Available Online at www.ijpret.com 1873
INTERNATIONAL JOURNAL OF PURE AND
APPLIED RESEARCH IN ENGINEERING AND
TECHNOLOGY
A PATH FOR HORIZING YOUR INNOVATIVE WORK
DEFFIE HELLMAN KEY EXCHANGE ALGORITHM FOR SECURE CLOUD COMPUTING
DATA
PROF. ANKIT R. MUNE1, DR. M. B. CHANDAK2
1.Professor, Department of Computer Science, IBSS College of Engineering, Amravati, India.
2.Professor & HOD, Department of Computer Science, Shri Ramdeobaba College of Engineering & Management, Nagpur, India
Accepted Date: 05/03/2015; Published Date: 01/05/2015
Abstract:This paper will present an overview of the Diffie -Hellman Key Exchange algori thm and review several common cryptographic techniques in use on the Internet toda y tha t incorpora te Di ffie -HellmanCloud computing is considered next genera tion a rchitecture of IT Enterprise for computing. Cloud is nothing but the internet. 5 yea rs a go people we were s tore da ta Local Ma chine wi th s ys tem securi ty but da y by da y securi ty of da ta is increasing and new modifi ca tion da ta is also increase, now peoples a re storing da ta on cl oud. In the New securi ty survey of cl oud compu ting is peoples a re very possessi ve about to s tore da ta on cloud because before 2 yea r some of cloud da ta is leaked by cloud server. To build the trus t for the growth of cloud computing the cloud providers mus t protect the user da ta from unauthori zed a cces s . So for this issue we will think to secure user da ta by using Securi ty cloud as a TPA. He will jus t to encrypt and decrypt user data and send to cl oud means i f suppose cloud will leak da ta so he will get data in the encrypted form. Another techniques could be securi ty servi ces like computing hash servi ce if provide for same cl oud s torage provider. We provide two cl oud one for encryption a nd decryption na mel y trus ted thi rd pa rty which will provide securi ty servi ces and second one is for onl y s tora ge in that onl y we ha ve to s tore the da ta . The softwa re is onl y responsible for Encryption/decryption, computing/veri fying Hash of da ta and does not s tore any da ta in trus ted thi rd pa rty tha t is securi ty cloud onl y, Mas ter key is s tored in the da tabase for encrypti on/decryption.
Keyword: Cl oud computing, Encryption/decryption servi ce (TPA), Hash servi ce for Data veri fi cati on and integri ty check.
Corresponding Author: PROF. ANKIT R. MUNE
Access Online On:
www.ijpret.com
How to Cite This Article:
Available Online at www.ijpret.com 1874 INTRODUCTION
The cloud computing service models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). In a Software as a Service
Model, a pre-made application, along with any required software, operating system, hardware, and network are provided. In PaaS, an operating system, hardware, and network are provided, and the customer installs or develops its own software and applications . The IaaS model provides just the hardware and network; the customer installs or develops its own operating systems, software and applications [11].
Cloud services are popular because they can reduce the cost and complexity of owning and operating computers and networks. Since cloud users do not have to invest in information technology infrastructure, purchase hardware, or buy software Licences, the be nefits are low up-front costs, rapid return on investment, rapid deployment, customization, flexible use, and solutions that can make use of new innovations. In addition, cloud providers that have specialized in a particular area (Such as e-mail) can bring advanced services that a single company might not be able to afford or develop. Some other benefits to users include scalability, reliability and efficiency. Scalability means that cloud computing offers unlimited processing and storage capacity.
Available Online at www.ijpret.com 1875 Fig.1 Cloud Computing
If you are considering a cloud service, you should think about how your personal information, and that of your customers, can best be protected. Carefully review the terms of service or contracts, and challenge the provider to meet your needs [11].
