Applied Mechanics and Materials Vol. 573 (2014) pp 523-528 © (2014) Trans Tech Publications, Switzerland doi:10.4028/www.scientific.net/AMM.573.523
Online: 2014-06-18
PROCURING THE DROPBOX USING HONEY ENCRYPTION TECHNIQUE Dr.K.Latha1, a*, B.Gowsalya2, b, B.Kannega2, c 1
Assistant Professor, Department of Information Technology, Anna University, Regional CenterThiruchirappalli.
2
Final Year (CSE), Department of Computer Science and Engineering, Anna University, Regional Center- Thiruchirappalli. a
[email protected] [email protected],
[email protected]
Keywords- Cloud Community Portal, Drop box, Spam mail, Honey Encryption.
Abstract- Cloud Computing is the important aspect in Information Technology, which is believed to be suitable for Small business purposes for accessing the resources .Cloud Community portals are used for storing, accessing, synchronizing and for backup the files .The main concern in cloud portal is the security issues in public cloud like Drop box. Drop box are used to access the data whenever needed. In this paper, the attack of Drop box by means of Spam mails is taken into consideration and encryption techniques such as Honey Encryption is used for avoidance of attacks caused by Spam mails such as data stealing, guessing of passwords etc. 1. INTRODUCTION Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. In science, cloud computing is a synonym for distributed computing over a network, and means the ability to run a program or application on many connected computers at the same time. The cloud also focuses on maximizing the effectiveness of the shared resources. Cloud resources are usually not only shared by multiple users but are also dynamically reallocated per demand. This can work for allocating resources to users [1]-[13]. Drop box is a file hosting service that offers cloud storage, file synchronization, and client software. Drop box allows users to create a special folder on each of their computers, which Drop box then synchronizes so that it appears to be the same folder regardless of which computer is used to view it. Files placed in this folder also are accessible through a website and mobile phone applications. DROPBOX CLOUD PORTAL
All rights reserved. No part of contents of this paper may be reproduced or transmitted in any form or by any means without the written permission of Trans Tech Publications, www.ttp.net. (ID: 142.103.160.110, University of British Columbia, Kelowna, Canada-13/07/15,23:17:28)
524
Advancements in Automation and Control Technologies
Drop box provides two way authentication process. Two way authentication is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also a unique code that only user can get via SMS or Call. If an attacker already knows the username and password of the victim's Drop box account, which is protected by twofactor authentication, it is still possible to hack that Drop box account by sending the spam mails. Even if the attackers use the spam mails to steal the data; we have to adopt certain encryption techniques from stealing of such data by using Honey Encryption technique. Honey Encryption is used to protect the user’s data from unauthorized access. The concept involves pulling a bit of deceit against an attacker who has stolen some set of data encrypted with Honey Encryption. The tool produces a cipher text, which, when decrypted with an incorrect key as guessed by the attacker, presents a plausible-looking yet incorrect plaintext password or encryption key. Hackers will often use software that decrypts encrypted data by guessing hundreds of thousands of potential keys. So anytime an incorrect key is tried, the hackers are left with an impossible mess that is distinctly not data and a clear indicator that the key or password was wrong. We can save n password hashes for each user, one that actually contains the real password and n-1 that contain so called honey words (false passwords). The correct password hash is stored at a random index between those honey word hashes. If one of these honey words is used in a login attempt instead of the real password, the server can ban the account, trigger a silent alert or redirect the attacker to a honey pot of some sort. Either way the server will know that the password database has been compromised. To check if the password is real, the server determines the index of the given password hash and contacts another "secure" server which confirms if this is the correct index for this user. An adversary is somehow able to steal the files of password hashes. He may more generally be able to steal the password hash files on many systems or on one system at various times. STATE OF ART Cloud storage provider has confirmed that usernames and passwords stolen from other websites were used to sign in to a small number of Drop box accounts. A stolen password was also used to access an employee Drop box account containing a project document with user email addresses. ISSUES DUE TO SPAM MAILS Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Clicking on links in spam email may send users to phishing web sites or sites that are hosting malware. Spam email may also include malware as scripts or other executable file attachments. Spammers collect email addresses from chat rooms, websites, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. They also use a practice known as "email appending" or "epending" in which they use known information about their target (such as a postal address) to search for the target's email address. Much of spam is sent to invalid email addresses. TWO-FACTOR AUTHENTICATION Drop box is taking steps to improve the safety of accounts even if passwords are stolen, including adding two-factor authentication, implementing automated mechanisms to help identify suspicious activity, and setting a new page that lets users see all active logins to their account. Drop box also recommended that users improve their online safety by setting a unique password for each website they use. As people pile more confidential information onto the web, hackers are being
