MITHUN.
M
CNS asgn-1
R17CS513
‘B’sec
Secure Cloud Computing: Data Sharing using
Revocable-Storage Identity-based Encryption (iEEE
paper)
INTRODUCTION
1.Cloud computing
Cloud computing facilitates good computation capacity and large
memory space at a low cost. It is reliable and consistent, due to the organization that does
not need to build or maintain their own in-house computer infrastructure. It enables users
to get intended services irrespective of time and location across multiple platforms.
However, it also suffers from several security threats, which are the primary concerns of
cloud users. Firstly, outsourcing data to cloud server implies that data is out control of users
this may cause users’ hesitation since the outsourced data usually contain valuable and
sensitive information. Secondly, data sharing is often implemented in an open and hostile
environment, and cloud server would become a target of attacks. . Therefore, while
outsourcing data to cloud server, users also want to control access to these data such that
only those currently authorized users can share the outsourced data.
2. Identity based encryption
Identity Based Encryption is a type of the public key in which the public key of the
user is some unique information about the identity of the user. This means sender who has an
access to the public parameters of the system can encrypt a message using identity, as a key. The
main advantage of the identity based encryption is that if there are only finite number of users, after
all users have been issued with keys the third party’s secret key can be destroyed.
3. Revocable storage
The Revocation means that Capable of Cancellation. The non-revocable data
sharing system provide confidentiality and backward secrecy. Furthermore, the method of
decrypting and re-encrypting all the shared data can ensure forward secrecy. However, this brings
new challenges. Note that the process of decrypt-then-re-encrypt necessarily involves users’ secret
key information, which makes the overall data sharing system vulnerable to new attacks. To avoid
this problem, the revocation storage makes use of cloud server.
LITERATURE SURVEY
A:-K.Chard K.Bubendorfer S.Caton O.F.Rana introduced Social cloud computing: Vision for socially
motivated resource sharing. It demonstrates the approach using a social storage cloud
implementation in Facebook application.
B:-C. Wang S.S Chow Q. Wang Ren W. Lou proposed Privacypreserving public auditing for secure
cloud storage Propose a privacy preserving public auditing system for data storage security in cloud
computing.
C:- K. Yang X. Jia proposed an efficient and secure dynamic auditing protocol for data storage in
cloud computing. It helps in an efficient and inherently secure dynamic auditing protocol which
protects the data privacy against the auditor.
D:- Certificate-based encryption: A certificate, namely a signature acts not only as a certificate but
also as a decryption key. A key holder needs both its secret key and an up-to-date certificate from its
CA to decrypt a message.
E:- Identity based encryption: Identity-Based Encryption (IBE) takes a effective approach to the
problem of encryption key management. IBE can use any string as a public key, enabling data to be
protected without the need for certificates.
EXISTING SYSTEM
->Boneh and Franklin first proposed a natural revocation way for IBE. They appended the
current time period to the cipher text, and non-revoked users periodically received private keys for
each time period from the key authority.
->Boldyreva, Goyal and Kumar introduced a novel approach to achieve efficient revocation. They
used a binary tree to manage identity such that their RIBE scheme reduces the complexity of key
revocation to logarithmic in the maximum number of system users.
*Disadvantages of existing system
Unfortunately, existing solution is not scalable, since it requires the key authority to perform
linear work in the number of non-revoked users. In addition, a secure channel is essential for the key
authority and non-revoked users to transmit new keys.
*Proposed system
It seems that the concept of revocable identity-based encryption (RIBE) might be a
promising approach that fulfils the aforementioned security requirements for data sharing. RIBE
features a mechanism that enables a sender to append the current time period to the cipher text
such that the receiver can decrypt the cipher text only under the condition that he/she is not
revoked at that time period.
A RIBE-based data sharing system works as follows:
Step 1: The data provider first decides the users who can share the data. Then, David encrypts the
data under the identities Alice and Bob, and uploads the cipher-text of the shared data to the cloud
server.
Step 2: When either Alice or Bob wants to get the shared data, she or he can download and decrypt
the corresponding cipher-text. However, for an unauthorized user and the cloud server, the plaintext
of the shared data is not available.
