Cloud Computing Security Using Secret Sharing Algorithm over. SingleTo Multi-Clouds. Pachipala Yellamma, Dr.Challa Narasimham, Dr.B.V.Subbarao,.
International Journal
Of Latest Research In Engineering Management (IJLREM)
Cloud Computing Security Using Secret Sharing Algorithm over SingleTo Multi-Clouds Pachipala Yellamma, Dr.Challa Narasimham, Dr.B.V.Subbarao, M.Tanooj Kumar Research scholar Bharathiar University Prof & HOD, SR engineering college, Warangal Prof &IT dept Pvpsit, Vijayawada Dept.of.computer science, Krishna University
Abstract: Cloud computing,in now days it is been playing a crucial role in terms of data storing and reducing the overall cost to entrepreneurs. But most of them worried about security; mostly they used to keep the data in single cloud. As users often store sensitive information with cloud storage providers but these providers may be untrusted. A movement towards “multi-clouds”, or in other words, “interclouds” or “cloud-of-clouds” has emerged recently.This paper focuses on use of multi clouds and data security and reduce security risks and affect the cloud computing user using Shamir‟s Secret sharing algorithm. A model to securely store information into the cloud, by splitting secret (data) into several chunks and storing parts of it on multiple cloud providers. Where some of the parts or all of them are required in order to reconstruct the data. If we‟re going to Count all participants to combine together the secret might be impractical, and therefore sometimes the threshold scheme is used where any‟ k‟ of the parts are sufficient to reconstruct the original secret. Our approach preserves security and privacy of user‟s sensitive information by replicating data across multiple clouds, using a secret sharing approach that uses Shamir‟s secret sharing algorithm. This model avoids the negative effects of a single cloud and reduces the consequences of encryption techniques. Keywords: Computing, Multi-Clouds, Secret Sharing Algorithm, MD5, Security
INTRODUCTION Cloud sources should address privacy and security issues as a matter of high and vital priority. Dealing with “single cloud” providers is becoming less popular with customers due to potential problems such service availability failure and the opportunity that there are malicious insiders in the single cloud. In current years, there has been a move towards “multiclouds”, “intercloud” or “cloud-of-clouds”. As data and information will be shared with a third party, cloud computing users want to keep away from an untrusted cloud provider. Cloud computing providers should address privacy and security as matter for higher and urgent priorities. The dealing with “single cloud” providers is becoming less popular service with customers due to potential problems such as service availability failure for some time and malicious insider‟s attacks in the single cloud. So now single cloud move towards multi clouds, inter clouds, or cloud of clouds[1]. Aim of the paper the data security aspect of cloud computing,data and information will be shared with a third party without any hacks. Every cloud users want to avoid untreated cloud provider for personal and important documents such as debit/credit cards details or medical report from hackers or malicious insiders is the importance.[3]It supply secure cloud database that will prevent security risks. We apply multi clouds concept using Shamir‟s Secret Sharing algorithm that is reduce risk of data intrusion and loss of service availability for ensuring data. II.PROPOSED SYSTEM This paper has as prime focus the issues related to the data security aspect of cloud computing. Since users share information with a third party, they want to avoid untrusted cloud computing providers by protecting private and sensitive information, such as credit card details or patient‟s medical records from attackers or malicious insiders. To this end, we propose a multi-cloud database model which uses multiple cloud service providers to store data. The purpose of the model is to address security and privacy risks in the cloud computing environment
| Vol. 01 | Issue 01 | April 2016 | 20 |
International Journal
Of Latest Research In Engineering Management (IJLREM)
Fig 1: Proposed system Architecture. III.OBJECTIVES OF MULTI-COULD ARCHITECTURE 1) Data Integrity: One of the most important issues related to cloud security risks is data integrity. The data stored in the cloud may suffer from damage during transition operations from or to the cloud storage provider. Use of Byzantine fault-tolerant replication protocol works well for data corruption caused by some components in the cloud. The MD5 File Validation feature provides a technique for users to check that files on the cloud are not corrupted or tampered[8]. 2) Service Availability: Service availability is another major concern in cloud services. The service unavailability can happen due to corruption of data, vender lock-in, and possibility of malicious insiders in the single cloud, breakdown of hardware, software or system infrastructure. Replication of data in multiple clouds improves user data availability probability. 