Applied Mechanics and Materials Vol. 573
525
given a greater incentive to penetrate accounts. The frequency and severity of these data breaches is proving time and time again that users must make better efforts to protect themselves. PROPOSED WORK The proposed work comprises of enhancing the drop box portal by Honey Encryption Technique. Encryption is one of the most effective methods of protecting the data. It is seen that in many cases intruders are successful in getting into the system by trying different encryptioncracking methods. There are several sophisticated pieces of software that are capable of deciphering secure data. Keeping these security concerns, the new encryption system called “Honey Encryption” is proposed. Honey Encryption provides an additional level of security to your data along with encryption. When a hacker tries all possible combinations to crack your password or guess your encryption key, then honey encryption provides fake data in response to every incorrect attempt. So whenever a hacker makes an incorrect attempt, he receives spoofed data, which looks similar to the actual data. Even if the attacker guesses the correct password, the actual data will be lost in the crowd of spoofed data.
Fig 1: View of Master Password
Fig 2: View of Honey Page
Password vaults are stored in the cloud and vulnerable to cyber attacks. If a hacker gets access to large amounts of encrypted data then he can easily decrypt within less time. But if those password vaults are protected by Honey Encryption, then for every false attempt, he will get a fake data. Honey Encryption sounds like a foolproof method for better protection of user information against data breaches. Honey Encryption turns every incorrect password guess made by a hacker into a confusing dead-end. Functionally, a HE scheme is exactly like a PBE (Password Based Encryption) scheme, it takes arbitrary strings as passwords and uses them to perform randomized encryption of a message. HE schemes simultaneously target two security goals: message recovery (MR) security, as parameterized by a distribution over messages, and the more (multi-instance) semantic-security style goals. When an application or user enters and sends a password key to access an encrypted database or file, as long as the password is correct, the data is decrypted and accessible in its original and readable format. If the password key is incorrect the data will continue to be unreadable and encrypted. HONEY POT A honey pot is an information system resource whose value lies in unauthorized use of that resource of that resource. A honey pot should see no traffic because it has no legitimate activity. This means any interaction with a honey pot is most likely unauthorized or malicious activity. Any
526
Advancements in Automation and Control Technologies
connection attempts to a honey pot are most likely a probe, attack, or compromise. While this concept sounds very simple, it is this very simplicity that give honey pots their tremendous advantages. Advantages: Honey pots are a tremendously simply concept, which gives them some very powerful strengths.
Honey pots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. Remember, honey pots only capture bad activity; any interaction with a honey pot is most likely unauthorized or malicious activity. As such, honey pots reduce noise by collecting only small data sets, but information of high value, as it is only the bad guys. This means it is much easier (and cheaper) to analyze the data a honey pot collects and derive value from it. Honey pots are designed to capture anything thrown at them, including tools or tactics never seen before. Honey pots require minimal resources, they only capture bad activity. Unlike most security technologies (such as IDS systems) honey pots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a honey pot, it will detect and capture it. Honey pots can collect in-depth information that few, if any other technologies can match.
Fig 3: Stealing of Data by Hackers VALUE OF HONEY POT We have two general categories, honey pots can be used for production purposes or research. When used for production purposes, honey pots are protecting an organization. This would include preventing, detecting, or helping organizations respond to an attack. When used for research purposes, honey pots are being used to collect information. This information has different value to different organizations. Some may want to be studying trends in attacker activity, while others are interested in early warning and prediction, or law enforcement. In general, lowinteraction honey pots are often used for production purposes, while high-interaction honey pots are used for research purposes.
