Authentication and Confidentiality Assurance System in Cloud Computing using MAC

Ramarajan S, Jayaraman R Department of Computer Science and Engineering, Shanmuganathan Engineering College, Pudukkottai. Email: {ramarajanengg, jayaraam.cse}@gmail.com Mobile: 9500482418, 9688556594

Abstract: Cloud Computing enables customers with limited computational resources to outsource their large computation workloads to the cloud and economically enjoy the massive computational power, band width, storage and even appropriate software that can be shared in a pay-per-use manner. Despite the tremendous benefits, security in the primary obstacle that prevents the wide adoption of this promising computing model, especially for customers when their confidential data are consumed and produced during the computation. Treating the cloud as an intrinsically insecure computing platform from the viewpoint of cloud customers, we must design mechanism that not only protect sensitive information by enabling computations with encrypted data but also protect customers from malicious behaviors by the use of Message Authentication Codes (MAC). MAC is a simple technique to provide confidentiality and authentication. In cloud computing unauthorized content modification can be avoided with the help of Message authentication Codes (MAC). The cloud customer calculates MAC code for the file before uploading the file; the customer can verify the integrity of the file by recalculating the MAC code for the same

file when it is downloaded. Such a mechanism is extremely efficient and incurs no additional cost to perform. Introduction: Cloud computing provides convenient on-demand network access to a shared pool of configurable computing resources that can be rapidly deployed with great efficiency and minimal management overhead. One fundamental advantage of the cloud paradigm in computation outsourcing, where the computational power of cloud customers is no longer limited by their resource-constraint devices. By outsourcing the workloads into the cloud, customers could enjoy the literally unlimited computing resources in a pay-per-use manner without committing any large capital outlays in the purchase of hardware and software and/or the operational overhead therein. Despite the tremendous benefits, outsourcing computation to the commercial public cloud is also depriving customers direct control over the systems that consume and produce their data during the computation, which inevitably brings in new security concerns and challenges towards the promising computing model. On the one hand, the outsourced computation workloads often contain sensitive information, such as

the business financial records, propitiatory research data, or personally identifiable health information etc., to combat against unauthorized information leakage; sensitive data have to be encrypted before outsourcing so as to provide end to end data confidentiality assurance in the cloud and beyond. However, ordinary data encryption techniques in essence prevent cloud from performing meaningful operation of the underlying plaintext data, making the computation over encrypted data a very hard problem. On their hand, the operational details inside the cloud are not transparent enough to customers. As a result, there exist various motivations for cloud server to behave unfaithfully and to return incorrect results, i.e., they may behave beyond the classical semi honest model. For example, for the computations that require a large amount of computing resources, there are huge financial incentives for the cloud to be lazy if the customers cannot tell the

correctness of the output. Besides, possible software bugs, hardware failures, or even outsider attacks might also effect the quality of the computed results. Thus, we argue that the cloud is intrinsically not secure from the viewpoint of the customers. With providing a mechanism for secure computation outsourcing, i.e., to protect the sensitive input and output information of the workload and to validate the integrity of the computation results, it would be hard to expect cloud customers to turn over control of their workloads from local machines to cloud solely based on its economic savings and resource flexibility. For practical consideration, such a design should further ensure that the customers perform fewer amounts of operations following the mechanism than completing the computations themselves directly. Otherwise, there is no point for customers to seek help from cloud.

Calculat e MAC Compare Recalcul ate MAC

Public Cloud Server

Fig1: Architecture of Authentication and Confidentiality Assurance system in Cloud Computing using MAC

II. PROBLEM STATEMENT

A. System Model We consider the computation outsourcing architecture involving two different entities, as illustrated in fig.1 the cloud customer who has large amount of computationally expensive data to be outsourced to the cloud; the cloud customer appends a MAC code to the original message and outsources his file. He can identify the attempts of attacker or dishonest server if they were tried to hack the contents. This can be done by mismatched MAC codes. B. Design Goals To enable Authentication and Confidentiality assurance system under the aforementioned model, our mechanism design should achieve the following security and performance guarantees.
1. Correctness: Any cloud server

The local computations done by customer should be substantially less than solving the original problem on his own. The computation burden on the cloud server should be within the comparable time complexity of existing practical algorithms solving computations. A. Background on Message Authentication Codes (MAC): An authentication technique involves the use of a secret key to generate a small fixed-size block of data, known as a cryptographic checksum or MAC that is appended to the message. This technique assumes that two communicating parties say A and B, share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the message and the key; MAC = C (K, M) Where, M = input message C = MAC function K = shared secret key MAC = message authentication code The message plus MAC are transmitted to the intended recipient. The recipient performs the same calculation on the received message, using the same secret key, to generate a new MAC. The received MAC is compared to the calculated MAC, then

4. Efficiency:

that faithfully follows the mechanism must produce the output that can be decrypted and verified successfully by the customer. 2. Soundness: No cloud server can generate an incorrect output that can be decrypted and verified successfully by the customer with non-negligible probability. 3. Input/output privacy: No sensitive information from the customers private data can be derived by the cloud server during performing the computations.

