Prevention Of Collusion Attack ByImplementing Dynamic Hash Table in Cloud

Venkata Aditya Chintala B.Tech, Computer Science &

Engg

Tulasi Krishna Doradla B.Tech, Computer Science &

Engg

TYJ Naga MalleswariAssistant Professor-Dept. of

CSE

SRM University, Chennaich.aditya95@gmail.com, krishnadoradla@gmail.com

Abstract—The data in the cloud is encrypted so as tosecure the data and protect the privacy of the user. So asto access the encrypted data by the users who areauthenticated, a practical management system for thegroup keys is imperative for the data sharingpresumably in the cloud. The current managementmechanisms for the sharing of the keys of the grouppresume that the server is trusted. The cloud storagemodule system is a very mammoth scale and it is also anopen application, the user group in the current systemsis also dynamic, so that’s why the server cannot betrusted. Hence to preserve the privacy of the user AES,a simple Symmetric Encryption algorithm is used. Also,the existing systems have to compute the private keyeach time a user is revoked; To solve this problem theusage of Dynamic Hash Table is proposed. It also avoidscollusion attack and phishing attack. Also, RSATokenizer is used to generate tokens to verify theauthenticity of the user which provide additionalsecurity for the users.

Keywords—Dynamic Hash Table(DHT), CloudComputing, Anti-collusion attack, Tokeniser.

INTRODUCTION

Cloud Computing is an example shift that administersComputing on the internet. They provide manysolutions for Software, and also the Hardware alongwith the Information resources for groups who havethe need. Organizations and Industries have the capability toconnect to the cloud so as to make use of theirresources which are available and can pay as theykeep using the resources, for example, RackSpace.This avoids companies to avoid capital expenditure.Cloud delivers various services such asInfrastructure, Platform, and Software to the users ona subscription based service. These are the buildingblocks of cloud computing. They have the capabilityallow the required users for the purpose of runningthe available applications and store the relevant datain the cloud. Each of the service gives theopportunity of having various levels of flexibility tothe required user along with having control necessity.SaaS users have the allowance to make use of the

online applications in the cloud. PaaS gives anopportunity to users for the purpose of creating theirapplications inside the storage of the cloud byimplementing specific tools and required languages.Through IaaS users have the allowance to executeany of the applications they want on the hardware ofthe cloud according to their necessity. InInfrastructure-as-a-Service (IaaS) service providersgenerally, combine several physical machines anddifferent hardware components to form a singleinfrastructure [1].

ATTACKS

Collusion Attack

Collusion attack can be defined as the execution ofoperations that have the ability to combine multiplecopies of the media or other files together so as toproduce a new copy. The operations which include butare not limited to are averaging of the data, replacing,linear combination of data, etc. They are most of thetime used for the purpose of breaking into videofingerprinting technologies and to crack thepasswords/keys of the required system. [3]In thecloud storage situation, any revoked user can use suchoperations and can guess the private key easily tobreak into the system and access the files. So thisproblem has to be solved to increase the security ofthe cloud storage system, maintaining the Integrity ofthe Specifications.

Phishing Attack

Phishing is a type of a fraudulent attack where thehacker/attacker tries to attack the content such aslogin credentials and/or information of the account bymasquerading as a proper member or person in theelectronic mail, IM or other secure communicationchannels. If a user has access to the mail ID of theclient, then he can use the forgot key option to breakinto the system and access the files, this is a form ofphishing attack which compromises the security ofthe system [4].

Venkata Aditya Chintala et al, International Journal of Computer Technology & Applications,Vol 8(2),124-128

IJCTA | Mar-Apr 2017 Available online@www.ijcta.com

124

ISSN:2229-6093

EXISTING SYSTEM

The existing system known as RBAC (Role BasedAccess Policy) combines multiple techniques whichinclude both key policy attribute-based encryptionalong with the proxy re-encryption scheme and alsothe lazy re-encryption strategy so as to develop asystem of fine-grained access control for the datawithout divulging data contents.[5]. The proxy re-encryption method can be attacked by using phishingattack, and lazy re-encryption suffers from collusionattack [6][7].

Another system which is named as MONA uses thecryptographic storage system which enables the useof secure data sharing on the servers which aredeemed untrustworthy, but this data can be retrievedby the user even after a user is revoked, if heconspired with the cloud, as the cloud is a differententity. This attack is known as collusion attack [8].

