DESIGN AND IMPLEMENTATION OF AN OTP BASED DATA SECURITY MODEL INCOPERATING AES AND SHA2 IN CLOUD ENVIRONMENT

Cloud computing has revolutionized the way computing and software services are delivered to the clients on demand. It offers users the ability to connect to computing resources and access IT managed services with a previously unknown level of ease. Thus, security concerns among users of the cloud have become a major barrier to the widespread growth of cloud computing. In this research work, we have used the 3 step security mechanism for the keeping the data secure at the cloud. We have implemented the strong authentication mechanism using AES encrypted OTP and enhanced the security of data using Cloud Broker and AES. When you log on to your machine and then try to access a resource, say a file server or database, something needs to assure that your username and password are valid. With sensitive data stored in the cloud of the different users, we need a strong authentication mechanism along with OTP. Data breaches because of no/weak authentication. Afterwards we have verified the integrity of data stored at cloud provider using SHA2. Multiple parameters like processing time, processing cost, AES encryption time, OTP generation and encryption time have been calculated and analyzed. We have been able to enhance the security by optimizing the processing time as well as processing cost. After implementing the proposed methodology, it has been summarized that the cloud security can be enhanced by applying the proposed mechanism. The proposed system has reduced the complexity


INTRODUCTION
Cloud Computing has become one of the most talked about technologies in recent times and has got lots of attention from media as well as analysts because it is offering lots of opportunities. Enterprises have been determined to reduce ccomputing costs and for that reason most of them started using it in IT technology then adapted virtualization technology. For the good of the enterprises it is futuristic to help them in this i.e. Cloud Computing. Cloud Computing has taken the enterprise to new level and allows them to further reduce costs through improved utilization, reduced administration and infrastructure cost and faster deployment cycles. Cloud Computing is a term used to describe both a platform and type of application. As a platform it supplies, configures and reconfigures servers, while the servers can be virtual machine or physical machine. The cloud is a representation for the Internet and is an abstraction for the complex infrastructure it conceals. There are some important points in the definition to be discussed regarding Cloud Computing. Cloud Computing differs from traditional computing paradigms as it is scalable, can be encapsulated as an abstract entity which provides different level of services to the clients, driven by economies of scale and the services are dynamically configurable. Different researchers have stated various benefits of cloud computing due to this reason they have been adopted by enterprises more preferable. Cloud Computing infrastructure allows enterprises to achieve more efficient use of their IT hardware and software investments. This is achieved by breaking down the physical barrier inherent in isolated systems, automating the management of the group of the systems as a single entity. Cloud Computing can also be termed as virtualized system and a natural evolution for data centers which offer automated systems management. Security controls in cloud computing are similar to those in traditional IT environments. However, because of the cloud service and operational models employed with the implied organizational division of responsibilities and the technologies used to enable cloud services, cloud computing may present different risks to an organization than traditional IT solutions. As part of the transition to cloud computing, it is critical that consumers understand their level of risk tolerance and focus on mitigating the risks that the organization cannot afford to neglect.Often it is not understood that the type of service model being offered by the provider (i.e. IaaS, PaaS or SaaS) has significant impact on the assumed "split of responsibilities" between the consumer and the provider to manage security and associated risks. For IaaS, the provider is supplying (and responsible for securing) basic IT resources such as machines, disks and networks (Buvya et al., 2002). The consumer is responsible for the operating system and the entire software stack necessary to run applications, plus the data placed into the cloud computing environment. As a result, most of the responsibility for securing the applications themselves and the data they use falls onto the consumer. In contrast, for SaaS, the infrastructure, software and data are primarily the responsibility of the provider, since the consumer has little control over any of these features of the service.

