examples of public cloud: Google App Engine, Microsoft Windows Azure, IBM Smart Cloud .... algorithm to send digital signature of sender to receiver.
Secure and Privacy Enhanced Authentication Framework for Cloud Computing 1
2 3 Subhash Chandra Patel* Sumit Jaiswal Dr. Ravi Shankar Singh 1*, 2, 3 Department of Computer Science and Engineering Indian Institute of Technology (BHU), Varanasi, India
Abstract: Cloud computing is a revolution in information technology. It facilitates the industries with high performance, accessibility and low cost as well as many other benefits. Frequently adoption of cloud computing brings more concerns towards the safety and security. In cloud computing the most challenging issues are access control, data security and privacy because user of the cloud outsourced their sensitive data and personal information to cloud provider’s servers which is not within the same trusted domain of data-owner. To achieve fine grained security in cloud there are several methods and mechanisms as well as ideas are proposed and presented, in this paper we also a novel method to achieve fine grained security with combined approach of PGP and Kerberos in cloud computing because no such a method exist in the literature yet. The proposed method provides authentication, confidentiality, integrity, privacy and non repudiation features to Cloud Service Providers and cloud users. Keywords: Cloud computing; security; access control; authentication; Pretty Good Privacy; Kerberos authentication;
Introduction Cloud computing is a large-scale distributed computing paradigm [1] that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet. Cloud computing is only a different way to deliver computing resources, rather than a new technology, it has a revolution in the way, organizations provide information and service changes the way we think about technology [2]. Cloud is a computing model providing web-based software, middleware and computing resources on demand, in which services, resources, and applications are provided on metered basis over the Internet [3]. It is an Internet-based computing solution where shared resources/services are provided like electricity distributed on the electrical grid. The cloud computing provide basically three type of services. Software as a Service (SaaS) in which the cloud service provider provides applications and software over a network. Google Docs, Facebook, Gmail, Yahoo [4] are the example of SaaS, Platform as a Service (PaaS) provides application or development platform in which user can create their own application that will run on the cloud, example of paas are Microsoft’s Azure, Google’s Application Engine (app engine), Yahoo Pig [5] and third type of cloud service is Infrastructure as a service (Iaas), the whole cloud infrastructure, including servers, routers, hardware based load-balancing, firewalls, storage and other network equipment is provided by the IaaS provider [6] i.e. Amazon S3, Amazon EC2. Cloud computing can be deployed as public cloud, private cloud, hybrid cloud and community cloud. Public clouds are publicly available and can serve multiple tenants,
*Corresponding Author
examples of public cloud: Google App Engine, Microsoft Windows Azure, IBM Smart Cloud and Amazon [5] while private cloud is typically a tailored environments with dedicated virtualized resources for particular organization examples of private clouds are Eucalyptus, Ubuntu Enterprise Cloud–UEC, Amazon VPC (Virtual Private Cloud), vmware Cloud Infrastructure Suite, Microsoft ECI data-centre. Similarly, community cloud is tailored for a particular group of customers Google Apps for Government, Microsoft Government Community Cloud [5] are the example of community cloud. Hybrid cloud is composed of multiple clouds like Windows Azure (capable of Hybrid Cloud), vmware v Cloud (Hybrid Cloud Services). Problem Statement: The rapid climbing in cloud drew attention to its security and privacy, because physical resources are shared among multiple tenants that cause high risk of attacks. In cloud computing environments, heterogeneity of services demands varying degrees of granularity in access control mechanisms [7]. Therefore, an inadequate or unreliable authorization mechanism can significantly increase the risk of unauthorized use of cloud resources and services [8]. Existing Methods: The authors of the paper [9] proposed a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in Pervasive Computing Environments (PCEs) with optional context authentication capability by integration of two underlying cryptographic primitives i.e. blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The authors’ of the paper [10] analyze privacy and security requirements for Pervasive Computing Environments (PCEs) and realise that existing privacy-preserving access control schemes do not fully satisfy these requirements so proposed two approaches towards privacy-preserving access control in PCEs to enhance privacy by achieving untraceability and unlinkability even against malicious insiders and also to enhance security by achieving conditional traceability of user credentials. Paper [11] describes an authentication and authorization protocol for anonymous communication in the cloud. The protocol is an extension of existing standards making it easy to integrate and compatible with existing standards. The authors of paper [12] analyzed the trust model of PKI along with others to highlight the different shortcomings of these models and proposed a number of features that should be present in an open network. In paper [13], authors’ extend the optimization to include identity federation in the Marketplace. This optimization is achieved by introducing provisioning steps to pre-establish trust amongst enterprise applications’ Resource Servers, its associated Authorization Server and the clients interested in access to protected resources. In this architecture, trust is provisioned and synchronized as a pre-requisite step to authentication amongst all communicating entities in OAuth protocol, and referral tokens are used to establish trust federation for Marketplace applications across organizations. In paper [14] authors proposed a user authentication scheme for cloud computing which provides mutual authentication and session key agreement in cloud computing environment, but user end the client have to do a lot of mathematical computation for
