Strengthen Cloud Computing Security with Enhanced Two Factor ... · This paper organized in...

137 Divya Saraswat* , Dr. Pooja Tripathi

International Journal of Innovations & Advancement in Computer Science

IJIACS

ISSN 2347 – 8616

Volume 4, Special Issue

May 2015

Strengthen Cloud Computing Security with Enhanced Two

Factor Authentication and Encryption

Divya Saraswat*

Dr. Pooja Tripathi

M.tech CSE, IPEC(UPTU) Professor CSE, IPEC(UPTU)

Abstract: Cloud computing has become a buzzword that nearly everyone has heard but only few can truly

understand its correct meaning. Today, cloud has taken over the IT landscape. Cloud computing

refers to menu of hosting services usually provided over the internet on a usage or metered basis,

while at the same time leveraging infrastructure shared by multiple users. Cloud itself is maintained

by cloud service providers through networked “server farms”. They offer their subscribers unlimited

availability and data storage, along with the seamless access to software, application provisioning

and automatic upgrades. Security is one of the most concerning downsides while using cloud

services. As organisations and individuals store data in cloud and if this data isn‟t properly protected

loss and exposure can happen. Therefore confidentiality, authentication and access control are the

challenging factors in data security. Our work attempts to overcome these types of data security

concerns. In this paper to ensure authentication, a strong authentication mechanism using muti-step

authentication has implemented based on dynamic one time password technique. This technique is

very much secure, robust and highly efficient. The produced mobile token which is valid for only a

small session is used by client to authenticate itself. For data storage security and information

security over cloud AES-256 encryption and MD5 hashing is used. Access controls and permissions

on data accessibility are also gets implemented. Our work mainly deals with cloud computing

security model.

Keywords: AES, multi factor authentication, authentication, MD5, multi auth app, mobile token, and

access control.

I. INTRODUCTION

Cloud computing is the defining technology of twenty first century as well as it defines utility just as

electricity was for twentieth. When we use any appliance that use electricity we think that power is

sufficient to run our appliance. What we don‟t know is that where and from what source power

comes from- whether it is from our nearby nuclear power plant or from hydroelectric facility or a

wind farm. Cloud computing is similar we know it will be there and is sufficient but we don‟t know

on what kind of hardware our data will be stored on, nor do we always know where it is stored on.

The cloud is basically computing power plant while the various cloud providers like Azure, Amazon,

Rackspace, Microsoft are computing power companies. Cloud computing offers incredible

processing power, very wide storage space and a high speed of computation. Cloud computing

technologies are categorized as- software as a service, platform as a service, infrastructure as a

service and data storage as a service[1]. The cloud models where they are deployed are also falls in

four categories: public cloud, private cloud, hybrid cloud and community cloud[2]. New challenge

around the security emerge when data on cloud is to be stored. Control over the data is one of the

primary need as it flows from one virtual machine to another. Traditional hardware based appliances



IJIACS

ISSN 2347 – 8616


May 2015

had no control over data once it is in cloud. Therefore it requires the use of virtual security appliance

to protect and maintain the data.There are various security layers, some of them are:

1. Authentication: Authentication identifies a user. More clearly, authentication is process of

determining whether someone or something is, in fact, who or what it is declared to be.

Authentication level description:

a. Single factor authentication: it require only one factor which “something user knows” like

username and password.

b. Multistep authentication: requires multi step authentication process which must be executed

in consecutive order or sequence successfully.

Example: Gmail, BOX

c. Two factor authentication: it is the subset of two step. it requires the use of only two factors

from the below list:

Something you know (password, pin)

Something you have (token, key)

Something you are (fingerprint, retina scan etc.)

Example: PKI system

d. Multi factor authentication: it requires the use of three or more factors from below list:

Something you know (password, pin)

Something you have (token, key)

Something you are (fingerprint, retina scan etc.)

Example: key card entry system

2. Authorization: Authorization provides authenticated users with permissions to certain

resources. These resources can be system objects like information, application programs etc.

3. Encryption of data: encryption is core basis in cryptography. It is the process of transforming

information in an unreadable format or we can say it convert plain text into cipher-text and hence

become unreadable. Data stored on PC, tablet, smart phones can be encrypted based on type of data.

