Data storage lock algorithm with cryptographic techniques

ABSTRACT


INTRODUCTION
A cloud is a collection of resources which are virtualized that hosts a variety of different workloads and can be deployed and scaled-out quickly through the rapid provisioning of virtual machines or physical machine. It supports self-recovering, redundant and significantly scalable programming methods that allow workloads to recover from many necessary hardware or software failures and monitor resource use in real time to enable rebalancing of allocations when needed [1]. The popular algorithms include the Data Encryption Standard (DES) [2], and the Advanced Encryption Standard (AES) [3]. The AES algorithm was published by the National Institute of Standards and Technology (NIST) in 2001. AES is a symmetric block cipher which is proposed to replace DES as the approved standard for an extensive collection of applications. Whitfield Diffie and Martin Hellman introduced an algorithm called the Diffie-Hellman algorithm (DH) in 1976 [4], accomplished drastic changes in cryptography, presenting the first asymmetric cryptographic algorithm. Rivest, Shamir and Adelman defined their well-known Rivest-Shamir-Adleman (RSA) algorithm [5] in 1978. The RSA algorithm has since that time reign absolute as the most extensively accepted and implemented a general-purpose approach to public-key encryption. In 1985, Victor Miller (IBM) and Neil Koblitz (University of Washington) discovered Elliptic Curve Cryptography (ECC) which can be used, as an alternative mechanism to implement public key cryptography [6]. ECC algorithms rely on the algebraic structure of elliptic curves over finite fields. Nowadays cloud service provider offers server side security to retain control for the customer's data. We can't make sure that the user's data are vulnerable to attacks or a data breach. Therefore to ensure security and privacy in cloud there is a need for a client side encryption mechanism to safeguard our data. Thus the user data will stay protected whoever be the entity that controls the entire computing environment. Thus the user data in the cloud remains in encrypted form until the user decrypts it in client side. This mode of encryptions is required to safeguard our data from hacking, malicious attacks and vulnerabilities. Now we are proposing an algorithm by which, extra layer of security can be given towards a trusted third party [17]. Here the authors proposed a solution by incorporating PKI (Public Key Infrastructure), SSO (Single-Sign-On) and LDAP (Lightweight Directory Access Protocol) to ensure authentication, availability, integrity and confidentiality of data and the communications. With this solution, essential trust is sustained, by a horizontal level of service which is available to all the implicated entities, which realizes a security mesh.
In the common environment of cloud computing there is a dire need for incorporating client controlled encryption capability to bringin assured data protection against the probable security gaps existing in any particular cloud system. Implementing a client controlled security strategy mainly leverages by taking control of the protection of the data client can deposit in remote machines. As we discussed earlier most successful data protection is possible through data encryption technology. As the cloud systems has caught strategic paths through which data has to run back and forth from central cloud area, it calls for specific encryption-decryption process to be generated for this purpose. We developed a Data Storage Lock Algorithm which addresses this issue and successfully resolves the security challenges.

DATA STORAGE
Cloud storage allows data owners to remotely store their data and access them via networks at any time and from anywhere. Despite the obvious benefits such as improved scalability and accessibility, outsourcing data to the cloud brings new security issues to the cloud data security. Once the data gets outsourced, the data owners abandon the control over the destiny of their data. The server may conceal data loss accidents to uphold the reputation or reject the information, which is not in use or not often accessed to keep storage space. Cloud as a new way to reduce the complexity and costs and face it much better in this economy. In the case of traditional computing, setup requires the user to be in the same place where the device, is located wherein the cloud allows you to store, access and modify your data from any location with your internet-enabled device. The information stored on a local computer can be kept on to the cloud and accessed from any computing devices. The user does not know where the data gets stored, how secure the data will be. Authors proposed smart cloud architecture called Smart Cloud Data Manager [18] which handles security issues in the cloud. Authentication, authorization, data splitting, encryption, data backup, data access control rights by verification needs to ensure for providing more security for the data. In [19], the authors proposed architecture for examining whether security metrics in a security SLA has met. Moreover, these structures need to be secured. Hence to ensure the safety of the data, end users who are accessing the cloud services have to analyze their data how sensitive it is and how much security it needs. Therefore it is necessary to use encryption standards to secure our very sensitive data before outsourcing to cloud.
Cloud computing is rapidly becoming a mainstay in today's digital world because of its greater flexibility, ease of access, and capacity compared to traditional storage and data sharing methods. Before putting data onto the public cloud, the cloud user should ensure the type of data or application (whether it is sensitive or not), security environment provided for data storage and the service-level agreement. Therefore, several safety measures have to be set up, to survive with the newly-visible cloud concerns, namely outsourcing encrypted data and periodically checking data integrity and availability. For example, storing encrypted data yields to be a cumbersome key management and access control, and regularly checking massive amounts of data tightens the bandwidth consumption. Some cryptographic techniques needed for ensuring security and privacy in clouds. We can use encryption techniques for protecting data in multitenant environments as we don't have full control.

