In is a widely used as a network authentication

In
cloud environment data can be accessed over the internet by anyone. Therefore
user authentication and access control is very crucial in cloud. This is
provided by network authentication protocols. There are certain existing
systems which are network authentication protocol, and are designed to provide
strong authentication for client-server models by using secret key
cryptography. It uses tickets to allow communication between nodes in the
client server model. There are certain limitations of such system such as:
Multi-session keys should be used to negotiate true one-time session keys.
Ticket generated during the process are valid for certain amount of time which
is long enough for the intruders to attack. This paper proposes to solve this
problem by narrowing ticket time stamp. Also it proposes use of Diffie-Hellman
key encryption 11 as double encryption to strengthen the security
of authentication protocol.

Keywords – Data leakage,
network authentication, Ticket Exchange Authenticator, ticket

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

I.                
INTRODUCTION

Cloud
computing is type of computing that uses shared computing resources
than personal devices or local servers to handle the applications. Cloud
computation has many advantages for work and personal use. Cloud file storing
and cloud services are increasing in enterprise working environments because
they provide unlimited storage of files. Protection of sensitive data from
being leaked to the public is a huge concern among individual and
organisations.

Cloud
basically makes data leakage protection complex. In business there’s always
transfer of sensitive data to the trusted third party. Consider for an example
a company which has partnership with few other companies and has a requirement
of data sharing, other enterprise may outsource their data processing so that
is can provide data to the various other companies. In this scenario the one
who owns the data is called as the distributor and suppose the trusted third
parties are the agents. When the data gets leaked, our goal is to detect the
leakage of the sensitive data by the agents and to identify them as well.

To
implement this we will be using an existing system which is a widely used as a
network authentication protocol. It implements the authentication between the
client and the server. The characteristics are high usability and high safety,
after applying few encryption techniques it prevents the replay attack,
eavesdropping and protects the integrity of the data. In this paper, we have
studied the limitations of existing system. After considering its drawbacks, in
improvement to it we have added the few features which increases the security
level by narrowing the time stamp of Ticket Granting Ticket 5
which actually is 8 hours. Also Diffie-Hellman encryption 11 is
explained which is used to strengthen security.

In this
paper, Section II shows the survey of previously published papers as our
research. Section III describes the architecture of the existing system and
details about the proposed system. Section IV describes the methodology of the
system, Section V gives the conclusion in brief. Last Sections read the Acknowledgement
and References.

 

II.             
LITERATURE
SURVEY

 

The following table
shows survey of previously published papers which we have studied for research:

TABLE 1.

 

Author Name

Paper Title

Year

Description                  

Carlos
Andr´e Batista de Carvalho, Miguel Franklin de Castro, Rossana Maria de
Castro Andrade

Secure
cloud storage service for detection of security violations1

2017

A
secure storage mechanism for cloud computing is proposed in this paper to
address the available present issues, combining different security
mechanisms. The proposed solution includes auditing and monitoring service
engines to detect and prove violations of security properties. Also the
Coloured PetriNets (CPNs) 1 are used for evaluation.  This results in data breach detections with
proof with improved security.

T.Brindha,
R. S. Shaji

An
Analysis of Data Leakage and Prevention Techniques in Cloud Environment2

2015

The
objective of this paper is to highlight the major issue of data leakage in
the c1oud environment which is considered as a potential security threat to
organizations, specifically when authorized parties are engaged in data
leakage. The classification of internal threats is explained in this paper
with the statistics.

Eko
Sediyono, Kartika Imam Santoso, Suhartono

Secure
Login by Using One-time Password Authentication Based on MD5 Hash Encrypted
SMS3

2013

In
this paper the 2 stage security combination of the OTP (one time password)
via SMS Gateway is used. for password storing the MD5 Hash encryption algorithm3
are used to develop more secured authentication process to login and access
the online storage data the use seeks it is proposed to narrow otp time stamp
to 180 seconds to reduce the time window for the intruder to do any kind of
harm.

Dahui Hu, Zhiguo Du

An
Improved Kerberos Protocol Based on Fast RSA Algorithm4

2010

In
this paper, Kerberos security flaws are studied and after their analysis,
this paper improves Kerberos by applying a fast RSA4 algorithm
i.e. Montgomery algorithm to count modular exponentiation of large numbers,
and adopting Chinese Remainder Theorem for using private key to calculate
fast RSA4 algorithm.

