ISBN-13: 978-1535305198

Proceedings of ICTPEA-2016

A Novel Approach for Enhancing Security in Multi- Cloud

Environment
(Static System Component based Dynamic Key Generation)
* Nandha raj.C III Year Student, # K.Sudharson - Asst.Professor
Department of Information Technology,
S.A.Engineering College,
*sudharson@saec.ac.in, #nandha6197@gmail.com

with prioritized access to the CPU and efficiency for the end

Abstract- Cloud computing provides a large scale

users.

computing resources to various customers and developers. The

resource

transformation

between

customers

and

cloud

After the dot-com bubble, Amazon played a key

maintenance can be easily threatened by the various cyber

role in all the development of cloud computing by

attacks, because cloud computing provide the service to many

modernizing their data centers, which, like most computer

customers who are not proven to be trustworthy. Therefore cloud

computing system needs to provide some fair and secure resource

networks, were using as little as 10% of their capacity at any

exchanges between customers. Cloud computing is an efficient

one time, just to leave room for occasional spikes. Having

way to power the IT industry, however security is a major

found that the new cloud architecture resulted in significant

concern that we must consider before moving our data to the

internal efficiency improvements whereby fast-moving

Cloud, Hence we proposed User-End Generated 16 character

key code to provide security to the cloud computing

teams that were quite small could add new features faster

environment. Based on User End Generated security system we

and more easily, Amazon initiated a new product

can reduce the role of the third party just to verify the code, we

development effort to provide cloud computing to external

can heighten security. This method gives the Client complete

customers, and launched Amazon Web Services (AWS) on a

anonymity about the password to the Cloud Host.

utility computing basis in 2006.

Keywords cloud computing; authentication; UEG-16;

In early 2008, Eucalyptus became the first open-

data storage, security

source, AWS API-compatible platform for deploying private

I. INTRODUCTION

clouds. In early 2008, OpenNebula, enhanced in the

In the 1990s, telecommunications companies, who

RESERVOIR

European

Commission-funded

project,

previously offered primarily dedicated point-to-point data

became the first open-source software for deploying private

circuits, began offering virtual private network (VPN)

and hybrid clouds, and for the federation of clouds. In the

services with comparable quality of service, but at a lower

same year, efforts were focused on providing quality of

cost. By switching traffic as they saw fit to balance server

service guarantees (as required by real-time interactive

use, they could use overall network bandwidth more

applications)

effectively. They began to use the cloud symbol to denote

framework of the IRMOS European Commission-funded

the demarcation point between what the providers was

project, resulting to a real-time cloud environment. By mid-

responsible for and what users were responsible for. Cloud

2008, Gartner saw an opportunity for cloud computing "to

computing extends this boundary to cover servers as well as

shape the relationship among consumers of IT services,

the network infrastructure.

those who use IT services and those who sell them and

to

cloud-based

infrastructures,

in

the

As computers became more prevalent, scientists

observed that organizations are switching from company-

and technologists explored ways to make large-scale

owned hardware and software assets to per-use service-

computing power available to more users through time

based models so that the projected shift to computing will

sharing, experimenting with algorithms to provide the

result in dramatic growth in IT products in some areas and

optimal use of the infrastructure, platform and applications

significant reductions in other areas.

www.iirdem.org

IIRDEM 2016

ISBN-13: 978-1535305198

Proceedings of ICTPEA-2016
storage space. Other researchers have been able to peek into
other tenants' memory and IP address space. A few have

II. CHARACTERISTICS OF CLOUD COMPUTING

been able to take over another tenant's computing resources

in totality by simply predicting what IP or MAC addresses

Cloud Computing has the following characteristics:

were assigned.

Availability of large computing infrastructure on

need basis: Cloud vendors provide appearance of infinite

Multitenancy security issues are just now becoming

computing infrastructure availability. This is available to

important to most of us, and the vulnerabilities within are

organizations on need basis. This ensures that organizations

starting to be explored. The best precursor example is a

do not need to set up servers for their peak requirements. As

single website placed on a Web server with hundreds or

an example consider the official Wimbledon site. The site

even thousands of other, unrelated websites. If history is any

gets extremely high traffic in the two weeks when the

guide -- it usually is -- multitenancy will be a big problem

championship happens. For this two weeks period this site

over the long haul.

will have high server usage. For rest of the year the site will

Cloud risk No. 2: Virtual exploits

need to only pay for the reduced usage. In general

Every large cloud provider is a huge user of virtualization.