PROPOSED MODEL (DATA STORAGE LOCK ALGORITHM)
Let us assume that there are n data centers; dc1, dc2,……,dcn and storage space as ss1, ss2,……,ssn. The user accessing the cloud service has to register the cloud with signature information. The data classifies into two: confidential data (cd) and non-confidential data (nd). } else c=encrypt (data) using TLS in server side. 6. Cloud Storage: Store encrypted data. 7. For downloading the data, the user has to be authenticated using the private key Pk. If authentication is successful, the user gets encrypted data. 8. The user can use sKEY and decryption algorithms to retrieve the original data. a) KAES = DecryptRSA(sKEY, RSApri) b) data = DecryptAES (C1, KAES) Figure 1 shows the secure data storage and Figure 2 shows the consumer accessing cloud services to download data. The authors [20] proposed a workflow of the user accessing the cloud services for secure data storage by using the private key. Here we use our proposed "Data Storage Lock Algorithm" to provide security for the confidential data. In DSLA, the user has to input signature information. The key generator generates a private key by using the cryptographic hash function. The users as well as the Cloud Service Provider (CSP), get the private key of the user to provide more security. The CSP identifies the user by the private key. CSP maintains an index table consists of private key, datacenter id, storage space id. The user can log into the cloud by using the private key and can request for the storage space by pay-as-you-go model. The CSP verifies the private key and allocates the block of space required by the user. Non-confidential data should be encrypted, by using TLS. Many storage service providers use TLS. The confidential data needs to be encrypted, in client side before uploading to the cloud storage. Therefore we need to create a secure key (sKEY) for the confidential data encryption. In DSLA, we integrate AES [3] algorithm and RSA algorithm [5] to provide more security for our data. In the first phase, we generate a key by encrypting AES key and RSA public key by using RSA algorithm. In the second phase, the data will be encrypted, by using AES algorithm. Then the encrypted message can be uploaded to the cloud storage. As we use encryption standard to encrypt the confidential data, the data should not be deleted, modified or fabricated during storage. Only authenticated users can access the data storage space thereby no data leakage during storage. The legitimate user can access the data at any time from any computing device. To provide integrity to the encrypted data, hash-based message authentication code (HMAC) [21] is used to attach a message along with encrypted data. For downloading the data, the user has to login using the private key (Pk). The private key locks the storage space for a user. The CSP checks the index table for Pk. If found, the data center id (dci) and the storage space id (ssi), is identified. The user can download the data from the data center. Figure 5 and Figure 6 shows the time taken for encrypting and decrypting the data of various sizes using DSLA. DSLA provides an efficient locking system and encryption approach that does not produce significant overheads, as well as ensures data availability and retrieval. And also it prevents cloud providers accessing the users' original data.

RESULTS AND ANALYSIS
In every approach developing a simulation environment is very vital inorder to verify the proposed algorithms and its performance. To test this client controlled encryption scheme in cloud environment an experimental implementation and performance evaluation of Data Storage Lock Algorithm is arrived at using Eclipse IDE and java. Figure 3 and Figure 4 shows encrypting and uploading a file using DSLA algorithm. Multilevel configuration of secure data management and Data Storage Lock Algorithm (DSLA) to store confidential data that provide higher degree of secure data storage in cloud computing. The complex paradigm of cloud performance and user engagements of various levels of inter-nodal transactions, mitigation of data leak is a vital challenge. To ensure improved security and confidential level on private data, encryption algorithms are engaged in a multi-level configuration between the user end and the cloud clusters. Confidential data can be stored and retrieved from cloud with sufficient security management, which is in high demand today for enterprise computing integration. The response is scalable with high-speed processors, and to estimate this response, sample runs were done, on lower level processors. Table 1 and  Table 2 shows the encryption and decryption time for the file size in kilo bytes and mega bytes. Figure 5 and Figure 6 shows one of the response graphs for encryption and decryption. The initial load given is 10 kilobyte, and it systematically improved to 5 megabytes. The response indicates that the time consumed for a higher amount of data on the dead weight data of 10 kilobytes is marginally small. It ensures that overloading the data into high-security storage and processing will not consume much time affecting the total performance of the job executed by the cloud processors. It proves that very low level of overhead is added, by DSLA approach on confidential data. Here we applied a new method of deeper level security lock provisions on confidential data of business enterprises and high-security institutions such that they can govern the confidentiality of data storing and retrieval. To realize this approach we used combinations of standard approaches to security like AES and RSA algorithms.

CONCLUSION
In this paper, we presented issues in cloud computing such as security, service availability and authentication. The spotlight of the paper is the introduction of Data Storage Lock Algorithm (DSLA). This algorithm is used, for the safe storage of confidential data onto the cloud. Here we check the authenticity of a user who accesses the cloud storage by using the private key (Pk) which is stored onto the Cloud Service Provider. The private key is used, for locking the storage space allocated to a user in any data center. The user can download or access their data at any time by using the private key. The fast retrieval of data is possible by maintaining an index table in the Cloud Service Provider. It enables a scenario in which confidential data can be stored and retrieved from the cloud with sufficient security management with data encryption approaches.