Confidentiality Technique to Enhance Security of Data in Public Cloud Storage Using Data Obfuscation
Total Page:16
File Type:pdf, Size:1020Kb
ISSN (Print) : 0974-6846 Indian Journal of Science and Technology, Vol 8(24), DOI: 10.17485/ijst/2015/v8i24/80032, September 2015 ISSN (Online) : 0974-5645 Confidentiality Technique to Enhance Security of Data in Public Cloud Storage using Data Obfuscation S. Monikandan1* and L. Arockiam2 1Department of MCA, Christhu Raj College, Panjappur, Tiruchirappalli – 620012, Tamil Nadu, India; [email protected] 2Departmentof Computer Science, St. Joseph’s College (Autonomous), Tiruchirappalli – 620102, Tamil Nadu, India; [email protected] Abstract Security of data stored in the cloud is most important challenge in public cloud environment. Users are outsourced their data to cloud for efficient, reliable and flexible storage. Due the security issues, data are disclosed by Cloud Service Providers (CSP) and others users of cloud. To protect the data from unauthorized disclosure, this paper proposes a confidentiality technique as a Security Service Algorithm (SSA), named MONcryptto secure the data in cloud storage. This proposed confidentiality technique is based on data obfuscation technique. The MONcrypt SSA is availed from Security as a Service (SEaaS). Users could use this security service from SEaaS to secure their data at any time. Simulations were conducted in cloud environment (Amazon EC2) for analysis the security of proposed MONcrypt SSA. A security analysis tool is used for measure the security of proposed and existing obfuscation techniques. MONcrypt compares with existing obfuscation techniques like Base32, Base64 and Hexadecimal Encoding. The proposed technique provides better performance and good security when compared with existing obfuscation techniques. Unlike the existing technique, MONcrypt reduces the sizeKeywords: of data being uploaded to the cloud storage. Cloud Service Providers, Cloud Storage, Confidentiality, Obfuscation, Security, Security Service Algorithm 1. Introduction without any human intervention. Cloud automates the service provisioning by way of running a number of Cloud computing is an internet based computing. It is Application Programming Interface (API) in the cloud evolved from grid computing, utility computing, parallel storage environment. computing, distributed computing and virtualization1. Data protection is a crucial security issue for most of the It has more powerful computing infrastructure with a enterprises8. The main issue focused in cloud computing pool of thousands of computers and servers2. It provides is data security. However, users are more concerned about computational resources like server, storage, software, the security ofthe data in the cloud. Obfuscation is a pro- memory, network etc., as on-demand services3. It helps cess of converting original data into unintelligible data. It to reduce the computational infrastructure investment is similar to encryption but it uses mathematical calcula- and maintenance cost of IT requisite for Small and tions or programming logics9. Encryption is the procedure Medium scale Enterprises (SME)4. It provides Everything of transforming the readable data into unreadable data (X) as a Service (XaaS) where ‘X’ denotes software, OS, using an algorithm and a key10. The major difference server, hardware, storage, etc5. Cloud services are scal- between encryption and obfuscation is that encrypted ing up and down based on the users’ demand6. Cloud data cannot be processed until theyare decrypted, whereas has multiple datacentres placed in different geographi- obfuscated data can be processed without de-obfuscation. cal locations in the world to provide reliable services to This technique has recently become popular for data the users7. It provides unlimited service provisioning storage security in cloud storage11. *Author for correspondence S. Monikandan and L. Arockiam Data storage and monitoring are the most important data. Moreover, the obfuscated data are not personally tasks for all enterprises. Small and Medium scale identifiable information, and so the CSPs are not subject Enterprises (SME) are not having enough infrastructure to the legal restrictions that apply to the processing of to do so. Cloud computing solves this problem by pro- the de-obfuscated data. However, it is not practical for all viding enormous virtual storage12. SMEs outsource the cloud applications to work with obfuscated data. data to cloud storage. The basic definition of outsourcing Maheshwari et al.15 introduced a scheme which allows is to move the in-house activities to a third party (cloud a user to store data in a cloud and perform database style provider) who has the required competence to perform query on the stored data without using standard cryptog- data maintenance activities in an effective and efficient raphy schemes while maintaining data confidentiality. way. Other reasons for outsourcing data are to gain access Data obfuscation is used for security which makes it hard to the knowledge and to