Secure Data Transfer Based on Cloud
1Rakshit Jain , 1Satwik Yadav , 1Abdul Ahad Khan
1School of Computing Science & Engg. , Galgotias University , Greater Noida, India
Abstract— Since a large part of the world's population has now inclined towards a vast network called the Internet, there is a large amount of data available which needs to be stored by the companies and it is difficult to store and handle such an immense amount of data. So, the best and efficient way to manage such data is to store it in the cloud.
Cloud computing is a well-known and rapidly developing modern technology that allows all personal works, records, and software to be stored and used safely. Although they are on a server, they can be accessed from any public operating system or browser. It allows us to provide a decentralized access management system with anonymous data authentication. It provides the customer with distributed access to an encrypted cloud. One of the most prominent issues that prevent users from fully using cloud storage is security. Cloud computing has a lot of services, but there are also some security issues. To overcome such problems, encryption standards like the DES (Data Encryption Scheme), AES (Advanced Encryption Scheme), and the 3DES (Triple Data Encryption Scheme) are commonly used. But these encryption techniques can be broken through a Brute force attack. Keeping this in mind, we suggest an encryption strategy based on Honey Encryption in this article (HE). This new encryption technique prevents the data from a Brute-force attack by providing plausible but false data for every time an incorrect key is used, which tricks the attacker and prevents the data.
Keywords — Cloud Computing, Encryption, Hacker, Key, Honey Encryption.
I. INTRODUCTION
A. CLOUD COMPUTING
Cloud Computing is to deliver various services with the help of the internet. It enables machines and computers to gain access to a shared network with various computing facilities especially storage-on- demand. All these services are available on a metered basis (i.e., pay per use), which means that subscribers have access to an infinite number of tools but can pay for the ones they use. [1] Cloud computing has grown in popularity as the demand for computing space, storage, and infrastructure has increased. Many firms, including Google, Amazon, and Microsoft, have begun to provide services related to cloud to the computers that have shown an interest.[2] Cloud computing enables its users to access databases, infrastructure, and cloud services through the internet. Cloud computing resources such as Microsoft Azure, AWS (Amazon Web Services), among other sites Azure and Google Cloud Platform continue to be the most common cloud platforms. For these, network-connected hardware is needed. Although you can use these cloud application providers, using a mobile browser.[3] Cloud Computing provides virtualized resources by which users can work on any environment containing high specification software. It combines various computing technologies to provide seamless experience and various services to end users.
Fig 1. Accessibility in Cloud Computing
B. DATA SECURITY IN CLOUD COMPUTING
Data Security, amongst all the security aspects of Cloud Computing, is the biggest barrier which is sustaining cloud Computing services from the user's perspective. [2] Furthermore, all three categories of Cloud Service Models provide a high level of data security.
Fig 2. Cloud Services Data security in different Cloud Service Models:
1. SaaS (Software as a Service): Users may use the framework offered by the service provider being operated on the Cloud platform in Software as a service. ERP, CRM, SCM, and other enterprise software are examples of SaaS applications. Organizations that lack the ability to create their own software typically purchase cloud-based applications for their business needs.[4]
For analysis the data which is required by an application is saved in the cloud usually. Furthermore, this information is encoded in plaintext, making it more vulnerable to various forms of attacks. Users have the least power overprotection in this situation since both the data and the application are stored in the Cloud. It is the vendor's primary duty to secure the software as a service.
2. PaaS (Platform as a Service): Without adding some new infrastructure, one can easily deploy their applications on the Cloud with the help of PaaS. PaaS offers operating systems and a technical architecture for developing high-level applications.[5]
Platform as a Service (PAAS) data protection can take three types-
a) By the use of cloud-based third-party security platforms, which may or may not be open to attacks?
b) The difficulty for the customer in creating a stable Cloud-hosted application.
c) When moving the application's code from the Cloud to the local computer, data security issues can arise.
d) The presence of all the bugs will lead to data security and the application's code will be exposed to the attacker. As a result, in the matter of PaaS, security liability is split between the customer and the vendor.
3. IaaS (Infrastructure as a Service): Users are accoutred to access data and computing facilities offered by the service providers in IaaS. The Cloud Infrastructure may be used to deploy and operate whatever application or operating system they choose, depending on their needs. Users have more power overprotection in IaaS since the virtual machines installed by the cloud service provider have no vulnerabilities. Nonetheless, the Cloud provider also supplies computing space, storage, and network services, all of which are open to attack. Virtual machines offer users more power, but they can also contribute to data leakage. While making a picture of the VMs, some useful details in the form of passwords can be registered.[6]
Fig 3. Cloud Service Providers
C. CRYPTOGRAPHY CONCEPT
The basic concept of Cryptography is to encipher (i.e., convert plain text to cipher text) the information to achieve data security and confidentiality. By doing this, we can prevent the data from unauthorized access. The main aim of using a cryptographic system is to send data through an insecure channel, such as the internet, and ensuring that the data can only be accessed by the authorized user.[7]
In Cryptography, the information or data is termed as "Plaintext", and the process of conversion of hallucinating the plaintext is defined as "encryption"; the text-driven from encryption is known as
"ciphertext". This whole process relies on an "encryption key", which combines with the plaintext to provide ciphertext using an "encryption algorithm".[8] At the receiver's end, the receiver can convert the ciphertext to plaintext with the "decryption key" using the decryption algorithm.
