CHAPTER 1

INTRODUCTION
Cloud computing promises to significantly change the way we use computers and
access and store our personal and business information. With these new computing and
communications paradigms arise new data security challenges. Existing data protection
mechanisms such as encryption have failed in preventing data theft attacks, especially
those perpetrated by an insider to the cloud provider. We propose a different approach for
securing data in the cloud using offensive decoy technology. We monitor data access in
the cloud and detect abnormal data access patterns. When unauthorized access is
suspected and then verified using challenge questions, we launch a disinformation attack
by returning large amounts of decoy information to the attacker. This protects against the
misuse of the users real data. Experiments conducted in a local file setting provide
evidence that this approach may provide unprecedented levels of user data security in a
Cloud environment.
CISCO recently delivered the vision of fog computing to enable applications on
billions of connected devices,already connected in the Internet of Things (IoT), to run
directly at the network edge [1]. Customers can develop,manage and run software
applications on Cisco IOx frameworkof networked devices, including hardened routers,
switches and IP video cameras. Cisco IOx brings the open source Linux and Cisco IOS
network operating system together in a singlenetworked device (initially inrouters). The
open application environment encourages more developers to bring their own applications
and connectivity interfaces at the edge of thenetwork. Regardless of Ciscos practices, we
first answer the questions of what the Fog computing is and what are the differences
between Fog and Cloud.In Fog computing, services can be hosted at end devices such as
set-top-boxes or access points. The infrastructure ofthis new distributed computing allows
applications to run asclose as possible to sensed actionable and massive data, coming out
of people, processes and thing. Such Fog computingconcept, actually a Cloud computing
close to the ground,creates automated response that drives the value.Both Cloud and
Fog provide data, computation, storage and application services to end-users. However,
Fog can bedistinguished from Cloud by its proximity to end-users, thedense geographical
distribution and its support for mobility.

In this framework, each smart thing is attached to one of Fog devices. Fog devices could
be interconnected and each of them is linked to the Cloud. In this article, we take a close
look at the Fog computing paradigm. The goal of this research is to investigate Fog
computing advantages for services in several domains, such as Smart Grid, wireless
sensor networks, Internet of Things (IoT) and software defined networks (SDNs). We
examine the stateof the-art and disclose some general issues in Fog computing including
security, privacy, trust, and service migration among Fog devices and between Fog and
Cloud. We finally conclude this article with discussion of future work

1.1 Project definition

Businesses, especially startups, small and medium busi- nesses (SMBs), are
increasingly

opting for outsourcing data and computation to the Cloud. This

obviously supports better operational efciency, but comes with greater risks, perhaps
the most serious of which are data theft attacks. Data theft attacks are amplied if the
attacker is a malicious insider. This is considered as one of the top threats to cloud
computing by the Cloud Security Alliance [1]. While most Cloud computing
customers are well-aware of this threat, they are left only with trusting the service
provider when it comes to protecting their data. The lack of transparency into, let
alone control over, the Cloud providers authentication, authorization, and audit
controls only exacerbates this threat. The Twitter incident is one example of a data
theft at- tack from the Cloud. Several Twitter corporate and per- sonal documents
were ex-ltrated to technological website TechCrunch [2], [3], and customers
accounts, including the account of U.S. President Barack Obama, were illegally accessed [4], [5]. The attacker used a Twitter administrators password to gain access to
Twitters corporate documents.
The damage was signicant both for Twitter and for its customers. While this
particular attack was launched by an outsider, stealing a customers admin passwords
is much easier if perpetrated by a malicious insider. Rocha and Correia outline how
easy passwords may be stolen by a malicious insider of the Cloud service provider
[6]. The authors also demonstrated how Cloud customers private keys might be
stolen, and how their condential data might be extracted from a hard disk. After
stealing a customers password and private key, the malicious insider get access to all
customer data, while the customer has no means of detecting this unauthorized access.
Much research in Cloud computing security has focused on ways of preventing
2