Mehdi Hojabri, K.venkat rao

Innovation in cloud
computing: Implementation of Kerberos
version 5 in cloud computing in order to
enhance the security issues5

2013

This paper studies problem of data security in cloud server
provider 5. And to ensure correctness of data users in cloud
storage and users who can access cloud server, an effective and flexible
distributed scheme with dynamic data support, including Kerberos
authentication service and third party is proposed.

Zakariae Tbatou, Ahmed Asimi, Younes Asimi, Yassine Sadqi

Kerberos V5 : Vulnerabilities and perspectives6

2015

Kerberos is a protocol that allows single sign authentication
without sending password 6. For confidential exchange of data it
uses two functions: string-to-key function and derived key function. Both
these functions are highly vulnerable to brute force and dictionary attacks.
In this paper, security of these functions is strengthened by using Random
Generator of Safe Cryptographic Salt per session.

Catargiu Raluca, Borda Monica

Using Kerberos To Secure TLS Protocol7

2010

This paper focuses on how Kerberos can be used to improve the
security in the transport layer security. Kerberos uses pre authentication
which makes it difficult for the hackers to guess the password.

Neeraj Kumar, Vijay Katta, Himanshu Mishra, Hitendra Garg

Detection of Data Leakage in Cloud Computing
Environment8

2014

In this paper, we try to detect the data leakage by identifying
the culprit to improve better efficiency of transferring data. They use Bell
La Padula model 8 to provide better safer transmission
infrastructure. This model mainly focuses on data confidentiality issues and
provides controlled access to classified information.

Fadi Al-Ayed, Hang Liu

Synopsis of Security: Using Kerberos Method to
Secure File Transfer Sessions9

2016

In this paper we use fingerprints to secure the transmission of
data using Kerberos instead of ssl 9. We implement Markov model
9 for analysing the Kerberos parameters. Normal ftp system uses ssl
which has considerable weaknesses, hence we implement Kerberos which has
considerable advantages over ssl 9, therefore improving data
transmission.

Nan
Zhangl, Xiaoyu Wul, Cheng Yangl, Yinghua Shenl, Yingye Chengl

Light
weight authentication and authorization solution based on Kerberos10
 

2016

In this paper
we studied about authorization solution which based on Kerberos, it
introduced every links of permission describe method and authentication
protocol which composed the solution, the security of protocol for the man-in
the-middle attack10, replay attack10 and password
guessing attack10, and analysis performance of the solution has
been mentioned. It proved that the solution guarantees high safety
performance on the base of lightweight.

Yun-yun
Du,  Hong-yun Ning, Ping Yang, Yan-xia
Cui
 

Improvement in
Kerberos Protocol based on the dynamic password and one time public key11
 

2014

In this paper
we studied about the existing system Kerberos and the dynamic password and
one time public key. On the basis of
the Kerberos protocol which proposes the usage of the Diffie-Hellman
algorithm11, we have to put the password in the token, take key
which has added the dynamic factor as the sharing key between AS and client,
this solves the password guessing attack. Then secondly, there’s method of
the ElGamal algorithm 11. It will generate a new public key in
each authentication, put the new public key as the secret key of the
information transmission between resource server and client, this method
guarantees security of the information transmission. These were the improvements
made in the existing system.

Xiaoling Zheng,
Jidong Jin

Research for application and safety of MD5
algorithm in password authentication12

2012

In this paper we’ve studied about the MD5 algorithm which is important
for the application of password authentication. It also has the analyses the
security features of the passport authentication and the methods of
application safety improvement of MD5 algorithm in password authentication
12. The main focus is on the methods of the application safety
improvement of MD5 in the passport authentication by switching or interfering
with the process of MD5.
This paper has
analysed the application of MD5.

 

 

III.           
FINDINGS

The findings
from paper 1 are the cloud data storage and live engines to detect threats to
make the system more secure to the vulnerabilities. The logs of the cloud
transactions are explained which helped us understand cloud communication.
Findings from paper 2 are the types of data leakage threats. Which help us
make our system immune to these threats.

