CLOUD COMPUTING WITH SMART KEY SELECTION MODEL Jitendra Meena Neeraj Manglani M.Tech Student Jagannath University Jaipur Assistant Professor Jagannath University Jaipur Jitendra.meena@gmail.com ABSTRACT Cloud computing is a promising computing paradigm which provide hardware, software resources to user as service on demand basis. To facilitate cost-effective computing, it brings more complicate security problems with traditional security threats for user data. In this paper, we propose for a new model for selection of key for data encryption &decryption to achieve data security and trust of user, taking into consideration different security issue that user and cloud provider face during cloud engineering. Here in this paper the user and the Third Party Auditor (TPA) key is used to achieve different goals. User key is used to provide more trust to user & cost effective environment to the cloud server. TPA key is used to make system faster. In this paper we also introduce a new data encryption and decryption algorithm and its abstract implementation. The pipeline mechanism is used in this proposed algorithm that enhances the overall system performance. According to our algorithm most of the part of data is encrypted or decrypted by data itself. Keywords— Third Party Auditor, metadata, spoofing, Secret key,data-center 1. INTRODUCTION Cloud computing concept came into picture more than 40 years ago. But actual utilization or implementation of this technology has started only few years ago. Several IT giants are now showing interest and investing lots of money in this field. It is sure that no form of computing is entirely risk free 100% of the time but if we try to criticize this technology then security issues come into picture. Cloud engineering is known for its flexibility, cost benefit, openness. But these issues make things complex by reducing trust-degree and bringing numerous new security problem with existing threats. Every client survey shows that security is the single biggest concern about moving to Cloud Computing. Security may be as good as or even better than traditional systems, in part because providers are able to devote resources to maglani@jagannathuniversity.org solving security issues that many customers cannot afford. While cloud computing service providers face comparable security issues as other sorts of organizations, there are warnings that the cloud is becoming particularly attractive to cyber criminals. Since cloud service providers (CSP) manage all user data, so user lost control over data and give its fate to service provider. There are a number of security issues associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers and security issues faced by their customers. Security is a priority concern for many cloud customers; many of them will make buying choices on the basis of the reputation for confidentiality, integrity and resilience of, and the security services offered by, a provider .So there should be a balance between the security and the convenience. The provider must ensure that their infrastructure is secure and that their clients’ data & applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information. It is mandatory to make trusted cloud data-center[1]which can provide different mechanism to ensure security of data. To protect user data cloud provider should select proper mechanism to encrypt data. Selection of key is also very important because speed of encryption, most importantly trust degree is dependent on it. In this paper we will discuss various security threats upon user data. we will also discuss our key selection model with proposed encryption and decryption algorithm. By doing these we are trying to achieve more efficient and trusted cloud service. 2. DIFFERENT SECURITY PROBLEM Integrity: This is a huge problem when any data is outsourced. Amazon S3’s recent downtime[13], Gmail’s mass email deletion incident[14], and Apple Mobile Me’s post-launch downtime[15] are all such examples. Data integrity can be achieved using Message Authentication Code (MAC) and Digital Signature (DS).MAC is based on symmetric key and DS is based on asymmetric key technology[7]. Data integrity can also be checked by Third Party Auditor (TPA). Availability: Authorized user can be denied to access his/her data due to either network based attacks such as DDoS attacks or CSP unavailability. For example, Amazon S3 suffered from two and a half hours outage in February 2008 and eight hours outage in July 2008[7]. Confidentiality: This can be achieved through proper encryption techniques taking into consideration the type of encryption- symmetric