RELATED WORK
In order to assess the trend and level of research work done till date, in the area of titled work, an exhaustive literature has been reviewed. A gist of some of the most relevant research work is presented in this chapter under various classified headings. Several books and entities have covered for the last years the concept of cloud computing. It is a hot topic nowadays in the technology and business world; thus there are multiple definitions. The National Institute of Standards and Technology (NIST), provides a well-recognized description for cloud computing (Harold et al., 2009), including its characteristics, service models and deployments models. T. Lindeberg (1998) portrays the different security issues of distributed computing because of its administration conveyance models. In any case, the hidden innovation of cloud without anyone else gives a noteworthy security hazard. Buyya R, Murshed M (2002) talk about the security and protection concerns of cloud computing and some conceivable answers for improve the security. In light of the security arrangements proposed we have concocted a secured structure for distributed computing. In today's worldwide focused business, organizations must improve and take full advantage of its assets to succeed. This obliges empowering its representatives, business accomplices, and clients with the stages and coordinated effort devices that advance development. L.Wang, Gregor Laszewski present a novel technique to hide data in the edges of the image by extending the Least Significant Bit embedding algorithm. This algorithm hides data in the edge pixels and thus ensures better security against attackers. In the Least Significant Bit embedding algorithm (LSB) and Random Least Significant Bit embedding algorithm (RLSB) an attacker can easily detect the presence of hidden image. To overcome these problems a new algorithm is proposed based on least significant bit embedding algorithm (LSB) for hiding secret messages in the edges of the image. The algorithm ELSB hides data in edge pixel. The proposed algorithm is applicable to all kinds of images and can be used in covert communication, hiding secret information like copyrights, trade secrets and chemical formulae. R. Maggiani (2009) listing out the security issues and challenges in cloud environment, the security standards and management tools which are in place and recommended the best solutions which we can rely on. Cloud computing provides scalable and efficient means to manage IT resources in organizations. The flexibility the cloud brings in has some disadvantages over privacy and security. If the providers and consumers follow the security measures discussed above cloud computing will be more secure. As and when the issues around security and privacy are elucidated cloud computing will be accepted widely. Harold C. Lin (2009) proposes an image steganography technique based on the canny edge detection algorithm. It is designed to hide secret data into a digital image within the pixels that make up the boundaries of objects detected in the image. More specifically, bits of the secret data replace the three LSBs of every color channel of the pixels detected by the canny edge detection algorithm as part of the edges in the carrier image. Kapil Bakshi (2009) discuss the strategy, architecture, and solution details that Cisco brings to the industry and governments. For the purposes of this paper, we will focus on the data center aspects of cloud computing. The intended audience for this paper includes public managers, government executives, IT decision makers, and IT professionals who are evaluating cloud computing strategy and cloud data center solutions. Torry harries (2009) aims to provide a means of understanding the model and exploring options available for complementing your technology and infrastructure needs. . The idea of cloud computing is based on a very fundamental principal of "reusability of IT capabilities'. The difference that cloud computing brings compared to traditional concepts of "grid computing", "distributed computing", "utility computing", or "autonomic computing" is to broaden horizons across organizational boundaries. Resource sharing in a pure plug and play model that dramatically simplifies infrastructure planning is the promise of "cloud computing". The two key advantages of this model are ease-of-use and cost-effectiveness.

GAP ANALYSIS
In order to avail the benefits of cloud, the security of data being transferred between the client and user must be ensured. Security is the key for the Cloud success, security in the cloud is now the main challenge of cloud computing. Until a few years ago, all the business processes of organizations were on their private infrastructure and, though it was possible to outsource services, it was usually non-critical data/applications on private infrastructures. Now with cloud computing, the story has changed. The traditional network perimeter is broken, and organizations feel they have lost control over their data. New attack vectors have appeared, and the benefit of being accessible from anywhere becomes a big threat. After studying the existing papers, it is analyzed that the existing techniques are not capable of protecting data. There are various policies issues and threats in cloud computing technology which include privacy, storage, reliability, security, capacity and more. But most important among these to concern is security and how service provider assures it to maintain. Generally cloud computing has several customers such as ordinary users and enterprises who have different motivations to move to cloud.
Various concerns after analyzing the problems in cloud Computing are: security, integrity, loss of data and third party access. i.
After studying the existing paper [22], it is analyzed that the existing techniques are not capable of protecting data in an efficient way. ii.
For the data integrity, the data can be changed in way before reaching to the server/client. There is no data verification involved.
iii. Unauthorized person can come to know about methodology. In the present work, there is no secure authentication procedure defined. When you log on to your machine and then try to access a resource, say a file server or database, something needs to assure that your username and password are valid. With sensitive data stored in the cloud of the different users, we need a strong authentication mechanism along with OTP. Data breaches because of no/weak authentication.