verification that is not suit the cloud computing scenario as cloud computing say no extra burden to user. Paper [15] proposed an innovative mechanism to achieve flexible access control during co-ordinate resource sharing in enterprise grid environment. The mechanism proposes a model for users, resources and their relationships which define co-ordination and access control. The solution targets to satisfy the demands usually found in enterprise environments with respect to controlled sharing of resources. In paper [16] proposed a new password authentication scheme that can support the Diffie–Hellman key agreement protocol over insecure networks. Users and the system can use the agreed session key to encrypt/decrypt their communicating messages using the symmetric cryptosystem but their scheme is vulnerable to the attack and can easily be cryptanalyzed. A flexible biometrics remote user authentication scheme in paper [17] has been proposed that is vulnerable and can easily be cryptanalyzed. They demonstrate that their scheme performs only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, thus their scheme is susceptible to the server spoofing attack. And they also proposed a scheme to improve the security of ‘a flexible biometrics remote user authentication. The author of paper [18] tried to consolidate a number of passwords and smartcard based properties and proposed two factor smartcard and password authentication scheme, which is still vulnerable to many attacks. In paper [19] describes a method of implementing two factor authentication using mobile phones. The proposed method guarantees that authenticating to services, such as online banking or ATM machines, is done in a very secure manner. In paper [20] have proposed authentication based on sending one time password to registered mobile number. The SMS system doesn’t guarantee to deliver the token at real time. The data can still be intercepted by the malicious persons. Methods Kerberos: Kerberos is an authentication protocol for network security based on cryptography. It provides mutual authentication and message integrity as well as data confidentiality. It uses secret-key cryptography, which proves identity of communicating parties over networks, while preventing eavesdropping or replay attacks [21]. It provides data integrity and secrecy using Data Encryption Standards such as DES, 3DES, and AES. Kerberos performs secure verification of users and services [22] based on the concept of a trusted third party (KDC). Components of the Kerberos (Servers): The Kerberos authentication system consists three servers i.e Authentication Server (AS), Ticket Granting Servers (TGS) and real server (CSP) that provides services to others. Authentication Server (AS): It is the KDC in the Kerberos. Each user registered with AS and is granted a user identity and password and keep these credentials in its database of every individuals. AS verifies the user, issues a session key to be used between user and TGS. Ticket Granting Servers (TGS): It issues a ticket for the real server (B). It also provides the session key KAB between user (A) and real server (B). Real Server: it provides services to the users. Pretty Good Privacy (PGP): PGP developed by Philip R. Zimmermann in 1991[23]. PGP is a data encryption and decryption computer program that provides cryptographic privacy and
authentication for data communication. It is used in several security constraints such as confidentiality, integrity and authentication for electronic mail and file storage applications etc [24]. PGP exists in two public key versions- (RSA) and Diffie-Hellman [25]. In RSA version, PGP uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman (DH) version uses the CAST algorithm for the short key to encrypt the message and the DH algorithm to encrypt the short key. PGP uses a hash algorithm to send digital signature of sender to receiver. This digest is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the digest. If it matches the hash code sent as the digital signature for the message, then the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code [25]. Components of the PGP SelfIdent-denoting the participant acting as a sender. passphrase- showing a proof of authenticity of the sender. PartnerIdent- denoting the intended receiver. Plaintext- to be communicated from the sender to the receiver. Working of PGP message Encryption and Decryption: PGP is a hybrid cryptosystem; it uses the best features of conventional and public key cryptography. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and publickey cryptography; each step uses one of several supported algorithms [24]. Data Encryption: One-time-only secret key generation: PGP first creates a one-time-only secret key that is called session key which is a random phrase. This session key works with IDEA to encrypt the plaintext which is a very fast and secure conventional encryption algorithm [26]. The session key is encrypted with the receiver’s public key after the data is encrypted by session key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient [27].