or asymmetric encryption algorithms, also key length and key management in case of the symmetric cipher. An algorithm is given in part IV for encryption. Data segregation: In a cloud, the environment is shared, resulting in the need of strong schemes to separate users’ data[3]. Investigative support: Every information remains in abstract form. For several terms and conditions cloud provider may not help for investigative support. One Provider also may not have full information[3]. Long-term viability: If the data will be available and in a format that will allow being imported to a substitute application, in the case of the cloud provides goes broke or is acquired by another provider[4]. Data auditability: There should be a TPA who should be ableto efficiently audit the cloud data storage without demanding the local copy of data and also introduce no additional on-line burden to the cloud user[5,6,10]. Recovery: If somehow information about accounts i.e. user information, data location etc. are lost and proper recovery plan12 is not implemented than total system will be collapsed .Valid user then cannot access his/her account. Even it may happen that after authentication user cannot get his/her data due to cloud provider fault to locate user data. Storage correctness: To ensure that there exists no cheating cloud server that can pass the audit from TPA without indeed storing users’ data intact[5]. Privacy-preserving: To ensure that there exists no way for TPA to derive users’ data content from the information collected during the auditing process[5]. Unfaithful vendor: CSP can be unfaithful by discarding data that has not been or is rarely accessed[6], or even hiding data loss incidents to maintain a reputation[8]. Privileged user access: Privileged user may get illegal access to user data and can take physical, logical, personal control. Data stealing can happen when user use a shared RAM as a cloud service then there remain a chance of hacking data from RAM which is then a plain text. Many national security related data can be gone beyond country area. Apart from above cloud services can have Zombie attack, Malicious Resource Exhaustion, Platform Attacks, Backdoor attack[11], Malware Injection, flooding, Metadata Spoofing Attack[22], unknown profile risk or people &identity[2], loss of encryption key, security problems. We can build a cloud firewall[9] to minimize network security problems. 3. DESIGN GOAL Here we propose a model for selection of key for data encryption and decryption. In these model we use one of user secret key(sk) and Third party Agent[TPA] provided a mixture of trustful and fast service. Secret key makes our model faster. If user gives secret key, then it will be more secure and trustful to user and help to avoid TPA cost for cloud server hence profitable. If TPA secret key which is by default, make system faster and free user burden of generation and managing key. Proposed model and its brief detail is given in part-4 of these paper. With choice for key, we also are proposing a new encryption technique. Our main design goal is to utilize data itself to encrypt data and make a faster model to encrypt or decrypt data. In our encryption technique when one block is sent to data storage after encryption another block is brought to encrypt. For decryption reverse thing is happen. We use pipeline mechanism to meet the need of our technique. These pipeline mechanisms make our model faster. So user can access some blocks, at the same time other blocks are decrypted for access i.e., make faster accessible. In encryption when some blocks are engaged in storing, others are encrypted in that same time. Proposed encryption & decryption algorithm and their brief discussion to implement those is given in part-5 of this paper. 4. PROPOSED KEY SELECTION MODEL Fig.1: Key selection model According to these model, user accesses data from W/S (Work space)(Fig.1).When any file in w/s is to be saved, first it has to be sent to E/D (Encryption or Decryption) section. There data will be encrypted by provided key. User secret key(sk) is taken over TPA’s by default secret key. A proposed algorithm is given in section C for encryption. Encrypted data is then sent to B/S (Backup storage) section to store. When user want to access that data reverse processes is done i.e. data is brought in E/D. Data is then decrypted by the same key that was used for encryption. After that is data is sent to W/S for user access. 