Abstract: The key generation secure for many-to-many intercommunications is prolifed because of spread of large distributed file systems and is inspired by supporting parallel access to several storage devices. This proposes a ... Volume.05, IssueNo.30, September-2016, Pages: 6388-6391 .... A view of cloud computing.
ISSN 2319-8885 Vol.05,Issue.30 September-2016, Pages:6388-6391 www.ijsetr.com
Enhanced Authenticated Key Exchange in Parallel Network File Systems for Security D.K.S.MANIPRABHA1, M.KRISHNA SATYA VARMA2 1
PG Scholar, Dept of IT, Sagi Rama Krishnam Raju Engineering College, Bhimavaram, AP, India. Assistant Professor, Dept of IT, Sagi Rama Krishnam Raju Engineering College, Bhimavaram, AP, India.
2
Abstract: The key generation secure for many-to-many intercommunications is prolifed because of spread of large distributed file systems and is inspired by supporting parallel access to several storage devices. This proposes a variety of authenticated key exchange protocols that are designed to address the issues we are facing with Kerberos based protocol. We show that our protocols are capable of reducing up to approximately half of the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client. We proposed three authenticated key exchange protocols for parallel network file system. Our protocols offer three appealing advantages over the existing Kerberos-based protocol. First, the metadata server executing our protocols has much lower workload than that of the Kerberos-based approach. Second, two our protocols provide forward secrecy: one is partially forward securing, while the other is fully forward secure. Third, we have designed a protocol which not only provides forward secrecy, but is also escrow-free. Keywords: Intercommunication, Devices, Kerberos Protocols, Escrow-Free. I. INTRODUCTION In a parallel application the file data is spread among the various nodes or devices for giving the concurrent access to multiple tasks using parallel file system. This is widely used in large scale cluster computing which is mainly depends upon the reliable fetch as well as high performance to the large amount of datasets. Due to this the bandwidth of I/O is highly achieved by concurrent data fetching with different number of devices in between the maximum number of clusters which are used for computing. During this the loss of data is prohibited or secured using the data mirroring and fault- tolerant striping algorithms are used for data mirroring. There are some examples of highly performance parallel file systems which undergoes in production that uses the General Parallel File Systems. The way to which keys materials are exchanged as well as how to establish the secure parallel session in between storage devices and clients in (pNFS) Parallel Network File System as well as this proposed system is maintain current internet standard in scalable and efficient way. Particularly, we are trying to meet the following requirements, are not achievable by current Kerberos-based solution or which have not been satisfactorily achieved. The pNFS is introduced by the UMich/CITI, IBM, ENC, and Sun and because of this pNFS has many common features and pNFS is also highly compatible with many of the Commercial Network File System. We are mainly focusing on maintaining Integrity and privacy in Authenticated key exchange protocol for Parallel Network File System. A. Networking Basic Networking is the practice of linking multiple computing devices together in order to share resources. These resources
can be printers,CDs, files, or even electronic communications such as e-mails and instant messages. These networks can be created using several different methods, such as cables, telephone lines, satellites, radio waves, and infrared beams. Without the ability to network, businesses, government agencies, and schools would be unable to operate as efficiently as they do today. The ability for an office or school to connect dozens of computers to a single printer is a seemingly simple, yet extremely useful capability. Perhaps even more valuable is the ability to access the same data files from various computers throughout a building. This is incredibly useful for companies that may have files that require access by multiple employees daily. By utilizing networking, those same files could be made available to several employees on separate computers simultaneously, improving efficiency. B. Ins and Outs of Networking When it comes to networking, there are two essential pieces of equipment that enable numerous devices to be connected: routers and switches. C. Switches Switches are used in order to connect many devices on the same network. These devices are generally within the same building, such as an office building or school and could consist of various computers, printers, and other gadgets. The switch acts as a controller, allowing the connected objects to share information with one another. This not only increases productivity and efficiency, but also saves money.
Copyright @ 2016 IJSETR. All rights reserved.
