Project Proposal

on

Trust in cloud computing using threshold-based secret sharing scheme

Submitted on 4/09/2012

Masters of Technology in Computer Science & Engineering

Under the Guidance of

Submitted by

Prof. Annappa B.
Associate Professor & HoD

Rahul Dutta
11CS19F

Department of Computer Science & Engineering

National Institute of Technology Karnataka, Surathkal Srinivasnagar, India - 575025

Trust in cloud computing using threshold-based secret sharing scheme

CONTENTS
1. 2. 3. 4. 6. 7. 8. TITLE : .................................................................................................................. 2 PROJECT DESCRIPTION : ................................................................................. 2 MOTIVATION ....................................................................................................... 2 LITERATURE SURVEY....................................................................................... 4 PROBLEM DEFINITION ...................................................................................... 6 PLAN OF WORK: ................................................................................................. 7 REFERENCES: .................................................................................................... 11

TABLE OF FIGURES

Figure 1 : Proposed secret sharing adaptation on the cloud .......................................... 8 Figure 2 : Matlab Distributed computing server.9 Figure 3 HDFS Architecture9 Figure 4 Proposed cloud architecture.10

Page 1 of 12

Trust in cloud computing using threshold-based secret sharing scheme 1. Title

Application of threshold-based secret sharing scheme to improve customers trust

and the security of sensitive data stored in third-party clouds.

2. Project Description
At present, trust in cloud computing is one of the major concerns for many

enterprises using third-party cloud services. Different cloud service providers offer a range of computing services. Cloud computing presents a highly scalable technology, which offers service dynamism, elasticity and choice along with low cost. These, however come with several challenges, of which trust is highly important. Cloud computing presents a different type of trust scenario. The most important aspect of trust in cloud environment is to ensure that data stored in third party cloud cannot be misused. This project is to adapt threshold-based secret sharing mechanism to address the issue of trust in banking. When customer data of a large bank is stored in third-party clouds, it is prone to attack by insiders as well as outside hackers. This mechanism shall ensure that the data is never misused by any cloud service provider. Moreover, in this project we also attempt to address the security concern of cardholders by proving a novel authentication scheme. Our technique shall ensure trust and enhance the security of existing authentication system so that customers can be confident about their confidential information not being misused.

Motivation: Today, the problem of trust has become a major concern for most enterprises using cloud computing to serve their business purposes. Trust is especially important in third-party clouds storing highly sensitive or confidential data of customers. Page 2 of 12

Trust in cloud computing using threshold-based secret sharing scheme Such scenarios are commonly observed in financial institutes, forensic, military and healthcare establishments. Trust also plays a crucial role in forensics, military, healthcare and banking. In forensic and military related data, confidentiality and integrity is of utmost importance. In case of healthcare and banking, trust mechanisms are absolutely necessary to assure the user that their confidential information will not be misused. If data is to be stored in cloud Cryptographic mechanisms do provide security to the stored data, but it does not provide any mechanism to incorporate trust. Moreover, the stored data may be misused by insiders within the system. Complex cryptographic mechanisms also induce large computational overhead which is not desirable in a cloud environment. In conventional cryptography, the key may also become the single point of failure of the system. In the recent past, several researches have been conducted on improving the trust in cloud computing and different techniques have been proposed. These include cryptographic techniques to store data in encrypted form, demand based auditing of cloud data, etc. However, there is still enormous opportunity of improving trust mechanisms, especially when data is stored in third-party clouds and accessed frequently. Developing a computationally less intensive, yet strong trust mechanism shall be very useful in the financial domain. In such cases, since data is access rate is very high, any trust mechanism should be computationally less intensive. A possible solution to the above stated problem can be based on using threshold-based secret sharing scheme to store the data in meaningless shares within the cloud environment. The concept of threshold based secret sharing was first introduced by Shamir [1] and later extended to visual cryptography also. A (k,m) threshold-based secret

Page 3 of 12

Trust in cloud computing using threshold-based secret sharing scheme sharing creates m shares of a secret S such that at least k out of m shares need to be presented to reveal the secret S. Any number of shares less than k does not reveal anything about the secret S. Many such schemes have developed by researchers working in this area. Secret sharing schemes have already been applied successfully for several purposes. These include data transmission, authentication and providing security without the use of key and anti-phishing framework. Many of the secret sharing techniques involve only simple mathematical calculations, yet they are quite robust. In case of cloud environment, there is a possibility that whenever a sensitive or confidential data is to be stored by a customer, we shall not store it directly. Instead, we can create m smaller secret shares (whose combined size is equal to the data size) such that to reproduce the original data, we need all m shares together. One share can be assigned to the user himself, so that without it, the data cannot be reproduced in any way. The other shares can be distributed over several nodes of cloud storage. In this way the customer can have trust on the third-party that the data wont be misused. This mechanism can be particularly useful in addressing the issue of trust as well as security in banking transactions. In case of credit/debit cards, the bank becomes a single repository of all confidential customer data and thus trust becomes an extremely important issue. Moreover, by using secret sharing we can implement an authentication system as discussed by Jaya, et.al [14], which improves the security level of existing schemes.