unauthorized and illegitimate access to data by developing sophisticated access

control and encryption mechanisms. However these mechanisms have not been able
to prevent data compromise. Van Dijk and Juels have shown that fully homomorphic
encryption, often acclaimed as the solution to such threats, is not a sufcient data
protection mechanism when used alone [7]. We propose a completely different
approach to securing the cloud using decoy information technology, that we have
come to call Fog computing. We use this technology to launch disinformation attacks
against malicious insiders, preventing them from distinguishing the real sensitive
customer data from fake worthless data. In this paper, we propose two ways of using
Fog computing to prevent attacks such as the Twitter attack, by deploying decoy
information within the Cloud by the Cloud service customer and within personal
online social networking proles by individual users.
1.2 Project scope:
Existing data protection mechanisms such as encryption have failed in preventing data
theft attacks, especially those perpetrated by an insider to the cloud provider.
Much research in Cloud computing security has focused on ways of preventing
unauthorized and illegitimate access to data by developing sophisticated access control
and encryption mechanisms. However these mechanisms have not been able to prevent
data compromise.
Fog computing or fog networking, also known as Fogging is an architecture that uses
one or a collaborative multitude of end-user clients or near-user edge devices to carry out
a substantial amount of storage (rather than stored primarily in cloud data centers),
communication (rather than routed over the interne backbone), and control, configuration,
measurement and management (rather than controlled primarily by network gateways
such as those in the LTE(telecommunication core).
Fog Computing, a term coined by professor Salvatore J. Stolfo can be perceived both in
large cloud systems and big data structures, making reference to the growing difficulties
in accessing information objectively. This results in a lack of quality of the obtained
content. The effects of fog computing on cloud computing and big data systems may
vary; yet, a common aspect that can be extracted is a limitation in accurate content
distribution, an issue that has been tackled with the creation of metrics that attempt to
improve accuracy.

Fog Networking consists of a control plane and a data plane. For example, on the data
plane, fog computing enables computing services reside at the edge of the network as
opposed to servers in a data-center. Compared to cloud computing, fog computing
emphasizes proximity to end-users and client objectives, dense geographical distribution
and local resource pooling, latency reduction for quality of service (QoS) and edge
analytics/stream mining, resulting in superior user-experience and redundancy in case of
failure.
Fog Networking supports the Internet of Everything (IoE), in which most of the
devices that we use on a daily basis will be connected to each other. Examples include
our phones, wearable health monitoring devices, connected vehicle and augmented
reality using devices such as the Google Glass ISO/IEC 20248 provides a method
whereby the data of objects identified by Edge computing using Automated Identification
Data Carriers [AIDC], a barcode and/or RFID tag, can be read, interpreted, verified and
made available into the "Fog" and on the "Edge" even when the AIDC tag has moved on.
1.3 Existing system/history
Much research in Cloud computing security has focused on ways of preventing
unauthorized and illegitimate access to data by developing sophisticated access control and
encryption mechanisms. However these mechanisms have not been able to prevent data
compromise. Van Dijk and Juels have shown that fully homomorphic encryption, often
acclaimed as the solution to such threats, is not a sufficient data protection mechanism when
used alone.
What exactly is Cloud Computing?
Its a type of computing which involves sharing of computer resources rather than
using local servers or dedicated devices for processing. In simple words, it is the process of
storing frequently used data on multiple servers which could be accessed by using the
Internet. Various services like servers, storage and applications are provided to the users
computing devices via Internet. Some good examples of using Cloud are:
Dropbox An online storage providing 2 GB of free storage to the users.
Google Letting the users to create documents and calendars for free.
Need of Cloud Computing
Cloud computing is now becoming a business standard. It simplifies the users
accessibility. It provides a virtual storage space to the user which could be used without
4

bothering about the details of the entire mechanism. Here are some other reasons why every
enterprise might need cloud computing for their business:
Cost savings
Cloud computing removes the requirement of a company to invest in storage
hardware and servers.
Focusing on the business
Since all the services will execute over the internet, a company does not have to
bother about technical issues and other problems associated with physical storage and
backup. A company can thus focus more on their core business.
Performance
It delivers reliable performance irrespective to the geographical location of the user.
Another key feature could be the automatic updating of services and applications.
Security
Cloud Computing offers optimum security which protects you against any
unauthorized access, modification and loss of data.
Flexibility
Even if part of the cloud environment fails or stops working, the other
continue to work until the problem is fixed.

