Volume 3, Issue 2, February 2014
Page 194
Abstract
A cloud Computing is a kind of Internet-based computing that provides completely different services such as Storage, applications. so it is the best answer for providing a on-demand, Reliable and dynamically ascendable computing infrastructure for several applications. The cloud will either be public or personal. The Public Cloud sells the services publicly (means anyone on the internet) whereas Personal cloud is that the main information center that has services to only a few controlled variety of individuals. though there is another term that comes in state of affairs that's virtual cloud. Virtual cloud is nothing however the mixture (of personal of personal)and public cloud as a result of service supplier uses public cloud resources to make their private cloud. In the cloud preparation model integrity, authentication and information security plays an important role. In this paper, methodology to use of cluster Digital Signature (GDS) in camera cloud for secure information storage is projected and enforced.
Keyword: Digital Signature, GDS, cluster Manager, Member, RSA.
1. INTRODUCTION
The cloud computing is the net primarily based computing, In which every of the toughest task is management of digital identity of users or client. User is given authentication flexibly by checking their identification and umpirage past histories of the user however at a similar time minimum strategies area unit used for authorization of user for safety functions as integrity, authorization and authentication of a user plays important role in encoding. while talking regarding cluster digital signature theme one user will represent his cluster by having valid signature.[1] The signature of (a cluster gaggle a bunch) member will solely be aforesaid valid if his signature is unknown for remainder of the users however are often traceable for group members. By using this method information are often hold on safely in cloud while not having concern of losing key in wrong hands. M. Stadler and J.Camenisch business the cluster digital signature theme with constant sized cluster public key and cluster signature as a uneven crypto system became the primary one to publish theme. D.Miccianico, M.Bellare and B.Warinschi joined the theme with some changes as mentioned within the methodology of threshold crypto system cluster during which user was allowed to sign the message for forming a partial signature and also the procedure mix to make a signature for the user by the cluster. later on Shamir fancied the strategy by that a certificate was presupposed to cause modify key management procurers public Key Infrastructure (PKI) .[2]It was the conception of ID primarily based crypto system. S. Kim , S. Park and D. Won combining stalder's root verification encoding and shoemakers methodology projected initial Id primarily based cluster digital signature theme that turned to be a milestone in maintain security of information.
2. LITERATURE REVIEW:
2.1 CLOUD COMPUTING:
In computer networking, The cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet.[1] It is very similar to the concept of utility computing. Cloud computing is a synonym for distributed computing over a network, and also means the ability to run a program or application on many connected computers at the same time.
2.1.1. Public Cloud :
A cloud is called a "public cloud" when the services are rendered over a network that is open for public use. Basically there may be little or no difference between public and private cloud architecture, though, security consideration may be substantially different for services (applications, storage, and other resources) that are made available by a service provider for a public audience and when communication is effected over a non-trusted network. Public cloud service providers like Amazon AWS, Google and Microsoft own and operate the infrastructure and offer access only via Internet.
CLUSTER DIGITAL SIGNATURE FOR
DATA STORAGE SECURITY
IN PRIVATE CLOUD
Miss. Ashwini A. Dongre1, Mr. Falesh M. Shelke2, Mr. Pravin D. Soni3
1,2M.E. 2
nd Sem, Department of computer science and engineering, P.R. Patil college of engineering, Amravati, India 3Prof.
Volume 3, Issue 2, February 2014
Page 195
Fig.1 Public Cloud2.1.2. Private Cloud :
Private cloud is cloud infrastructure operated solely for a single organization, which is managed internally or by a third-party and hosted internally or exteriorly. A private cloud project requires a significant level and degree of engagement to virtualized the business environment and requires the organization to reevaluate decisions about existing resources. If it is done right, it improves business but every step in the project raises security issues that must be addressed to prevent serious vulnerabilities. The Self-run data centers are generally capital intensive and they have a significant physical footprint, hardware, requiring allocations of space and environmental controls.
Fig.2 Private Cloud
2.1.3. Cluster Digital Signature
A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. valid digital signature gives a recipient reason to believe that the message was created by a known sender, so that the sender cannot deny having sent the message and that the message was not altered in transit.[3]
Digital signature theme is useful for real users. It is outlined because the sign language theme projected for teams of any organization. it provides authentication to the cluster members on behalf of cluster manager. through this methodology, cluster manager handles all the cluster members not solely as a result of he's the leader of the team however conjointly the actual fact that he's the one WHO will expose the identity of unknown signer[4]. Because cluster manager forms the muse of cluster members , he recognized the identity of anonymous signer. The Group manager plays important role during this theme of sign language. The cluster signature variant is accepted only it provides obscurity and traceability
a)Need of digital signature :
For guarantee, that the message originated from a sender and wasn't simply sent through him by a 3rd party WHO might have used a similar encoding key , we want a digital signature to return with the message.
