A Survey for Secure Communication of Cloud Third Party Authenticator

A Survey for Secure Communication of Cloud Third Party Authenticator

Abstract— Cloud computing is an information technology where user can remotely store their outsourced data so as enjoy on demand high quality application and services from configurable resources. Using information data exchange, users can be worried from the load of local data storage and protection. Thus, allowing freely available auditability for cloud data storage is more importance so that user gives change to check data integrity through external audit party. In the direction of securely establish efficient third party auditor (TPA), which has next two primary requirements to be met: 1) TPA should able to audit outsourced data without demanding local copy of user outsourced data ; 2) TPA process should not bring in new threats towards user data privacy. To achieve these goals this system will provide a solution that uses Kerberos as a Third Party Auditor/ Authenticator, RSA algorithm for secure communication, MD5 algorithm is used to verify data integrity, Data centers is used for storing of data on cloud in effective manner with secured environment and provides Multilevel Security to Database .

Keywords— Public Auditing, Cloud Computing, Third Party Auditor

I. Introduction

CLOUD computing is self-service demanding, ever-present network access, and location independent resource brings together, rapid resource flexibility. As cloud computing makes more attractive yet, it creates new and challenging security threats just before user outsourced data [1].

Consider a cloud data storage service having three different entities, as shown in Fig.1: cloud user, in which huge data files to be saved in the cloud; third-party auditor, which has information and facility that cloud users do not have and which have faith to access the cloud storage service consistency on behalf of the user request ; cloud server, which is handled by the cloud service provider and provide data storage service, large amount of storage space and computation resources [1],[4].

To completely guarantee on the data integrity and save the cloud user’s working out resources as well as online load, it is more significant to allow public auditing service for cloud data storage, As a result users may have option to an independent third-party auditor (TPA) who is expertise and having the capabilities that user do not, which periodically check the integrity of all data stored in cloud on behalf of user’s and which ensure their storage correctness in cloud [1], [3].

The rest of paper is organised as follows: section 2 introduce literature review in which it provide different technique to solve problem related cloud storage security but they have some drawback which can overcame by proposed system which is explain in section 3 that means it provide efficient solution against problem definition and literature review through various cryptography algorithms and third party auditor. Finally section 4 gives the concluding remark of whole paper and on the literature review.

II. LITERATURE SURVEY

A. The Provable Data Possession Model:

It is used for keeping data files on unstructed storage which provide RSA based homomorphic linear authenticator for giving randomly sampling a few block of the file. Thus it may leak user data information to external parties because of their protocol which is not secure [7]. The Proof of Retrievability Model in which spot checking and error correcting code are used [8]. A skip list based mechanism which then makes the use of provable data possession with full dynamics support but the verification in protocol requires linear combination of samples blocks .Thus it does not support secure transmission of data [5].

B. The Virtual Machine Technique of Security:

In the figure1, there are user, cloud server and third party auditor as explain in the previous section. As client request the cloud server to provide service in which cloud server initially authenticate the client and then provide a virtual machine by means of Software as a service.

In Virtual Machine, RSA is used for secure communication between user and cloud server where as SHA-512 algorithm is used for data integrity but problem over here is that SHA-512 is designed only for 32 bit machine [2].

C. Short Signature Technique to Security:

It is based on computational Diffe- Hellman algorithm, elliptic curve and hipper elliptic algorithm, digital signature algorithm in which signature length is half size of DSA signature on similar level of security. The plan for making short signature is to make reliable system in which signature typed in by human or signatures are sent under low bandwidth channel but problem over here is that Diffe–Hellman algorithm shared secret at both end of communication link (key agreement) which provide only key management but not authentication where as in DSA which provide only authentication but not key management [9].

D. An Overview of Privacy Preserving Public Auditing:

In existing systems, third party auditor demanding local copy of user outsourced data. So this will increase the possibility of client files to be stolen by third party auditor. Thus the correctness of data is being put at high risk and it is not provide any assurance on data integrity, availability, threat of identity spoofing attack, information disclosure on upload / download attack, denial of service attack [1].

The goal of Privacy Preserving Public Auditing is to achieve the uniquely integrate homomorphic linear authenticator along with arbitrary masking technique. In this protocol, it uses linear combination of sampled blocks of server response which masked with arbitrary generated by server. As using arbitrary masking, the third party auditor has no longer all information which significant to make up correct group of linear equation that means the TPA does not demand local of copy user data content [1],[3],[4].

To fulfill this goal, system uses two algorithms which are as follows:

1) MAC Based Solution:

The massage authenticator code is used to authenticate the block of data in which client upload block of data where uploaded data go through MAC to cloud sever which provide secret key to third party auditing . so limitation on these solution are TPA acquire priori information of data blocks for identification , data files to be verify as secret key are fixed [1],[6].

2) HLA Based Solution:

The homomorphic linear authenticator system which effectively used for verification of metadata so it require to support public auditability i.e. it does not retrieve data block itself .The difference between HLA and MAC is that HLA can be aggregated that is, compute aggregated which authenticate a linear combination of individual data blocks. However limitation of HLA is the linear combination of data blocks require user data information to TPA and break the privacy preserving security [1], [3].

TABLE I: Brief Descriptions about their methods and drawbacks

E. Literature Review Summary:

• The Provable Data Possession model in which third party can access user data information so it is not efficient solution then it introduce A Skip List based mechanism which is having full dynamics support but the verification of user required linear combination of sampled blocks so the user data transmission is not secure.
• The Virtual machine in which RSA and SHA-512 are used but in secure hash algorithm (SHA) it does not provide any guarantee on system compatibility.
• The Short Signature technique provide Diffe-Hellman algorithm, elliptic curve, digital signature algorithm but these algorithms having some problem like some of them only provide key management facility where as other are only provide authentication but the algorithm which is having these two facility are yet to be find ?
• The message authenticator code which only provide for static operation of system that means data files to be audited as secret keys are fixed and TPA should maintain & update states for user data which is very difficult.

