Security in datacommunication is a very important concern today. Cloudcomputing is a revolutionary mechanism that changing way to enterprise hardwareand software design and procurements. Because of cloud simplicity everyone ismoving data and application software to cloud data centre. The Cloud serviceprovider (CSP) should ensure integrity, availability, privacy andconfidentiality but CSP is not providing reliable data services to customer andto stored customer data.
Securely sending and receiving data in the above area is an importantas the data is crucial. In today’s world the password security is veryimportant. If the confidentiality of the information of very high value,it should be protected.
If you want to stop the unauthorised disclosure oralteration of the information, secure it. Unauthorised persons access should be controlled andsecurity for the files in the cloud should be provided. The main focusof this paper is to combine the graphical password technique for login securityand cryptography for file security, thereby providing the user with highlysecured file securing system.Cryptographyis a technique which is used to protect the important data. Encryption is thescience of changing data so that it is unrecognisable and useless to anunauthorised person.
Decryption is changing it back to its original form. Forpassword protection various techniques are available. Cued Click Points are aclick-based graphical password scheme, a cued-recall graphical password technique.Cryptography and graphical password technique are well known and widely usedtechniques that manipulate information (messages) in order to cipher or hidetheir existence respectively. Cryptography scrambles a message so it cannot beunderstood.
In this paper we will focus to develop one system, which uses bothcryptography and graphical password technique for better confidentiality andsecurity. Presently we have very secure methods for both cryptography andgraphical password authentication – AES algorithm is a very secure techniquefor cryptography and Cued Click Points (CCP) is a proposed click-basedgraphical password scheme for graphical password authentication. Even if wecombine these techniques straight forwardly, there is a chance that the intrudermay detect the original message. Therefore, our idea is to apply both of themtogether with more security levels and to get a very highly secured system fordata hiding. This paper mainly focuses on to develop a new system with extrasecurity features where a meaningful piece of text message can be hidden bycombining security techniques like Cryptography and graphical passwordauthentication. Authenticationis the process of determining whether a user should be allowed to access to aparticular system or resource. User can’t remember strong password easily andthe passwords that can be remembered are easy to guess.
A passwordauthentication system should encourage strong and less predictable passwordswhile maintaining security. This password authentication system allows userchoice while influencing users towards stronger passwords. The task ofselecting weak passwords (which are easy for attackers to guess) is moretedious, avoids users from making such choices.
Ineffect, this authentication schemes makes choosing a more secure password thepath-of-least-resistance. Rather than increasing the burden on users, it iseasier to follow the system’s suggestions for a secure password — a featureabsent in most schemes.GRAPHICAL PASSWORD AUTHENTICATIONVariousgraphical password schemes have been proposed as alternatives to text-basedpasswords. Research has shown that text-based passwords are filled with bothusability and security problems that make them less desirable solutions. Studiesrevealed that the human brain is better at recognizing and recalling imagesthan text.
Graphical passwords are meant to capitalize on this humancharacteristic in hopes that by reducing the memory burden on users, coupledwith a larger full password space offered by images, more secure passwords canbe produced and users will not resort to unsafe practices in order to cope.Graphicalpasswords may offer better security than text-based passwords because most ofthe people, in an attempt to memorize text-based passwords, use plain words(rather than the jumble of characters). A dictionary search can hit on apassword and allow a hacker to gain entry into a system in seconds.
But if aseries of selected images is used on successive screen pages, and if there aremany images on each page, a hacker must try every possible combination atrandom.CUED CLICK POINTSCuedClick Points (CCP) is a graphical password scheme. In CCP, users click onepoint on each image rather than on four points on one image. It offerscued-recall and introduces visual cues that instantly alert valid users if theyhave made a mistake when entering their latest click-point. It also makesattacks based on hotspot analysis more challenging.TheCued Click-Point method is very usable and provides great security usinghotspot technique. By taking advantage of user’s ability to recognize imagesand the memory trigger associated with seeing a new image. Cued Click Point ismore secure than the previous graphical authentication method such as PassPoint Graphical Password.
CCP increases the workload for attackers by forcingthem to first acquire image sets for each user, and then analyze for hotspot oneach of these images. Cued Click-Points method has advantages over otherpassword schemes in terms of usability, security and memorable authenticationmechanism. SYSTEM DESIGN Thesystem designed consists of three modules: user registration module, pictureselection module and system login module.Inuser registration module user enters the user name in user name. When userentered the all user details in registration phase, this user registration datais stored in data base and used during login phase for verification. In pictureselection phase the pictures are selected by the user from the database of thepassword system.