1) The receiver is assured that the massage has not been altered. If an attacker alters the message but does not alter the MAC, then the receivers calculation of the MAC will differ from the received MAC. Because the attacker is assumed not to know the secret key, the attacker cannot alter the MAC to correspond to the alterations in the message. 2) The receiver is assured that the message is from the alleged sender. Because no one else knows the secret key, no one else could prepare a message with proper MAC. 3) If the message includes a secret number (such as is used with HDLC, X.25, and TCP), then the receiver can be assured of the proper sequence because an attacker cannot successfully alter the sequence number. III. THE PROPOSED SCHEME This section presents our Authentication and Confidentiality Assurance Scheme in Cloud computing using MAC. Generally, MAC provides 3 methods for providing authentication and confidentiality. They are given in the following cases. Case (a): Message Authentication This case is suitable for the files which have no need of worry about content modification when the file resides on the public cloud. The entertainment audio, video files do not require such encryption and decryption

procedures. Because it is unnecessary for the attacker to hack these kind of files. Another reason is, they have large file size. Practically, it is difficult to do encryption/decryption on large files and its time consuming also. As Fig.2 (a) shows, a MAC Code is calculated for the file it is to be outsourced to the public cloud. When the customer wants to downloads files from the cloud server, it can again calculate the MAC code and compares it with already calculated one. Thus the customer can check authentication by comparing both MAC codes. Case (b): File authentication & Confidentiality: authentication tied to plain text When the customer wants to outsource his personal information such as health information, research data etc., he expects to keep the content secret in public cloud. But actually, it is difficult to maintain. There are 2 strategies arises, i. The cloud server maybe dishonest ii. Attacker can hack at transmission To overcome the above 2 possibilities the cloud customer can use the following solution, The customer selects 2 secret keys K1 and K2. Before outsourcing, he calculates MAC code for that file by MAC = C (K, M). Encrypt the MAC code using key K1 and append the value with original plain text. The resultant value is M||C(K1,M).

M K C (K,M) C K Compa M C re

A -> B: M || C (K, M) Provides authentication ___Only A and B share K

(a) Message Authentication

M K ,[M|| D C E C(K1, K1 E(K Compa M 21 2 C M) re ,M)]) K2 C(K1

A -> B: E (K2, [M||C (K1, M)]) Provides authentication ___Only A and B share K1 Provides confidentiality ___Only A and B share K2

(a) Message authentication and confidentiality: authentication tied to plain text

M K ,E(K , D C E K C(K2,M Compa 2 M 11 1 C re K )2 M))

A -> B: E(K2,M)||C(K1,E(K2,M)) Provides authentication ___Using K1 Provides confidentiality ___Using K2

(a) Message authentication and confidentiality: authentication tied to cipher text Fig2. Basic uses of Message Authentication Code

Now encrypt the value of M || C(K1,M) with secret key k2. So the encrypted result is E (K2, [M || C (K1, M)]) Then outsource the file whatever you want in the above format. The attacker cannot guess our sensitive information until unless the secret keys K1, K2 and MAC function become known. Even though, the attacker

cannot change the MAC codes which is the greatest strength to our security solution. Case (c): File authentication & Confidentiality: authentication tied to cipher text This is similar to the previous case. The only difference is, we will append the encrypted

MAC code with cipher text (encrypted plain text) instead plain text directly. Hence, the authentication relies on cipher text of the file. [E (k2, M) || C (K1, E (K2, M))]

customer uses random MAC function to calculate the MAC code. Such a mechanism consumes close-to-zero additional cost and time at run time. References
1) Cryptography and network security,

Conclusion: In this paper, we proposed a system for providing authentication and confidentiality assurance while outsourcing the files by the customer in cloud environment. This mechanism fulfills input/output privacy, cheating resilience and efficiency. This is a strong mechanism for security if the

William Stallings, Pearson education, Fourth Edition. 2) Secure and Practical outsourcing in Cloud computing, Cong Wang. 3) Cloud Computing.info

*************