Security cloud should be provided. The main focus of

Security in data
communication is a very important concern today. Cloud
computing is a revolutionary mechanism that changing way to enterprise hardware
and software design and procurements. Because of cloud simplicity everyone is
moving data and application software to cloud data centre. The Cloud service
provider (CSP) should ensure integrity, availability, privacy and
confidentiality but CSP is not providing reliable data services to customer and
to stored customer data. Securely sending and receiving data in the above area is an important
as the data is crucial. In today’s world the password security is very
important. If the confidentiality of the information of very high value,
it should be protected. If you want to stop the unauthorised disclosure or
alteration of the information, secure it. Unauthorised persons access should be controlled and
security for the files in the cloud should be provided. The main focus
of this paper is to combine the graphical password technique for login security
and cryptography for file security, thereby providing the user with highly
secured file securing system.

Cryptography
is a technique which is used to protect the important data. Encryption is the
science of changing data so that it is unrecognisable and useless to an
unauthorised person. Decryption is changing it back to its original form. For
password protection various techniques are available. Cued Click Points are a
click-based graphical password scheme, a cued-recall graphical password technique.
Cryptography and graphical password technique are well known and widely used
techniques that manipulate information (messages) in order to cipher or hide
their existence respectively. Cryptography scrambles a message so it cannot be
understood. In this paper we will focus to develop one system, which uses both
cryptography and graphical password technique for better confidentiality and
security. Presently we have very secure methods for both cryptography and
graphical password authentication – AES algorithm is a very secure technique
for cryptography and Cued Click Points (CCP) is a proposed click-based
graphical password scheme for graphical password authentication. Even if we
combine these techniques straight forwardly, there is a chance that the intruder
may detect the original message. Therefore, our idea is to apply both of them
together with more security levels and to get a very highly secured system for
data hiding. This paper mainly focuses on to develop a new system with extra
security features where a meaningful piece of text message can be hidden by
combining security techniques like Cryptography and graphical password
authentication.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

            Authentication
is the process of determining whether a user should be allowed to access to a
particular system or resource. User can’t remember strong password easily and
the passwords that can be remembered are easy to guess. A password
authentication system should encourage strong and less predictable passwords
while maintaining security. This password authentication system allows user
choice while influencing users towards stronger passwords. The task of
selecting weak passwords (which are easy for attackers to guess) is more
tedious, avoids users from making such choices. In
effect, this authentication schemes makes choosing a more secure password the
path-of-least-resistance. Rather than increasing the burden on users, it is
easier to follow the system’s suggestions for a secure password — a feature
absent in most schemes.

GRAPHICAL PASSWORD AUTHENTICATION

Various
graphical password schemes have been proposed as alternatives to text-based
passwords. Research has shown that text-based passwords are filled with both
usability and security problems that make them less desirable solutions. Studies
revealed that the human brain is better at recognizing and recalling images
than text. Graphical passwords are meant to capitalize on this human
characteristic in hopes that by reducing the memory burden on users, coupled
with a larger full password space offered by images, more secure passwords can
be produced and users will not resort to unsafe practices in order to cope.

Graphical
passwords may offer better security than text-based passwords because most of
the people, in an attempt to memorize text-based passwords, use plain words
(rather than the jumble of characters). A dictionary search can hit on a
password and allow a hacker to gain entry into a system in seconds. But if a
series of selected images is used on successive screen pages, and if there are
many images on each page, a hacker must try every possible combination at
random.

CUED CLICK POINTS

Cued
Click Points (CCP) is a graphical password scheme. In CCP, users click one
point on each image rather than on four points on one image. It offers
cued-recall and introduces visual cues that instantly alert valid users if they
have made a mistake when entering their latest click-point. It also makes
attacks based on hotspot analysis more challenging.

The
Cued Click-Point method is very usable and provides great security using
hotspot technique. By taking advantage of user’s ability to recognize images
and the memory trigger associated with seeing a new image. Cued Click Point is
more secure than the previous graphical authentication method such as Pass
Point Graphical Password. CCP increases the workload for attackers by forcing
them to first acquire image sets for each user, and then analyze for hotspot on
each of these images. Cued Click-Points method has advantages over other
password schemes in terms of usability, security and memorable authentication
mechanism.

SYSTEM DESIGN

                The
system designed consists of three modules: user registration module, picture
selection module and system login module.

In
user registration module user enters the user name in user name. When user
entered the all user details in registration phase, this user registration data
is stored in data base and used during login phase for verification. In picture
selection phase the pictures are selected by the user from the database of the
password system.

 In picture selection phase user select any
image as passwords and consist of a sequence of four click-points on a given
image. Users may select any pixels in the image as click-points for their
password. Users must select a click-point in the image and proceed on the next
image. During system login process, images are displayed normally, without
shading or the viewport, and repeat the sequence of clicks in the correct
order, within a system-defined tolerance square of the original click-points.