 No Gateway is defined:
The user should not be directly connected to the cloud provider as there is high risk of data getting stolen or hacked by the third party intruder. There is a requirement of gateway/broker that acts as an intermediate between the cloud provider and the client.
 Weak Encryption Mechanism: In the present work, only one encryption algorithm is chosen i.e. AES for encryption of data at the client's end.

RESEARCH OBJECTIVES
 To implement and study the performance of existing security mechanisms in cloud environment.


To implement the strong authentication mechanism using AES encrypted OTP (One-Time Password).


To enhance the security of data using Cloud Broker and AES.


To verify the integrity of data stored at cloud provider using SHA2.


To develop the proposed algorithm and compare the performance of proposed algorithm with existing algorithm.

PROPOSED METHODOLOGY
This thesis aims to provide an understanding of the different attack vectors created by multi-tenancy and virtualization in a public IaaS cloud. The vectors will be explored, focusing on the threats arisen from different tenants coexisting in the same physical host. A critical analysis of the different vectors will be provided along with guidance on how to approach them. This analysis will be performed using previous works from different entities and authors, along with personal knowledge obtained from experience. As part of the aim of this research, a strong foundation will be provided on the terms of cloud computing, multi-tenancy and virtualization. All these areas will be explored giving a strong definition. The different security issues will be also explored in order to provide an introduction to the main focus of the research. The research work is divided into 3 phases:  Phase 1: Secure Authentication.

INTEGRATION CHECK
 Hash files will be generated in cloud server using SHA-2 algorithms.
 ii. Integrity of the data is checked using these hash values.
 If all the hash codes are matched then file is downloaded at the gateway or the broker, else file is accessed by someone.

UPLOADING OF FILE AT THE CLOUD SERVER
 Client will enter the data that has to be sent to the Cloud Provider.


The AES algorithm will be performed at the client side which will encrypt the data before sending the data to the gateway.


This encrypted data is then transferred to the gateway.
 Gateway will receive the file sent by the client and will transfer it to the cloud provider for storage.
 Cloud provider will receive the data from the gateway  Cloud provider will apply the SHA2 hashing algorithm on the received file and will send the generated hash key value back to the client.
 This model will prevent will the types of attacks like man in the middle attack/ data mining attack.
So, using this approach, we have achieved two purposes.


If anyone tries to hack the data while transferring from client to the gateway, he/she will get only encoded data.


If anyone tries to perform the mining on the files stored at the cloud provider, no results will be retrieved During downloading the file from cloud end, the client will follow the following steps:  Client will ask the gateway to download his/her stored file.
 Gateway will forward the request to the cloud provider and cloud provider will generate the hash value of the stored file using SHA2. This generated value is compared with the client's original key value. If the values have been matched, then the encrypted file is sent back to the gateway, else the warnings will be displayed to the user that file has been accessed by someone.
 Gateway will receive all the encrypted file and will send the file to the client.
 Client will further perform the AES decryption to fetch the original data.

ALGORITHM
In the proposed work we will enhance the security of data using hybrid technique of AES and SHA2 in cloud computing, which protect the data from man in the middle attack .so that the private information can be sent from the client end to the cloud end and can be retrieved securely.
 Client registers and logins with the cloud provider.
 Cloud provider will generate the OTP and will encrypt it using AES.


The encrypted OTP is sent to client's registered email address.
 After OTP verification, the client will choose the data to be sent to the cloud provider.
 For all the data in the dataset, apply the AES encryption technique at the client side.
 Client sends the encrypted data to the available gateway.
 Gateway receives the encrypted data and forwards it to the cloud provider.
 Cloud provider receives the file generates the hash value using SHA2 and sends it to the client.

ALGORITHMS USED
Security is the key for the Cloud success, security in the cloud is now the main challenge of cloud computing. There are techniques which are used to enhance the cloud computing security i.e. AES and SHA2. 14 cycles of repetition for 256-bit keys.

AES
Each round consists of several processing steps, each containing four similar but different stages, including one that depends on the encryption key itself. A set of reverse rounds are applied to transform cipher text back into the original plaintext using the same encryption key.