A basic approach is the application is to secure the user data before uploading on cloud. In a cloud computing environment, a user’s data can also be stored following additional encryption, but if the storage and encryption of a given user’s data is performed by the same service provider, the service provider’s internal staff (e.g., system administrators and authorized staff) can use their decryption keys and internal access privileges to access user data. From the user’s perspective, this could put his stored data at risk of unauthorized disclosure.[1]
Fig.2 Cloud Services
Available Online at www.ijpret.com 1876 the “Encryption as a Service “provider and the “Storage as a Service” provider cooperate to provide a Cloud Storage System with effective data protection refer fig. 2 [12]
II. DEFFIE HELLMAN BACKGROUND
The privacy requirements normally encountered in the traditional paper document world are increasingly expected in Internet transactions today. Secure digital communications are Necessary for web-based e-commerce, mandated privacy for medical information, etc. In general, secure connections between parties communicating over the Internet is now a requirement. Whitfield Diffie and Martin Hellman discovered what is now known as the Diffie-Hellman (DH) algorithm in 1976. It is an amazing and ubiquitous algorithm found in many secure connectivity protocols on the Internet. In an era when the lifetime of “old” technology can sometimes be measured in months, this algorithm is now celebrating its 25th anniversary while it is still playing an active role in important Internet protocols. DH is a method for securely exchanging a shared secret between two parties, in real-time, over an untrusted network. A shared secret is important between two parties who may not have ever communicated previously, so that they can encrypt their communications. As such, it is used by several protocols, including Secure Sockets Layer (SSL), Secure Shell (SSH), and Internet Protocol Security (IPSec). These protocols will be discussed in terms of the technical use of the DH algorithm and the status of the protocol standards established or still being defined.[29]
Diffie-Hellman in SSL
Available Online at www.ijpret.com 1877 strongest alternative of the available options for the key exchange according to Wagner and Schneier [22].
Diffie-Hellman in SSH
Secure Shell (SSH) is a both a protocol and a program used to encrypt traffic between two computers. This is most commonly done as a secure replacement for tools like telnet, ftp and the Berkeley “r” commands (rlogin, rsh, etc.). These older tools do not encrypt any of their traffic, including the authentication process, so account names and passwords are transmitted in plaintext. This is a bad thing! SSH was authored by Tatu Ylonen in 1995 and has since spread quickly throughout the UNIX world, and has become available for other platforms. There are both commercial [23] and free implementations available [24], and a SSH Working Group [25] sponsored by the IETF that is working to formalize and standardize the protocol. Besides providing a secure interactive shell, SSH also includes other functionality, for example, tunneling X11 connections over an established SSH session. The SSH Transport Layer protocol is defined in the IETF Draft document “SSH Transport Layer Protocol” [26]. This protocol layer most commonly runs on TCP using port 22, and supports (higher-level) protocols such as the SSH Connection Protocol, which provide for remote interactive login sessions, remote execution of commands, forwarding X11 connections, etc. The two parties to the connection (e.g., client and server) begin their conversation by negotiating parameters (e.g., preferred encryption and compression algorithms, and certain random numbers). Then a shared secret is computed using DH in a manner similar to SSL/TLS described above. A hashing function on the shared secret is used to derive an encryption key for the negotiated symmetric encryption algorithm (e.g., 3DES). From this
Point the two sides encrypt all traffic between them with the symmetric encryption algorithm.
Diffie-Hellman in IPSec
Available Online at www.ijpret.com 1878 the data stream, some preliminary information exchange is necessary. This is accomplished with the Internet Key Exchange (IKE) protocol, defined in RFC 2409 [12]. The IKE protocol works in two phases. Phase 1 provides the mechanism for the two parties to dynamically agree on security parameters.
Diffie-Hellman in PKI
Available Online at www.ijpret.com 1879 I. Proposed Approach
In our propose approach we remove the drawbacks of previous approach such as, Three different network entities can be identified as follows
A) User: User is an entity, which has large data files to be stored in the cloud and relies on the cloud for data maintenance and computation, can be either individual consumers or organizations. Also he is totally responsible for storage data.[7][12].
B) Third Party Auditor (TPA) or security cloud: TPA is an entity, which has expertise and capabilities for Encryption and decryption Service. When client want to store data at the cloud storage at that time TPA (encryption/decryption service) Encrypt the data and return back to user for storage purpose.[7]
C) Cloud Storage Server (CSS): CSS is an entity which is totally responsible for storage the data. After encrypting your data if you want to store the data on cloud Storage server [7].
