A Security Mechanism for Cloud Computing Threats
Mahadev Bag
Rashmi Shrivas
M. Tech. scholar (CSE)
Asst Professor
MATS University, Raipur (C.G.)
INDIA
Department of Computer
science
MATS University, Raipur (C.G.)
INDIA
Bagmahadev1010@gmail
.com
ABSTRACT
Cloud computing could be a platform for increasing
capabilities and developing potentialities dynamically while
not employing new infrastructure, personnel, or software
package systems. In Addition, cloud computing originated
from an advert enterprise idea, and developed into a
flourishing IT invention. Despite the plug surrounding cloud
computing,
customers stay reluctant
to
deploy
their industrial enterprise into the cloud. All the same, lack of
protection is that the solely major concern that hinders
increased use of cloud computing. Moreover, the complexness
with that cloud computing manages information secrecy, and
information
security
makes
the
market
hesitant concerning cloud computing. The design of cloud
models
threatens
the
security
of
existing
technologies once deployed in
an
exceedingly cloud
environment. Thus, users of cloud services ought
to understand the dangers of uploading information into this
new atmosphere. Therefore, in this paper we are proposing an
different type of security mechanism for cloud computing
threats so that all same problematic situations can be
overcooked. By use of third party Crypto-Chest (CC) we can
enhance the security over cloud.
General Terms
Security, cloud computing, cryptography, CC.
Keywords
Cloud, Crypto chest, cryptography, Chamleon Hash, Security.
1. INTRODUCTION
Cloud computing is a computing paradigm which relies on
resource sharing. Here the word “Cloud” is symbol for
internet. Cloud computing is the delivery of computing
resources or services over the internet. The services allow
individuals or business groups to use resources (software and
hardware) which are managed third party at different locations
[1]. Cloud computing encompasses activities such as the use
of social networking sites and other forms of interpersonal
computing; most of the time cloud computing is concerned
with accessing online software applications, data storage and
processing power. It is a way to increase the capacity and/or
add capabilities dynamically without having new
infrastructure, training new personnel, or licensing new
software. It extends Information Technology’s existing
capabilities [2]. Developers with innovative ideas for Internet
Shrivasrashmi20@gmail.c
om
services no longer need large capital outlays in hardware to
deploy their services; this paradigm shift is transforming the
IT industry. The operation of large scale, commodity
computer datacenters was the key enabler of cloud computing,
as these datacenters take advantage of economies of scale,
allowing for decreases in the cost of electricity, bandwidth,
operations, and hardware [3]. Based on purpose and
characteristics cloud computing uses several delivery models
[6].
1.1 Deployment Tools
1.1.1 Public Cloud
Cloud computing services from vendors that can be accessed
across the internet or a private network using one or more data
centers, shared among multiple customers with varying
degrees of data privacy control. Public clouds are run by third
parties, and applications from different customers are likely to
be mixed together on the cloud’s servers, storage systems, and
networks. Public clouds are most often hosted away from
customer premises, and they provide a way to reduce
customer risk and cost by providing a flexible, even
temporary extension to enterprise infrastructure.
1.1.2 Private Cloud
Private clouds are built for the exclusive use of one client,
providing the utmost control over data, security, and quality
of service. The company owns the infrastructure and has
control over how applications are deployed on it. Private
clouds may be deployed in an enterprise datacenter, and they
may also be deployed at a co-location facility. Private clouds
can be built and managed by a company’s own IT
organization or by a cloud provider. In this “hosted private”
model, a company such as Sun can install, configure, and
operate the infrastructure to support a private cloud within a
company’s enterprise datacenter. This model gives companies
a high level of control over the use of cloud resources while
bringing in the expertise needed to establish and operate the
environment.
1.1.3 Hybrid Cloud
Hybrid clouds combine both public and private cloud models.
They can help to provide on-demand, externally provisioned
scale. The ability to augment a private cloud with the
resources of a public cloud can be used to maintain service
levels in the face of rapid workload fluctuations. This is most
often seen with the use of storage clouds to support Web 2.0
1
applications. A hybrid cloud also can be used to handle
planned workload spikes.
1.2 Cloud computing and cryptographic
Cryptography involves the conversion of clear text into an
unreadable form. Cryptography is a technique frequently used
to transfer contents safely by ensuring that only the intended
recipient can read them. This domain spotlight provides an
overview of the history of cryptography and the many
complex, imaginative approaches used in contemporary
enterprise encryption.
