An improved approach for Enhancing Public Cloud ...

Download PDF
7 downloads 40031 Views 482KB Size Report
Comment
Security,Mediated. Certificateless encryption,Key generation Center(KGC),Security ... applications are the best examples of cloud storage services. Cloud model ...
An improved approach for Enhancing Public Cloud Data Security through Steganographic Technique Mohis M

Devipriya V S

M.Tech, Computer Science and Engineering Mar Baselios College of Engineering Trivandrum, India E-mail: [email protected]

Assistant Professor, Dept. of CSE Mar Baselios College of Engineering Trivandrum, India E-mail: [email protected]

Abstract— Cloud is simply a network of computers. It refers to a network of computers owned by one person or company, where other people or companies can store their data. In personal machines, every relevant data is stored in a single physical storage device. Cloud storage refers to a virtual storage area that can span across many different physical storage devices. When cloud storage is used, some of the files would be stored in various physical servers located at far away countries. Since most users do not know where their physical files are, using cloud storage can be thought of as a vague, untouchable thing like a cloud itself. One of the major issues faced by user while dealing with cloud storage is security of the data. Many of encryption schemes mainly attribute based and other hierarchical based are implemented to provide data confidentiality and access control to cloud storage where they are failed to address the security issues inside cloud. The proposed system includes a Mediated certificateless encryption which is an advanced encryption scheme that offers more security to the cloud data sharing and a steganographic method which enhances the security of data inside the cloud. Steganography approach reduces the falsification of unauthorized users. By implementing mediated certificateless encryption with steganography shows the performance of the system is better in comparison with other schemes and also embedding the secret text inside the noise using Least Significant Bit image embedding technique which protects the data from the attackers. Keywords—Cloud Computing,Data Security,Mediated Certificateless encryption,Key generation Center(KGC),Security Mediator(SEM),Partial decryption, Steganography.

I. INTRODUCTION Cloud storage means storage of data online in the cloud [11].The advantage of using cloud storage are their reliability, faster distribution, higher security for backup, crash reestablishment purpose, less cost for storage. Cloud computing is the delivery of computing services over the network. One of the major services provided by cloud environment is organizations and individuals can manage their data by using hardware or software. These are provided by third party service providers at remote locations. Online file storage, social networking sites, webmail, and online business applications are the best examples of cloud storage services. Cloud model grants information access along with resource

computation from anyplace where a internet connection is accessible. U.S. National Institute of Standards and Technology (NIST) has developed a new definition for cloud computing as[12]: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction [12].Cloud model build up the availability of users which have five necessary characteristics along with three service models and three deployment models. Different cloud characteristics include on-demand self service, broad network access, resource pooling, rapid elasticity and measured service. Major characteristics of cloud computing includes ondemand services that is each user or organization can manage their data through cloud storage. Out of the three main deployment models (public, Private and hybrid).Most of the organizations chooses public cloud storage for managing their data. Widely used public cloud services are Microsoft Skydrive, Google Cloud, and Dropbox etc. Because of the boundless usage of cloud storage models, the public cloud storage must offer the security as well as confidentiality to the sensitive data. One of the best ways to protect sensitive data inside cloud is encipher the data before sending to the cloud thereby data inside the cloud must be protected. That’s how the keys that are used for encrypting is didn’t known to the cloud. Therefore the security and confidentiality of the secret data can be persuading. In this paper first we proposed a mediated certificateless public key encryption (mCL-PKE) scheme without pairing operations, Previous mediated certificateless encryption is inefficient because of expensive pairing operations. In the proposed system the data owner encipher the data before uploading it into the cloud. Here the owner encipher the key one time and also provides certain additional data regarding authorized users thereby the cloud mediator can recognize the legitimate users.

Methods used in this paper are described as given below: 





The work introduces a mediated certificateless encryption technique which provides the precise security to data stored in the public cloud. Unlike conventional encryption schemes, Mediated certificateless encryption in cloud contains a Key Generation Centre (KGC) which generates the keys for user and data owner. And an additional security provider that is Security mediator (SEM) which checks the access control list of authorized users. Embedding module where the sensitive data will be embed inside an image and uploading to the cloud using LSB encoding. This method will provide additional security to the data. When an attacker comes to know the secret data inside the cloud, he can visible the image only. By evaluating the performance of the mediated certificatelss scheme with steganographic hiding will results that it can be practically enforced in the public cloud for the data sharing makes more secure.