organizations do not need to bear the cost of computing

However, it holds every risk posed by physical machines,

infrastructure for their peak loads. The usage of computing

plus its own unique threats, including exploits that target the

resources can be increased or reduced on need basis, is

virtual server hosts and the guests. You have four main

called elastic computing.

types of virtual exploit risks: server host only, guest to

Cloud computing does not involve any significant capital

guest, host to guest, and guest to host. All of them are

expenditure for the organization. Unlike traditional IT

largely unknown and uncalculated in most people's risk

infrastructure, in cloud computing organizations just use the

models

computing services without procuring it. In some sense

To up the ante, the cloud customer typically has no idea

cloud computing involves renting the computing resources

what virtualization products or management tools the vendor

instead of buying them. As the figure below displays, unlike

is running. To shed some light on this risk, ask your vendor

traditional computing model, Cloud computing requires no

the following questions: What virtualization software do you

capital expenditure to acquire initial computing resources

run? What version is it on now? Who patches the

virtualization host and how often? Who can log into each

III. ISSUES IN CLOUD COMPUTING

Cloud risk No. 1: Shared access

virtualization host and guest?

Cloud risk No. 3: Authentication, authorization, and

One of the key tenets of public cloud computing is

access control

multitenancy, meaning that multiple, usually unrelated

Obviously, your cloud vendor's choice of authentication,

customers share the same computing resources: CPU,

authorization, and access control mechanisms is crucial, but

storage, memory, namespace, and physical building.

a lot depends on process as well. How often do they look for

Multitenancy is a huge known unknown for most of us. It's

and remove stale accounts? How many privileged accounts

not just the risk of our private data accidentally leaking

can access their systems -- and your data? What type of

to other tenants, but the additional risks of sharing

authentication is required by privileged users? Does your

resources. Multitenancy exploits are very worrisome

company share a common namespace with the vendor

because one flaw could allow another tenant or attacker to

and/or indirectly with other tenants? Shared namespaces and

see all other data or to assume the identity of other clients.

authentication to create single-sign-on (SSO) experiences

Several new classes of vulnerabilities derive from the shared

are great for productivity, but substantially increase risk.

nature of the cloud. Researchers have been able to recover

other tenants' data from what was supposed to be new

www.iirdem.org

IIRDEM 2016

ISBN-13: 978-1535305198

Proceedings of ICTPEA-2016

Data protection is another huge concern. If data encryption

Single Sign On:

is used and enforced, are private keys shared among

Single sign-on (SSO) is a property of access control of

tenants? Who and how many people on the cloud vendor's

multiple related, but independent software systems. With

team can see your data? Where your data is physically

this property a user logs in once and gains access to all

stored? How is it handled when no longer needed? Many

systems without being prompted to log in again at each of

are not sure how many cloud vendors would be willing to

them. Conversely, Single sign-off is the property whereby a

share detailed answers to these questions, but we have to at

single action of signing out terminates access to multiple

least ask if we want to find out what is known and unknown.

software systems.

Cloud risk No. 4: Availability

Drawback:

When you're a customer of a public cloud provider,

redundancy and fault tolerance are not under your control.

This system relies heavily on a single Master password. If

Usually what's provided and how it's done are not disclosed.

it is compromised, the security fails.

It's completely opaque. Every cloud service claims to have

One Time Password:

fantastic fault tolerance and availability, yet month after

month we see the biggest and the best go down for hours or

This involves receiving a password that is randomly

even days with service interruptions.

generated. The user must key in the OTP within a specific

Of even bigger concern are the few instances in which

time frame.

customers have lost data, either due to an issue with the

Drawback:

cloud provider or with malicious attackers. The cloud

Intercepting the data packet carrying the OTP over a period

vendor usually states that they do awesome, triple-protected

of time, may expose the innate algorithm of the OTP. The

data backups. But even in cases where vendors said that data

larger the time frame, the greater risk of decryption.

backups were guaranteed, they've lost data -- permanently.

If possible, your company should always back up the data

V. PROPOSED SYSTEM

it's sharing with the cloud or at least insist on legalese that

We propose to develop a code, with the following algorithm.

has the right amount of damages built in if that data is lost

A small working model is built in Java.

forever.

1) Identify two systems which are related in the cloud as

Cloud risk No. 5: Ownership

Host and Client.

This risk comes as a surprise to many cloud customers, but

2) Obtain the Disk number of the Host and Client during the

often the customer is not the only owner of the data. Many

Registration phase, these details are sent to the Master

public cloud providers, including the largest and best

server.

known, have clauses in their contracts that explicitly

Note: A Disk number is a unique identification number that

states that the data stored is the provider's -- not the

identifies the Drive of a computer. This is generated as the

customer's.

system partitions the drives.