Step 3: In some cases, e.g., Alice’s authorization gets expired, David can download the cipher-text
of the shared data, and then decrypt-then-re-encrypt the shared data such that Alice is prevented
from accessing the plaintext of the shared data, and then upload the re-encrypted data to the cloud
server again.
Advantages of proposed system
->We present a concrete construction of RS-IBE.
-> The proposed scheme can provide confidentiality and backward/forward2 secrecy simultaneously.
->The procedure of cipher text update only needs public information. Note that no previous identity-
based encryption schemes in the literature can provide this feature.
->The additional computation and storage complexity, which are brought in by the forward secrecy,
is all upper bounded by O(log(T)2), where T is the total number of time periods.
The security goals are:
Data confidentiality: Unauthorized users should be prevented from accessing the plaintext
of the shared data stored in the cloud server. In addition, the cloud server, which is
supposed to be honest but curious, should also be deterred from knowing plaintext of the
shared data.
Backward secrecy: Backward secrecy says that, when a user’s authorization is expired, or a
user’s secret key is compromised, he/she should be prevented from accessing the plaintext
of the subsequently shared data that are still encrypted under his/her identity.
Forward secrecy: Forward secrecy means that, when a user’s authority is expired, or a
user’s secret key is compromised, he/she should be prevented from accessing the plaintext
of the shared data that can be previously accessed by him/her.
WIRESHARK SNIFFER TO CAPTURE
NETWORK TRAFFIC
Steps:
1.Download VMware workstation from google.
2.In that install Kali linux os/software.
3.Open wireshark in it(in built software).
4.Go capture and select interface option.
5.In capture interface,Select eth0 and click on start.
6.The source destination and protocols of the packets in the eth0 network will
be displayed.
7.Open a website” http://www.testing-ground.scrapping.pro/login “
In a new window enter the user name and password.
8.Now stop the tool and stop recording.
9.Select the filter as “http” to make the search and easier and apply.
10.Search for the POST metod under “info” column where we get our entered
credentials.
Cyber Security
DNS Attack
DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the
domain name system . In order to understand how DNS attacks work, it is important to first
understand how the domain name system works.
HTTP Attack
An HTTP flood attack is a type of volumetric distributed denial-of-service attack designed to
overwhelm a targeted server with HTTP requests. Once the target has been saturated with
requests and is unable to respond to normal traffic, denial-of-service will occur for additional
requests from actual users.
SESSION HIGHJACKING Attack
Session highjacking is an attack where a user session is taken over by an attacker. ...
The attack relies on the attacker's knowledge of your session cookie, so it is also
called cookie hijacking or cookie side-jacking.
Same origin policy
The same-origin policy is a critical security mechanism that restricts how a document or
script loaded from one origin can interact with a resource from another origin. It helps isolate
potentially malicious documents, reducing possible attack vectors.
Cross-site request -forgery
Cross-Site Request Forgery is another example of how the security industry is unmatched
in its ability to come up with scary names. The attack itself is quite simple.
A CSRF vulnerability allows an attacker to force a logged-in user to perform an important
action without their consent or knowledge.
Cross-site-scripting
XSS Attack Examples
For example, the attacker could send the victim a misleading email with a link containing
malicious JavaScript. The malicious JavaScript is then reflected back to the victim's browser,
where it is executed in the context of the victim user's session.
Phishing Attack
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the
email recipient into believing that the message is something they want or need -a request
from their bank, for instance, or a note from someone in their company - and to click a link or
download an attachment.
Tabnabbing Attack
Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their
login details and passwords to popular websites by impersonating those sites and
convincing the user that the site is genuine.
SQL Injections
Some common SQL injection examples include: Retrieving hidden data, where you can
modify an SQL query to return additional results. Subverting application logic, where you can
change a query to interfere with the application's logic. UNION attacks, where you can
retrieve data from different database tables.
Command Injections
Command injection is an attack in which the goal is execution of arbitrary commands on the
host operating system via a vulnerable application. Command injection attacks are possible
when an application passes unsafe user supplied data to a system shell.