Volume 3, Issue 2, February 2014
Page 196
2.2. Diffie-Hellman Algorithm for Key DistributionThe DH (Diffie-Hellman) could be a key distribution rule that helps 2 users to share secret key between them while not the requirement to exchange the key.
algorithm:
To share secret key between 2 users suppose Bob and Alice, agrees on public numeric constants βand μ. In this p is any
random prime and β is that the generator of μ that but μ.
Let x and y be the personal keys of the users Bob and Alice respectively, the chosen x and y by Bob and Alice will any
random prime and should be but μ.
1. Let r1= x modulus μ and r2= ymodulus μ were computed by Bob and Alice respectively 2. The computed r1 and r2 were exchanged between Bob and Alice.
3. Bob computes 2x modulus μ.
4. Alice computes ( 1)ymodulus μ .
5. Since K = yxmodulus μ= xymodulus μ, shared secret key = K.
2.3. Data Encryption and Decryption with RSA and Signature
RSA could be a public key rule developed by Ron Rivest, Shamir and writer Adleman that's used for encoding, Decryption, and Signature. The RSA rule unambiguously uses keys of size 1024 to 2048.
RSA Algorithm
1. Select two giant prime numbers a and b.
2. Compute n=a*b. The computed n is made public. 3. Now compute f(n) = (a-1) * (b-1)
4. Choose a random number ‘e’ as the public key in the range 1< e < f(n) such that 5. GCD (e, f(n)) = 1.
6. Find private key d such that d = e -1 mod f (n),where d and f(n) are mutually prime.
Encryption Algorithm:
• Consider the user A that needs to send a message to B in a secured manner using RSA algorithm. • Now e is B’s public key. Since e is public, A is allowed access to e.
• For encryption the message M of A which is in the range 0<M<n is converted to cipher. • Where the Cipher text C = M e mod n.
Decryption Algorithm :
• Now the cipher text C is sent to B from A.
• User B calculates the Message with its private key , where message M = C b mod n.
3. CRYPTOGRAPHY:
A cryptographic hash function is a hash function that takes an arbitrary block of data and returns a fixed-size bit string, cryptographic hash value, such that any change to the data will change the hash value. The information to be encoded is often called the message, and hash value is sometimes called the message digest or simply digests.
The ideal cryptographic hash function has four main properties: • it is easy to compute the hash value for any given message • it is infeasible to generate a message that has a given hash • it is infeasible to modify a message without changing the hash • it is infeasible to find two different messages with the same hash.
Cryptographic hash functions have many information security applications, particularly in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for more general functions with rather different properties and purposes.[5]
4. CLOUD COMPUTING ATTACKS
a) Denial of Service (DoS) attacks:Some security professionals have argued that the cloud is additional prone to DoS attacks as a result of it is shared by several users, which makes DoS attacks far more damaging.
Volume 3, Issue 2, February 2014
Page 197
An attacker could attempt to compromise the cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack.
c) Authentication attacks:
Authentication is a weak point and is frequently targeted in hosted and virtual services. There are many different ways to authenticate users. for example, based on what a person knows, has, or is. The mechanisms used to secure the authentication process and the methods used are a frequent target of attackers.
d) Man-in-the-middle crypto logic attacks:
This attack is allotted once Associate in Nursing assailant places himself between 2 users that is between sender and receiver. Anytime attackers will place themselves within the communication’s path so there is a chance that they will intercept and modify communications.
e) Inside-job:
This kind of attack is when the employee or staffs UN agencies who is knowledgeable of how the system runs from client to server then he can implant malicious codes to destroy everything in the cloud system.
5.
PROJECTED
METHODOLOGIES
TO
PREVENT
FROM
ATTACKS
AND
IMPLEMENTATION:
For the generation of keys in the method of secret writing, decryption and signature we have a tendency to used the powerful RSA algorithmic rule.[6]
Within the projected methodology the protocol may be given as:
Step 1: The cluster manager shares a non-public key (secrete key) between himself and the cloud provider. This key is considered as the secret group id.
Stet 2: Within the cluster, the cluster manager receives the user id (member identity) from the member and therefore gives the key pair (e, di).
