Image based Authentication with Secure Key Exchange ... - IEEE Xplore

3 downloads 237314 Views 229KB Size Report
between user and cloud service provider (CSP) to access data in secure way. ... are basically using some methods like digital signature, homomorphic ...
2014 International Conference on Medical Imaging, m-Health and Emerging Communication Systems (MedCom)

Image based Authentication with Secure Key Exchange Mechanism in Cloud Anurag Singh Tomar

Gaurav Kumar Tak

Ruchi Chaudhary

Dept. of Computer Science Lovely Professional University Phagwara, India [email protected]

Dept. of Computer Science Lovely Professional University Phagwara, India [email protected]

Dept. of Computer Science Lovely Professional University Phagwara, India [email protected]

should have some information about the authorized user to ensure that data is accessed by authenticated user. Rest of the paper is organized as follows. The related work described in section II. Proposed scheme explained in section III. Security analysis of the proposed scheme has been discussed is in section IV. Section V concludes the paper.

Abstract—In cloud infrastructure, key should be shared between user and cloud service provider (CSP) to access data in secure way. To accessing data from cloud, user will only be authenticated by CSP but they are not exchanging key among each other. In the same infrastructure to secure the communication lot of methodologies have been proposed which are basically using some methods like digital signature, homomorphic encryption, signature based encryption etc to secure data. Even some methodologies have also been proposed to identify the intrusions over the cloud infrastructure. In this paper, we have combined Image based authentication along with proposed secure key exchange between user and CSP. Firstly user will be authenticated by CSP using Image based authentication after that key will be exchanged between user and CSP and that key will change from session to session.

II. RELATED WORK In this section we will discuss the various Authentication, key distribution and key management schemes that has been already proposed. During accessing of web page from cloud or in online transaction the device will send query to Data authentication consumer, after that query will be forwarded to authentication engine [3] along with list of policy, authentication engine extract data and ask device to provide the value of parameters after that based on parameter value engine will respond to device about authentication. Before accessing the service from cloud user will securely exchange the key with cloud service provider. First user will generate key with help of primitive root [4,5,6] of group and by choosing some random value after that user will send some information related to key and with help of that service provider can compute the key. Cloud service provider must authenticate the user before computing the key or to provide the service to user. Authentication can be done by sharing or some parameters or they can use the image based authentication [1], in image based authentication. Firstly user will choose subset of images from large set of stored images in data base in particular order. After that whenever user want to access the service, server will provide him large set of images out of them user has to select images in correct order, in whatever order user has select the images earlier. If order will be correct then user will be authenticated otherwise not. Key can be generated by one party either user or CSP as well as key can be generated by contributing user as well as service provider. In contributory key agreement user will send some parameter to CSP and CSP will send some other parameter to user so both the party can compute key with the help of sharing parameters. User can also authenticate other party by using challenge and response.

Index Terms—authentication, cloud service provider(CSP), digital signature, homomorphic.

I. INTRODUCTION Cloud computing is the collective term for a group of IT technologies which in collaboration are changing the landscape of how IT services are accessed and paid by user. Accessing data on cloud is not trustworthy, so make data secure on cloud we provide a secure authentication as well a secure access of data from cloud. Security threats have been faced by cloud data storage can come from two diverse sources. On the one hand, a cloud service provider (CSP) can be Selfish, and possibly malicious We are focusing on securely access data from cloud, and proposing image based authentication scheme as well as providing the mechanism to generate the secure key. As the data is placed in cloud while the owner is not aware about the exact location of data. As the cloud includes the several Technologies like network, virtualization, data base, load balancing, memory management etc The Data Security issues in cloud includes the securely accessing data from cloud that includes encryption as well as while accessing data user must be authenticated so that we can ensure that genuine user is accessing the data otherwise attacker can access the service by replaying the messages or by pretending like a genuine user (masquerading). In cloud data can be stored at remote location or at third party so third party

978-1-4799-5097-3/14/$31.00 ©2014 IEEE

428

2014 International Conference on Medical Imaging, m-Health and Emerging Communication Systems (MedCom)

To authenticate the user in cloud we have used the Digital signature with RSA algorithm as well as after that we can encrypt the data with the help of any symmetric key algorithm. Intrusion detection system [2] can be used to provide security while accessing data from cloud. IDS detect the intrusion based on signature as well as on the behavior of intrusion. Signature based detection is good for previous known threats but it will not work for new threats. Behavior based detection can be used for detecting new threats. Cloud computing providing the resources and service to user at anytime and anywhere due to this feature of cloud security become major issue. Due to that we need the separate security architecture [7] in cloud that can provide the secure communication between cloud storage and user. To access the data securely from cloud it requres encryption algorithm like DES,AES and elgamal [8], with the help of these symmetric algorithm we can encrypt the data and secure communication can be assured in cloud.

registered by same user and received order of Image, if both things are matched then user is authenticated by CSP.

Fig:2 Image based Authentication

III. PROPOSED ALGORITHM In this paper, we have proposed secure mechanism to access data from cloud. Firstly user is authenticated by cloud service provider using Image based authentication scheme after that key has been exchanged between user and cloud service provider (CSP), with the help of that key CSP will send the encrypted data to user. Proposed secure mechanism to access data from cloud work in three phase- Registration phase, Image based Authentication and Key Exchange phase. A. Registration Phase In this phase user will interact with Cloud Service Provider to register itself to access data from cloud in a secure way. CSP will offer some set of images to user; Out of those images user is authorized to select some set of images in a particular order and that order of selected Images will be the Password corresponding to that user. In each session, CSP will provide complete set of images in different order..

Fig 3: changed Image order if order of image is changed then password will be different. Suppose if user select the images hen, horse and then cow so according to figure 2 password is 463 but if order of Image is change and cloud service provider providing user set of images like in figure 3 then password will be 873. Now user will generate key as well as compute some parameters and send these parameters to CSP. CSP will receive these parameters and derive key from these parameters. Steps of key generation as well derivation of key by CSP are described below. • Firstly User selects a large prime number and find the g , where g is generator of group Zp*= (1,2,3……..p1) and P is prime number. • Now user choose random value r such that r