COMPARISON BETWEEN VARIOUS SCHEMES

Comparison between various existing systemsOur Scheme MONA RBAC ODBE

Access ControlAvailable

Access ControlAvailable

Access ControlUnavailable

Access ControlAvailable

Secure UserRevocationAvailable

Secure UserRevocationUnavailable

Secure UserRevocationUnavailable

Secure UserRevocationAvailable

Anti-Collusionschemes in place

Prone tocollusion attack

Prone tocollusion attack

Anti-Collusionschemes in

placeData

ConfidentialityAvailable

No DataConfidentiality

Available

No DataConfidentiality

Available

No DataConfidentiality

Available

Secure KeyDistribution

No Secure KeyDistribution

No Secure KeyDistribution

Secure KeyDistribution

Table 1. Comparison between various existing schemes.

DISADVANTAGES IN THE CURRENTLYEXISTING SYSTEM

The keys have to be updated and recomputedfollowed by the distribution for every single timea user revocation is done, which results in thesystem having a mammoth key distributioncomplexity as a consequence of that action.[9]

The number of the computations in this schemeis directly proportional to the number of usersbeing revoked, in other words, it can be said thatthe computations are being increased in a linearway about the user revocation.

The single-owner dependency or manner mightfeel difficult for implementing of theapplications, in which any member of the groupinvariably can store or share data files to othersusing the services of the cloud.

It is prone to collusion attack where the revokeduser will be able to guess the key or data usingsome parts of information.[10]

Abbreviations and Acronyms

TM Transfer Matrix, SHA Secure Hash Algorithm,ACA Anti-Collusion Attack, DHT Dynamic HashTable, TPA Third Party Auditor, DPP Data PrivacyPreserving, CSP Cloud Service Provider, CDHComputational Diffie-Helmann, DL DiscreteLogarithm, IHT Indexed Hash Table

OUR IMPLEMENTATION

A novel dynamic cloud sharing scheme is used,which can completely support the three vitalfunctions, which are, dynamic data auditing, privacyprotection and prevention of collusion attack [11]. Anew data structure named (Dynamic Hash Table)DHT used to record data properties for auditing in theTPA, and by it, achieve rapid auditing and efficientdata updating.For providing a protected mechanism for the purposeof key distribution, we use RSA tokenizer algorithmfor additional security. The group members alongwith the required users have the opportune way toobtain their respective private keys in a protectedway directly from their respective group managerwithout having any involvement of the (CertificateAuthorities) CA whatsoever. In CA method there isthe implementation of verification of the user bymatching the public key of them.

Venkata Aditya Chintala et al, International Journal of Computer Technology & Applications,Vol 8(2),124-128

IJCTA | Mar-Apr 2017 Available online@www.ijcta.com

125

ISSN:2229-6093

ADVANTAGES OF PROPOSED SYSTEM

The computation cost doesn't depend on the numberof revocations being done in this proposed scheme,whereas, in the currently existing system, the cost ofcomputation differs linearly to the number ofrevocations being done[5]. The users have the abilityto obtain their private keys in a secure way directlyfrom the group manager without having anyinvolvement of the Certificate Authoritieswhatsoever, this is implemented by utilizing securecommunication channels such as electronic mail, inwhich RSA tokenizer algorithm is effectively used.This system can support dynamic groups much moreefficiently than the existing system as it doesn’t haveto compute the private keys each and every time auser is revoked from the system.

SYSTEM ARCHITECTURE

This scheme enables auditing in the cloud storagesystem for security and efficiency in the cloudstorage system. The objectives are given in the nextsection.

OBJECTIVES

1. Public auditing: anyone (not only the users) isallowed to have the capability to verify thecorrectness and integrity of the users data stored inthe cloud.2. Storage correctness: the CSP, which does notcorrectly store usersʹ data as required, cannot pass theverification.3. Block less verification: no data block needs to beretrieved by the TPA during the audit process. 4. Dynamic data auditing: dynamic data operationsshould be supported while the efficient publicauditing is achieved.

5. Privacy preserving: the TPA cannot derive anyactual content of usersʹ data from the receivedauditing information.[9]6. Batch auditing: the TPA can handle multipleauditing tasks from various users in a fast and cost‐efficient manner.7. Lightweight: the verification should be performedwith the minimum communication and computationoverhead.

MODULES USED

Key Distributions Access Controls Data Confidentiality Dropbox Module

KEY DISTRIBUTIONS

The specification of the distributions of the keys isthat the members or the users have the ability toobtain their respective private keys securely withouthaving the involvement of any Certificate Authoritieswhatsoever from the Group Administrator/Manager.[12] The group's administrator creates a new groupand has the privilege to add a user to any particulargroup. When a new user is added to the group, thekey is computed using AES symmetric keyalgorithm. The email of the user is verified bysending a token to the user by using the RSAtokenizer algorithm. After the legitimacy of the useris securely verified, the key is communicated in arequired wat to them by the secure channel.

