An approach for secured data transmission at client end in cloud computing

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME
381
AN APPROACH FOR SECURED DATA TRANSMISSION AT CLIENT END
IN CLOUD COMPUTING
Suvendu Chandan Nayak, Sasmita Parida
Department of Computer Science & Engineering,
C.V. Raman College of Engineering, Bhubaneswar, India
ABSTRACT-
Now a day’s cloud computing is the most recent network infrastructure architecture model
which provides convenient, on-demand access to a shared pool configurable computing resources. In
this paper we proposed an algorithm for data security for Software as a Service (SaS) model. When a
client is accessing the applications from the cloud service provider the client is not aware of getting
the right data from the authorized cloud or unauthorized cloud. Because during transmission the
attacker may hack the authorization and bypass to any fake cloud. In this paper we are using the
authorization function along with a key .The key is updated in both end at client and cloud server.
During transmission the updated key is verified for authorization. Though the key is updated during
transmission it is too difficult for middle ware attacker in cloud as compared to private key and
public key concept.
Keywords: Authorization, Attacker, Private Key, Public Key, SaS.
I. INTRODUCTION
In today’s competitive environment, the service dynamism, elasticity, and choices offered by
the highly scalable technology are too attractive for enterprises. The most suitable emerging
technology is cloud computing which provides many opportunities for enterprises by offering a
range of computing services. Cloud computing demanding from m its audience to such as “secure
cloud” or “Trust me” do not help much to boost the trust level of consumers [5].
Cloud computing is typically classified based on either their deployment or service models
represents cloud models based on the NIST definition framework [1]. Cloud deployment models can
be classified as private, public, community, and hybrid cloud. According to IDC [2], the most
beneficial aspects of using cloud include fast and easy deployment, the pay-per-use model, and
reduction of in-house IT costs. However, they also point out that security is the most important issue
to be addressed in order to promote the widespread use of cloud computing. Broadly speaking, trust
means an act of faith confidence and reliance in something that’s expected to behave or deliver as
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 4, Issue 4, July-August (2013), pp. 381-389
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)
www.jifactor.com
IJCET
© I A E M E

382
promised [3].Belief in the competence and expertise of others, such that you feel you can reasonably
rely on them to care for your valuable assets is described in [4].
Security plays a central role in preventing service failures and cultivating trust in cloud
computing. In particular, cloud service providers need to secure the virtual environment, which
enables them to run services for multiple clients and offer separate services for different clients.
Cloud computing security concerns all the aspects of making cloud computing secure. Many of these
aspects are not unique to the cloud setting: data is vulnerable to attack irrespective of where it is
stored. Therefore, cloud computing security encompasses all the topics of computing security,
including the design of security architectures, minimization of attack surfaces, protection from
malware, and enforcement of access control. But there are some aspects of cloud computing security
that appear to be specific to that domain [6].
Researchers have proposed number of security algorithms, security challenges, and security
issues for cloud computing within a few years, till it is a big challenge for the researchers. The
proposed security algorithms are based upon the traditional security solutions using public or private
key concept . During transmission of the data or information the middle ware attacker can modify the
integrity and scalability of these data or information. In this paper we proposed an algorithm by
using authentication function and key which is updated during transmission of the data or
information in both ends. The key value will be checked by sending the request message at any
instance during transmission for secured data or information transmission in between client and
service provider.
The layout of the remainder of this paper is given as follows: In Section II, a review of
literature has been presented in the area of security issues, security challenges and different solutions.
The proposed system is described in Section III. In section IV the algorithm is proposed for middle
man attack and packet dropping. However conclusion and possibilities for future work are illustrated
in Section V.
II. STATE OF THE ART
When enterprises consign their data to cloud computing (data representing both their own
interests and those of their clients), it creates two folds of a complex trust relationship. First, the
enterprise must trust the cloud provider. Second, the enterprise must ascertain that its clients have
enough reason to trust the same provider[7] .In a typical application, the user is compensated if the
service isn’t delivered as expected. Cloud providers similarly use service-level agreements (SLAs) to
boost consumers’ trust. Unfortunately, these might not help in cloud computing.
The basic challenge is in poor key management procedures. As noted in a recent European
Network and Information Security Agency study,[8] cloud computing infrastructures require
management and storage of many different kinds of keys.Besause virtual machines don’t have a
fixed hardware infrastructure and cloud-based content is often geographically distributed, it’s more
difficult to apply standard controls—such as hardware security module (HSM) storage—to keys on
cloud infrastructures. Finally, security metrics aren’t adapted to cloud infrastructures. Currently,
there are no standardized cloud-specific security metrics. that cloud customers can use to monitor the
security status of their cloud resources. Until such standard security metrics are developed and
implemented, controls for security assessment, audit, and accountability are more difficult and
costly, and might even be impossible to employs standardized cloud-specific security metrics, that
cloud customers can use to monitor the security status of their cloud resources. Until we develop and
implement usable logging and monitoring standards and facilities, it’s difficult—if not impossible—
to implement security controls that require logging and monitoring [9].
The importance of ensuring the remote data integrity has been highlighted by the researcher
in [10]–[11]. These techniques, while can be useful to ensure the storage correctness without having