The rest portions of this paper includes as follows: Section 2 describes the related works that is proposed before. Section 3 contains the overall view of the proposed system .Section 4 proposes an efficient method to secure data sharing in public cloud. Section 5 shows the performance of the method that proposed and concludes the paper in Section 7.

II. RELATED WORK There are many different encipherment methods proposed to increase the security of data inside public cloud storage. In 2003, Al-Riyami and Patterson [13] proposes the method Certificateless Public Key Cryptography (CLPKC).CL-PKC is based on bilinear pairings. In comparison with other standard encryption schemes CL-PKC [13] requires high computational cost. Here the key escrow problem is solved. To avoid this issue the above method provides the right of using user’s public key without certificate. Pairing operation cost is computationally high so this is not an efficient method. Certificateless Public Key Encryption (CLPKE) schemes don’t address the key revocation problem. Most of the CL-PKE schemes still having the key revocation problems and computation cost is high. Therefore Y.Sun, F.Zhang, and J.Baek [14] proposed a heavily secure CL-PKE without pairing operations. In case of Public key cryptography there doesn’t considering the private key therefore it is no longer secure. To address these problems, Mediated certificateless encryption [15] is introduced by Chow, Sherman SM, Colin Boyd, and Juan Manuel Gonzalez Nieto in 2013[15].This method supports immediate revocation. In this method a security mediator module which controls all the

process that are taken place. It can take an immediate action if the user’s public key is revoked. There arises some certificate revocation problem. The proposed system with steganographic method assures the security against partial decryption attacks. There are many functional encryption schemes [16] also proposed. It allows user to encode a random difficult access control policy with sensitive data. A user who is satisfying the access control policy can only be decrypted the message. Some publicly achieved values are taken as public key for example some IDs that bind to the users. One of the major functional encryption scheme is attribute based encryption (ABE) [17] proposed by Goyal, V., Pandey, O., Sahai, A., & Waters, B. in 2006.This type of encryption is carried out using a public index. In ABE user keys are defined by a set of attributes which are owned by the users. This scheme supports more expressive access control policies. Some extensions of ABE encryption are Key Policy ABE (KP-ABE) and Ciphertext Policy ABE (CP-ABE) [18].Main disadvantage of this scheme is rekeying operations are required to update each operation performed by the user. Predicate encryption schemes [19] [20] without public index preserves privacy of access control policies that given by the users. In comparison with standard encryption schemes predicate encryption have finite expressibility. In case of symmetric key based systems different keys are used for encrypting the data items. These keys are given before to the user .After the encryption phase data will be broadcasting to all the users. This method doesn’t offers forward and backward secrecy of keys. To overcome this drawback Shang, N., Nabeel, M., Paci, F., & Bertino, E. [22] proposed an efficient privacy preserving Shang, privacypreserving approach to policy-based content dissemination. This preserves the privacy of the users who all are included in it. Expressive access control policies is not assures in this scheme. A method which supports fine-grained access control policy is proposed by Nabeel, M., Shang, N., & Bertino, E. [22] in 2013.Instead it solves key management issues but there arises the problem of key escrow. A method which supports compound attributes and efficient revocation is proposed by Wan, Z., Liu, J. E., & Deng, R. H. [4] in 2012.that is HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control[4] [24]. It have a hierarchical structure and offers multiple value assignments thereby the user revocation problem can be resolved. Because of the hierarchical all attributes are in same conjunctive clause therefore it`s not practical to implement. In 2014 a DFA based functional proxy re-encryption is proposed by Liang, K., Au, M. H., Liu, J. K., Susilo, W., Wong, D., Yang, G.& Xie, Q. In this method a Proxy Re-Encryption scheme (PRE), that is Deterministic Finite Automata Based Functional PRE (DFA-based FPRE). Here the plain text is enciphered with cipher text related to a random length string which is then decrypted when DFA related to a person’s private key receives the string .The encryption will be carried out if and only if the DFA tagged with the user keys accepts string associated with the user. In this scheme grants the data owner to encipher the message

using the encryption key correlated with the arbitrary length string.This method is not efficient because proxy keys are revealing to all the users simultaneously. Some of the data embedding methods [25] are introduced to address the security issues inside the cloud storage.Jsteg [26], F5 [27], LSB [28] are the mostly used methods to hide secret data. The major objective of embedding the secret data into an image is for improving the performance of the storage and also providing high security. Through this approach it is possible to hide large amount of data without affecting the compression efficiency as well as security. III. SYSTEM OVERVIEW