Figure 1: PGP encryption
Decryption: this is the just reverse process of the encryption. The recipient's copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted cipher-text.
Figure 2: PGP decryption
Keys and key rings A key is a value that works with a cryptographic algorithm to create a cipher-text. One-time session symmetric keys: A means of generating unpredictable session keys. Public keys or key ring: allow a user to have multiple public-key/private-key pairs. As a result there is not a one-to-one correspondence between users and their public keys [28]. Thus, some means is needed for identifying particular keys. Private keys or key ring: Each PGP user must maintain a file of its own public/private key pairs as well as a file of public keys of correspondents. Passphrase based symmetric keys: an exhibit for a proof of authenticity of the sender. PGP Services: [28, 29] Function Algorithm Digital DSS/SHA or RSA/SHA signature
Message encryption
Compression Email compatibility
Segmentation
Used Description A hash code of a message is created using SHA-1. This message digest is encrypted using DSS or RSA with the sender's private key and included with the message. CAST or IDEA or Three- A message is encrypted using CAST-128 or key Triple DES with IDEA or 3DES with a one-time session key Diffie-Hellman or RSA generated by the sender. The session key is encrypted using Diffie-Hellman or RSA with the recipient's public key and included with the message. ZIP A message may be compressed, for storage or transmission, using ZIP. Radix 64 conversion To provide transparency for email applications, an encrypted message may be converted to an ASCII string using radix 64 conversion. To accommodate maximum message size limitations, PGP performs segmentation and reassembly. Table 1: Services offered by PGP
Authentication: The authentication uses digital signature scheme with hashing. Sender say Alice has (private/public) Kpr / Kpb key pair and she wants to send a digitally signed message m to receiver say Bob, Sender calculate digest of the message using SHA-1 to obtain SHA(m). Sender calculate ciphertext c as c=pk.encrypt Kpr (SHA (m)) Sender sends pair (m,c)to receiver. Bob receives (m,c) and calculate D(c) using sender's public key Kpb to obtain signature s as s=pk.decrypt Kpb (c) Receiver calculates the digest of m using SHA-1 and if this digest value is equal to s then the message is authenticated.
Receiver is sure that the message is correct and that is does come from authentic sender. Furthermore sender cannot later deny sending the message since only sender has access to her private key Kpr which works in conjunction with the public key Kpb. Confidentiality: Confidentiality is provided by the encrypting messages as User Alice wishes to send a message m to CSP .(by means of confidential) Alice generates a session key k randomly for a symmetric cryptosystem. Alice computes k’ using Bob’s public key Kpub as k’ = pk.encrypt Kpub (k) Also Alice computes the ciphertext c of the message m with the session key k to get c as c=sk.encryptk(m) Alice sends the values (k’,c)to Bob Bob receives the values (k’,c) and decrypts k’ using his private key Kprbto obtain k k=pk.decryptKprb (k’) Bob uses the session key k to decrypt the ciphertext c and recover the message m m=sk.decryptk(c) the combination of asymmetric and symmetric key cryptosystems provide security for key exchange and increase the efficiency of encryption. The session key k is used only to encrypt message m and is not stored for any length of time. The Combined Approach: Since Kerberos does not support non repudiation, this weakness of Kerberos can be reduce by applying public key cryptography and Digital Signatures, so PGP can deploy successfully with Kerberos because PGP supports public key cryptography Digital Signatures.
Figure 3: Proposed Method
Step-1. User register his identity to Kerberos (KDC). Step-2. KDC provides ticket to user to communicate with CSP. Step-3. KDC also send a ticket and user identity to CSP, now CSP stores these credentials for future use.