Fig 4. Cryptography Concept
II. SECURITY PROBLEM IN EXIESTING SYSTEM
1. Insecure APIs: The Internet helps to provide services and applications to the cloud users., users can tailor their cloud experience using APIs (Application Programming Interfaces).[9] APIs, on the other hand, may be a protection risk in the cloud due to their very existence. They not only allow businesses to tailor the capabilities of the services provided by cloud to their specific requirements, but also, authenticate, grant entry, and encrypt data. API protection vulnerabilities increase as the architecture of APIs improves to deliver improved support. APIs provide programmers with the resources they need to create applications that work with other mission-critical devices. YouTube is a
well-known example of an API, since it allows users to add YouTube videos to the websites or software.
2. Data Breaches: While storage of the cloud and its services are recent and not much secured, data breaches have been around for a long time. A data breach is more expected to occur in cloud- based companies or businesses than in non-cloud-based companies or businesses. In conclusion, the cloud has a distinct set of features that make it more technically unsafe.[10]
3. Malware Injection: The malicious code injected in the services provided by the cloud which behaves as "valid instances" and executes as SaaS on the servers are known as the Malware Injections.
This proved that unusual data could be injected into the cloud systems and treated as if it were an element of the software operating on the servers. [11] If the injection is started and the cloud is working together, the attackers will listen in on conversations, breach the confidentiality of confidential data, and take the information.
4. Insider Threat: Although an attack being a part of the organization may seem impossible, the insider threat is true. An individual can abuse or obtain information (such as client records, monetary forms, and other confidential data) by using their authentication to the organization's resources related with cloud. Additionally, there can be a person who knows the organization well and can use their data for their use.
5. Accounts Hijacking: The extension of cloud computing and its implementation in several institutions has invited some new problems.[12] Now our sensitive data stored on the cloud can be obtained remotely nowadays. Attackers have the ability to remotely access our login information.
Moreover, attackers can easily manipulate and deceive data by captured details.
III. HONEY ENCRYPTION
The concept of Honey Encryption has emerged from the great minds of Ari Juels and Thomas Ristenpart. This newly proposed encryption technique proves to be highly tough to break against Brute-Force Attacks. In Honey Encryption, if one tries to decode the encrypted text using an incorrect key, it will produce a plausible-looking but bogus text. Some garbage data will be provided if the encrypted message is decrypted with an incorrect key. The garbage data looks like a plausible plaintext which makes the attacker think of the fake data as a legitimate message.[13]
Here is a small run-through of standard encryption techniques to set the seal on a basic perception that led to the growth of Honey Encryption. In standard encryption techniques based on passwords, the attacker operating a brute-force attack to gain the password (primarily known as a key) to decrypt the message gets gibberish or an error symbol for every wrong attempt. This output indicates that the key being used is false, so the search for the correct key is continued till the output looks valid which may be the actual data. The decrypted message is immediately discarded during the attack if the pattern is non-uniform which provides more time for the attacker to look for the correct key and increasing the probability of retrieving the plaintext. The figure below describes briefly the reaction of a standard encryption technique when an attacker uses a brute-force attack.
Fig 5. A description how a standard encryption technique responds against a brute-force attack To encrypt a message, a key and a cipher are used at the sender's end. The thus-created ciphertext is sent to the other party. An algorithm is used to decode the message with the same key used at the sender's end to decrypt the ciphertext at the receiver's end. The attacker who hijacks the encrypted message attempts to retrieve the ciphertext by trying different keys picked randomly speculating the correct key. In the standard-setting situation, it is quite easy for the attacker to decide whether the data retrieved is incorrect or not because of the uneven pattern of the result achieved. Now, here is the description of how the Honey Encryption system works briefly.[14]
We use C=enc(M,K) to cipher a plaintext M with the key K to produce an encrypted message C. The attacker aims to retrieve the message M. For every key, the attacker gets a message M1,M2,M3,...,Mn.