This section describes the proposed system for cloud data security using mediated Certificatelss Public Key Encryption (mCL-PKE) scheme and Steganographic approach. The main purpose of this scheme is to protect the sensitive data inside cloud. Nowadays cloud storage is acts as a secure storage system which provides organizations to upload their sensitive contents. In the proposed system which is an improved method contains the mCL-PKE as well as a steganographic hiding phase which gives more security. Different entities included in the proposed system are user, data owner, Key Generation Centre (KGC), Security Mediator (SEM), Embedding module contains Least Significant Bit (LSB) [28] algorithm and a cloud platform, here it is Dropbox [29]. When the organizations wants to connect with the cloud there must be a data owner with sensitive content. The data owner uploads the sensitive data to the cloud after the encryption process. Mediated Certificatelss encryption is a seven-tuple encryption= (Set_Up, Set_Private_Key, Set_Public_Key, SEM_Key_Extract, Encrypt, SEM_Decrypt, User-Decrypt).In proposed system SetUp operations is performed by the user whom generates a public key and a private key. Cloud deployment also performed using Dropbox [29].SetPrivateKey operations is performed by the user where the private key keep the user itself and the algorithm runs at the user side. SetPublicKey Phase the user gives the public key to the Key Generations Centre with user’s Identity. After receiving the public key along with the user’s identity SEM key extraction will be carried out. Then the data owner encrypts the data and uploads it into the cloud.When an authorized user request to the cloud for the sensitive data the SEM partially Decrypts the data and transferred to the cloud. No complete decryption is carried out inside the cloud. In user decrypt the user fully decrypt the data using its own private key generated in the beginning. Figure 1 shows the overall system with enhanced security in Public cloud. The proposed system consists of three different modules such as registration module, Cloud module and Embedding module.

Fig 1. Overall System with enhanced Security

IV. IMPLEMENTATION OF PROPOSED SYSTEM

The proposed system offers high security to the sensitive data in the public cloud. In this scheme Mediated Certificateless encryption as well as data embedding helps to improve the efficiency of privacy and Security. A. Registration Module In registration module either owner or user registration is taken place with the cloud. User generates the public key and private key. Public key will be transferred to the Key Generation Centre private key is keeping itself for the final decryption. Owner registration is taking place with the cloud before uploading the sensitive data with the cloud. User generates the key using the following steps: 1. Pick 2 equal sized random prime numbers, m and n and calculate their products as p=mn 2. Calculate φ = (m-1) (n-1). 3. Find gcd(pu, φ) where pu is an integer such that 1 < pu < φ. 4. Calculate the private exponent pr;1 < pr < φ, such that puXpr ≡ 1 (mod φ). 5. The public key is (p, pu) and the private key (pr, m, n). Preserve all the above values as secret.

Then the user exchanges the keys with its identity to the KGC. Then KGC will in turn generate keys for SEM and data owner.

B. Cloud Module Cloud deployment is done using Dropbox [29].It is a widely used Public cloud model. Most of the companies choose Dropbox to managing their data. Inside the Cloud module there are three entities such as Encrypted storage where all the data is stored. Data owner encrypts the data before uploading to the cloud. A key Generation Centre where the keys are generated for user as well as data owner. Security Mediator checks the authenticity of users and partially deciphers information to public. Partial homomorphic algorithm [30] works as follows:

4.00GBytes memory. The proposed system is implemented using Java NetBeans IDE 7.1 and wamp server. In this improved approach where the single encryption is performed by the data owners and allows the authorized users to take off the data. A comparison of encipherment and decipherment time for basic and improved techniques is plotted. Figure 2 shows that the users who can access data is increased to 10 to 50 in the enhanced scheme. Then the message length is fixed to 1024 bits and size to 16KB.Ithat is clear the people who can access the data is increasing. For the decryption algorithm performance is shown in figure 3.There also clear that our improved scheme is efficient than other conventional methods.