383
users possessing data,can not address all the security threats in cloud data storage, since they are all
focusing on single server scenario and most of them do not consider dynamic data operations. As an
complementary approach, researchers have also proposed distributed protocols [12]–[13] for
ensuring storage correctness across multiple servers or peers.
In order for enterprises to extend control to data in the cloud, the researcher proposed shifting from
protecting data from the outside (system and applications which use the data) to protecting data from
within. We call this approach of data and information protecting itself information-centric [14], [15],
[16] . This self-protection requires intelligence be put in the data itself. Data needs to be self-
describing and defending, regardless of its environment. Data needs to be encrypted and packaged
with a usage policy. When accessed, data should consult its policy and attempt to re-create a secure
environment using virtualization and reveal itself only if the environment is verified as trustworthy
(using Trusted Computing). Information-centric security is a natural extension of the trend toward
finer, stronger, and more usable data protection.
In Fig-1 the user’s data is stored in the cloud server. The cloud service provider has number
of cloud servers in distributed manner. The user is unknown where the data is stored or accessed. To
provide the trust different mechanism are proposed for cloud security which is discussed early.TPA
(Third Party Auditor)is one of them which is optional. When an user communicating for data flow
with cloud server TPA monitors communication for security purpose. If security fails the TPA
alarms both the user and cloud service provider.TPA is completely depends upon the user’s trust,
though the security is provided by third party. K. Vieira, A. Schulte have discussed Intrusion
Detection System (IDS) is the most popular method of defense the attacks [17].
Fig-1: Cloud data storage and access architecture
In case IDS each cloud should be loaded with separate IDS. The different intrusion detection
systems work on the basis of information exchange. In case a specific cloud is under attack, then the
co-operative IDS alert the whole system. IDS is provides security to the cloud not the client. It is not
providing any mechanism for man in middle attack when data flow takes place. A detailed study
towards preventing man in the middle attacks has been presented in [18].
In this work we proposed an algorithm which can implemented for secured data transmission.
When the client gets authentication from the cloud server for use of any application the middle ware
attacker may hack the data during transmission. The client may not sure about the application from
authorized cloud or fake cloud. This proposed work also detect the packet loss during transmission
using the key and key function.

384
III. PROPOSED SYSTEM
The cloud acts as a big black box, nothing inside the cloud is visible to the clients. The
Clients have no idea or control over what happens inside a cloud even if the cloud provider is honest,
it can have malicious system admins who can tamper with the VMs and violate confidentiality and
integrity. Clouds are still subject to traditional data confidentiality, integrity, availability, and privacy
issues, plus some additional attacks.
Cloud computing definitely makes sense if your own security is weak, missing features, or below
average.
Ultimately, if
• The cloud provider’s security people are “better” than yours (and leveraged at least as
efficiently),
• The web-services interfaces don’t introduce too much new vulnerability.
The cloud provider aims at least as high as you do, at security goals, then cloud computing
has better security.
In case of private cloud computing it is very challenging one to provide the proper security
for the client. Data encryption using private and public are used .But encryption does not provide any
information about the secured communication instead of data security during data communication
.Our proposed system provides both secured communication and packet loss during transmission.
The proposed system uses a function which is called key_function ( ) and the random number
which is called key.The key value is initially assigned with 0 (zero).The basic mechanism for the key
is that the key is incremented by one using key_function ( ) when the packet is sent or received .The
key will be updated by one for every packet in both the ends for receiving and sending of packets
.The packet may be request packet or acknowledgement packet or data packet.
During transmission of packet an user can sent a verifying packet along with the current key
to match the key values at sender end.Though the key is updated at both ends, by verifying the key a
client can be conform that the application transmitted from the sever is right one and there is no
middle man attack or in the middle of transmission the data packet is secured.
Fig-2 Data flow between client and cloud server
Fig-2 shows the data flow between client and cloud server by authorization. There are many
cloud servers, the cloud service provider verifies the authentication for the user. The basic problem is
after authorization the data should be securely transmitted to client end. Suppose the client is
accessing very sensitive data from the cloud server. The cloud service or the cloud server is not
providing any mechanism for the security of sensitive data. All responsibility goes to client. The data