resources

CHAPTER 2

Literature Survey
In this website development project we needed a officially registered domain name, a
linux hosting package, used best server side scripting language PHP, HTML page building
and other web related tools.
Van Dijk et al in [1] proposed Cloud-Application Class Hierarchy that shift towards
thin clients and centralized provision of computing resources in the era of cloud computing. It
is also strongly illuminated that due to lack of direct resource control there is data privacy
violations, abuse or leakage of sensitive information by service providers. The most powerful
tool of cryptography i.e. Fully Homomorphic Encryption (FHE) is one the promising tool to
ensure data security. The cryptography alone cant enforce the privacy demanded by
common cloud computing services by defining a hierarchy of natural classes of private cloud
applications and no cryptographic protocol can implement those classes where data is shared
among clients. The disadvantage is Abuse and Nefarious use of cloud computing proposed an
adaptive approach is used for creating behavior profiles and recognizing computer users. It
presents an evolving method for updating and evolving user profiles and classifying an
observed user. As behavior of the user to develop with time, the method is described by fuzzy
rules to make them dynamic. It makes use of Evolving- Profile-Library. As a user behavior
changes and evolves the classifier is able to keep up to date the created profiles using an
Evolving systems approach. It is a one pass, non-interative recursive and can be used in
interactive mode. It is operating very efficient and fast as its structure is interpretable and
simple. EVABCD can perform almost as well as other offline classifiers in an online
environment in terms of correct classification on validation data, and that it can adapt
extremely quickly to new data and can cope with huge amounts of data in a real environment
with rapid changes. The disadvantage is Insecure Interfaces and APIs.
Proposed that a malicious insider can steal any confidential data of the cloud user in
spite of provider taking precaution steps like. 1) Not to allow physical access. 2) Zero
tolerance policy for insiders that access the data storage. 3) Logging all accesses to the
services and later use for internal audits to find the malicious insider. It proposes to show four
attacks that a malicious insider could do to:- (i) Compromise passwords. (ii)Cryptographic
keys. (iii) Files and other confidential data like, clear text passwords in memory snapshots,
obtaining private keys using memory snapshots, extracting confidential data from the hard
disk and Virtual machine relocation. The disadvantage is Malicious Insiders
6

Salem B et al in [6] proposed an masquerade for the detection trap-based mechanisms and
attacks pose a grave security problem and detecting masqueraders is very hard. The use of
trap-based mechanisms as a means for detecting insider attacks is used in general. The use of
such trap-based mechanisms for the detection of masquerade attacks. The desirable properties
of decoys deployed within a users file space for detection. The trade-offs between these
properties through two user studies, and proposes recommendations for effective masquerade
detection using decoy documents based on findings from the user studies. The different
deployment-related properties of decoy documents and a guide to the deployment of decoy
documents for effective masquerade detection. The disadvantage is Shared Technology
Issues and Data loss or leakage.
We elaborate on the role of Fog computing in the following six motivating scenarios. The
advantages of Fog computing satisfy the requirements of applications in these scenarios.
Smart Grid: Energy load balancing applications may run on network edge devices, such as
smart meters and micro-grids. Based on energy demand, availability and the lowest price,
these devices automatically switch to alternative energies like solar and wind. As shown in
Figure 2, Fog collectors at the edge process the data generated by grid sensors and devices,
and issue control commands to the actuators [2]. They also filter the data to be consumed
locally, and send the rest to the higher tiers for visualization, real-time reports and
transactional analytics. Fog supports ephemeral storage at the lowest tier to semi-permanent
storage at the highest tier. Global coverage is provided by the Cloud with business
intelligence.
analytics
Smart Traffic Lights and Connected Vehicles: Video camera that senses an
ambulance flashing lights can automatically change street lights to open lanes for the vehicle
to pass through traffic. Smart street lights interact locally with sensors and detect presence of
pedestrian and bikers, and measure the distance and speed of approaching vehicles. As shown
in movement and switches off as traffic passes. Neighbouring smart lights serving as Fog
devices coordinate to create green traffic wave and send warning signals to approaching
vehicles Wireless access points like WiFi, 3G, road-side units and smart traffic lights are
deployed along the roads. Vehicles-to- Vehicle, vehicle to access points, and access points to
access points interactions enrich the application of this scenario. Wireless Sensor and
Actuator Networks: Traditional wireless sensor networks fall short in applications that go
beyond sensing and tracking, but require actuators to exert physical actions like opening,
closing or even carrying sensors [2]. In this scenario, actuators serving as Fog devices can
7