Cloud vendors prefer owning the data because it gives them

3) obtain the mother-board number of the Host and Client

more legal protection if something goes wrong. Plus, the

system,

Cloud service provider could search and mine customer

Note:

data to create additional revenue opportunities for

this

is

sent

to

the

Master

server.

A Mother Board number is etched during

manufacture. It cannot be spoofed or modified.

themselves. We must make sure that this known unknown is

4) Obtain the Clients password and fingerprint. The Hosts

on lockdown: Who owns clients data and what can the

password is obtained processed and then stored by the

cloud provider do with it?

Master server.

IV. CURRENT TECHNOLOGIES TO SECURITY IN CLOUD

www.iirdem.org

IIRDEM 2016

ISBN-13: 978-1535305198

Proceedings of ICTPEA-2016

5) A Biometric scanner is used to verify the fingerprints.

5) As the parameters cannot be spoofed, it is fool proof.

Install a java code in Host and client, which must identify

6) The time window for entering the UEG-16 code is 2

the Disk number and Mother Board number of the system,

minutes, after which the code becomes invalid. Thus it is

verify their respective passwords and then produce a

suitable 16 character code by calculating the

more secure with an optimal time-out mechanism.

time, an
Requirements:

arbitrary Hash function on the Disk number and Mother

1) The system time and date must be in synchronization

board number and the user's password.

with the I.S.T (Indian Standard Time)

4) When the client logs in by the UEG-16 code, the Master

server accepts the code from the client. Simultaneously it

2) Due to the involvement of the regulating body, the Client

would notify the host to generate the UEG-16 code from its

should bear a small increase in cost for greater security.

end.

3) Any change of Mother Board or formatting the Drives

5) The UEG-16 code of the host is generated automatically

must be intimated to the Regulating body.

upon receiving the notification from the Master server, and

Growth of UEG-16:

is then sent to the Master server for authentication. If it is

beyond Office hours a notification is sent to the admin of

Due to time constraints, GUI models for the Registration

the Client organization and awaits his/her permission to

phase and the incorporation of Biometric scanner is in the

generate the UEG 16 code. A time window of 2 minutes is

pipeline. It is expected to be completed in 3 weeks.

granted to complete the process

VI.

6) If the Master server receives a one sided request, it would

CONCLUSION AND FUTURE WORK

To sum up, Cloud computing is an efficient way to power

deny access and create a "log" about the failure after 5

the IT industry, however security is a major concern that we

unsuccessful attempts.

must consider before moving our data to the Cloud. By

7) If the client or host enters their respective password

using a User End Generated security system and reducing

incorrectly for 5 attempts, then it closes the respective

the role of the third party just to verify the code, we can

connection and creates a log entry.

heighten security. This method gives the Client complete

8) If the UEG-16 code is correct, the access to Cloud is

anonymity about the password to the Cloud Host. Thus

granted.

Cloud security can be enhanced by this "User-End

Merits:

Generated 16 character key code ".

1) The Client and the Host have complete isolation in terms

REFERENCES
[1] Amazon Web Services, Online at http://aws.amason.com.
[2] Google App Engine, On line at http://code.google.com/appengine/.
[3] Shucheng Yu, Cong Wang, Kui Ren, Wenjing Lou, Achieving
Secure, Scalable, and Fine-grained Data Access Control in Cloud
Computing,IEEE INFOCOM 2010 proceedings.
[4] M. R. Tribhuwan, V. A. Bhuyar, Shabana Pirzade, Ensuring Data
Storage Security in Cloud
Computing
through
Two-way
Handshake based on Token Management, IEEE ARTCom 2010
[5]Qian Wang, Cong Wang, Jin Li, Kui Ren, Wenjing Lou, Enabling
Public
Verifiability
and
Data
Dynamics
for
Storage Security in Cloud Computing, ESORICS 2009
[6]Cong Wang, Qian Wang, Kui Ren, Wenjing Lou,Ensuring Data Storage
Security in Cloud Computing, IEEE, IWQoS. 17th International 2009.

of Passwords. The Cloud provider need not know the

Client's password or key.
2) The Host cannot attempt to steal the user's data, if any
attempt is made, the Client will be notified by Log
statements.
3) A third party regulates and checks the data access;
therefore it does not come under the control of the Cloud
provider.
4) The Key is generated within the system. Therefore
Hackers cant hack the network to track or take the Network
packet carrying the Hash key-code.

www.iirdem.org

IIRDEM 2016