5. PROPOSED ALGORITHMS FOR ENCRYPTION & DECRYPTION Both of the new encryption or decryption algorithm will work in E/D section as described in key selection model. Encryption and decryption algorithm with brief discussions are given bellow. Fig.3: Pictorial view of Encryption 5.1. Encryption algorithm: 5.2. Decryption algorithm: Step 1: Make ‘n’ no of fixed size block from user data. Step2: Set a pointer to last block. Step3: Encrypt pointed block using previous block as a key. Step4: Repeat Step3 until pointer comes to 1stblock. Step5: Encrypt first block by provided key. Fig.2: Fragmentation of data According to our algorithm data is broken into small fixed blocks. These are done in parallel with writing or modifying the data. Let total data be fragmented into ‘n’ number of fixed-sized blocks(Fig.2)..For e.g. if block size 32kb and data size is 256kb then total block will be 8. Now a pointer say ‘k’ is set to point to nth block. Now kth block is sent to section-1(Fig.3).It is then pushed to section-2 and (k-1)th block is then brought to section-1.Now using Section-1 data block as a key ,section-2 data block is encrypted and stored into storage area in stack fashion (Fig.3).In this fashion all bock except the 1stblock will be encrypted by data itself. At last encrypt 1st block by provided secret key. A flag also has to add with first block to keep a indicator by which secret key(sk) data is encrypted. Step1: Pop 1st block& decrypt it by provided key. Step2: Decrypt (k+1)th block using kth block as key. Step3: Repeat step2 until the nth block is decrypted. Top block is popped from cloud server storage area and put into 1st section (Fig-4).Secret key that was used to encrypt these data are already brought in 2ndsection. Now Using 2nd section data or key(sk) 1st section data is decrypted and immediately sent to W/S section for user use. Next 1st section block is pushed to second section and next block is brought into 1st section in parallel. So k-th block is decrypted by (k-1)th block. Formula of decryption of n data 1st block sk k thblock (k 1)th block k 2 So, formula of encryption of data (k 1)th block k thblock sk 1st block 1 k n Fig.4: Pictorial view of Decryption , 6. CONCLUSION When designing and using cloud services security threats have to be count to provide a trustful an secure paradigm . We believe that security, especially data security in Cloud computing is one of most challenging aspect. This paper aims to solve these problems. In this paper we concentrate on one-to-one access i.e. only owner of data will access his/her data. For one to many accesses some modification will be needed and that will be one of our future work. If data size is very large then to achieve fast encryption or decryption it is advised to split data explicitly so that data can be encrypted or decrypted in parallel. Our future aim is to optimize data size which will lead best throughput in terms of speed and accessibility. In this paper we break data into 1-D array of data blocks. Next we will try to enhance our algorithm throughput by incorporating 2-D array for representing data after splitting. 7. REFERENCES [01]. Cisco Cloud Computing -Data Center Strategy, Architecture,and SolutionsPoint of View White Paperfor U.S. Public Sector [02]. “IBM Point of View:Security and Cloud Computing”, Cloud computingWhite paperNovember 2009.IBM. [03]. “Gartner: Seven cloud-computing security risks” http://www.infoworld.com/d/security-central/gartner-sevencloud-computing-security-risks-853. [04]. Shucheng Yu∗, Cong Wang†, KuiRen† , and Wenjing Lou,” Achieving Secure, Scalable, and Fine-grained DataAccess Control in Cloud Computing”. [05]. Cong Wang, Qian Wang, and KuiRen, Wenjing Lou” Privacy-Preserving Public Auditing for Data StorageSecurity in Cloud Computing.” [06]. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” Cryptology ePrint Archive, Report 2007/202, 2007, http://eprint.iacr.org/. [7]SameeraAbdulrahmanAlmulla, Chan YeobYeun,” Cloud Computing Security Management” [8] G.Ateniese et al., “Provable Data Possession at Untrusted Stores,” Proc. ACMCCS ‘07, Oct. 2007, pp. 598– 609. [9]. Weili Huang, Jian Yang” New Network Security Based On CloudComputing”. [10]. H. Shacham and B. Waters, “Compact proofs of retrievability,” in Proc. of Asiacrypt 2008, vol. 5350, Dec 2008, pp. 90–107. [11]. JunaidArshad, Paul Townend “Quantification of Security for Compute Intensive Workloads in Clouds”. [12]. “Cloud Computing and Disaster Recovery Plans” http://www.brighthub.com/environment/greencomputing/articles/ 71273.aspx. [13]. Meiko Jensen, J¨orgSchwenk, Nils Gruschka, Luigi Lo Iacono.” On Technical Security Issues in Cloud Computing” [14]. http://techcrunch.com/2006/12/28/gmail-disasterreports-of-mass-email-deletions/ [15].http://news.cnet.com/8301-17939_109100143912.html