D.K.S.MANIPRABHA, M.KRISHNA SATYA VARMA The author begin by defining a model for this problem, one D. Routers In addition to switches, networks generally employ routers rich enough to deal with password guessing, forward secrecy, as well. These essential tools connect different networks to server compromise, and loss of session keys. The one model each other through the internet in order to allow for data can be used to define various goals. The author takes AKE exchange between networks. Whereas the switch can be (with “implicit” authentication) as the “basic” goal, and they considered a controller, a router should be considered more give definitions for it and for entity-authentication goals as of a dispatcher, packaging digital information and choosing well. Then they prove correctness for the idea at the center of the best route for it to travel. Routers can feature several the Encrypted Key-Exchange protocol of Bellovin and other functions, including firewalls and virtual private Merritt: they prove security, in an ideal-cipher model, of the networks that enhance the security of the data being sent over two-flow protocol at the core of EKE. the internet. II. LITERATURE SURVEY D. Analysis of Key-Exchange Protocols and Their Use for A. Federated, Available, and Reliable Storage for an Building Secure Channels Ran Canetti and Hugo Krawczyk, In this paper author Incompletely Trusted Environment A. Adya, W.J. Bolosky, M. Castro, this paper Farsighted presents a formalism for the analysis of key-exchange provides the file availability and reliability with the help of protocols that combines previous definitional approaches and randomized replicated storage. They ensure the secrecy of the results in a definition of security that enjoys some important file contents with the help of cryptographic techniques. They analytical benefits: (i) any key-exchange protocol that also maintain the integrity of the file and the directory data satisfies the security definition can be composed with with a Byzantine-fault-tolerant protocol. They designed a symmetric encryption and authentication functions to provide system which is scalable by using a distributed hint provably secure communication channels (as defined here); mechanism and delegation certificates for path name and (ii) the definition allows for simple modular proofs of translations and also achieve good performance by locally security: one can design and prove security of key-exchange caching file data, lazily propagating file updates, and varying protocols in an idealized model where the communication the duration and the granularity of the content leases. links are perfectly authenticated, and then translate them Farsighted is designed to support the files and also the I/O using general tools to obtain security in the realistic setting of workload of desktop computers in a large company or adversary-controlled links. This paper adopts a methodology university. It provides availability and reliability through for the analysis of key-exchange protocols. They follow the replication; privacy and authentication through cryptography; approach of the adversarial model. integrity through Byzantine-fault-tolerance techniques; consistency through leases of variable granularity and E. Authenticated Key Exchange Protocols for Parallel duration; scalability through namespace delegation; and Network File Systems reasonable performance through client caching, hint based Hoon Wei Lim Guomin Yang, here the authors study the pathname translation, and lazy update commit. problem of key establishment for secure many-to-many communications. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel B. Block Level Security for Network-Attached Disks Marcos K. Aguilera, Minwen Ji, Mark Lillibridge,they access to multiple storage devices. Their work focuses on the propose a practical and efficient method for adding security current Internet standard for such file systems, i.e., parallel to network-attached disks (NADs). Their design requires no Network File System (pNFS), which makes use of Kerberos changes to the data layout on disk, minimal changes to to establish parallel session keys between clients and storage existing NADs, and only small changes to the standard devices. They overcome the number of limitations: (i) a protocol for accessing remote block-based devices. They metadata server facilitating key exchange between the clients have implemented a prototype NAD file system, called and the storage devices has heavy workload that restricts the Snapdragon that incorporates their ideas. They also evaluated scalability of the protocol; (ii) the protocol does not provide Snapdragon’s performance and scalability. In this paper they forward secrecy; (iii) the metadata server generates itself all have presented a new block-based security scheme for the session keys that are used between the clients and storage network-attached disks (NADs). In contrast to previous work, devices, and this inherently leads to key escrow. their scheme requires no changes to the data layout on disk and only minor changes to the standard protocol for III. PROPOSED SYSTEM MODEL accessing remote block-based devices. A. Diffie-Hellman Key Agreement Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses numbers C. Authenticated Key Exchange Secure Against raised to specific powers to produce decryption keys on the Dictionary Attacks M. Bellare, D. Pointcheval, and P. Rogaway, Passwordbasis of components that are never directly transmitted, based protocols for authenticated key exchange (AKE) are making the task of a would-be code breaker mathematically designed to work despite the use of passwords drawn from a over whelming. We have designed a protocol which not only space so small that an adversary might well enumerate, off provides forward secrecy, but is also escrow-free.the line, all possible passwords. While several such protocols metadata server executing our protocols has much lower have been suggested, the underlying theory has been lagging. workload than that of the Kerberos-based approach. International Journal of Scientific Engineering and Technology Research Volume.05, IssueNo.30, September-2016, Pages: 6388-6391
Enhanced Authenticated Key Exchange in Parallel Network File Systems for Security IV. SYSTEM ARCHITECTURE C. Forward Secrecy The protocol should guarantee the security of past session keys when the long-term secret key of a client or a storage device is compromised. However, the protocol does not provide any forward secrecy. To address key escrow while achieving forward secrecy simultaneously, we incorporate a Diffie- Hellman key agreement technique into Kerberos-like pNFS-AKE-I. However, note that we achieve only partial forward secrecy (with respect to v), by trading efficiency over security.
