information Accountability (CIA) reaches the expected security level.
ACS – International Journal in Computational Intelligence, Volume – 07, Issue – 02 October 2015
Page No: 43
TABLE 2 RESULTANT TABLEUser
s
Cumulati
ve values
T-Value
P-Value
Result
U1
0.7
0.0888
3
≠0.74
=
0.397
4
>0.74
=
0.198
7
<0.74
=
0.801
3
The
T-value is
lesser
than the
significa
nt level
of 0.10
so
that
the level
of
security
is
proved.
U2
0.95
U3
0.45
U4
0.7
U5
0.7
U6
0.66
U7
0.87
U8
0.75
U9
0.72
U10
0.9
IV. CONCLUSIONThis system proposed innovative approaches for automatically logging any access to the data in the cloud together with an auditing mechanism. Our approach allows the data owner to not only audit his content but also enforce strong back-end protection if needed. Moreover, one of the main features of our work is that it enables the data owner to audit even those copies of its data that were made without his knowledge.
REFERENCES
[1] Bruce Schneier , John Kelsey “Secure Audit Logs to Support Computer Forensics”Counterpane Systems 101 East Minnehaha Parkway, Minneapolis, MN 55419. [2] Di ma and Gene Tsudik “A New Approach to Secure
Logging” ACM Transactions on Storage, Vol. 5, No. 1, Article 2, Publication date: March 2009.
[3] Shams Zawoad, Marjan Mernik, Ragib Hasan “FAL: A Forensics Aware Language for Secure Logging”, Proceedings of the 2013 Federated Conference on Computer Science and Information Systems pp. 1567– 1574.
[4] Attila A. Yavuz and Peng Ning Michael K. Reiter “Efficient Compromise Resilient and Append-only Cryptographic Schemes for Secure Audit Logging” Attila A. Yavuz and Peng Ning Michael K. Reiter.
[5] Anagha D. Dhongade, Prof.N.L.Bhale “Secure Logging Techniques: A Survey” International Journal of Emerging Technology and Advanced Engineering Website:
www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 3, March 2014. [6] Mihir Bellare,Bennet S. Yeey “Forward Integrity For
Secure Audit Logs” Dept. of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093. [7] Craig Gentry “Fully Homomorphic Encryption Using
Ideal Lattices” Stanford University and IBM Watson. [8] K. Karthick, P. Jennifer and A. Muthukumaravel
Ensuring Distributed Accountability for Data Sharing in Cloud Securing data owners using cryptography In cloud. Middle-East Journal of Scientific Research (6): 702-704, 2014.