CLOUD
DATA STORAGE CHALLENGES & ISSUES

The
cloud computing does not provide control over the stored data in cloud data
centers. The cloud service providers have full of control over the data, they
can perform any malicious tasks such as copy, destroying, modifying, etc. The
cloud computing ensures certain level of control over the virtual machines. Due
to this lack of control over the data leads in greater security issues than the
generic cloud computing model.

The
only encryption doesn’t give full control over the stored data but it gives
somewhat better than plain data.

IDENTITY
MANAGEMENT AND ACCESS CONTROL

            The integrity
and confidentiality of data and services are related with access control and
identity management. It is important to maintain track record for user identity
for avoiding unauthorized access to the stored data. The identity and access
controls are complex in cloud computing because of that data owner and stored
data are at different executive platforms. In cloud environment, different
organizations use variety of authentication authorization agenda. By using
different approaches for authentication and authorization gives a compound
situation over a period of time. The cloud resources are dynamic and are
elastic for cloud user and IP addresses are continuously changed when services
are started or restarted in pay per usage model. That allows the cloud users to
join and leave feature to cloud resources when they required i.e., on-demand
access policy. All these features need efficient and effective access control
and identity management. The cloud has to maintain quickly updating and
managing identity management for joining and leaving users over cloud
resources. There are many issues in access control and identity management, for
example weak credentials may reset easily, denial of service attack to lock the
account for a period of time, Weak logging and
monitoring abilities, and XML wrapping attacks on web pages.

 

 An
insider threat can be posed by employees, contractors and /or third party
business partners of an organization. In cloud environment i.e., at Cloud
Service Provider (CSP) side attacks leads to loss of user’s information
integrity, confidentiality, and security. This leads to information loss or
breaches at both environments. This attack is precious and it is well known to
most of the organization 7.There is variety of attack patterns performed by
insiders because of sophistication about internal structure of an organization
data storage structure. Most organizations ignoring this attack because it is
very hard to defend and impossible to find the complete solution for this
attack. This attack ensures great risk in terms of data breaches and loss confidentiality
at both organization and cloud level.

Attacks
that come from external origins are called outsider attacks.  Data security is one of the important issue
in cloud computing. Since service providers does not have permission for access
to the physical security system of data centre. But they must depend on the
infrastructure provider to get full data security. In
a virtual private cloud environment, the service provider can only specify the
security setting remotely, and we don’t know exactly those are fully
implemented. In this Process, the infrastructure provider must reach the
following objectives: confidentiality, for secure data transfer and access, and
audit ability. So that outside intruders can’t access sensitive data which is
stored in cloud.

 ALGORITHM
USED

            On
January 1997 in the US, the National Institute of Standards and Technology
(NIST) announced a contest to develop a new encryption system and asked for
some important restrictions. The developed system had to be publicly disclosed,
unclassified, free for use worldwide, usable with 128, 192, and 256 bit key
sizes, and symmetric block cipher algorithms for blocks of 182 bits. On 26 May
2002, 3DES was replaced by Advanced Encryption standard (AES) . AES and 3DES
are commonly used block ciphers, and which one to choose depends on the
requirement. AES outperforms 3DES both in software and in hardware.

AES
is based on the Rijndael algorithm, created by Joan Daemen and Vincent Rijmen,
which is a combination of a strong algorithm with a strong key. The Rijndael
block cipher can use different block and key lengths, such as 128, 192, and 256
bit. This versatility can produce faster and more secure symmetric block
ciphers. Another algorithm which might be considered as an alternative to the
Rijndael block cypher is the Twofish algorithm, which can use blocks of 128
bits with keys up to 256 bits. The Rijndael algorithm’s combination of
security, performance, efficiency, implementability, and flexibility made it an
appropriate selection for AES.

1.      NEED
FOR RIJNDAEL ALGORITHM

When
it comes to security, the winner is undoubtedly AES as it is considered
unbreakable in practical use. After discussing the flaws of DES, thus of 3DES
as well, it may seem that DES is insecure and no longer of any use, but that is
not the case. The 1997 attack required a great deal of cooperation and the 1998
machine is too expensive to implement, and so the DES and 3DES algorithms are
still beyond the capability of most attacks in the present day. However, the
power of computers is increasing and stronger algorithms are required to face
hacker attacks. The response to that requirement is AES. It has been designed
in software and hardware and it works quickly and efficiently, even on small
devices such as smart phones. With a larger block size and longer keys using a
128 bit block and with 128, 192 and 256 bit keys, respectively, AES will
provide more security in the long term.