ACCESS CONTROL

Firstly, cloud resource for data is used by the groupusers for functions such as storage and data sharing.Secondly, accessing of the cloud resource at any timeby unauthorized users has to be prevented, and thisshould also be done with revoked users. They shouldnot be capable of using the cloud resource after theyare revoked or removed from the group. This schemeis constructed for members who are dynamic. Wealso, additionally put forward a secure way for keydistribution using the RSA tokenizer Algorithm, andthe private keys can be obtained by the user from thegroup manager. Fine-grained access control can beachieved by out scheme, which can be defined as thesource is the cloud can only be used by legitimatemembers of the cloud and not the revoked users ofthe group [13]. We can protect this particular scheme

Venkata Aditya Chintala et al, International Journal of Computer Technology & Applications,Vol 8(2),124-128

IJCTA | Mar-Apr 2017 Available online@www.ijcta.com

126

ISSN:2229-6093

from vulnerabilities [14] such as collusion attacksand phishing attacks using Dynamic hash tablealgorithm, which results in not being able to accessthe data by the revoked users even if there is somekind of conspiracy involving them and the untrustedcloud.[15]

DATA CONFIDENTIALITY

The requirement of Data Confidentiality is that theusers who are not authorized which also includes thecloud storage system should not be capable ofknowing the information and data which is stored inthe cloud. It uses an encryption algorithm called AESfor data to be encrypted in the cloud. By usingDynamic Hash table, it is quite easy to maintain DataConfidentiality as required. The revoked users willnot be able to decrypt the data files which are storedin the cloud after they are revoked.

DROPBOX MODULE

By Dropbox module, files can be uploaded by groupmanagers into Dropbox, those files are stored in theencrypted format so as to preserve the privacy of thedata of the required users. But unfortunately, theverification between the entities is neglected, thus,the scheme is prone to vulnerabilities and attacks,such as the collusion attack. This attack leads to thedivulging of the data which is extremely sensitiveand also gives away information to the attackers whocan make the system vulnerable. The Dropbox Inc,which is maintained by the service provider Dropbox,provides the required storage space to host the dataand information in a pay-as-you-go scheme.Nevertheless, this cloud should not be trusted as theDropbox can easily become untrusted. Therefore, theDropbox might try to learn the content of the storeddata. Thus, schemes have been put in place to counterthe attacks by which this scheme is vulnerable,namely collusion attack and phishing attack.

DYNAMIC HASH TABLE

The Dynamic Hash Table is being implemented bythe Third Party Auditor (TPA) to track themodification of data and to find informationpertaining to the latest data. The Dynamic Hash Table (DHT) is a two-dimensionaldata structure, it is also shown schematically in thefollowing diagram.There are two basic elements in this type of datastructure, namely, file elements and block elements.Also, in a similar way, the operations on theDynamic Hash Table(DHT) can be classified in totwo similar categories, on is file operations and theother is named block operations, both of theoperations include:

1. Search2. Insertion3. Deletion4. Modification

FILE ELEMENT AND FILE OPERATIONS

Each of the file element has an index number (NOi)of the corresponding file (e.g. Fi), It has the FileIdentifier(Idi) and also has a pointer which is used topoint to the corresponding block element, which isusually stored in an array format. The organization ofeach file is done by implementing a linked list wherethe file element is the header node.

BLOCK ELEMENT AND BLOCK OPERATIONS

The block element (eg the mth block of nth file an.m)is one node following the corresponding list of thefile also known as file list, it also includes the currentversion of the given block and the time stamp alongwith a pointer to the next node.

STRUCTURE OF DYNAMIC HASH TABLE

CONCLUSION

Currently, cloud storage, which offer the on-demandservices of data which are on-demand fororganizations as well as individuals, is veryprominent in attracting higher attention. Hence, dueto the increased demand, it is imperative to developsome techniques to increase the strength of DataOwners and also improve the confidence in the cloud.The existing systems are prone to manyvulnerabilities such as collusion attack and thephishing attack, they additionally take very muchtime to for the computations. So as to remove thesecurity vulnerabilities while improving theefficiency of the computations of the system, we areimplementing a new type of two dimensional datastructure known as Dynamic Hash Table (DHT). Byusing this method, we are able to reduce the numberof computations for generating the keys, additionally

Venkata Aditya Chintala et al, International Journal of Computer Technology & Applications,Vol 8(2),124-128

IJCTA | Mar-Apr 2017 Available online@www.ijcta.com

127

ISSN:2229-6093

we are able to prevent the system from collusionattack even if the security of the cloud iscompromised. Even if the attacker is able to get intothe cloud and steal the information, he cannotcomprehend it because the data cannot be decrypted.Even if he conspires with the cloud storage system,the attacker will not be able to acquire the requireddata and information.