3) Confidentiality: This is forbidding the improper disclosure of information. User‟s important data like passwords, credit card numbers etc. should be kept secret in transit over internet and during storage or retrieval from cloud. This is done using encryption technique named Shamir‟s secret sharing scheme, which reduces risk of intrusion as hackers need to retrieve all the information from the cloud providers to know the real value of the data in the cloud. IV. ALGORITHM USED The secret sharing scheme is said to be perfect if no proper subset of shares leaks any information regarding the secret. The secret is some data D (e.g., the safe combination) and in which non mechanical solutions (which manipulate this data) are also allowed.[3][2] 1.Our goal is to divide D into n pieces D1, …..Dn in such a way that D is easily reconstruct able from any k pieces. (a) Knowledge of any k or more Di pieces makes D easily computable. (b) Knowledge of any k - 1 or fewer Di pieces leaves D completely undetermined (in the sense that all its possible values are equally likely). 2. This scheme is called a (k, n) threshold scheme. If k=n then all participants are required together to reconstruct the secret. 3. Suppose we want to use (k,n) threshold scheme to share our secret D where k < n. 4. Choose at random (k-1) coefficients a1, a2,a3…ak-1 , and let D be the a0 which is the secret [7]. A Simple (k, n) Threshold Scheme Our scheme is based on polynomial (*) interpolation: given k points in the 2-dimensional plane (x1, y1), ... (xk, yk) with distinct xi's, there is one and only one polynomial f(x) of degree k - i such that f(xi) = yi for all i. (*) The polynomials can be replaced by any other collection of functions which are easy to evaluate and to interpolate. Without loss of generality, we can assume that the data D is (or can be made) a number. To divide it into pieces Di, we pick a random k - 1 degree polynomial In which a[0] = D, and evaluate: D1 = q(1), ..., Di = q(i), ..., Dn = q(n). Given any subset of k of these pairs, we can find the coefficients of the polynomial by interpolation, and then evaluate a0=D, which is the secret. Knowledge of just k - 1 of these values, on the other hand, does not suffice k 1 in order to calculate D. f ( x) a0 a1x a2 x2 ..... ak 1 Some of the useful properties of this (k, n) threshold scheme are:
| Vol. 01 | Issue 01 | April 2016 | 21 |
International Journal
Of Latest Research In Engineering Management (IJLREM) (1) The size of each piece does not exceed the size of the original data. (2) When k is kept fixed, Di pieces can be dynamically added or deleted without affecting the other D, pieces. (3) It is easy to change the Di pieces without changing the original data D -- all we need is a new polynomial f(x) with the same free term. A frequent change of this type can greatly enhance security since the pieces exposed by security breaches cannot be accumulated unless all of them are values of the same edition of the f(x) polynomial. (4) By using tuples of polynomial values as Di pieces, we can get a hierarchical scheme in which the number of pieces needed to determine D depends on their importance. For example, if we give the organization president three values of f(x), each vice-president two values of f(x), and each executive one value of f(x), then a (3, n) threshold scheme enables checks to be signed either by any three executives, or by any two executives one of whom is a vice-president, or by the president alone.
MATHEMATICAL IMPLEMENTATION The mathematical implementation of Secret Sharing algorithm can be understood with the help of a simple example as given by Md Kausar et .The generalized idea is as follow: • We choose at random (k-1) coefficients i.e. a1…ak-1 • We divide our secret data „S„by picking a random degree polynomial k 1
f ( x) a0 a1x a2 x2 ..... ak 1
Where a0=‟S„(i.e the data).Now if we wish to divide the data into n parts, we will substitute „n„different values of x in the polynomial f(x) and obtain „n „such sets of (x, y), here y is nothing but our polynomial f(x). [6] The essential idea of Adi Shamir's threshold scheme is that 2 points are sufficient to define a line, 3 points are sufficient to define a parabola, 4 points to define a cubic curve and so forth. That is, it takes „k‟ points to define a polynomial of degree „k-1‟.Select „k„ such sets, any k combination of the available n parts will generate the same result. The value in these sets are meaningless alone, it is only when „k„ sets are brought in together and further worked upon that we get our secret back. These „k‟ instances of original polynomial are processed using Lagrange polynomials. The Lagrange basis is:
Substitute the values of x from the selected „k„sets into the Lagrange basis and we obtain „k„fractional equations for the same. Finally on taking summation of the equations obtained from Lagrange basis and y form the selected „k„sets, we get back our original polynomial. The summation can be represented mathematically as:
The above explanation helps in understanding the working of the secret sharing algorithm. When done manually the entire calculation can be done in minutes, while on implementation, as the microprocessor technology has elevated its level to a new high, thousands of such calculations can be done in seconds. Example: The following example illustrates the basic idea. Note, however, that calculations in the example are done using integer arithmetic rather than using finite field arithmetic. Therefore the example below does not provide perfect secrecy, and is not a true example of Shamir's scheme.
| Vol. 01 | Issue 01 | April 2016 | 22 |
International Journal
Of Latest Research In Engineering Management (IJLREM)
Graphic-representation
of
a
degree-2
polynomial and its shares.
