Collaborative approach for efficient authentication, data auditing, and data availability in cloud computing

Abstract

Cloud computing is the next-generation computing technology which provides different “ondemand” services by dynamically sharing resources among multiple users over Internet. This technology can easily be adopted by novice end users. However, various security threats have been introduced into the CIA (confidentiality, integrity, and availability) triad of cloud. To manage these threats, two types of approaches have been followed. The first approach uses isolation of network resources, users, and applications and the second approach ensures secure software design, and formal and strict testing procedures. Recent experience shows that both approaches are irrelevant to the cloud deployment modules due to their adequate level of security. In cloud environment, end users require guarantee of security for the deployment of reliable and trusted network applications, which are maintained by Cloud Service Provider (CSP). Therefore, we need a novel approach that enforces secure network application and environment for cloud users. In this work, first, we propose a solution for secure and efficient authentication mechanism in cloud environment. In our proposed methodology, user’s data are stored into various cloud servers, and a bilinear pairing based secret key generation method is proposed to provide better security. A Secret Key Generator (SKG) is utilized to keep the identities for users and to perform authentication in cloud. From the stored identities, a hierarchy is created to generate the secret key for a user. In each hierarchy level, an intermediate key is generated from the user’s identity stored corresponding to that hierarchy level and the intermediate key of the previous level. This process uses bilinear pairing to generate the secret key. Further, SKG generates different public parameters to perform authentication of user with different CSPs. The proposed mechanism is able to prevent malicious users from accessing legitimate resources. Next, we propose two different techniques for data integrity verification (DIV). The proposed techniques utilize multiple third-party auditors to reduce the computational overhead of the end user. In both approaches, a file is divided into a number of blocks before storing into different cloud service providers. Then, algebraic signature (AS), combinatorial batch codes (CBC), and homomorphic tag are used in the first approach; whereas Paillier homomorphic cryptography (PHC) system, and CBC are used in the second approach. AS is used to generate homomorphic code and CBC is utilized to store file blocks into different CSPs. The AS helps to maintain confidentiality of the data during the integrity check using TPA iIn this work, first, we propose a solution for secure and efficient authentication mechanism in cloud environment. In our proposed methodology, user’s data are stored into various cloud servers, and a bilinear pairing based secret key generation method is proposed to provide better security. A Secret Key Generator (SKG) is utilized to keep the identities for users and to perform authentication in cloud. From the stored identities, a hierarchy is created to generate the secret key for a user. In each hierarchy level, an intermediate key is generated from the user’s identity stored corresponding to that hierarchy level and the intermediate key of the previous level. This process uses bilinear pairing to generate the secret key. Further, SKG generates different public parameters to perform authentication of user with different CSPs. The proposed mechanism is able to prevent malicious users from accessing legitimate resources. Next, we propose two different techniques for data integrity verification (DIV). The proposed techniques utilize multiple third-party auditors to reduce the computational overhead of the end user. In both approaches, a file is divided into a number of blocks before storing into different cloud service providers. Then, algebraic signature (AS), combinatorial batch codes (CBC), and homomorphic tag are used in the first approach; whereas Paillier homomorphic cryptography (PHC) system, and CBC are used in the second approach. AS is usedto generate homomorphic code and CBC is utilized to store file blocks into different CSPs. The AS helps to maintain confidentiality of the data during the integrity check using TPA iin the first approach. In the second approach, encrypted file blocks are stored into different CSPs using CBC. The PHC helps to preserve the confidentiality of the data. Moreover, the properties of AS and PHC support dynamic operations for DIV method 1 and 2, respectively. Finally, a collaborative model using Multiple Third Party Auditors (M-TPA) is proposed for DDoS attack prevention. Here, we utilize Dempster Shafer Theory (DST) and Weibull Probability Distribution to analyze the traffic pattern of the CSPs. We also compute basic probability assignment (BPA) for TCP, ICMP, and UDP packets. Based on these assessments, we detect whether a DDoS attack is occurred or not. In this model, we follow packet trace back method to identify the source of attack. We have evaluated the proposed models with respect to different performance parameters. We achieve an average user and CSP performance of 91.41% and 96.49%, respectively for the proposed efficient authentication mechanism. Further, we attain an average accuracy of 95% and 92.76% for CBC based and PHC system based data integrity verification methods, respectively. Both the DIV approaches support dynamic data operations with adaptable and useful batch auditing through which various audit sessions for multiple users can be handled simultaneously. Finally, high sensitivity, specificity, and accuracy with a low false alarm rate are observed for the proposed DDoS attack prevention mechanism.