Bleikertz et al. [10] proposed the secret key principles, which
are applied to virtual machines on the basis of uniqueclientcontrolled CaaS architecture for cloud computing. However,
these researchers emphasized the use of physical hardware
security modules, and found that architecture segregates the
management and storage of the keys of cloud clients as well
as all cryptographic operations into a secure crypto-domain
called DomC, which is tightly coupled to the workloads of
clients. While, Sanyal and Iyer [11] investigated cloud
security based on public key values. They discussed a secure,
and efficient algorithm based on the multi-key encryption
AES technique, a 128/192/256 bit cipher key used to encrypt
and decrypt data. Results confirmed, that AES increases
security for the cloud computing compared with RSA. But,
AES can be used in virtual machines and in public or private
clouds. Mao [12] noted an important problem for secure
network virtualization: the negligent usage of intelligence and
distributed power by hypervisors. The research discussed how
hypervisors use information boxes to gain control. Therefore,
he proposed network virtualization using modern technology
with several useful applications, including secure
multitenancy for cloud computing. Cryptography significantly
affects the management of the intelligence and distributed
power of hypervisors.
Well-known security issues such as data loss, phishing, and
botnet (running remotely on a collection of machines) pose
serious threats to organization's data and software. In Cloud
computing environment data protection as the most important
security issue. In this issue , it concerns include the way in
which data is accessed and stored , audit requirements,
compliance



Key guessing attack are possible, if the password is
too short or poor.
The key management techniques are complex to
handle.
No protocol are fully secured from attach,
combination of technique required.
3. METHODOLOGY
The design of cloud models threatens the security of existing
technologies once deployed in
an
exceedingly cloud
environment. Thus, users of cloud services ought
to understand the dangers of uploading information into this
new atmosphere. Therefore, we are proposing an different
type of security mechanism for cloud computing threats so
that all same problematic situations can be overcooked. By
use of third party Crypto-Chest we can enhance the security
over cloud.
Fig1. Proposed Scheme
2. PROBLEM IDENTIFICATION
Cloud computing has presented issues regarding data control,
the effect of software systems on organic resources, and the
transfer of data access control to another. Based on the above
literature review, we conclude that cryptography can be used
for the following:
Cloud computing has presented issues regarding data control,
the effect of software systems on organic resources, and the
transfer of data access control to another. Based on the above
literature review, we conclude that cryptography can be used
for the following: Proofs of irretrievability.



Private information rescue.
Televise encryption.
Petite signatures.
Cloud computing and web services run on a network structure
so they are open to network type attacks. One of these attacks
is the distributed denial of service attacks. If a user could
hijack a server then the hacker could stop the web services
from functioning and demand a ransom to put the services
back online. The security issue has played the most important
role in hindering Cloud computing. Without doubt, putting
your data, running your software at someone else's hard disk
using someone else's CPU appears daunting to many.
In third party Crypto-chest we will use ID-based hashing
scheme. IDbased cryptography is an alternate form of publickey cryptography that does not use certification authorities or
certificates. Instead, an ID-based scheme defines “identity
strings”, which are nothing more than a special string format
to describe real entities (persons or machines). An identity
string could be an e-mail address, a URL, a person’s address,
or any other unambiguous reference. The public keys are
derived from these identity strings by means of a public
algorithm.
ID-based Chameleon Hashing
We assume that all system users are identifiable by a bit-string
easily derivable from public knowledge about the individual.
For instance, it could be the user’s e-mail address, augmented
by some information such as an expiration-date. We call such
a string an identity string. Formally, an ID-based chameleon
hashing scheme is defined by a family of efficiently
computable algorithms:
Setup: A trusted party, the key escrow, runs this efficient,
probabilistic algorithm to generate a pair of keys SK and PK
defining the scheme. It publishes PK and keeps SK secret.
The input to this algorithm is a security parameter(s).
Extract: An efficient, deterministic algorithm that, on inputs
SK and an identity string S, outputs the trapdoor information
B associated to the identity. Hash: An efficient, probabilistic
2
algorithm that, on inputs PK, an identity string S, and a
message m, outputs a hash value h.
Forge: An efficient algorithm that, on inputs PK, an identity
string S, the trapdoor information B associated with S (i.e., the
output of Extract(SK, S)), a message m0, and a hash value h
of a message m, outputs a sequence of random bits that
correspond to a valid computation of Hash(PK, S,m0)
yielding the target value h.