II. Working of Project
The project has the Two Section Upload and Download section
The objective of project cloud is to encrypt and decrypt the user data When user want to upload the data to the cloud side at that time he will not trust on cloud for that reason we make security cloud as a virtual cloud for the encrypt and decrypt the data for user. In that users goal are to be covered. In the whole scenario Security cloud is the main entities.
Available Online at www.ijpret.com 1880 Fig 5 User login
Another Login is the security cloud for encrypt and decrypt the data for users from that sc loud can be login for that.
Fig.6 User Portal
We here use deffiee hellman Algorithms for key exchange Between two parties means User and scloud.user take one random for key exchange and scloud also take random number for key exchange.
We will see the key exchange algorithms between two parties
Deffie Hellman Algorithm
In this Algorithms g and p is constant Suppose g=10 and p=540
Available Online at www.ijpret.com 1881 A = ga mod p
Scloud Choose Random number b=7 and calculate
B = gb mod p
Alice and Bob exchange A and B in view of Carl
keya = B a mod p = 193(Shared key)
keyb = A b mod p = 193
When shared key get between two parties user is ready to encrypt data with blowfish and df key
Fig. 7 User Choose file
After choose the file to user he has to calculate with SHA for hashing for intigrty. And then encrypt with blowfish and send to security cloud.
Available Online at www.ijpret.com 1882 Fig.8 Blowfish Encryption
After got the encrypted file he has to decrypt file with DF key which will be generated by user and scloud side. And then Main duty of Scloud is to encrypt the data by using AES. When Security Cloud will decrypt the file from blowfish and DF key then scloud has to encrypt with AES and Master key is to store in database for Decryption purpose. Again Security cloud want to see that data means do fraurd with Data security cloud he will get encrypted data.
Fig.9 AES Encryption
When AES encryption is do scloud side he will send the file to the user side for upload to the storage cloud.
Available Online at www.ijpret.com 1883
III. CONCLUSIONS
An application of Security cloud is to be implemented for encryption and decryption of the user’s data. Actually user are very confuse about their data storage on cloud which provider is to use for data storage so for this point of view we will create this application. Now in this scenario user data is very secure.
In this application three entities are main User, Scloud as TPA, Cloud Storage service. First user will login and upload the file encrypt with DF key and send to the security cloud. Security cl oud will decrypt the file and again encrypt with AES and send to the user for store the storage cloud from that scenario user will very secure for their important data which is highly confidential.so the main role for TPA is to secure their data means encrypt and decrypt the data by using the used proper encryption algorithms After the all process we can calculate the SHA value for file integrity check means when the file coming after download we can check the integrity for that file.
ACKNOWLEDGMENT
I express my sincere gratitude to Dr. M. B. Chandak, Head Department of CSE RKNEC & Dr. H. R. Deshmukh, Head Department of CSE IBSS , for his valuable guidance and advice.
REFERENCES
1. Jing-Jang Hwang, Hung-Kai Chuang,Yi-Chang Hsu, Chien-Hsing Wu, ”A Business Model for Cloud Computing Based on a Separate Encryption and Decryption Service,” Proceedings of the 2011 International Conference on Information Science and Application, April 2011.
2. Cong Wang, Qian Wang, and Kui Ren, Wenjing Lou,” Ensuring Data Storage Security in Cloud Computing”
3. Avi Kak Lecture 8: AES: The Advanced Encryption Standard Lecture Notes on “Computer and Network Security”
4. Dieter Gollmann (2006). Computer Security Second Edition West Sussex, England: John Wiley & Sons,Ltd.
Available Online at www.ijpret.com 1884 6. Bhavna Makhija, VinitKumar Gupta, Indrajit Rajput,”Enhanced Data Security in Cloud Computing with Third Party Auditor” proceeding of the , February 2013 International Journal of Advanced Research in Computer Science and Software Engineering.