Step-4. CSP acknowledge to KDC about user’s cridentials storage. Step-5. User encrypts his data befor sending to cloud. Step-6. PGP authenticate user and send information to CSP. also PGP send user’s encrypted data to cloud. Step-7. The CSP send the desired data to PGP requested by user. Step-8. The PGP decrypts the data and user authenication information. if user is authorised to access that data the PGP send the decrypted data to user. Working of Kerberos
Figure 4: Kerberos Authentication
Step-1. The user sends his request for service to AS. Step-2. The AS sends a message encrypted with User’s (A) permanent symmetric key, KA-AS. The message consists two items: a session key KA-TGS that is used by user A to contact the TGS and a ticket for the TGS that is encrypted with the TGS symmetric key KAS-TGS. User does not know the KA-AS, but when the message received, he types his symmetric password correctly then the appropriate algorithm together creates KA-AS. The password is destroyed immediately, it is not send to the network and it does not stay in the terminal. It is used for a moment to create KA-AS. Process now uses KA-AS to decrypt the message sent. KA-TGS and the ticket are extracted. Step-3. User (A) now sends three items to the TGS. The first is the ticket received from AS and the second is the name of the real server (B) (i.e. Cloud Service Provider), and the third is a timestamp that is encrypted by KA-TGS. The timestamp prevents a replay by Eve. Step-4. Now, the TGS sends two tickets, each containing the session key between user(A) and real server(B). KA-B, the ticket for user (A) is encrypted with KA-TGS; the ticket for server (B) is encrypted with B’s public key KTGS-B. Note: Eve cannot extract KA-B, because Eve does not know KA-TGS and KTGS-B, even she cannot replay step-3 because Eve does not replace the timestamp with new one (she does not know KA-TGS). Step-5: User (A) sends Server (B) ticket with the timestamp encrypted by KA-B. Step-6: Real server B confirms the receipt by adding 1 to the timestamp. The message is encrypted with KA-B and send to user (A). Since PGP support digital signature and public key cryptography. After successful authentication by Kerberos the user (A) initiate the PGP for next authentication and data encryption process for confidentiality and data integrity.
Working of PGP
Figure 4: DFD of PGP working (Source [30])
We know that the digital signature provides message authentication and integrity. So the sender (User) and the receiver (CSP) agree on the PGP. Authentication and Integrity: In authentication process, the sender first calculates the message digest of the data which figure illustrates the process of digital signature service provided by PGP. .
Figure 5: Authentication
Step-1. User calculates the message digest of the message. Step-2. After calculating digest he encrypts this digest with his private key (put his digital signature). Step-3. He concatenates the original message with encrypted message digest and sends to Cloud service provider. All these three steps are perform by user and next following steps are perform by Cloud Service Provider as Step-4: After receiving the message from user in step-3 the CSP decrypts the digest with user public key and get the message digest. Step-5: In step 5 the CSP calculate the message digest of the message received using same hash function.
Step-6 if both digest comparison calculated same; it shows that the sender is authentic user, whose public key is available to CSP repository. Also calculated digest show that the integrity of the message is uniform. Note: for authentication data compression is not necessary. Confidentiality: The PGP provides confidentiality using several steps as follows Step-1. User first compresses his message using appropriate compression algorithm and then encrypts the compressed message with a session key. Step-2. After encrypting the compressed data the session key is also encrypt with public key of CSP. Step-3. In step-3 the encrypted data and session key are concatenated and send it to the CSP. Step-4. At CSP end after receiving data from user the CSP decrypt the session key using his private key and find session key. Step-5. After getting session key, he decrypt the message using that session key and find the compressed message. Step-6. After getting compressed data in step-5, the CSP uses appropriate decompression algorithm and find the original message. Figure shows the overall processes of confidentiality as
Figure 6: Confidentiality
Non-Repudiation using digital signature: An authentication that can be asserted to be genuine with high assurance. This is the property of the message that provides proof of the integrity and origin of data [31]. Non-repudiation is a property which prevents an individual or entity from denying having performed a particular action related to data through cryptographic methods [32].
Figure 7: Non repudiation
Step-1. User (A) creates a signature from his message (SA) and sends the message, his identity, CSP’s identity and the signature together to the center.