385
packet may be tampered or may be modified or raw data packet may be send by a middle man
during transmission.
Fig-3 Man in middle attack
Fig-3 shows the work of a middle man attacker. The attacker may added some duplicate
packet and send to the client where the client is unable to get the actual data send by the server. In
the fig-4 green color packets are actual data packet and the red color packets are the modified
packets of actual packets modified by the middle man attacker. The attacker can take any data
packet(frame) and finding the source address, destination address and packet ID.Then creates the
new packets with the same identification and starts sending to the client instead of actual packet send
by cloud server.
In this work we proposed an algorithm to avoid this type of problems. When a client sends
request to the cloud server for communication, the server provides authentication and sends the
Key_function ( ) to authorized client along with the key value as 0(zero).Then starts sending the
packets.For each packets the key value is updated by one.After receiving few packets if the client
wants to verify the whether the communication is secured or not,the client sends the verifying packet
with the key.The key will be verified at the server end if key is mismatched the server stop sending
packets and disconnected the communication.Then reconnection request may send by the client.The
proposed system works as follows.
For Requesting Server
Client request
Key_function( )
Key=1
Fig-4 connecting to server
When the replay packet along with the key_function( ) is received at client the key is set as
1(key=1). Now both the end the key is equal i.e 1.Let assume that the key_function( ) is denoted as
kf( ) .And the key is a set of integer numbers denoted as K={k1,k2,k3,k4…..kn } starting from 0 to n.

386
Packet Transmission and packet loss detection
Client Server
Key=1 Key=1
K=2
K=2
K=5
K=5
K=6
K=5 Drop
K=6 NACK with k=5
K=6
K=7
K=7
Fig-5: Mechanism for packet loss and transmission
In the above discussion when the connection is established both end have the same key value
k=1 which is possible when the +ve ACK signal send by the server.The server sends the
key_function( ) along with +veACK signal and set its k=1 by the key_function( ).When the +veACK
received at client end the Key_function( ) sets client key i.e k=1.For every packet send by the srever
the key value k will be incremented by 1(one) by key_function( ). Similarly for every packet
received by the client the key will be incremented by 1(one) with the key_function( ) provided by
server.
Let a packet is dropped when the k=6 at server end. Though the packet is dropped client will
not received the packet. So the key at client end is k=5.When time out occurs the client sends
NACK with key value k=5.The key is received and matched with original key value k=6 at server
end by which the same packet is resend and key is again updated to k=7.
Man in Middle
In case of man in middle the packets containing data may be modified by the key hacked by
attacker. Attacker may send some duplicate packets to the client which is not containing actual data.
So the client should know that there is middle man attacker which is changing the actual data.In the
below scenario in the middle of data transmission client verifies whether the transmission is secured
or not and the transmitted from the authorized cloud or not.

387
Fig-6: Mechanism for detecting middle man attack
When the key value k=5 at server end, let the packet is modified by the middle man attacker.
The modified packet is receiver at client end and the key is set k=5.Now client verifies the
transmission by send the verifying packet with the updated key k=6.The verifying packet received at
server end and key is updated to k=7.After receiving verifying packet server sends an ACK with the
key k=7 and set k=8.Now the ACK packet contains k=7 .Though there is middle man attack the
ACK packet will be tampered or modified so the key which is not known to the attacker will be
modified. The packet received at client end matches the key in the ACK packet and its own key
value of k by key_function( ).If mismatch then there is middle man attack.
IV. PROPOSED ALGORITHM
In the proposed algorithm the key i.e k and key_function( ) are used in the server end and
initially k=0.For requesting server by the client the k anf key_function( ) are not used.It is provided
by server when the request is granted.
Server End(For Receiving packet)
[Initialize k=0].
Step 1:[verify received packet P]
if ( P is request packet)
Send ACK with key_function( ) and k=0
Call key_function( )
Step 2: if( P is verifying packet)
Send ACK with current value of k