Fig2: Shamir‟s secret sharing scheme
V.PROCESS OF SHARING SECRET SCHEMA IN MULTI CLOUD They may be case that data is lost due to some disaster befalling the cloud service provider. So we can replicate data on more than one cloud. We can apply encrypt technique before uploading data to the cloud. Again each
| Vol. 01 | Issue 01 | April 2016 | 23 |
International Journal
Of Latest Research In Engineering Management (IJLREM) cloud will have the same file, which is not secure. So here secret sharing algorithm can be to reduce the risk of data intrusion and the loss of service availability in the cloud. Whenever user wants to upload to cloud, message digest of that file is created and stored in local database with upload details .Then the check for available cloud is done using Byzantine fault-tolerant replication protocol.[2] The Byzantine protocols need a set of storage clouds (n), n = 3f +1, and maximum number of clouds which could be faulty is f. Each file is encrypted and secrete is generated, with the help of Shamir‟s Secrete sharing scheme „n‟ secret parts are generated all parts are
stored at different places that is clouds. Fig. 3: Block Diagram of Proposed System Message Digest concept MD5 is used for ensuring integrity of data at the time of download phase by comparing MD5 of original file, stored at the time of upload and MD5 generated at the time of download. Data from different cloud can be retrieved only by applying reconstruction algorithm on few (threshold based) or all of the secrete shares from those different clouds. This strongest encryption mechanism is put forward by Adi Shamir based on the idea that two points are sufficient to depict line uniquely, three points to define parabola so on. Based on this at least k points are required to reconstruct a polynomial of degree k-1. This is strongest security scheme, as does not give any knowledge about original data even to the cloud service provider.
Fig 4: Process of Secure Data Storage &Retrieval using Secret Sharing in Multi-cloud.
In this paper, we introduce a model of different architectural patterns for distributing resources to multiple cloud providers. This model is used to discuss the security benefits and also to classify existing approaches. [5]In our model, we distinguish the following four architectural patterns:[4] •
Replication of applications allows to receive multiple results from one operation performed in distinct clouds and to compare them within the own premise. This enables the user to get evidence on the integrity of the result.
| Vol. 01 | Issue 01 | April 2016 | 24 |
International Journal
Of Latest Research In Engineering Management (IJLREM) •
Partition of application System into tiers allows separating the logic from the data. This gives additional protection against data leakage due to flaws in the application logic.
•
Partition of application logic into fragments allows distributing the application logic to distinct clouds. This has two benefits. First, no cloud provider learns the complete application logic. Second, no cloud provider learns the overall calculated result of the application. Thus, this leads to data and application confidentiality.
•
Partition of application data into fragments allows distributing fine grained fragments of the data to distinct clouds. None of the involved cloud providers gains access to all the data, which safeguards the data‟s confidentiality
VII. CONCLUSION Multi-cloud systems are used to share resources among different cloud environment. The resource sharing process is handled with partitioned data and service model. Secure Multiparty Computation (SMC) and Secret Sharing (SS) algorithm are used to improve the cloud security. In multi-cloud data is replicated so available even if on cloud fails. Integrity of data is also maintained in our proposed work by making use of MD5.We are making use of strongest cryptographic algorithm named Shamir‟s secrete sharing algorithm, which has number of advantages including security, client-side aggregation. The key conclusion is that proposed work provides confidentiality, data integrity, improved availability and capacity to handle multiple requests at a time. REFERENCES [1].Pachipala Yellamma”Data Security In Cloud UsingRSA“2013IEEE International Conference on Computing, Communication and Networking Technologies, published in IEEE Explore Digital library2013PrintISBN978-14799-3925-1. [2].Yellamma P, “Performance Evaluation of Encryption Techniques and Uploading of Encrypted Data in Cloud” 2013IEEEInternational Conference on Computing, Communication and Networking Technologies, published in IEEE Explore Digital library2013PrintISBN978-1-4799-3925-1. [3].www.eit.lth.se/fileadmin/eit/courses/edi051/lecture_notes/LN8.pdf. Secret Sharing Schemes. [4].Pachipala Yellamma” Intelligent Data Security In Cloud Computing” International Journal of Current Engineering and Technology, Vol.4, No.1(February 2014), E-ISSN 2277-4106,P-ISSN 2347-5161. [5]. Priyanka Pareek” Cloud Computing Security from Single to Multi-clouds using Secret Sharing Algorithm” International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), Volume 2, Issue 12, December 2013. [6].SecretSharing”en.wikipedia.org/wiki/Secret_ sharing. [7].Pachipala Yellamma” Data Security In Cloud Computing Environment Using SSL Protocol” International Journal Of Scientific Research And Education, Volume-2, Issue-10, Pages-2141-2148 October-2014 ISSN (e): 2321-7545 . [8]. Mohammed A. AlZain ” Cloud Computing Security: From Single to Multi-Clouds “2012 45th Hawaii International Conference on System Sciences
| Vol. 01 | Issue 01 | April 2016 | 25 |