They have also
given the cause and channels of data leakage which can help us make our project
more secure. Findings from paper 3 are that they introduced an OTP for more
security in communication gateway of the data transfer so that an unauthorised
3rd party can’t access the data without valid OTP. It also gives us
brief description on MD5 hashing 3. From paper 4 we learn about
various flaws in Kerberos system and how RSA 4 is used to remove
these flaws. We can use this study to compare RSA 4 algorithm with
other algorithms when applied with Kerberos. From paper 5 we see Kerberos as
a solution to data security problem in cloud computing. It gives us system
mode, design model and implementation of Kerberos. From paper 6 we learnt some vulnerabilities of Kerberos and uses RGSCS
6 to prevent dictionary attacks. It also shows an implementation and
proper study of how RGSCS 6 prevents dictionary attacks. From paper 7 we found out how the Kerberos V5 can be implemented with Transport Layer
Security 7 to enhance secure data transmission. A feature of
Kerberos V5 is pre authentication which reduces the password guessing
considerably. Several reasons why Kerberos is better than TLS 7
are explained. Findings from paper 8 are how the Bell-La Padula model 8
can be implemented. It mainly focuses on how secure the data for transmission
is. Bell La-Padula 8 can be described as a collection of states
where the data is transmitted from the higher state to lower state. We learnt that paper 9 describes how Kerberos is used
rather than Secure Socket Layers (ssl) 9 to have more secure data
transmission using file transfer protocol. It discusses the working of
Kerberos. Using ssl 9, hackers try to gain unauthorized access by
using a fake certificate. Markov model 9 is implemented. The basic
idea of Markov model 9 is that the future states depend on the
current state. Things that we found out
from paper
10 are the solutions for the password getting attack,
man-in-the-middle-attack, and replay attack on a high level of safety on base
of light weight. From paper 11 we got the
information about the algorithm of Diffie-Hellman 11 and the usage of the public key instead of the
timestamp to prevent the replay attack. The useful information that we got from paper 12 is how the MD5
algorithm can be altered and improved when there’s a passport authentication
12 or password authentication 12, it’s mostly done considering
the safety.

IV.            
ARCHITECTURE

 

A.     
Existing
System

We studied an existing
system which works as a network authentication protocol. It consists of a
Ticket Exchange Authenticator, Client and Server. There is no direct
communication between the Ticket Exchange Authenticator and Server, instead
most of the work is done by Client only. Ticket Exchange Authenticator stores
shared keys of clients and servers. Client sends authentication message which
has 2 parts, one is decrypted containing client information and another part
encrypted with client’s password or shared key. Ticket Exchange Authenticator
tries to decrypt this message, if successfully decrypted it sends Ticket
Granting Ticket 5, which is encrypted with Ticket Exchange
Authenticator’s shared key, to client which is stored in client’s special
memory space. To request a file from server, client sends this ticket granting
ticket 5 to Ticket Exchange Authenticator and if it is
successfully decrypted the Ticket Exchange Authenticator sends ticket which is
encrypted with shared key of server from which file is requested. Client again
stores this ticket in its special memory called Ticket Container. This Ticket
Container is not present on disk or any kind of secondary memory, so even if
the client system crashes, the ticket will be lost and there would be no traces
of the ticket found with the user. As after a crash if user wishes to use the
data present on cloud it will have to go through the authentication process all
over again. Client sends this ticket to file server which decrypts it using its
shared key. If it is successfully decrypted then server knows the client is
verified by authenticator and grants access to the client.

Since existing system
uses password as encryption hence it is prone to dictionary and brute force
attacks.

B.     
Proposed
System

The proposed
system contains the following components:

i)                
Client: It is a client machine which
requests files on server.

ii)              
Server: It stores different files and
data securely and grants access to these files to only authenticated clients.

iii)            
Ticket Exchange Authenticator: This
component is responsible for authenticating a client and providing ticket
granting ticket 5 to authenticated clients. It also
stores the shared key of both client and server.

As the Ticket Granting
Ticket 5 expires after every 8 hours so that client has to
re-authenticate with the Ticket Exchange Authenticator periodically to prevent
any threat to security. This duration is long enough for intruders to attack.
In this proposed system, we reduce the time stamp of this Ticket Granting
Ticket 5 to reduce the security risk posed to the existing system. Diffie-Hellman
11 is a way of generating a
shared secret between two people in such a way that the secret can’t be seen by
observing the communication. That is not sharing
information during the key
exchange, as it is creating
a key together.

This is particularly useful because you can use this
technique to create encryption key with someone, and then start encrypting your
traffic with that key. Even if the traffic is recorded and analyzed later,
there is no way to figure out what the key was, even though the exchanges that
created it may have been visible. This is an example of perfect forward
secrecy. Nobody analyzing the traffic later can break in as the key was never
saved, never transmitted, and never made visible anywhere.
The constraints suggested by us will narrow the time
for hackers to tap and infiltrate and help enhance security by using
Diffie-Hellman encryption 11.

The basic idea works like this:

1.     The 2 parties select the two prime numbers g and p and
tell each
other what they are.

2.      Party1 then
picks a secret number (a), but does not
tell anyone. Instead it compute ga mod p and send that result
back to the
party2. (We’ll call that A since it came
from a).