Thus, the proposed system which overcomes all problems comes in literature review and this proposed system gives brief clarification about efficient solution in section 3.

III. Propose System

Particularly, this system involvement can be potted as the following three phase:

1.Proposed system solve the problem of data storage security in cloud computing by stimulating the public auditing system and enabling the protection from third party auditing which audit user’s cloud data without knowledge of data content.

2.Specifically, proposed system achieves batch auditing where checking process of multiple tasks from different users can be carry out at the same time by the TPA.

3. Proposed system attempt to show the security by applying various cryptographic algorithms and comparisons with these different algorithm.

The proposed system makes the use of Kerberos as a Third Party Auditor/ Authenticator which only use for verification of user and it does not demanding local copy of user data which implemented in the first phase of proposed system.

For that purpose, it requires various algorithms like RSA algorithm for secure communication, Key management schemes and Authentication methods i.e. it generate the two key of RSA algorithm, one key which is public is sent to the third party for encryption of session key and secret key and other key is with the user which is a private key used for decryption of the response send by the TPA and this type of algorithm implemented in phase-three of proposed system.

Massage Digest (MD5) algorithm is used to verify data integrity and it is used in the software which provide some assurance that transferred file has arrived completely as well as it is used in digital signature application, which provide larger file must be “compressed” in a secure manner earlier than being encrypted with a private key over a public key cryptosystem such as RSA such algorithm implemented in phase-three of proposed system.

Database security is handled in phase-two of proposed system. A multilevel security to the database is considered which means that multiple users from different level of security can access cloud data storage. For this purpose a batch auditing algorithms is supposed to be implemented at phase-two to achieve multilevel security of database.

Data centres are used for storing of data on cloud in effective manner with secured environment i.e.The cloud storage has several datacenters from which all are activated all the time but only stores the data in only one datacenter. The other data centers are active but not in storing process. They store the data only if there is any problem occurred in the first datacenter i.e. problems like overflow condition occurs or the datacenter get damaged only then the other datacenters get started with storing of data.

IV. Conclusion

From the literature survey, it is seen that system having some problem statement likes performed operation as static configuration, information leaks to the external parties, insecure transmission of data, system requires user data information to the third party which violates the privacy preserving guarantee, single sign on capability to access the cloud data storage.

To overcome these problem, the propose system is try to implement such system that will provide a cloud storage security by applying Kerberos type of authentication system as third party auditor which does not demand the local copy of user data information and various algorithms for communication between user, cloud server and third party like RSA for key management as well as secure transmission of data, Message Digest (MD5) algorithm supports full dynamics operation of system as well as provide guarantee on system compatibility and system provide multilevel security to database i.e. multiple user from different level of security can access cloud data storage simultaneously.

References

1. C. Wang, Sherman S. M. Chow, Q. Wang, K. Ren and W. Lou, “Privacy-Preserving Public Auditing for SecureCloud Storage”, IEEE Transaction on Computers I, vol. 62, no. 2, pp.362-375 , February 2013.
2. A.Mohta, Lalit Kumar Awasti,]“Cloud Data Security while using Third Party Auditor”, InternationalJournal of Scientific & Engineering Research, Volume 3,Issue 6, ISSN 2229-8 June 2012.
3. Q. Wang, C. Wang,K.Ren, W. Lou and Jin Li “Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing”, IEEE Transaction onParallel and Distributed System, vol. 22, no. 5, pp. 847 –859,2011.
4. C. Wang, Q. Wang, K. Ren, and W. Lou, “Privacy-Preserving Public auditing for storage security in cloud computing,” in Proc.of IEEE INFOCOM’10, March 2010.
5. C. Erway, A. Küpçü, C. Papamanthou, and R. Tamassia, “Dynamic provable data possession,” in Proceedings of the 16th ACM conference on Computer and communications security, ser. CCS ’09. New York, NY, USA: ACM, 2009, pp. 213–222.
6. C. Wang, Q. Wang and K. Ren, “Ensuring Data Storage security in Cloud Computing”, IEEE Conference Publication, 17th International Workshop on Quality ofService (IWQoS), 2009.
7. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L. Kissner, Z. Peterson, and D. Song, “Provable data possession at untrusted stores,” in Proceedings of the 14th ACM conference on Computer and communications security, ser. CCS ’07. New York, NY, USA: ACM, 2007, pp. 598–609.
8. Juels, B. Kaliski. “Pors: proofs of retrievability for large files[C]”, Proceedings of CCS 2007. Alexandria, VA,USA, 2007. 584-597.
9. D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,”J. Cryptology,vol. 17, no. 4, pp. 297-319, 2004.
10. Theng, D.; Hande, K.N., "VM Management for Cross-Cloud Computing Environment," Communication Systems and Network Technologies (CSNT), 2012 International Conference on , vol., no., pp.731,735, 11-13 May 2012.
11. Theng, D., "Efficient Heterogeneous Computational Strategy for Cross-Cloud Computing Environment," Emerging Research in Computing, Information, Communication and Applications (ERCICA), 2014 Second International Conference on, vol., no., pp.8,17, 1-2 August 2014.
12. Gourkhede, M.H.; Theng, D.P., "Analysing Security and Privacy Management for Cloud Computing Environment," Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on , vol., no., pp.677,680, 7-9 April 2014.
13. Gourkhede, M.H.; Theng, D.P., "Preserving Privacy and Illegal Content Distribution for Cloud Environment," International Journal of Computing and Technology (IJCT), 2014, vol., no. 1, issue 3, pp.142,148, May 2014