Literature Survey /Review : The idea of secret sharing was first introduced by Shamir [1] in 1977. The technique allows a polynomial function of order (k1) constructed as, f(x) = d0 + d1x + d2x2 + . . . + dk1xk1 (mod p),

Page 4 of 12

Trust in cloud computing using threshold-based secret sharing scheme Where the value d0 is the secret and p is a prime number. The secret shares are the pairs of values (xi, yi) where yi = f (xi), 1 i n and 0 < x1 < x2 ... < xn p 1. The polynomial function f(x) is destroyed after each shareholder possesses a pair of values (xi, yi) so that no single shareholder knows the secret value d0. In fact, no groups of k 1 or fewer secret shares can discover the secret d0. On the other hand, when k or more secret shares are available, then we may set at least k linear equations yi = f(xi) for the unknown dis. The unique solution to these equations shows that the secret value d0 can be easily obtained. In Shamirs knowing even (k 1) linear equations doesnt expose any information about the secret. In his paper, he showed how a secret data a can be shared between n participants such that no less than k participants (k<=n) can reveal anything about the secret. Since then, several new techniques have been proposed for secret sharing, both in field domain as well as visual domain. Shamirs secret sharing scheme has been extended by Thien & Lin [2] to create secret shares of images. The essential idea is to use a polynomial function of order (k 1) to construct n image shares from an l l pixels secret image (denoted as I) as, Sx(i, j) = I(ik + 1, j) + I(ik + 2, j)x . . . + I(ik + k, j)xk1 (mod p) Where, 0 i (l/K). This method reduces the size of image shares to become 1/k of the size of the secret image. Any k image shares are able to reconstruct every pixel value in the secret image. In 2006, Li Bai [4] developed a novel secret sharing scheme using matrix projection along with Thien & Lins technique. The scheme is robust, but introduces some computation overheads involving matrix manipulation. The issues involved in trust management in cloud environment have been highlighted by Khaled M. Khan [10] in 2010. According to them, the two major trust

Page 5 of 12

Trust in cloud computing using threshold-based secret sharing scheme related factors are diminishing control and lack of transparency. When a customer stores data on a third party cloud, control over the data is partially lost. This triggers a risk of losing data confidentiality, integrity and availability. Lack of transparency in terms of data storage and the security profile of data processing sites have also been highlighted as a major trust related factor. To address the issues involved in trust, several techniques have been proposed recently. On-demand verification of data integrity in cloud has been proposed by Cong Wang et. al [11]. This provides a mechanism for auditing the information stored in cloud, but does not provide any real-time protection of data. In many cases, such as financial domain, auditing may not be possible by the customer. Another approach for enhancing security in cloud has been discussed by Mohammed A. AlZain [13] which uses redundancy technique in multi cloud database model (MCDB) to achieve strong security. However, this does not deal with anything related to trust management. The idea of secret sharing for authentication, as used by Jaya et. al [14] can be incorporated in a multi-cloud database to provide trust, along with enhanced security in financial domain.

Problem Definition : This project is related to incorporating trust along with enhanced security for cloud environments in financial domain. Traditionally, for cardholder customers, the bank is the single repository of all confidential and sensitive information. If the bank decides to use third-party cloud service for this enormous information, it must ensure complete trust for the customers such that their data is not misused. The thirdparty cloud service provider can easily obtain card information and carry out unauthorized online transactions. Another security risk for these cardholders is in the

Page 6 of 12

Trust in cloud computing using threshold-based secret sharing scheme authentication mechanism used at Point-of-Sale (POS) terminals. A genuine cardholder is authenticated through manual verifying the signature of the cardholder with the signature on the back panel of the card. This system can be easily broken if the card is lost and even before the cardholder realizes it, the signature may be forged and the card can be misused. The problem can be solved by letting the bank send the signature to the merchants POS every time the card is used. The merchant can verify the customers signature with the one sent by the bank and this method can avoid misuse by forgery of signature even if the card is stolen. However, the issue of trust still remains since all the customers data is on a third-party cloud.

Plan of Work: The above mentioned problem can be addressed by using secret sharing mechanisms to store data in cloud environment. Instead of using a single cloud, we use a MCDB with n smaller sub-clouds from multiple vendors. When storing authentication information, we create secret shares of the data (using threshold-based cryptography) and store these shares on separate, disjoint sub-clouds owned by different third parties. One share will be assigned to the cardholder (embedded within the card). The shares created shall be of unequal weightage to form two specific access structures as follows, for recovering authentication information. For a POS transaction, when the customers share is available, only one other share of the customers signature will be sent and the original signature of the customer will be reconstructed and displayed at the terminal, for verification by the merchant as elaborated in [14]. This scheme enables us to remove any signature on the card, which can be misused. For online transactions, when this

Page 7 of 12

Trust in cloud computing using threshold-based secret sharing scheme authentication information is needed by the bank for verification purpose, multiple shares from different vendors must be accessed to reconstruct the original information. The prototype for this model will be implemented and its performance needs to be evaluated. In our prototype, we shall use Thien & Lins method to create secret shares of signatures and Shamirs secret sharing scheme for other data. We shall consider 3 different cloud providers for our implementation. For a given information, initially we create a (2,3) threshold based secret scheme. Share 1 will be assigned to service provider 1. Share 2 will be further subdivided into a (2,2) secret share and these 2 shares will be assigned to service provider 2 and 3 respectively. The third share will be embedded in the customers card. For a POS transaction, two shares respectively from the customers card and service provider 1 will be retrieved and used to reconstruct the valid signature of the customer. For an online transaction, all 3 service providers have to contribute their shares to the bank and the authentication information will be recovered. The scheme is illustrated in Fig. 1.