Step-2. The center, after checking that user’s public key (Kpua) is valid, verifies through user’s public key that the message came from user (A). Step-3. The center saves the copy of the message with the sender identity, recipient’s identity and a timestamp in its archive. Step-4. The center uses its private key to create another signature ST from the message the center sends the message, the new signature user A’s identity and CSP’s identity to CSP. CSP verifies the message using the public key of the trusted center. Now if in the future user (A) denies that the he sent the message, the center can now show a copy of the saved message. If CSP’s message is a duplicate of the message saved at the center, user (A) will lose the dispute. To make everything confidential, a level of encryption/ decryption can be added to the scheme. Security analysis of proposed framework: Security against Brute Force Attack: All possible combinations to guess the private key have been tried by the attacker during the brute force attack. In the original RSA, the probability of failure against this attack will be decreased considerably by choosing exponents larger than 2048 bits. Mathematical Attack: This attack will occur by determining , or , and it could be prevented by using 2048 bits exponents in RSA. Also it could be prevented by increasing the value of digest ℎ, the chance of successful mathematical attack would be decreased considerably. User Privacy: The proposed scheme never transmits user private data in plaintext format. The messages are transmitted over a public channel. Clearly, these messages cannot be decoded easily to get ID, PW etc. Hence, the scheme provides user privacy. Identity Management: The KDC and CSP store all the registered IDs in the database and checks availability of a unique ID in each new registration and provide certificate to manage the identity of user. Session Key Agreement: In proposed method, the secret key (K) is shared by both the AS and user. Using this key they can communicate with each other for a particular session. Since this key is generated randomly it cannot be breach easily. Conclusion: To achieve fine grained security in cloud there are several methods and mechanisms as well as ideas are proposed and presented. In this concern here we propose a framework which uses Pretty Good Privacy (PGP) and Kerberos based security in cloud computing. Kerberos proves identity of users over networks and provides data integrity and secrecy. Kerberos performs secure verification of users and services based on the concept of a trusted third party (KDC). But one of the weakness of Kerberos is that it cannot provides the non repudiation features in communication, so we enhance this feature of non repudiation in our proposed work by using the Pretty Good Privacy program we know that PGP uses the digital signature features in communication. PGP provides abilities to people to take their privacy into their own hands.
References 1. 2. 3.
4.
5.
6. 7. 8. 9. 10.
11.
12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23.
Foster, I., Zhao, Y., (2008). Cloud Computing and Grid Computing 360-Degree Compared. In: Grid Computing Environments Workshop (2008) Walker, G. (2010). IT Consultant, Walker Automated Services “Cloud computing fundamentals”, 2010 Wayne Jansen Timothy Grance, “Guidelines on Security and Privacy in Public Cloud Computing,” Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930, Draft Special Publication 800-144, January 2011 Patel, S. C., Umrao, L. S. , Singh, R. S., Gupta, M. & Trived, N. (2013). Access Control Using Mobile Verification System For Cloud., International Journal of Information and Computation Technology(IJICT)ISSN 0974-2239 Volume 3, Number 1(2013) Patel, S.C., Umrao, L. S. & Singh, R. S. (2012). Policy-Based Framework for Access Control in Cloud Computing, International Conference on Recent Trends in Engineering & Technology (ICRTET2012) ISBN: 978-81-925922-0-6 Mantri, A., Nandi, S., & Kumar, G. (2011). High Performance Architecture and Grid Computing, International Conference, HPAGC 2011,Springer T. Ristenpart et al., “Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds,” Proc. 16th ACM Conf. Computer and Communications Security (CCS 09), ACM, 2009, pp. 199–212. Abdulrahman A. Almutairi, Muhammad I. Sarfraz, Saleh Basalamah, Walid G. Aref, Arif Ghafoor “A Distributed Access Control Architecture for Cloud Computing”, , IEEE Software magazine. Kui Ren · Wenjing Lou “Privacy-enhanced, Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability” Emmanouil Magkos, Panayiotis Kotzanikolaou, “Achieving Privacy and Access Control in Pervasive Computing Environments” SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 