Key_Gen: For some interval i ∈ [2n−1, 2 n] key will be an odd number

Encrypt (i, b): For the encipherment of a bit b.Compute the cipher text as an integer where residue mod i will have same parity as original message. Compute ci= ix+2y+b Where x,y are the integers that are randomly chosen. and 2y< i/2 Decrypt (i, ci): Output (ci mod i) mod 2. If a user requests some data to the cloud SEM checks the authenticity of the user then if it is legitimate one then SEM will partially decrypts the content and given to the user. Users then fully decrypt the data using its own private key. No fully decryption is carried out inside the cloud and also no keys are revealing to the cloud.

Figure 2. Enhanced Security scheme

C. Embedding Module In this module the sensitive data will be embed with an image before uploading it into the cloud. This method assures more security. Since an attacker come to know the sensitive content it will be invisible and only the image will be visible. The proposed method contains the Least Significant Bit(LSB)[28] Algorithm for hiding the data into image. Using the embedding method data will be hidden using an image and transferred to the encrypted storage in the cloud through the data owner. When a user request comes cloud will partially decrypt the data and then the user will fully decrypt the content thereby the security must be preserved. V. RESULTS AND DISCUSSION Here describes the experimental results of the proposed system and the discussions based on the results are given below: Experiments are carried out on a system running 64 bit with an Intel®Core™i3-3217U CPU @ 1.80GHz and

Figure 3: Comparison of decryption.

VI. CONCLUSION This paper proposes a mediated certificateless encipherment scheme which is a public key encryption scheme. It provides explicit security to the public cloud. This method in the public cloud solves the key escrow problem as well as certificate revocation problem. In addition to this encryption scheme here included an embedding module for enhancing the security. In this method the sensitive data

shared by the organizations is hiding inside an image thereby the secret data will be hidden to the attackers. Only the image will be visible to the unauthorized users thereby the security can be enhanced. When different users are using same policies of access control then this method can perform encipherment only once for each information. Hence the overall overhead at the owner side can be reduced. Embedding module with Steganography reduces illegal access of attackers on the sensitive data VII. ACKNOWLEDGMENT We would like to thank God for all the help rendered in choosing and grasping information. I would like to thank my college for helping me with all the resources and my family members who have been very patient and supportive during this work.

REFERENCES [1] [2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11] [12] [13]

[14]

[15]

[16]

Seo, S. H., Nabeel, M., Ding, X., & Bertino, E. (2014). An efficient certificateless encryption for secure data sharing in public clouds. IEEE Transactions on Knowledge and Data Engineering, 26(9), 2107-2119. Shang, Ning, Mohamed Nabeel, Federica Paci, and Elisa Bertino.``A privacy-preserving approach to policy-based content dissemination.`` In Data Engineering (ICDE), 2010 IEEE 26th International Conference on, pp. 944-955. IEEE, 2010. Nabeel, Mohamed, and Elisa Bertino. ``Privacy-Preserving Fine-Grained Access Control in Public Clouds.`` IEEE Data Eng. Bull. 35, no. 4 (2012): 21-30. Wan, Z., Liu, J. E., & Deng, R. H. (2012). HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing.Information Forensics and Security, IEEE Transactions on, 7(2), 743-754. Chow, Sherman SM, Colin Boyd, and Juan Manuel González Nieto.``Security-mediated certificateless cryptography.`` Public Key Cryptography-PKC 2006. Springer Berlin Heidelberg, 2013. 508-524. Liang, K., Au, M. H., Liu, J. K., Susilo, W., Wong, D., Yang, G., ... & Xie, Q. (2014). A DFA-based functional proxy re-encryption scheme for secure public cloud data sharing. Information Forensics and Security, IEEE Transactions on, 9(10), 1667-1680. Xue, Kaiping, and Peilin Hong.``A Dynamic Secure Group Sharing Framework in Public Cloud Computing.`` Cloud Computing, IEEE Transactions on 2.4 (2014): 459-470. Nabeel, Mohamed, and Elisa Bertino."Privacy Preserving Delegated access control in Public clouds." Knowledge and Data Engineering, IEEE Transactions on 26.9 (2014): 2268-2280. Seo, Seung-Hyun, et al. "An efficient certificateless encryption for secure data sharing in public clouds." Knowledge and Data Engineering, IEEE Transactions on 26.9 (2014): 2107-2119. Kamara, Seny, and Kristin Lauter. "Cryptographic cloud storage." Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2010. 136-149. http://www.webopedia.com/TERM/C/cloud_storage.html http://www.nist.gov/itl/cloud/ Al-Riyami, Sattam S., and Kenneth G. Paterson. "Certificateless public key cryptography." Advances in cryptology-ASIACRYPT 2003. Springer Berlin Heidelberg, 2003. 452-473. Sun, Yinxia, Futai Zhang, and Joonsang Baek. "Strongly secure certificateless public key encryption without pairing." Cryptology and Network Security. Springer Berlin Heidelberg, 2007. 194-208. Chow, Sherman SM, Colin Boyd, and Juan Manuel González Nieto. "Security-mediated certificateless cryptography." Public Key Cryptography-PKC 2006. Springer Berlin Heidelberg, 2006. 508-524. Boneh, Dan, Amit Sahai, and Brent Waters. "Functional encryption: Definitions and challenges." Theory of Cryptography. Springer Berlin

