ABSTRACT:

 

In cloud computing security is a
major issue facedby cloud providers, in existing scheme the security is
provided as follows, the sender is allowed to transmit a data through cloud
storage server protected by double encryption with two security keys, one key
is created based on identity of the receiver or public key at sender side to
generate first-level cipher-text and another key is stored in the security
device issued by SDI(Security Device Issuer) shared with cloud storage systems
to originate second-level cipher-text, receiver decrypts the cipher-text using
private key and security device provided by PKG(Private Key Generator) and SDI
respectively. In the proposed scheme, sender uploads a file in the cloud and
encrypts using the public key, and stored in the cloud. File is being shared
with other people in the cloud. Receiver is able to access the file only when
they pass two-step process, user need to select the correct images registered
which is stored in encrypted form in the cloud storage, as well as entering the
code which is sent to a mobile application only when they logged into the
application by scanning the QR code displayed in the cloud. Once the user
passes these steps the shared document is decrypted using a key generated by
Key generator, user can download the shared file. For each step maximum
attempts provided are three, if the user is unable to login during these
attempts, the user will be locked. A notification facility is included in this
system, which notifies an alert message via e-mail to the concerned user if
they cross more than two attempts or any intruder is trying to access the file.
Performance of the system in the cloud environment is analyzed. In this paper, we
propose also a two-factor data security protection mechanism with factor
revocability for cloud storage system. In our system,  sender allows  to send an encrypted message to a receiver
through a cloud storage server. The sender needs to know the identity of the
receiver but no other information (such as its public key or its certificate). Two
things should be done by receiver in order to decrypt the ciphertext. The first
thing is his/her secret key stored in the computer. The second thing is a
unique personal security device which is connected to the computer. It is
impossible to decrypt the ciphertext without either piece. If  security device is stolen or lost, this device
is revoked. It cannot be used to decrypt any ciphertext. Cloud server will
immediately execute some algorithms to change the existing ciphertext to be
un-decryptable by this device. This process is transparent to the sender and  the cloud server cannot decrypt any ciphertext
at any time.

Keywords-QR Code, encrypted, decrypted, Key generator,
Performance.

 

1.0 INTRODUCTION

 

Cloud computing is a type of
computing over the network, which provides computer processing resources and
data to the cloud consumers on demand. CLOUD  storage 
is a  networked storage system where
data is stored in pools of storage which are generally hosted by third parties.
There are many benefits to use cloud storage. The most notable is data
accessibility. Data stored in the cloud can be accessed at any time from any
place as long as there is network access. Storage tasks, such as purchasing
additional storage capacity and data sharing between users. If Alice wants to
share a piece of data (e.g., a video) to Bob, it may be difficult for her to
send it by email due to the size of data. Instead, Alice uploads the file to a
cloud storage system so that Bob can download it at anytime. Despite its
advantages, outsourcing data storage also increases the attack surface area at
the same time. For example, when data is distributed, the more locations it is
stored the higher risk it contains for unauthorized physical access to the
data. By sharing storage and networks with many other users it is also possible
for other unauthorized users to access your data. This may be due to mistaken
actions, faulty equipment, or sometimes becauseIt
is a model of on-demand access to the shared resources, can be rapidly
delivered to the users with minimal management effort. Cloud storage solution
provides users and enterprises with various facilities such as to store and
process the data. The data is stored in the third party data centers that may
be located anywhere else from the user. A cloud provider is a company that
offers services, namely Infrastructure as a Service (IaaS), then Software as a
Service (SaaS) and Platform as a Service (PaaS) to other enterprises or
individuals.

 

 

                                          Fig.1             Cloud Service

 

 

1.1.  CLOUD SECURITY

 

The major challenge faced by the
cloud providers is to provide security to the confidential data stored in the
cloud storage system. Cloud providers allow the cloud consumers to utilize the
storage capacity allocated to them. Consumers store the file in the cloud by
uploading the file into the cloud account created by them. Once the file is
uploaded, it can be accessed by the consumer anywhere, at any time from
everywhere provided the consumer should have connected to the network. Cloud
consumer share the uploaded files to the other users. Sender of the file sets
access control of the particular file such that it can be accessed by only the
authorized users. This is one of the methodology adopted by the cloud providers
to securely access the file. Other technology adopted by the providers are
using the encryption, such as symmetric and asymmetric encryption. The file
being uploaded by the consumer is encrypted using the public key of the
receiver and stored as an encrypted file in the cloud storage. When this file
is being shared with other users it will be downloaded by the receiver using
the secret key generated for that receiver to decrypt the file such that the
file is made readable to the receiver. This methodology is called as asymmetric
encryption 4. Symmetric encryption technology adopts the same key for
encryption and decryption of the file. In the present trend the factor of
encryption of the data is made wider. Re-encryption (converting the cipher text
(first-factor) generated using IBE (Identity Based Encryption) to another
cipher text (second factor), using the suitable key provided in the form of a
security device such as USB etc.) is implemented at the cloud server to enhance
the security of the confidential data or to make the intruders feel difficult
in order to access the data . This type of re-encryption makes the computation
of the cloud side complex, consumes high band-width. So in order to overcome
the difficulties of two-factor system here we are introducing a new system,
where the file being uploaded to the Amazon cloud is encrypted by a means of
asymmetric technique. The file can be shared with other users in the Amazon
cloud, in such a way that it can be accessed only when the receiver (user)
performs a two-step access control process. First-step consists of suitable
decoy images displayed in the form of grid , user needs to select the images
which are registered with them .Second-step process consists of entering the
secret code sent to the application installed in the security device (Ex: – A
Mobile). Unlike the conventional login method (textual-password) designed in
the application, here we are adopting QR (Quick Response) Code (consist of
black squares arranged in a square grid on a white background, read by the
imaging device) displayed in the cloud, in order to login into the application,
the user needs to scan the QR code with the built-in camera in the security
device through the application. Once it is complete, the user will
automatically log into the application, then a code will be sent to the
application, only when login is successful. At last receiver will download the
file when the two-step process is completed.