SHA2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA). Cryptographic hash functions are mathematical operations run on digital data; by comparing the computed "hash" (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data's integrity. For example, computing the hash of a downloaded file and comparing the result to a previously published hash result can show whether the download has been modified or tampered with. A key aspect of cryptographic hash functions is their collision resistance: nobody should be able to find two different input values that result in the same hash output. SHA-2 includes significant changes from its predecessor, SHA-1. Figure 5. Registration at the cloud provider.

SIMULATION VIEW OF PROPOSED WORK
The above figure 5 demonstrates the registration of the user at the cloud provider. The user will enter his/her id and password and will get himself/herself registered at the cloud end. Once the user has been registration, the system will automatically navigation to the login section. On submitting the Login button, the request will go to the cloud provider that will check whether the user's entered data is valid or invalid. After the Login Section is completed, the system will generate the one time password by using the MD5 algorithm and will encrypt the OTP using AES encryption algorithm. The encrypted OTP is sent to the user's registered email ID at the cloud provider.

Figure 6. OTP received via e-mail
After OTP verification, the user will enter into the main page where he/she can upload the file to the cloud provider or can download the previously uploaded files from the cloud server. This section will only open when the user's credentials are properly verified by the cloud provider. I S S N 2 2 7 7 -3061 V o l u m e 1 7 N u m b e r 1 I n t e r n a t i o n a l j o u r n a l o f C o m p u t e r s a n d T e c h n o l o g y 7087 | P a g e J a n u a r y , 2 0 1 8 http://cirworld.com/

Figure 7. Main Sections after Login Process
User will choose the file from his/her laptop when he/she clicks on the file upload button. This file will be encrypted at the client side using AES. After encryption process is completed, the encrypted data is sent to the gateway.

EXPERIMENTAL RESULTS
After analyzing the loophole of base security of the data between the client and the cloud provider is enhanced by using the AES and verification mechanism at the cloud provider. This experiments work on a machine with the following configuration: Intel Core 2 CPU, 980 MHz, 1.99 GB RAM, Microsoft windows 7. We have the Java version 8 with the Net beans IDE version 8.  Table 2. Readings of the proposed work I S S N 2 2 7 7 -3061 V o l u m e 1 7 N u m b e r 1 I n t e r n a t i o n a l j o u r n a l o f C o m p u t e r s a n d T e c h n o l o g y 7088 | P a g e J a n u a r y , 2 0 1 8

PERFORMANCE METRICS
After implementing the proposed methodology, we have reached up to a solution that the cloud security can be enhanced by applying the model of AES, secure authentication with OTP and data verification using SHA2. The data sent/received by the client is of utmost importance and it needs to be handled carefully. We have been able to reduce the processing time, encryption time, processing cost which increases the overall efficiency of the system.

ACCURACY OF THE SYSTEM
Accuracy of the System can is enhance by measuring Processing time and cost as shown in the graphs below, which increases the overall efficiency of the system. From the above bar chart, it is clear that the processing time has been reduced. The processing time depends upon the size of the file. As the size of the file increases, the processing time will also increase. But we have been able to reduce the processing time of the proposed work as it will finally increase the overall efficiency of the system.  COST Figure 9. File Size v/s Cost.
From the above bar chart, it is clear that the cost has been reduced. Usually Cloud Computing providers have detailed costing models which are used to bill users on pay per use basis .The cost depends upon the size of the file. As the size of the file increases, the Cost will also increase. But we have been able to reduce the Cost of the proposed work as it will finally increase the overall efficiency increase.

OTP GENERATION AND ENCRYPTION USING AES
For the secure authentication, we have generated the one time password via MD5 algorithm and is encrypted using AES and is sent to the client's registered email id. From the below graph, it is clear that by implementing the OTP mechanism, there is no effect on the system. From the number of experiments it is clear that OTP generation and encryption is taking lesser than 1 second From the below line chart, it is clear that as the size of the file keeps on increasing, the encryption time will keep on increasing. We have taken different types of files of different sizes for testing purposes.  For the secure verification before downloading, we have included the SH2 verification mechanism that will match the newly generated key with the previously stored key. The above figure shows the key generation time using SHA2. From the graph it is clear that the SHA 2 generation is not taking much time and is not having any extra overhead on the entire performance of the system.