In the case of a lower entropy pattern such as passwords, the actual message M is most likely to come up on the list. The users usually choose a simpler password to be remembered easily which leads to an easy guess for K. Also, intruders are informed of how passwords are chosen by the users according to the details leaked earlier. Hence, the security directly relies on the possibility of the attacker can choose the accurate message among different n plausible messages. Even if the attacker accurately guesses the key, he will be loaded with bogus data and it will be hard to determine which is the correct message especially when the attacker has no idea what he is looking for. If the correct message can be discovered among the whole list of outputs retrieved during the attack, the attacker wins. The figure below explains the response of the Honey Encryption technique against a brute-force attack. [15]
Fig 6. A description how Honey Encryption technique responds against a brute-force attack
IV. IDEA PROPOSED
We have come up with an idea to transfer the information from the client to the Cloud Server securely.
There can be many threats while the data transfer. One big issue among them is the risk of a hacker.
There can be active or passive attacks while the transfer and in order to prevent that, we can encrypt the data. Brute force attacks can get through the DES, AES and other encryption techniques. Honey Encryption is a technique in which the data is encrypted and the key is saved in a key pool.
Fig 7. Attacker trying to guess the correct key
When the hacker will try to crack the key, he/she will get a bunch of keys with the correct key in it.
This key pool can be called as a buffer. Every false key will lead to garbage data. After a decided
number of wrong attempts by the hacker, he/she will be introduced to garbage data which they don’t know is authentic or not. There’s no way for the hacker to know if the data is authentic or not. There are some methods to generate these buffer keys. We can use a Key Cracker to generate buffer key- codes or use the old guessed passwords as an entry in the buffer.
Fig 8. User successfully accessing the data
After the wrong data is served, an email would be sent to the user informing them about the breach with the IP address, time, location and the browser used by the hacker.
V. CONCLUSION
Security is one of the major aspects of concern since lots of individuals and organizations are shifting towards Cloud. The services have to be more secure to attract parties to invest in Cloud. A lot of work has to be done to convince the service seekers about the security of Cloud Computing. Using one of the latest encryption technologies, Honey Encryption, not only overcomes the difficulties faced in the current implementations of the cryptographic encryption techniques, but it also provides some additional benefits to the user. Some of the limitations in today’s cryptographic encryption techniques are high computational and storage costs as well as complexity. In the upcoming years, Honey Encryption will be used in order to block KPAs (known-plaintext attacks) for the services provided by Cloud. Therefore, we promote future developments as well as the use of Honey Encryption in the field of Cloud Computing.
VI. REFERENCES
[1] P. Mell and T. Grance, "The NIST Definition of Cloud," September 2011. [Online]. Available:
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf.
[2] Prasad, M. Rajendra & Naik, R Lakshman & V, Dr. Bapuji. (2013). Cloud Computing : Research Issues and Implications. International Journal of Cloud Computing and Services Science. 2.
134-140. 10.11591/closer.v2i2.1963.
[3] Voas.J, & Zhang, J. (March/April 2009) Cloud Computing: New Wine or Just a New Bottle?
IEEE ITPro, pp.15–17.
[4] Naren.J, & Sowmya, S.K. & Deepika, P.. (2014). Layers of Cloud – IaaS, PaaS and SaaS: A Survey. International Journal of Computer Science and Information Technology. Vol. 5 (3). 4477 - 4480.
[5] Manvi, Sunilkumar & Shyam, Gopal. (2021). SaaS and PaaS in Cloud.
10.1201/9781003093671-6.
[6] Santana, Mario. (2020). Infrastructure as a Service (IaaS). 10.1201/9780429055126-6.
[7] Mohammed, Abdalbasit & Varol, Nurhayat. (2019). A Review Paper on Cryptography. 1-6.
10.1109/ISDFS.2019.8757514.
[8] Hwang, Seong & Kim, Intae & Lee, Wai. (2021). Introduction to Cryptography.
10.1201/9781003152569-2.
[9] V. Krishna Reddy, B. Thirumal Rao, Dr. L.S.S. Reddy, P. Sai Kiran “Research Issues in Cloud Computing “Global Journal of Computer Science and Techn-ology, Volume 11, Issue 11, July 2011.
[10] Tim Mather, Subra Kumaraswamy, Shahed Latif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O’ Reilly Media, USA, 2009.
[11] Dutta, Sreejit. (2016). Security Issues in Cloud Computing. International journal of Emerging Trends in Science and Technology. 04. 4747-4752. 10.18535/ijetst/v3i11.04.
[12] K. Hashizume, D. G. Rosado, E. Fernández-Medina and E. B. Fernandez, "An analysis of security issues for cloud computing," Journal of Internet Services and Applications, 2013.
[13] Arora, Fancy. (2017). Security in Cloud Computing using Honey Encryption.
[14] Omolara, Oludare & Jantan, Aman & Abiodun, Oludare. (2019). A comprehensive review of honey encryption scheme. TELKOMNIKA Indonesian Journal of Electrical Engineering. 13. 649-656.
10.11591/ijeecs.v13.i2.pp649-656.
[15] Juels A, Ristenpart T. Honey Encryption: Encryption beyond the brute-force barrier. IEEE Security & Privacy. 2014 Jul;12(4):59-62.