Heidelberg, 2011. 253-273. [17] Goyal, V., Pandey, O., Sahai, A., & Waters, B. (2006, October). ] Attribute-based encryption for fine-grained access control of encrypted data. InProceedings of the 13th ACM conference on Computer and communications security (pp. 89-98). Acm. [18] Bethencourt, John, Amit Sahai, and Brent Waters. "Ciphertext-policy attribute-based encryption." Security and Privacy, 2007. SP'07. IEEE Symposium on. IEEE, 2007. [19] Bellare, Mihir, Kenneth G. Paterson, and Susan Thomson. "RKA security beyond the linear barrier: IBE, encryption and signatures." Advances in Cryptology–ASIACRYPT 2012. Springer Berlin Heidelberg, 2012. 331-348. [20] Blundo, C., Iovino, V., & Persiano, G. (2009). Private-key hidden vector encryption with key confidentiality. In Cryptology and Network Security (pp. 259-277). Springer Berlin Heidelberg. [21] Blom, R. (1984, April). An optimal class of symmetric key generation systems. In Advances in cryptology (pp. 335-338). Springer Berlin Heidelberg. [22] Shang, N., Nabeel, M., Paci, F., & Bertino, E. (2010, March). A privacy-preserving approach to policy-based content dissemination. In Data Engineering (ICDE), 2010 IEEE 26th International Conference on (pp. 944-955). IEEE. [23] Nabeel, M., Shang, N., & Bertino, E. (2013). Privacy preserving policy-based content sharing in public clouds. Knowledge and Data Engineering, IEEE Transactions on, 25(11), 2602-2614. [24] Goyal, V., Pandey, O., Sahai, A., & Waters, B. (2006, October). Attribute-based encryption for fine-grained access control of encrypted data. InProceedings of the 13th ACM conference on Computer and communications security (pp. 89-98). Acm. [25] Ma, K. L., Zhang, W., Zhao, X., Yu, N., & Li, F. (2013). Reversible data hiding in encrypted images by reserving room before encryption. Information Forensics and Security, IEEE Transactions on, 8(3), 553-562. [26] Kodovský, J., & Fridrich, J. (2010). Quantitative structural steganalysis of Jsteg. Information Forensics and Security, IEEE Transactions on, 5(4), 681-693. [27] Fridrich, J., Goljan, M., & Hogea, D. (2002, October). Steganalysis Of JPEG images: Breaking the F5 algorithm. In Information Hiding (pp. 310-323). Springer Berlin Heidelberg. [28] Johnson, N. F., & Jajodia, S. (1998). Exploring steganography: Seeing the unseen. Computer, 31(2), 26-34. [29] https://www.dropbox.com/ [30] Van Dijk, M., Gentry, C., Halevi, S., & Vaikuntanathan, V. (2010). Fully homomorphic encryption over the integers. In Advances in cryptology–EUROCRYPT 2010 (pp. 24-43). Springer Berlin Heidelberg.