00: 1–12 (2010) Umer Khalida, Abdul Ghafoor, Misbah Irum, Muhammad Awais Shibli, “Cloud based Secure and Privacy Enhanced Authentication & Authorization Protocol” International Conference in Knowledge Based and Intelligent Information and Engineering Systems - KES2013. Procedia Computer Science 22 ( 2013 ) 680 – 688. H. Liping, S. Lei, Research on trust model of pki, in: Intelligent Computation Technology and Automation (ICICTA), 2011 International Conference on, Vol. 1, IEEE, 2011, pp. 232–235. M. Noureddine, R. Bashroush “An authentication model towards cloud federation in the enterprise” Journal of Systems and Software Volume 86, Issue 9, September 2013, Pages 2269–2275 Nayak, S. K., Mohapatra, S. & Majhi, B. (2012). An Improved Mutual Authentication Framework for Cloud Computing, International Journal of Computer Applications (0975 – 8887) ,Volume 52– No.5, August 2012 V. Rajan, S.C. Patel, R. S. Singh, “A novel access control mechanism based on Key-Chain-Web model using authorization contexts”, International Journal of Computer Applications (0975 – 8887), Volume 50 - Number 13. Liao, I-E., Lee, C.-C. & Hwang, M.S. (2006). A password authentication scheme over insecure networks” Journal of Computer and System Sciences 72 (2006) 727–740,Elsevier Khan, M. K. & Zhang, J. (2007). Improving the security of ‘a flexible biometrics remote user authentication scheme. Computer Standards & Interfaces 29 (2007) 82–85,www.elsevier.com/locate/csi Yang, G., Wong, D. S., Wang, H. & Deng, X. (2008). Two-factor mutual authentication based on smart cards and passwords, Journal of Computer and System Sciences, vol 74, 2008, Pp. 1160-1172. Aloul, F., Zahidi, S. & El-Hajj, W. (2009). Multi Factor Authentication Using Mobile Phones, International Journal of Mathematics and Computer Science, 4(2009), no. 2, 65–80. Choudhury A. J., Kumar P., Sain M.,Hyotaek L. andHoon J., “A Strong User Authentication Framework for Cloud Computing”, Services Computing Conference (APSCC), 2011 IEEE Asia-Pacific,2011. Srinivasa Rao Yarlagadda, Rupesh Shantamurty “Kerberos authentication made easy on OpenVMS”, OpenVMS Technical Journal V18, http://h71000.www7.hp.com/openvms/products/kerberos/ Gary C. Kessler, An Overview of Cryptography , Handbook on Local Area Networks1999 edition ,short edition, May2 .2014]. Kamarudin Shafinah, Mohammad Mohd Ikram “File Security based on Pretty Good Privacy (PGP) Concept”, Computer and Information Science, ISSN 1913-8989 E-ISSN 1913-8997, Vol. 4, No. 4; July 2011
24. Michael Louie Loria “Pretty Good Privacy” http://slidedeck.io/michaellouieloria/pgp 25. Margaret Rouse, “Pretty Good Privacy (PGP)” http://searchsecurity.techtarget.com/definition/Pretty-GoodPrivacy 26. TIM CROOK “PGP AND ENCRYPTION”, http://shrike.depaul.edu/~tcrook/DS420/pgp.html. 27. Essays, UK. (November 2013). Cryptography And Key Algorithms Computer Science Essay http://www.ukessays.com/essays/computer-science/cryptography-and-key-algorithms-computer-scienceessay.php?cref=1 28. William Stalling “Network Security Essentials: Applications and Standards ” Fourth Edition, ISBN 10: 0-13610805-9, ISBN 13: 978-0-13-610805-4 29. Stallings W “Electronic Mail Security” , http://flylib.com/books/en/3.190.1.126/1/ 30. Springer 2009-Verlag Berlin Heidelberg /© 2010 Joachim Biskup TU Dortmund Security in Computing Systems: Case Studies: PGP and Kerberos 31. Wikipedia “Non-repudiation” free Encyclopedia, http://en.wikipedia.org/wiki/Non-repudiation 32. Adrian McCullagh, William Caelli “Non-repudiation in the digital environment”, First Monday, Peer Reviewed Journal on The Internet , Volume 5, Number 8 7 August 2000, http://firstmonday.org/ojs/index.php/fm/article/view/778/687
About Authors’
Subhash Chandra
Patel
Subhash Chandra Patel– received his M.Tech. degree in Information Security from the Guru Gobind Singh Indraprashtha University, New Delhi in 2010. Currently, he is pursuing Ph.D. in the Department of Computer Science and Engineering at the IIT (BHU), Varanasi, India. He is working on Cloud Computing. His research interests include Cloud Computing Security, and Information Security.
Sumit Jaiswal-he received his M.Tech degree from NIT Durgapur in 2013, presently he is pursuing PhD in Computer Science and Engineering from IIT (BHU), Varanasi. His Research interest include Information Security ,Network Security, Cryptography and Cloud Computing Sumit Jaiswal
Dr. Ravi Shankar Singh – Received Ph.D. in Computer Science and Engineering from Institute of Technology, Banaras Hindu University, India in 2010. He is working as Assistant Professor in IIT (BHU) from 2004. His research interest includes Data Structures, Algorithms and High Performance Computing.
Dr. Ravi Shankar Singh