Fig.1. A. Implementation Scenario 1. Parallel Sessions Parallel secure sessions between the clients and the storage devices in the parallel Network File System. The current Internet standard in an efficient and scalable manner. This is similar to the situation that once the adversary compromises the long-term secret key, it can learn all the subsequence sessions. If an honest client and an honest storage device complete matching sessions, they compute the same session key. Second, two our protocols provide forward secrecy: one is partially forward securing with respect to multiple sessions within a time period.
Fig.4.C1, C2, C3, C4 - Clients. F1, F2, F3, F4 – Encrypted Files. D. SERVER AUTHENTICATION A. Accept &Allow user file The admin can accept the new user request and also block the users. The users can upload the file to Network. And the admin can allow the files to Network then only the file can store the cloud. If the file uploaded by the user is not permitted from the Server means the file cannot be uploaded by the Client.
Fig.2. B. Authenticated Key Exchange Our primary goal in this work is to design efficient and secure authenticated key exchange protocols that meet specific requirements of pNFS. The main results of this paper are three new provably secure authenticated key exchange protocols. We describe our design goals and give some intuition of a variety of pNFS authenticated key exchange (pNFS-AKE) protocols that we consider in this work. Fig.5.
Fig.3.
V. ALGORITHM Upon receiving an I/O request for a file object from C, each Si performs the following: Check if the layout σi is valid; Decrypt the authentication token and recover key KCSi; Compute keys skz i = F(KCSi;IDC,IDSi,v,sid,z) for z = 0,1; Decrypt the encrypted message, check if IDC matches the identity of C and if t is within the current validity period v; If all previous checks pass, Si replies C with a key confirmation message using key sk0 i. International Journal of Scientific Engineering and Technology Research Volume.05, IssueNo.30, September-2016, Pages: 6388-6391
D.K.S.MANIPRABHA, M.KRISHNA SATYA VARMA VI. CONCLUSION AND FUTURE WORK In this paper we introduced Integrity and Secure authenticated key exchange protocols for parallel network file system (pNFS). The existing Kerberos-based pNFS protocol has some disadvantages which are overcome in our proposed protocol as well as our protocols gives three Appealing advantages also. First One is our protocol provide secrecy along with escrow-free. Second advantage over Kerberos-based pNFS protocol is the metadata server which is used in execution having very less workload than the existing Kerberos-based approach. And the last advantage is that our protocol provides basically two forward secrecy: one is fully forward secure is respected with the session. While this is the partially forward Secure is related to multiple sessions within a specific time period. VII. REFRENCES [1]M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R.H. Katz, A. Konwinski, G. Lee, D.A. Patterson, A. Rabkin, I. Stoica, andM. Zaharia. A view of cloud computing. Communications of the ACM, 53(4):50–58. ACM Press, Apr 2010. [2]Mr.Shirsath Kirankumar Vilas(Computer Engineer), Author of “Self Addptive Symantic Focused Crowler For Information Discovery And Data Mining”. [3]Qi Xie1, Bin Hu1, Na Dong1, Duncan S. Wong2 ., “Anonymous Three-Party Password-Authenticated Key Exchange Scheme for Telecare Medical Information Systems.” [4]Michel Abdalla, David Pointcheval., “Simple PasswordBased Encrypted Key Exchange Protocols.” [5]A. Sai Kumar ,P. Subhadra., “User Authentication to Provide Security against Online Guessing Attacks.” [6]Anupam Datta1, Ante Derek1, John C. Mitchell1, and Bogdan Warinschi2., “Key Exchange Protocols: Security Definition, Proof Method and Applications .” [7]R.S.RamPriya, M.A.Maffina., “A Secured and Authenticated Message Passing Interface for Distributed Clusters.” [8]Feng Hao1 and Peter Ryan2., “J-PAKE: Authenticated Key Exchange Without PKI” [9]Bruno Blanchet., “Automatically Verified Mechanized Proof of One-Encryption Key Exchange” [10]M. Eisler. XDR: External data representation standard. The Internet Engineering Task Force (IETF), STD 67, RFC 4506, May 2006. [11]D. Boneh, C. Gentry, and B. Waters. Collusion resistant broadcast encryption with short ciphertexts and private keys. In Advances in Cryptology – Proceedings of CRYPTO, pages 258–275. Springer LNCS 3621, Aug 2005.
International Journal of Scientific Engineering and Technology Research Volume.05, IssueNo.30, September-2016, Pages: 6388-6391