One of the biggest issue in cloud computing is that of security. As organisations and individuals

moving their data to cloud, the safety of their data is a crucial factor. The main objective of this

paper is to enhance data security for cloud computing. . For authentication security purpose instead

of only rely on username and password, an additional multi-auth-app has introduced which is based

on two factor authentication with multi steps for creating mobile token which is valid for one login

session or for short period. The generated mobile token is then used by client to authenticate itself for

using cloud services. The data storage security is implemented by using AES encryption technique. It

is a symmetric encryption technique and is very reliable and faster algorithm. This paper resulted in

authentication and registration method that is both secure. Permissions for access rights like grant or

deny on data are also gets implemented. MD5 technique is used for hashing client registration and

login details. Hashing is for verifying the contents of message. Hence, our approach also maintains

data integrity. In this paper we are going to present work and its implementation details using azure

cloud services.

This paper organized in following manner: section 2 reviews related work of authors.

Problem statement is given in section 3. Detailed proposed work presented in section 4. Requirement

specification provide in section 5.section 6 Shows the implementation work of the proposed work.

Section 7 concludes the paper.



IJIACS

ISSN 2347 – 8616


May 2015

II. RELATED WORK

Various research has done in the field of security of cloud computing environment. Lin, Shen, and

Hwang [3] has proposed a strong password authentication scheme in which they discussed to make

use of smart cards. With the help of the proposed scheme they can resist guess attack, replay attack,

impersonation attack and stolen attack. Later on, W. C .Ku. [4] has proposed a hash-based strong-

password authentication scheme to enhance the security without using smart card. However, it still

has the some weakness and suffers attacks. As per Saxena [5] proposed a technique in which he

suggested to use one time password for authentication. The generated OTP was based on event

synchronization technique. Jing-Jang Hwang et al. [6], surveyed a business model for cloud

computing for data security using data encryption and decryption algorithms. In this method cloud

service provider has responsible for data encryption/decryption tasks for data storage and it results in

more computational overhead for process of data in cloud server. There is no control of data for data

owner in this type of scheme.

III. PROBLEM STATEMENT

In vast majority of online experiences and logins, people mostly rely on Static passwords based on

only username and passwords which are easy to crack. The problem with this methodology is that

once you shared this secret it does not remains a secret. Security can be enhanced by using strong

authentication. Also as, data is stored anywhere in cloud and has no borders so this creates various

confidentiality, integrity and privacy issues in cloud environment and hence demanded a trusted

environment wherein data security can be maintained. In current approaches there are several issues

in authentication mechanism. The need is for determining a certain scheme that will provide

authentication, confidentiality and integrity to a single server.

IV. PROPOSED WORK

This section describes a proposed data security model and focuses on enhancing security by using

two factor authentication with multi steps ,encryption, hashing, and access rights policy. The

security framework will take care of authorization and authentication, confidentiality and integrity of

user while accessing any cloud server.

Registration

Firstly users who want to access the cloud services have to register themselves. A registration form

have to be filled by them which include client information. All the user information now gets stored

in cloud database. As registration mechanism includes crucial information, this must be protected

from others. For the security purpose MD-5 hashing is used by the authors on registration

information. User information now gets stored in cloud where password and all the other details are

stored in hash format using MD-5 hashing so that any attack by malicious users would be ineffective

and hence also maintains integrity. Md-5 hashing is a one way system and is unbreakable[7].

Login and Data Authentication with multi steps

The authentication method used in our scheme is based on multi steps with two factor authentication

that add an extra layer of security to the existing schemes[8] and make it more stronger. Figure 1 and

figure 2 showing authentication and multi auth app flowchart.