The setup algorithm is similar to an RSA key generation step.
The trusted party T generates two prime numbers p and q in
the set {2_−1, . . . , 2_ − 1}. Let n = pq. The bit-length of n,
`(n), is no less than 2_. Let C : {0, 1}_ ! {0, · · · , 22_−1} be a
secure deterministic hash-and-encode scheme mapping
arbitrary bit-strings to integers less than n. For instance, it is
possible to use the deterministic version of EMSA-PSS
encoding defined in [11, 12]. T then generates a random prime
integer v s.t. v > 2_ , and such that GCD(v, (p − 1)(q − 1)) =
1, i.e., v is relatively prime to the order _(n) of the
multiplicative residues modulo n. Applying the extended
Euclidean algorithm for the GCD, T computes w and z such
that wv + z(p − 1)(q − 1) = 1. T’s public key is (n, v). Its
secret key is (p, q,w). We can now describe the extraction
algorithm. Let S be the identity string associated to some
party. First we apply the deterministic hash-and-encode
scheme to obtain the element J = C(S) in Zn. The secret key is
extracted as B = Jw mod n. Notice that being able to compute
B from S should be infeasible. In particular, if C is chosen as
the EMSA-PSS encoding, then B is a secure RSA signature
on the string S, under the public key (n, v). The Hash(·)
algorithm is:
Hash(S, m, r) = JH(m)rv mod n,
where, again, H(·) is the secure hash function, and J = C(S).
The Forge algorithm is:
Forge(S,B, m, r, h,m0) = r0 = rBH(m)−H(m0) mod n.
5. REFERENCES
[1] Heena I. Syed and Naghma A. Baig, “Survey On
Cloud Computing”, International Journal of
Emerging
Technology
and
Advanced
Engineering, Volume 3, Issue 4, pages 308-312,
April 2013.
[2] Kuyoro S. O., Ibikunle F. and Awodele O.,
"Cloud Computing Security Issues and
Challenges", International Journal of Computer
Networks, Volume 3, Issue 5, pages 247-255,
2011.
[3] AMIT GOYAL and SARA DADIZADEH, "A
Survey on Cloud Computing", University of
British Columbia, Technical Report for CS 508,
pages 1-14, December 2009.
[4] Shilpashree Srinivasamurthy and David Q. Liu,
"Survey on Cloud Computing Security".
[5] S.Sathyavani and T.P.Senthilkumar, "Survey on
Cloud Computing", International Journal of
Computer Trends and Technology, volume 4,
Issue 9, pages 3116-3120, Sep 2013.
[6] Jason Carolan and Steve Gaede, "Introduction to
Cloud
Computing
architecture",
Sun
Microsystems, Inc, 1st Edition, June 2009.
[7] Wayne Jansen and Timothy Grance, "Guidelines
on Security and Privacy in Public Cloud
Computing", National Institute of Standards and
Technology Draft Special Publication 800-144,
January 2011.
[8]
4. CONCLUSION
The design of cloud models threatens the security of existing
technologies once deployed in
an
exceedingly cloud
environment. Thus, users of cloud services ought
to understand the dangers of uploading information into this
new atmosphere. By use of third party Crypto-Chest we can
enhance the security over cloud. Following are the benefits of
using Third party Crypto-Chest:
Non-repudiation: The user cannot deny legitimate signature
claims. Practical and efficient: The algorithms have costs
comparable with those of standard signature schemes.
S. Bleikertz, S. Bugiel, H. Ideler, S. Nürnberger,
and
A.-R.
Sadeghi,
"Client-controlled
Cryptography-as-a-Service in the Cloud."
[9] S. Sanyal, and P. P. Iyer, “Cloud Computing--An
Approach with Modern Cryptography,” arXiv
preprint arXiv:1303.1048, 2013.
[10] W. Mao, "The role and effectiveness of
cryptography in network virtualization: a position
paper." pp. 179-182.
[11] K. Rauber, “CLOUD CRYPTOGRAPHY,”
International Journal of Pure and Applied
Mathematics, vol. 85, no. 1, pp. 1-11, 2013.
Semantic security: The hash value does not reveal
information about the message signed. Message hiding: No
one does not have to reveal the original message to deny the
validity of a forgery.
Lightweight key distribution/refreshment: Public keys do
not need to be distributed after a refreshment. Secret key
retrieval is optional for recipients.
3