Figure 1 - Proposed secret sharing adaptation on the cloud Page 8 of 12

Trust in cloud computing using threshold-based secret sharing scheme

To implement the proposed scheme, we shall build a novel cloud architecture using MATLAB distributed computing server on top of HDFS. Fig. 2 shows the architecture of Matlab distributed computing server and Fig. 3 shows the architecture of HDFS.

Figure 2 Matlab Distributed computing server

Figure 3 HDFS Architecture

Page 9 of 12

Trust in cloud computing using threshold-based secret sharing scheme The Hadoop Distributed File system (HDFS) demonstrates several desired features for scalable cloud storage. Matlab, on the other hand, has always been a preferred choice for all mathematical and scientific computation. With the parallel computation tool and Distributed Computing Server in Matlab, it offers an excellent scalable platform for computationally intensive applications. Our proposed banking system will consist of several HDFS clusters (it is assumed that each cluster belongs to a different cloud provider). The MATLAB system will interface with each HDFS cluster using FTP and directly access data (store and retrieve) from the HDFS clusters. Each HDFS cluster will have a FTP server running on its name node. The FTP servers will capable of retrieving and storing data directly in HDFS. The Matlab worker nodes for distributed computing can also be provisioned on the third party clouds. Fig. 4 illustrates the proposed architecture. Once the system is implemented, we will test the correctness and performance of the system for very large data sets. The datasets will contain the authentication information of very large set of customers.

Figure 4 Proposed cloud architecture Page 10 of 12

Trust in cloud computing using threshold-based secret sharing scheme Work to be Done Literature survey, project proposal Project startup, initial study Development of Cloud platform with FTP Server Parallel implementation of secret sharing scheme Integration of MCDB with Matlab Development of front end Testing & performance evaluation Report preparation Duration August September 2012 September 2012 October 2012 November December 2012 January February 2013 March 2012 April 2012 May 2012

3. References and Citations [1] A. Shamir, "How to share a secret," Communications of the ACM, Vol. 22, no. 11, pp. 612-613, Nov.1979. [2] C.-C. Thien and J.-C. Lin, Secret image sharing, Computers & Graphics, Vol. 26, no. 5, pp. 765770, 2002. [3] M. Naor and A. Shamir, Visual cryptography, presented at the Proceedings of the Conference on AdvancesCryptology Eurocrypt 94, A. De Santis, Ed., Berlin, Germany, 1994, pp. 112. [4] Li Bai, et. al A Reliable (k, n) Image Secret Sharing Scheme, Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing, 2006. [5] Wen-Pinn Fang, Multi-Layer Secret Image Sharing, Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 2010, pp 59-61.

Page 11 of 12

Trust in cloud computing using threshold-based secret sharing scheme [6] Li Bai, A Strong Ramp Secret Sharing Scheme Using Matrix Projection, Proceedings of the International Symposium on a World of Wireless, Mobile and Multimedia Networks, 2006. [7] Li Bai and XuKai Zou, A Proactive Secret Sharing Scheme in matrix projection method, Int. J. Security and Networks, 2009, Vol. 4, No. 4. [8] Shyamalendu Kandar and Arnab Maiti, Variable Length Key based Visual Cryptography Scheme for Color Image using Random Number, International Journal of Computer Applcations, April 2011, Vol. 19, No. 4. [9] Tom White, Hadoop: The Definitive Guide, First Edition, Yahoo press, June 2009. [10] Khaled M. Khan and Qutaibah Malluhi, Establishing trust in Cloud Computing, IEEE IT pro, Vol. 12, Issue 5, pp. 20-27, Sept.-Oct. 2010 [11] Cong Wang, et. al, Towards Secure and Dependable Storage Services in Cloud Computing, IEEE transactions on service computing, Vol. 5, No. 2, pp. 220-232, AprilJune 2012. [12] Qing Shen, et. al, SAPSC: Security Architecture of Private Storage Cloud Based on HDFS, 26th IEEE International Conference on Advanced Information Networking and Applications Workshops, 2012. [13] Mohammed A. AlZain, A New Approach Using Redundancy Technique to Improve Security in Cloud Computing, IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 230-235, June 2012. [14] Jaya, et. al, Novel Authentication System Using Visual Cryptography, World Congress on Information and Communication Technologies (WICT), pp. 1181-1186, Dec. 2011.

Page 12 of 12