2.      AES
ALGORITHM FOR CRYPTOGRAHY

This standard
specifies the Rijndael algorithm, a symmetric block cipher that can process
data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256
bits. The input, the output and the cipher key for Rijndael are each bit
sequences containing 128, 192 or 256 bits with the constraint that the input
and output sequences have the same length. In general the length of the input
and output sequences can be any of the three allowed values but for the
Advanced Encryption Standard (AES) the only length allowed is 128.

 

ADVANTAGES

There are some of the advantages for the users .
They are,

Ø  Very
Secure.

Ø  Reasonable
Cost

Ø  Flexibility

Ø  Simplicity

 

WORKING PROCESS

 

   1.CRYPTO WORK

For
Crypto work the following steps are considered for encrypting the data:

Ø  Insert
text for encryption.

Ø  Apply
AES algorithm using 128 bit key (Key 1).

Ø  Generate
Cipher Text in hexadecimal form.

2.CRYPTO
WORK REVERSE

For
Crypto work the following steps are considered for retrieving the original
text.

Ø  Get
the above retrieved cipher text.

Ø  Reverse
AES algorithm by using Key 1.

Ø 
Get the original
message.

For
both its Cipher and Inverse Cipher, the AES algorithm uses a round function
that is composed of four different byte-oriented transformations:

Ø  Byte substitution using a substitution table (S-box),

Ø  Shifting rows of the State array by different offsets,

Ø  Mixing the data within each column of the State array, and

Ø  Adding a Round Key to the State.

 

3.     
ENCRYTION

In encryption mode, the initial key is added to the input value at
the very beginning, which is called an initial round. This is followed by 9
iterations of a normal round and ends with a slightly modified final round, as
one can see in Figure 2. During one normal round the following operations are
performed in the following order: Sub Bytes, Shift Rows, Mix Columns, and Add
Round key. The final round is a normal round without the Mix Columns stage.

Steps in AES Encryption

Ø  Sub Bytes—a non-linear substitution step where each byte is
replaced with another according to a lookup table.

Ø  Shift Rows—a transposition step where each row of the state is
shifted cyclically a certain number of steps.

Ø  Mix Columns—a mixing operation which operates on the columns of
the state, combining the four bytes in each column

Ø  Add Round Key—each byte of the state is combined with the round
key; each round key is derived from the cipher key using a key schedule

4.     
DECRYPTION

In
decryption mode, the operations are in reverse order compared to their order in
encryption mode. Thus it starts with an initial round, followed by 9 iterations
of an inverse normal round and ends with an AddRoundKey. An inverse normal
round consists of the following operations in this order: AddRoundKey,
InvMixColumns, InvShiftRows, and InvSubBytes. An initial round is an inverse
normal round without the InvMixColumns.

 

 

AES
APPLICATIONS

AES
Encryption and Decryption has many applications. It is used in cases where data
is too sensitive that only the authorized people are supposed to know and not
to the rest.

 The following are the various applications

Secure Communication

Ø  Smart
Cards

Ø  RFID.

Ø  ATM
networks.

Ø  Image
encryption

Secure Storage

Ø  Confidential
Cooperate Documents

Ø  Government
Documents

Ø  FBI
Files

Ø  Personal
Storage Devices

Ø  Person
Information Protection

CONCLUSION

 

The
field of Cloud Storage Security, especially Cryptography, can create a new
safer environment in the present world and can change the threats related to
the file security.

 In this project we have presented a new system
for the combination of cryptography and Graphical Password authentication. 

 The main advantage of this Crypto/GPA System
is that the method used for encryption, AES, is very secure and the Cued Click
Points ( CPP)  techniques are very hard
to detect.

Cued
Click Points (CPP), especially combined with cryptography, is a powerful tool
which enables people to communicate with some confidence about the security
level their data’s are provided with.

 

The
Cued Click-Point method is very usable and provides great security using
hotspot technique. By taking advantage of user’s ability to recognize images
and the memory trigger associated with seeing a new image. Cued Click Point is
more secure than the previous graphical authentication methods. Cryptography
with AES (Rijndael) algorithm provides safer and secured encryption and
decryption of files to the users.

 AES works quickly and efficiently, even on
small devices such as smart phones. With a larger block size and longer keys
using a 128 bit block and with 128, 192 and 256 bit keys, respectively, AES
will provide more security in the long term. CCP increases the workload for
attackers by forcing them to first acquire image sets for each user, and then
analyze for hotspot on each of these images. Cued Click-Points method has
advantages over other password schemes in terms of usability, security and
memorable authentication mechanism. AES increases the workload for attackers by
forcing to decrypt a file two times to hack the data’s of the file. Thus this
system provides security to user at the authentication level and crypto
techniques for secured file maintenance in the cloud environment.