3.     Party2 does the same thing, but we’ll call this
secret number b and the computed number B.
So party2 compute gb mod p and
send the result (called “B”)

4.     Now both the parties do the same operation with it. So that’s Ba modp.

5.     So party2 does the same thing as done
by party1, so: Ab mod p.

The “magic” here is that
the answer both the parties get at step 5 is the same number at step
4. Now it’s not really magic, it’s just math, and it comes down to a fancy
property of modulo exponents. Specifically:

(ga mod p)b mod p = gab mod p
(gb mod p)a mod p = gba mod p

 

Fig.1
Architecture

 

V.              
METHODOLOGY

Step1. The user will put the address of
the data server it wants to access, and the server station will redirect its
request to the trusted third party for authentication.

Step2. The
user will put its credentials to authenticate with the third party
authenticator in order to gain secure access to the database server present in
cloud.

Step 3. After the credentials in the form
of username and password, the trusted third party will send its request for
further authentication process.

Step 4. The authentication process and the
user receives the token which allows it to access its data present in cloud
data server.

Step 5. All the requests made after the
authentication process is directly processed by the data server itself.

Step 6. After
the user is done using the data present in cloud, it logs out from its
credentials and all the active sessions to that user are closed.

V. CONCLUSION

 

We have proposed a solution which provides high end security by decreasing
the time stamp and narrowing the time window for hackers to breach the data to
preventing data leakages.

Acknowledgement

It
gives us great pleasure presenting the project paper on ‘Data Leakage
Prevention in Cloud Computing Using Trusted Third Party Authentication’. We
would like to take this opportunity to thank our guide Prof. Suresh B Rathod
for giving us all the help and guidance we needed.

References

1 Carlos Andre
Batista de Carvalho, Miguel Franklin de Castro, Rossana Maria de Castro
Andrade, “Secure
cloud storage service for detection of security violations”, 978-1-5090-6611-7/17/$31.00
© 2017 IEEE

2 T.Brindha, R.S.Shaji, “An Analysis of Data Leakage
and Prevention Techniques in Cloud Environment”,
978-1-4673-9825-1/15 /$31.00 ©20 15 IEEE

3 Eko Sediyono,
Kartika Imam Santoso, Suhartono, “Secure Login by Using One-time Password
Authentication Based on MD5 Hash Encrypted SMS”, 978-1-4673-6217-7/13/$31.00
c 2013 IEEE

4 Dahui Hu, Zhiguo Du,
“An Improved Kerberos Protocol Based on Fast RSA Algorithm”, 978-1-4244- 6 9 4 3- 7/10/$26.00 ©2010 IEEE

5 Mehdi Hojabri, K.Venkat Rao, “Innovation in cloud computing: Implementation of
Kerberos version 5 in cloud computing in order to enhance the security issues”.

6
Zakariae Tbatou, Ahmed Asimi, Younes Asimi, Yassine Sadqi, “Kerberos V5: Vulnerabilities and
perspectives”, 978-1-4673-9669-1/15/$31.00 ©2015 IEEE

7 Catargiu Raluca, Borda
Monica, “Using Kerberos to Secure TLS Protocol”, 978-1-4244-8460-7/10/$26.00
©2010 IEEE

8 Neeraj Kumar, Vijay Katta, Himanshu Mishra, Hitendra Garg,
“Detection of Data Leakage in Cloud Computing Environment”,
978-1-4799-6929-6/14 $31.00 © 2014 IEEE

9
Fadi Al-Ayed, Hang Liu, “Synopsis of Security: Using Kerberos Method to Secure
File Transfer Sessions,”, 978-1-5090-5510-4/16 $31.00 © 2016 IEEE

10
Nan Zhangl, Xiaoyu Wul, Cheng Yangl, Yinghua Shen, Yingye Chengl, “Light weight
authentication and authorization solution based on Kerberos”, 978-1-4673-9613-4/16/$31.00 ©2016 IEEE

11
Yun-yun Du, Hong-yun Ning, Ping Yang, Yan-xia Cui, “Improvement in Kerberos
Protocol based on the dynamic password and one time public key”, 978-1-4799-5151-2/14/$31.00 ©2014 IEEE

12 Xiaoling Zheng, Jidong Jin, “Research for application and safety of MD5
algorithm in password authentication”, 978-1-4673-0024-7/10/$26.00
©2012 IEEE

x

Hi!
I'm Brenda!

Would you like to get a custom essay? How about receiving a customized one?

Check it out