In picture selection phase user select anyimage as passwords and consist of a sequence of four click-points on a givenimage. Users may select any pixels in the image as click-points for theirpassword. Users must select a click-point in the image and proceed on the nextimage. During system login process, images are displayed normally, withoutshading or the viewport, and repeat the sequence of clicks in the correctorder, within a system-defined tolerance square of the original click-points. CLOUDDATA STORAGE CHALLENGES & ISSUESThecloud computing does not provide control over the stored data in cloud datacenters. The cloud service providers have full of control over the data, theycan perform any malicious tasks such as copy, destroying, modifying, etc.
Thecloud computing ensures certain level of control over the virtual machines. Dueto this lack of control over the data leads in greater security issues than thegeneric cloud computing model.Theonly encryption doesn’t give full control over the stored data but it givessomewhat better than plain data.IDENTITYMANAGEMENT AND ACCESS CONTROL The integrityand confidentiality of data and services are related with access control andidentity management. It is important to maintain track record for user identityfor avoiding unauthorized access to the stored data.
The identity and accesscontrols are complex in cloud computing because of that data owner and storeddata are at different executive platforms. In cloud environment, differentorganizations use variety of authentication authorization agenda. By usingdifferent approaches for authentication and authorization gives a compoundsituation over a period of time. The cloud resources are dynamic and areelastic for cloud user and IP addresses are continuously changed when servicesare started or restarted in pay per usage model. That allows the cloud users tojoin and leave feature to cloud resources when they required i.e., on-demandaccess policy.
All these features need efficient and effective access controland identity management. The cloud has to maintain quickly updating andmanaging identity management for joining and leaving users over cloudresources. There are many issues in access control and identity management, forexample weak credentials may reset easily, denial of service attack to lock theaccount for a period of time, Weak logging andmonitoring abilities, and XML wrapping attacks on web pages. Aninsider threat can be posed by employees, contractors and /or third partybusiness partners of an organization. In cloud environment i.e.
, at CloudService Provider (CSP) side attacks leads to loss of user’s informationintegrity, confidentiality, and security. This leads to information loss orbreaches at both environments. This attack is precious and it is well known tomost of the organization 7.There is variety of attack patterns performed byinsiders because of sophistication about internal structure of an organizationdata storage structure. Most organizations ignoring this attack because it isvery hard to defend and impossible to find the complete solution for thisattack. This attack ensures great risk in terms of data breaches and loss confidentialityat both organization and cloud level.
Attacksthat come from external origins are called outsider attacks. Data security is one of the important issuein cloud computing. Since service providers does not have permission for accessto the physical security system of data centre. But they must depend on theinfrastructure provider to get full data security.
Ina virtual private cloud environment, the service provider can only specify thesecurity setting remotely, and we don’t know exactly those are fullyimplemented. In this Process, the infrastructure provider must reach thefollowing objectives: confidentiality, for secure data transfer and access, andaudit ability. So that outside intruders can’t access sensitive data which isstored in cloud. ALGORITHMUSED OnJanuary 1997 in the US, the National Institute of Standards and Technology(NIST) announced a contest to develop a new encryption system and asked forsome important restrictions. The developed system had to be publicly disclosed,unclassified, free for use worldwide, usable with 128, 192, and 256 bit keysizes, and symmetric block cipher algorithms for blocks of 182 bits.
On 26 May2002, 3DES was replaced by Advanced Encryption standard (AES) . AES and 3DESare commonly used block ciphers, and which one to choose depends on therequirement. AES outperforms 3DES both in software and in hardware. AESis based on the Rijndael algorithm, created by Joan Daemen and Vincent Rijmen,which is a combination of a strong algorithm with a strong key. The Rijndaelblock cipher can use different block and key lengths, such as 128, 192, and 256bit. This versatility can produce faster and more secure symmetric blockciphers. Another algorithm which might be considered as an alternative to theRijndael block cypher is the Twofish algorithm, which can use blocks of 128bits with keys up to 256 bits.
The Rijndael algorithm’s combination ofsecurity, performance, efficiency, implementability, and flexibility made it anappropriate selection for AES.1. NEEDFOR RIJNDAEL ALGORITHMWhenit comes to security, the winner is undoubtedly AES as it is consideredunbreakable in practical use. After discussing the flaws of DES, thus of 3DESas well, it may seem that DES is insecure and no longer of any use, but that isnot the case. The 1997 attack required a great deal of cooperation and the 1998machine is too expensive to implement, and so the DES and 3DES algorithms arestill beyond the capability of most attacks in the present day. However, thepower of computers is increasing and stronger algorithms are required to facehacker attacks. The response to that requirement is AES. It has been designedin software and hardware and it works quickly and efficiently, even on smalldevices such as smart phones.