control the measurement process itself, the stability and the oscillatory behaviours by creating
a closed-loop system. For example, in the scenario of self-maintaining trains, sensor
monitoring on a trains ball-bearing can detect heat levels, allowing applications to send an
automatic alert to the train operator to stop the train at next station for emergency
maintenance and avoid potential derailment. In lifesaving air vents scenario, sensors on vents
monitor air conditions flowing in and out of mines and automatically change air-flow if
conditions become dangerous to miners.
2.1 Tools used for project
We propose a completely different approach to securing the cloud using decoy
information technology, that we have come to call Fog computing. We use this technology to
launch disinformation attacks against malicious insiders, preventing them from distinguishing
the real sensitive customer data from fake worthless data. The decoys, then, serve two
purposes: (1) validating whether data access is authorized.
when abnormal information access is detected, and (2) confusing the attacker with bogus
information.
2.1.1 MODULE DESCRIPTION:
1.

Cloud Computing.

2.

User Behavior Profiling:

3.

Decoy documents.

cloud computing
Cloud computing is a model for enabling convenient, ondemand network access to a
shared pool of configurable computing resources (for example, networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service-provider interaction.It divide into three type
1.Application as a service.
2.Infrastructure as a service.
3.Platform as a service.

Cloud computing exhibits the following key characteristics:

1. Agility
It improves with users' ability to re-provision technological infrastructure resources.
2. Cost
Cost is claimed to be reduced and in a public cloud delivery model capital
expenditure is

converted

to operational

expenditure.

This

is

purported

to

lower barriers to entry, as infrastructure is typically provided by a third-party and does

not need to be purchased for one-time or infrequent intensive computing tasks.
Pricing on a utility computing basis is fine-grained with usage-based options and
fewer IT skills are required for implementation. The e-FISCAL project's state of the
art repository contains several articles looking into cost aspects in more detail, most of
them concluding that costs savings depend on the type of activities supported and the
type of infrastructure available in-house.
3. Virtualization
This technology allows servers and storage devices to be shared and utilization be
increased. Applications can be easily migrated from one physical server to another.
4. Multi tenancy
It enables sharing of resources and costs across a large pool of users thus
allowing.
5. Centralization
Centralization of infrastructure in locations with lower costs (such as real estate,
electricity, etc.)
6. Utilization and efficiency
Improvements for systems that are often only 1020% utilized.
7. Reliability
It is improved if multiple redundant sites are used, which makes well-designed
cloud computing suitable for business continuity and disaster recovery.
8. Performance
It is monitored and consistent and loosely coupled architectures are constructed
using web services as the system interface.
9. Security
Improve due to centralization of data, increased security-focused resources, etc.,
but concerns can persist about loss of control over certain sensitive data, and the lack

of security for stored kernels. Security is often as good as or better than other
traditional systems, in part because providers are able to devote resources to solving
security issues that many customers cannot afford. However, the complexity of
security is greatly increased when data is distributed over a wider area or greater
number of devices and in multi-tenant systems that are being shared by unrelated
users. In addition, user access to security audit logs may be difficult or impossible.
Private cloud installations are in part motivated by users' desire to retain control over
the infrastructure and avoid losing control of information security.
10. Maintenance
cloud computing applications is easier, because they do not need to be installed on
each user's computer and can be accessed from different places.

User Behavior Profiling

We monitor data access in the cloud and detect abnormal data access patterns
User profiling is a well known Technique that can be applied here to model how,
when, and how much a user accesses their information in the Cloud. Such normal
user behavior can be continuously checked to determine whether abnormal access to
a users information is occurring. This method of behavior-based security is
commonly used in fraud detection applications. Such profiles would naturally include
volumetric information, how many documents are typically read and how often. We
monitor for abnormal search behaviors that exhibit deviations from the user baseline
the correlation of search behavior anomaly detection with trap-based decoy files
should provide stronger evidence of malfeasance, and therefore improve a detectors
accuracy.