minimize the risks associated. for the cloud to reconstruct the plaintext. This scheme This phenomenon has helped SMEs concentrate more represents each character by its glyph image. Instead of on its core competencies and thereby to gain competitive storing the normal glyph in a given font, which can be advantage in the markets. readily understood by a machine, add noise and split Data outsourcing creates many security issues on the the glyph image into small portions. Different portions data stored in the cloud. Researchers start using obfusca- belonging to a glyph image are stored in servers belong- tion technique to provide security to the data in cloud. ing to different cloud providers. To reconstruct the data, To maintaining security for the outsourced data in cloud the glyph portions from different servers need to be gath- is an imperative task. To enhance the security of data,the ered. The overall concept of this scheme is to convert the MONcrypt SSA is proposed for securing numerical data. users’ data into an image and each part of the image is As a part this research, there is an SSA called AROcrypt13 sent to different independent clouds. which is used for Non-numerical data. Users can use The proposed MONcrypt SSA in SEaaS is an these two SSA based on their sensitive data. MONcrypt obfuscation technique and it is compared with existing is used for Numerical data and AROcrypt is used for obfuscation techniques such as Base64, Base32 and Non-numerical. This paper only discusses about the Hexadecimal Encoding with respect to security, time. MONcrypt SSA. 3. Existing Data Obfuscation 2. Related Work Techniques There are many more obfuscation techniques available Data obfuscation is a method of data hiding where data in the literature. The approach for each of the obfusca- is purposely scrambled to prevent from unauthorized tion techniques can range from very simple to highly access14. The result of obfuscation is an unintelligible or mathematical. Recently, researchers have started to use confusing data. Data obfuscation techniques are used to obfuscation techniques for security protection in cloud prevent the intrusion of sensitive data stored in the cloud. environment. However, issues have stemmed from an inability to vigor- Siani Pearson et al.14 described a privacy manager for ously prevent security attacks16. Several data obfuscation cloud computing, which reduces the risk to the cloud techniques are discussed in the following subsections17. computing user of their private data being stolen or mis- used. As a first line of defense, the privacy manager uses a feature called obfuscation. The idea is that instead of 3.1 Base64 Encoding being present unencrypted data in the cloud, the users’ Base64 encoding schemes are commonly used when there sensitive data are sent to the cloud in an obfuscated form. is a need to encode binary data that need to be stored The obfuscation method uses a key which is chosen by and transferred over media that are designed to deal the users and known by the privacy manager, but which is with textual data. This is to ensure that the data remain not communicated to the CSPs. Thus the CSP is not able intact without modification during transport. The Base64 to de-obfuscate the users’ data and the data are not pres- encodesa word “Man” with “TWFu”. The Base64 encodes ent on the CSPs’ machines. It reduces the risks of theft the word “Man”, by determining the related ASCII 8-bit of the data from the cloud and unauthorized uses of the values for each letter. Vol 8 (24) | September 2015 | www.indjst.org Indian Journal of Science and Technology 89 Confidentiality Technique to Enhance Security of Data in Public Cloud Storage using Data Obfuscation M = 77 a = 97 n = 110 3.4 Hexadecimal Encoding Those values can then be represented as 8-bit binary Hexadecimal is a positional notation system with a base of 16. It uses sixteen distinct symbols. Most often the M = 01001101 a = 01100001 n = 01101110 symbols 0–9 represent the values zero to nine, and A, B, Since base64 breaks binary into 6-bit groups, the easi- C, D, E, F represent values ten to fifteen. For example, the est way is to connect them linearly and then redistribute number 2AF3 is equal, in decimal, to (2 x 16^3) + (10 x into 6-bit groups. 16^2) + (15 x 16^1) + (3 x 16^0), or 10995. Each hexa- 010011010110000101101110 decimal digit represents four binary digits (bits), and the is thus represented as: primary use of hexadecimal notation is a human friendly 010011 010110 000101 101110 representation of binary coded values in computing. Recently, data obfuscation is focused for the security of Each of these values is then recalculated in decimal as, data in the cloud storage. Normally, obfuscation technique 010011 = (0 x 2^5) + (1 x 2^4) + (0 x 2^3) + (0 x 2^2) + is not using keys to obfuscate the data unlike encryption. (1 x 2^1) + (1 x 2^0) = 19, then the alphabet correspond- Simple obfuscation technique without using key is easy 18 ing to 19 is taken from the base64 index tableto produce to break by brute force attack.