Applied Mechanics and Materials Vol. 573
527
Fig 4: Comparison of Data Upload between AES 256 and Honey Encryption The above graph represents the Duration of Data Upload in the drop box portal. It involves the comparison between AES 256 Encryption and Honey Encryption. The X-axis represents the data uploaded in the cloud in bytes and Y-axis represents the duration of data uploading in seconds. Honey Encryption has large data uploading speed.
Fig 5: Comparison of Data Download between AES 256 and Honey Encryption. The above graph represents the Duration of Data download in the drop box portal. It involves the comparison between AES 256 Encryption and Honey Encryption. The X-axis represents the data downloaded from the cloud in bytes and Y-axis represents the duration of data downloading in seconds. It is seen from the graph that Honey encryption has large data download speed as compared to AES 256. Table 1: Difference between Low-Interaction and High-Interaction Honey pot. LOW INTERACTION HONEY POT Easy to install and deploy. Usually requires simply installing and configuring software on a computer. Minimal risk, as the emulated services control what attackers can and cannot do.
HIGH INTERACTION HONEY POT Can capture far more information, including new tools, communications.
Can be complex to install or deploy (commercial versions tend to be much simpler). Captures limited amounts of information, Increased risk, as attackers are provided mainly transactional data and some limited real operating systems to interact with interaction.
528
Advancements in Automation and Control Technologies
CONCLUSION AND FUTURE WORK The purpose of this paper was to define what Honey Encryption and Honey pots are and their value to the security community. We identified two different types of honey pots, lowinteraction and high-interaction honey pots. Interaction defines how much activity a honey pot allows an attacker. The value of these solutions is both for production or research purposes. Honey pots can be used for production purposes by preventing, detecting, or responding to attacks. Honey pots can also be used for research, gathering information on threats so we can better understand and defend against them. REFERENCES [1] N.S.Sudharsan, Dr.K.Latha, “Improving Seeker Satisfaction in Cloud Community Portal: Drop box”, in April 3-5, 2013, International Conference on Communication and Signal Processing. [2] S.Subashini, V.Kavitha, “A Survey on Security Issues in Service delivery models of Cloud Computing”, in Journal of Network and Computer Applications 34(2011)1-11. [3] Rashmi, Dr, G.Sahoo, Dr.S.Mehfuz, “Securing Software as a Service Model of Cloud Computing: Issues and solutions”, in International Journal on Cloud Computing, 4th August 2013. [4] Mr. P.R Ubhale, Proff. A. M. Sahu,”Securing cloud environment by means of Intrusion Detection and Prevention system”, in International Journal of Computer Science and Management Research, May 5 2013. [5] Ashish G. Revar, Madhuri D. Bhavsar,”Securing User Authentication using single Sign-On in Cloud Computing, 08-10 December, 2011. [6] Veerraju Gampala, Srilakshmi Inuganti, Satish Muppidi,”Data Security in Cloud Computing with Elliptic Curve Cryptography, July 3, 2012. [7] Pratap Chandra Mandal, Department of Computer Application, “Evaluation of performance of Symmetric Key algorithms: DES, 3DES, AES and Blowfish”, in August 8, 2012. [8] Parsi Kalpana,Sudha Singaraju,”Data Security in Cloud Computing using RSA Algorithm”, at International Journal of Research in Computer and Communication Technology, September 4,2012. [9] Hanqian Wu, Yi Ding, Chuck Winner, “Network Security for Virtual Machine in Cloud Computing”. [10] IdilioDrago, MarcoMellia Maurizio M. Munafo,”Inside Drop box: Understanding Personal Cloud Storage Services”. [11]Junbeom Hur,”Imporving Security and Efficency in Attribute Based Data Sharing” in IEEE Transaction on Knowledge and Data Engineering, Vol 25, 10, Oct 2013. [12] Xian Wu, Peidi quain,”Towards the Scheduling of Access Request in Cloud Storage”, in 8th International Conference on Computer Science ,April 2013. [13] Awada Uchechukwu, Keqiu Li,”Improving Cloud Computing energy Efficiency”,2012 IEEE Asia Pacific Cloud Computing congress.
Advancements in Automation and Control Technologies 10.4028/www.scientific.net/AMM.573
Procuring the Dropbox Using Honey Encryption Technique 10.4028/www.scientific.net/AMM.573.523