With a larger block size and longer keys using a128 bit block and with 128, 192 and 256 bit keys, respectively, AES willprovide more security in the long term. 2. AESALGORITHM FOR CRYPTOGRAHYThis standardspecifies the Rijndael algorithm, a symmetric block cipher that can processdata blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256bits. The input, the output and the cipher key for Rijndael are each bitsequences containing 128, 192 or 256 bits with the constraint that the inputand output sequences have the same length. In general the length of the inputand output sequences can be any of the three allowed values but for theAdvanced Encryption Standard (AES) the only length allowed is 128. ADVANTAGESThere are some of the advantages for the users .They are,Ø VerySecure.
Ø ReasonableCost Ø FlexibilityØ Simplicity WORKING PROCESS 1.CRYPTO WORKForCrypto work the following steps are considered for encrypting the data: Ø Inserttext for encryption. Ø ApplyAES algorithm using 128 bit key (Key 1). Ø GenerateCipher Text in hexadecimal form. 2.CRYPTOWORK REVERSEForCrypto work the following steps are considered for retrieving the originaltext. Ø Getthe above retrieved cipher text.
Ø ReverseAES algorithm by using Key 1. Ø Get the originalmessage. Forboth its Cipher and Inverse Cipher, the AES algorithm uses a round functionthat is composed of four different byte-oriented transformations: Ø Byte substitution using a substitution table (S-box), Ø Shifting rows of the State array by different offsets, Ø Mixing the data within each column of the State array, and Ø Adding a Round Key to the State. 3. ENCRYTIONIn encryption mode, the initial key is added to the input value atthe very beginning, which is called an initial round. This is followed by 9iterations of a normal round and ends with a slightly modified final round, asone can see in Figure 2.
During one normal round the following operations areperformed in the following order: Sub Bytes, Shift Rows, Mix Columns, and AddRound key. The final round is a normal round without the Mix Columns stage.Steps in AES Encryption Ø Sub Bytes—a non-linear substitution step where each byte isreplaced with another according to a lookup table. Ø Shift Rows—a transposition step where each row of the state isshifted cyclically a certain number of steps. Ø Mix Columns—a mixing operation which operates on the columns ofthe state, combining the four bytes in each column Ø Add Round Key—each byte of the state is combined with the roundkey; each round key is derived from the cipher key using a key schedule 4. DECRYPTIONIndecryption mode, the operations are in reverse order compared to their order inencryption mode. Thus it starts with an initial round, followed by 9 iterationsof an inverse normal round and ends with an AddRoundKey.
An inverse normalround consists of the following operations in this order: AddRoundKey,InvMixColumns, InvShiftRows, and InvSubBytes. An initial round is an inversenormal round without the InvMixColumns. AESAPPLICATIONSAESEncryption and Decryption has many applications.
It is used in cases where datais too sensitive that only the authorized people are supposed to know and notto the rest. The following are the various applications Secure CommunicationØ SmartCards Ø RFID.Ø ATMnetworks.
Ø Imageencryption Secure StorageØ ConfidentialCooperate Documents Ø GovernmentDocuments Ø FBIFiles Ø PersonalStorage Devices Ø PersonInformation ProtectionCONCLUSION Thefield of Cloud Storage Security, especially Cryptography, can create a newsafer environment in the present world and can change the threats related tothe file security. In this project we have presented a new systemfor the combination of cryptography and Graphical Password authentication. The main advantage of this Crypto/GPA Systemis that the method used for encryption, AES, is very secure and the Cued ClickPoints ( CPP) techniques are very hardto detect. CuedClick Points (CPP), especially combined with cryptography, is a powerful toolwhich enables people to communicate with some confidence about the securitylevel their data’s are provided with. TheCued Click-Point method is very usable and provides great security usinghotspot technique. By taking advantage of user’s ability to recognize imagesand the memory trigger associated with seeing a new image. Cued Click Point ismore secure than the previous graphical authentication methods.
Cryptographywith AES (Rijndael) algorithm provides safer and secured encryption anddecryption of files to the users. AES works quickly and efficiently, even onsmall devices such as smart phones. With a larger block size and longer keysusing a 128 bit block and with 128, 192 and 256 bit keys, respectively, AESwill provide more security in the long term. CCP increases the workload forattackers by forcing them to first acquire image sets for each user, and thenanalyze for hotspot on each of these images.
Cued Click-Points method hasadvantages over other password schemes in terms of usability, security andmemorable authentication mechanism. AES increases the workload for attackers byforcing to decrypt a file two times to hack the data’s of the file. Thus thissystem provides security to user at the authentication level and cryptotechniques for secured file maintenance in the cloud environment.