10

Decoy documents

Fig 2.1 Decoy System

We propose a different approach for securing data in the cloud using offensive decoy
technology. We monitor data access in the cloud and detect abnormal data access patterns. we
launch a disinformation attack by returning large amounts of decoy information to the
attacker. This protects against the misuse of the users real data. We use this technology to
launch disinformation attacks against malicious insiders, preventing them from distinguishing
the real sensitive customer data from fake worthless data the decoys, then, serve two
purposes:
(1) Validating whether data access is authorized when abnormal information access is
detected, and
(2) Confusing the attacker with bogus information..

11

Fig 2.2 Fog computing in smart traffic lights and connected vehicles.

Video camera that senses an ambulance flashing lights can automatically change street lights
to open lanes for the vehicle to pass through traffic. Smart street lights interact locally with
sensors and detect presence of pedestrian and bikers, and measure the distance and speed of
approaching vehicles. As shown in Figure intelligent lighting turns on once a sensor identifies
movement and switches off as traffic passes.

12

2.2 HARDWARE AND SOFTWARE REQUIREMENTS

H/W System Configuration:Processor

- Pentium III

Speed

- 1.1 Ghz

RAM

- 256 MB(min)

Hard Disk

- 20 GB

Floppy Drive

- 1.44 MB

Key Board

- Standard Windows Keyboard

Mouse

- Two or Three Button Mouse

Monitor

- SVGA

S/W System Configuration

Operating System

: Windows95/98/2000/XP

Application Server

: Tomcat5.0/6.X

Front End

: HTML, Java, Jsp

Scripts

: JavaScript.

Server side Script

: Java Server Pages.

Database

: Mysql

13

CHAPTER 3

DESIGN AND ANALYSIS

3.1 DESIGN CONCEPTS

3.1.1 SECURITY MECHANISM OF FOG COMPUTING

Above figure shows the how to secure data and what is the security ,echanism is used
for it.

14

3.1.2 ACTIVITY AUTHORISED FOR ADMIN

Above figure shows the activity diagram for admin that help to knowing about the
how an authorised user get the data.

15

3.1.3 ACTIVITY UNAUTHORISED FOR AN UNAUTHORISED USER

Above figure shows the activity diagram for an unauthorized user

that help to

knowing about the how an authorised user theft the data and use of fog computing how to get
it a decoy data.

16

3.1.4 CLASS DIAGRAM OF FOG COMPUTING

Above figure shows the class diagram of fog computing that helps to knowing the
methods and functions use in the fog computing.

17

3.1.5 ENTITY RELATIONSHIP DIAGRAM FOR AUTHORISED USER

Above figure shows the class diagram of fog computing that helps to knowing the
methods and functions use in the fog computing.

18

3.1.6 ENTITY RELATIONSHIP DIAGRAM FOR UNAUTHORISED USER

Above figure shows the entity relationship diagram of fog computing in which how to
unauthorized user hacks the data n how to solve many questions in it.

19

3.1.7 SEQUENCE DIAGRAM FOR AUTHORISED USER

Above figure shows the sequence diagram for authorised user .it gives the simple
work in the process of fog computing.

20

3.1.8 SEQUENCE DIAGRAM FOR UNAUTHORISED USER

Above figure shows the sequence diagram for unauthorized user gives the information
about the unauthorized user,server and the database.

21

3.1.9 USECASE DIAGRAMS SHOWS ATTACKER IDENTIFICATION

Fig 3.1.10 Architecture of fog computing

Above figure shows the usecase and architecture diagrams for fog computing.

22

Figure 3.1.11 Represents the Grids connected before and after Fog

Above figure shows the grids connected before and after fog.

23

Fig 3.1.12 Represents the edge network in Fog computing

The main Feature of Fog Computing is its ability to support applications that require low
latency, location awareness and mobility. This ability made possible by fact that fog
computing disturbed manner. Fog computing nodes thus hosted possess sufficient computing
power and storage capacity to handle the resource intensive user request.