IJIACS

ISSN 2347 – 8616


May 2015

Figure 1. Flowchart showing AUTHENTICATION

USER

EXISTING

USER

ENTER OTP

NON-EXISTING

USER

REGISTER WITH THE

SERVER

ENTER

USERNAME &

PASSWORD

IS VALID

NO

YES

IS VALID

ACCESS TO USER

PROFILE

END

NO

YES



IJIACS

ISSN 2347 – 8616


May 2015

Two factor with multi step authentication:

a. In first phase a user firstly logs in his/her account by firstly providing details like something

you know. For example: when a user firstly wants to login, a username and password must be

required. These details are also gets stored in hash format.

b. In second phase, multi auth app has created for providing access. Multi auth app is an

application that users have to install in their mobile phones. Cloud provider send OTP through this

app. This app also has various factors. As in traditional OTP based message anyone who has access

to others mobile phones can check the message that contains the otp information and use it illegally

but in this type of application to get a mobile token, the mobile owner firstly have to entered its own

created or updated password and then have to enter its mobile number on personal device interface

only then the user have gained an access to the mobile token or OTP.

FIGURE 2. Flowchart showing multi-auth-app



IJIACS

ISSN 2347 – 8616


May 2015

So as soon as user correctly entered the log in details in first phase, that user have to enter the OTP

which the users only gets through their mobile phones by using multi auth app means something you

have. This results in more extra credentials requirement for accessing mobile token. These extra

credential requirement like password for mobile device, mobile number are the multi steps of

authentication. This form strong security for accessing the OTP.

This multifactor authentication is much more safer than static password methods. The mobile token

or OTP generated is valid only for a very short duration time or you can say for only one session.

OTP are immune to password sniffing attacks. For example: suppose if a hacker use any software to

collect your data traffic or other valuable information, there is not to worry as the password he will

get will of no use.

This solution offers greater benefits when compared to other types of authentication solutions:

Username and the OTP are the only crucial information, sent over the network. Since the

OTP is only valid for very short time it will be of no value for an attacker.

PIN code is only known to the user which is used to generate the OTP on mobile phones.

The cost will be absolutely free for both user and provider, since this is an open source

solution.

The user only have to carry his mobile phone with him and their is no need to carry any extra

authentication device

Easy registration process where everything can be done from home, no need to order an

external authentication device or get the device from a local office.

As a result only authorized users can gain access to the cloud system.

Secure storing and accessing of data

After successful authentication, a user can now connect with the system. User can now have access

to file storage system.

For Encryption during file upload AES-256 has implemented in this application for secure data

storage on server. AES as compare to RSA, DSA, and RC4 is much better encryption technique

because its algorithm fast and reliable. AES-256 is symmetric key encryption technique. For other

information transmission including registration and login details MD-5 hashing is used.

Permissions

A permission is an authorization to perform an operation on a specific object, such as file. While

uploading data, permissions also gets applied on the data. These permissions can be granted to a

user, group, special identities, any trusted domain, or computer. In role based access control list,

permissions are assigned to roles. A user must be a registered member of that role. Permissions are

associated with roles not with users. Below table 1 shows an instance of the permission module. All

the data including access rights like allow and deny on a particular file also send in cipher form to

the server using AES encryption technique.

Current UID Search UID Add

Teacher Teacher No

Teacher Student Yes

Student Student No

Student Teacher Yes

Current UID can't search Own UID

Table 1. permissions on search and add of users



IJIACS

ISSN 2347 – 8616


May 2015

V. REQUIREMENT SPECIFICATION

Hardware requirements

The system running the application should have following system requirements:

Intel(R) Core (TM) i3 CPU M370 @ 2.40 GHz

2.39 GHz processor,

3 GB of RAM

Microsoft Windows 7 Ultimate 62 bit Operating System

Android device such as smart phone or tablet

Software requirements

Android SDK

ADT Plugin

Some Android SDK packages

USB drivers

Java development kit(jdk)

Visual studio 2012

VI. IMPLEMENTATION DETAILS

The system is implemented in two phases. For authentication security phase, multi auth app has been

created for android mobile phones. For multi auth app android developer tool is used. Eclipse is used

where xml is graphic user interface and java is a command user interface. In visual studio

environment c# is used as a backend language. We have also hosted this implemented model in

Azure cloud.

Module 1

The proposed system is divided into two parts:

Client

Server

Figure(3) shows the home page including login and registration sections.

Figure 3. Home page



IJIACS

ISSN 2347 – 8616


May 2015

Module 2: Registration of clients

Figure(4) shows new registration form for users. The form includes user id, password, mobile no.,

job type: student/teacher.