388
call key_function( )
step 3: if(P is NACK)
Match received k value with current k value(Kr and Kc)
if(Kr is not equal Kc)
resend packet from k=kr
call key_function( )
Server End(Sending Packet)
Step 1: keep key value k and send packet
Client End(Receiving packet)
Step 1 :Match the both key
If(Kr is equal Kc )
else
data is not secured
disconnect and resend request to server for reconnection .
key_function( )
key_function( k)
{
Increment k by 1
}
V. CONCLUSION AND FUTURE WORK
The paper has proposed an algorithm and mechanism for detection of middle man attack and
packet drop during transmission. We have used a simple function and the key in the system which is
cost effective and easy to implement. This technique is robust and adaptive for secured data
transmission in cloud computing for sensitive data. This technique is robust and adaptive for secured
data transmission in cloud computing for sensitive data. The proposed system also provides the
mechanism for the client to know whether the data transmitted from the authorized server or not. The
mechanism that is proposed is completely client based instead of TPA. In the middle of data
transmission the client can verify whether the transmission is secured or not.
The above proposed system can be implemented and verified in different network topology
for secured data transmission. Instead of key_function( ) different hashing function can be used and
implemented in future.
REFERENCE
[1] Mell Peter, Grance Tim. Effectively and securely using the cloud computing paradigm,
<http://csrc.nist.gov/groups/SNS/cloud-omputing/cloudcomputing- v26.ppt> retrieved
18.04.11, 2011
[2] IDC Blogs. IT cloud services user survey, pt.2: top benefits & challenges; 2011.
<http://blogs.idc.com/ie/?p=210> retrieved 20.04.11.
[3] C. Costa and K. Bijlsma-Frankema, “Trust and Control Interrelations,” Group and
Organization Management,vol. 32, no. 4, pp. 392–406,2007.
[4] M. Lund and B. Solhaug, “Evolution in Relation to Risk and Trust Management,”
Computer,pp. 49–55, May 2010.
[5] D. Gambetta, “Can We Trust Trust?” Trust: Making and Breaking Cooperative Relations,
Basil Blackwell , pp. 213–237,1988.

389
[6] Chen, Y., Paxson, V., Katz, R.H. What’s new about cloud computing security? Technical
Report UCB/EECS-2010-5, Electrical Engineering and Computer Sciences, University of
California at Berkeley, 2010.
[7] B. Michael, “In Cloud Shall We Trust?” IEEE Security & Privacy, Sept./Oct. p. 3,2009.
[8] European Network and Information Security Agency (ENISA), Cloud Computing: Benefits,
Risks and Recommendations for Information Security,
www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk- NOV,2009.
[9] Bernd Grobauer, Tobias Walloschek, and Elmar Stöcker “Understanding Cloud Computing
Vulnerabilities” IEEE computer and reliability societies, march/april 2011
[10] A. Juels and J. Burton S. Kaliski, “PORs: Proofs of Retrievability for Large Files,” Proc. of
CCS ’07, pp. 584–597, 2007.
[11] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, “Scalable and Efficient Provable
Data Possession,” Proc. of SecureComm ’08, pp. 1–10, 2008.
[12] T. S. J. Schwarz and E. L. Miller, “Store, Forget, and Check: Using Algebraic Signatures to
Check Remotely Administered Storage,” Proc.of ICDCS ’06, pp. 12–12, 2006.
[13] K. D. Bowers, A. Juels, and A. Oprea, “HAIL: A High-Availability and Integrity Layer for
Cloud Storage,” Cryptology ePrint Archive, Report 2008/489, 2008, http://eprint.iacr.org/.
[14] Amazon's terms of use. http://aws.amazon.com/agreement.
[15] EMC, Information-Centric Security.
http://www.idc.pt/resources/PPTs/2007/IT&Internet_Security/12.EMC.pdf.
[16] Don’t cloud your vision.
http://www.ft.com/cms/s/0/303680a6-bf51-11dd-ae63-0000779fd18c.html?nclick_check=1.
[17] K. Vieira, A. Schulter, C. B. Westphall, and C. M. Westphall, “Intrusion detection techniques
for Grid and Cloud Computing Environment,” IT Professional, IEEE Computer Society, vol.
12, issue 4, pp. 38-43, 2010.
[18] Kapil Tomar, Niraj Singhal and Sunil Kumar, “Software as a Service Security: Challenges
and Solutions”, International Journal of Computer Engineering & Technology (IJCET),
Volume 2, Issue 1, 2011, pp. 53 - 60, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
[19] A.Madhuri and T.V.Nagaraju, “Reliable Security in Cloud Computing Environment”,
International Journal of Information Technology and Management Information Systems
(IJITMIS), Volume 4, Issue 2, 2013, pp. 23 - 30, ISSN Print: 0976 – 6405, ISSN Online:
0976 – 6413.
[20] Gurudatt Kulkarni, Jayant Gambhir and Amruta Dongare, “Security in Cloud Computing”,
International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1,
2012, pp. 258 - 265, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.

An approach for secured data transmission at client end in cloud computing

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (15)

Destaque

Destaque (8)

Semelhante a An approach for secured data transmission at client end in cloud computing

Semelhante a An approach for secured data transmission at client end in cloud computing (20)

Mais de IAEME Publication

Mais de IAEME Publication (20)

Último

Último (20)

An approach for secured data transmission at client end in cloud computing