24

Fig 3.1.13 File Storage in Fog computing

A Twitter incident is one example of a data theft attack from the Cloud Several
Twitter

corporate

and

personal

documents

were

ex-filtrated

to

technological

websiteTechCrunch and customersaccounts, including the account of U.S. President Barack

Obama, were illegally accessed. The attacker used a Twitter administrators password to gain
access to Twitters corporate documents hosted on Googles infrastructure as Google Docs.
A trust worthy cloud computing environment is not enough, because accidents continue to
happen, and when they do, and information gets lost, there is no way to get it back. One
needs to prepare for such accidents. The basic idea is that we can limit the damage of stolen
data if we decrease the value of that stolen information to the attacker. We can achieve this
through a preventive disinformation attack.

25

CHAPTER 4

CONCLUSION AND FUTURE SCOPE

Cloud computing is one of the most talked about IT trends today. This is because of
the fact that cloud computing has helped several enterprises to save money while adding to
the convenience of the users. The word Cloud refers to the widespread internet, which
means Cloud Computing is an internet based computing where services are delivered to the
users via internet.

FUTURE SCOPE
Career Prospects
Cloud computing jobs are on the rise. According to a recent analysis, the international
cloud computing market is expected to rise to $72 billion by 2015, and around 3 lakh job
opportunities in India are expected in the same period.
The roles in Cloud Computing might range from cloud developers to operators. Every role
comprises of the knowledge of the cloud computing basics and certain domain specific skills.
Here are some of the popular Cloud related job profiles:
Cloud Software Engineer
Cloud Project Manager
Cloud Business Analyst
Cloud Network Architect/Planner
Cloud Product Manager
Cloud Sales Executive
Cloud Developer/Programmer
Cloud Consultant
Cloud Systems Engineer
Cloud Systems Administrator
Cloud Network Engineer
The demand for professionals with knowledge of Cloud Computing is expect to rise
exponentially because more and more companies are implementing this technology. Due to
this, there are a number of institutes which provide cloud computing courses for the aspiring
candidates.

26

5. REFERENCES
1) Cloud Security Alliance, Top Threat to Cloud Computing V1.0, March 2010.
[Online]. Available: https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
2) M. Arrington, In our inbox: Hundreds of confidential twitter documents, July 2009.
[Online].Available:http://techcrunch.com/2009/07/14/in-our-inbox-hundreds-of
confidential-twitter-documents/
3) D. Takahashi, French hacker who leaked Twitter documents to TechCrunch is
busted, March 2010. [Online].Available: http://venturebeat.com/2010/03/24/frenchhacker-wholeaked-twitter-documents-to-techcrunch-is-busted
4) D. Danchev, ZDNET: french hacker gains access to twitters admin panel, April
2009.

[Online].Available:http://www.zdnet.com/blog/security/french-hacker-gains-

access-totwitters-admin-panel/3292
5) P. Allen, Obamas Twitter password revealed after french hacker arrested for
breaking into U.S. presidents account, March 2010. [Online].Available:
http://www.dailymail.co.uk/news/article-1260488/Barack-Obamas-Twitter-passwordrevealed-French-hacker-arrested.html
6) F. Rocha and M. Correia, Lucy in the sky without diamonds: Stealing confidential
data in the cloud, in Proceedings of the First International Workshop on
Dependability of Clouds, Data Centers and Virtual Computing Environments, Hong
Kong, ser. DCDV 11, June 2011.
7) M. Van Dijk and A. Juels, On the impossibility of cryptography alone for privacypreserving cloud computing, in Proceedings of the 5th USENIX conference on Hot
topics in security, ser. HotSec10. Berkeley, CA, USA: USENIX Association, 2010,
pp. 18. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924931.1924934
8) J. Pepitone, Dropboxs password

nightmare

highlights

cloud

risks,June

2011.https://mice.cs.columbia.edu/getTechreport.php?techreportID=1468.
9) M. Ben-Salem and S. J. Stolfo, Modeling user search-behavior for
masquerade detection, in Proceedings of the 14th International Symposium
on Recent Advances in Intrusion Detection. Heidelberg: Springer September 2011.
10) B. M. Bowen and S. Hershkop, Decoy Document Distributor:
http://sneakers.cs.columbia.edu/ids/fog/, 2009. [Online]. Available:
http://sneakers.cs.columbia.edu/ids/FOG

27