Where, e – Public Key that is Common everywhere the cluster
di – Personal key that is Unique key given to the member as per the worth of i Step 3: The member will sign any message with the provided personal key
Step 4: The message is encrypted because the procedure explained below and send to the cluster Manager. Step 5: The cluster manager authenticates the member and so collects the main points needed and attaches.
Step 6: The cloud supplier authenticates the message and permits the encrypted message to be keep inside the personal cloud.
5.1. Cluster Secret key Sharing
In this cluster Secret key Sharing the personal cluster key is the key that is shared between the cluster manager and therefore the cloud supplier victimization the Diffe-Hellman‘s algorithmic rule of key distribution.[7]
Fig.4. Interaction between cluster manager and group
5.2. Cluster manager’s part
The cluster manager selects the general public key supported sure terms and conditions.[8] Then the cluster manager generates completely different values ai and metallic element with relations to the sturdy RSA algorithmic rule so as to get personal key di that is exclusive key given to the member as per the worth of i.
Whenever di = e -1 mod f(n) i, Whenever (f(n) i = ai-1 * bi -1).
5.3. Condition to pick out public key
According to the sturdy RSA algorithmic rule the general public is chosen in such the way that it satisfies the following conditions:
Volume 3, Issue 2, February 2014
Page 198
• The general public key e is always 0 < e < n. (where n = a * d)
Hence whereas victimization this methodology should be a major range and might be relatively little, since e is the prime number regardless to n , GCD of (e,n) = 1.
5.4. Member’s part
At first the member connects with the cluster manager and provides his id Then cluster manager receives the id and problems a non-public key di. The personal key di is currently used for signature.
5.5. Procedure for storing the data
Step 1: The data is encrypted with the general public key e.
Step 2: Then an associate record that consists of signed member id and message digest is shipped to the cluster manager then manager verifies the signature with the signature with the clusters public key e and then removes the record. Step 3: The cluster manager once again makes an record which consists of the signed secret group id and the encrypted member’s data.
Step 4: The record is now send to the cloud provider.
5.6. Cloud provider’s part
Step 1: With the assistance of group’s public key e ,the cloud supplier decrypts the signature Step 2: Knowledge stores in the private cloud.
6. CONCLUSION:
In this paper we have tendency to investigate a protocol during which the cluster digital signature is generated and enforced the victimization of sturdy RSA algorithmic rule with the assistance of Diffie Hellman algorithmic rule which plays very important role in the cryptography. In this methodology the liberty of the member is sacrificed by causation the message through the cluster manager. In the future this protocol are going to be re-modified with member’s freedom to send and receive information directly in the cloud however at constant time we have to keep in mind that traceability of user by the cluster manager must be maintained. Proposed theme achieves the mixing of storage correctness and therefore the security necessities of cloud computing knowledge storage security and therefore the victimization the sharing as this procedure is secure for every individual session.
REFERENCES:
[1] A. Juels and J. Burton S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc. of CCS ’07, pp. 584– 597, 2007.
[2] Sun Microsystems, Inc., “Introduction to Cloud Computing Architecture”, White Paper, 1st Edition, June 2009.
[3] VeriSign, “Digital ID, A Brief Overview”, A VeriSign White Paper, 2004 VeriSign,
[4] Amazon.com, “Amazon Web Services (AWS),” Online at http://aws. amazon.com, 2008.
[5] Parikshit Prasad, Badrinath Ojha, Rajeev Ranjan shahi, Ratan Lal, “3 Dimensional Security in Cloud Computing”, IEEE, 2 011.
[6] Uma Somani, Kanika Lakhani, Manish Mundra, “Implementing Digital Signature with RSA Encryption to Enhance Data Security of Cloud in Cloud Computing”, IEEE, 2010.
[7] Zhidong Shen, Qiang Tong, “The Security of Cloud Computing System enabled by Trusted Computing Technology”, 2010.
[8] Takuya Suzuki, Masayuki Okuhara, “Security Architectures for Cloud Computing”, 2010.
[9] Rohit Bhadauria, Rituparna Chaki, Sugata Sanyal, “A Survey on Security Issues in Cloud Computing”, 2011.
[10] Cong Wang and Kui Ren, Wenjing Lou, Jin Li, ―Toward Publicly Auditable Secure Cloud Data Storage Services,‖presented at IEEE Network ,July/August 2010.
[11] C.Wang, Q.Wang, K. Ren, andW. Lou,―Ensuring data storage security in cloudcomputing,‖ in Proc. of IWQoS‘09,
July2009.