Figure 4. registration page

Module 3: authentication of client

Authentication is divided into two parts :

First factor: it is based on „something you know‟ i.e. username and password.

Figure 5. login panel

Second factor: It is based on „something you have‟ in which a user have to enter the mobile token

generated in their mobile phones by accessing multi-auth app displayed in figure(6).



IJIACS

ISSN 2347 – 8616


May 2015

Figure 6 : OTP panel

Multi-auth-app : this is an application run on users mobile phones. This application also have

various steps for authentication. That is why known as multi-step authentication. Fig(7) shows

various steps multi-auth-app.

Figure 7. multi-auth-app

Module 4. User interface for sharing data and permissions:

Figure(8) shows user profile which includes features of uploading data, add friends, search friends,

delete friends, permissions for viewing data- allow/ deny.

Figure 8. user‟s profile



IJIACS

ISSN 2347 – 8616


May 2015

Encryption and decryption data: the data uploaded to the cloud is in encrypted form using AES as

shown in figure(9) and decrypted while accessing by authenticated users shown in figure(10). Also

details of users information while login, registration and profile management are stored in encrypted

form using MD-5 on the cloud server shown in fig(11) and fig(12).

Encryption

figure 9. data uploaded on cloud

Decryption

Figure 10. Decryption

Figure 11 Login details in encrypted form



IJIACS

ISSN 2347 – 8616


May 2015

Figure 12. profile management in encrypted form

VII. CONCLUSION

A two factor authentication approach is employed for the authentication and authorization of the

client, which increase the confidentiality and integrity of the data. One time password to authenticate

users and MD5 hashing for hiding information. This model ensures security for whole cloud

computing structure. In this paper we propose different ways to securely and easy login to a cloud

service using OTPs with the user's mobile phone as an authentication device. AES encryption

technique is used for data storing security in cloud. With the authentication, registration and

encryption method proposed and implemented in this paper, all of those factors are accomplished.

Algorithms like AES, MD-5 and OTP with multi-auth app makes the model highly secure.

REFERENCES

[1] Nandini Mishara, Kanchan Khushwha, Ritu Chasta, Er. Abhishek Choudhary, “Technologies of

Cloud Computing – Architecture Concepts based on Security and its Challenges, International

Journa of Advanced Research in Computer Enginering and Technology (IJARCET), Volume 2,

Issue 3, March 2013

[2] R. Kalaichelvi et al., "Research Challenges and Security Issues in Cloud Computing",

International Journal of

Computational Intelligence and Information Security, Vol. 3, No. 3 pp 42-48, March 2012

[3] C.W. Lin, J. J. Shen, and M. S. Hwang, "Security enhancement for optimal strong password

authentication protocol," ACM Operating Systems Review, vol. 37, no. 2, pp. 7-12, April 2003.

[4] W. C., Ku, "A hash-based strong-password authentication scheme without using smart card"

ACM Operating Systems Review, vol. 38, no. 1, pp. 29-34, Jan. 2004.

[5] A.Saxena, “Dynamic Authentication: Need than a Choice”, Communication Systems Software

and Middleware and Workshops, 2008. 3rd International Conference, 10 (1) (2008), 214, IEEE

conference.

[6] Jing-Jang Hwang, Taoyuan, Taiwan,Yi-Chang Hsu, Chien-Hsing Wu, “A Business Model for

Cloud Computing Based on a Separate Encryption and Decryption Service”, International

Conference on Information Science and Applications (ICISA), pages 1-7, [2011].

[7] Ronald Rivest, “MD5 Message-Digest Algorithm”, rfc 1321, April 1992.

[8] S.Zhang & X. Chen,“ The Comparison Between Cloud Computing and Grid Computing”,

Computer Application and System Modeling (ICCASM), 2010 International Conference. 22- 24

Oct . 2010. Page (s) : V11-72.

[9] Joan Daemen, Vincent Rijmen,“Announcing the Advanced encryption standarad(AES)”,Federal

Information Processing Standards Publication 197, November 26, 2001.

Strengthen Cloud Computing Security with Enhanced Two Factor ... · This paper organized in...

Documents

Transcript of Strengthen Cloud Computing Security with Enhanced Two Factor ... · This paper organized in...