Moreover, we also point out that there is no singleperfect method to achieve perfect audit for the clouddata. Therefore, it might imperative to set some newtrends to design much more effective schemes.

References

[1] Michael Armbrust, Armando Fox, Rean Griffith,Anthony D. Joseph, Randy Katz, Andy Konwinski, GunhoLee, David Patterson, Ariel Rabkin, Ion Stoica, and MateiZaharia. “A View of Cloud Computing,” Communicationsof the ACM, vol. 53, no. 4, pp. 50-58,April 1, 2010. [2] Gurinder Kaur, Vinay Bhardwaj," A Review of VMPlacement Strategies," International Journal of AdvancedResearch in Computer Science and Software Engineering,Volume 6, Issue 5, May 2016.[3] Subramanian S, Nitish Krishna G, Kiran Kumar M,Suresh P and G R Karpagam, "An Adaptive Algorithm forDynamic Priority Based Virtual machine scheduling incloud", IJCSI International Journal of Computer ScienceIssues, Vol. 9, Issue 6, No 2, November 2012 ISSN(Online): 1694-0814[4] Eu-jin Goh, Hovav Shacham, Nagendra Modadugu, andDan Boneh, “Sirius: Securing Remote Untrusted Storage,”Proc. Network andDistributed Systems Security (NDSS)Symposium, pp. 131-145,2003. [5] Meenakshi Sharma, Pankaj Sharma, Dr. SandeepSharma,” Efficient Load Balancing Algorithm in VM

Cloud Environment “IJCST Vol. 3, Issue 1, Jan. - March2012.[6] Z. Zhu, Z. Jiang, and R. Jiang, "The attack on Mona:Secure multi-owner data sharing for dynamic groups in thecloud," in Proc. Int. Conf. Inf. Sci. Cloud Comput., Dec. 7,2013, pp. 185–189.[7] L. Zhou, V. Varadharajan, and M. Hitchens, "AchievingSecure role-based access control on encrypted data in cloudstorage," IEEE Trans. Inf. Forensics Security, vol. 8, no. 12,pp. 1947–1960, Dec. 2013. [8] X. Zou, Y.-S. Dai, and E. Bertino, “A practical andflexible key management mechanism for trustedcollaborative computing,” in Proc. IEEE Conf. Comput.Commun., 2008, pp. 1211–1219.

[9] M. Nabeel, N. Shang, and E. Bertino, “Privacypreserving policy based content sharing in public clouds,”IEEE Trans. Know. Data Eng., vol. 25, no. 11, pp. 2602–2614, Nov. 2013. [10] D. Dolev and A. C. Yao, "On the security of public keyprotocols," IEEE Trans. Inf. Theory, vol. IT-29, no. 2, pp.198–208, Mar. 1983. [11] B. Waters, “Ciphertext-policyattribute-based encryption: An expressive, efficient, andprovably secure realization,” in Proc. Int. Conf. PracticeTheory Public Key Cryptography Conf. Public KeyCryptography, 2008, pp. 53–70. [12] X. Liu, Y. Zhang, B. Wang, and J. Yang, "Mona:Secure multi-owner data sharing for dynamic groups in thecloud," IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 6,pp. 1182–1191, Jun. 2013.[13] D. Boneh, X. Boyen, and E. Goh, "Hierarchicalidentity-based encryption with constant size ciphertext," inProc. Annu. Int. Conf. Theory Appl. Cryptographic Techn.,2005, pp. 440–456.[14] C. Delerablee, P. Paillier, and D. Pointcheval, "Fullycollusion-secure dynamic broadcast encryption withconstant-size Cyphertext or decryption keys," in Proc. 1stInt. Conf. Pairing-Based Cryptography, 2007, pp. 39–59.[15 V. Goyal, O. Pandey, A. Sahai, and B. Waters,"Attribute-based encryption for fine-grained access controlof encrypted data," in Proc. ACM Conf. Comput. Commun.Security, 2006, pp.89–98.

Venkata Aditya Chintala et al, International Journal of Computer Technology & Applications,Vol 8(2),124-128

IJCTA | Mar-Apr 2017 Available online@www.ijcta.com

128

ISSN:2229-6093