7. Qian Wang, Student Member, IEEE, Cong Wang, Student Member, IEEE, Kui Ren, Member, IEEE, Wenjing Lou, Senior Member, IEEE, and Jin Li” Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing”
8. John W. Rittinghouse,James F. Ransome © 2010 by Taylor and Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business” Cloud Computing Implementation, Management, and Security”
9. http://www.microsoft.com/india/msindia/perspective/interfaces_cloud_three_layers.aspx
10.Cong Wang, Qian Wang, Kui Ren, and Wenjing Lou,‖Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing‖ in IEEE INFOCOM 2010, San Diego, CA, March 2010.
11.Introduction to Cloud Computing http://www.priv.gc.ca/resource/fs-fi/02_05_d_51_cc_e.pdf
12.Ankit Mune, Prafull pardhi “Security for cloud computing data using a security cloud as a Third party auditor (TPA): A Survey” in International Journal of Advanced Research in Computer and Communication Engineering Vol. 3, Issue 3, March 2014.
13.Ashish Bhagat,Ravi Kant Sahu “Using Third Party Auditor for Cloud Data Security: A Review” International Journal of Advanced Research in Computer Science and Software Engineering Volume 3, Issue 3, March 2011.
14.David A. Carts “A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols”
15.Rescorla, E., Diffie-Hellman Key Agreement Method, RFC 2631, IETF Network Working Group, http://www.ietf.org/rfc/rfc2631.txt
16.RSA Laboratories, RSA Laboratories’ FAQ About Today’s Cryptography, Version RSA Security Inc., 2000, http://www.rsa.com/rsalabs/faq/index.html
17.Costas Christoyannis, “What is Diffie-Hellman”,
http://www.hack.gr/users/dij/crypto/overview/diffie.html
18.Levy, Benjamin, “Diffie-Hellman Method for Key Agreement”, http://apocalypse.org/pub/u/seven/diffie.html
19.RSA Laboratories, PKCS #3: Diffie-Hellman Key-Agreement Standard, Version 1.4. Revised November 1, 1993, http://www.rsalabs.com/pkcs/pkcs-3/index.html
Available Online at www.ijpret.com 1885 21.Wagner, David and Bruce Schneier, Analysis of the SSL 3.0 Protocol, PDF document available from http://www.counterpane.com/ssl.html
22.SSH Communications Security Home Page, http://www.ssh.com/ 23.OpenSSH Home Page, http://www.openssh.com/
24.Secure Shell IETF Working Group Home Page,http://www.ietf.org/html.charters/secsh-charter.html
25.Ylonen, T., et al., SSH Transport Layer Protocol, IETF IPSec Working Group,January 2001, http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-09.txt IPSec References
26.Harkins, D., and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, IETF Network Working Group, November 1998, http://www.ietf.org/rfc/rfc2409.txt
27.Frankel, Sheila, An Introduction to IPSec, NIST Information Technology Bulletin, March 2001, http://www.itl.nist.gov/lab/bulletns/bltnmar01.htm
28.Hernandez, Rich, Internet Protocol Security Revealed, Dell Power Solutions Magazine, Issue 2, 2000, http://www.dell.com/us/en/esg/topics/power_ps2q00-ipsec.htm
29.Housley, R., W. Ford, W. Polk, and D. Solo, Internet X.509 Public Key Infrastructure: Certificate and CRL Profile, RFC 2459, IETF Network Working Group, January 1999, http://www.ietf.org/rfc/rfc2459.txt
30.ANSI X9.42-199x, Public Key Cryptography for The Financial Services Industry: Agreement of Symmetric Algorithm Keys Using Diffie-Hellman (Working Draft), December 1997. (Fee charged for this document.)
31.Ramsdell, B., S/MIME Version 3 Certificate Handling, RFC 2632, , IETF Network Working Group, June 1999, , http://www.ietf.org/rfc/rfc2632.txt
32.NIST Public Key Infrastructure Program Home Page, http://csrc.ncsl.nist.gov/pki/.
33.Public Key Infrastructure (X.509) (PKIX) Working Group Home Page, http://www.ietf.org/html.charters/pkix-charter.html.
34.Simple Public Key Infrastructure (SPKI) Working Group Home Page, http://www.ietf.org/html.charters/spki-charter.html
35.The Open Group Public Key Infrastructure Home Page, http://www.opengroup.org/security/pki/.
